Network & Security Data to Discover what we Don’t Know yet

CEO of Netassist, Hon Fun Ping, thinks he has a headstart over most startups.

Despite the cybersecurity solutions provider being established only a year ago in September 2017, the CEO at the helm is no newbie.

“I hear that many startups have to explore different possibilities (before they settle in to the industry). My first job was in 1996. It’s been 22 years, so I know very well what I want to do, and when I began in September last year, I knew exactly what to do.”

Hon Fun Ping

For one, he knew that he wanted to offer operations centre services that was a hybrid of security and networks. Netassist is an associated company of MyKris, a major telco, cloud and data centre player in Malaysia, that already has a network operations centre (NOC).

Hon said, “Due to the fact that telcos do not provide cybersecurity monitoring, there is a gap. We have customers who buy bandwidth from us, and we bundle cybersecurity service together with it.

“So, we are offering something unique.”

Secondly, in the cybersecurity industry, talent is a crucial success factor. Hon shared, “My priority was to look for talent. I’m lucky in the sense that I was able to sign up new customers, and even customers from previous jobs.”

Because, the way Netassist works is through customers. “We are the only managed security services provider that is partner-friendly,” Hon said, rationalising that no company can stand alone. “There are a few components that have to be put together to be a complete solution.”

The need for hybrid

Netassist is described as a holistic cybersecurity services provider with consultancy services, as well as managed security services that is based on using best-of-breed protection, as well as monitoring and insights from security and network perspectives.

Hon pointed out that it is a global trend for telcos to start to offer cybersecurity services. “Telstra, a major telco player talked about cybersecurity monitoring services at RSA. They call it managed detection and response services, which is a new name for a capability that has been around in the market already.”

Nearer to home, Singapore telco Starhub merged with Quann, another cybersecurity services provider, and rebranded it as Ensign Infosecurity.

In Malaysia, Netassist is the only company that is able to offer security and network operations centre (SNOC) services.

Hon explained, “Netassist is becoming hybrid, because the NOC does not do the job of a SOC and the SOC does not do the job of a NOC. It’s two totally different categories of job skills.

“At a glance, it looks like the same setting and same things to do with a bunch of people viewing big screens.” A closer look behind the screens will reveal fundamentally different things, however.

A NOC has network engineers who work with switches, routers and so on. A SOC uses different tools like SIEM (security incidents events management) that requires entirely different skillsets.

“NOCs monitor networks and use network monitoring systems. It can’t tell more beyond how the network is performing.,” Hon said.

The network needs to know about cybersecurity threats because these threats affect network performance which is the main thing a NOC is concerned about.

So, the NOC could help mitigate DDoS attacks for example, but when other types of cybersecurity attacks happen and the network still behaves ‘normal’, it will not raise any alerts. And no alerts will be raised because the NOC cannot detect anything beyond the network layer.

Hon said, “Telcos can’t tell anything that is happening with the application layer.  That is where the gap is.”

Netassist’s new security and network operations centre is slated to move to bigger premises in Bukit Jalil, come mid-December, this year.

Working with different data

So, here we have two fundamentally different services that collect different data, use different tools and do different things with these tools to affect changes in different parts of the whole IT environment.

What if these were all combined and managed from a single pane of glass, instead of two? This is what a SNOC aims to do.

Hon said, “With our SNOC, we are monitoring your entire environment, I will know your vulnerability level, any activity outside the firewall, and if we detect any attack from the behaviour of IP traffic, we can block it.”

Essentially, the more data the SNOC collects, the more accurate its insights will be. Undiscovered correlations are more likely to surface as well.

“We always talk about firewalls, but have we analysed other data like network and telemetry data? Big data includes even data that seems irrelevant,” Hon said adding examples of unlikely correlations like houses with yellow doors having a higher insurance premium, or that drowning in swimming pools has a very high direct correlation with sales of ice-cream.

These instances are not made up, and are actual real-life events.

“We don’t know what we don’t know!” Hon emphasised.

This is a timely reminder that the cybersecurity industry needs now more than ever, an ever-inquisitive and ever-investigative nature, if it’s ever to have a chance against the bad guys. Otherwise we are in danger of doing the same-old same old, which is proving to be ineffective.

“More than 85-percent of people will stop doing business with you, if they know your organisation has some data leakage or has undergone a cyberattack.

“So, it’s a matter of survival now, which is more important than compliance. You are only as strong as your weakest link,” Hon concluded.