Published on: January 5, 2022
Safety Detectives: Please share your company background, how you got started, and your mission.
Ensign InfoSecurity: Ensign InfoSecurity (Ensign) is the largest pure-play end-to-end cybersecurity service provider in Asia. Headquartered in Singapore, Ensign offers bespoke solutions and services to address their clients’ cybersecurity needs.
Our core competencies are in the provision of cybersecurity advisory and assurance services, architecture design and systems integration services, and managed security services for advanced threat detection, threat hunting, and incident response. Underpinning these competencies is our in-house research and development in cybersecurity.
Ensign leverages its expertise, experience, and capabilities to help companies in Singapore, Asia, and the Middle East become secure, cyber-resilient organizations that can accelerate their digital transformation with confidence. This has been our company’s unwavering commitment. In recent years, organizations across all industries have been undergoing digitalization, adopting new technologies to transform their business operations, raise productivity, and innovate. This trend has been further accelerated by COVID-19.
This, in turn, has been driving a steady increase in the demand for cybersecurity as organizations’ digital attack surfaces continue to expand, and new vulnerabilities are introduced to their fast-growing digital environments. Thus, for businesses, cybersecurity is no longer just about risk mitigation but a competitive advantage. Potential enterprise clients are increasingly requesting cyber assurance from suppliers and service providers. Companies that are not adequately secure could be out of the running for profitable contracts and lose out on sizable revenue from more and more organizations.
These new trends are driving new growth opportunities for Ensign and opening new ways we can work with organizations to secure their operations. Our robust capabilities and end-to-end portfolio of cybersecurity solutions and services put Ensign in a strong position to help our clients enhance their security posture as organizations invest in digital technologies and accelerate digital transformation.
SD: What is the main service your company offers?
Ensign InfoSecurity: Ensign does not address security in siloes but takes a strategic approach through a consult, design & build, operate, respond, and innovate framework. It ensures the constant improvement and delivery of our services to provide greater value to clients.
Here is an overview of the different services and solutions we offer:
- For Consult, Ensign provides full-service premium cyber consulting and advisory services.
- For Design & Build, we help our clients build secure-by-design solutions and architecture for a more robust cyber defense.
- For Operate, we provide end-to-end cybersecurity management for our clients. It covers advanced threat detection, continuous monitoring, triage, and response capabilities.
- For Respond, we initiate cyber response and recovery services in the event of a cyber breach. These include digital forensics and incident response as well as cyber threat hunting capabilities.
At the core of Ensign is our Ensign Labs, which is the R&D unit in Ensign. Our team performs deep research into emerging technologies and threats and develops innovative solutions that augment our services. Our proprietary contextualized cyber threat intelligence and patented AI-Powered Cyber Analytics enable us to detect and respond faster to advanced cyberthreats.
In terms of our footprint, Ensign has offices in Hong Kong, Malaysia, and South Korea as well as client footprints in Brunei, Myanmar, Thailand, and Indonesia. In particular, we have a large installed base of Managed Security Services clients across the region. They come from a broad spectrum of industries, from public sector institutions to large multinational corporations and midsize enterprises in the private sector.
SD: What is something unique that helps you stay ahead of your competition?
Ensign InfoSecurity: A key differentiating feature that Ensign is focusing on this year is our AI-Power Cyber Analytics capabilities.
As the cyber threat landscape evolves, threat actors deploy advanced techniques to evade traditional signature-based systems. Organizations need to recognize that traditional signature-based detection will not keep up with more sophisticated threat actors and the unknowns or zero-day threats. Using the resources and advanced tools, adversaries will break through traditional defenses.
Ensign’s AI-Powered Cyber Analytics allows organizations to stay ahead of new unknowns. Powered by patented algorithms and novel approaches, our self-learning threat detection models leverage deep neural networks, proprietary self-taught learning training techniques, and customized behavioral analytics to provide our clients with a technological edge in detecting threats.
To provide our customers with trusted, reliable cybersecurity solutions and services that can enable them to stay ahead of threat actors, Ensign is leveraging AI and advanced analytics. This allows us to gain better visibility into impending attacks quicker and more accurately.
Ensign’s AI-Powered Cyber Analytics is powered by patented algorithms and novel approaches. Several innovations and technologies that are patented or are pending patent include:
Patented: Self-Learning Threat Detection – This approach circumvents the need for a fully labeled dataset to train threat detection models working on network traffic data. Instead, this approach uses both Indicators of Compromise (IoCs) and existing models to provide some labels for training the model. This technique is then used to further extend our threat detection capability based on all these IoCs and prior knowledge.
This allows Ensign to fully leverage the dataset to train sophisticated threat-detection models. It also facilitates the creation of models that are always one step ahead of the competition due to models’ capability to extend their prior knowledge to unlabelled data and use it for training.
Patented: Approach to Detecting Domain Generation Algorithm (DGA) Attacks – Ensign’s proprietary DGA detection model possesses the ability to sieve through large traffic to ascertain the presence of DGA traits and whether successful communications to malicious domains were made. By deploying Ensign’s DGA detection model, organizations can reduce the number of alerts related to such communications by more than 99.99%., producing only 300 actionable alerts. This greatly improves the accuracy and accelerates response time.
Patent Pending: Approach to Detect Phishing – Ensign uses image recognition and transformer neural networks to automatically detect and correlate phishing attacks. This enables Ensign to yield an accuracy rate of more than 95% when detecting phishing attacks.
SD: What do you think are the worst cyberthreats today?
Ensign InfoSecurity: According to the Ensign Cyber Threat Landscape Report 2021, organizations face two key cyber threats today: cyber supply chain attacks and ransomware.
Cyber Supply Chain Attacks – Cyber supply chain attacks occur when threat actors compromise an external vendor or a third-party providing digital services or products to gain access to their principal targets.
Technology service providers are attractive targets for threat actors as many organizations have engaged their services to transform themselves digitally. A successful cyber attack allows threat actors to obtain the credentials of these service providers’ clients, granting them illicit access to a wide range of companies. Threat actors are also targeting technology hardware and software vendors to breach and implant malicious codes and components into the vendors’ product development systems. This enables the perpetrators to rapidly develop zero-day exploits or create backdoors to compromise the integrity of the products, allowing them to readily reach a larger pool of targets.
If threat actors successfully compromise just one of these companies’ systems, it can create a ripple effect that will impact many organizations across industries and geographies.
Organizations need to recognize that as their cyber supply chain ecosystem expands and diversifies, they also need to take additional steps to mitigate the elevated cyber risks that come with it. This includes increasing the organization’s situational awareness. This can be done by maintaining a complete inventory of the software, hardware, and information assets within their network and those managed by their partners and vendors.
Ransomware – Ransomware is back in the limelight in recent times. Ensign’s Cyber Threat Landscape Report found that threat actors are increasingly collaborating with each other to launch ransomware campaigns. The Ransomware-as-a-Service (RaaS) model is one example where cyber adversaries leverage their respective expertise to carry out a range of malicious activities. It is believed that this organized crime business model has led to the phenomenal growth of the ransomware business.
The RaaS model has also led to the rise of the double extortion approach where threat actors first compromise endpoints to exfiltrate victims’ data and then encrypt the data to disrupt business operations. The threat actors will then demand ransom twice – one for decrypting the data, and another for not leaking the stolen data online. With the perpetrators threatening to publish their victims’ data on questionable websites, which can potentially trigger regulatory attention and payment of penalties, victims are more pressured to pay the ransoms.
Organizations need to prepare for the response and recovery of systems in anticipation of ransomware attacks. This includes provisioning backup systems and endpoints for critical functions to restore operations without significant delay. Organizations also need to support this with asset inventories and implementation of data protection solutions to enable quick identification, containment, and mitigation of incidents relating to data breaches. Lastly, they should conduct regular, thorough reviews of business-critical data and its storage location to maintain visibility of assets.