CyberCompare spoke to Manuel Noe about critical infrastructures.
Dear Manuel, how would you describe IS4IT KRITIS GmbH in 3 quick-witted words?
Ready to strike in cyber security
Hacker’s nightmare
Please introduce yourself and tell us something about your background.
First and foremost, I am a committed family man and dog lover, who enjoys sport as a wrestler and is committed to his club. Professionally, I can draw on years of experience as a technical editor and manager in the administration & IT sector. During this time, the topic of IT security has become my hobbyhorse and I have worked intensively on the various aspects of cybersecurity within IS4IT. This then led to the founding of IS4IT Kritis in 2018, with which we are consistently focussing on the security aspect while at the same time relying on the advantages of an IT full-service provider.
What characterises IS4IT Kritis?
It is certainly our flexibility, or rather the flexibility of our employees, which ensures that we can respond to requirements quickly and purposefully. If the worst comes to the worst, we are there when the going gets tough, which leads to satisfied customers. Technically, we have in-depth experience with critical infrastructures in a wide range of sectors, especially in the technologically demanding industrial environment. This expertise is recognised by leading manufacturers with whom we now have strong partnerships.
How does IS4IT help Kritis companies?
We support our customers in all security matters – exactly to the extent that they need it. There is no such thing as off-the-shelf security. You have to compare threat risks and potential threats with the technological and economic possibilities of the company, take into account the legal requirements and derive a holistic solution approach from this. A supplier to the energy industry
with 51 employees, which now has to fulfil higher security requirements due to NIS-2, certainly needs different protective measures than a nuclear power plant. Security is therefore a very individualised field of work.
What do you perhaps see slightly differently from prevailing opinions in the field of cyber security?
The market sometimes gives the impression that security problems can be solved with standard solutions. I think that’s wrong. Because hackers know their way around standard solutions. As I have already said, introducing new security software is unfortunately not a solution for efficient cybersecurity – even if many would like it to be.
Which security tool categories do you think are over- or undervalued? For example, would you invest in an NDR or EDR system first?
For me, a SIEM is the tool of choice – although EDR and NDR also play a significant role, of course. But only the SIEM allows a holistic overview of the behaviour of all systems or in all systems, so that you can detect the critical attacks that are not even recognisable without a view of the whole.
What’s next? What is technically on your roadmap? What have you planned?
The focus is clearly on attack detection and incident response. In addition, we do not chase after the latest buzzwords, but help to implement the basics of infrastructure security. Other exciting topics include securing AD/IAM, encryption-proof back-up architectures, network segmentation and client security.
If you could send an email to all CISOs to address a security issue, what would you choose?
To avoid safety problems, all safety risks must be addressed. Technology makes a significant contribution to minimising risks, but it is not possible without the harmony of people and technology. A security operations centre is very important. However, if employees lack awareness, there will continue to be major security gaps and therefore risks. This must be counteracted with appropriate awareness training. Unfortunately, many CISOs often overlook this.
