In this SafetyDetectives interview with Feras Tappuni, founder and CEO of SecurityHQ, we delve into the ever-evolving realm of cybersecurity. Tappuni, who has been at the helm of SecurityHQ for nearly two decades, reflects on the transformational impact of artificial intelligence and machine learning on security architecture. He emphasizes the indispensable role of human expertise in the face of increasing automation and sheds light on why organizations might consider partnering with a Managed Security Service Provider (MSSP) like SecurityHQ.
Can you please introduce yourself and talk about your role at SecurityHQ?
My name is Feras Tappuni, and I am the founder and CEO of SecurityHQ. My role is multifaceted, as I ensure that we deliver to all our clients globally. I oversee recruitment, funding, and risk elimination, essentially everything a CEO is responsible for. My core belief is that if you care for your customers, everything else falls into place. It’s that straightforward.
What are the main services offered by SecurityHQ?
SecurityHQ is a global managed security service provider, commonly referred to as an MSSP. To simplify, our services can be categorized into three main areas:
- Managed Security
- Managed Risk
- Managed Defense
The most significant portion of our services revolves around managed defense, where we monitor our clients’ systems 24/7 according to a service level agreement (SLA). We alert clients about any malicious traffic or potential risks detected on their network.
Furthermore, our role doesn’t end at just alerting; we also take steps to remediate and mitigate the risks. This comprehensive approach ensures that we both detect and respond promptly
How has the role of an MSSP evolved in the past few years, given the rapidly changing cybersecurity landscape?
It’s unrecognizable how it’s evolved. We have been in the security business at SecurityHQ for nearly 20 years now. We are not a startup. We’re very mature. And we have six security operations centers around the world. What we delivered at the beginning was a simple “Oh, this looks odd,” or “this is unusual,” and we would send out an alarm and conduct some basic investigation.
Now, we’re confronting some of the most intricate threat actors and incidents imaginable, ranging from state-funded entities to organized crime. We have developed the skills, tools, expertise, and particularly the personnel on how to detect and respond accordingly.
To answer your question succinctly, the threats have evolved by a factor of 1,000 compared to what we used to see.
What do you see as the most pressing cybersecurity challenges for enterprises today?
The most pressing challenge is access to skills. If I were to simplify the feedback from all our clients worldwide, what they genuinely value about SecurityHQ is our people. And it’s not just about their personalities, but their professionalism, the depth of their expertise, how we’ve trained them, and notably the environment they operate in. This is something enterprises increasingly find challenging to acquire.
If you run a cybersecurity team, say, for a bank in New York, recruiting and retaining skilled professionals is a substantial daily challenge. Handling complex threats on a 24/7 basis is a task few enterprises can maintain. They genuinely need specialists like SecurityHQ for that.
What role does artificial intelligence and machine learning play in your security monitoring and response strategies?
Artificial intelligence and machine learning are already fundamentally changing the way we architect security.
SecurityHQ has, out of the box, over 2000 playbooks. We are fully automating those playbooks and using machine learning to enhance how we respond to threats.
AI will shape the next iteration of this approach. While we haven’t seen it yet, I fully expect that AI will soon be employed by malicious actors. Consequently, we will be combating AI engines with our own AI engines. That’s the direction in which we’re headed.
Do I believe it will revolutionize cybersecurity to the extent that professionals become obsolete? No, I don’t. Because security incidents aren’t isolated events. They are often a culmination of various minor and major indicators that guide investigation efforts. And, frankly, the human intuition and expertise remain irreplaceable. There’s a methodology behind it that can’t be entirely automated. Every time I board a plane, even though most of its operations are automated, I’m reassured knowing there are pilots upfront. They discern which alarms to heed and which to dismiss, and they know when to seek assistance. I much prefer it that way.
What are some key indicators that an organization might benefit from working with an MSSP as opposed to managing security in-house?
There are numerous indicators. One of the most significant is mastering the basics. For instance, having a dedicated cybersecurity manager review your weekly report. With SecurityHQ, it’s not merely about sending reports or alarms; you have scheduled weekly meetings with a skilled professional to review your report. It’s akin to attending the gym regularly. Each week, you’re analyzing traffic, examining incidents, identifying required changes or patches. We advise on adjustments we might need to make on our end regarding monitoring. Engaging in this routine 52 times a year is like working out three times a week – you continually improve, and if setbacks occur, recovery is swift.
This consistent approach is often misunderstood about SecurityHQ. Beyond the tech bells and whistles, incident responses, and access to skilled individuals, the real value lies in the consistent review sessions. It’s not just about providing visibility into your traffic; it’s about granting genuine insight and actionable steps at the end of each weekly meeting.