The UK's third largest energy supplier has adopted a cloud first approach, implementing a culture of technical autonomy, where teams at OVO select the cloud platforms and services best suited for their specific needs.
OVO's security team needs an automated way to understand their cybersecurity landscape across a diverse range of cloud platforms, including SaaS applications and on-premises systems.
The team was keen to adopt a data model that supported different business units and product teams, allowing them to maintain their current agility, but ensuring that central visibility of security control coverage and configuration was available to secure the organisation, and meet their regulatory requirements as part of the UK's critical national infrastructure.
Initial use cases for Noetic within OVO Energy include:
- Identifying and remediating security coverage gaps across common cloud and endpoint use cases
- Providing critical insights into patching and vulnerability management by mapping business criticality, asset exposure and exploitability to the existing vulnerability process
- Supporting the security operations team in incident investigation with more detailed information and context on affected assets
- Working with GRC to ensure that all parts of the OVO business are building and managing controls based on a shared understanding of security data
The Noetic platform works across OVO's different cloud and on-premises systems, integrating with existing security and IT management tools to ingest security data, building a multi-dimensional map of all assets in the organisation and the cyber relationships between them.
This asset intelligence, visualised through an innovative graph database, enables the OVO team to identify security coverage gaps, cloud service misconfigurations and violations of security controls, all prioritized based on business criticality and potential impact.
The Noetic platform uses standardised APIs to integrate with OVO's existing tooling for EDR, vulnerability management, device control, application security, network monitoring, cloud management and more to continuously discover, inventory and manage all assets in OVO's environment.
Gartner describes this new approach to understanding cyber relationship between assets as 'cyber asset attack surface management' (CAASM), stating its value to security teams is 'to improve basic security hygiene by ensuring security controls, security posture and asset exposure are understood and remediated across the environment'.
Paul Ayers, CEO and co-founder at Noetic Cyber, said it will work together to secure unknown and unprotected assets.
Exclusive Networks addresses cyber recruitment shortages
Exclusive Networks has joined forces with security leaders in calling on the industry to take global action in a bid to end the recruitment crisis in cybersecurity, which is currently faced with an estimated shortfall of 2.7mn professionals.
The Paris-headquartered global cybersecurity specialist is one of the founding partners supporting an initiative launched today by investment and advisory firm NightDragon and Next Gen Cyber Talent, a non-profit cyber education provider, to raise $1mn to fund cybersecurity courses for students in the US from diverse and disadvantaged backgrounds.
Exclusive will be lending its experience and expertise to the campaign having recently established a partnership with California Polytechnic State University, opening an office on campus and currently sponsoring 12 students, nine of which are already progressing through their security certification training assignments, delivered by Exclusive and its partners. All are expected to go on to full-time roles in the industry after completing their education.
Jesper Trolle, CEO of Exclusive Networks, said: "It's time for the industry to put its money where its mouth is if we want to plug the cyber skills gap any time soon. We also need to look for answers beyond the traditional talent pool and attract more diverse, underserved and under-represented candidates."