B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 2 years ago

Building a Cybersecurity Framework

ABOUT THIS EPISODE

Even though 55% of North American organizations use more than 25 separate cybersecurity technologies, cyberattacks are still steadily increasing, according to the Enterprise Security Group. 

It’s clearly time to start taking a more holistic approach to cybersecurity. 

In this episode of B2B Tech Talk, Trend Micro program manager Lamon Gorman shares his insights on cybersecurity frameworks and enhanced detection and response. 

Here’s what we cover:  

  • Simplifying cybersecurity into a comprehensive framework 
  • How MSPs should be handling the new age of cybersecurity 
  • The value of XDR and why Trend Micro offers it over EDR  

Follow us on Twitter @IngramTechSol #B2BTechTalk 

Sponsored by D-Link and Ingram Micro Financial Solutions 

Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher. You can also listen on our website.

You're listening to be tob tech talkwith Ingram Micro, the place to learn about new technology and technological advances beforethey become mainstream. This podcast is sponsored by dealink. Technology make your homesmarter, safer and truly seamless. Let's get into it. Welcome to beto be tech talk with Ingram micro. I'm your host, carry Roberts,and our guest today is Leaman Gorman, the service provider Channel Program Manager,which trend my growth. Welcome a bond, so thrilled to have you here today. Thank you. Very excited to be here. So e SG researchshows that fifty five percent of organizations use more than twenty five individual cyber securitytechnologies and despite this, attacks are increasing and bypassing existing controls. It securityteams see more than tenzero security alerts daily...

...and, according to the Verizon,two thousand and eighteen data breach investigations report, the average time to identify a breachhas increased to one hundred ninety seven days, and containing that breach hasincreased to sixty nine days, which means at least criminals nearly nine months hidingin an organization and causing damage. Recently, on December, eighteen in two thousandand nineteen, a popular MSP tool was used to carry out a ransomwareattack. Can you speak to these stats as a whole and tell us moreabout this recent story? Sure, sure, yeah, these stats really, Ithink, demonstrate the difficult landscape MSPs must navigate to meet the security demandsand needs of their clients. Let's drill a little deeper and take a lookat the SG stat that showed, you know, over half of organizations havetwenty five different cyber security solutions in place. And, as you pointed out,you know why our attacks able to bypass all of these controls. Well, while all these solutions are in place,...

...oftentimes they're from different vendors. Butalso the key thing is threat data and intelligence is also tends to becollected in a silo and not shared across the solutions and protection points. Andfurther complicating matters for MSPs is the manageability and configuring aspects of each of allthese individual solutions. Again, MSPs have that responsibility, and so something assimple as a misconfiguration and policies, for example, could result in a breach. As it relates specifically to the December eighteen revelation, there I found thisone very interesting as a slightly different than what we've seen over the last twoyears or so. For most of two thousand and eighteen and nineteen, MSPsthemselves have been targets of attack and usually, when they're compromise, the bad actorswould execute attacks, leveraging stolen credentials, for example. But in this recentcase the attackers actually did not hack the MSP but instead leverage day verypopular and key tool that MSP's use,...

...and they use this tools to essentiallysecure a foothole into the network and further compromise other endpoints. Specifically for thisattack, we saw the attacker use this tool first to siphon off data remotelyand move it off site and then actually deploy ransomware to encrypt the data thatwas actually left on the machine. So this was kind of a turning pointfrom an attack perspective, in that they took data off the machine and thenencrypt it using in an MSP tool. Now there are a ton of acronymsin the security space. How do you break down cybersecurity so people can betterunderstand what it all means? Yeah, yeah, this is a tough one. Working in cyber security as you know, this so much technology involved, butif I had to simplify it, I would think I would say thatcybersecurity should be viewed as a framework and the objective of this framework is quitesimply to mitigate and to deal with risk.

The Nest, or National Institute ofStandards and Technology, actually released a cyber security framework to the public intwo thousand and fourteen. I think this was under planning since two thousand andfourteen, but the official document came out and eighteen, and this is agreat starting point for MSPs or those just interested in really breaking down the basicframework of cyber security. And this particular framework breaks down into five continuous functions. They're very simple. Identify, protect, detect, respond and recover. SoI definitely suggest the listeners just google the nest cybersecurity framework and I thinkthis will simplify all the acronyms and technologies for cybersecurity. Yeah, that's reallyhelpful. How does cybersecurity fit into the MSP space in your opinion? Yeah, I think traditionally, I would say a lot of MSPs viewed cyber securityis more of a checkbox service that they...

...were offering to their customers. Soit was like you know, yes, customer securities included this centiment. Greathas greatly changed over the last five years, and now MSP's really view cyber securityas a key business driver when they're looking to expand their mannic services footprint. However, one challenge that MSPs are running to as a result of thisold check box mentality, if you will, is that customers are really under theimpression that all of their cybersecurity needs are being met as part of theirexisting contracts with their MSPs, and so when an MSP really wants to increasecost as it relates to security, it can become a challenge in that theircustomers are under that assumption that everything's already included. And so for those MSPsthat are really having success, they've been able to really help their clients understandwhat is covered, what is not covered,...

...or are current agreements, and reallythat gap there is where the opportunity is for MSPs as relates to cybersecurity. MSPs are now hearing a lot these days about things like Ai, machinelearning, Dr Xtr and so forth, and it can feel overwhelming at times. Can you explain a little bit more in detail what Ed are and Xdrdo? And what they mean for MSPs. Sure, a, sure. So, yeah, we're back to some of the acronyms on the technology thid, but these are definitely some key buzz ones that we're hearing in the industryfor MSP's in particular. So let's take Dr First, or endpoint detection andresponse. Essentially, this is a technology that constantly monitors and records events onthe endpoint and records them into a centralized database where future analysis and investigation canbe conducted in the event of some type of breach, for example. Soyou can think of Edr as CCTV for...

...in points. So everything's being monitored. As a name implies, Edr is only really focus on the endpoints and, as we know, threats today are multifaceted and there are many vectors intoan organizations network beyond the endpoint, and so, because of this, Etris actually limited when you compare this to xdr. So xdr, in contrast, is about expanding the detection and response capabilities across email endpoint, the networkand cloud servers, for example. XDR is about collecting and recording data andevents from multiple sources and then applying analytics and correlation across this more complete dataset. By doing this, you know, something that was once benign when maybeviewed in isolation or in Asilo, becomes more meaningful and has more context, and so that's kind of, at...

...a high level, the difference betweenEdr and Xtr also real quick before we jump straight back into the episode today, we want to tell you about Ingram micro financial solutions and how you canmaximize your buying power and get to yes with your customers faster. For thelast nine years, Ingram micro has been channel pros reader's choice for best financingoptions. Put The power of our credit and leasing option to work for you. You can easily contact financial solutions at Ingram microcom. All right, let'sget back to the show. They do you have any xdr stories that youcan share with us? Sure, yeah, I think xtrs one of those conceptsit takes a little bit to wrap your head around, but let mesee if I can demonstrate the power of XDR. So let's take a ransomword detection scenario. In most cases this type of threat arrives a compromised email, and we just discussed what Edr is,...

...and while etr could be helpful duringthe investigation, it is limited because it's only looking at data once thethreat has actually hit the endpoint. XDR, on the other hand, since it'slooking at a broader set of data, would a would be able to helpanswer other questions as part of the investigation, such as who else atthe company receive this compromise email? has is email been opened by other employeesat this company or is it still sitting in their email box? What otherendpoints may be impacted? So he essentially, xdr helps MSP's answer questions such ashow to this happen, who else may be impacted, what occurred andwhat are the potential rests of the business? So xtr really gives MSPs more contextsand greater understanding as it relates to investigating and preventing future attacks. Yeah, that sounds extremely helpful. Can you...

...tell us a little bit more aboutwhat trend micro offers and does and where people can learn more information about whatwe talked about today or where they can connect with you? Sure? Sure. Yeah, trund micro has been a leader in the cyber security space forover thirty years and you know from my personal opinion, I think this reallyis a testament to our continuous innovation as we know the threat landscape is everchanging, every evolving and you know, every couple of days there's a newtechnology, and so I think us being here for thirty years is just atestament to that innovation. We have solutions through our portfolio that span the customersenvironment, no matter if we're talking about protecting endpoints, email, data centeror even more future focusing infrastructure such as cloud workloads, for example. Andthe beauty of our solutions is that they all talk to each other. Thisis a key piece in this industry today is really getting everything talking to eachother, everything connecting, and so in...

...the end the sum is greater thanthe parts, and so when we combine this with our channel centric program forour partners and resellers, this is really a recipe for opportunity and success.If you like to learn more about Trind Michaels Xtr story, you can visitus at trend microlcom forwards last XTR, but also, if you like toconnect with me personally, you could do so via linkedin. And the lastquestion we like to ask on this show is where do you see technology goingwithin the next year? Yeah, yeah, so, just for my personal view, for two thousand and twenty, I see deep fakes becoming more mainstreamin use in more nefarious ways. And deep fakes, for those maybe whoare unfamiliar with that term, are basically videos that are manipulated or created usingartificial intelligence and machine learning that makes them seem real but they're not. Andso we've seen examples of these and maybe...

...funny or I'm using examples of dfakes, usually after like political debates where, you know, a video comes outand the candidate is it looks like they're saying things that they probably didnot say during the actual debate. So they can be very amusing. ButI think for two thousand and twenty, you know, we're an election cycle, I suspect these videos will be used more to cause confusion and propagate alot of inform misinformation. There's that old saying, you know, belief halfof what you see and none of what you hear, and I think thisbecomes even more relivent in a world of deep fakes. Where can you reallybelieve now what you can see? So Dep fakes is something that I thinkwill become more mainstream in two thousand and twenty. Yeah, that's something thatno one's really brought up on the show before, but I think it's aan important one to be thinking about,...

...to be aware of, really makesure you're getting the right information from the right sources. Yeah, just havingconscious and awareness that these exists, I think, is a big first step. Taking two thousand and twenty yeah. Well, thank you so much forsharing your information and knowledge with us and we look forward to hearing more inthe future. Thanks for having me. Take care. If you like thisepisode or have a question, join the discussion on twitter at Ingram text soulwith the Hashtag be to be tech talk. Thank you for tuning in and subscribingto be to be tech talk with Ingram micro. You've been listening tobe tob tech talk with Ingram Micro, hosted by Carrie Roberts and sponsored bydealing technology. Be Tob tech talk is a joint production by sweetish media andIngram micro. Ingram micro production handled by Laura Burton and Christine Fan. Tonot miss an episode, subscribe today in your favorite podcast platform.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (357)