Johannes Raff, CEO
Digitally connected devices have permeated every aspect of our lives. With the advent of IPv6 and the wide deployment of 5G networks, IoT & OT is growing at an increasingly rapid pace. In fact, Gartner suggests that the worldwide number of IoT-connected devices is projected to increase to 43 billion by 2023, an almost threefold increase from 2018. With such a prognosis, the technology is predicted to step far ahead than anyone can possibly imagine.
But as with every good thing, there’s a downside to IoT: it is becoming an increasingly attractive target for cybercriminals. More connected devices mean more attack vectors and more possibilities for hackers to target businesses at large scale. Unless companies move fast to address this rising security concern, they will soon be facing an inevitable disaster.
However, the scope of IoT is far too complex for traditional security teams to manage with legacy solutions. The need of the hour is a newer approach to cybersecurity. “This is where we come in,” says Johannes Raff, CEO of Clue Security Services, a Zug, Switzerland-based managed security service provider that aims to protect companies of all types against current threats while, at the same time, simplifying the operations of their overall IT infrastructure. “We offer service excellence through a combination of managed security and cyber defence services. We take care of designing the necessary security measures and continuous monitoring, so enterprises can concentrate on their core competences.”
"By partnering with us, companies can be assured of reliable and worry-free protection against IT threats and attacks. We give you real peace of mind "
What drives Clue ahead of its competitors in the cybersecurity landscape is the fact that all of its offerings are based on a modular service catalogue. Customers have the flexibility to pick and choose the modules that best fit their security needs. Furthermore, the modules can be selected or removed on a monthly basis and charged with usage-based billing. Customers, thus, do not overpay for any services or licenses.
Bridging the Cybersecurity Gap
Clue was founded in 2015 to provide an equal level of protection against security issues and attacks for all organisations—irrespective of their size—in line with their needs. To accomplish this feat, the team designed a service model that offered a perfect balance between service-option modularity towards the customer, efficient operations efforts to scale, and enough flexibility to be able to integrate with a dynamic customer environment. Time has proven well, and today, Clue’s modular service portfolio is not only valued by small and medium-sized businesses but also works exceptionally well for larger companies that want to solve specific issues like OT security or cyber defence. “We facilitate the integration and cross usage of security intel between tools through Clue integration and closing the loop between detection and response,” adds Raff. This allows for standardised and efficient operations and security monitoring to reduce the efforts and improve the gain for customers.
It is not a stretch to say that the scale and complexity of cyber threats have evolved significantly over the years.
We take care of designing the necessary security measures and continuous monitoring, so enterprises can concentrate on their core competences
While businesses have updated their security infrastructure to counter new threats and vulnerabilities, some gaps still need to be filled in this ever-shifting landscape. These include understaffed IT teams, lack of specific security know-how of IT integrators and service providers in the OT/ICS space, and inadequate security competencies of internal teams. This is where having a partner like Clue can make all the difference. “Through our focus as a managed security service provider, we enable organisations to use a secure and reliable IT infrastructure. We analyse a business’ requirements and design the optimal protection measures for the company,” explains Raff.
Unlike large enterprises, medium-sized companies are the ones that struggle to operate and integrate these measures efficiently in-house, often without much success. To fit services well and make a difference for mid-size companies, Clue offers a monthly service model with fixed service fees, flexible contracts for upscaling and downscaling, strong SLAs the customers can rely on, and no capital expenses. “Through our managed security services platform (Security Centre), we take over the monthly operation of an organisation’s security infrastructure and enable the best oversight and secure management of their systems and data,” asserts Raff.
Enabling Consistently High-Security Levels
Clue’s core services span security defence centre, OT security, perimeter and cloud security, application security, AI-based threat detection, vulnerability management, and strong authentication. These cyber defence services are offered optionally through IT partners as resellers. Apart from the general deep technical and security knowledge in the IT and security arena, Clue is competent in OT/ICS security. “This know-how allows us to develop specific OT security and IT security monitoring practices covering both worlds,” mentions Raff.
Innovation is at the heart of everything Clue does; it is primarily driven by five main factors. The first is security research from expert groups, organisations, and events. “These help to direct our efforts in the right direction, research the relevant topics, and invest in the security services that are needed for tomorrow. Our own findings and output from our services like the cyber defence centre are next in line and they guide us in training and research,” avers Raff. The third facet is the exchange with partners and customers to learn about their needs and sore spots as well as challenges. All of Clue’s inbound research topics are validated on their technical feasibility and operability. Every service feature and option is tested in lab environments by Clue’s engineering team and is challenged by product management and customer-facing teams. A dynamic R&D budget is the final driver. It enables the company to react fast to new challenges and make quick decisions on development and research in the framework of a clearly defined strategy. All in all, these aspects allow the company to ensure high availability, regardless of whether it is a classic server-client infrastructure, terminal services, production and operating infrastructures, or applications.
Making a Mark in the Industry
The unique value proposition of Clue is best reflected through a client success story involving a global organisation—a market leader in measuring equipment— which operates over 700 production systems worldwide. The client faced numerous challenges when it came to securing remote access for their production lines for maintenance as well as a broad attack surface because of a wide mix of controllers and vendors, in addition to general concerns with connected OT/ICS equipment. Clue was able to provide the client with a solution from their default service offering for OT security in manufacturing, covering software-defined data transport and encryption, secure remote access with operator approval, OT behaviour monitoring and anomaly detection, and have those services covered by the Cyber Defence Centre security monitoring.
A testament to Clue’s bespoke approach is the client testimonial from Tobias Tscharland, team leader, helpdesk, OT service management at Endress und Hauser, which reads: “Clue has proven to be a reliable and trustworthy service provider for IT and OT Security. Their specialization, combined with flexibility and readiness to develop and implement creative solutions specific to our needs, has been a very successful combination for the implementation of our OT security projects and operation.” Another statement by Stephen Clothier, Head of IT and Business Services at Accurity GmbH reads: “Accurity has been benefitting from Clue’s SLA-based managed services for security monitoring over our hybrid cloud infrastructure and is making important contributions to our developing digital platform from the perspective of security and compliance. Their SME ready services are easy to implement, highly cost effective with little or no up-front costs, and scale effortlessly as required. These outsourced services are not only fit for purpose but also relieve us from ongoing management overhead from our side. As head of IT and business services in a growing SME, I can recommend them as competent, customer facing, and above all customer listening.”
Backed by such interesting testimonials and client success stories, today, Clue has carved a niche for itself in the cybersecurity domain. Raff accredits a significant part of the firm’s continued success to his team. “A large part of any company’s achievements lies in its people. The deep knowledge and specialisation of each of our members is highly valued and utilised in all business areas. Each employee supports and drives a constant optimisation and improvement of services and processes,” he states. Furthermore, the firm fosters streamlined and open communication among its teams, which leads to the implementation of new ideas and quick problem-solving capabilities. In addition, Clue places high priority on the excellent quality of work and service, which in turn builds trust with clients. What’s more? Customers value the professional and deep expertise of Clue’s employees and appreciate their supportive attitude. This has resulted in many professional services customers becoming managed services customers over time.
Clue’s service offerings and operations currently cover four continents. The firm is growing strongly in the Swiss and German markets and intends to enhance its efforts in the central European countries in the coming days. “By partnering with us, companies can be assured of reliable and worry-free protection against IT threats and attacks. We give you real peace of mind,” wraps up Raff.