Advens, a leader in the cybersecurity sector, is actively committed to protecting the digital infrastructure of public and private sector organizations, which are increasingly vulnerable to cyber-attacks due to their dependence on digital technology. With a strong presence in France and an international outlook, Advens is bringing its expertise to Italy, led by Alessandro Rossi, CEO of Advens Italy.
Alessandro Rossi, whom we will be interviewing today, brings extensive experience in cybersecurity architecture and a passion for digital security. He is spearheading Advens' entry into the Italian market. His goals extend beyond just corporate growth; he aims to raise awareness among public administrations and large enterprises about the importance of a secure and conscious digital transition.
With over twenty years of experience gained at Leonardo, where he led the "Business Area ICT Secure Infrastructure," Rossi managed the design, implementation, and oversight of crucial activities for infrastructure and environmental security, involving a team of approximately 600 professionals. At Advens Italy, he is committed to strengthening the security of Italian companies and promoting a widespread culture of cybersecurity. His drive for ambition, self-confidence, and innovation are key to guiding Advens Italy on a long-term journey.
Could you describe your cyber security strategy and how it has evolved over the years to address emerging threats?
Advens has been a "pure cyber security player" since its inception in 2000. We have focused exclusively on Cyber Security and will continue to do so. Our numbers in terms of resource growth (550+), clients (400+), complexity, and volume of managed environments (1M+ endpoints) demonstrate significant maturity developed in the field. Advens handles everything that constitutes the process of securing a company and its assets, providing high-level consulting services, security auditing, awareness, vulnerability monitoring, SOC, and CERT-CTI.
The growing demand from our clients has led Advens to invest increasingly significant economic and human resources to evolve our MySOC solution dedicated to the Security Operation Center.
The strategy adopted from the beginning has proven successful in terms of economic proposal to our clients and especially in performance: investing in constant research and development of algorithms, scripting, AI, security monitoring plans, and playbooks. We converge data on a "Data Lake" platform that is homogeneous, harmonized, and uniformly enriched (managed on-prem by the client or at our data centers) to build a proprietary data model and use it efficiently and effectively through our own SIEM/SOAR engine, with several advantages over sometimes costly, inflexible, and scarcely expandable commercial solutions.
Thanks to this vision, the MSSP management is effective, fast, and more economical for our clients. Advens, in a special ranking by MSSP Alert (https://www.msspalert.com), finished 2023 as the 8th European MSSP and the 33rd worldwide, a recognition that certainly represents a significant acknowledgment but also a starting point for us.
Thanks to the integrated use of UBA, ML, AI, the MySOC team (which counts over 200 qualified resources) also due to the constant enrichment of its CTI, allows Advens today to provide a rapid response to threats and to apply - in the case of new threats - all remediations in a "one-click" mode for the entire managed endpoint park (over 1,000,000 currently).
Could you share some examples of challenges you have faced and how you have overcome them?
Advens is not a company confined to any specific industry sector: each activity must be constantly protected from the growing number of threats.
Thanks to this 360-degree vision, the incidents we have successfully managed come from a diverse range of companies: on one hand, we manage the security of hospital infrastructures, on the other, we ensure that manufacturing companies can continue to focus on their business without encountering setbacks.
For instance, in recent months, the healthcare sector has suffered severe cyber attacks: while we cannot share all the details, the hundreds of hospitals and healthcare facilities we manage have not experienced any breaches.
A less critical but emblematic case occurred recently: we acquired a new client who chose us after their PC was encrypted due to the inadvertent use of a USB stick, and the malware managed to spread to a part of the shared file system.
In this case, entering post-incident, we cleaned the entire infrastructure and secured the client. Since then, the trust with the client has become solid, and the offered coffees are countless.
How is artificial intelligence integrated into your cyber security solutions? What benefits has it brought, and what challenges has it presented?
We have been using these technologies since 2016 to automate the detection and remediation processes as much as possible and dedicate resources and activities to tasks that require more careful human analysis.
Advens won the Silicon AI Awards in 2018 for the development of its AI platform for SOC use. This highlights the fact that the controlled use of AI is part of our DNA for research and technological evolution.
In a modern SOC, the use of traditional algorithms and workflows is often unsuitable and easily circumventable.
Our R&D group (60+ experts) dedicates itself daily to verifying and updating technologies based on needs. For this reason, the controlled use of AI allows us to filter and (re)classify millions of daily logs and events.
Considering the high number of endpoints managed, it is also essential to account for all logs from the most varied infrastructures and data sources:
Active Directory, Firewall, Cloud environments, Antispam Services, NDR, ZTNA, etc.
Thanks to the targeted and prudent use of this "artificial" technology, our analysts focus only on the real threats and/or suspicious activities occurring within a client's infrastructure, avoiding time loss and attention to false positives.
4. Intelligence Team:
How is your cybersecurity intelligence team structured, and what skills do you consider essential for its members?
The synergy of MySOC/MyCSIRT/MyCTI is at the heart of our Cyber Fusion Center. This cooperation brings together experts in a real cooperation and interaction environment, promoting and facilitating the exchange of know-how:
Sharing of attack techniques by our security auditors (Red Team) for the continuous evolution of monitoring plans and tool configuration;
Sharing of markers (IoC, TTPS) intercepted by ordinary detection activities (Blue Team), by attack scenario analysis and forecasting activities (CTI), and by incident response and crisis management (CSIRT);
Sharing of vulnerabilities identified by our Threat Intelligence activity (CTI) with the teams responsible for MOC/MSC and detection platforms (Green Team).
This collaboration, essential for effective service, is supported by real-time collaboration and sharing platforms used by all teams:
a Threat Intelligence platform (TIP Open CTI) to weigh and orchestrate intelligence, a MISP platform to share tags among teams, a common client portal for all activities.
The CTI team currently consists of 14 people, each bringing highly specialized Cyber know-how, with proven and significant experiences.
In the event of a crisis and in the presence of unfortunate but unavoidable spikes in incidents to manage, the organization plans the intervention of a sufficient number of voluntary firemen: a reserve of specialists who quickly add to the generals to remedy quickly and with minimal impact the effects of a successful attack.
"Vulnerability" is a recurring theme in your projects. How does your company incorporate this theme into social and environmental considerations and communication strategies?
The word "Vulnerability" is the key to our actions and everything we do in both the cybersecurity field and the social and environmental spheres.
Vulnerability as a trait d'union between security (only from a conscious knowledge of one's vulnerabilities can an effective protection journey be started) and activities aimed at people and the environment (identifying the vulnerabilities of people and the environment and drawing the impulse to act is a strength, not a weakness).
Advens has always been actively and concretely committed to social and environmental objectives, through the "Advens for People and Planet" Foundation to which we not only donate more than 50% of our financial value but also nourish through concrete goals and actions that are planned and tracked to measure their impact.
Being vulnerable is a starting point, both at a human level and in terms of Cyber Security posture (maturity), to be able to grow and improve.
Do you have policies for the inclusion of professional profiles from other sectors in the technology world? What opportunities and challenges have you encountered in this approach?
Advens, also through the Advens For People and Planet foundation, plans and implements actions to make Cyber Security accessible to all, particularly to categories that are most distanced from it:
LinkedOut, the platform to create a network and a bridge between companies/people for access to available work for those who initially do not have the commonly used qualifications or prerequisites for access.
Training and dissemination paths in schools even at the levels of teenagers and very young people
Gamification of cyber security for use by parents, the elderly, teenagers, not only digitally but with our very effective attack/defend card game that marries tradition and high tech
Collaboration programs with many universities and schools in France, Spain, Italy, and Germany
Inclusivity is part of our "Raison d'être" and is a pillar of our Global Performance Model, which combines operational, ethical, economic, social, and environmental performance into a unified whole.
How do the themes of sustainable development and cybersecurity intertwine in your current and future projects?
In this case, too, we respond concretely, inspired by our Global Performance Model and our "Reason for being."
Generating profit must become a real-time benefit for society and the environment.
Two Objectives:
1) Embrace vulnerability to enhance Cyber Security, People, and the Planet.
Vulnerability is our core business but also our cause: we protect against the risks of being vulnerable, fight those who seek to exploit vulnerability (of companies, institutions, individuals, and the planet) and value vulnerability as a potential to generate value both individually and collectively.
2) Protect people and organizations that contribute positively to our lives and our democracies. We help them take advantage of the benefits offered by confidence with technologies and the most modern tools.
To these two objectives, we associate 12 actions, which in our daily work but also in specific programs, support this growth and this greater well-being of people and the environment.
What are the main goals of your company for the future of cyber security, and how do you plan to achieve them?
Achieve the best protection system in Europe, continuing to evolve and enhance the tools, platforms, and organization that make it up.
Make this protection system accessible to the widest possible audience of users: at Advens, there has never been a case of series A or series B. Each reality with its own core business, its own values, its own size, its own collaborators, and their families should be able to access this availability of services and support.
All realities present in the market can be the target of attacks, so much so that it is usual to say "it is not a matter of if, but rather when I will be attacked":
Our goal, for the common good, is to protect all the realities that want to start with us a path of trust, growth, and Cyber maturity.
At a purely technological level, we continue to invest in the necessary developments to achieve our goals:
For example, the new "MySOC portal" (client-SOC communication portal, active 24/7) in which the client himself can, for each individual report, reconstruct an event that occurred by accessing the individual BIT of information.
Artificial Intelligence, Machine learning, specific solutions for cloud and hybrid environments, Orchestration, Automation, Detection engine, Skills: all ingredients that must be skillfully and painstakingly combined and kept up to date to contribute to achieving the necessary result.