There might be notable cultural differences between Europe and the US, but when it comes to cybersecurity, the challenges faced by enterprises on both sides of the Atlantic are 99 percent similar. Marcel van Eemeren and Lieuwe Jan Koning, the two Dutchmen who founded cybersecurity company ON2IT fifteen years ago, have been talking to dozens of international security leaders and potential customers. ON2IT is expanding and last October the company opened its first office in the US (Plano, Texas).
Incredible innovation versus a lack of resources
CEO Marcel van Eemeren gives a quick characterization of the status quo in all the countries they visited: incredible innovation in the threat landscape on one hand, with CIOs and CSOs citing lack of resources, skills and budgets on the other hand. And most of all: a lack of strong guiding architectural security principles, such as the Zero Trust cybersecurity approach, which has been the cornerstone of ON2IT’s rapid growth in the past decade.
Customers keeping up with mission impossible?
The ON2IT evolution mirrors a profound change taking place in the cybersecurity landscape, fueled mainly by the unstoppable adoption of cloud technologies across all industries and sectors. “The concept of a managed security service provider was relatively simple, only five years ago,” says CTO Lieuwe Jan Koning. “It basically meant that you remotely managed your customer’s firewall policy settings and monitored alerts. Critical alerts were escalated to the IT-staff at the customer’s premises, or a Security Operations Center in the case of enterprise customers.”
The landscape is changing
According to Koning, such a limited service model is bound to become extinct. “Enterprise customers are facing a myriad of challenges, both in their core business and in their IT-operations. Their security teams not only want superior technology to detect malicious activity across all forms of cloud and on-premises, they also want tightly integrated incident response processes and procedures that can be executed consistently, and continuously refined with lessons learned and best practices.”
Balance between budget and compliance demands
Van Eemeren: “Customers increasingly want an economical, enterprise-grade and highly automated alternative or support for an in-house Security Operations Center (SOC). To offer that level of service, we had to build our own ON2IT Security Automation and Orchestration Platform. It offers a wide range of integration connectors with best-of-breed software and services, advanced tools for risk and compliance analysis and automated playbooks. And just as important, it gives our customers 24/7 access to the detection and response capabilities of the ON2IT Zero Trust SOC team.”
ON2IT is certainly not the only vendor offering cloud-based security automation and orchestration functions. What makes ON2IT stand out, is that it has integrally based its procedures and platform on the concepts of the Zero Trust model. This model, first mentioned by Forrester Research analyst John Kindervag, is based on the notion that nothing either inside or outside the network perimeter can be trusted without verification. Back in 2010, Van Eemeren and Koning were mildly surprised that Kindervag’s Zero Trust ideas were not spreading like wildfire.
“We regarded it as the natural architectural foundation for our security framework and cloud platform. On top of that, the concepts of micro-segmentation, total visibility and control could be implemented fairly easily with the next generation firewalls of Palo Alto Networks, for which we were one of Europe’s most successful resellers. Later, we were one of the early adopters of network virtualization with VMware’s NSX, because that approach also goes hand-in-hand with Zero Trust.”
Tight integration with Palo Alto Networks Application Framework
That initial Zero Trust-based partnership with Palo Alto Networks culminated in the ON2IT Zero Trust SOC App for the Palo Alto Networks (PANW) Application Framework, which was announced at last year’s global Ignite conference. The framework extends the capabilities of the Palo Alto Networks Security Operating Platform, with a suite of APIs that developers can use to connect apps with rich data, threat intelligence and enforcement points.
The ON2IT Zero Trust SOC app enables customers to directly connect the ON2IT Security Automation and Orchestration Platform to the Palo Alto Networks Application Framework.
Zero Trust is gaining ground
The Zero Trust concept itself has finally become a hot topic as well, which has gained widespread adoption at tech giants such as Google and several US government agencies including the FBI.
The foresight of John Kindervag
Lieuwe Jan Koning credits John Kindervag with the foresight that a really strong conceptual model should be able to cope with technological changes. “The concept was developed before concepts and services such as Software Defined Networking, AWS or Azure were widespread, but all the core principles of Zero Trust remain relevant. This is even true for newer technological developments, notably the move to containers and microservices with products such as Dockers, Kubernetes and many more.”
Micro-segmentation is like building dykes
Koning is confident that the Zero Trust foundation on which the ON2IT security frameworks and platforms are built can accommodate even disruptive technology changes. He even has an explanation as to why a tech firm from Holland became the most prolific Zero Trust innovators outside of the US.
“Zero Trust uses the concept of micro-segmentation and reducing attack surfaces for the digital crown jewels. This approach has a conceptual resemblance with the way the Dutch have built their segmented infrastructure of canals, dykes and polders to protect their people from the sea. The impact of a breach in one dyke is limited and overseeable.”
A global product proposition
While operating from its Group headquarters in the Netherlands, ON2IT has had more than a decade of experience in helping its multinational customers comply with growing regulatory requirements, such as Europe’s General Data Protection Regulation (GDPR).
The opening of new office in the US, and at a later stage in other European countries, will bring ON2IT closer to new customers in those regions. But the orchestration and automation features of the ON2IT platform and the collaborating international teams of security analysts and forensic experts remain at the core of the managed service delivery ON2IT offers its existing and new US customers.
It’s all about automation and interoperability
Van Eemeren: “Our existence is based on the notion that organizations want maximum assurance that their business is not compromised and that the response and remediation in case of a security incident is swift, consistent and automatically documented. With the proliferation of SaaS, IaaS, PaaS and even newer multi-cloud models such as Kubernetes, VMware and Nutanix native, attack surfaces and threats will continue to grow and will become more complex.
Just look at Petya and NotPetya. We will need extreme forms of automation and interoperability between various tools. No single security software vendor can claim to adequately cover all the required functions. Multiple tools and dashboards will remain necessary for the foreseeable future.”
ON2IT has the answer
Van Eemeren says that their customers’ IT-departments have neither the staff, time nor money to run a Security Operations Center that depends on a profound knowledge of all these products and the way they integrate. “Our proposition is that we can offer customers an open platform that can integrate these various best-of-breed products and services in automated workflows, and at the same time give them access to highly trained and specialized security professionals to minimize the impact of threats or incidents. And because money is always in the equation, our monthly subscription fees should provide a clear incentive compared to in-house solutions and in-house IT-staff.”