Exclusive Interview by Diyanah Ali
Recently entering partnership with SecHard, E-SPIN is spreading its wings and ready to provide customers with better services. Thus, we are more than proud to bring you our exclusive interview with Serkan Akcan-CEO of SecHard.
1. Briefly introduce SecHard. What is the background history of the formation of the company?
The company’s name comes from Security Hardening. SecHard is the first and only product in the world to perform security hardening audits and automatic remediation. In 2019, SecHard was established by cyber security veterans with academic backgrounds to provide security hardening solutions. In 2020, the first information security company in Turkey, Nebula, acquired SecHard and created a new vision about Zero Trust. I am the co-founder of Nebula, and we established Nebula in 2005. I have been working in the information security industry since 2000. We have deep knowledge and experience in information security and therefore, we transferred this experience to our product, SecHard.
2. What has been the journey like for SecHard since its formation?
The big change started after the company was acquired by Nebula. SecHard was a very good security hardening solution before. Security hardening is the cheapest and most effective method for reducing the attack surface. Many standards and regulations, including PCI-DSS, require security hardening. However, we knew from our information security experience that there are problems in this industry that are very difficult or nearly impossible to solve. We worked for over a year to change SecHard’s corporate motto to “Complete Zero Trust” to fix all these issues. Based on the NIST’s Zero Trust Architecture Special Publication, we are able to centrally audit and process the 5 different IT controls recommended in this document. These are People, Workload, Network Devices, User Devices, and Data. Because of the successful progress that we have made, at the end of 2021, we officially changed our company slogan to “Complete Zero Trust.” The memorandum (M-22-09) published in the USA on January 26, 2022, and forced all American agencies to apply Zero Trust. Our path has been proven to be correct and the global popularity of our company has increased very rapidly.
3. What drives the innovation of SecHard – Zero Trust Orchestrator?
Information security is a very complex issue. We want to solve this complexity. How can very complex and multivariate issues be resolved? The answer is automation. There are some routine processes in the field of information security. We have a long list of assets such as identifying assets, performing risk analysis, making configurations compatible with the security baseline, measuring your risks in asset groups, and tracking changes in the system. These tasks are often performed by several different departments, and they cannot be operated correctly in almost any company due to the communication problems between departments and the shortage of information security specialists in the world. With SecHard, we can manage these processes fully automatically, eliminating human dependency and the risk of human mistakes. We can define SecHard as a Robotic Process Automation (RPA) tool working in the field of information security.
4. Explain the advantages of SecHard-Zero Trust Orchestrator. What makes it different from the competitors?
SecHard is an integrated automation software that can offer many security features from one console. I think the biggest difference is the automated remediation capability. As you know, information security teams always come up with some reports such as incorrect configurations or vulnerabilities. They request for the operation teams to solve these problems. However, making these remediation is not a simple task and process. SecHard not only reports security problems automatically, but also solves them in a few seconds without the need for expert personnel. So, we do not just diagnose and tell you what the disease is, we treat it in seconds. I recommend anyone who has information security in their job description to listen to what SecHard can do for once. I guarantee you, you will be impressed.
5. Why is SecHard-Zero Trust Orchestrator important? Describe how can SecHard-Zero Trust Orchestrator helps organisations.
Zero Trust is the most fundamental architectural principle of information security. Do not trust anyone or anything! NIST Zero Trust Architecture (SP 800-207) and The Executive Office of the President Memorandum (M-22-09) provide guidance on how to implement Zero Trust. We have to implement the Zero Trust Architecture due to both the regulations and the information security facts. However, this is not an easy task. Before SecHard, we had to purchase and manage more than ten information security products. Although we are making huge investments, we are overwhelmed by the difficulty of managing non-integrated systems. SecHard helps us operate this process in an integrated, automated and low-budget manner.
6. How do you see SecHard in the future? Tell us your visions in bringing SecHard forward.
Our vision is automation and simplicity. We have no choice but to simplify information security processes and eliminate the need for highly experienced information security engineers, which are hard to find in the world to begin with. For this reason, we have developed our product as a multi-module with a holistic approach. In the future, our automation diversity and number of modules will increase. We have already made information security easy; our vision is to make it even easier.
E-SPIN is active in consulting, supplying, training and maintaining SecHard products for the enterprise, government and military customers (or distribute and resell as part of the complete package) on the region E-SPIN do businesses.
Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.