In this installment of Pro T.I.P.S., we interview Marijan Pongrac, Member of the Management Board, to share his cyber security insights that keep SPAN Inc, and its clients secure and protected.

Marijan Pongrac
Member of the Management Board, SPAN Inc

Pongrac joined Span in 2001 in the role of the System Engineer and soon after, became the head of the IT architecture department participating in design and implementation of Microsoft solutions with Span’s largest customers in Europe, Asia, Africa, Australia, and North America. Projects included migration of tens of thousands of users to Microsoft Online, migration and consolidation of server infrastructure, and design of global identity and access management solutions. Pongrac currently serves as the Member of the Board and Director of Solution Consulting Services.

DT: How did your interest in cyber security develop?

MP: Cyber Security was always an interest and a part of the job, even while working for a national television network. At that time, Viruses and Malware were in their infancy and being utilized to attack enterprise companies. As centralized solutions began to appear and my knowledge of working with larger companies developed, I saw a variety of holes and solutions that could be easily avoided and implemented with more strategic approaches. It’s this insight and interest that led our phenomenal development team to work on internal tools at SPAN. It’s a great feeling when you can protect your customer and provide them a level of security and compliance they need.

DT: Why would you say you’re an innovator in your field?

MP : Cyber security is a massive industry and there are many companies doing a great job. Span’s specialty is predominantly in two main areas; Cyber Security Consulting and Implementation and New Product Development. When our architects and engineers recognize areas where current products and tools are not suitable for complex environments, our development team steps in and builds a custom solution. It’s this internal process that led to one of our flagship products, DNS Collect and Analyze.  The Span DNS Collect and Analyze is a solution for detecting malware in an organization, based on DNS query analysis. The system also recognizes the domain that has never been used for malicious purposes, but was registered by the known threat actor, or was hosted on the DNS server authoritative for multiple known malicious domains.

DT: How do you ensure that cyber intrusions are less likely to occur within SPAN Inc?

MP: There is no way to be a hundred percent sure your environment is secure, so you have to make sure to implement good security operations and processes. You have to track any changes in your network, OS and software level and constantly monitor if all systems are acting accordingly. It is important to implement modern systems like antivirus/antimalware protection, advanced threat protection and behavioral monitoring and analytics. On top of proper implementation of leading products, it is always good to have some tools and products built by your security consulting company that knows exactly your specific environment. It’s important to tailor products specifically to your company because sometimes a leading tool/product might have oversight in that area.

DT: What investments are you making/planning to make to insure your company’s security? Any hardware upgrades?

MP: Every company has to deal with their legacy systems. These legacy systems are usually the biggest threats for the security of their systems. When you have a legacy application that can only run on outdated operating systems, it forces a company to utilize legacy servers that do not have the same updated security settings as others. In worst case scenarios, these old servers require unsecure authentication protocols to be still enabled, your entire network could be in jeopardy. Upgrading to new versions of applications will give you an option to upgrade to newer, more secure, versions of operation systems, disable unsecure protocols and features. When installed on new hardware you receive benefits of new security features already integrated in hardware like Intel’s Identity Protection Technology.

DT: What programs or platforms are most important for SPAN Inc to install on their employee’s computers to help provide safety security measures?

MP: All our computers need to have End Point Protection software installed. They additionally need to have SCCM agents. This enables us to preform compliance and settings management, just like we do with client health monitoring and software update management. Potential suspicious traffic from desktop computers and mobile devices on corporate network are identified through Span DNS Collect and Analyze agentless service.

DT: Why should cyber security be on top of every company’s mind in this day and age?

MP: Cyber-attacks are more advanced and occur more often than ever before. According to a Symantec Internet Security Threat Report from April this year, there were 11 new zero-day vulnerabilities discovered every single day in 2016. With an increased number of devices going to the market prematurely and without enough security enhancement put into products, I am quite sure this year’s situation will be worse. That should scare us all. This year many companies suffered from cyber-attacks like WannaCry, Petya/NotPetya or similar ransomwares. This kind of cyber-attack can badly damage the operations and reputations of victim companies which could result in business losses to begin with and job loss to end with. If a cyber-attack targeted necessary utilities like electricity or water plump facilities, it could even be life threatening.

NEXT UP: PRO T.I.P.S with Randy Copeland >>

Strengthen identity and access management with security built into 7th Gen® CoreTM vProTM processor-based devices.

Learn More
Straightforward product reviews, reliable technology news, and tools to navigate the digital world.
Copyright ©2017 Designtechnica Corporation. All rights reserved.