How Ensign is leading the charge in cyber security

When pure-play cyber security firm Ensign InfoSecurity was established in 2018, the cyber security industry in Singapore and the broader Asia region was dotted with service providers offering niche services with limited technical capabilities.

There was also a severe shortage of cyber security talent, and many service providers did not prioritise talent development as they were more focused on core business activities and financial outcomes.

At the time, organisations were just starting to understand the cyber security challenge, with their cyber security defences primarily geared towards compliance with technical methodologies or frameworks, said Lee Fook Sun, chairman of Ensign, at the recent GovWare security conference in Singapore.

Lee noted that the state of cyber security at the time coincided with the growing number of cyber security incidents, including high-profile ones such as the SingHealth data breach that compromised the personal information of 1.5 million patients in Singapore.

“We also saw at that time, the evolution of cyber attacks, from the typical denial-of-service attacks to malware and somewhat more sophisticated ransomware cases and the emergence of advanced persistent threats,” he said.

It didn’t help that the cyber security market was flooded with a diverse range of products, which were typically purchased and implemented by organisations with marginal security benefits, largely due to poor integration, Lee said.

“In addition, there was very minimal situational awareness, and certainly very limited knowledge and understanding of cyber threats, which is unique to our region. This lack of awareness hindered the abilities of defenders to take meaningful and effective actions to prevent and respond to the threats,” he added.

Recognising the need for a different approach, Lee and his founding team established Ensign with a focus on deep knowledge and expertise to address the cyber security challenges plaguing the industry.

One of Ensign’s earliest decisions was to uphold its conviction to not become “armchair experts” – by investing in research and development (R&D) to develop indigenous and world class cyber security tools backed by peer-reviewed research, Lee said.

Some of Ensign’s patent-backed capabilities include artificial intelligence (AI) algorithms to uncover uncommon anomalies; automated threat hunting powered by threat intelligence tailored for the region; and a crisis management and decision support system to manage resources and address command and control in complex situations. These capabilities are now used by the company’s security operations teams to enhance detection with lower latency.

But Lee said that the company is not of the view that “being invented here is always better”, adding that Ensign diligently and actively tests its in-house tools against commercially available solutions in an unbiased and impartial manner to ensure their effectiveness before deployment.

Ensign also took a different approach in running its security operations centre (SOC), which is traditionally staffed by different tiers of analysts, from triaging and incident response for tiers one and two, to threat hunting and SOC management for tiers three and four.

It did away with the tiered analyst model and focused on knowledge, skills and abilities. Cyber security analysts work closely with threat analysts to identify anomalies and are encouraged to suggest changes to detection rules to improve outcomes.

Depending on their competencies, cyber security analysts may also perform first-level threat hunting and research and suggest hunting scenarios to threat analysts, which can be translated into breach attack simulations or used to reinforce intelligence analysis for threat risk monitoring.

To stay current in this rapidly changing field, Ensign collaborates with international researchers and professionals at the MITRE Engenuity Center for Threat-Informed Defense to develop solutions and knowledge for the public good.

The company also contributes to standards bodies and knowledge creation by supporting the development of guidelines and frameworks, such as the NIST Cybersecurity Framework 2.0 and the Cyber Security Agency of Singapore’s cyber security labelling scheme.

Furthermore, in helping clients build confidence in responding to threat scenarios with the right competencies, Ensign has developed a crisis management framework that addresses the cyber-to-operational response and stakeholder engagement strategies.

Today, Ensign has 900 cyber security professionals operating from five regional offices and delivering projects across 13 countries. Since 2018, its revenue has more than tripled, and Lee expects it to quadruple by the end of this year.

“Establishing and growing Ensign in the past five years has taught my team and I many important and valuable lessons,” Lee said. “These lessons have reinforced our thinking that while we needed to be competitive in the business sense, we also needed to work with a wider ecosystem and industry partners in a constructive way, especially in the area of talent and capability development.

“Additionally, we need to build a sharp awareness of the cyber threat environment at the global, regional and sectoral levels. And we need to back this up with a disciplined and focused approach to capability building to sustain investments in R&D. Finally, we need to participate and contribute to the discussion and advocacy for global collective defence and the public good.”