CIO Bulletin

SecurityHQ ensures complete visibility and protection against your cyber threats

In the current world that is run by technology and network connections, it is crucial to know what is cyber security and to be able to use it effectively. Systems, important files, data, and other important virtual things are at risk if there is no security to protect it. Whether it is an IT firm or not, every company has to be protected equally. With the improvement of the new technology in cyber security, the attackers also do not fall behind. They are using better and better hacking techniques and target the weak points of many companies out there.

While in conversation, Feras Tappuni, CEO and Founder, uncovered SecurityHQ’s journey

Q. What motivated you to reinvent security services?

It was a combination of two key things. One, you could see the security risks accelerating beyond anybody’s expectations, and you could see there was a real need for protection against that. Two, when you looked at what was available, and what is still available to clients, it was particularly poor when it came down to monitoring, enterprise-grade, 24/7, SLA, KPI-driven services. There are only a handful of players who have that capability. So, I was determined that SecurityHQ became the leader in this space, to monitor 24/7 against an SLA.

Q. Where do you think the modern enterprise security system is lacking, and how is your company filling the void?

I would not say the word is lacking, it’s because of the rapid involvement of the digital transformation, or the deployment of cloud applications and distributed architecture, that makes it very hard for enterprise customers to know their asset base. It’s a constant moving target for them. What they need is a company who understands their complex architecture, understands their asset base, understands their use cases, and understands their risks, and is ready to adapt and change very quickly. We understand that asset lists change all the time, and use cases need to constantly evolve, as the risks continually change. That is what a true security partner must offer their clients.

Q. Modern cyber attacks are equally automated. How do you help organizations to fight fire with fire?

To fight fire with fire, our threat intelligence service has to get ahead of the game. For instance, with the recent Log4J attack, we were extremely quick to act and show people how to react. This is where our own Marketing team comes into the cyber realm, when we get in front of our customers, get infront of the risk, as soon as possible, to show customers what to do, advise them, check it, double check it, and then set up the user behaviour analysis to look for the signs and the footprints, to get ahead of the curve.

Q. Perception and reality must coincide in the field of cybersecurity. How do you know if there is a probability of breach?

It does not work like that. Take going to the gym, for instance. If you work out regularly, are super fit and you lead a healthy lifestyle, your risks are lower. It is no different with cyber. If you know your assets, do your vulnerability assessments, are ahead of the curve, have the 24/7 in place, you have an army of people you can call on, you are going to be ahead of the threats.

The focus should not be on creating barriers during an attack, it is what you do before that, to make sure you have the systems, people, and processes in place that really matters.

Q. There are other reputed companies in the market, how are you a better service provider?

We don’t really look at other companies in the market. In all honesty, we know what we do, and the biggest influence on how we deliver our services comes from our clients. We listen to our 100+ clients constantly, and we take their criticisms as a positive, to constantly improve what we do. Take care of your customers is what matters, if you take care of your customers and are customer driven, your business will take care of itself.

Q. Internal inefficiencies in an organization undermine security analytics and operations. Do you help your clients patch their internal operations?

We do when required, it depends, there is often a natural conflict between IT and Security and that is not necessarily a bad thing. IT wants to keep everything open and running to keep the business moving, and sometimes security perceives this as IT not having security interests at heart. It’s not as simple as that, ultimately you cannot expect every client to do every patch, stay on top of every single security element, but what you must focus in on is making sure the major stuff is there, make sure you have a system and a cycle to constantly move forward. Work against a framework so you can track your journey – we are a great advocate of the MITRE Attack framework.

This is no different for SecurityHQ, we are constantly pushing ourselves as well, and it is not easy and I empathise with that, but you need to look back quarter on quarter, look back and say that ‘we got that done, what do we need to do now?’.

Q. Bigger the network. Bigger the issue. Do you think your services are ready to cater the needs of never-ending digital transformation?

Absolutely. We monitor both small and giant networks. Ultimately once the systems are in place, they are very similar. In many ways the smaller ones have their own challenges because they have a lack of resources, while the larger organisations usually have a lot more people that can react to things. But the size of the network does not really make too much of a difference to us.

Q. How efficient is your security expertise, and how do you keep your service standards up and running?

Training is the key to this. We have huge investments in training, we have a full cyber range for internal staff, we have academies and programmes to keep skills sharp. Training to the next level is crucial and we are constantly recruiting to try and find the right sort of staff that fit our mantra.

Q. Will SecurityHQ be expanding, bringing on any new services that we should be aware of?

We recently opened our new SOC in New York, and that will continue expansion within the U.S. We very recently released Our XDR service. And we will be offering a new digital threat risk service in 2022 and will be rolling out the Guardium based security monitoring service in 2022 also.

Biography of the man behind SecurityHQ

Feras Tappuni is the CEO and Founder of SecurityHQ and is responsible for overseeing all the technical and financial aspects of the company. With over 25 years’ experience, he has dedicated his life to cyber security and is driven by the desire to offer his clients the highest degree of protection against today’s cyber threats. Feras has delivered complex security and engineering projects to prestigious clients globally. From harnessing the right technology, processes, and people, he ensures that SecurityHQ delivers a truly enterprise-grade experience.