Knowing the risks is no longer enough!
Targeted attacks that took place in Turkey in recent years significantly increase the security awareness. People and organizations that have experienced cyber-attack threats share their experiences intensely. ADEO General Manager Selçuk Ekin, who gave this statement, answered the questions of BThaber editors. According to Selçuk Ekin, who pointed out that the guidelines and regulations provided by the relevant units of the public reinforce the awareness, we are about to have the adequate level of awareness. However, those other than the people who experienced bad incidents are slow to take action. Selçuk Ekin stated that there was no harmony between awareness and taking action and added:
“The perception for managed security services continues to improve positively; however, this structure is not as fast as the transition phase… Companies are a little distant about outsourcing. This should be explained clearly to them. As awareness and knowledge increases, we will move further away from this protective attitude; but recently the expansion of managed security services and attacks; increased the enterprises’ demand for these services. The most important problem in managed security services is the problem of trained human resources. There are state and private supported programs to train cyber security experts; but still not enough to meet the need. Not every institution can meet the need for competent and trained people within its own structure. The institution does not need to train four cyber security experts; it may need to get this support from outside. We have a great deal of trouble with training and locating cyber security experts. There are many different parts in cybersecurity. For which part will you find the qualified employee? Will it be network security or cloud security? Will the Red Team, the Blue Team, or the Purple Team, where both of them work together, be established inside? Are we going to establish a team that looks at regulations such as KVKK and GDPR? You have to keep these people at the same level of knowledge. Attacks outside are changing, diversifying and increasing. You need to increase your level of knowledge by carrying out the trainings inside. We must develop these technologies for hackers on our side, as well.
Palo Alto Networks approached the concept of “endpoint cyber security intervention” with a more integrated perspective in its products. When you say: “We will monitor not only the endpoint but also the network and cloud side. We will present all of these from an integrated screen; we will use machine learning.”, you see the advanced intervention and detection architecture with XDR. We have used it within ourselves for a long time. We transformed our own MDR, that is managed detection and intervention service, into MXDR. We will look at not only the endpoint, but also the network and the cloud, and we will provide this management and service from an integrated structure. How, when, on which vulnerabilities the incident took place in the attacked institution is just the beginning. Then it is necessary to clean and throw them out. With this cleaning need, it is not enough for only cyber security experts to work. Operations specialists are also involved in getting the system up from scratch. Because maybe you will reconstruct the cloud. You can see that targeted attacks are all encrypted. Your return is a bit easy if you have a proper infrastructure. However, if not, you need operation experts as well as cyber security experts to set up this structure again. In MXDR, we bring together both this technology and the knowledge and skills of analysts who have been doing this for years. We create an MXDR service by including internal operation. Therefore, our cooperation with Palo Alto Networks is very valuable to us. It has been a month since we announced this collaboration; but we are moving very fast in terms of both the services we provide and the expansion of the team.”