Safety Detectives: Please share your company background, how you got started, and your mission.
Assuria: Assuria’s heritage goes back to a previous UK security start-up formed in 1990 (called March Information Systems) and which developed some innovative cyber security software solutions which were used by major organizations such as UK Government and Citibank. But, typically of the UK investment scene in the ’90s, it was difficult for technology companies to raise external growth investment in the UK, and March was acquired by a major US cyber security company in 1998.
The March founders started Assuria in 2005 (again as a self-funded private company) with the aim of re-acquiring the core technology from the previous buyer and building up a new cyber security software business. Luckily, some of the key members of the original team shared our vision and joined Assuria very early on! Today, Assuria is a respected cyber security software developer and our flagship solution set is an in-house developed multi-function cyber security monitoring, detection, and response (MDR) software solution that is licensed by governments, defense agencies, commercial companies, public sector organizations, and managed security services providers (MSSP’s) in the UK, Europe, Middle East, Africa, and Far East Asia.
However, while we still work with big enterprise customers, our main thrust now is towards making our technologies accessible to organizations in the mid-market, i.e. anything from mid-sized enterprises and public sector bodies, down to small organizations. We are making our technologies available at prices that these organizations can easily afford and can easily consume, whether by licensing the solutions for their own internal use (if they have the internal skills to do this), or by engaging third-party managed security services providers (MSSP) to take care of the security monitoring and responding on their behalf. While initially describing this new business approach at an industry event in 2016, a couple of journalists described what we were doing as ‘Democratising Cyber Security’ and this seemed to us to be an accurate description of what we’re trying to do, so we’ve adopted that phrase. We see it used elsewhere these days, but we believe that Assuria was the first company to be given that description by genuinely unrelated third parties, without prompt or payment!
SD: What is the main service your company offers?
Assuria: We have incorporated our respected Security Information and Event Management (SIEM), File Integrity Monitoring (FIM), and Vulnerability Assessment software solutions and secure communications framework into an innovative multi-tenant SOC Management platform, along with a stack of marketing and business materials, training and support services. We provide this whole package to partner companies that wish to be able to provide managed detection and response (MDR) services to their clients. They use the Assuria platform of technologies and business materials to add an MSSP stream to their existing business. Through this new MSSP operation, they provide these services to their existing clients, with which they’ll often have an existing trusted business relationship. These partners might include traditional (non-cyber) Managed Service Providers, cybersecurity software resellers, or security consulting companies. Others might prefer to establish entirely new MSSP businesses. We call this our SOC/MSSP Partner Programme and we currently have six MSSP Partners, five in the UK and one in Australia. The first fully public launch of the program only took place in March 2021, but we are seeing huge interest and we believe that it has truly global applicability.
SD: What is something unique that helps you stay ahead of your competition?
Assuria: There are other cybersecurity companies wishing to do what Assuria is doing, i.e. to build a global network of managed security services providers, but in almost every case they have to license technologies from multiple vendors, with the resulting high operational costs and an inability to deliver anything other than the services dictated by those major (usually large US public listed or VC owned) vendors. Usually, these MSSP’s are owned and operated by these companies for the benefit of their VC or other external owners. In the case of Assuria, we enable local companies in any region to establish their own MSSP businesses. They own these businesses, they own the customer relationships and with our shared risk model, we only really succeed when our partners succeed! There is also the opportunity for partners to build their own IP on top of the Assuria platform, therefore creating lasting value for themselves, enhancing the skills of their teams, and delivering services that exactly meet their client’s specific needs.
SD: What do you think are the worst cyberthreats today?
Assuria: I think there are two key points here. Firstly, Ransomware is clearly still a major threat, and of course attacks by foreign governments and criminal gangs are growing, but it has always been true and is still true that the insider threat (the negligent insider, either by accident or for nefarious reasons) is how so many attacks and data leaks are enabled. We have numerous preventative methods with which to try to address these challenges, including In-depth employee training, security monitoring, user behavior analysis, and system hardening. These are well understood and sophisticated methods of cyber defense, but I still don’t think that even large organizations always give these insider threat risks the focus that they deserve. Secondly, I think smaller and mid-sized organizations are now much more in the firing line of criminal gangs and state actors, and as they’re often part of the supply chain for Government and big enterprises, this is a huge risk. These tools and services which can provide effective cyber defense are all available at an affordable cost for almost any size organization (at least from the right providers they are) and can be consumed without much alteration to working practices, but I think we as an industry have not yet done enough to prove this to these mid-market organizations. Assuria is at the forefront of efforts to address these risks.