Sapsiwai – Fotolia
When pure-play cyber security firm Ensign InfoSecurity was established in 2018, the cyber security industry in Singapore and the broader Asia region was dotted with service providers offering niche services with limited technical capabilities.
There was also a severe shortage of cyber security talent, and many service providers did not prioritise talent development as they were more focused on core business activities and financial outcomes.
At the time, organisations were just starting to understand the cyber security challenge, with their cyber security defences primarily geared towards compliance with technical methodologies or frameworks, said Lee Fook Sun, chairman of Ensign, at the recent GovWare security conference in Singapore.
Lee noted that the state of cyber security at the time coincided with the growing number of cyber security incidents, including high-profile ones such as the SingHealth data breach that compromised the personal information of 1.5 million patients in Singapore.
“We also saw at that time, the evolution of cyber attacks, from the typical denial-of-service attacks to malware and somewhat more sophisticated ransomware cases and the emergence of advanced persistent threats,” he said.
It didn’t help that the cyber security market was flooded with a diverse range of products, which were typically purchased and implemented by organisations with marginal security benefits, largely due to poor integration, Lee said.
“In addition, there was very minimal situational awareness, and certainly very limited knowledge and understanding of cyber threats, which is unique to our region. This lack of awareness hindered the abilities of defenders to take meaningful and effective actions to prevent and respond to the threats,” he added.
Recognising the need for a different approach, Lee and his founding team established Ensign with a focus on deep knowledge and expertise to address the cyber security challenges plaguing the industry.
One of Ensign’s earliest decisions was to uphold its conviction to not become “armchair experts” – by investing in research and development (R&D) to develop indigenous and world class cyber security tools backed by peer-reviewed research, Lee said.
Some of Ensign’s patent-backed capabilities include artificial intelligence (AI) algorithms to uncover uncommon anomalies; automated threat hunting powered by threat intelligence tailored for the region; and a crisis management and decision support system to manage resources and address command and control in complex situations. These capabilities are now used by the company’s security operations teams to enhance detection with lower latency.
But Lee said that the company is not of the view that “being invented here is always better”, adding that Ensign diligently and actively tests its in-house tools against commercially available solutions in an unbiased and impartial manner to ensure their effectiveness before deployment.
Ensign also took a different approach in running its security operations centre (SOC), which is traditionally staffed by different tiers of analysts, from triaging and incident response for tiers one and two, to threat hunting and SOC management for tiers three and four.
It did away with the tiered analyst model and focused on knowledge, skills and abilities. Cyber security analysts work closely with threat analysts to identify anomalies and are encouraged to suggest changes to detection rules to improve outcomes.
Depending on their competencies, cyber security analysts may also perform first-level threat hunting and research and suggest hunting scenarios to threat analysts, which can be translated into breach attack simulations or used to reinforce intelligence analysis for threat risk monitoring.
To stay current in this rapidly changing field, Ensign collaborates with international researchers and professionals at the MITRE Engenuity Center for Threat-Informed Defense to develop solutions and knowledge for the public good.
The company also contributes to standards bodies and knowledge creation by supporting the development of guidelines and frameworks, such as the NIST Cybersecurity Framework 2.0 and the Cyber Security Agency of Singapore’s cyber security labelling scheme.
Furthermore, in helping clients build confidence in responding to threat scenarios with the right competencies, Ensign has developed a crisis management framework that addresses the cyber-to-operational response and stakeholder engagement strategies.
Today, Ensign has 900 cyber security professionals operating from five regional offices and delivering projects across 13 countries. Since 2018, its revenue has more than tripled, and Lee expects it to quadruple by the end of this year.
“Establishing and growing Ensign in the past five years has taught my team and I many important and valuable lessons,” Lee said. “These lessons have reinforced our thinking that while we needed to be competitive in the business sense, we also needed to work with a wider ecosystem and industry partners in a constructive way, especially in the area of talent and capability development.
“Additionally, we need to build a sharp awareness of the cyber threat environment at the global, regional and sectoral levels. And we need to back this up with a disciplined and focused approach to capability building to sustain investments in R&D. Finally, we need to participate and contribute to the discussion and advocacy for global collective defence and the public good.”
The next U.S. president will set the tone on issues such as AI regulation, data privacy and climate tech. Where do prominent …
Efficiency, resiliency, productivity and ROI are among the most critical digital transformation benefits for businesses fighting …
Congress could eventually run into a similar issue with AI as data privacy — states passing a patchwork of laws that become …
Cryptocurrency recovery company Unciphered discovered a vulnerability in a JavaScript Bitcoin library that could jeopardize …
Boeing confirmed that it experienced a cybersecurity incident following LockBit’s claims, but the aircraft manufacturer has not …
Enterprise Strategy Group’s Bob Laliberte discusses the latest findings in his newly released report and why SD-WAN’s direct …
Enterprises have three main options when it comes to cloud network architecture: Use built-in CSP tools, buy virtual networking …
Enterprises are evaluating 5G and its effect on their operations. Before they can reap the benefits, they have to consider these …
Organizations are embracing modern distributed cloud environments. At its analyst day, Red Hat advised taking a platform approach…
Rocky Linux and AlmaLinux are new distributions created after Red Hat announced the discontinuation of CentOS. These …
Red Hat’s discontinuation of CentOS is causing individual users and companies to look elsewhere for an RHEL-compatible OS. Look …
With CentOS 7 and RHEL 7 reaching end of maintenance, RHEL admins and developers must look into other OS options. Follow this …
The database vendor is making industry verticalization a significant part of its product roadmap to help customers in various …
The vendor’s new integration with vector database specialist Pinecone is designed to enable users to ensure quality of the data …
Assemble the six layers of a big data stack architecture to address the challenges organizations face with big data, which …
All Rights Reserved, Copyright 2000 – 2023, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information