While Cybersecurity is still a new industry overall, Cybersecurity is no different from any other security program and can be divided into two major focus areas. The first area of cybersecurity is an external focus. This includes the analysis of vendor products being procured to ensure they are compliant with standard cybersecurity requirements. This area also focuses on establishing a network boundary to ensure external network access is limited, controlled and monitored. Similar to other physical and personnel security programs, customer need to establish a perimeter, limit and control physical access and complete background checks on employees prior to allowing unescorted access. The second major area of cybersecurity is an internal focus. This area of cybersecurity focuses on identifying and resolving threats or vulnerabilities from within due to gaps in capabilities, broken operational practices and procedures, and actual insider threat. A broken operational practice or procedure can be as simple as a system failing to be patched and therefore creating a cybersecurity vulnerability. An insider threat often alludes to a rogue employee or device, but is actually any threat that has made its way into the network regardless of who or what is behind it. Again, similar to any security program, customers need to deploy security cameras, perform audits and identify gaps in order to detect broken operational procedures and monitor for internal security threats or breaches. Every company must apply security in some fashion and even the smallest businesses leverage some form of a surveillance system. Cybersecurity is no different and while customers have spent countless hours and dollars most still lack basic network layer visibility. Turnkey Cyber Solutions partners with their customer to successfully implement, support, and sustain an operational cybersecurity program by delivering automated capabilities to achieve network layer visibility, asset intelligence, information sharing, compliance auditing, automated remediation, access control, and full enforcement capabilities.
Turnkey was founded on a simple, but complex idea of integrating enterprise management and security tools into a true turnkey integrated multi-tool enterprise solution that has the ability to address cybersecurity, improve network operations, and deliver business intelligence. Senem Phipps, the CEO of Turnkey says, “The technology exists today and almost every product available includes the advanced features necessary to enable third party tool integration and allow orchestrated information sharing, but customers struggle to take advantage of these capabilities. At Turnkey Cyber Solutions, we start by delivering technologies like ForeScout to provide full network layer visibility to establish a trusted source of truth for what is actually connected to a network. We then leverage best practice policies to properly identify and resolve gaps in security and management tools. Next, we begin a process of integrating the customer’s existing tools to maximize orchestration and information sharing. This proven approach allows us to remain non-disruptive to business operations and allows us to support our customers by studying the water to decide on how to properly leverage the consolidated actionable intelligence. Then, we begin the process of creating automated action policies to report, remediate and control network layer access, threats and vulnerabilities. Finally, we work with our customer and show them how they can leverage the final solution to gain business intelligence and maximize their return on investment.”
The Complete Solution
Turnkey provides operational cybersecurity which when done right improves everything from enterprise/network operations and management, business intelligence and end user experience. When Turnkey states their abilities to leverage operational cybersecurity to improve everything from enterprise operations and management, deliver business intelligence and improve end user experience, it should not be mistaken for a marketing pitch. As an example, network access control (NAC) started as an unrealized marketing pitch nearly 20 years ago. In 10 years, NAC went from a marketing term to 66 different products on the market. The entire NAC market nearly collapsed 5 years later to only make a comeback after another marketing term known as Bring Your Own Device (BYOD) spread across the industry. Today, NAC has become a standard requirement in many auditing activities. At the end of all of this, network access control is just a basic functionality and not a standalone capability. On the other side of the spectrum, marketing has also led to the wide spread use of 802.1X which has caused more large-scale interruptions to end users then any security breach could ever cause especially on the wired networks. Leveraging 802.1X equates to shutting down security cameras and trusting that every time a door is opened it is due to an authenticated entry request. So, the last thing Turnkey Cyber Solutions wants to do is create, defend or drive another useless marketing term.
If a customer could actually see everything on their network once and for all, what could they do with this visibility? Every customer has invested countless dollars across their enterprise for numerous tools. However, customers still struggle to answer basic yet critical question about their networks. How many endpoints are being managed by every tool? How many hours per month are the engineers and administrators spending to answer data calls? How many agent-based tools are being used and what is the state of every agent on each endpoint? If a single patch management agent is missing or corrupted on a single endpoint, customers may not realize it takes IT staff approximately 15 minutes to identify the endpoint and coordinate a visit with the end user, 15 minutes to resolve the issue which cost the end user 15 minutes of productivity. A total of 45 minutes is burned for every endpoint not properly patched. Multiple the numbers of systems manually patched each month and customers can quickly assess how this one-use case is costing them.
One major use case that Turnkey highly recommends for every customer focuses on asset intelligence. “Many customers have an ITAM/ITSM solution and typical the ITAM has evolved based on manual entries into the ITSM for helpdesk tickets. The amount of errors and out dated data in these databases is often useless to the operational community,” explains Senem. “We can leverage network layer visibility to sustain accurate data in an ITAM database along with hundreds of attributes about each endpoint. As changes occur such as lifecycle activities, the ITAM is sustained with actual data from the network layer visibility.” When an end user calls in a helpdesk ticket, the data is then retrieved from the ITAM to populate the ticket in the ITSM. The helpdesk technician can then leverage this data to better support the end user, resolve simple task, properly route tickets as required and overall reduce the end users wait on service. Once the ITAM & ITSM environment is properly functioning, this trusted data can then be leveraged to further improve ITOM and the overall end user experience across the enterprise. This same use case can be duplicated across the enterprise to support endpoint protection, vulnerability management, security information and event management, threat management and more. “Turnkey Cyber Solutions is changing the way customers look at, manage, and sustain their enterprise environments,” adds Senem.
The Team of Experts
Turnkey’s Lifecycle 360 solution is designed to deliver a team of experts to the customers to accomplish these advanced capabilities. When Turnkey establishes network layer visibility and begins auditing endpoints for compliance they already know the various issues that they will identify in a typical customer’s environment. “It is true that everyone’s network is different from the next, but the problems customers are dealing with are all the same,” says Senem. “However, those common problems may be greater in one area versus another and customers may not be aware of how great an issue is without the proper visibility.” Often a customer may want to acquire visibility to support asset management, but after acquiring the visibility suddenly realize they have a greater issue with vulnerability management. Customers need flexible solutions and partners with a wide scale of expertise ready to address any pressing issue discovered.
According to Senem, each network consists of managed and unmanaged endpoints (such as an IoT device). Customers have support staff, but their expertise may vary from one section to the other. Project managers may be skilled in their profession, but often lack the necessary experience to support a solution that touches every endpoint in an enterprise. CISOs and IT Security Managers also have varying levels of technical expertise and may also need additional support. Finally, many corporate and government agencies do not have the proper corporate and governance policies in place that actually map to a technical solution. Training and documentation requirements will also vary from one customer to another. To meet this challenge, Senem says, “this is why we created various premium support packages that can be scaled to meet the customers enterprise size and type of partner relationship that best fits their needs and allows us to deliver our Turnkey’s Lifecycle 360.”
Paying Back to Customers
Turnkey’s mission is to constantly match their customers’ requirements with leading advances in technology, best practices and exceptional services. Customers cannot sit around and wait for the next major attack and then spend numerous hours listening to countless vendors pitching their latest marketing message that promises to remediate the current threat. “Cybersecurity solutions must do more and provide more to their customers than a single product to resolve a single attack. This is where Turnkey Cyber Solutions is leading the way,” says Senem. “Cybersecurity must pay back to its customers with measurable returns on investment and if it does not, customer will dump and run and rightfully so. The only way to capture measurable ROI is by delivering best practices and exceptional services that clearly demonstrate the returns gained.” Cybersecurity solution are not cheap, nor should they be, but cybersecurity solutions that fail to clearly show actual return on investment can no longer be considered as customers can no longer afford to chase individual threats with individual tools.
Today, Turnkey supports customers within the US Government (to include global implementations from Germany to Korea), numerous State and Local Governments Agencies across US and Canada, and as well as numerous Commercial Industries in the US. “We have partnership in place with numerous distributors and resellers throughout the US and Canada with plans to expand into Latin America in the near future. We want to assist as many organizations worldwide as possible,” elucidates Senem. Senem then stated, “We listen to our customer needs, issues and use cases and our global presence allows us to a have a very wide view to support all of our customers. This also allows us to constantly grow and expand our offerings to maximize customer investments.” Turnkey is now increasing their service delivery catalog to include new products that will allow them to the deliver fully managed compliance services as well as complete ITAM/ITSM services.