WithSecure introduces ‘outcome-based’ security at Sphere23 conference
At the Sphere23 event in Finland, security company WithSecure presented its offerings focused on collaboration, business goals and results.
The WithSecure Sphere conference in Helsinki, Finland began with a speech by CEO Juhani Hintikka on Wednesday aboard the racing schooner Galiana. As the boat’s team looked on, Hintikka compared the collaborative requirements of boat racing with WithSecure’s own concept of results-driven and collaborative – or “peer” – security.
Shared security was the central theme of the event, which was poignant given Finland’s proximity to Russia and Ukraine’s reliance on partners and IT volunteers in the public and private sectors during its conflict with Russia.
Cooperation is key: Ukraine’s cyber boss
The event featured a virtual presentation by Victor Zhora, Deputy Chairman and Director of Digital Transformation of the Special Communications and Information Protection Service of Ukraine, who spoke about how partnerships played a key role in addressing the protective challenges of cyber-aggression. From Russia, including DDoS and window wiper attacks in early 2022, to recent phishing attacks on civilians.
SEE: Finland has also become the target of Russian DDoS attacks.
According to the CEO of WithSecure, results, not reactions, should drive security
The company also announced several new products at the event, including Cloud Security Posture Management, available to customers using the WithSecure Elements cloud security platform. The new WithSecure Elements module aligns with a results-driven approach to security, which Hintikka explains integrates cybersecurity and defense postures into the company’s larger strategic goals.
“Historically, cybersecurity practices have been threat-based and reactive to what has already happened,” he said, citing Forrester research that found 64% of companies still take a traditional, reactive approach to security.
“The evolution of the business environment through digitization means that IT must evolve,” he said. “What we want to suggest is the next step: what a company actually wants to achieve. How does a company connect cyber goals with business goals?”
Hintikka said the key questions for an information security leader are how to prioritize and what to invest in. He cited another Forrester statistic: 83% of companies are interested in results-driven security, and most partners want to work with others to achieve it. that versus securing essential vendor relationships.
“Cybersecurity is no longer an add-on. You have to start designing safety processes as you do in manufacturing design,” said Hintikka. He told TechRepublic that the idea has merit because of the breadth of the threat and the diversity of threats.
SEE: WithSecure discusses the importance of security aligned with business goals.
“We look at all the products and services, so if you were a CISO, how would you decide to prioritize and have that discussion with your company’s management? Smart companies know that investing in their cybersecurity posture is an existential question. You have to do it or you could go out of business,” he said. “In a way, every company is a software company today, and therefore vulnerable. So there are real questions about where to put the money,” he added.
Focusing on results helps security achieve company goals
Laura Koetzle, head of Forrester’s European research organization, explained that the results-oriented approach includes peer security – cyber security as a collaborative effort that transcends traditional vendor-customer relationships.
“The idea is to aim for security outcomes that businesses are trying to achieve. For example, if you’re trying to increase your customer base by 10%, you might ask how secure you are [posture] helps achieve that goal,” Koetzle said.
“If you’re an established business and you’ve built a lot of security infrastructure, policies and procedures for over 15 years, you almost never ask, ‘What should we stop?’ he added.
He said that a company like WithSecure, rather than looking to customers as a vulnerability solution provider, will look at the company’s strategic goals and build security around meeting those goals. “It requires you to think differently,” he said.
New module for securing cloud infrastructure
The company described the new Cloud Security Posture Management module as complementary to the Elements endpoint protection, endpoint detection and response, vulnerability management and collaborative protection modules. Its CSPM product addresses vulnerability and misconfiguration risks in the popular cloud infrastructure as a service platform and provides support for Amazon Web Services and Microsoft Azure.
The company said the new module includes:
- A cloud-based security posture audit that identifies and prioritizes misconfigurations based on risk level with accompanying mitigation instructions.
- The configuration checks for overly permissive identity and access management permissions, unencrypted data at rest, cloud instances with access to public IP addresses, and other cloud security issues.
- Aligned with WithSecure’s consulting expertise and research.
- A dedicated dashboard with graphs such as the evolution of the security situation over time and various security situation insights.
- Manage multiple enterprises and multiple clouds through a single portal with endpoint security, collaboration protection, and vulnerability management products.
- An opportunity for partners, such as managed service providers and managed security providers, to provide cloud-based security posture management as a managed service to their customers.
Using Zero Trusted Access to Maintain Compliance and Solve Common MDM Issues (TechRepublic)
Tenant Pool: Cybersecurity Engineer (TechRepublic Premium)
Learn Python: Online courses for novice developers and coding experts
Cyber Security and Cyber War: More Must Reads (TechRepublic on Flipboard)