Aviva Zacks of Safety Detectives recently sat down for an interview with Jens Bothe, Director Global Consulting at OTRS. She asked him about his company’s STORM software.
Safety Detectives: Tell me how you got started in the cybersecurity industry and what you love about it.
Jens Bothe: I joined OTRS Group in 2006, but I have been using OTRS since the very first beta version at the end of 2002. My background is in security; in my former companies, I did PKIs, encryption, and internal security. Since I joined the company, the security topic has been on my desk, and I work with all the teams.
SD: What is the history of OTRS?
JB: The company was founded by the original developers of OTRS at the beginning of the 2000s. The first code was started in 1999, and the first version was published in 2003. In the autumn of 2003, the company was founded to support the development and customers who needed support and consulting work.
Right at the beginning of this, the German government’s cyberdefense team, the BSI, was looking for a tool to do their security incident management, so they did a public tender. The German government wanted to have an incident management system, which was based on OTRS, and that’s how we started to build these modules into OTRS and to enhance OTRS with a lot of functionality, like statistics and role concept, which was based on this public tender.
In 2005, we released OTRS 2.0 and a module set called SIRIOS. Those were our first steps into cyberdefense, offering additional modules to help teams with incident management.
In the following years, most of the German certs—governmental and private—from companies and universities used SIRIOS and OTRS to deal with their incidents and their communication.
In 2010, we had a meeting with security teams using OTRS and SIRIOS to find out what they use and what they need. And at this time, we found out nobody was really using SIRIOS. They were just using OTRS’ basic functionality, so we dismissed SIRIOS and decided to put everything into the core of OTRS.
This worked quite well for the next five, six years, and then we saw an increasing demand from cyberdefense teams. We decided to add functionality and finally came up with a new solution called STORM, which technically still is plugged in into our core OTRS, focusing on the demands of cybersecurity, but also of classic security teams. This product is quite agile in its development. We add new features every year.
Another thing we tried with STORM is to change the communication method we have with our customers. At the beginning, it was just a ticket system, but with STORM, we try to focus more on integration with other tools and process automation. We have STORM powered by OTRS as a glueware between different tools and try to position the software as a SOARC tool with an additional C at the end because we can do communication, including encrypted and signed emails. That’s something most of the SOAR tools cannot do out of the box.
SD: How does your company stay ahead in a world filled with all different types of cybersecurity companies?
JB: We are in regular contact with our customers asking for what they need. Also, sometimes we just get requests from them, and then we will always check if it matches the generic approach and what we can do here.
We also visit the security conferences, at least the FIRST conference. We also acted as a sponsor of the last conference this year and we plan on sponsoring the FIRST conference next year in Dublin.
We try to be active in the community. For example, I’m participating in the ENISA working group for taxonomy, working on categories for incidents that can be used to gather statistics to compare incidents between different cyberdefense teams. We are one of the first that introduced the ENISA taxonomy into the tool as a default setup, which helped some of our new customers.
We are a CNA, which is a CVE Numbering Authority. We can assign CVE numbers for OTRS and forks of the software which use the same code base. This is a way to be in contact with roughly 120 other CNAs in the world that do software development.
SD: What do you feel is the worst cyberthreat today?
JB: I think the main cyberthreat is actually the exploitability of standard tools, which are widely spread all over the world—for example, the latest vulnerabilities in the Exchange servers—because the effect is very high if people do not patch systems fast enough.
SD: How do you see cybersecurity developing now that we’re living through this pandemic?
JB: It was challenging in the beginning, especially for companies that lived in an old-style IT world using VPNs and high-level access security to access or operate internal tools.
For companies like us, it was not a huge challenge, because we already have 90% work-from-home employees. All of our tools are in the cloud, operated by our own private clouds or by a cloud service provider.
The challenge was to get things done fast, especially in governmental organizations, which were typically not set up to work from home and did not have the needed equipment. I think all the newer companies had no big issue because they were ready for remote working, but the old-style companies and governments had to ramp up security very quickly because they were not built to support this kind of environment.