Deter, Detect, Delay: Thwarting the Digital Intruders

Feras Tappuni

Interview with SecurityHQ Chief Executive Officer Feras Tappuni

The growth of remote working and migration to the cloud is providing cyber-criminals with an ever-greater target to aim at. At the same time, old vulnerabilities such as email exploits are very much alive and kicking. Here, SecurityHQ CEO Feras Tappuni gives us a glimpse into the response offered by his company.

Thank you for gracing us with your time, Mr Tappuni! Can we begin with a few words on what initially drew you into cybersecurity?

I am an engineer by training, so I was always into networks and systems, and SCADA networks in the old days, especially with respect to industrial controls. It became evident to me that the risks were already there with regards to security, but following the 9/11 attack, security became the issue at the forefront of most people’s minds. Towards the end of the Afghanistan campaign, you could see that new security risks were occurring with respect to cybersecurity. But in contrast to physical attacks that would target certain individuals and countries at any one time, cyberattacks had – and have – the ability, range, and breadth to affect everyone at the same time. Which is why, as a cybersecurity professional and with my system network background, it was a natural fit to move towards cyber. That was 15 years ago, and we could not even envisage the scale that attacks have reached today. 

While the emerging digital world is a fact of life today, it must have looked quite different back in 2003, the year SecurityHQ was established. What were some of your clients’ earliest concerns that you remember?

There are many of the same issues that clients have today as they did back in 2003 – it is all about capacity and capability. Businesses did not, and still do not have, the capability to handle cyber-risks and cyberattacks. They also have a serious lack of staff, as well as access to staff, and that has never really changed, it has only ever been exacerbated. 

In the early days, there was a lot more confusion around cyber and understanding the impact but, as the market has matured, there is a lot more clarity on that. 

Could you expand on what you meant when you spoke about your team “engineering solutions to threats and vulnerabilities that were largely physical in nature”?

You must deter with your firewalls, and your IPSs. You must make it very hard for the assailant to try and find the vulnerabilities. You certainly must detect. And then you must delay, which is containment.

Originally, in any form of security, physical security used to outweigh electronic security with regards to issues such as counterterrorism, for instance. Here we are talking about walls, fences, chains, which are all still highly relevant within the security world. But where it crosses over into cyber is that the same principles are followed, these being the three “Ds”: Deter – Detect – Delay. And, oddly enough, as we transitioned, and as I transitioned as a professional, those principles are still relevant in the cyber-world. You must deter with your firewalls, and your IPSs. You must make it very hard for the assailant to try and find the vulnerabilities. You certainly must detect. And then you must delay, which is containment. 

Those principles have never changed, and they have not changed since the Middle Ages, when security systems such as moats, bridges and guards were put in place when building a medieval castle, for instance.

In 2008, you set up your first Security Operation Centre in Pune. What was the driving force behind your decision to set up a more permanent platform?

With respect to building our first SOC, we currently have six Security Operations Centres dotted around the world. Our first SOC was created to take control of our own destiny, so we formed our first global SOC in Pune, India. Pune has a huge reputation with universities, and here we could harvest the greatest minds coming out of those top universities. It was clear even back then, and still is today, that accessing talent is a crucial element to our industry, so we wanted to have our own SOC based there. But that was the first SOC; there are five others now around the world. Pune is still a major part of our business; we are very proud of it, and we welcome customers to visit it. There is no outsourcing, we do everything in-house, and we will be announcing something quite special next year on that. 

For 18 years and counting, your company has been safeguarding the digital walls of some of the most influential companies today. You now have offices located in Australia, London, and Dubai, to name but a few. What would you say has been the greatest milestone in the journey of SecurityHQ thus far?

I don’t think we have reached our greatest milestone yet. I am always so proud of the journey that the team have gone through and are continuously going through. Year in, year out, we have seen successful growth, with no venture capital. This company is run and managed by engineers and led by extraordinarily talented people. I am just watching and enjoying the ride. 

SecurityHQ places great emphasis on client-centred, personalised services. Can you enlarge on what this means in practice? Can you describe your customers’ involvement in the process of developing services for them?  


Our customers want to deal with real people; they don’t want to deal so much with machines. Of course, they want all the technology, the capability to alert and detect and all the processes that come with that but, ultimately, they want people at the end of the phone from the very top all the way down. 

Not only do they want people, but they want people available to them day and night. Our services must be completely accessible all the time, every minute of every day. That will never change, and that is a major differentiator. This company will never have fully automated responses/processes; there will always be real people on the other end of the phone to help our clients, and that is very important to us.

The world of digital technology post-COVID is fast-changing. How do you approach R&D? Do you wait to be approached by a potential customer, or do you proactively research promising technologies in order to seek customers later?

The world is constantly changing but, regardless of COVID, all businesses must be ready to pivot and move in the event of any disaster. You have to be able to adapt and change with the times, regardless of the causes. What we used to offer and how we used to offer it five years ago are not the same offering we have now. And what we offer today will not be the same in five years’ time. It’s a metamorphosis of the original platform, but R&D is a major part of our business. We have significant investments with regards to SecurityHQ Response App, and that is something that we will continue to invest in and put some serious money behind, to make it the best that it can be. 

Some people argue that data is just as valuable a currency as gold these days. In view of the risks inherent in the cyberspace environment, how do you assure clients that their sensitive information is in good hands?

It is true that data is incredibly valuable. Risk is what we deal with and what we mitigate. You must have the capability to detect, and there is no point detecting if you can’t respond.

Has the increasing vulnerability of the cloud altered your approach to threat intelligence in any way?

What has changed with the cloud is that it has broadened the attack surface in many ways. With cloud, you have highly distributed networks, so the more you spread, the more accessible you are, because you need to be accessible to your staff and clients, and your staff and clients need access to your applications. While necessary, this does increase your risk level. This means that you need more coverage and more detection and response capabilities. 

Email vulnerability, in particular, has been a topic of debate. Not every employee is granted the same airtight data protection in a corporate setting. Do you have a specific model in place that caters to companies who are still on the fence over returning to the office?

Email is still the easiest way to deploy a ransomware attack. It does not matter where it comes in or how it comes in; once it is deployed and once the payload is exploited, you are done. People talk about email vulnerabilities as if it is an old-hat attack technique, but it is the prime way that ransomware is deployed, and you cannot put enough controls in place to mitigate the risk. Ransomware really does pay.

Trusting someone with highly confidential data is something that is not to be undertaken lightly. It presupposes a partnership that goes beyond ordinary professional commitment. How have you managed to foster long-term relationships with clients that span years? 

Email is still the easiest way to deploy a ransomware attack. It does not matter where it comes in or how it comes in; once it is deployed and once the payload is exploited, you are done.

When you are dealing with the kind of services that we offer, it is very much built on trust. It is no different than if you were talking to your doctor. Confidentiality and trust are key. That code of professionalism is an element that all our staff absolutely adhere to. Of course, they are all security checked, of course they all have NDA contracts, but untimely the client’s data is the client’s data. It is not to be discussed, it does not belong to us, we are just custodians of it, and the professional trust must be there. If we were to compromise that, we would compromise the whole business. 

You’ve mentioned the events of 9/11 acting as a catalyst that ultimately led to your decision to launch the company. As the founder of SecurityHQ, how do you hope to shape the way the world thinks of cybersecurity in the future?

I was asked this weekend about dealing with a highly controversial client that a large majority of people would have objections to working with. But the truth of the matter is, regardless of the company, what it does or what it represents, ultimately, when an attacker attacks a network, they are committing a crime. I am more than happy to help people defend against crime. Be it governments, be it against private individuals, against mercenaries, regardless of who or where, cybersecurity is a right for everyone, and if someone is breaking the law, I am happy to help catch them. 

This article was originally published on 26 November 2021.

Executive Profile

Feras Tappuni

Feras Tappuni is the CEO and founder of SecurityHQ and is responsible for overseeing all the technical and financial aspects of the company. With over 25 years’ experience, he has dedicated his life to cyber security and is driven by the desire to offer his clients the highest degree of protection against today’s cyber threats. Feras has delivered complex security and engineering projects to prestigious clients globally. From harnessing the right technology, processes and people, he ensures that SecurityHQ delivers a truly enterprise grade experience.


Please enter your comment!
Please enter your name here