Editor’s Insight Interview with Simon Ractliffe, SecureWorks
Managing an information security solutions company which is technology agnostic is not just about focusing on ‘what’ is being protected. It looks into the likely threats and the capability required to detect and respond to those threats.
For one such company, SecureWorks, “it is about having an open conversation about what clients need to focus on to protect themselves from cyberattacks, Simon Ractliffe, Director and General Manager for South Asia Pacific explained. “Despite various systems deployed, we as experts still need to rationalise and figure out, from multiple sources, how to make sense of what the event or alarm may be. The difference in the client environment means you need to determine what solutions clients need. We do this effectively by partnering with our clients to co-manage their various security technologies. When you look at the number of vendors in the market there is no surprise that CIOs and CISOs are struggling and we’re steadily becoming ‘a handle for them to hold on too.”
In the last two years, SecureWorks has experienced significant growth having added a number of new clients to its portfolio.
The market is trying to address the confusion for clients and there is no single vendor who has all the answers and solutions, which is a challenge in terms of security outcomes. “We’re increasingly finding you have to provide very insightful, actionable intelligence upfront and help the client solve the problem in the first instance. Then subsequently, continue to deliver mitigation, response and deal with ramifications of real and suspected breaches. The differentiation for SecureWorks lies in client intimacy. You still need to have people engaged on the ground constantly optimising the services and products to the full benefit of the client,” Mr. Ractliffe said.
Budgets are being under estimated by organisations, which means models for phased roll-outs are required to manage the client’s needs versus the budgets being assigned to security. It is clear the attack surface has expanded in respect to the cloud and giving transparency across various cloud solutions is paramount. SecureWorks is driving the managed security services market with managed detection and response solutions, as a subset of managed security service providers (MSSPs), that offer solutions in reducing the time to identify and combat threats.
SecureWorks is committed to expand its capabilities in the region and is focused on increasing its pool of threat intelligence, project management, implementation and service delivery experts at SecureWorks. The company has invested into the Australian cybersecurity market with skills, and expanded upon sense-making solutions. Mr. Ractliffe confirmed, “we have hired a number of folks who have held key positions at significant government organisations, and we are also looking to develop a substantial team based in ANZ, to work with our Counter Threat Unit TM (CTU) research team”. Mr. Ractliffe explained, “every client needs assistance and is generally found to be in the transformation phase to ensure that the business is efficient. Hence, the nature of the business requires us to work with them throughout the transition period.”
Currently, SecureWorks maintains four Counter Threat Operation Centres (CTOCs), where certified security analysts continually monitor the networks of SecureWorks’ 4,300 clients. The CTOCs are located in the U.S and in Europe. Additional personnel support SecureWorks’ CTOC operations from locations in Australia, Japan and Romania. SecureWorks has remained dominant amongst MSSPs and backed by the latest threat intelligence and the expertise of the SecureWorks CTU research team.
The CTU is made up of a range of experts, several who formally worked with CERT/CC and various country CERTs. They are identifying and studying the patterns of adversaries. CTU researchers also track the activities of Threat Group-4127 (TG-4127), known to target governments, military, international non-governmental organisations (NGOs), journalists and Russian dissidents. The group is believed to be working out of the Russian Federation and gathering intelligence on behalf of the Russian government and targeting Hillary Clinton’s email. The activity used the same technique as a 2015 spear-phishing campaign that targeted more than 1,800 Google Accounts. Components of TG-4127 operations have also been reported under the names APT28, Sofacy, Sednit, Fancy Bear, and Pawn Storm.
From a global standpoint, Jon Ramsey, Chief Technology Officer for SecureWorks, based in Atlanta with 25 years of hands-on experience looks at what’s the latest in cloud, what technologies are available and what clients will be looking for to give them transparency across the market. SMB clients with 500 or fewer end users can now purchase the “MDR for SMB” solution at a special price, which bundles together the following services: Advanced Malware Protection and Detection (AMPD); Advanced Endpoint Threat Detection Red Cloak (AETD Red Cloak); the iSensor Intrusion Prevention service; and an optional Incident Response retainer.
Enterprises clients interested in the MDR Solution can choose from any of the services below:
- Targeted Threat Hunting
- Advanced Endpoint Threat Detection
- Advanced Malware Protection and Detection
- Enterprise iSensor • Advanced Remediation Management
- Targeted Threat Response
- Incident Management Retainer
- Incident Response Remote & On-Site
“Whether threat actors are leveraging zero-day threats or living off the land, using little to no malware, staying secure requires having real-time visibility, expert detection, and the ability to respond to incidents when they occur,” said Matt Eberhart, vice president of global product management at SecureWorks. “With our Managed Detection and Response solutions, SMBs and enterprises can both receive the comprehensive protection they need in order to detect, validate, contain, and eradicate sophisticated attacks before advanced adversaries can steal critical data.”
In February, SecureWorks launched a new solution called Advanced Endpoint Threat Prevention (AETP), a next-generation antivirus service powered by Carbon Black’s Cb Defense. By leveraging Cb Defense, SecureWorks’ AETP service will offer enterprises and SMB clients:
- Protection Against Advanced Attacks: Carbon Black’s new “streaming prevention” technology prevents malware, ransomware, 0-days, and non-malware attacks.
- SecureWorks Intelligence: SecureWorks adds curated Threat Intelligence and analytics, going beyond point-in-time protection with the complete visibility needed to rapidly respond to threats identified by less-certain triggers. SecureWorks experts from its Senior Intrusion Analyst teams provide documented, actionable guidance on how to eradicate adversary activity that cannot always be blocked.
- 24X7 Monitoring: Non-stop coverage from SecureWorks gives small to mid-sized businesses (SMBs) and enterprises alike the ability to offload the time and energy of managing endpoint security to a trusted team of specially trained experts skilled at detecting and defending against advanced threats.
As the number of significant security incidents continues to rise, including those involving marquee organisations, managed security services has become a vital part of an organisation’s security program. SecureWorks’ primary goal is to work hand in hand with the client to ensure that its clients’ critical data is protected, while enabling the clients’ business to thrive.