The WithSecure Sphere conference in Helsinki, Finland, kicked off with a speech Wednesday by CEO Juhani Hintikka on the deck of the racing schooner, Galiana. As the boat’s team looked on, Hintikka drew comparisons between the collaborative imperatives of boat racing and WithSecure’s own concepts of outcome-focused and collaborative — or “co” — security.
Co-security was a central theme of the event, a poignant one given Finland’s proximity to Russia and Ukraine’s reliance on partners and IT volunteers in both public and private sectors during its conflict with Russia.
- ‘Collaboration is key’: Ukraine’s cyber chief
- Outcome, not reactions, should drive security, WithSecure CEO says
- Outcome focus helps security drive corporate goals
- New module to secure cloud
Collaboration is key: Ukraine’s cyber chief
The event featured a virtual presentation by Victor Zhora, deputy chairman and chief digital transformation officer at the State Service of Special Communication and Information Protection of Ukraine, who spoke about how partnerships have played key roles in how it has addressed the protean challenges of cyber aggression from Russia, including DDoS and wiper attacks in early 2022, to recent phishing attacks on civilians.
SEE: Finland has also been targeted by Russian DDoS attacks.
Outcome, not reactions, should drive security, WithSecure CEO says
The company also announced several new products at the event, including Cloud Security Posture Management available for customers using WithSecure Elements, a cloud-based security platform. The new WithSecure Elements module aligns with an outcome-focused approach to security, which Hintikka explained aims to integrate cybersecurity and defense postures with a company’s larger strategic goals.
“Historically, cybersecurity practice has been threat-based, responding to what has already happened,” he said, citing Forrester research showing that 64% of companies still take a traditional, reactive approach to security.
“The evolution of the business landscape through digitalization means IT needs to evolve,” he said. “What we would like to propose is the next step: what is it a company actually wants to achieve. How does a company connect cyber goals with business goals?”
Hintikka said that for a chief information security officer, the key questions are how to prioritize and what to invest in. He cited another Forrester statistic: 83% of companies are interested in outcome-focused security and that most want to partner with others to achieve that, versus securing basic vendor relationships.
“Cybersecurity can no longer be an add-on. You have to start designing processes for security, as is done in design for manufacturing,” Hintikka said. He told TechRepublic that the idea has merit because of the breadth of the threat landscape and the diversity of threats.
SEE: WithSecure discusses the importance of security aligned with business goals.
“We look at all of the products and services out there, so if you put yourself in the shoes of a CISO, how would you decide how to prioritize and how would you have that discussion with your company’s business leadership? Smart companies know that investing in cybersecurity posture is an existential question. You need to do it or you might be out of business,” he said. “Every company, in a way, is a software company today and is therefore vulnerable. So there are real questions as to where to put your money,” he added.
Outcome focus helps security drive corporate goals
Laura Koetzle, who leads Forrester’s European research organization, explained that the outcome-focused approach encompasses co-security — cybersecurity as a collaborative endeavor transcending traditional vendor-customer relationships.
“The idea is you pursue security outcomes that businesses are trying to pursue. If you are, for example, trying to grow your customer base by 10%, you would ask how your security [posture] will help achieve this goal,” Koetzle said.
“If you are an established business and have, over 15 years, built up a lot of security infrastructure, policies and procedures, what you almost never do is say what stuff should we stop doing?” she added.
She said an enterprise like WithSecure, rather than approaching customers solely as a solutions vendor for security vulnerabilities, will instead query a company’s strategic goals and organize security around achieving those goals. “It requires you to think differently,” she said.
New module to secure cloud-based infrastructure
The company described its new Cloud Security Posture Management module as complementary to its Elements’ endpoint protection, endpoint detection and response, as well as to its vulnerability management and collaboration protection modules. Its CSPM product is intended to manage risks related to vulnerabilities and misconfigurations in popular cloud-based infrastructure as a service platforms and provides support for Amazon Web Services and Microsoft Azure.
The company said that the new module includes:
- Cloud security posture scanning that identifies and prioritizes misconfigurations based on risk level with accompanying mitigation instructions.
- Configuration checks for overly permissive identity and access management privileges, unencrypted data at rest, cloud instances with access to public IP addresses and other cloud security issues.
- Alignment with WithSecure’s consulting expertise and research.
- A dedicated dashboard with graphs, such as the evolution of security posture over time, and different security posture insights.
- Multi-company and multi-cloud management via a single portal along with endpoint security, collaboration protection and vulnerability management products.
- Possibility for partners, like managed service providers and managed security service providers, to provide cloud security posture management as a managed service to their customers.
Hiring kit: Cybersecurity engineer (TechRepublic Premium)
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)