#trusted
partner
Who's In Your Cloud?
Who's In Your Cloud?
Episode 6: EDR and Endpoint Security
/

Episode 6: EDR and Endpoint Security

Dec 7, 2021 | CYBERSECURITY, Who's In Your Cloud?

Who's In Your Cloud Blog Header Image

Welcome back to “Who’s In Your Cloud?” 21 Steps to Secure, Reliable, Trusted Technology. I’m Lauren Lev, Marketing Manager for TechOnPurpose, and this is Episode Six: Endpoint Detection and Response (EDR) and Endpoint Security.

Last week, we discussed the role of OS patching and updates. And now it’s only natural that we would move to the next link in the chain, which is endpoint security. So with the rise of “bring your own device” in the workforce, the increased need for endpoint security, management, and visibility has never been greater. The need to rapidly identify and remediate endpoint threats is a must on the road to secure, reliable, trusted technology. Are your endpoints ready for inevitable attacks?

Today, our cast of experts take a deeper dive into the practice of endpoint security and how to be proactive about managing, detecting, and remediating endpoint compromises before they cost your company big. We’re lucky to be joined by our cyber expert cast from Cisco, ConnectWise, Intelisys, and Webroot today to learn more about endpoint protection, the evolution of endpoint protection technology, and a bit more about best practices and available solutions.

Don’t forget we’ll be releasing a new episode every Tuesday, starting 10/20/21 through late spring of 2022, with brief time off for holidays with family and friends.  We’ll also follow each Tuesday episode release with subsequent Wednesday, Thursday, and Friday posts highlighting our (3) contributing solution partners from that week’s episode.  We hope you’ll find this an immersive, hopefully simple, educational, and enjoyable experience.  So how do you tune in?

To easily follow the journey ahead, we’ve diversified your access options to all (23) of our coming episodes. You can follow along here on our blog or by any of the following methods:

  • Email Newsletter: sign up at techonpurpose.net/blog and have each episode delivered directly to your inbox when released.
  • LinkedIn:  follow here
  • YouTube:  follow here
  • Facebook:  follow here
  • Podcast:  follow here

Buckle up – it’s time to hit the road to #secure, reliable, trusted technology!

 

 

Lauren Lev  
Welcome back to “Who’s In Your Cloud?” 21 Steps to Secure, Reliable, Trusted Technology. I’m Lauren Lev, Marketing Manager for TechOnPurpose. And this is Episode 6: Endpoint Detection and Response (EDR) and Endpoint Security. In prior episodes, we learned how end users, like me, are the weakest link in the cybersecurity chain. And let me tell you, before I started working at TechOnPurpose, I was most definitely the weakest link. So last week, we discussed the role of OS patching and updates. And now it’s only natural that we would move to the next link in the chain, which is endpoint security. So with the rise of “bring your own device” in the workforce, the increased need for endpoint security, management and visibility has never been greater. The need to rapidly identify and remediate endpoint threats is a must on the road to secure, reliable, trusted technology. We know that roughly 82% of security professionals anticipate that an IoT device will be responsible for a data breach within their organization at one point or another. As we’ve said before, it’s not a matter of if, but when cyber threats will knock on your door. Are your endpoints ready for inevitable attacks? Really quickly, if you’ve missed any of our prior episodes, remember, you can catch the entire series or “Who’s In Your Cloud?” at any time on LinkedIn, Facebook, YouTube, or Spotify. And for direct delivery to your inbox, sign up for our blog at TechOnPurpose.net/blog. Today, our cast of experts take a deeper dive into the practice of endpoint security and how to be proactive about managing, detecting and remediating endpoint compromises before they cost your company big. We’re lucky to be joined by our cyber expert cast today to learn more about endpoint protection, the evolution of endpoint protection technology, and a bit more about best practices and available solutions. First up we have our VIP cast member, the one and only Ivan Paynter, National Cybersecurity Specialist for Intelisys. Always good to have you, Ivan.

Ivan Paynter  
Glad to be here.

Lauren Lev  
Awesome. We have a first time cast member joining us today. We have Tanja Omeragic, Manager for Technical Sales from ConnectWise. Thanks for joining us today.

Tanja Omeragic   
Thank you for having me, Lauren and Matt. Excited to be here with these other cast members.

Lauren Lev  
Let’s welcome back Cisco’s Technical Solution Specialist, Andrew Griffin. Andrew, good to have you back.

Andrew Griffin  
Yeah, thanks for having me again. It’s a pleasure.

Lauren Lev  
In rounding out our cast today we have Blair Swartz, Channel Account Manager for Webroot. Thanks for joining us again, Blair.

Blair Swartz   
Thank you, Lauren. It’s a pleasure. And I’m super excited to be speaking with everyone and being in the presence of a celebrity, Ivan.

Lauren Lev   
I know I get nervous. And lastly, we have TechOnPurpose Founder and CEO, Matt Tankersley.

Matt Tankersley   
Hey everyone. Thanks for having me back, Lauren. 

Lauren Lev   
Of course, of course, couldn’t do it without you. So actually, Matt, we’ll hear from you first, talk to us about EDR and endpoint security, explain what it all entails and the importance of it in today’s changing job market. 

Matt Tankersley   
Well, fortunately, we’ve got more smarter folks than me here to talk about that. So thanks, Lauren. And unless you’re Ivan, it’s always best to not be the smartest guy in the room. So, thanks for saving Lauren and I from that burden. And I mean that sincerely, we love having you and you’re a great addition to our cast. So I’m like those elusive, feisty, unpredictable end users or what we call layer eight in the OSI model. Today, we start the journey into areas we should have actual visibility and control. And that’s endpoints, right? So meaning, we can’t control layer eight, but we should be able to control the flow on these endpoints, right? So, we’ll be dedicating the next few weeks to how we secure our systems, confidential information, our productivity and livelihoods when layer eight fills us, as it inevitably will. We’re going to start that conversation today with endpoint security and the most recent evolution into EDR- endpoint detection and response. And Ivan as you know, we’re gonna discuss XDR in a coming episode, but for now, Lauren I think, I think we’re ready to take our first trip around the panel.

Lauren Lev   
Perfect. I know Ivan’s excited about XDR because he mentioned it. There you go, Ivan, it’s coming.

Ivan Paynter   
Yeah, you guys have to head me off at the pass because I’m just gonna keep on running. You know that. 

Lauren Lev  
Okay, so Ivan, you’re up first as our VIP cast member and apparently star of the show. So, tell us about Intelisys and what you do for them.

Ivan Paynter    
You know, the answer would be as little as possible. But that’s not true, unfortunately. So, I’m the National Cybersecurity Specialist, and you guys make me feel really crazy. My ego probably can’t even leave this room anymore, which is probably a good thing because I really like to keep that in check. I’m honored to be here. My function at Intelisys is really to more or less matchmake. I have a lot of partners and I have a lot of suppliers. It’s always the right supplier for the correct solution for that particular client. And I like to have ownership. That is my client, right? So yes, it’s my partner’s, but it’s mine. I want to take ownership of it. And we work the process all the way through to make sure that there’s no bumps in the road, and they get the best security possible. It’s my job, and I have a lot of fun doing it. I love what I do. 

Lauren Lev  
I don’t doubt it. Okay, Tanja, you’re up. So, this is your first time here. So introduce yourself to our audience, and what you do as Manager for Technical Sales for ConnectWise.

Tanja Omeragic  
Thank you, Lauren. So ConnectWise, many of us have heard obviously of ConnectWise, we are in the business of helping solution providers ultimately, right? That is with different solutions. But that also is with enablement, through programs such as IT nations as a brand that we have. So there’s different peer groups, there’s different things that we do around IT nations. But my part, and the one thing that I’m very excited about is that I basically manage the North American cybersecurity pillar for sales engineering, or solutions engineering, depending on what you call it. So, all those really smart people that talk about various cyber products, and how to implement them and the use cases and the reporting capabilities. All those smart guys, they report up to me and I have a phenomenal team that I couldn’t be more proud of. So, that’s what I do at connect wise. The typical other question that people ask me is how I got into cybersecurity. And for me, personally, it was a little bit different than most. And in order to talk about my journey, I always say, hey, let’s rewind back. Let’s talk about my senior year of high school, where you’re trying to find yourself just like most people. Well, at that point, I was already accepted at the University of Tampa, so I knew where I was going, but I wasn’t quite sure of what I wanted to study. Now, I was always curious. I always had a curious mind when it came to technology. So I told my parents, hey, I want to study IT. And I was like, super excited about it, but their reaction was a little bit different than I expected. They sat me down and said, Tanja, this is not a career for a woman, you would be probably better suited to study some sort of business, go into the business field. So what did I do? I did everything that a typical good daughter would do. I studied international business and then I entered the workforce. And I worked for many, many reputable organizations. And not just in the US, but also internationally, more specific, in Germany. So, I’ve spent a few years in Germany as well. And while I was really good at what I was doing, somehow, it didn’t fulfill me. And so many, many years later, my husband and I decided to start a family. So now we’re fast forwarding. And while I was pregnant with my daughter, I decided something. I just decided that with so many cyber predators out there, I needed to be able to protect her. And it was that, I guess, motherly instinct in me, right. And so, when my daughter was three months old, I decided to enroll back in college. Once again, while being a full time stay at home mom, I was back in college again, right? And so, the feedback that I got from people is, It’ll take you forever to finish. You know, they said other comments too and I just smiled and nodded my head. And I continued, you know, on my journey. And so, I graduated with my cyber degree. And so, I always say, especially for cast members like we have today that are very passionate about cyber security, we are all here for a reason, because we are determined to protect someone from those cyber predators. And it might be as simple as protecting the ones we love, maybe ourselves, like our organizations, or our end customers, and that was my journey into cybersecurity that I’m typically very passionate about. And I love talking about that.

Lauren Lev   
All right, well, that’s gonna be a hard act to follow. But Andrew, tell our audience about your role at Cisco.

Andrew Griffin    
Yeah. So thanks for having me back. It’s always a pleasure. I know I’m trying to catch up to Ivan, you know, fulfillment role here, being this my second episode that I’m appearing on. But my name is Andrew Griffin, I’m a Technical Solution Specialist with 35 years of combined experience. And I hope that I just grabbed your attention there. Because in the last episode, we were talking about how many licks does it take to get to the center of a Tootsie Roll Pop and I dated myself a little bit. So, if you weren’t paying attention, you’re paying attention now. But I like to give the name that I have for my role at Cisco as a solution provider, right? We help provide solutions for businesses that either realize they have a problem or don’t realize that they have a problem, because we help them understand the benefit of taking cybersecurity at the top of their list. Right. And from a technical standpoint, I’m the guy at Cisco to do that. And we work with awesome partners, such as here to help provide that assistance.

Lauren Lev 
Great to have you, Andrew. Lastly, we’ll have Blair, introduce yourself and explain how Webroot fits into the conversation about EDR and endpoint security.

Blair Swartz   
Thanks, Lauren. My name is Blair Swartz. And like Lauren mentioned, I’m the Channel Account Manager at Webroot. And I also manage the ConnectWise partnership at Webroot. So, I always have to throw ConnectWise props because our relationship with them is so closely knit. And I think it’s very well aligned to both of our visions of really how security has become so central to an MSP success. And I think our various integrations surely reflect that. So, for those who are unfamiliar with Webroot, what we do is we deliver cloud based endpoint security, network security, security awareness training and threat intelligence services all in a multi-tenant console. I’m actually really excited to talk about a new service that we just launched called Webroot MDR. And that’s what really starts to drive the conversation of a detection and a response solution. So, what are MSPs looking for? Well, they’re looking for more information on when a threat hit the network. What is that threat doing? Is it spreading laterally? Is it a man in the middle attack? You know, what’s happening in the environment, other than just an alert saying, hey, something, something’s happening here, you need to check on it. And that’s where our MDR solution is filling that gap. What’s that doing is a 24/7 security operations center team is actively monitoring those threats, and responding to those threads according to the playbook that you set up with that team. What’s really cool about this team is that it’s a group of former NSA, Cybersecurity Analysts. So, that’s who you want threat-hunting. That’s who you want looking after your network. So, I know that was an extended response, Lauren, but in a nutshell, that’s what we’re doing at Webroot to help support the MSP community, and fill in gaps that many endpoint solutions have, right? Like not all endpoint solutions are 100%. You need real time detection and response tools to monitor threats that go beyond basic, basic things that an endpoint security solution wouldn’t catch.

Lauren Lev   
Okay, well, thank all of you for being here today. And let’s get into it. So, this topic is number six on our TOPcyber21 best security practices matrix. Matt, can you explain to the audience why we chose to rank EDR and endpoint security number six on the list? 

Matt Tankersley    
Well, that’s a great ask, Lauren, thanks. Let me, let me just say this really quickly, because we use the term MSP quite a bit today. And I think everybody on this call knows real well what that means, but a lot of our viewing audience is typically going to be our end clients and you know, our prospects, right? And what you guys need to know is that as managed service providers, which is what MSP stands for, right? We have this huge portfolio of partners behind us. That’s in fact what enables this entire series that we’re watching, “Who’s In Your Cloud?”, right? And so, it’s not just because Lauren or myself or really smart folks, like Ivan and the rest of the guys in this room and gals, we couldn’t do this without our MSP partners. And so, just remember, if you’re hearing that term, that’s what they’re doing is they’re talking about us. And when they’re talking about us, they’re talking about you. So, Lauren, let me jump in real quick and answer that question, right. Last week, we transitioned beyond the factors of cyber risks, the number one factor of cyber risk, right, being our end users. We spent four weeks talking about that. And we took the next logical step into device operating system patches and updates, right? So moving on up the stack, right, we talked about end users. Now let’s talk about the operating system on the device. And now, it’s only fitting that endpoint protection that sits on top of the OS is our next stop, right? So as usual, we’re going to take today’s conversation, get some panel input on first, the topic, what is endpoint detection? What is EDR? What are the statistics and trends that make this such a critical measure; a non optional element of a cyber defense stack for clients, right? And then, you know, we’ll come back in our second round, and we’ll discuss recommendations, and of course, each of our visiting solution partners’ specific value and their role in securing endpoints. So as usual, let’s kick it over to returning VIP cast member, Ivan Paynter. Endpoint security/EDR, go!

Ivan Paynter    
Hey guys. Awesome. Thank you. So, let’s talk about what an EDR is, first and foremost, right? Because I love the fact that we use so many acronyms every single day, and we lose so many people. At the end of the day, an EDR is an endpoint detection and response, right? For me, the most important part about that EDR is that R. What are we doing for that R, right? That is the response. So back in the day, when I first started in my journey into cybersecurity, we had a V. When I first started this thing, I’m looking up at the ceiling going well, that’s audio visual, and what are we talking about here, but it’s not, it’s antivirus, right? If you take antivirus and understand it holistically, it is just a hash value that is understood by that piece of software. Because if I see this, I should take this action. And that’s it. And you will get an update on a periodic basis. And that’s all it was. Now, we’ve taken it to the next level where it’s more intelligent. So we’re bringing in resources, we’re allowing you to traverse the internet and ask questions, per se. So, imagine if you had a machine that was smart enough to go, Hey, I don’t know what this is. Do you guys know what this is? Have you seen this before? Oh, you see it over here? Okay, great. So, I’ll let this through. Oh, wait, well, I won’t let it through. That’s a more intelligent antivirus. Right. So, the next generation and we’ll go beyond that R, DR, I understand very soon. But at the end of the day, the other side of that is the R the response. What is it doing as a response? Are you doing a TCP reset? are you shutting down the device, are you taking it off the internet that R is very important as to the remediation value of what is going, what has occurred, or what is about to occur, that it has detected. So, it’s going to eliminate the amount of false positives, it’s going to eliminate the amount of noise, but it’s also going to elevate what we’re seeing on the internet or what it’s seeing as an endpoint. Also, it’s also going to identify what that user is doing. Because we give a lot of trust to that user. But, sometimes a user goes a little bit overboard and does some things nefariously that they shouldn’t be doing. Right. So, it’s a snitch? Yeah. Is it a value-added prop? Absolutely. But it gives us so much more than just antivirus. So, that’s really a good opening summary of what it is. To me, there are so many great EDRs that are out there. What we have to keep in mind is, you know, what are we doing with that data once we have it. So, the EDR is very important. But, we also need to make sure that we utilize that information. We look at that information, we process that information, so we can take value added steps moving forward. I think that’s the first thing we need to look at.

Lauren Lev  
That’s a good analogy to EDR as being or EDR and endpoint security is being the snitch on endpoint users. I like that. 

Ivan Paynter   
There you go. 

Lauren Lev  
Always with the one liners, Ivan.

Ivan Paynter  
You guys are getting way too much credit. So-

Matt Tankersley   
You did say don’t click stuff one time, yeah?

Ivan Paynter   
Yeah, well, but you know what? I don’t have to because I told them all before. The guy with a button here. I don’t know if you can read it, but it says don’t click on… You won’t let me say that last word, so I won’t. At the end of the day, it’s very important that we all understand where we’re going and how we’re getting there. Right. And that’s part of traversing the internet.

Lauren Lev   
So, let’s take it over to our other cast members today. And we’ll go ladies first. So Tanja, how critical is endpoint security and EDR in the cybersecurity stack, and discuss the evolution of EPS to EDR.

Tanja Omeragic  
That is a great question, Lauren. If we look at the layered security approach, which is something that we typically hear at ConnectWise preach about very heavily, right? Partners and customers sometimes even have an impression that I can have a couple of tools in my tool belt and that it is enough. However, EDR is just one layer. So, it is one piece in your tool belt that you’re going to be working with. And Ivan did a wonderful job at explaining the evolution of EDR solutions, right? First, it started with the signature checkers that looked for the changes in the file system were applications, right? I always say, hey, originally, we looked at the known knowns, right? Because that’s what it ultimately was, then the next gen AV appeared. So, then the code was analyzed against a set of rules. At that point, I always say we’re looking up against the known unknown, right. And then EDR evolved to the response, to the fact that antivirus and all those other descendants that we saw, are never going to be able to prevent every cyber attack. So, an EDR solution is there to really create awareness around the unknown- unknown, right. And so, maybe some people that are listening to our conversation here are going to see a couple of hints with my correlations here. I’m not going to give away who’s actually mentioned known- known, known-unknown and unknown-unknown, but hey, it’s a little bit of a hint for people to look it up. But ultimately, you need to have something like that in place, an EDR solution, right? There’s too many things that are happening in today’s threat landscape. And cybercrime is occurring at unprecedented levels. And so, hardly a week goes by that the news doesn’t carry a story of a large organization falling victim to whether it is information theft, or network intrusion, or other forms of cyberattacks. And so, the methods used to defend organizations against these threats, they must evolve and change constantly, right? So, it’s not your set-and-forget tool set. It is not a couple of pieces in your tool belt. And so, many of these methods originally relied on for a year that we relied on for four years are no longer sufficient. And I’m an evangelist myself around cybersecurity. I like to educate partners and customers, even home users on the importance of cybersecurity, because it starts with all of us. But, some of the challenges that I have personally seen is that for smaller businesses, they are in this illusion that cyber security, they’re not going to fall victim of it. Like what do I have that the bad guy would want, right. And that is not the reality, there is so much more at stake, especially if you’re a smaller organization, and you need to make sure that you’re allocating your security budgets accordingly. And I think that’s something that ConnectWise does a wonderful job on, especially when it comes to our partner community. We take enterprise grade solutions, we couple them with SOC services, and we bring that to our partners to be able to bring to their end customers. So, now we’re talking about these high-end enterprise grade level solutions that is now readily available to the SMB market, thanks to ConnectWise.

Matt Tankersley   
You know, Lauren, I thought of a couple things while you were talking there Tanja, and one of those is just a little bit of a lightbulb moment, right? We’re familiar with professional organizations like accountants and lawyers having to do continuing education, and engineers they’ve got to do it once or twice a year. And it just dawns on me that continuing education in cybersecurity is a day-by-day, hour-by-hour thing. We are constantly learning, we do not have a choice. And we’re constantly getting updates. And we’re constantly monitoring threat intelligence. And of course, the endpoint is such a critical entry point that we talk about. And you know, we talked about how important this is for SMBs. We talked about the origin of this campaign being having SMB clients that were refusing to adopt best security practices, and we decided, hey, let’s put this educational series together. And it made me think of one announcement I saw literally just this morning that there was a compromise of FBI email servers. Yeah, literally. So, if you don’t, if you don’t think you’re capable of being compromised- Trust me if the FBI’s email servers can be compromised, you can be compromised. And you said something, we say it every episode, SMB people, small businesses, you guys think that you’re important, your information is not important. It’s important to you. And the guys who made an industry out of this thing know that and they’re gonna seize it where you can’t operate your business until you give them money. Right? Every one of us is vulnerable. It’s not a matter of if, but when. And so fun, fabulous intro there, Tanja, to what you guys are doing and the approach to the evolution of the marketplace. I didn’t mean to cut you off there, Lauren, let’s keep passing it around the room.

Lauren Lev   
So, Andrew, talk about endpoint security and EDR and its role in ensuring secure, reliable, trusted technology.

Andrew Griffin  
Yeah, absolutely. So, you know, I think, again, you know, what Tanja was saying was, you know, this layered approach to security, because, you know, just having a single kind of pane security for businesses just isn’t cutting it anymore. It’s just not unfortunately, you know, just like Matt was saying, I mean, if an FBI server can get compromise, what’s to say that, you know, the malicious power that these bad actors are using- Why can they not just shift that to focus on the FBI to test something out on your organization, right? I mean, it’s just something so simple that really destroys the SMB market. I mean, you know, if an attack happened, the recovery rate is slim. Right? So, that’s really where, you know, Cisco’s really providing, you know, this kind of hybrid antivirus solution. Where yes, we’re gonna protect you from, you know, any of these attacks, right? Signatures, you know, anything that it can detect, you know, based on Cisco power of snort, you know, minor attacks and techniques, but it also gives you the visibility into how it happened, right? Because it can go ahead and protect you all day. And I think, you know, that’s, any of our products that we’re talking about today can protect you, right? But it’s giving you that threat intelligence into how it got into your organization, right? So for example, you know, something, let’s say someone downloaded a file 30 days ago, and it was just waiting, right? 20 days later, it decided to reach out to another domain and that activated it, right? I mean, having that kind of intelligence, enables you to go ahead and dig deeper, and know how to protect your business further from that happening again. You know, there’s other techniques that are in use to where, okay, you have this product, you know, our secure endpoint products installed on these devices, but there’s unmanaged devices that come onto a network, right? I mean, every business has a BYOD network at this point, it can also show that, okay, hey, this file was downloaded. And then it was also sent an email over to this unmanaged device. Now we know it’s not unmanaged, so the device is probably compromised. But, having that intelligence at your fingertips allows you to go ahead and have the visibility to check that out. Otherwise, you would never know. And, you know, again, this is regardless of what network it connects to, because, of course, you know, we all want to say, hey, like, my network is secure, you know, that’s the castle that I developed. But you know, these managed devices are not just connecting to that network. And that’s just, you know, the unfortunate truth around it. And, you know, there’s other services, you know, threat intelligence agencies where, you know, okay, your team may be super busy, especially in this SMB market, there’s never teams that are like two or three people, they don’t have a lot of manpower to really sit there and dig deep. See, there’s other services out there that we offer with, you know, threat intelligence, where they go into your environment, and they write a deep, detailed report and send it to you to get that information right there. Which is just really nice. So, yeah, it’s just, you know, taking that initiative again, how do you know what you don’t know? Right? That’s what it always comes back to. And it’s, you know, just even what Matt said, right, making that light bulb go off, you just, it’s nice, because I joke and say that the products that we offer have a secret layer eight capability for network admins. And that’s swear filtering and the swear filtering is that for a network admin, instead of having them say, oh, you know, it filters and it says, Oh, nice, we’re protected, right? It’s just having that, you know, confidence of security for your business based on the products that we’re all talking about here. It’s just taking your business to the next level, which is where it should be. 

Matt Tankersley   
You know, Lauren, I’ve heard everybody talk about, you know, the lateral movement of these malwares and the different directions that they’ll go and how do we assess that, and I’m looking forward to hearing what you’ve got going on at Webroot. I’ll be honest with you, I did go through the Cisco four, I think was a four or six hour class recently, where you guys showed exactly how you can see every element on the network and visually see the origin points, the origin dates and times and where it went vertically or laterally or horizontally or whatever you get into the environment, and then how you’re effectively able to shut that down where it’s at. Right? It’s good stuff. And so hopefully, that’s a good segue for Blair here from wherever he can talk about what’s coming down the pipe, but I think, I don’t know if we’re there yet. Right? We’re going to talk about specific solutions and we’re mixing it up which is perfect, but I guess Blair, just really tell us, why is this such an important topic? Right? And, you know, obviously you guys are moving your technology forward to address it because it’s constantly evolving.

Blair Swartz  
Yeah, it’s- you said it best Matt. The threat landscape is constantly changing. And as security vendors, we have to keep up and we have to adapt. With our MDR solutions, similarly to what Andrew was saying, we have the ability, availability to look at a platform and see every IoT devices on that network. Right? Whether it’s your son’s Xbox that’s in your home network or your list of endpoints in your office, the ability for a security operation center team to either isolate, or remediate, or shut down a machine that they’re seeing suspicious activity of, is super important. But, I actually want to go back to what Tanja was saying about a layered security approach. And I love that our community is really taking that and running with it, because it’s important. You know, it takes a resilient strategy and a layered approach to, to protect against all these APT’s right? The analogy I like to use is, this is your house, whether you’re the MSP or the end user, and you build up all of these different layers, right? You have your firewall, your endpoint service, your DNS service, some sort of awareness training, to train your end users, right? Because at the end of the day, Matt, the end user is truly the most vulnerable to a cyber threat, right? That’s what’s providing these little gaps in your environment. One, giving them the ability to surf the internet on a browser, that’s a bad neighborhood. We don’t want them in that neighborhood. Two, the ability to have them send out emails, again, is another gap that needs to be filled. So, what’s Webroot doing to protect that gap? Well, we’re using sophisticated threat intelligence services. And that’s going to range from file knowledge, script awareness and behavioral analysis. And so essentially, the Webroot agent is, it’s going to make security decisions, right, and reactions automatically. That’s what our platform was designed to do, really, from inception was to accommodate this automated response with little action that’s needed by a threat response team or tech. Now, filling more into the detection and response piece with MDR, the ability to see those threats that are getting past an endpoint product, right? And you mentioned, how are those scaling, are they scaling laterally? The end user and the MSP, like yourself, needs to be able to visualize that. Not just say, hey, our agent saw something. It’s all good, right? You need to be able to visualize that attack, that timeline and adjust accordingly. That’s really all I have as far as what’s new with Webroot. But I can’t hit home enough how important it is to provide some sort of awareness training to the end users. And that’s really the frontline in helping reduce breaches and infections. And it’s also going to meet certain compliance objectives. So, what are we focusing on at Webroot? Well, we’re integrating our awareness training into the solution that we have. And we’re automating it, we’re making it easy to use for the MSP. But for the end user, we’re making the content fun, digestible, and very efficient. So Matt, before I worked in cybersecurity, I was at a different corporate company for many years. And we were required to do awareness training that would take like one and a half to two hours, right? And me being the employee that I was, I just didn’t have time to do it. So, I blew it off. Right? And that’s why I think, episodic content and micro learning content that’s four to five minutes in length, but really drives home the content that you, the MSP, is trying to deliver and the end user is looking to be trained on is super important. I’m going to push it back over to you Matt and see what other questions I can answer if Andrew and Tanja have anything to add to that. Or Ivan. Sorry, Ivan. I know you’re our VIP.

Matt Tankersley  
Let me plant a seed for all of us. And, Lauren lets just keep kicking this thing around the room because I think we’ve accomplished our two things already, right? So, let’s just have this organic conversation one of the light bulbs I had, it seems to be a light bulb kind of day is you used a statistic, but really based on IoT, right, which a lot of people listening to this might not think, well, that doesn’t have anything to do with my endpoint, right? That’s not my laptop. That’s not my computer. That’s not what I’m responsible for. I remember in one of our other conversations, because you said, the Xbox at home, on the home network, and Ivan said, hey, if I’m going to come in the door, I’m going to come in the back door, and it’s going to be through your TV. Well, it dawned on me, that light bulb just went off, that TV is an IoT device. Just like, I think it was Patrick that said he had something on his lawn mower. His lawn mower literally had IoT capabilities built into it. So you could run analysis from anywhere, any device, right? So, we tend to think about endpoint security being our computer, our laptop, and maybe our tablet or mobile device. But, I really am glad that we brought up the topic of IoT today. And, Ivan, I mean, I use one of your quotes, I think there a moment, come on back with it. And let’s follow up with what these guys have said.

Ivan Paynter  
You know, Matt I think you just, you just tripped over into XDR. And I’m going to keep it right back with EDR. I like the fact that, first of all, we’re talking about user education. And I don’t think we can give enough about user education at all. That user is the primary point that is the human firewall, hopefully I can, I can coin that one day. But the EDR itself is also part of that experience, right? Because it’s going to see things that we can’t. Now at the same time, that lawn mower, we’re not going to be able to put, you know, AV on or an XDR on or an MDR on, we’re going to have to let it freewheel. That being the case, we’re going to pull that information into someplace else. Look, at the end of the day, there’s the other thing that we’re bringing in is BYON in and that’s the network, right? So, it’s not just somebody else’s device. But now, my device might be secured, but Johnny’s upstairs playing Xbox, and he just downloaded something that’s infiltrating my entire environment. Now, it’s also going to try to get into my device because it’s in my network. So, at the end of the day, that EDR is our frontline. Those are the Marines going in, and putting up that frontline defense and letting you know what it’s seeing. We gently talked about zero days, and now we don’t have zero days, we have zero hours. That piece of malware that we’ve never seen before. That piece of malware that’s a minute old. Okay, so we don’t know what to do with it. We don’t even know what it is. At the end of the day, that EDR is going to have enough intelligence to go, I don’t know what this is. Let’s put up a forefront. It’s going to question other EDR. It’s going to question other endpoints. It’s going to question other MDR. So identify, do you guys know what the heck this is? And what should I do with it? Should I let it go through? Should I stop it? That’s part of the intelligence behind that EDR. That’s why it’s so important to have that reaction. Now, to me, the most important thing that we can do besides that EDR is to have something else behind it. That R is very hard for it to do by itself. You know, I really believe that you need to gather more information. I know I’m going towards that  XDR again. But, you also need to have that MDR as well. Right? So, a lot of acronyms here, but that manage detection and response is going to collect additional information and amalgamate it all together and really make a solid decision to boil down all the events into a workable alarm. At the end of the day, if we just take action on that one thing, we’re not really sure what’s going on. That zero day, that zero hour- Okay, time’s short, I know. We’ve got to continue to really focus on I see you looking down, it’s like okay, well, he’s talking a lot. Yeah, mine was going off, too. We’ve got to really pay attention to what’s coming inbound from every single source. And we have to rely on the equipment that we have there. But no matter what, that human element is really important. So it just can’t be from, you know, trusting that software or trusting the hardware, we’ve got to put a human eye behind the information that’s coming in and gather as much information as we can at that time.

Tanja Omeragic   
Ivan, that was a really great point. And I think you opened the door to also have conversations a little bit around some solutions, which I’m very passionate about as well. And so we can get into maybe some future sessions around some solution. I’m being a little suggestive here. But, that’s also something that we have been evangelizing here at Connect wise, right? The importance of a SIM solution. And so there’s typically a misconception. People think, Well, I have a SIM solution. I’m collecting all these logs, all these events, everything that’s happening on my home network from all these devices, from these cloud apps, from the switches, from the router, from this, from that, you know, left and right, up and down. And then they’re like, all right, How does a SIM now remediate? Well, the SIM doesn’t remediate. And that is such a misconception, I think, in the SMB community that we should probably address in the future as well as a great topic. And I see Ivan is very passionate about that. But once again, going back to the conversation about the layered security approach, right, you need to have multiple tools in your tool belt. And so yes, you’re gonna have the security awareness training, always low hanging fruit, you need to educate your end customers or your end users, right? They’re in the front line. They’re out there getting those emails about, you know, the prince sending me a million dollars. By the way, I did get one of those this morning to my personal email address. And I went over to my husband and I said, Babe, we’re rich, we can stop working now. A little joke. But yeah, it really starts with those people. I always say sitting in the seats, the butts in the seats that are out there, clicking on things and getting click happy. And so, Ivan, you need to hold up your little button there as a little bit of a reminder to our listeners to stop just clicking on everything that’s out there. Right. There we go. There we go. And so, how do we do that? We educate them, we have the tools in place, and then we connect everything into a SIM solution. So that, we have visibility and we are able to correlate the data. Not just on what’s on the endpoints or the servers or the mobile devices, but across the whole network.

Ivan Paynter    
No, I totally agree with you. And I want to say one more thing. I know the other two are biting at the chop. We need to slow down, right? Everybody is moving so fast that we click, click, click. No, no, no, slow down. Understand what you’re doing, pay attention, and then move forward. Right? That’s part of the problem.

Matt Tankersley   
You know what’s amazing, Lauren, and I know that you might say that you’re in your infancy in the IT industry. You’ve been at this for a little over a year now, right? We’ve done a lot in a year. Now the reality is, this is our seventh episode. It’s called episode six, because we have episode zero, right? We’re in the seventh episode, and we don’t have a single episode, where this topic doesn’t come up that this is a multi-layered thing. This is the origin of the TOPcyber21. This is why we’re breaking down these conversations because it’s impossible to have the entire conversation in one sitting, much less a single topic, we can’t even talk about EDR without jumping into XDR and MDR, and so forth. So, one, guys, thanks for validating. That’s the whole reason why we’re here and why we created this series. Right? So, Andrew, any thoughts on what you’ve heard there? And then Blair will try to kick back over to you. Maybe it’s just an internet thing and it’s breaking up your packets.

Andrew Griffin   
Yeah, I love what Tanja and Ivan are saying, especially around the whole misconception, because I know we’re focusing a lot about the end users when we’re talking about, you know, we need to educate them. But you know, we also need to educate the people in charge, right? The network administrators, I mean, they’re juggling, you know, five or six solutions, and they may only have an idea of what they do, right? Like, a huge misconception that people have is, Oh, I have email security, so I don’t need to worry about phishing. Like, well, what happens if a phishing email gets passed there? Then what, right? What if they download a file, and then it sits there, and then you know, again, the lateral move, it activates something or it reaches out to something malicious, and then it’s over. Right? So, educating them and, you know, I’m sure all, I know all of our products offer this. Like Cisco offers, you know, monthly webinars, right? To make sure you’re getting the best out of your product, but it’s just educating the network administrators, because honestly, some of our products here probably cover maybe what, like six or seven products that a lot of network administrators use, right? So, why not have the same protection offered with the smaller amount of management of products and just have that available to you, so you don’t have to keep juggling all these products here and there. It just comes to education just over and over. And then a layered solution. I just can’t agree with that more. It’s really just, you know, having the threat hunting available, like yes, this has gotten to my network somehow. Yes, it was blocked. But you know, to go ahead and have a product that tells you how, and how to block it moving forward, just makes it 10 times that much better. I mean, you know, the examples given where, you know, the TV and stuff. I mean, two years ago, I think, or 2018, when smart refrigerators were coming out, there were some vulnerabilities of devices. And you know, these businesses have these smart refrigerators or they have these smart microwaves and people don’t think about that, but those are prone products that go ahead and have crypto mining installed on them. No one’s ever gonna check it. No one’s ever going to second guess that and they’re there and they will go there and be there undetected. Because there’s just no product that’s reaching out or, or even thinking about trying to scam that kind of stuff. So, you know, again, having the ability to see what you don’t know, is what it’s really all about in the security product environment.

Ivan Paynter    
So, that’s that attack vector that I just love so much, you know. Everybody wants to look at the firewall or, you know, Andrew, you brought it up too. It’s like, we’re looking at, you know, we’ve got something watching our email. Great, you know, guess what, who else has teams? Or who else is receiving files outside of email, right? So, now we’ve got data coming in, that’s not being monitored? Well, the endpoint is going to take care of that. Right? So, but I think, hopefully, cross fingers that we all are utilizing multiple layers, right. Just like we have, you know, multi-factor authentication? Well, we better have more than one thing involved when it comes to security. I absolutely believe in having a SIM. I absolutely believe in having an EDR, but I believe in even going forward. You just talked about scanning an environment, man, if we’re not scanning that environment every single week, or if not more than just like you said, we’re totally missing it. Because I’m coming into that backdoor. I’m looking for that one device that’s got that SSID that’s sitting there. I’m here. And I’m thankful for Google, because it’s going to tell me what the default user and passes for that device is. And Bob’s your uncle, I’m in. Okay. So, yeah, we’ve got to use multiple layers. And we’ve got to think about what we’re doing and how we’re securing all of it.

Tanja Omeragic   
And visibility becomes a really important piece as well. Right? And so, while it’s great to have all these pieces in place, right? Visibility, and knowing what’s happening is your key. That is how you’re going to know that there is something going on in your network that probably shouldn’t be. And that way you have the SOC on your side to make that decision on what to do next, right? Is it a false positive? Or-

Blair Swartz 
You know, to that point, the ability to see what’s happening on the network, this really ties into a call I had with a customer who’s using our Webroot MDR agent. And we, our sock team kept getting an alert from some IoT device in his network. And it ended up being his son’s Xbox. His son had jailbroken the Xbox so that he could download games. And you know, I don’t put it past him. When I was a kid that age, I was doing the same thing, right? I was using torrent websites to get music. I was doing this and that. And it just goes to show like Tanja mentioned, the ability to visualize your network and truly see what’s happening on that timeline is super important.

Matt Tankersley   
You know, we’ve reached the top of the hour. And so, I think we maybe want to give everybody a few final words, and then Lauren, you can close this out. And I’ll tell you, I’ve picked up so much for our upcoming topics, especially your BYOD. BYON bring your own network, we’re gonna have that conversation again in an episode coming up and all this conversation around IoT monitoring side of things. Obviously, monitoring is a big part of what we provide to our clients, and for all of these reasons and so much more. So Lauren, let me let you guide the last words around the conversation, you introduce who you want in the order that you want, and then we’ll let you close this out for today.

Lauren Lev 
Alright, Tanja, do you have anything else to add today?

Tanja Omeragic  
We’ve talked a lot about educating their end customers, right? And so, it’s important to educate end customers. But, one thing that I feel like we don’t talk about well as a community is educating also MSPs. And so, with that in mind, I want to give a shout out to ConnectWise and the cybersecurity partner program that we have started this year. For those that haven’t seen what it’s all about, I encourage you to go and do a little bit more reading about it. Because we are really trying to educate MSPs out there of what good security looks like and what they can do to protect their end customers much better.

Matt Tankersley    
Absolutely. Great, great points Tanja. And thanks for mentioning it, because I don’t know that we’d have the program that we have without what you guys have done for us. So, thank you very much for doing that. 

Tanja Omeragic    
Thank you. 

Matt Tankersley   
Okay, who’s next?

Lauren Lev  
All right, I’m going in reverse, Hollywood Squares. So, we have Andrew up next. What are your final thoughts?

Andrew Griffin   
Yeah, you know, I just can’t preach enough to just go back to that layered solution. I mean, you know, even with ConnectWise. Right, Cisco offers an awesome integration to just provide that layered approach of Cisco and ConnectWise to have that protection available for customers if they want to go ahead and take that route. Right? So, it’s just going back to educating users, educating yourself, having a layered approach, and having the visibility to see what is going on in your environment, whether it’s visible to you or not, so I just, I can’t stress that enough. And again, I can’t thank you guys for having me on the show again enough. And it’s been a pleasure speaking with all these amazingly smart people up here. It’s been an honor. 

Lauren Lev   
Alright, Blair, you’re up. 

Blair Swartz  
Okay, Matt, Lauren, thank you all for inviting me on the show. I’ll take any opportunity to speak to the MSP and the end user, because that’s the community I love. I know I’m not a VIP, like Ivan, I hope to make it to that status one day. But, you know, I just want to say I’m a, I’m a human being like everyone else and I make mistakes by clicking on things. So everyone’s human. But, you know, it all starts with educating the end user, and then taking a layered security approach. With that, thanks for having me. And anyone that’s watching this, feel free to give me a shout anytime to say hi, or to learn more about Webroot.

Matt Tankersley   
Yeah, absolutely. For all of our listeners, right. We provide free trials of these platforms every day. And so, if you’re hearing about something that strikes a nerve and it should, by the way, you just reach out to us. Obviously, we’ve got the free trial at WhosInYour.Cloud to check some things out. And Blair, I think that Lauren’s going to be reaching out to discuss our next episode after this one, which is DNS and filtering, DNS protection and filtering, right. And we use your platform quite a bit for that with our clients for that. So, we’d love to have you back for that episode as well. And that brings us, I think, Lauren to Ivan for final words.

Ivan Paynter   
Final words, first of all, thank you all. It’s been phenomenal, Matt, you know, I love doing this. And thank you, Lauren. Blair, I think you’re spot on. It’s about all of us working together, having that layered approach, really sharing information. The users are the empaths on protecting all of us, right? We have to be cognizant of what’s going on. Look, I wrote an article last week for a magazine, and one of the things that I said in there was we’re all just one click away from malfeasance. We don’t know what that link is. Please take some time, and pay attention to where you’re going. Don’t just click without understanding where that is leading you to. Everybody must pay attention. And then to say the same exact thing, the MSPs and everybody else needs to pay attention to our attack vectors. When you bring in that dog bowl that is IoT, it is just that it’s an attack vector. So, let’s pay attention. Let’s watch where we’re going. Let’s not drive around with our eyes closed or looking at our phone. Let’s really focus on what we’re doing on the internet, and let’s have some due diligence behind it. Matt and Lauren, thank you very much.

Matt Tankersley   
More than welcome, guys. Thank you so much. Lauren, we’ll keep the conversation alive. We’re in Episode 6 of 23. We got a long way to go and we’ve come a long way. So thanks, everyone. And Lauren, why don’t you tell folks how to plug in and wrap this up?

Lauren Lev  
Perfect. Well, thank you again to our entire cast for joining us and explaining why EDR and endpoint security is more important than ever for ensuring your work-from-home workforces endpoints are secure, reliable and trusted. As Matt mentioned previously, if you would like to start a free trial from any of our solution partners, send an email to . You can also sign up for our free cybersecurity assessment by visiting WhosInYour.Cloud today. So sending us off, I’m Lauren Lev, Marketing Manager for TechOnPurpose and I want to thank everybody for clicking in and subscribing and viewing our “Who’s In Your Cloud?” series. Remember, you can catch every episode including our first episode on security awareness training, which a lot of us spoke about today by following TechOnPurpose on LinkedIn, Facebook, YouTube, and Spotify. Or sign up for our blog to have episodes delivered straight to your inbox weekly at TechOnPurpose.net/blog. Thank you everyone for joining us and we will see you all next week!

Ready for your free cybersecurity survey? Discover potential vulnerabilities for your business and get a copy of our #TOPcyber21 Best Security Practices to help get you started on the road to #secure, reliable, trusted technology! Subscribe to our blog to get episodes of “Who’s In Your Cloud?” delivered direct to your inbox weekly.
Claim Your Free Cybersecurity Sruvey