Intelligent CISO Issue 40 - Page 53

for potential investments , then of course our overall infrastructure , and I am also deeply involved in our product security .
What challenges were you looking to overcome ahead of the implementation ?
Every company in our group has their own CTO , a unique technology-stack and a unique culture . We were looking for a simple and modern solution that can be primarily operated centrally , but also decentralised for those who require it . We are a cloud company , but for some areas like newspaper printing , we need on-premises deployments . Due to the difficulties in rolling out several security solutions , we tried to find the one tool that is the most effective .
Why did you decide to work with Cybereason on this occasion ?
We did a PoC with several vendors out of which Cybereason had the best cultural fit . Technologically , we had several vendors that were very good . Cybereason , however , quickly understood our cybersecurity vision and our company ’ s challenges .
When it shared its vision , we were able to see we would match well in a partnership .
How important is having a robust Zero Trust security strategy and how does this contribute to business success ?
We use Okta as an identity provider ( IDP ) with the features ‘ device trust ’ and ‘ IDP Factor ’ in combination with a mobile device management solution . Cybereason is the core element in our Zero Trust approach . An access attempt to our cloud applications requires the device being managed by the MDM to be ‘ compliant ’.
A device is considered compliant when it has Cybereason installed . On top of that , we ’ ve partnered with Cybereason to help build-out its XDR product . With Cybereason XDR , we cover Google Workspace , Okta , Slack , AWS , our firewalls and cross-correlate with our EDR telemetry .
How has improved visibility enhanced TX Group ’ s performance capabilities ?
We are able to create a security stack and culture that is not blocking or slowing down our business .
Speed is essential for our competitive advantage and by focusing on detection and smart automation for response , we ’ re able to use security as an enabler of the business .
How has the implementation benefitted your end-users ?
For the end-user , the solution is hardly visible . All it takes is a lean sensor on their device .
Without getting in their way , end-users benefit from a secure environment which allows them to work with any device , from anywhere , at any time securely .
What does your technology roadmap look like for 2021 ?
Our focus certainly lies on XDR as this will be the key to finding the security events that really matter to the organisation . We do not want to look at a huge haystack of alerts , but rather want to find the needle in the haystack .
For example , it is not important to know if a user has received a phishing email . It is also not important if the user clicked on the link .
What is important is to see any login attempts after such an email . Creating such a story of an incident is at the core of the Cybereason Malop .
With XDR , we are able to tell this whole story and yet give a single event a much broader context . Then we can identify and take the most effective response to such an event .
It might not be important to isolate the machine , run forensics and send our security army to solve the incident .
It could be just enough to enforce additional factors with Okta . Another area to focus on is protecting our Kubernetes environments with Cybereason .
We also plan to expand our existing Bug Bounty Programs , rollout a new Risk Management solution ( what we ’ re calling the Risk Tower ) and share with our end-users a SlackBot that informs and enforces security best practices , exciting projects that we built in-house .
What best practice advice can you offer other CISOs ?
Be bold , be authentic , take over responsibility and don ’ t shy away from making tough decisions . It is easy to hide behind someone else higher up in the hierarchy or behind compliance and to only make recommendations .
Claiming your seat as the CISO , however , requires you to always ask yourself what your main mission is . In my opinion , it should always be to add value for the business and to not get hacked ! u www . intelligentciso . com