In a recent SafetyDetectives interview, we had the pleasure of hearing from Chris Morales, the Chief Information Security Officer (CISO) at Netenrich. With over 25 years of experience in cybersecurity, Chris brings a wealth of knowledge and expertise to the table, ensuring that Netenrich remains a robust and resilient partner for its customers. During our discussion, Chris shared insights into his journey to Netenrich, the company’s innovative approaches to security operations, and how they are leveraging AI and machine learning to stay ahead of emerging threats. He also highlighted the unique features of their Adaptive MDR solution and the importance of autonomic security operations in today’s rapidly evolving threat landscape. This conversation offers a deep dive into the strategies and technologies that are shaping the future of cybersecurity.
Can you introduce yourself and your background in cybersecurity? What led you to join Netenrich?
I have been working in cybersecurity for 25 years, serving a wide range of technology and security companies. As CISO, my role is to ensure that Netenrich does not become a supply chain compromise that disrupts our customers’ digital operations. I also work to ensure our operations platform and services are robust and resilient enough to withstand any adversities that might disrupt and damage their business.
As a highly mature IT operations company, Netenrich impressed me with its ability to scale and automate operations and incident resolution processes — all at a cost-performance ratio that has amassed thousands of customers with incredibly high retention rates. While most SecOps teams are still trying to achieve these digital operations qualities, Netenrich naturally pivoted to ensure the protection and availability of our customers’ business-dependent digital operations.
I was offered a unique opportunity to assist in guiding this SecOps journey while also gaining invaluable insights from experienced colleagues. This experience has improved my understanding of what makes operations efficient and effective.
What does Netenrich do, and how does it stand out from competitors? Can you share the company’s vision and long-term goals?
Netenrich has long been a successful digital operations and analytics company, but now we’re redefining security operations with a proactive, “shift-left” approach. This means we focus on preempting threats before they can become disruptive.
Our Adaptive MDR, which uses our Resolution Intelligence Cloud technology, taps into the power of AI and big data to tailor our services to each customer’s unique needs. It also integrates with technologies like SIEM, SOAR, TIP, and UEBA to give security teams a comprehensive, advanced toolkit.
What makes us unique is our ability to adapt and make data the solution, not the problem. Being proactive requires both access to volumes of data and an ability to understand it in context to deliver tailored solutions that address every customer’s unique challenges.
Our goal is to enable true cyber resilience for our customers. Using AI and machine learning, as well as our continuous loop of data, detection, and response engineering, we help organizations turn traditional, reactive, alert-driven security operations centers (SOCs) into more efficient, autonomic operations. With our solutions, they can anticipate and automatically respond to threats and adapt to future challenges.
Can you tell us about the recently launched Adaptive MDR solution, its unique features, and the market challenges it addresses?
Our Adaptive MDR solution represents a paradigm shift in cybersecurity. It offers a dynamic, intelligent, and customizable approach to managed detection and response and integrates seamlessly with Google SecOps technologies to create a powerful synergy between our expertise and Google’s innovative security infrastructure.
At its core is a continuous, agile loop of data, detection, and response engineering that ensures security measures constantly evolve to meet new challenges. Again, we also leverage Google’s best-in-class SecOps technologies, including SIEM, SOAR, Mandiant, Duet AI, and UEBA, to offer a broad toolset.
What sets Adaptive MDR apart is its ability to adapt and customize protection for each customer’s unique environment. Using AI and machine learning, we automate routine tasks so security analysts can focus on security challenges that directly impact business operations.
Our solution addresses several critical challenges:
- Alert fatigue: We intelligently filter and prioritize alerts to help teams focus on genuine threats.
- Cybersecurity talent shortage: We augment human expertise with AI-driven insights and automation.
- Increasing threat complexity: Our proactive approach prioritizes early threat detection. We continuously monitor and analyze the threat landscape to understand potential attackers’ behaviors and tactics.
What are autonomic security operations (ASO), and why should security teams aim for them? How does Netenrich’s ASO benefit cybersecurity executives?
Autonomic security operations (ASO) transform traditional, reactive security into proactive, self-managing systems. By leveraging advanced artificial intelligence and machine learning, ASO simplifies the management of vast, complex security data in modern IT environments. It’s designed to adapt, learn, and automatically respond to threats with minimal human intervention. This way, security professionals can focus on strategic planning and address more complex issues that require human insight.
For cybersecurity executives, ASO promises more comprehensive and consistent protection. Because it’s about learning and adapting, it continuously improves threat detection and response capabilities, becoming more effective over time.
ASO also offers considerable financial benefits. By automating routine tasks, organizations can optimize their workforce and potentially reduce the need for large security analyst teams to manage day-to-day operations. This efficiency not only cuts operational costs but also helps teams focus on more strategic initiatives that drive business value.
Moreover, ASO’s advanced analytics and data-driven insights offer a clear, real-time view of the organization’s security status so executives can make informed decisions quickly and confidently.
Perhaps the most significant advantage, however, is resilience. ASO’s proactive, adaptive nature means it’s constantly working to detect and respond to new types of attacks as they emerge. This level of preparedness provides executives with a robust foundation for building their security strategy.
What trends are you seeing in SOC teams today? What challenges do they face, and what are some best practices for SOC and cybersecurity teams?
Cyber threats continue to grow in volume and sophistication, with attackers using more advanced techniques, including AI-powered attacks, to put more pressure on SOC teams.
Another significant trend is the shift towards cloud-based and hybrid infrastructures. This change has expanded the attack surface and introduced new vulnerabilities. SOC teams must now adapt their strategies and tools to protect these diverse environments.
While SOC teams face several critical challenges, the most significant may be alert fatigue and skill shortages. The overwhelming number of security alerts, compounded by a high rate of false positives and global talent deficit, can lead to analyst burnout, gaps in coverage, and an increased risk of overlooking critical threats.
To address these challenges, we recommend several best practices:
- Embrace data-driven security operations: Leverage advanced analytics and machine learning to gain deeper insights into your security posture and make more informed decisions.
- Implement a continuous feedback loop: Regularly evaluate and refine security processes based on real-world outcomes and emerging threats.
- Focus on proactive threat detection: Instead of merely reacting to alerts, actively seek out potential threats before they manifest as full-blown attacks.
- Adopt customizable solutions: Off-the-shelf solutions often fail to address specific security requirements. Flexibility is critical.
- Integrate various security technologies: Combining SIEM, SOAR, TIP, and UEBA into a cohesive ecosystem can provide more comprehensive protection and allow for better correlation of security events.
By embracing these best practices, SOC teams can enhance their effectiveness and resilience to evolving cyber threats.
Can you describe Netenrich’s partnership with Google SecOps and its benefits for cybersecurity executives?
This partnership combines Netenrich’s deep expertise and innovative SecOps approach with Google’s cutting-edge technologies, including SIEM, SOAR, Mandiant, Duet AI, and UEBA. Our Adaptive MDR leverages Google’s sub-second search speed to help security teams sift through vast amounts of data in near real-time and significantly accelerate threat detection and response.
This partnership provides executives:
- Improved efficiency: Integrating various security tools into a unified platform streamlines operations and reduces the complexity of managing multiple disparate systems.
- Enhanced data analytics: By combining Google’s powerful data processing abilities with the required context and threat intelligence, security professionals can access more meaningful and actionable insights.
- Scalability and flexibility: The solution can adapt to organizations’ evolving needs to enhance a future-proof security strategy.
- Cost-effectiveness: By leveraging cloud-based technologies and automation, we can offer a more cost-effective solution than traditional on-premises security operations.
How does innovation play a role at Netenrich? Can you discuss upcoming technologies or solutions and share how Netenrich has helped clients overcome cybersecurity challenges?
Innovation is at the core of everything we do at Netenrich. We’ve positioned ourselves as pioneers, constantly pushing the boundaries of what’s possible in security operations. This commitment to innovation is evident in our development of AI and machine learning-powered security solutions, which form the backbone of our offerings.
Our innovative spirit shines in creating adaptive and customizable MDR services. Unlike traditional, one-size-fits-all security models, our approach adapts to each client’s specific needs. It’s that level of customization that sets us apart in the industry.
We also demonstrate innovation through our advanced data analytics capabilities. By leveraging cutting-edge technologies, we dig deeper to provide actionable insights from security data. This goes beyond simple alert management to providing customers with a more comprehensive understanding of their security posture.
We’re continually enhancing our AI and machine learning algorithms to improve threat prediction and anomaly detection while also advancing our automation capabilities to move towards more autonomic response for certain types of threats.
A few customer successes:
- Our Adaptive MDR solution significantly reduced alert fatigue for a large financial institution by intelligently filtering and prioritizing security alerts. Its security team can now focus on the most critical threats, improving overall security efficacy.
- We used our AI and automation technologies to help a healthcare provider improve its threat detection and response times. This was crucial in an industry where every second counts in protecting sensitive patient data.
- We assisted a rapidly growing tech company in enhancing its overall security posture as it transitioned to a cloud-based infrastructure. Our adaptive solution evolved with its changing needs, providing consistent protection throughout its digital transformation journey.
- We transformed security operations for a leading media company by finely tuning its environment and integrating Google UDM with our Adaptive MDR. This integration automated 60% of detections, allowing the SOC team to focus on critical events and enhance response efficiency.
By helping our customers move from reactive, labor-intensive SOC models to more proactive, automated, and efficient security practices, we’re seeing them overcome their current challenges while positioning them to handle future threats.