Matthias Roehr Advens Managed Detection & Response

Matthias Roehr from aDvens: Managed Detection & Response

Dear Matthias, how would you describe aDvens in 3 quick-witted words?

Boldness, Collective, Impact – Our values are not only very important for us as an organization, they also perfectly reflect our understanding of how a client relationship should be. We are helping clients being bold in dealing with their Cybersecurity challenges, we are working as one collective with our clients which means together with our clients and with a client-centric perspective, and we are creating a positive impact on our clients’ security posture. These are the fundamental cornerstones of a solid, trustful, and sustainable long-term partnership.

Please introduce yourself briefly and tell us something about your background.

After graduation from school, I did an apprenticeship at the Siemens Technic Academy. This was the starting point of my IT career. After finishing the apprenticeship, I started to work in UNIX system integration for a year. After this, I started studying Electrical Engineering and Information Technology and this got me into Information Security and Cybersecurity. After graduation, I started in the area of network security operations, moved on to Cybersecurity consulting, and later into technical presales, portfolio management, sales and business development.

What do you particularly enjoy about your job, what are you particularly proud of?

Nowadays, information technology is what keeps the world turning. That is great, but it also makes our world and our lives vulnerable. So, I’m proud to contribute to keeping the world turning while working on a more secure digital world.

But working at aDvens gives me and every colleague the opportunity to go beyond. Not only to keep the world turning when it comes to Cybersecurity maturity and digitization, on top it allows us to contribute to changing the future world for the better – socially, ecologically, economically. At aDvens we all share a common vision, “Secure the digital world and use our performance to generate social impact”.

What distinguishes aDvens?

Aiming for positive social impact and being a force for good is a key element of aDvens DNA as a company. And to achieve this, another important element is required: sovereignty. Of course, we are working with strong technology partners, so it would not be correct to call us fully independent or unbiased. But for us, it is key to keep and maintain our sovereignty and this is also very beneficial for our clients and the trustful, sustainable, and long-term relationship with them, we are aiming for.

How does aDvens help companies?

aDvens is a Cybersecurity boutique with a well selected portfolio of services which tackles most of the common Cybersecurity challenges:

  • With our services unit which spans Consulting, Architecture & Integration and Audit we are able to advise, augment and support our clients throughout the whole NIST Cybersecurity Framework.
  • With our Managed Detection & Response Services unit we deliver continuous services to identify threats, detect security incidents and respond to them to prevent our clients from having a negative impact on their business processes.
  • We provide three competence centers to address specific challenges with tailored transversal service offerings:
    • OT/IoT Security
    • CISO Office
    • Compliance
What are you and your team particularly concerned with now?

aDvens is a very well-known European Cybersecurity company founded in Lille, France, more than 20 years ago. We recently entered the Spanish and Italian markets, and we are just starting to expand to Germany, Austria and Switzerland. Of course, we can deliver a solid portfolio of services, because we are one company with a global European DNA, service delivery and vision (“Security for a greater good”). Now we are in the process of establishing our brand in the German-speaking market and introducing our services, our approach and our strong vision to potential clients. We want them to understand what differentiates us and why aDvens can play a crucial part in their Cybersecurity strategy. CyberCompare and its Provider Directory give us the chance to directly reach potential clients. But that’s only the regional perspective. From a global perspective, the world has become turbulent in recent years: the COVID pandemic, the war in Ukraine, the conflict in the Middle East, climate change. Every crisis has an impact on society, the economy, and cyberspace. And this affects both our business and our mission. For example, the above-mentioned conflicts directly affect the threat landscape—in the physical world, especially for mass big events like the Olympic Games 2024 in Paris/France, but at the same time also in cyberspace, because both worlds are inseparably linked. And we have a role to play in this game, especially as a European Cybersecurity service provider.

In your opinion, which security tool categories are over- or undervalued? For example, would you invest in an NDR or an EDR system first?

Standard consultancy reply: It depends. Seriously, there is no silver bullet in Cybersecurity, even if some technology vendors try to say the opposite. It really depends on the specific situation.

But of course, there are some general recommendations which security measures have a good return on investment

  • Know yourself (asset inventory) and especially your business (inventory of business processes) and how it relies on your IT infrastructure.
  • Secure your endpoints and identities (e.g., with XDR, MFA).
  • Invest in good cyber hygiene and focus on the important vulnerabilities.
  • Assume that preventive security measures will fail, so be prepared to detect security incidents quickly and respond to them effectively.
  • Plan for disaster recovery and test your plans and contained procedures regularly.

What is important for a Managed Detection & Response Service, what is aDvens doing differently?

The provider landscape is Germany, and the whole DACH region consists of many service providers, and their offerings might look very similar at first sight. For clients, it’s sometimes hard to find the right partner who fits their needs. From my perspective, the following aspects differentiate aDvens from the market:

Our MDR services are grounded on five cornerstones: Fusion Center, Platform, Data Centricity, Portal and Trajectory. Let me go a bit into detail about what it means.

Many providers call their SOC “Fusion Center” and they apply the term to data. We apply it to skills. Our delivery organization is a collective of different teams that are specialized in different aspects of service delivery.

  • Green Team = Our Sec Ops experts who make sure we get the most out of technology.
  • Blue Team: Our detection experts who analyze the alerts and bring in the human factor.
  • Purple Team = Our detection engineering experts who make sure our detections keep up with the threat landscape and the quality of the detections is on a high level.
  • CERT/CSIRT = Our experts for Cyber Threat Intelligence (CTI) and Incident Response.

Platform, the second cornerstone, means that we have built our MDR service offering on top of a self-developed and maintained platform that ensures sovereignty and flexibility. Of course, the platform is made of several components that are not developed entirely from scratch, but they are well-selected, and each of them is replaceable without the need to rebuild the whole platform. The flexibility of the platform ensures that we can address all three parts of the well-known SOC visibility triad containing endpoints, logs and network traffic with various detection solutions, and we are free to extend the capabilities without being dependent on a third-party SOC platform vendor.

Our Data-centric approach ensures that we can fuse different types of information, e.g., logs, alerts, metadata, IoC, IoA, and applying detections to them at scale while being flexible and agile in extending the platform on the one hand and very cost-efficient on the other hand.

Our client portal ensures that clients have a clear understanding of the value we are providing with the delivery of our MDR services. We want to avoid a black box impression, and the portal gives us the opportunity to collaborate with clients in a very open and transparent way.

Trajectory, the last cornerstone, means we are well aware of the fact that outsourcing incident detection and response capabilities is not a one-time effort; it’s a journey on which we embark together with our clients. With our modular service portfolio, we offer the flexibility to start with a specific scope and evolve together with our clients to continuously improve security posture and detection coverage.

What do you think are false statements in the area of security, what do you perhaps see slightly differently to prevailing opinions?

Well, maybe it’s a very personal observation for the German market. When it comes to Security Incident Detection and Response, many organizations still think they are very special, with very individual needs and demands. That might be applicable for preventive security measures, but for detection and response, most organizations share a common risks and threat landscape. Don’t waste time looking for a 100% solution. Choose technology and service providers that can explain why and how they do what they do, because it’s the foundation of trust. Then start together and evolve. It’s always a journey.

What’s next – what’s on your technical roadmap, what are your plans?

There is not that one big thing on our roadmap. This year, we are better than last year, but not as good as next year. We are continuously improving our services, but also the coverage of our service portfolio to keep it relevant for our existing clients and to make it accessible for new clients. For example, we will launch a Managed Detection & Response service program for the SMB market very soon. Furthermore, we will continue to expand coverage of our MDR offering for OT and IoT environments. Our overall offering will be tailored to match common CISO challenges. We want to ease CISO’s life and help to transform their role into a real business enabler position.

If you could send an email to all CISOs to address a security issue, what would you choose?

The secret of a peaceful CISO mind is to make sure you have a good understanding of ALL your information assets and have covered related endpoints and identities with well-balanced security controls spanning identification, prevention, detection, response, and recovery.