Anita Joseph met Nicolai Solling, Chief Technology Officer at Help AG, for a candid chat on the company’s commitment to innovation, technology integration and bridging the security skills gap.
Nicolai Solling is Chief Technology Officer at Help AG where he oversees the company’s professional and support services, along with managing technical vendor relationships across the region. With a rich career history spanning over two decades in the IT and network industry, Nicolai plays a pivotal role in designing, deploying and operating complex network and security infrastructure for enterprise clients in diverse sectors. Renowned for his cybersecurity acumen, Nicolai is a coffee enthusiast who finds himself captivated by the boundless possibilities of technology. His hands-on experience and extensive know-how in areas such as security solutions, integration, presales, and design, consolidate his reputation as one of the industry’s well-respected leaders.
Commitment to Continuous Innovation
Right at the outset, Nicolai sets the tone of the conversation with one word: Innovation. As a company that has innovation deeply embedded in its DNA, Help AG is the undisputed gamechanger in the industry, disrupting the market with its cutting-edge solutions and cybersecurity expertise.
“The company is built around the core principle of providing clients with cutting-edge solutions, technology services, and innovative approaches. From its inception, Help AG has had innovation at its heart, and been at the forefront of introducing groundbreaking technologies to the market. We are deeply committed to technological and solution innovation, constantly striving to address the evolving challenges faced by our customers. Our approach involves a continuous effort to comprehend the specific challenges customers encounter, leading us to innovate and enhance our services and capabilities accordingly,” he points out.
Harnessing the Power of AI
Reinforcing this journey of innovation, Nicolai delves into the role of Artificial Intelligence (AI) in today’s cybersecurity landscape. He highlights the role of AI, evolving from safeguarding sensitive data in AI platforms to addressing challenges posed by generative AI models.
“AI is a prominent area of focus for our clients, who are also keenly interested in its deployment within their organisations. A year ago, the primary concern around AI revolved around preventing the inadvertent leakage of sensitive data into AI platforms. This marked the initial step in the realm of generative AI, where experimentation often involved inputting various information into GPT prompts. Therefore, addressing the challenge of how data integrates into AI models became a focal point of our efforts, collaborating closely with clients to find effective solutions,” he says.
“However, the landscape is evolving rapidly. Clients are now actively constructing their generative AI models, exposing them to end-users in different forms, such as chatbots. This shift brings forth new considerations, particularly regarding the control of information emanating from these chatbots, especially when trained on extensive enterprise data. So then, ensuring the secure utilisation of AI becomes paramount. Additionally, we are navigating the intricacies of where AI models reside, marking a pivotal area for innovation in our services and solutions. The quest is to identify the next generation of cybersecurity solutions poised to enter the market.”
Going Beyond the Conventional
Help AG’s innovation-centric approach extends beyond conventional cybersecurity realms. Nicolai discusses the importance of innovation in areas like Cloud and Application Security, operational technology (OT), and Internet of Things (IoT) Security, identity and access management and data protection and privacy. “As organisations embark on their digital transformation journey and adopt more technologies such as the cloud, operational technology, and others, Help AG aims to support them in navigating the complexities of modern cybersecurity threats.”
“For Help AG, cloud security extends beyond conventional boundaries. While our focus aligns with the term ‘cloud security’ used by our customers, our efforts delve deeper into securing modern applications. As organisations modernise their applications in the cloud, we prioritise fortifying their security posture. Our approach integrates DevSecOps principles, emphasising proactive measures to secure applications early in the development lifecycle. Thus, our commitment lies in safeguarding modern applications within the cloud environment, ensuring our customers’ digital assets remain resilient and future-ready. ”
Another pivotal area of innovation pertains to identity security. “Identity serves as a foundational pillar for any organisation, dictating access rights to systems and data. In the contemporary cybersecurity landscape, the concept of identity is arguably the most critical. Systems housing identity information are inherently vulnerable due to their crucial role. In the context of digital transformation, access to identity services becomes as essential as having access to clean drinking water. The availability and security of these services thus become paramount.”
Nicolai also says understanding the significance of identities is imperative, considering that attackers require privileges and access within a network. “The control of such privileges lies within the realm of identity solutions. Consequently, robust capabilities in securing identity services not only safeguard an organisation but also provide a means to mitigate a substantial portion of daily cyber threats. Engaging with customers, I dedicate considerable time to discussions on implementing effective identity security measures, identifying and advocating for innovative solutions. Within our Cyber Defence Centre, many monitored use cases are centered around these critical identity components, recognising them as the Achilles heel of contemporary cybersecurity.”
Staying Ahead of Escalating Cyber threats
In today’s ever-evolving digital landscape, cyber threats are on the rise, becoming more and more sophisticated with time. One of the most prominent threats in the region and globally is Distributed Denial of Service (DDoS) attacks.
“DDoS poses a significant and persistent challenge in the realm of online business,” says Nicolai. “It has become an inherent cost that organisations must bear when conducting operations on the internet due to the constant threat of DDoS attacks. The trend over the past years reveals a concerning escalation, both in the frequency and magnitude of these attacks. Each passing year surpasses the previous one in terms of the number and size of DDoS attacks.”
In 2023, Help AG’s DDoS infrastructure detected an astounding count of over 200,000 DDoS attacks, marking a significant increase from the previous year’s tally of 150,000. “Notably, the latter part of the year, specifically November and December, witnessed a substantial surge in DDoS incidents. The motives behind these attacks are often linked to cybercriminal speculation, strategic timing around high-profile events and other similar considerations.”
According to Nicolai, a noteworthy technical shift in DDoS attack patterns is seen in the increased utilisation of encrypted traffic by attackers. “Historically, encrypted traffic was not a prevalent component of DDoS attacks due to the computational challenges faced by attackers in creating encrypted tunnels. However, this obstacle seems to have been overcome, introducing a new set of tools employed by attackers. Consequently, our defensive measures must evolve to address these changing tactics.”
Therefore, in advising clients and disseminating advisories, Help AG emphasises the importance of adopting a comprehensive DDoS defence strategy. “While network-level defence remains a forte, we stress the need to extend protection to the application layer. Modern DDoS attacks, some of which generate minimal traffic bypassing traditional detection methods that look for sudden spikes in traffic, have shifted from targeting network bandwidth to exploiting application vulnerabilities. Achieving a balance between safeguarding both the application and infrastructure with a multi-layered defence strategy is imperative to effectively combat the evolving nature of DDoS attacks” Nicolai stresses.
Enter Automation
As automation takes centerstage in today’s cybersecurity landscape, Help AG stands tall, well-equipped to seamlessly integrate it into its technology and processes. In Nicolai’s words: “Automation plays a crucial role, especially in advanced defence against cyber threats. Automation can detect and respond to threats much faster than human teams, which is crucial given the rapid pace at which many cyber-attacks unfold, particularly because the shortened dwell time for attackers necessitates a swift and automated response. Recognising this, we made a strategic decision at Help AG two years ago, to integrate automation into every client environment we deploy. Each new client receives a set of automation use cases from day one, progressively enhancing the robustness of their response over time. Automation is a central discipline for us, and significant engineering efforts are dedicated to its development.”
Help AG’s Cyber Defence Centre comprises over 170 security experts, with the cyber engineering team being the largest. They focus on ensuring the seamless operation of their automation platform and meticulously construct use cases for integration into diverse systems, incorporating programming, scripting, and API integrations. Meanwhile, the analysts in the team play a pivotal role in identifying different issues and possibilities. This collaboration means that Help AG is able to enhance its automated responses based on potential scenarios.
“While analysts form the backbone of our service, empowering them with the right automation tools transforms the team into a dream unit,” Nicolai says. “Our ultimate goal is to simplify their work, facilitate quicker decision-making through automation and create a highly effective cybersecurity defence mechanism.”
With its investment in intelligent automation and its service-oriented architecture, Help AG offers customers 360-degree visibility into multiple aspects of their managed security services. This investment, combined with the company’s long history of providing managed security services in the region, has earned Help AG the title of Managed Security Services Leader in the GCC by IDC MarketScape in 2023.
Cybersecurity as a Service
Nicolai makes the insightful assertion that most organisations find it inherently challenging to manage their own cybersecurity needs, mainly because this falls outside their core area(s) of expertise, and this is where Help AG steps in with Cybersecurity as a Service, to ensure a seamless and easy journey for its customers.
“For many organisations, cybersecurity is not a primary area of expertise and may be outside their usual scope. For such entities, attempting to establish in-house incident response and cyber defence services can be well beyond the normal comfort zone. Recognising this, organisations are increasingly turning to external expert managed service providers like Help AG to handle the complexities of cybersecurity services. This collaboration allows them to offload responsibilities, whether in monitoring cybersecurity events, conducting dark web investigations, or ensuring comprehensive vulnerability assessments and external attack surface management. These capabilities are critical but demand operational procedures, engineering expertise, and diligent follow-up-areas where we excel in supporting our customers.”
“It’s essential to clarify that, while customers retain ultimate responsibility for their cybersecurity, our partnership enhances their response capabilities significantly. By working hand in hand, we provide a comprehensive and effective approach to cybersecurity, enabling organisations to focus on their core competencies while ensuring a robust defence against evolving threats” he adds.
Help AG’s suite of cybersecurity services not only pioneers innovative solutions but is also rigorously designed to meet and exceed local and global compliance standards, in the UAE and KSA. This steadfast commitment positions Help AG as the preferred partner for enterprises and government entities, especially within critical sectors where the integrity and security of data are paramount.
“By choosing us, stakeholders can rest assured that they are not only leveraging cutting-edge cybersecurity technology but are also aligning with a partner whose operations are synonymous with excellence and compliance at every level” says Nicolai.
Economy of Scale
Help AG’s advantage of scale allows for efficient and widespread delivery of cybersecurity solutions and services tailored to diverse client needs. Their approach to delivering exceptional client solutions is anchored in strategic partnerships and the sophisticated use of automation. “By collaborating with key industry vendors and being active members on partner advisory boards, we ensure that our solutions are not just cutting-edge but also meticulously tailored to meet our clients’ unique requirements. Our partnerships are chosen with precision, aiming for optimal outcomes through a blend of comprehensive engineering and integration,” says Nicolai.
“The heart of our service delivery philosophy lies in automation. It’s our belief that scalability and efficiency in deploying updates and solutions are paramount. Automation stands as the cornerstone of this belief, enabling us to offer seamless processes that allow for the deployment of updates at the touch of a button—a feat impractical to achieve manually. This focus on automation and scalability underscores the importance we place on evolving service delivery, highlighting how we adapt to meet the dynamic needs of our diverse clientele through technology.
“Furthermore, our engagement in co-innovation and co-creation of cybersecurity solutions with industry-leading vendors ensures that we remain at the cutting edge of protecting against today’s threats and anticipating those of tomorrow. Our dedication to innovation, in partnership with global cybersecurity leaders, affirms our position as a forward-thinking ally for any organisation navigating the complexities of the digital age.”
Bridging the Gap
Nicolai highlights Help AG’s efforts in bridging the cybersecurity skills gap in today’s ecosystem. He mentions how initiatives like Help AG’s MSS Graduate Program and academia partnerships reinforce the company’s commitment to nurturing cybersecurity talent.
“One of the biggest concerns of organisations worldwide is the gap in cybersecurity skills. Today, there is a big difference between the cybersecurity needs of organisations and the availability of professionals with the required skills to fill these needs. Help AG is committed to bridging this gap and I think it’s important that we as a society become more secure and create a better ecosystem around cybersecurity. We recently launched our MSS Graduate Program, where we provide fresh graduates with a six-month training in cybersecurity. We have six graduates that are going through the programme. I hope we can absorb them into the company once they’ve done with the programme and offer them a good starting point in their career where they can learn from experts in the field.”
In addition, Help AG is continuously aiming to create a strong cybersecurity culture both inside the company and in all their customer organisations – an environment where employees are engaged, motivated, and feel that their contributions are making a difference, to build a stronger, more resilient cybersecurity workforce that can meet the challenges of today and tomorrow.
Fostering Awareness and Education in Cybersecurity
Nicolai highlights another gap that Help AG is working on closing in cybersecurity, the awareness gap. Efforts to engage individuals and organisations in discussions about cybersecurity challenges and solutions play a crucial role in enhancing the collective understanding and resilience against cyber threats.
On this matter, Nicolai says “We address the awareness gap among customers by focusing on problem discussions, hosting free events on crucial topics like identity governance and OT security. Our approach is about raising awareness of industry challenges. Additionally, I prioritise understanding and addressing current and future client problems by collaborating with academia and regulatory bodies, to prepare for crucial client engagements and solution development in the near term. We also engage with mainstream and business media to discuss widespread cybersecurity challenges, and present information in an accessible manner to the public.”
The e& Ecosystem
Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in 2020, to become the cybersecurity arm of e& enterprise.
“As a proud member of the e& ecosystem, Help AG stands at the forefront of technological innovation and investment. e& enterprise encompasses a broad spectrum of digital transformation capabilities including cloud services, cybersecurity, artificial intelligence (AI), Internet of Things (IoT), fintech, and blockchain technologies. This not only amplifies our capabilities but also enriches our offerings, allowing us to deliver comprehensive solutions to enterprises and governments,” Nicolai comments.
“Being part of this ecosystem positions us uniquely in the market. It enables us to leverage the economy of scale inherent within a vast, interconnected group. This synergy ensures that Help AG can offer a non-parallel value proposition, blending cutting-edge technology with strategic insights to serve as an invaluable partner for organisations embarking on their digital transformation journey”.
The future is clear for Help AG: Continue to innovate, adapt, and integrate cutting-edge technology, particularly AI and intelligent automation, post quantum cybersecurity and the use of sustainable tech in the realm of cyber.
“Our focus will delve extensively into the realm of securing AI, presenting both innovative service and technological advancements. Internally, we’re engaged in AI projects, exploring the integration of AI and machine learning for various initiatives. Additionally, we assist customers in implementing AI capabilities within their security platforms, aiding in their management and operation. The landscape of AI is broad, encompassing aspects of prevention and operational efficiency. Another key area is quantum computing, where we’re aiming to deepen our understanding of client needs and create solutions that will ease their challenges. A pivotal aspect of our strategy involves streamlining operations with intelligent automation, particularly within our Cyber Defence Centre. Ultimately, our goal is to reach a level of confidence in automation that extends to automatic responses, differentiating between routine automation and proactive responses tailored to specific incident outcomes.
Investments in engineering and platform capabilities are crucial to support these initiatives. Where existing platforms fall short, we develop custom automation solutions to meet customer requirements, leveraging our expertise to generate innovative ideas and solutions.”
Conclusion
Help AG stands at the forefront of the technological landscape, embodying an unwavering commitment to innovation that shapes the future of cyber resilience in the region. The company’s dedication to pushing technological boundaries is evident in its adept innovation and integration of cutting-edge solutions to meet industry requirements.
Through strategic initiatives, the company facilitates a symbiotic relationship that ensures technology serves as an enabler for both corporate success and societal progress. This holistic approach underscores Help AG’s commitment to responsible and inclusive innovation.
As it continues to evolve within the dynamic digital landscape, its resilience and forward-thinking strategies are evident. Help AG’s journey goes beyond defending against emerging threats, it involves innovating to equip organisations with the means to build proactive defences and the agility to predict and adapt to new threats. This commitment to innovation enhances the synergy of people, processes, and technologies, offering the best in security solutions. In essence, with a philosophy of Innovate. Automate. Elevate., Help AG is committed to INNOVATE processes and technologies, AUTOMATE threat detection, and response playbooks for faster time to value, in order to ultimately ELEVATE the resilience of organisations in an era that demands utmost agility and performance every single day. Help AG is not just an information technology provider; it is a catalyst for positive change, a bridge connecting the aspirations of industries with the needs of the public and a trailblazer in embracing AI and emerging technologies. Through its unwavering commitment to innovation and technological integration, Help AG cements its position as a leader in shaping the digital landscape of tomorrow.