Welcome everyone to DataEndure’s final TECH Talk of 2021. I am Kirstin Burke, and I’m delighted today to be joined by a guest, Brian Moody, who is our Vice President of Managed Security Services. We’re just delighted to have you here today, Brian, to share some of your insights. So welcome.
Thank you. Looking forward to our conversation.
Yes. At the end of the year, you’re either reflecting or planning, and we just thought it was a great opportunity to have Brian join us to really both reflect and project on what we’ve heard from our hundreds of conversations with customers and prospects, and really to help other folks understand what we are seeing and hearing, as what we’ll call the top three security priorities that we’re seeing on people’s Christmas lists this year.
So we’ll tie in a little bit of the holidays, but really just tapping into Brian, the conversations he’s having, and some of the insights that we’re sharing with our customers around these three priorities to hopefully help some of you on – if these are on your Christmas list, that perhaps will help you think bigger, smarter, or more strategically about some of these things. So Brian, I’ll cue it off. We’ve got three things that we’ve identified. Why don’t you lead us into the first?
So first of all, I would say, to your point, reflecting back on 2021 and look at some of the challenges that our customers are going through. And you’re right, I spend every day talking to security professionals, talking to our current customers, listening and hearing the challenges that they’re dealing with. And the fact of the matter is this security thing is hard. It’s difficult. And the time that it takes in our businesses today to implement a secure profile is incredibly challenging. And our customers are doing really well in some areas and not in others, but what we’re seeing is it’s a constantly moving target.
And the time is not on our side, and you see that slogan on our website, you see that in our documentation. We are working every day to run our business. Hackers have all day to figure out how to thwart that effort. And so, I hear more and more from our customers, just that this constant challenge. So if you think about Christmas right now, we’re all running out and getting gifts. And in fact, if you could find a gift – I was after a certain kitchen appliance, and I can’t believe you can’t find one. They’re gone. And then to try to get it shipped in, and to have it arrive in order for us to enjoy it, well, translate that into security professionals and security resources.
So one of the top things that I’ve seen and heard from customers this year is their ability to find, number one, qualified security professionals that can come in and to help build the team and augment the team. So our customers are number one, struggling with the resources that it takes to really implement and manage a secure infrastructure in their company. Number two, I think in the three topics that we can dive in this year, is I’m hearing more and more and more about micro-segmentation, about zero trust. And if you think and look back on the solar winds and the large government breach that took place this year, look back over the pipeline breach, these cyber criminals were in there for months.
And they breached credentials, and they breached systems, and they breached software capability that allowed them to come in and have literally free ability to move throughout the network before they decided to detonate. And that is the critical now kind of rising, and the escalation priority that I have seen and felt with a lot of companies, is around how do we segment our environment? How do we create zero trust? So that’s number one. Number two is as the technology continues to mature, as well as the cyber attacks and the phishing attacks continue to mature, our endpoint detection and response, we’re finding that the implementations that are in place need to be modernized. They need to be improved. So updating that EDR almost to MDR.
Back to my comment about resource availability. We all went last year, massively remote. That cyber landscape, that threat became catastrophic for every business on the planet, without question. So now we’re managing end points that we didn’t normally think we were going to manage before. Even in DataEndure, our internal staff, which worked on internal systems, went mobile. So that was either a home system or a mobile device that we provided to them. That device needed to be secured. That happened globally. So the escalation of the endpoint protection schema now has become a major challenge, and is probably number two on most of the customers that I’m talking to.
And then third, when you think you’ve done all that you needed to do in order to do business – Again, the only change that’s constant, our CEO loves to say, is that landscape is continuing to change. And that challenge is the requirements to do business today and the requirements around your security profile. So requirements in order to sign a contract with the customer and/or requirements to get cyber insurance. These have all escalated for all of our customers.
So if I were to say top three things coming out of ‘21 that are beginning to culminate in our conversation with customers, it’s around zero trust, it’s around micro-segmentation. It’s around modernization of the end point from EDR to really MDR capabilities. And then really evaluating our overall security profile around contracts and requirements that may not be our requirements, but are our requirements of our partners, our contract parties, our software partners, in order to do business with them.
Right, right. Well, it’s so interesting how you started out this conversation. So we’ve got these three macro areas. And one of the things that you had mentioned organizations are struggling with is just resourcing. It’s finding the people, it’s finding the ways to evaluate the tools. And someone phrased it this way yesterday, and it just stuck with me. It’s not that the folks out there are doing things wrong or bad, or whatever, we do have this adversary that is several steps ahead of us, and it’s crime fighting. And someone mentioned that phrase yesterday about crime fighting.
And how do you as an individual, or you as an organization, really struggle to crime fight without crime fighting specialists around you, right? Whether it’s the police, or the FBI, or the SWAT team, whatever you want to call it. But if you really think about it, these organizations are trying to crime fight on their own, and that is not their specialty. And so, they’re going to bring in tools, they’re going to bring in things that they think are going to help, they’re going to put the alarm on the door. They’re going to do the things, but there really is a specialist perspective that is very hard to acquire internally, because part of that crime fighting is knowing what’s going on around the rest of the area.
Call it correlating, or call it pulling in different telemetry to really understand, here are the patterns of these criminals, here’s where they’re hitting, here’s what they do next. And to really help then these organizations shore up. And I think people are understanding that more and more, needing that specialty or expertise around micro-segmentation, around what do we do with the end points, around how do we meet the requirements that we need to? And so it’s interesting that you mentioned the resources first and foremost, because I really think that that parlays across, whether it be these three issues or any other, that you need those resources to do your superhero crime fighting more than ever.
Without question. And I think the other aspect, as you bring the telemetry aspect into it, is we dive by – we had a great conversation with a security professional just recently this week, a very, very large company. And there were a couple of key points made that really kind of struck me, was especially around – we started talking telemetry and the need for telemetry. And she mentioned death by a thousand consoles. And so you mentioned resources, but the tools and technology are out there that help us build our defenses.
The human aspect of this becomes so critical because we have to be able to analyze the telemetry that’s coming in. And yes, we use interoperability, yes, we use integration, and you bring up correlation. But the other point that she made that struck me was with respect to SIM systems. She said she’s found very, very few people that were happy with their SIM. And the other point that she made that really struck me is that most of the SIMs today do not have the threat intelligence that enables them to truly be able to come through with respect to the telemetry that’s coming in, and really do the threat analysis to produce a result. Much less again, having the resources in the company that can understand what that result means, and the steps that are needed to be taken in order to remediate that threat. So very interesting point around resources.
But I think the ideology to come back around to micro-segmentation zero trust, I think the ideology there is that we want to shrink that landscape. So 2020 to 2021, we became just spread out into a cybersecurity landscape that became almost impossible to protect. So the ideology of shrinking that, creating citadels, so to speak, of systems, create ZTNA, so create zero trust networks based upon application and user, so that we’ve now isolated it. And we’re creating smaller attack surfaces so that if we do have a breach of, if we do have a breach of network or system inside of that much smaller citadel, that we don’t, in a sense, get that spillover effect that runs across the company.
So the key point there is I’m dealing with smaller areas, I’m not having to worry about other things, that if I’ve got things segmented correctly, and the threat to the company is dramatically reduced because your attack surface is reduced. And these are some of the absolutely critical areas around microsegmentation zero trust that I think are starting to rise very rapidly on CISOs’ priority lists.
For sure. Well, and you’re shrinking not only that attack surface, but you are making that administration smaller too. So if the attack surface is smaller, the resources that you have can focus more specifically on these certain areas, rather than – we talk about the needle in the haystack or whatever, we’re making those smaller so that things are more easily identifiable and then more easily remediated. And I say easy, I don’t mean easy because we know that this isn’t easy, but you get my gist.
So we talked a little bit more about micro-segmentation, end point detection or MDR, managed detection response. This, as you mentioned, has exploded, right? All of a sudden, devices that were never meant to be doing things, accessing data, whatever, are now all over the place. And what is it that folks are seeing are not working that was working – or maybe it wasn’t working pre-pandemic, but the buttons hadn’t been pushed yet, but now we’ve had these accelerators to show what you may have relied on in the past is not going to work for you given this new situation we’re all living in.
Well, I think the biggest critical component that we can talk about when we talk about attack surface is we kind of had that centralized model of security where we were all coming into a building. And in a lot of cases, we were sitting down at a machine that was inside the firewall, utilizing the castle ideology, right? We’re behind the moat, we’re behind the drawbridge. We’ve got firewall in place, we’ve got proxy in place, we’ve got IDS, we’ve got IPS. We’ve got all of that security and infrastructure protecting the folks that are, in a sense, inside the castle. Well, we all ran outside the castle and we’re all sitting out in thatched huts on the outside of the castle now, because maybe there was something inside the castle like the pandemic that allowed us now to move out.
So the management of that expansion became incredibly difficult. And so the endpoint detection tools that were being used, I don’t think in many occasions where we were really managing insight and protecting, now suddenly were in the wild. So the challenge around the maturity of some of those products wasn’t there. The other aspect I think is that we talk about attack surface, it was much easier to manage inside, now they’re all remote. So our ability to then again, death by console, to be able to take the telemetry and be able to watch all of those endpoints, became a dramatic challenge.
And I don’t think many of the tools that folks had deployed were at a maturation level to deal with the cyber threat that was coming in. Because suddenly now, you see phishing increased by 700%. That was a 2020 dramatic increase immediately, because people were incredibly exposed. So I think what I’ve seen and heard is, matter of fact, just talked to a customer today, a dramatic change in evaluating that end point, and the ability to need that automation, automated response, and also the ability to almost have vulnerability ability to look at endpoint versus just protect the endpoint from something happening. So wanting to have a more proactive approach to that end point versus reacting to something that’s happened.
And so a lot of conversation with folks around this kind of maturing the endpoint solution over what they’ve had just due to the fact that they’re dealing with so many more now.
Right, right. Well, and I think one aspect of that that has really come to the forefront is the ability to understand behavior. And something that a lot of these – you talk about maturity, and that’s a great word to use, that that wasn’t a thing years ago. And so the tools that we had didn’t need to understand certain behavior that was either normal, abnormal to detect it, to alert on it, and now that’s critical, because we now have hackers that know how to destroy their footprints. They know how to destroy their trails. They know how to destroy, or obfuscate those things that these more immature tools were in place to track. And so I don’t know if that’s part of the conversation you’ve been having with folks as well.
Without question. And I think the solution that we’ve selected, one is a modern solution, the MITRE ATT&CK Matrix, the MITRE Group rates it the number one solution, but the key is it’s autonomous agent. Because as you point out, cyber criminals have the advantage. So on a lot of the legacy endpoint solutions, they need to make that cloud connection into their key owner, OEM, so to speak, really in order to operate. So hackers are smart enough to be able to come right in and be able to stick false DNS in and be able to change and stop that connection. So at that point, they’re free to do what they want because they can disable that endpoint capability.
So you absolutely have to have a mature enough endpoint solution so that the hackers can’t come in, detonate on a device and limit your ability to manage that device, and/or respond to it. Again, back to the ideology of zero trust micro-segmentation is, I’ve breached that system, and now I have the ability to breach the wall, so to speak, and have free run inside the network, and almost to the point of being undetected.
So they’re all connected. Interestingly enough, when you talk about the first one, micro-segmentation, you talk about endpoint detection – and that’s a part of a challenge too, I think sometimes we look at these things in isolation. I need a firewall or I need a new EDR solution or whatever, but when you really think of these layers, they’re layers because there’s an interconnection between them. When one works well, it reduces the reliance that you will need the second.
Absolutely.
But you still need the second. So I think part of the strategy that folks are trying to get their head around is how do I think about these layers, and how do I make sure that these are the right layers and that they are interconnected in the right ways, and I’m not leaving any gaps. And I think that goes to your third point, which is I think I’m doing the right things, but I’m not sure, and now all of a sudden, I may have some of my suppliers or vendors coming to me saying, “Hey, we’re now getting pressure from regulators, or from the market, or from the board, saying that all of our vendors need to prove that they are doing X, Y, and Z in order to continue to do business with us.
So all of a sudden, whatever investments you made, whatever layers you have, whether or not, you think they’re right, first of all, can you inspect that and prove it? But now you’ve got [inaudible/audio break 19:18] from elsewhere, and probably if you’re not feeling it yet, it’s likely you will in 2022, because there is this movement that now that – I don’t know that the shift is going to stop, or that change will stop, but I think there’s an awareness that the cyber crime thing isn’t going away. And so, we all need to make sure that we are more proactively putting defenses in place, and we’re going to be inspected on it. So that was kind of your third one. Do you have any examples of just any conversations you’ve had over the last year where folks are kind of thinking, oh my gosh, what am I doing?
Yesterday, last week, week before. No, this is absolutely becoming something that’s critical. And as you know and you see from DataEndure, we talk about this digital resiliency, which is resiliency of your infrastructure and a resiliency of your cyber profile and what we’re finding and seeing more and more. So to your point, in the last month, I have three companies that have come to my organization because we’re attempting to get cyber insurance. But cyber insurance is now requiring very specific cyber infrastructure and enterprise infrastructure that needs to be in place before they’ll even grant you cyber insurance. Right?
So we have a customer of ours that deals with a large car company. And in order for that contract to move forward, in order for them to provide services and products to that car company, they are required to have very specific security infrastructure in place documented. So almost like SOC2 type two, where their processes are documented, they’re approvable, there’s evidentiary telemetry that shows that that’s in place. And this is not the manufacturer’s requirement, they feel they’re secure. This is the requirement of the partner coming in, that if you want to do business with us, this is what the requirement is, and you need to have these things in place.
So this is, I would say, really as we’ve seen coming out of Q3 ‘21 into Q4 ‘21, I’ve had three conversations in the last month with three companies where we have sold services to fill the gap, so to speak. And some ideology and points around that are we’ve seen multi-factor authentication be required. Endpoint detection and response, again, we come back to this MDR solution, that that absolutely has to be, but it’s extended detection and response, and they also want to see continuous incident response so that 7 by 24, 365, if something happens, you have the ability internally to respond, or you have a service that’s responding at 3:00 in the morning, if a detonation or something happens on a device.
Secondarily, 24/7 monitoring. So the ideology of an operation center of a SOC comes into play, or the implementation of a SIM in order to correlate your telemetry. And then network backups, so your ability to back your infrastructure up and recover. So what we’ve seen in so many cases and so many stores this year, are ransomware attacks where customers are being encrypted, they’re being held at ransom, and either they get their data back. And if their infrastructure isn’t resilient enough to respond to that, if they can’t recover from their backups, they’re really in a tough spot. And we work with quite a few companies where that’s been the case. We’ve been part of that response. But network backups and data backup now is almost becoming a requirement.
So when before have you ever thought of a backup as a security item? It’s now coming into a requirement for cyber insurance. And then finally, network segmentation. These cyber insurance companies and partners are getting to the point that if I’m coming into your environment and I’m inter-operating with a function of your company, I want it segmented, and I want to see the security profile around that segmentation, and I want to see that the network is segmented. So again, we come all the way back up top to our micro-segmentation zero trust conversation. But yes, this is becoming a rapid conversation.
And to your point, if you’re not feeling this yet, it’s coming. And it’s going to become more prevalent, I think, in partnership contracts, manufacturing contracts amongst folks, and it’s going to embed itself in the supply chain in order to work to keep it secure.
Well, and the interesting thing that happens then, whether you’re trying to be proactive and get in front of it, or whether someone is now coming to you saying, you need to show this to us. Back to the time is not on your side. This isn’t something at that point that you now have time to go staff, to go build, to go implement, and to operationalize. I mean, if you are feeling that this is something that you’ve got to get stood up, if this is something that you now have a partner or supplier coming to you and saying, this is important, or an insurance company saying you’re uninsurable until you do this, there is a significant time pressure on you now, right?
No question.
This can’t take six months, this can’t take nine months. And how do you get to mature? I mean, it’s going to take you six to nine to stand it up, but if you’re really going to know your stuff, it’s going to take you even longer to get whatever the integration and correlation and telemetry is. So I think one of the things that we’ve been really able to help folks solve for is time. And we talk about our wanting to help organizations put time back on their side. And oftentimes, I think people think of this as, we’ll take time away from the adversary, we’ll take time away, we’ll help you reduce that dwell time. But there’s another factor of time that I think people are becoming more and more aware of, which is time to maturity.
So how fast can I get my security environment mature? And I think that’s something that has grown in value or awareness for people, because they don’t have that time to learn how to do this right, or to hire the people. And they don’t want to take – I mean, they want to get there. but the pain and the cost of getting there is so much.
Well, I think you bring up a critical point around time, because some of these requirements, this contract with pharmacists that we just talked about – and they’re not just for cyber insurance. As we said, these are – I mentioned the relationship with a large automobile company in order to do business with them. These are suddenly contract terms that suddenly exist, and we need these now for you to do business with us. So do you have time to go out now and evaluate six products, do an RFP, select two, run through your process, do a POC? I mean, that’s impossible. So that time factor that you bring to the table, and I think that is the one thing that has been so –
For me, on the sales side of DataEndure this year, is our ability to rapidly expedite a customer security profile to a very, very mature level. And what I’m seeing more and more in my discussion with CISOs is the build it yourself challenge, it’s so difficult. You have to evaluate product, you implement the product, you configure the product for your environment, and the only constant has changed, but then you’ve got to have all the resources to manage that. So the Capex and Opex associated with that are dramatic. And then now all the interoperability and the understood cohesion of death by a thousand consoles is correlating and all that, so that you can get a result that makes your team productive.
And consuming security as a service, and I think we’re seeing it more and more, brings that timestamp down dramatically, because we have done the work, we have built the integrations and the interoperabilities. And we have the ability to deploy very, very quickly, to plug many of these gaps. And just in this week, as I mentioned, the customers we talked about, they didn’t need the whole portfolio, but it was the key critical components that they needed in order to complete the contract or get the cyber insurance that the board so critically wanted. We were able to close those gaps very, very quickly in weeks. Not months, not years, but in weeks’ time of evaluation and implementation.
So Merry Christmas. Well, Brian I’ve so enjoyed you joining us. And your information from the street is so valuable, and it’s so timely. And I hope that our folks listening today benefited from hearing some of this. If these are on your list, and if you’re looking for some help working through that, please let us know. If you have other things, if we did not get the item on your list, reach out to us because not only are these three things hot topics, but there are so many other things that DataEndure from a security perspective– Brian talked about the cyber infrastructure or cybersecurity, and we have infrastructure, and there’s so many things that are now tying closer together, that we really find ourselves getting involved helping customers to work through.
So please feel free to reach out to us. If you have comments, if you have questions, we’d love to dialogue with you. Brian, thank you so much for joining us. It was great having you.
Certainly, and obviously, our best to everyone and their families for a joyous holiday. And we wish everyone a very, very Merry Christmas.
Absolutely. And we will see all of you in 2022. Thank you.