Vision Managed Security.

Wortell vision on Managed Security

A lot has changed in the world of cybersecurity in the past fifteen years. In the early 2010s, malicious actors proverbially shot mostly with buckshot: attacks were often general in nature, using many generic techniques to see where they got in. Some vulnerable servers may have been hit. Although the impact of this could be significant, such as the failure of critical applications, it generally did not result in a total 'business-down' situation. Recovery was often possible through backups. Our 'defense' consisted mainly of having anti-malware and antivirus solutions available on servers and workstations, along with firewalls on networks.

Today, fifteen years later, we speak of 'Human Operated Ransomware'. These are professionally organized and well-equipped groups that target a company. They collect extensive information about your organization in advance: who works there, what technologies are used and what vulnerabilities are present within your environment. Based on this information, they develop a tailor-made approach for each organization and apply encryption that is specifically tailored to your environment. This can lead to your organization going completely 'down' within 45 minutes and business processes coming to a standstill.

In addition, these hacking groups use a second tactic: before they encrypt your environment, they copy sensitive data to external locations. In doing so, they put your organization in a bind. Because even if you decide not to pay a ransom and rebuild your IT environment, they threaten to disclose this data. A single security solution, such as an antivirus program or firewall, is certainly no longer sufficient.

Integrated security approach

It can make sense to add security at multiple levels, so that there are different 'thresholds' for protection. It is very important that this approach is integrated , in which all information and reports come together in one system from which immediate action can be taken. Nowadays we call this eXtended Detection and Response (XDR).

Because an attack can lead to irreparable business down within 45 minutes and attackers are active 24/7, it is useful to work with a partner that offers Managed eXtended Detection and Response (MxDR) 24x7x365 . The 'R' in MXDR is important here: it is not only about detection ("we have seen something"), but also about the response: intervening (isolating machines, disabling accounts and performing analyses).

However, in our approach, Managed Security is also Security Awareness. How do you make your employees the 'strongest link' in your security strategy? But also continuously improving your security by proactively identifying vulnerabilities through, for example: Pentest.

The role of AI and ML in our approach

With the rise of (Security) Copilot, among others, we are often asked: what role do Artificial Intelligence (AI) and Machine Learning (ML) play in our services? AI and ML are fundamental components in all our services, including our MxDR service.

We apply ML algorithms to establish a baseline of normal user behavior and continuously analyze data streams to detect anomalies. This method enables immediate detection of unusual behavior, independent of predefined detection rules.

We use ML and advanced algorithms to thoroughly investigate the cyber kill chain . By correlating individual events into a coherent incident, we improve insight into and confidence in the detection of potential threats. This allows us to detect attackers early in their attack cycle and take action to stop threats. By mapping the entire attack chain, we can intervene before significant damage occurs.

AI is also used to generate texts and reports for root-cause analyses and investigations. This application enables us to quickly and accurately identify the underlying causes of security incidents.

Customers at the heart of our security approach

We believe that the strength of our services lies in the continuous alignment with the needs and feedback of our customers. That is why we regularly organize MxDR user days, where we not only update customers on the latest threats and technological developments, but also actively engage with them.

During these meetings, we present new functionalities, our roadmap and collect valuable input to further optimize our services. This feedback is essential to ensure that our service portfolio always fits seamlessly with the actual challenges and needs within organizations. Curious? Watch the video below.