A primary challenge for any Managed Security Service Provider (MSSP) is being able to accommodate a wide range of customers while maintaining high standards — “to ensure we deliver superior cybersecurity outcomes for our customers,” says Arno Robbertse, CEO of ITC Secure. This global MSSP serves organizations in more than 180 countries and strives to create greater efficiencies, automation, and effectiveness in its 24/7 security operations center.
As part of C5 Capital’s Cyber Alliance to Defend Our Healthcare, ITC Secure stood up an IronNet IronDome for healthcare in the U.K. specifically designed to provide a service that benefits multiple customers while still offering each customer individual protection and a level of monitoring and assurance that is tailored to their organization. In response to a significant increase of both the volume and the sophistication of attacks faced by healthcare organizations, “We simply had to do something to help these organizations stay protected, continue their operations, and keep communities safe,” notes Robbertse.
Protecting healthcare, including hospitals and life sciences organizations, is crucial for many reasons as they progress along the same digital transformation journey as many other industries. They are adopting new technologies, using the cloud to increase their processing capabilities, and using AI to come up with new ways of delivering healthcare and new medicines as the sciences evolve. The use of increasingly sophisticated technologies increases the complexity of protecting these organizations. “This is where the creation of the IronNet Dome specifically for healthcare can benefit organizations," says Robbertse, "by allowing them to learn what attacks other peers in their industry are facing and defend better.”
Detecting unknown threats
As the sophistication of cyber attacks continues to increase across the threat landscape, “one cannot simply rely on traditional monitoring tools and security defense in order to stay completely secure,” says Robertsse. IronNet’s network detection and response capabilities fill a gap in threat visibility through early detection of unknown threats. “IronNet’s behavioral analytics offer organizations the ability to monitor for those unknown unknowns. By looking at the behaviors and identifying anomalies that way, we are able to detect very sophisticated attacks without ever having seen them in the past.”
Behavioral analytics round out the SOC Visibility Triad and offer firms such as ITC Secure greater detection capabilities. Organizations and industries cannot simply rely on traditional signature-based detection. These methods have their value and have their place in an organization’s cyber defense, but MSSPs and end-users need to see more. “Our adversaries don’t come from the same place every time. They don’t use the same techniques. They are continuously trying to adapt,” says Robbertse. “No SOC team can ignore the network. IronNet observes traffic flowing on the networks in order to identify changes in that behavior and, ultimately, to give us much richer information than we previously would have from only log sources and the end points.”
The benefit of real-time collective threat intelligence
Simply put, in addition to improving detection capabilities, companies need to learn from each other and gain insights from the threat landscape across industries to improve the cyber defense of every organization. Robbertse explains why:
Defending alone in the world of cybersecurity is simply too costly. It is too costly in both resources and, more significantly, in time. It takes time for us to learn our lessons. It takes time for us to identify suspicious behavior. It takes time to identify incidents. By enabling us to learn from what’s happening with our peers, potential competitors, and other industries, the IronDome helps us accelerate our own cybersecurity defense so we can be better prepared for what we may face in the future. With the IronDome solution, we are able to learn from not only attacks on our own organization but observations from across all other organizations participating in that Dome, therefore achieving true Collective Defense in not having to defend on our own.
Collective threat intelligence goes beyond sector-specific defense. The need for private-public collaboration is clear, as defending in isolation no longer works. Although the cooperation between public and private sectors to share information and drive superior cybersecurity outcomes for both sectors is something that has been talked about for years, it has been difficult to implement. The current threat sharing methods, while effective, are very manual, meaning that there is a time lag between the critical cyber threat information being shared into these manual platforms and then, on the other side, the information shared out.
Resolving this challenge with IronNet’s help, Robbertse notes that, “IronNet’s IronDome not only automates the sharing of this information but does it in a way that the anonymity and privacy of all the organizations participating in the IronDome is fully protected and compliant with GDPR and other regulations.” In this way, all participants can fully benefit from the cybersecurity intelligence that IronDome gathers.
Doing more with less for better cyber defense
In addition to gaining broader detection and real-time threat sharing capabilities, ITC Secure has “found that the use of IronNet’s IronDome is helping our clients scale their own cybersecurity teams and organizations, to do more with less.” ITC Secure is able to scale its security operations center by having a very sophisticated tool that reduces false positives because of the advanced analytics and the data science that have gone into the product. With additional validation through alerts correlated in the IronDome, Robbertse’s operations center analysts “know that when an alert is raised and validated through IronNet, it has been seen in multiple organizations, too, reducing the effort needed by security teams to monitor those alerts.”
“A true partnership” with IronNet
The IronNet team has approached working with ITC Secure as a true partnership, and vice versa. ITC Secure especially benefits from working with IronNet’s technical team to ensure integrations into existing platforms. These integrations are absolutely critical for MSSPs, including integration into IT management services platforms and orchestration and automation platforms. “The IronNet team of experts have been absolutely excellent in helping us build out these integrations to help us realize the best possible efficiencies and effectiveness for our clients,” says Robbertse, as well as closely collaborating with IronNet’s Cyber Operations Center:
A key differentiator for us working with IronNet has been the access to their incredible experts in their Cyber Operations Center. These teams have been very accessible and absolutely excellent in helping our organization not only implement IronNet into our automation platform but to support our clients during difficult incidents. And with deep forensic investigations, the IronNet threat hunters have been impressive, and we really appreciate their support.
Robbertse affirms that, “One thing that really stands out for us in working with IronNet has been the true sense of partnership.” The spirit of Collective Defense drives this dynamic partnership. “IronNet’s philosophy of Collective Defense,” says Robbertse, “runs all the way through their organization: the people, their teams, their products.”