Targeted investment in security

What is security intelligence?

Philippe Meerbergen, Solutions Architect at Davinsi Labs: “Security intelligence is, first and foremost, about gaining insight into the security of the entire IT landscape of a company, both on-site and in the cloud. On the one hand, this involves proactively cataloging the infrastructure, assets, applications and related vulnerabilities. On the other hand, security intelligence provides continuous monitoring of all digital activities in order to detect and block improper use and/or cyberattacks quickly.”

“In short, security intelligence is a necessary service for a company to measure (and therefore know) how resilient it is to cyberattacks. That makes security intelligence indispensable to the business and essential for the management in order to obtain objective feedback on the existing risks and active threats. This feedback makes it possible to set the right priorities and invest in security on a targeted basis.”

Why is security intelligence important for a company today?

Tom De Backer, Security Specialist at Davinsi Labs: “The question should really be: how can you, as a company, take the right decisions every day without the insight provided by security intelligence? Security intelligence ensures that a company can implement its cybersecurity policy on the basis of data rather than relying on gut feeling. If you don’t have objective information, then, in the context of cybersecurity, you can’t really do much more than guess which area merits the most attention.”

“We like to describe security intelligence as the comfort of knowing. By making security really comprehensible and, above all, measurable on the basis of data, security intelligence offers a certain peace of mind. It’s still a very complex matter, of course, with a great many uncertainties, and decisions are often difficult to take, but now you can base your decisions on hard facts. The company now at least knows where the biggest risks lie and what it should focus on.”

Time is of the essence

How are security incidents at clients detected?

Philippe: “The relevant security data are gathered from the IT infrastructure, the devices and the applications of the company. This often involves huge volumes of data, with information on the users, all transactions and sometimes even each byte of data traffic from the company. These data are then analyzed using advanced algorithms and we infer reliable security warnings from them in real time. These alerts are included on a list of priorities, so that the security specialists can focus straight away on the threat that may have the biggest impact on the company.”

“For the specialists, that is the startingpoint. They then go into the problem in more depth and resolve it. With security, time is of the essence. The longer it takes to notice an incident, the more it costs to repair the damage. Hence the importance of being able to work in real time. The period of time between intrusion, detection and repair has to be kept as short as possible.”

Security intelligence works in real time. That’s essential. The longer it takes to notice an incident, the more it costs to repair the damage.

Philippe Meerbergen, Solutions Architect at Davinsi Labs

Data form the basis of security intelligence.

Tom: “That’s true. Security intelligence relies on reliable, up-to-date data. They provide the fuel for our analysis which, in turn, offers the business the opportunity to take the right decisions. These decisionsare based on the analysis of data – and therefore not on personal conviction or guesswork. Data enable us to objectivize security.”

People and machines What new technologies can further speed up the detection and prevention of security incidents in the future?

Tom: “The biggest challenge at the moment lies in the shortage of experienced security analysts. The demand for specialists has never been greater than it is today and we have to find a solution to that. The good news is that new technology– such as artificial intelligence (AI) and machine learning – can help us.”

“We use algorithms when analyzing data. Computerization supports us when performing repetitive tasks. Thanks to new technology, we can collect information ever-faster from ever-larger data volumes spanning ever-longer periods. AI helps us detect certain patterns and abnormal behavior. This brings us to the core of a problem more quickly. As we leave more and more tasks to machines, the security specialists can focus better on the more complex work.”

Security intelligence is based on data analysis. That makes it possible to objectivize security rather than relying purely on gut feeling.

Tom De Backer, Security Specialist at Davinsi Labs

5G blurs boundaries

Tom: “5G will mean that the boundary between the physical and the digital worlds will become more blurred. So the importance of IT security is growing exponentially. The complexity of the balance that a company has to achieve between the risk that it is prepared to take and the cost of security keeps increasing as a result.”

“At the same time, the value of the data that companies store online is rising very rapidly. Of course, cybercriminals realize this too. So the field of action of cybercrime just carries on growing. It is important not to underestimate the criminals, certainly not now that our lives and work are playing out more and more in the digital world. There is a lot at stake.”

Work for cyber-experts

How important is IT security in terms of the customer experience? Can a data leak or a cyberattack disrupt the relationship between company and customer?

Philippe: “Of course. Unfortunately, we have a lot of concrete examples of this now. As a company, you have to earn the trust of your customers. A data leak harms that trust. Not only is the company’s image damaged, but it suffers financial loss as well, for example as a result of fines imposed for the negligent management of customer data. If companies want their customers to join them in a digital transformation, this can only happen if there is trust.”

Tom: “That, among other things, is what we are responding to with managed security services (MSS), where companies have the opportunity to focus on their core activities and outsource the security aspect to a specialized partner.”

Philippe: “The Proximus Security Operations Center (SOC) combines technology, processes and experts and therefore acts as our eyes and ears on the ground. Thanks to the SOC, we are informed immediately when a new threat appears on the scene. If cybercriminals succeed in breaking through a customer’s security, the SOC helps contain the incident and resolve it as soon as possible.”