When pure-play cyber security company Ensign InfoSecurity was founded in 2018, the cyber security industry in Singapore and the wider Asia region was filled with service providers offering niche services with technical capabilities. restriction technique.
There is also a severe shortage of cybersecurity talent, and many service providers do not prioritize talent development as they are more focused on core business activities and financial results.
At the time, organizations were just starting to understand the cybersecurity challenge, with their cybersecurity defenses in place, said Lee Fook Sun, president of Ensign, at the recent GovWare security conference in Singapore. primarily aimed at compliance with technical methods or frameworks.
Lee noted that the state of cybersecurity at the time coincided with an increasing number of cybersecurity incidents, including serious incidents such as the SingHealth data breach that compromised the personal information of 1 .5 million patients in Singapore.
“In that time, we have also seen an evolution in cyberattacks, from typical denial-of-service attacks to malware and slightly more complex ransomware cases,” he said. as well as the emergence of complex, persistent threats.”
It doesn’t help that the cybersecurity market is flooded with a diverse range of products, Lee said, often purchased and deployed by organizations with marginal security benefits, largely due to their ability to integrate poor fit.
“In addition, very minimal situational awareness and certainly very limited knowledge and understanding of cyber threats, which is unique to our region. This lack of awareness hinders the ability of defenders to take meaningful and effective actions to prevent and respond to threats,” he added.
Realizing the need for a different approach, Lee and his founding team founded Ensign with a focus on deep knowledge and expertise to solve the cybersecurity challenges plaguing the industry. .
Lee said one of Ensign’s earliest decisions was to stay true to its belief in not becoming an “armchair expert” – by investing in research and development (R&D) to develop cybersecurity tools Indigenous and world-class backed by peer-reviewed research.
Some of Ensign’s patented capabilities include artificial intelligence (AI) algorithms to detect uncommon anomalies; Automated threat hunting powered by region-specific threat intelligence; and a decision support and crisis management system to manage resources and address command and control issues in complex situations. These capabilities are now used by corporate security operations teams to enhance detection with lower latency.
But Lee said that the company does not take the position that “invented here is always better,” adding that Ensign diligently and actively tests its in-house tools against available commercial solutions. available objectively and objectively to ensure their effectiveness before implementation.
Ensign has also adopted a different approach in running the security operations center (SOC), which is typically staffed by different levels of analysis, from triage and incident response to tier one and level two, to threat hunting and SOC management for levels three and four.
It eliminates the hierarchical model of analysis and focuses on knowledge, skills, and abilities. Cybersecurity analysts work closely with threat analysts to identify anomalies and are encouraged to suggest changes to detection rules to improve results.
Depending on their capabilities, cybersecurity analysts can also perform first-level threat hunting and research, and recommend hunting scenarios to threat analysts. , which can be translated into breach attack simulation or used to underpin intelligence analysis for threat risk monitoring.
To stay current in this rapidly changing field, Ensign collaborates with international researchers and experts at the MITER Threat Intelligence Defense Center to develop solutions and knowledge for the benefit of the community.
The company also contributes to standards bodies and knowledge creation by supporting the development of guidelines and frameworks, such as the NIST Cybersecurity Framework 2.0 and the Agency’s cybersecurity labeling plan. Singapore Cyber Security Agency.
Furthermore, to help customers build confidence in responding to threat situations with the right capabilities, Ensign has developed a crisis management framework that addresses response strategies from cyber to operations and stakeholder engagement.
Today, Ensign has 900 cybersecurity professionals operating from five regional offices and delivering projects across 13 countries. Since 2018, the company’s revenue has more than tripled, and Lee expects it to quadruple by the end of the year.
“Founding and growing Ensign over the past five years has taught my team and I many important and valuable lessons,” said Lee. “These lessons have reinforced our thinking that while we need to compete on the business side, we also need to work with a broader ecosystem and industry partners in a way that construction, especially in the field of talent and capacity development.
“In addition, we need to build a deep awareness of the cyber threat environment at the global, regional and industry levels. And we need to support this with a disciplined approach and focus on building capacity to sustain investment in R&D. Finally, we need to engage and contribute to the discussion and advocacy for the common good and global collective defense.”