B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 3 months ago

The value of an integrated security system


Which scenario sounds more desirable: a window-shaker A/C unit tagged onto an outdated apartment building, or an integrated A/C system planned from conception? 

Incorporating more advanced solutions at the base level is, more often than not, superior to add-ons, and cybersecurity is no exception. Infrastructures of any kind should introduce security into the conversation as early as possible. 

Shelby Skrhak speaks with Will Berardelli, partner development specialist at VMware, about: 

- VMware’s approach to security integration

- The trouble with “bolted-on” security 

- The versatility of Carbon Black security solutions 

To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk 

Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify,Apple Podcasts or Stitcher. Or, tune in on our website.

You're listening to B two B Tech Talk with Ingram Micro, the place to learn about new technology and technological advances before they become mainstream. This podcast is sponsored by Ingram Micro's Imagine Next. It's not about the destination, it's about going someplace you never thought possible. Go to imagine next dot ingram micro dot com to find out more. Let's get into it. Welcome to B two B Tech Talk with Ingram Micro. I'm your host Shelby scart Talk and our guest today as will bear, a Deli Partners, development specialists for vm Ware. Well, welcome, Hey, thanks so much for having me on the show. Really excited absolutely Well, you know, today we are talking about how vm ware Carbon Black is helping modernize these security operations center a sock but like we can normally do. Let's let's get some context then, So we're talking about vm Ware's Carbon Black. Just tell us what what Carbon black is. Yeah, So Carbon Black was a company were originally founded in two thousand two, and one of our founders is actually working on a contract with the federal government and he was a really good ethical hackers name is Mike Scusco. And so during that time they contracted him, say hey, how can you get into our environment and do some ethical hacking. They wanted him to basically hack their environment to understand what gaps they had. And so what he quickly found was that he was able to get it, not only get into the environments, and when they did find him, they would kick him out, but he would use the same doors and the same exploits that they used previously to get right back in even though they were able to find him. In some cases they kick him out and he just kept right back in, kind of like a revolt revolving door. So they set out and they said, you know, how do we solve this problem? Right? How do we how do we create some sort of software to really develop and understand, you know, how to prevent this from happening. And so with that that's how really carbon black was started. It's come a long way. There's been a lot of different things that we've done since that time. But when the foundational components, that was the endpoint Detection and response piece or e d R, and we were the first company to come to market with an endpoint detection and response tool. And with that, what it does is basically it's a you know, an easy way to look at it as a security camera for your endpoint. So then they were able to really provide that context into how, why, what was happening and then kind of plug the holes from there, so they had you know, more visibility and the ability to actually you know, proactively threat hunt which is actually what we called the product for a while. It was cardon Black Threat Hunters, since been renamed to Enterprise e R. But that was really the start, and so since then we've really had a strong focus cardon Black specifically on endpoint security. How do we how protect end users devices, uh as well as you know, servers that are out there and stop you know, encryption attacks from happening. And it's it's been developed and there's a lot of things that have been added onto the solutions since then, but really that's been been the focus there, and that's the kind of the quick starting story there. Yeah. Yeah, well I like that analogy kind of like a security camera for your in point. And that's the thing I mean with the pandemic and COVID and everybody kind of working from from home, it used to be you could you know, you protect your area virtually with a virtual perimeter, I guess. But when the perimeter came a whole lot bigger, you know, I imagine that that kept some security professionals and UH and technology leaders up at night. So of course the Security Operations Center UH, you know, can can help to help to allay some of those fears and put a team together. But when we're looking at the context of modernizing that, you know, we hear the phrase that complexity is the enemy of security, but what does that mean really? Definitely yeah, And I think you started to address it there with talking about you know, some of the big shifts that we saw with the pandemic and COVID hitting and even before then, right, I think COVID really accelerated it. But when we started to see U is one of the some of the bigger trends where you...

...know, people working from home and the adoption of cloud technology and those two things go hand in hand. And so you know what that does is it creates It's difficult because a lot of times when you look at security, it's oftentimes bolted on and it's kind of an afterthought. And there's this graphic that I always think of. It's a cartoon image that's been out there for a while, but it's a system. Who's sitting at the kids table and some of the executives tap them on their shoulder and they say, hey, it's time for you to come, come eat dinner with us and move over to the big table. And that's really you know, we've seen that that that graphic is pretty old now, but as I always think about it, and it's just become more and more relevant. And so when we say complexity, we're talking about how the attack perimeter has really grown and shifted and right. And so that we started to see that adoption and you know a lot of security companies were already telling that story, Hey, like how are you protecting? And that was already a common problem before the pandemic of how are you protecting you know, cloud applications and how are you know with your employees having more accessibility to applications, how are you really secure that? And with security a lot of times being an afterthought is hey, let's build it first, Let's build the infrastructure, and then let's bolt it on. So that's that's really then, and that's where the complexity is created, is now, how do how do you go in and how do you secure all those different things, which has created a lot of different challenges. And you know, I think of a lot of times of an apartment complex where you know, I live in Boston and there's a lot of old houses that have been around for hundreds of years. And so when you walk by some of these, you see all these things that are just bolted on and added to them to make them, you know, adequate to the regulations that are that are happening. And so you'll see, you know, a fire escape that's been attached because they didn't originally install exits and now there's codes around building laws that you have to have that you see the air conditioners not being built in. When the houses were first built, they didn't have air conditions. Of course, hot summer you have to go and uh you have to go and during sea unit into the window. And so one of the things that pm ware is doing is really building that from the inside out. Right where you're building your infrastructure, whether it be on prem or cloud, we're able to add the security layer into that as we're building it out. So it's kind of like a one stop shop. Whereas you're expanding, you're growing that remote, remote workforce. You know, we're adding that security that piece into it as you're you're expanding. Yeah, well, let's talk about some of the security challenges that companies are facing. I mean, what are those if you're to enumerate some of those those key challenges, what are you typically seeing? Yeah, definitely, I think again with the work from home piece, people just needing to have access and COVID really accelerating that accessibility that that end users needed. Um And actually have a funny, funny quick story about not too long ago, I was working. It was Sunday night. It was we had a holiday weekend, so Monday we head off and so you know, I was out with some friends. We were having a great time. We rendered an airbnb out in Rhode Island and where having to blast and so we went out to dinner that night and we actually had one of the partners that I support reached out and I said, hey, well, there's this really to be your ransomware attack that's happening right now. And that's what we see a lot with with the bad guys, as they'll wait until you know, everybody's out of office a Sunday before holiday. They just know that that's when the less accessibility, and so at that moment, they said, hey, we need additional support from your team. Can you help? And I was like, yes, of course. And it was just one of these really cool moments where I kind of saw the full life cycle of bmware where I came in and I needed to get access to our salesforce and I needed to basically help them and kind of move this and get them the proper resources assigned. And I needed to do it from my cell phone. I was at the bar when I got the call. How do how do I help these guys? So we have with bm one, one of the amazing products Dat's works based one, and so it gives you this as a single sign on portal and we apply multi factor authentication to that too for for extra security parameters around that. But I was able to very quickly, you know, from a crowded bar in Rhode Island, you know, probably an hour drive back to the airbnb to get all the things that, you know, my laptop and all that,...

...was able to quickly get those resources assigned, and um, we ended up you know, helping that our our client at the time, go and defend against a live ransomware attack. But yeah, so that's that's a piece of you know, the just kind of the the expanident that people need accessibility to applications, they need them at weird time. You know, you need them at nine o'clock at night on a Sunday before a holiday. And so that's just one of the challenges though, is with security has always been you know, how do you create security inconvenience and security as a lot of times just inherently inconvenient. It doesn't have to be, but a lot of times it is, especially when you're bolting things on. And you know, one of the examples I use is, you know, just walking into your your apartment, in your house, if it's very easy for you to get in the front door if you don't lock it, it's also very easy for the bad guys. Again, and if you're not locking it enough either. So how do you how do you figure out a way to you know, have your keys on you and make sure that nobody's else is going to get those keys. And then applying that same fundamental principle to the cyber world. Um, and that's you know some of the things that we're addressing here. That is the I guess the age old conundrum there that you know, you need to be able to lock the door against the bad guys, and uh, you know one lock is good, two locks, three locks. You know, maybe you do a whole you know, a whole booby trap system for this, you know, this analogy of a house that we're talking about. But then what happens when the owners trying to get in there stepping through this and that? And I guess that's where either the you know, the laxity or are kind of the this idea that well, I'm sure it's fine, I'm sure nothing's going to happen. That that's probably the kiss of dev and yeah, it really is. And you know, in that that same analogy of the house, you know, with all these different users coming in with different devices and all the different services that are needed to protect people working from you know, tablet, cell phones, all those different points of accessibility, and the example of that house or that apartment you've now just opened up, you know, you have seven more doors to lock now, and how are how are you locking those doors? And you know it's it used to be, you know, maybe it was just one door that you have to lock, but now you have to make sure you know, before you go to bed at night. Everything is kind of kind of doing that. And it's I think a lot easier to apply that when you're you're building the infrastructure yourself. You know, it's in the comparison of that that apartment. I one of my friends lives in this really nice luxury apartment complex and Boston super jealous. It's it's it's lovely. But one of the things they did is when they were building it, they built the security, you know, the physical security of the apartment right into the right in there, so all the doors and little key codes. And it's so much easier to do that while you're building the infrastructure, to just add the security portions there, as opposed to then going back and saying, okay, we built the house. Now we have to find a locksmith. A locksmith's got to find the right locks that can fit the doors. We've got to make sure it's successful to all the employees. And again it being you know, sometimes after thought into the world that's very costly, right and um, it's it's very closely to look at security as an afterthought and a lot of times will we see we meet with customers, it's and sometimes unfortunate circumstances where they have suffered, you know, a serious attack, and uh, you know that's another challenge I think with security too, is it's not a revenue generating source for most companies, right security is you know, sometimes it's it's a sunk cost and so a lot of times when you're you know, different companies that are out there, they tend to not focus on because it's not gonna necessarily make the money. But if you do have it, it will see if your money in the long term once it's once it's there. So how does carbon black play into this? How how can carbon black help? Yeah, definitely, So I think going back to that analogy of when you're building that infrastructure, right A lot of infrastructure is being built with with bmware right now that you Cbmware and almost all the customers I speak they're using I think we have a share of the virtualization market right now. So as you're designing those virtual interest infrastructures, you know, protecting your your workloads and adding having carbon black as a part of that. So when you're building it and you're spending spending up these new bi nds, having harbon blacks and next generation anti vir security and the e R...

...components built right into that as you're spinning new instances as well as you know, if you're adopting more of the cloud philosophy and you're moving to you know, say a lot of folks are moving over to AWS through BMC, we can still protect applications that are running on on a d AWS. So that way, you know, say, uh, somebody gets projects and they need to spin up some new some new infrastructure, and they need to get some resources spun up for some new focus to join or start this project. When that I t administrators going through or whoever's tasks with building that with d M, where what you're able to do is actually have the security built in as you're spinning up that infrastructure. So whether it's on prem or in the cloud, you have that piece of mind that the security controls are already in place of place of that. So the communication of Harbon Blacks security information into you know, helping connect those security teams with those infrastructure teams to really you know, create that dynamic approach where they're both able to to go in and you know have that connective of hey, this is the data we're seeing from carbon Black, these are the vulnerabilities that are that are out there, and then adjusting Carbon blacks policies to help address those where you know, it's really helpful to just get that starting with this baseline assessment, going through, hey, what's most pertinent to us, what are the vulnerabilities that we need to fix right now, and then going in and once you have that understanding, Carbon Black has these very granular, customizable policies when within its console, and so it's really nice about that. Is one of the analogies they always give is, you know, when you're dialing a thermostat, you don't set your thermostat to low, medium or hot adjusted to the exact temperature that you want. So by doing those vulnerability assessments, by running some queries to understand, you know, where are we at right now, you're able to then synchronize the the I T teams that's focused on those vulnerabilities, help prioritize the ones that are most important, and then you can set your policies to to match those and create some some synergy between both of those teams. Where a lot of companies we do see, you know a little bit sometimes as the security team, what's one thing the I T team wants a different team, but you know, creating that synergy between both of them. And then lastly in that analogy too of that I look at this and when I picture it, I think of at a full circle here, because you know, security never stops and it's always repeating itself. Need to constantly apply it. But going into you know, first getting that vulnerability, first, getting that understanding of you know, things that you need to fix, setting the policies, and then going through and detecting and responding to those. And that really goes back to that foundational story of Carbon Black and their long history within the e ER market, where we're able to give such detailed context into how and why what's happening. We're able to provide unfiltered data, so you're able to see in a very easy way to digest the attack chains of what's happening within your environment. So you're no longer you no longer have to question, hey, how and why did this happen? How did they get in here? Right? You can go through, you can see it, you can isolate the incident, and then you can surgically remove it and then go back and repeat that full cycle. But making it very easy for everybody to understand respond. And when you do that, it eliminates so much downtime for end users where you know, we have to first find the attacker that's in there, we have to isolated, we have to figure it out, and then by the time they fix it, they're already back in by being able to you know, quarantine and surgically really remove what's happening, then they can and then update the policy so it doesn't happen again. They put them in a much much better position and really, really MENI gate a lot of risks there. Well, you mentioned the you know that unfiltered data for an Ingram micro partner or reseller that here's that that you know, for their customer that maybe needs help with this was setting all of this stuff up. You know, we know that we're stretched then as as much as possible. So, uh, you know, having that expertise maybe a challenge for some partners or resellers. How can vm ware help with that? Yeah, definitely. So there's a couple of different components. And so I talked earlier about how you know the fundamental design of the d R product and uh, you know, giving that full disability and so since then, one of the things that we've done is for customers,...

...you know, don't necessarily have a dedicated stock team that's already pre built out, we have software that's been designed to be a really easy replacement to what they're currently using for anti virus at the moment. And so that software also provides, uh, you know, advanced ransomware prevention. It's blocking you know, the known bad files that are out there. And with the ransomware prevention, what it does is it actually looks at how applications are behaving with one another. So it's sending this constant heartbeat up to the vm R Carbon Black cloud and we're looking and we're analyzing, Hey, this application is working with this application. And so what a lot of the tackers do right now is they will use a trusted application that they know is good. So we'll take Excel and Power shall are always two examples, and also in addition to that, Outlook as well to three very common applications between almost every company that we run into. But the good analogy here is somebody opens up a or a good example of this would be somebody opening up an Outlook email that has an Excel document attached to it and it's a it's a shan attack, but the end user doesn't know that the bad guys have used some form of social engineering and they're figuring out, how can we get this guy to click on this email and they send, you know, purchase order to a salesperson. Most salespeople are going to open up the purchase order, so that does happen, right, and they're a little bit click happy and they click into that that faulty purchase order. Would then do is then reach out to power shall another trusted, known good application. So a lot of legacy and anti viruses have a really difficult time blocking and detecting that because they are using trust applications. But with that constant heartbeat to the cloud, what we're able to do is understand, you know, how those applications should be behaving. When we detect that malicious behavior happening within the sequence of each other, then we're able to help apply help applied prevention there. So that's that goes into the ransomware prevention. But sorry, I kind of kind of tieered off there from your your original question. But what we've done with that unfiltered data is we've also added a tool into that tool we call now Carbon Black Standard to take the data that we would get from our enterprise our tool and make it really easy for end users to use. So that's the first option there is if you're first making that switch starting with kind of on a prall walk run approach, where you're starting with the more basic package that's out there cardon Black Standard. It's a really easy uplift. It's something that you already know and do with anti virus. However, you're getting those additional capabilities with that constant heartbeat. But then we have this DR tool that's pre built into Carbon Black Standard that it was built off of that original enterprise DR tool which has been called Carbon Black Response for cardon Black Threat Hunter, and it's designed to be much easier to use for smaller companies that are that are out there so they you know, don't have necessarily the resources are fully built out Sock team to do that. It's a very easy shift. Now the next portion, right you go into the group said, hey, maybe they do have a sock Maybe they have you know, somebody that's dedicated to security seven and that tool is super helpful for those people and helps them do their job and automates things for them and makes it makes their life a lot easier by giving that really granular context. And then for groups that want that tool that don't have the resources for it, there's a couple of different options to The first is cardon Black offers and managed Detection and Response service, So it's an extra set of eyes on class that are constantly reviewing your environment. They're able to go in if they see a bad behavior, they'll will go in. They'll actually have a lot of human there. So if it's Christmas Eve, you're with your family, something goes, why they go they quarantine. The endpoint for you, You come back in you're having your Monday morning cup of coffee and say, hey, we detected this suspicious behavior. This is you know what we found, this is what we think is happening. And then it opens up a two way chat with the cardon Black individual. And then the next option beyond that is using a full blown managed services security provider, which cardon Black partners with thousands that are out there. We have great relationships with our MSSP partners and so that's kind of um. Those groups are also able to help with things like micro segmentations sim each kind of has their own unique approach to the market, but depending on what's best for a customer, if it makes sense, we...

...can help align them with one of the managed security services partners that were already working with and so from there they're getting you know, additional additional things like seven support that partners are able to then take on support tickets for them. And sometimes we have groups that are out there that don't even need to look at their Carbon Black console because they've completely outsourced it. So in that example, you know you're able to if you have a small shop that's out there, say and you know some rural area and you need the security there, but you can't retain staff. We run into that pretty frequently where it's really difficult times. Sometimes the security market is is limited in terms of employee personnel, and so they'll they'll hire somebody, they have them, they get them up and running, they work there for a year or two and then they say, hey, say they're in the middle of the Pennsylvania and they say, hey, we want to move to Pittsburgh or Philadelphia because you know, there's better salaries out there for security professionals. So we run into companies that that frequently have that problem. But then by passing things over and sinking with one of our MSSPs, they're able to basically you know, they don't have to worry about the cost of hiring, onboarding, and dealing with all those these different things. And so we have a very strong partner network that's out there. So that's something you know. And the final analogy I'll leave with you with all of that is if a you know, using carbon block yourself is one, we have you know, a one point five out there as well too with our m DR service that's in house. And then additionally to that, you know, you have a two by using a full blown MSSP provider, which then goes back to that crawl walk run analogy. So you know, whatever challenges the customers facing, we have different packages to help them, you know, ease the burden of making a shift to the next generation anti virus, of using e d er tools and getting getting access to all those things that they need. We have different ways that we can approach it. So if you're already you know, advanced at this, we have a package for you. If there's things that you're first learning how to do and you're kind of dipping your toes in it. We have resources to help with that. Um So wherever you fall in that crawl, walk, run scale, there's there's uh, you know, pactors that we can help to consult with excellent well as we do or to wrap up our episode, we always ask our guests the same final question, and that's where do you see technology going in the next year? So within this space or or if you wanted to widen that, where do you see technology taking place in Where's it going in the next year? You know, it's it's crazy to think, and I really think the biggest in the seven years that I've worked in security, I think it's all the things that have been identified have just continued to grow, and I think the need for security is just going to continue to expand where you know, we're going to face the same challenges of working from home, of expanding to the cloud. But I really think that those things and the need for security is going to be to continue to affect groups. We're still seeing a lot of folks out there that are being affected by ransomwer. I think that's constantly going to be a threat. So it's hard to say, you know, how the bad guys are going to shift in terms of how they're they're attacking us. But as you know, I think those methods are still going to continue for the next couple of years, and security is still going to need to be incredibly prevalent. I think where I see it going is going back to what I mentioned earlier. Groups like bm ware, they are able to help you build security in from this very start is going to be a key components and its back to that housing analogy. It's just like you see any big city with all the big, new, fancy apartment complexes that come in, with all the cool bells and whistles built in. I think more customers and more people are going to see the value of having a security solution that's built in front when they're building their infrastructure from the ground up, making sure that security is a part of the conversation from the very beginning. And that's a trend that we're we're seeing and I think it's only going to continue to grow in the next next year. Great well for listeners who have a question about about anything that we talked about today, or I want to reach out, how can they find out more information? Yeah, yeah, again, Will Barret Delli. If you guys need to reach email addresses w verro Delli, w V E r A R Das and dog E l I at vm ware dot com, feel free to shoot me a note there. You can also reach out to Micro has a ton of great resources...

...that are out there that can help you get connected with individual Carbon Black reps. They also have personnel available that's you know already knows carbon Black. They have engineers that are trained and can give demonstrations on that as well too. And you know, feel free to reach out to your BM, where Core reps. We're all available here. We all want to help all of our customers and we want to create you know, secure world free of free of cyber threats. So if you guys need any of that, feel free to reach out to you know me me directly to your Carbon Black specialists, your BM or Core rep where you know your Angram Micro specialists as well too. Excellent. Well that does it for this episode. Will I appreciate all the time of the insight today. Thanks for joining me. Yeah, thank you so much. We really appreciated the conversation and that thanks for setting this up. Yeah, and thank you listeners for tuning in and subscribing to BE two be tech Talk with Ingram Micro. If you'd like this episode or have a question, please join the discussion on Twitter with the hashtag B two B tech Talk. Until next time, I'm Shelby scare Talk. You've been listening to B two B tech Talk with Ingram Micro. This episode was sponsored by Ingram Micro's Imagine Next. B two B tech Talk is a joint production with sweet Fish Media and Ingram Micro. Ingram Micro production handled by Laura Burton and Christine Fan. To not miss an episode, subscribe today on your favorite podcast platform.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (482)