#trusted
partner
Who's In Your Cloud?
Who's In Your Cloud?
Episode 17: Managed Detection and Response
/

Episode 17: Managed Detection and Response

May 24, 2022 | CYBERSECURITY, Who's In Your Cloud?

Who's In Your Cloud Blog Header Image

Welcome back to “Who’s In Your Cloud?” 21 Steps to Secure, Reliable, Trusted Technology. Brought to you by TechOnPurpose, this is Episode 17: Managed Detection and Response (MDR).

In our last episode, we focused on the importance Server Backups and BCDR play in protecting and preserving your organization in the event of ransomware, downtime, data loss, or system outages. Catch up on Episode 16 to learn how to employ the right BCDR strategies for your specific business security and recovery needs! 

In today’s episode, we’re joined by our cast of cyber experts to discuss how the use of Managed Detection and Response (MDR) helps rapidly identify and limit the impact of threats WITHOUT the need for additional staffing. Stick around to find out how this cybersecurity service combines technology with human expertise to do the threat hunting, monitoring, and responding to malicious activity in your business, so that you can focus on what’s actually important.

Also, hear from our cyber expert cast about their available MDR solutions and the vital necessity for these technologies in the risk detection and mitigation response. We’re very thankful to our partners joining us today from Intelisys, Privafy and Stellar Cyber, as they help us educate our clients and prospects on the road to #secure, reliable, trusted technology!

As a reminder, we began releasing a new episode every Tuesday, starting 10/20/21, and will continue to do so through late spring of 2022, with brief time off for holidays with family and friends. We’ll also follow each Tuesday episode release with subsequent Wednesday, Thursday, and Friday posts highlighting our (3) contributing solution partners from that week’s episode. We hope you’ll find this an immersive, hopefully simple, educational, and enjoyable experience. So how do you tune in?

To easily follow the journey ahead, we’ve diversified your access options to all (23) of our coming episodes. You can follow along here on our blog or by any of the following methods:

  • Email Newsletter: sign up at techonpurpose.net/blog and have each episode delivered directly to your inbox when released.
  • LinkedIn:  follow here
  • YouTube:  follow here
  • Facebook:  follow here
  • Podcast:  follow here

Buckle up – it’s time to hit the road to #secure, reliable, trusted technology!

 

Lauren Lev  
Welcome back to TechOnPurposes, “Who’s In Your Cloud?” vlog series, where we cover the 21 steps to secure, reliable and trusted technology. Thanks for joining us for Episode 17, Managed Detection and Response or MDR. I’m Lauren Lev, Marketing Manager for TechOnPurpose and the always sassy and sometimes savvy host of this blog series. Catch up on all of our previous episodes on LinkedIn, Facebook, YouTube, or Spotify. And you can sign up for our free cybersecurity risk assessment at WhosInYour.Cloud. MDR- Let’s dive into it. So like I said, MDR stands for managed detection and response. It is a cybersecurity service that combines technology with human expertise to do the threat hunting, monitoring and responding to malicious activity in your business, so that you can focus on what’s actually important. So another great benefit of MDR is that it helps rapidly identify and limit the impact of threats without the need for additional staffing. Clearly, you shouldn’t just take my word for it, so that’s why I brought in this good looking cast of savvy cybersecurity specialists. So let’s meet my experts. Joining us for the first time on the vlog is Jamal Purvis, Solutions Engineer from Intelisys. We’ve had Intelisys on the vlog a couple of times, but Jamal is new to us. So introduce yourself and tell us a little bit more about what you do at Intelisys.

Jamal Purvis  
Absolutely. Thank you, Lauren. So my name is Jamal Purvis and I am a Solutions Engineer for Intelisys. And to just kind of give you a little background about me, I started in kind of the physical security and networking environment. And one of the things that I was able to do was learn a lot about security. And it led me from the physical side over into the cyber side. So for the last year and a half or so I’ve actually been really studying up on and getting to know more and more about cybersecurity. And let’s just be honest, you can never ever be an expert. You could definitely be a specialist and you could definitely know your field really well, but to call yourself an expert, it’s kind of tough, because you’re always learning. And frankly, my head hurts with so many acronyms in this cybersecurity environment too. So I definitely get what you’re saying. And so for my role, just really quick, you know, I definitely help all our partners try to find the right supplier that’s going to meet their needs. And especially in the cybersecurity world, we’re talking about MDR today, so I’m pretty sure it’s going to be a very interesting conversation as we go through it.

Lauren Lev  
We’ve recently introduced Privafy to the vlog. Joining us today is Principal Systems Architect and Field Engineer, DJ Joachimpillai. All right, tell us who you are and what you do at Privafy.

DJ Joachimpillai  
So at Privafy, I’m responsible for a couple of things. One is, I am responsible for actually doing designs for field deployment of our solution, which is provided as a software as a service (SaaS). And sometimes we also provide security software as a service or security as a service. So we provide two categories of products. And I do the planning, I do the sizing and then I help with the deployment. So from the time a sale is done until the time it’s realized in the network, that’s where I come in. My second hat is also providing the much needed input for our development team to come up with the right strategy to meet the market. We primarily focus on small and medium businesses, and that’s our target audience right now because we feel that that’s an underserved market. So that’s where we focus our energies on.

Lauren Lev  
And lastly, we have a new TOPcyber21 solution partner. Joining the vlog today, we have VP of Service Providers, Brian Stoner from StellarCyber. Brian, tell us a little bit more about who you are, who StellarCyber is and what you do for them.

Brian Stoner  
Sure, Lauren, and thanks so much for having us again, this is really a great treat. Right, so I’m Brian Stoner. I manage over 110 service providers globally that leverage the StellarCyber Open XDR platform to run their sock operations. And so I’ve been in the cybersecurity business for about 20 years. I’ve worked for companies like McAfee, FireEye, and Cylance. And I actually helped Solutionary sell their business to NTT back in the day, so a lot of experience in the service provider space. Prior to that, I was in the carrier and hosting space for about 13 years. So I’ve been doing this for a long time and excited to share with the group Brian

Matt Tankersley  
Brian started in the industry when he was 29. Welcome, Ryan. 

Brian Stoner  
Yeah, thanks for having me.

Lauren Lev  
All right. And last but never least, we have Matt Tankersley, cyber evangelist and TechOnPurposes founder and CEO. Matt, welcome again.

Matt Tankersley  
Such a pleasure to work in this program with you and all of our many fabulous partners like the folks represented here today. So I definitely want to say thanks to each of you guys and your organization for all you do to equip us at TechOnPurpose and our global customer family with amazing products, services and solutions that are, frankly, purpose built to deliver our secure, reliable and trusted technology. So let’s talk about MDR, EDR, or XDR. What do we call it this week, right? It’s kind of like those family photos where you have three generations in one photo. I think that’s really the origin of these terms, and each one has built upon the other to improve. And there’s no question that mitigating, monitoring, and responding to evolving cyber risks involves lots of different layers. I personally find it really intriguing that we continue to see a convergence of different technologies that seems to help us minimize the number of unique vendors that are needed to achieve our TOP21 security steps. So probably, and on that front, none more than MDR, XDR, and the previous solution providers that we’ve had the privilege of meeting in recent months. So what’s the role of XDR or MDR? And how does that complement or contrast with the other cyber best practices like endpoint security and SIEM, right? We haven’t talked much about SIEM yet and in my mind, SIEM is a critical part of MDR or XDR, right? I trust today with the help of our cyber expert cast, we’re going to uncover the role, the differences, and the vital necessity for these technologies in the risk mitigation and response strategies for our audience. So Lauren, let’s cast off and let’s see what we can learn today from this fabulous cast of cyber characters.

Brian Stoner  
Okay, so for our first roundtable topic, we’re gonna go around. Jamal, I’m actually going to start with you. Tell us a little bit more about MDR, what it is, and why we should care. And then feel free to share any statistics, stories, anecdotes, etc. from your own personal experience?

Jamal Purvis  
The MDR stands for, of course, managed detection and response. In some scenarios, remediation is another art that you could throw in there, right? So for me that definition, I always kind of like to break it down into three main works. What is the Manage part, the Manage part is that network or managing devices on the network. Often network, it could be devices that are remotely used or it could be devices that are internal. So that’s where that managed piece comes in. And that could be things like software updates, that could be you know, checking, patching, things like that. Anything that you know that you need an IT department for or as a supplement, that’s where that management piece comes in. The detection, what is the worst thing that you can possibly have happen to your company, and that is for you to get basically hacked or get ransomware. So the detection part comes in to detect any suspicious or anything that kind of stands out, that is not a normal task, right? It’s detecting what’s coming across that network. If you know that John Smith goes to work from eight to five and he usually works from home three days a week, and all of a sudden you start seeing some kind of anomalies on Saturday or Sunday, that’s a simple thing. That’s something that would pop up a big red flag and say, hey, something’s not right here. And from that point, you go into the response piece. What do you do when you see that red flag? So you take all that data, you bring it across, and you easily kind of put it together and you start to decipher. Did John just go in just because he had something due by Monday and he was behind? Or could it be someone else coming through John’s login for his device that throws that big red flag up. So that’s kind of the way I see it. And I know these other guys, they definitely can give you even better definitions of it. Because I know, this team that we’re on with right now have a lot of experience and knowledge, more than I do. But I will tell this one horror story. This happened to a friend of mine who has his own business, and let’s just say he did not have the right tools in place. One day, he’s on a trip and he goes down to Florida. He’s kind of on vacation and he leaves his laptop in his hotel room unattended, not logged out. So you can just imagine what happens next. Fortunately, he was able to kind of catch most of it. But the person that did go in, they actually got account numbers off of his laptop, they dived into things. So they actually pulled data that they thought they could use, but he’s very meticulous, I don’t know how he keeps certain things in there. So the customer base was done, but he did have issues for a few months trying to get it situated with his bank account. So just think about that, for that is more of a physical thing. But it could have been a lot worse, had he been connected to his server and logged in and all of a sudden that customer data is out there. Or better yet, all his potential clients could have been known. So that’s kind of like the horror story I look at from that point. But then there’s others that I can definitely tell you, but we have to sign you an NDA.

Matt Tankersley 
That’s a scary scenario. Imagine if that user had reset passwords, right? I mean, they’re logged in, and now they start resetting passwords. Now there’s some of those passwords on the dark web. We’ve had that episode, we’ve talked about that. So yeah, that’s one of the ways those anomalies can start to appear. You know, three days later, when he’s out in the middle of the ocean fishing and stuff starts happening, like how do you know? How do you know that that’s happened? That’s the kind of stuff we’re talking about today. Great intro Jamal, thanks.

Lauren Lev  
All right. Brian Stoner from StellarCyber, what is your take on MDR?

Brian Stoner  
Well, so kind of following up on what Jamal said, right? This is what we provide the technology for partners to do every day, right? And I think there’s a few trends in the industry that we need to think about as we think about MDR. Managed detection and response never really had response for most partners, right? You know, we’ll tell you that somebody stole your identity, but we won’t tell you who did it or when they did it, or how you’re going to fix it. And so that’s where I think the industry kind of started to gravitate toward extended detection and response, which is what XDR stands for. But you know, XDR now is being used in so many different ways. I think I saw it on the hand dryer in the bathroom at the gas station today when I filled up my car. I mean, it is literally, it’s on endpoint products. It’s on Cloud products. It’s, you know, it’s everywhere right now. And I think what we really need to do is kind of educate people as to, well, how can we really use that extended detection and response to really solve the problem of, there’s more and more threats, there’s more and more things to look through? You know, SIEM technologies were never really designed to deal with the volume of things that hit our businesses every day today. So we have to think, you know, how can we move from this very binary, oh, somebody failed to log in 10 times, I’m gonna alert that. Okay, great. Well, then what do you do about it? Well, there are these new tools called security orchestration and response tools, right? That kind of sits next to the SIEM, equally as complicated to set up and run right. So now you invest in the SIEM and then invest in the store and then provide this really manual expensive service, or you look for a more integrated platform. So from an XDR perspective, the other reason that you’re not seeing a Gartner Magic Quadrant on XDR is because it means something different to everybody who slaps it on their product, right? If you talk to CrowdStrike or SentinelOne they bought big databases. CrowdStrike bought Humio and SentinelOne bought Scalar, but those are just big databases, right? They are not ingesting data from everything in the network. They’re not ingesting from, you know, the cloud services and all those other things yet, and so it’s really just a way for them to kind of get out of the commodity business that they’re already in, right? They’re trying to do that. And then you’ve got the big players like Palo Alto and Fortinet, where you have to buy this huge stack of expensive equipment just to get extended detection and response. So we took a little bit of a different approach and we created an open architecture where we’ll integrate with anything. It doesn’t matter if it’s a security product and it throws off a log, we’ll ingest that, we’ll normalize it and we’ll make sense of it. And so now, we’re starting to use machine learning to automate things that the analyst has to do manually today in a SIEM, so that we can actually help our partners support more customers with fewer analysts, because it’s so hard to find them today. So we’re really trying to solve this problem in a unique way by using machine learning. And there’s probably about seven different types that we use in the platform. But to Jamal’s example, you know, for something like somebody’s coming in at the middle of the night to log in and do some extra work, right? We use this thing called unsupervised machine learning where we baseline what everyone does. We’ll know when Lauren logs in in the morning, we’ll know when Matt logs off at night, we’ll know how much data Matt normally transfers in a day, we’ll know where he normally logs in from, and if he logs it from someplace else, right, we can alert on it. It’s not necessarily a bad thing that Matt’s on vacation, finally, but, you know, we have to know that that’s what’s really happening, right, to Jamal’s example. So I think there’s some unique ways that we can start to use this new technology to eliminate a lot of the manual work, and then automate the detection so we can reduce that window. I think it’s still like 200 plus days to detect things on average, right? And then to respond to it can take even longer. We want to reduce that to seconds, not weeks and months. 

Matt Tankersley  
If you guys aren’t familiar with Privafy, they’re doing a lot more than this. They’re doing something different than this and they’re approaching the security stack from a different way. It’s really unique to me. I’m anxious to hear what you say about that as well, DJ. I also want to say for our viewing audience, one of the things that intrigued me the most when we started building our cyber portfolio, is when we came across the SIEM technology. I think it’s really important to note that I think that the proper XDR or MDR technologies are incorporating SIEM into what they’re doing. I think as Brian said, it’s like, okay, we’ve got all this data and we’re collecting it, now what do we do with it? I think that’s where this machine learning and the AI and demand side and cyber security operation centers come into play. So for our viewing audience, you probably are out there running your barbecue chains and your accounting firms, and you’ve got better things to do and think about it in general, much less cyber risk. So you’re taking a few proactive things here and there. And I hope that you know, your endpoint security is doing what it’s supposed to do. But how do you know before it’s too late? Like, I think that’s where these XDR solutions come in. And what I love about the SIEM piece that I think is imperative to the XDR piece where it’s layered on top of it is that we’re looking at every packet that goes in and out of your machine. We’re looking at every security event that goes in and out of those machines. We’re looking at the ingress and egress traffic of every site that you have, looking at your cloud tools, your Microsoft 365, and your Google and we’re looking at etc. applications. So we’re looking at all those security events. And so then, as Brian and Jamal both said, they’ve got this intelligent platform that’s correlating all of that data, not just in one place, and correlating all the data for all of the users and for all of the tools that they use to bring this intelligence layer to the aspect. So if you’re still out there confused about what this thing’s going to do for you. That’s it. It’s imperative that we just monitor and know what we do with that data. And that’s where our XDR solution partners come in. So DJ, you have the floor man, let’s hear about Privafy and your take on this whole MDR thing?

DJ Joachimpillai  
Yeah, absolutely. So in Privafy, what we attempted to do was to limit the number of- First of all, we wanted to take a look at how many small and medium businesses are out there in the world and in America especially and how providing a managed security as a service solution has to look and feel like in the small and medium businesses. There are one to 499 users. As of 2013, it was something like 5.7 million in America alone. And out of that 5.7 million 5.1 million of those enterprises had one to 10 users for business. When you shrink it down to that level, none of the Palo Alto’s and the big guys will actually scale down to that level because they’re all still doing the 1000, 2000, the big numbers, because when you’re collecting data for an enterprise that has multi-site and stuff like that. The amount of data is so much that you have, like Brian said, you have to have a massive box to actually just do the munching and crunching of the numbers. So when you scale it down to this little one to 19, or one to 20, or one to 500 people, the problem is very different in two ways. One is that the scale of the problem is different. And the second problem is how do you take it to market because the mindset of the people, unless they had an experience, it’s going to be very difficult to get them excited about protecting their environment in a highly threatening world as it exists today. Right? So if you’re really recently looked at the news, Costa Rica had to shut down the government because they had a ransomware attack that took down the whole government. And now you know, the US government has offered $10 million for any information that leads up to finding out who did it. And we all know who did, it was apparently out of Russia, they did it. But they still have to know the exact individuals that were involved in it. So we can go after them or whatever it is. But see, now that tells you how the threat that used to come in the form of viruses that were affecting everybody’s laptop and desktop and stuff like that, which actually didn’t make any monetary or any political sense, to something that has been used as a weapon against individuals, companies, and governments to further somebody’s motivation. So when you match that to small and medium businesses, we have a unique perspective as to how we need to do something. And what is the scale of that something that we need to do in order to make MDR, XDR, EDR, palatable and marketable to this market? That’s where Privafy is right now.

Matt Tankersley  
I’d love to get offline with you, DJ, and talk to you more about our  TOPcyber21 stack. Because what I love about what you guys are doing that’s unique is you’re approaching- you’re not just dealing with SIEM and you’re not just dealing with XDR, MDR, or EDR. There’s more to it than that. Above all, I love that you’ve been able to make that agnostic to the sense that you don’t care about the device and the operating system. I got a Mac, you’ve got Windows, you’ve got Linux, you’ve got iOS, you’ve got Android, and it’s simple. And that’s a beautiful piece of that. I’m just saying, that goes beyond the focus conversation on MDR and next gear, and they’re doing a lot more. And I love that unification of solutions that they’re providing.

Lauren Lev  
Brian Stoner from StellarCyber, let’s talk about solutions. What MDR solutions do you guys implement there?

Brian Stoner  
Well, so we provide a platform that service providers used to provide their MDR service, right. And so, it’s a whole stack that’s been kind of purpose built for the service provider. So your viewers would probably be the end, you know, customers of our service providers. And we’re 100% channels. So that’s kind of a core tenant for us. But at the end of the day, what we’ve done is we’ve taken what used to take a lot of people and manpower to manage and we’ve automated it. So the whole StellarCyber platform includes a SIEM, it includes 12 different sources of threat intelligence, and includes a network detection piece. We have API connectors to hundreds of different EDR tools, and you know, mail services and all those sorts of things so that we can get 360 degree visibility into what’s happening. But as we’re ingesting that data, we compare it against the dozen different sources of threat intelligence, so we can ascertain really quickly if something’s good or bad. And even if it’s like, if you’re familiar with the terminology, zero day, right? We have a sandbox that’ll end the platform as well, that will detonate it and give it a reputation before we store that data in the data lake. And then once that data is in the data lake, we do our machine learning detections and we can actually create incidents like related alerts into a full incident in real time. And you know, up until now that would take incident response firm weeks to dig through the red tape and figure out exactly what happened. We’ve automated that and then we also kind of automated the response. So not only can we detect it faster, but even in a small business, two or three people, maybe we see that ransomware is about to hit one of their machines. If we see that, we can create playbooks where you can automatically block the ransomware from loading before it impacts your customer. So what we’re trying to do is really change that experience. We’re trying to reduce that dwell time for them in your network. Because, unfortunately, what DJ was talking about, where we figure out that it’s Russia that did it, or I think you’ve even seen some articles recently where the federal government has tracked the Bitcoin transaction back to the attackers and actually prosecuted some people. Which is really cool, right? But I don’t think we’re going to be prosecuting Russia anytime soon. So it’s probably better to have a proactive solution through your service provider that’s going to help them detect these things faster, so that you don’t wind up in that situation.

Matt Tankersley  
What CyberStellar does is equip companies like ours with the ability to bring these solutions in scale to our clients of any size. And so we love that. I’ll tell you, Brian, I think it was your technology and I’ve seen it in a few. And you sort of implied it, but I want to say that for our listening audience, right, let’s say that you do have a compromised device or an endpoint. If I’m not mistaken, Brian, you guys have a way to basically isolate that device in such a way so that it can’t spread. And in fact, still maintain remote connectivity to remediate the device while you have it actually isolated. That’s pretty awesome stuff. 

Brian Stoner  
Yeah, we have a lot of great capabilities. And, you know, I think the important thing is to kind of bring it back to the goal, right? The goal is to reduce the opportunity for those attackers to damage any size customer, you know.

Matt Tankersley  
I’ll tell you, we need to move the ball along because we’re running out of time and we want to let everybody get out of here, it’s Friday afternoon. But, I will share a little fun fact. I was at a Houston cybersecurity conference, I think the week before last, and I had the privilege of having dinner with two secret service agents who are tasked with cybersecurity response. I didn’t realize this, but they’ve got a group of over 300 plus people, that’s all they do is cybersecurity stuff. In particular, I guess they’re associated with the Treasury Department, or they’re under the Treasury Department, if it’s finance related, with so much of ransomware stuff is, these are the guys that are on point. Apparently, they have offices in over 50 nations globally. So I think the good news takeaway for that, for those who are listening, is these guys were actually very accessible. We talked about accessibility. If you have an event, you can report to these guys. And they will get involved at some point or another and help them resolve or track down the issues.

Lauren Lev  
Jamal, what are your thoughts? We haven’t heard from you in a second. So where’s yours?

Jamal Purvis  
So you know, we have a different take because you know, we are that technology solution distributor. So in that scenario, I will say we have partnerships with tons of suppliers that can do everything that Brian just mentioned or maybe even have Brian himself. We can have, you know, DJ here, as well. The key is, I think what a lot of people don’t know is sometimes you gotta go backwards a little bit and talk about education and user education. For me it’s like one thing in my top three when I talk about cybersecurity, user education is probably one of the biggest things that I will pull up. And you know, cyber awareness training, just teaching people about when they’re using their endpoint that’s being managed, right? Not to click on something that could potentially, you know, do something to your potential employer or your customer base, if you’re in that scenario. That’s something that always kind of stands out. And that’s a big part of something that I would say is a part of that MDR, even though it’s not necessarily in the solution stack, it is a big picture, right? And we want to kind of draw people to the bigger picture just beyond what we’re talking about today. Just want to just throw a little nugget out there, just so people can have it. And then of course, the other piece that always kind of goes into this and revolves around is the endpoints as well and some of the networking is the physical security environment that you’re in, right. We talked about my buddy who was out in the hotel, it sits on the lock and key based off of the hotel’s locker key system. Anybody can get a key, I can make a copy of the key in 25 seconds with a couple of devices I have in my house right now. However, I won’t do that. But In the event that you are in your building and your corporate office, and you’re still using an old traditional lock and key, you my friend, are potentially putting yourself in a big issue. So think about that as- and I don’t mean just a front door, I mean your network closet, I mean things like that. So having those things bought and protected by access control systems, that’s big, because it’s protecting another endpoint in your office, it’s protecting another device in your office to servers, switches, routers, you know, probably even your security station. I’ve had people have issues just because they didn’t lock it down correctly. So, I know that I’m a little off topic, but I did want to just bring that up. And I think it’s just another piece that some people forget about. And it’s something that we can always discuss further.

Lauren Lev  
People just get too relaxed for two seconds. I was working somewhere and you just mentioned the closet, the closet with all their IT, all their supplies, everything, and they had it locked. But then they always kept the key to the lock in the thing. And so I took it out and I put it away in the register. And then I got in trouble. I was like, why are we gonna have a locked door? Well, we put the key to the lock in the door. It just didn’t make sense to me. And like you said it always goes back to education.

Matt Tankersley  
Yes, always. You know, Jamal, you said education and that’s what this whole program is about. It’s what our TOPcyber21 is all about. Hopefully, our viewing audience is learning from this process and there’s no question. And I think if I could briefly, and let’s give DJ some thoughts in there, but if I could briefly connect the dots between physical security and MDR and XDR. Think about it today, the key that Lauren discussed, there’s no auditing. There’s no record of who touched that key when and who stuck it in and who turned it right. If you’re using some more modern common technology that are access control platforms, guess what, those access control platforms are going to be programmed to dump their SIS logs and event logs up into what? The SIEM and the XDR, so that now we’ve had a physical incident, we can go trace and see where that person came in, the front door, the back door, the side door, and then into the IT closet. We got everything we need to correlate that data. Good stuff and we’re on our last round, and we need to give DJ some time here. Right? So DJ, talk to us a little bit more about the specific solutions that are classified as to combat and deliver solutions for MDR/XDR to your partners.

DJ Joachimpillai  
We actually approached it just like Brian was mentioning. We collect floor level information on every flow that comes in and out. We provide protection from all known threats from day one and we track them. And like Brian was saying, we normally will track individual users normal behavior so that we can actually do anomaly detection as well. So those are like standard things that one has to do because we are not on every device. We don’t collect logs from every switch and then find it, we don’t do any of that stuff. We do, however, plan on looking at the endpoint because endpoint is a very interesting play. Because endpoints- people rely on antivirus software as the endpoint story, which is not really going to solve the problems of today. It solved the problems of yesterday and people have created a sense of security with it. But if you really look at all the endpoint protection that are available today, they’re all trying to go into the different areas of ID Protection. They say we are going to give you ID Protection, they’re going to give you VPN service and stuff like that. So they’re actually trying to expand their capabilities in order to encompass more and more of what is relevant today. And so what we are looking at is, what are the best pieces of information that’s available that can easily identify and recognize and we will be able to remediate. Like Brian was saying, come ahead of an attack as opposed to after the fact and try to figure out what happened. So that’s the two areas that we are very focused on. And like Brian was saying, we do everything from machine learning to understand what is happening in the environment and what the users are doing in an environment. Our biggest challenge is, you know, all these technology words make sense to let’s say, a Gartner analyst or some of us who are in that environment. I go to a doctor’s office, which is 50 doctors, with two managers that are running five locations. It’s almost impossible to tell them you need MDR because they don’t even know what it is. So education, like Jamal was saying, is absolutely crucial and making it palatable to that kind of an audience is even more important. So losing some of the technology words and then converting it to like a normal person word like Lauren was saying earlier is very important.

Matt Tankersley  
Well, Lauren, I know If you’re watching, you’ve been through our episodes. This is episode 17, right? We already talked about secure remote access and we already talked about endpoint security. We already talked about security awareness training and all these things. And one of the things I love, in fact, have we done Mobile Device Management yet? So one of the things I love about the Privafy platform is the way they bring secure remote access into the conversation. So it’s not just what we’re talking about today, they really bring a lot of things together. Brian, and Jamal, thanks so much for joining us. Brian, you guys are a new partner in our portfolio and we’re pretty ecstatic to continue to plug you guys in and learn more about what you’re doing. We feel like it’s probably very superior to some of the legacy technologies that we’ve used. So we’re definitely looking at the marketplace and for those that are listening, for those that are customers, we never stop learning and we never stop looking for ways to improve your security. And you know, what’s crazy, sometimes you can reduce costs to make things better, and we can do it for less. And I think that, Brian, your company’s gonna be one of those that helps us to do that. And I think DJ, you guys are potentially already doing that for us. And we couldn’t do any of it without great folks like Jamal and his peer Patrick, you’ve seen in other episodes and Ivan Paynter, and we’re so grateful for each of our master agents. And so, Lauren, how about we get any final thoughts anybody has? We’ll let you close this out, because we’re already a minute past happy hour for some folks.

Lauren Lev  
Yes. Okay, so like Matt said, before I close this out, Jamal, Brian, DJ, anything else to add?

DJ Joachimpillai  
Thank you for having me. This is my first episode, it was really enjoyable. Nice meeting you Brian, Jamal, Matt, and of course, Lauren. I think I’ve seen a lot of your emails. It was nice to meet you all in person. Thank you very much for having me.

Matt Tankersley  
Likewise, absolutely. Thank you. 

Jamal Purvis  
I second that, it’s been a pleasure.

Brian Stoner  
Yeah and I’m going to leave one story because Jamal triggered something within me. A lot of people think that attacks only come through your email, watch your text messages. I got a text a couple of years ago when I was at another startup that said it was from the CEO requesting me to get $500 in steam gift cards, and that I needed to deliver them to him right away. And I actually made it to Walgreens before I was like, Wait a minute. You know, so just like your email, don’t click on anything if you don’t know where it’s from. Don’t click on anything in your texts anymore, unless you know where it’s from.

Matt Tankersley  
Now, you know, we learned in security awareness training the role social engineering plays. And so, the bad guys are out there and they know where you paint and they know where you shop, and they’ll sit there sending these SMS’s now like it looks like it’s coming from your bank. I gotta tell you, crazy world out there. You need the TOPcyber21 best security practices. Lauren, tell us how we can get some of that. 

Lauren Lev  
All right. Well, that is a wrap for us today. Thank you for joining us for Episode 17 of our “Who’s In Your Cloud?” vlog series, where we’re covering the 21 steps to secure reliable, trusted technology. If you want more of these episodes, which clearly you should, check out all of them on LinkedIn, Facebook, YouTube, and Spotify, or get them delivered straight to your inbox by signing up at TechOnPurpose.net/blog. To start a free trial from any of our solution partners here today, send an email to . And sign up for our free cybersecurity risk assessment at once again, WhosInYour.Cloud. Next week, we’re switching gears to network vulnerability and penetration testing. Learn how security experts are able to simulate a cyber attack to identify the weak spots leaving you vulnerable to cyber attack and what you can do to fix them. Thanks for joining us, everybody. Be safe out there, bye!

Ready for your free cybersecurity survey? Discover potential vulnerabilities for your business and get a copy of our #TOPcyber21 Best Security Practices to help get you started on the road to #secure, reliable, trusted technology! Subscribe to our blog to get episodes of “Who’s In Your Cloud?” delivered direct to your inbox weekly.
Claim Your Free Cybersecurity Sruvey