Transcript of a discussion on why more automation, integration, and acquiring security services “as a service” are in hot demand amid rapidly growing IT security costs and the added complexity of protecting distributed workforces.
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...Dana Gardner
A transcript of a discussion on how comprehensive cloud security solutions need to go beyond on-premises threat detection and remediation to significantly strengthen extended digital business workflows.
For UK MSP, optimizing customer experience is key to successful security post...Dana Gardner
Transcript of a discussion on how Scottish MSP Grant McGregor takes the customer experience imperative to new heights, even as its users move increasingly to hybrid IT models.
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Dana Gardner
Transcript of a discussion on how cloud security is rapidly advancing and how enterprises can begin to innovate to prevail over digital disruption by increasingly using cloud-defined security.
How the Switch to a Predominantly Remote Workforce Accelerated IT and Securit...Dana Gardner
Transcript of a discussion on how the rapid shift to remote work accelerated the digital transformation of a New York-based publishing organization to reduce risk while preserving a highly creative and distributed culture.
How Dashboard Analytics Bolster Security and Risk Management Across IT Supply...Dana Gardner
Transcript of a discussion on how Bruce Auto Group gained deep insights into their systems, apps, and data to manage and reduce risks across their entire IT and services supply chain.
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...Dana Gardner
A transcript of a discussion on how comprehensive cloud security solutions need to go beyond on-premises threat detection and remediation to significantly strengthen extended digital business workflows.
For UK MSP, optimizing customer experience is key to successful security post...Dana Gardner
Transcript of a discussion on how Scottish MSP Grant McGregor takes the customer experience imperative to new heights, even as its users move increasingly to hybrid IT models.
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Dana Gardner
Transcript of a discussion on how cloud security is rapidly advancing and how enterprises can begin to innovate to prevail over digital disruption by increasingly using cloud-defined security.
How the Switch to a Predominantly Remote Workforce Accelerated IT and Securit...Dana Gardner
Transcript of a discussion on how the rapid shift to remote work accelerated the digital transformation of a New York-based publishing organization to reduce risk while preserving a highly creative and distributed culture.
How Dashboard Analytics Bolster Security and Risk Management Across IT Supply...Dana Gardner
Transcript of a discussion on how Bruce Auto Group gained deep insights into their systems, apps, and data to manage and reduce risks across their entire IT and services supply chain.
How Unisys and Microsoft Team Up To Ease Complex Cloud Adoption For Governmen...Dana Gardner
A discussion how public and private sector IT organizations can ease cloud adoption using cloud-native apps, services modernization, automation, and embedded best practices.
The SolarWinds hack, first detected in December 2020 and referred to as “the largest and most sophisticated attack the world has ever seen” by the president of Microsoft, was a watershed moment in cybersecurity. Hundreds of organizations, including Fortune 500 companies and government agencies, were affected, with sensitive data compromised. A year on, a major study conducted by Splunk has found that 78% of companies expect the same thing to happen again.
Not so long ago, the only way to access a new application was to install it from a floppy disk.
Prehistory, huh? Now we have the Internet. Anytime. Anywhere. Everywhere: in the office,
at home, in cafés, on the street, even on the beach. We live in a world where we are connected
all the time. This influences our lifestyle, our interests and attitude, it changes the way we work.
This means a whole new era for the software industry. And this era should be called “Cloud”.
How to protect your company’s computer systems against penetration and attack; the dangers of security lapses in corporate computer
systems and Internet architecture, and specific methodologies for evaluating your company’s security, detecting intrusions and responding effectively.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
Data Protection & Shadow IT in a cloud eraDavid De Vos
The slides that were used @infosecurity 2019 when speaking for Computable. A vendor independent session where I shared some of the experiences of the last year.
The Microsoft Azure Security Engineer Associate (AZ-500) certification is a cloud security certification that validates your ability to design, implement, and manage a secure Azure environment. It is designed for IT security professionals who want to work with Azure.
The exam covers the following topics:
Security for identity and access
Platform protection
Data and applications
Security operations
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
More Related Content
Similar to Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
How Unisys and Microsoft Team Up To Ease Complex Cloud Adoption For Governmen...Dana Gardner
A discussion how public and private sector IT organizations can ease cloud adoption using cloud-native apps, services modernization, automation, and embedded best practices.
The SolarWinds hack, first detected in December 2020 and referred to as “the largest and most sophisticated attack the world has ever seen” by the president of Microsoft, was a watershed moment in cybersecurity. Hundreds of organizations, including Fortune 500 companies and government agencies, were affected, with sensitive data compromised. A year on, a major study conducted by Splunk has found that 78% of companies expect the same thing to happen again.
Not so long ago, the only way to access a new application was to install it from a floppy disk.
Prehistory, huh? Now we have the Internet. Anytime. Anywhere. Everywhere: in the office,
at home, in cafés, on the street, even on the beach. We live in a world where we are connected
all the time. This influences our lifestyle, our interests and attitude, it changes the way we work.
This means a whole new era for the software industry. And this era should be called “Cloud”.
How to protect your company’s computer systems against penetration and attack; the dangers of security lapses in corporate computer
systems and Internet architecture, and specific methodologies for evaluating your company’s security, detecting intrusions and responding effectively.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
Data Protection & Shadow IT in a cloud eraDavid De Vos
The slides that were used @infosecurity 2019 when speaking for Computable. A vendor independent session where I shared some of the experiences of the last year.
The Microsoft Azure Security Engineer Associate (AZ-500) certification is a cloud security certification that validates your ability to design, implement, and manage a secure Azure environment. It is designed for IT security professionals who want to work with Azure.
The exam covers the following topics:
Security for identity and access
Platform protection
Data and applications
Security operations
Similar to Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential (20)
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Why Today’s Hybrid IT Complexity Makes 'as a Service' Security Essential
1. Page 1 of 10
Internal Use Only
Why Today’s Hybrid IT Complexity
Makes 'as a Service' Security Essential
Transcript of a discussion on why more automation, integration, and acquiring security services “as a
service” are in hot demand amid rapidly growing IT security costs and the added complexity of protecting
distributed workforces.
Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender.
Dana Gardner: Welcome to the next edition of the BriefingsDirect podcast series. I’m Dana
Gardner, Principal Analyst at Interarbor Solutions, your host and moderator.
Amid rapidly growing IT security costs and the added complexity of distributed workforces, the
challenges facing IT services providers are clearly outrunning past practices. That’s why more
automation, integration, and acquiring security “as a service” are in hot demand.
Stay with us now as the next BriefingsDirect security innovations discussion examines how
Heartland Business Systems is seeking new ways and new partners to ensure that security
incidents are kept in check across a variety of hybrid IT services and scenarios.
Here to share his story of increasingly embracing security-as-a-service
is our guest, Jason Nuss, Vice President of Cloud Services at
Heartland Business Systems (HBS) in Little Chute, Wisconsin.
Welcome, Jason.
Jason Nuss: Dana, thanks for having me.
Gardner: Jason, what are some of the top trends driving the need to
do things differently when it comes to risk management and endpoint
security?
Nuss: Endpoint security is getting more important and broader every
day. Cyber insurance definitely has had a huge influence over the last
several years. I can remember when cyber insurance applications
were just a couple of questions. Now, in some cases, they’re a dozen
pages long.
That’s urging more requirements to tighten up security practices. At the same time, the hackers
are getting smarter, and they’re moving to new techniques. You know, we’re starting to see
more extortion as opposed to just encryption scams, which really has a much greater effect on
not only on a specific customer, but sometimes that customer’s clients as well.
During the last few years of the pandemic, we’ve also seen a migration to a more mobile
workforce. Some of the companies we work with have closed their office doors. They aren’t
going back to physical offices, which has brought in other challenges when it comes to making
sure their environments are secure.
Nuss
2. Page 2 of 10
Internal Use Only
Gardner: And how about the current hybrid IT environment? How is that forcing you to do
things differently?
Data is everywhere, but how secure is it?
Nuss: Data is now everywhere -- as is your staff. We used to be able to secure inside of your
walls and you didn’t have to worry so much about external trends. But now we have people
working from home and accessing home networks, which makes those endpoints even more
vulnerable to more security threats than the ones behind your corporate firewall.
You also have more cloud data and cloud services applications. You need to make sure those
are secure as well, which plays a huge new factor. One of the common misconceptions we see
is that everything from the cloud is perfect.
A lot of people think that cloud-based software-as-a-
service (SaaS) applications include everything and
that they are fully secure and fully redundant. But
that’s just not the case. People need to take more
time to look at the services that we’re adopting and
make sure the providers are on the up-and-up. Do
they have all the proper security tools, backups, and
disaster recovery? Should they have an outage, how
will that impact our businesses as well?
Gardner: Right, we have to evaluate the security robustness, if you will, of our entire technology
supply chains.
Nuss: Absolutely.
Gardner: How about rising costs, such as for labor? How is that affecting your ability to deliver
security effectively?
Nuss: Security costs over the last several years have gone up quite a bit. I often tell customers
that security costs have gone up 500 to 600 percent from what they were five years ago.
I’ve been around this industry almost 30 years now. Before, you only had to worry about an
antivirus product and a modem for connectivity to the Internet. Then it moved into buying
firewalls. But now you have things like endpoint detection and response (EDR), managed
detection and response (MDR), and extended detection and response (XDR).
It’s very confusing. You have security information management (SIM), security operations
centers (SOCs), privileged access management (PAM), and all these other new technologies
that make the landscape very, very cloudy. No pun intended.
But you know, sometimes we have to right the ship for the customer to make sure that we’re
looking at security from a proper rollout perspective. You’re starting with the most critical things,
whether it be a backup or multi-factor authentication or endpoint security. And then maybe
layering on some of the additional services. But it doesn’t make sense for our customers to start
A lot of people think that cloud-
based software-as-a-service
applications include everything
and that they are fully secure
and fully redundant. But that’s
just not the case.
3. Page 3 of 10
Internal Use Only
out with penetration testing if they haven’t secured their environment ahead of time. We’re going
to find out holes, right?
Gardner: And why is SaaS and more automation generally attractive to folks like you as you’re
specifying the next generation of security?
Nuss: Expertise at scale is very important -- and often overlooked. Just making sure you have a
SOC, and maybe if it’s a guy or two, that is not good enough. You need to be able to react
appropriately.
So having a larger staff, having a knowledge base behind that, is very important in solving the
protection issues -- or even identifying the security issues quickly. Automation is critical to that.
When you’re ingesting hundreds of thousands -- or millions -- of logs, you need to be able to
comb through that data really quickly. So, automating that is critical. You’re starting to see more
artificial intelligence (AI) and machine learning (ML) take over in that space. A lot of the more
recent products are using those technologies to identify threats before an analyst would have
caught them manually.
Gardner: As we mentioned before, we have to be concerned about our suppliers and partners -
-- perhaps more than ever. They can come under attack as well. How has that changed how
you look at your suppliers?
Nuss: As far as our suppliers go, we’ve started to take a deeper look at the supply chain
completely. There are a lot of smaller companies coming out with new technologies. As we look
to vet things, not only are we betting on functionality, but we’re also vetting on security
elements.
Just recently, we were looking at a product that would integrate into our customer resource
management (CRM) tool to do better data mining out of Microsoft 365, Exchange, and Outlook.
And, you know, we came to find out that, hey, that data is being stored overseas. They’re also
injecting a bunch of email messages, and so we had concerns around those tools.
Just turning on an application programming interface
(API) isn’t always a good thing. You want to make
sure you’re minimizing the impact should they have a
breach and that it does not impact you as well. You
have to look over the vendors and make sure that
they’re following best practices. If they’re not, I think
it’s good to call them out and let them know. Such
as, “Look, you don’t need access to all of these
tables for the pieces that you’re trying to access.
Let’s minimize the blast radius should you be
compromised and so as to not affect us as well.”
Gardner: So, it’s services-subscriber beware, right?
Nuss: Absolutely. You know, with some of the other things that are playing into it as well, with
the mobile workforce, you have to secure the edge and make sure you have good endpoint
controls, firewalls, and other components.
You want to make sure you’re
minimizing the impact should
they have a breach and that it
does not impact you as well.
You have to look over the
vendors and make sure they’re
following best practices.
4. Page 4 of 10
Internal Use Only
That was one of the things where Bitdefender rose above the rest for us. They were able to
store those things, looking at other cloud storage providers. You know, you also see shadow IT
out there. I cringe when I hear people that don’t have corporate policy around cloud storage and
where they’re putting up data using things such as Dropbox or Microsoft OneDrive. It’s okay to
use those, but make sure you have a governance policy around them, such as a backup
strategy and how you’re going to secure that data.
Gardner: We have seen a lot of cloud services use sprawl and ungoverned use, for sure.
Eventually, you have to gain maturity about how you do that.
Let’s hear about Heartland Business Systems (HBS). Tell us about your company. What you do,
and what do you think distinguishes you from other managed service providers (MSPs)?
Widespread, yet local service
Nuss: HBS is based in the Upper Midwest, we’re just south of Green Bay, Wisconsin. We’re
now up to about 12 locations throughout Wisconsin, Minnesota, Illinois, Iowa, Nebraska,
Missouri, Arkansas, and Arizona. We have been around since the 1990s, with around 650 total
employees and about 350 technical service professionals across many specializations.
People often ask what sets us apart from the other guys in the industry. I think there are a
couple of things. We have both breadth and scale. We also believe very heavily on having in-
market expertise where we have a physical presence. We try to have expertise so that when our
teams are going out on-site, we deliver a quality experience. We’re not always relying on
engineers from the center of our company, so to speak, to roll that out.
Our expertise is widespread. So, we not only do the normal networking- and systems-type work
-- with a robust Microsoft practice; we’re a gold partner in 16 of 18 different competencies -- we
also have an enterprise security and risk management team. [They can also help when] you’re
doing compliance audits, vulnerability assessments, and penetration testing. Just in December,
we purchased another company, Pratum, that has a SOC-as-a-service offering. It will be
interesting to see how that plays into our security offerings over the coming months.
Gardner: When you talk about breadth and scale, that sounds like you have to scale not just up
but down and sideways, if you will. That means servicing a lot of different types of organizations
across a lot of different industries. So how do you serve that variety? How do you scale up and
down and remain efficient?
Nuss: It’s sometimes difficult to address all the different
markets. Our total market is pretty much comprised
equally and in thirds: of small-and-medium business
(SMB), medium-to-large enterprises, and then the
government and education spaces.
Sometimes those needs are very different. You have to
have offerings that address the needs that they all want.
In the SMB space, they typically don’t have security
professionals, so we end up being the security
professionals for them.
You have to have offerings
that address the needs that
[the different market sectors]
all want. In the SMB space,
they typically don’t have
security professionals, so we
end up being the security
professionals for them.
5. Page 5 of 10
Internal Use Only
In the enterprise space, a lot of times it’s more of a co-managed solution set. You have to have
solutions that address the needs of each of those different classes. For us, we have separate
engineering teams in a lot of those spaces, where they focus on specific technology stacks for
the specific market segment. They become more expert there, with a SMB-type engineering
staff as well as an enterprise engineering staff. They focus on different manufacturers, in some
cases, and more elaborate technology at the higher end of the spectrum.
Gardner: With a sizable public-sector business, and I have to assume quite a bit in education
and schools, how is that a challenge for security?
Nuss: The biggest challenge in the public sector
is often budget. A lot of times it is so focused on
hardware migrations – the replacing of endpoints
at the desktop, networking, or servers – that
security gets overlooked, even though it’s more
and more important.
Also, for them, they’re trying to solve physical security concerns in addition to IT security. So,
we work with customers on things like video surveillance systems, ID badges, and access
control systems.
On the IT security side, we look at building best practices around policy. Everything starts with
that policy, and then you can measure against that policy as you move forward. They are also
moving to devices that may have less susceptibility, such as Chromebooks where they’re not
storing data locally. They’re storing it up in the cloud so they can better protect those cloud
assets. They are then less worried about the endpoints, but you definitely have to begin with
that comprehensive policy and then obtain the tool sets that goes with it.
Gardner: Is there a positive pay back when you automate more, go policy-driven, and use cloud
and multi-tenancy to their full effects?
Consistency and multi-tenancy critical in the cloud
Nuss: Yes. For us, multi-tenancy is absolutely critical. I run our cloud services division, our
data centers. We have two data centers. As we looked to security tools like endpoint security, it
was absolutely critical that these things were multi-tenant. We had products before we found
Bitdefender to support 20,000 endpoints through a single management console. To roll out that
type of scale, you have to have consistency. There are a lot of great security tools in the
marketplace, but if they don’t play into your operational processes at scale, they really don’t do
you any good.
As we evaluated for endpoint security, and EDR specifically, we needed to make sure that
number one, it was a good product. We looked at MITRE ATT&CK trends and things like that to
see where they were playing within the Mitre framework. But number two is how did it work into
our processes and into our tool sets?
Could I have a global policy that I could roll out to everyone, so they knew that I had
consistency? It’s inefficient for me to go touch 600 different customers within that portal to make
A lot of times [the public sector] is so
focused on hardware migrations … that
security gets overlooked, even though
it's more and more important.
6. Page 6 of 10
Internal Use Only
one change. I need to make it at a global level and have that be inherited down the chain. At the
same time, we have more enterprise customers who want control of those policies themselves.
We were looking for a tool that would allow us to give them the access rights to customize the
policy or manage their portal as they saw fit. So, we really like those aspects of it specifically.
Gardner: When you try all kinds of new services and products, one of the challenges in security
is the sprawl of having so many tools. What do you look for when you’re evaluating your security
suppliers and services when it comes to how well they integrate services, in how well they
combine tools and meet more requirements, so that you don’t have to?
Tools and services must work well with others
Nuss: A lot of times we’re looking for integration. We’re a ConnectWise shop end-to-end so
we’d like solutions that integrate into that tool set. Whether it be pushing the software out
through ConnectWise Automate and those kinds of deployment tools, or whether it’s alerting
within the tool set to let us know that there’s been a ticket that’s been created, or better yet,
even closing out that ticket once it’s been remediated.
Those capabilities are very important to us. You can’t just use email anymore to notify people of
issues that arise. It just becomes noise and we’ve consulted with customers where they have
things like monitoring solutions.
You can’t have a better example than we had
when a city government here locally had a
ransomware attack. They had security tools that
actually notified them the day before that the
hacker was in the system, but because of all the
noise, they didn’t have the alerts tuned enough
and the processes well defined enough so that they missed the alert. The next day, they were
hit with ransomware and encrypted across the entire environment. So, you know, lesson
learned -- it’s not just about having the tools to block attacks. It’s also about having the
processes in place to react when the chips are down, right?
Gardner: Yes, and it integrates into your processes as you pointed out in your help desk or
SOC and your other systems that are already in place. You have to take advantage of what you
put in when it comes to fast remediation, fast alerts, and email just doesn’t cut it.
Okay, let’s think about reporting and data and understanding what’s going on. It’s about having
information to the right in the right ways. What do you look for when it comes to reports for that
that single view, or one throat to choke, if you will?
Nuss: We need to be notified of the alert immediately. We’ve created mechanisms that if there
is a critical alert, it’s sending a page out to people that are on call and setting off other alarm
bells for us to react very quickly.
From our SOC services perspective, we outsource much of our MDR services. So, we create
workflows with those vendors that are overseeing some of those security aspects on who
should they call first, and how that escalates through our system so we make sure that those
can be addressed quickly.
It’s not just about having the tools to
block attacks. It’s also about having
the processes in place to react
when the chips are down, right?
7. Page 7 of 10
Internal Use Only
I tell this story to a lot of our prospects. It was the Friday before Fourth of July weekend, and I
got a call from one of the SOC analysts telling us that we had someone in one of our client’s
environments They were making some lateral movements and they were pretty convinced it
was a hacker.
Had that gone on for another three days, who knows how they would be? Now, the good news
to the story is it wasn’t actually a hacker. They were having a penetration test done within their
environment over the weekend -- so no harm, no foul there. But, you know, had that been
somebody that was in there, you hate to even guess how far they could have gotten throughout
the environment, how pervasive that could have been without having someone notified quickly.
Many of our clients have seen that in one of their portals. Had
they gone in there, they might have seen it in an email when
they got to it, maybe the next week when they got back from
vacation. But when it comes to security time is money.
Gardner: Let’s look at your security solutions choices. How was your journey in terms of solving
these issues?
Nuss: There are two aspects to it. As we looked at endpoint security, we spent more than a
year analyzing different platforms. We looked at all of the major vendors out there, the Microsoft
Sentinels, the CrowdStrikes, the Sophos, you name it -- we looked at all of them. We narrowed
them down from their “based-on” capabilities, based on some of the tools set integrations,
based on their go-to market strategies, some competitive natures. Then we went in and started
doing field trial tests, so we put them in place. We would kick the tires, tested integrated to our
tools, to make sure those workflows came through, and then we moved forward from there,
rolling that into our offerings.
It’s a pretty detailed process -- one that was probably more detailed than many of them out
there. That’s a big aspect of making sure you’re not just jumping in and saying, “Well, this one’s
rated really well. Let’s just take that and move forward with it.”
One of the competitors in that particular space that we looked at -- we really liked the product,
but we also looked at financial capabilities of the company. You know, they should be profitable.
They shouldn’t be hemorrhaging cash left and right. You need to make sure that they’re going to
be in there for the long haul. Having been in the IT space for 30 years now, we’ve seen a lot of
great vendors come and go. And so that’s almost as important -- their financial viability -- as is
the technology.
Gardner: How much further do you have to go to get to where you need to be?
Operational maturity essential for success
Nuss: It’s always a constant evolution. With security changing so fast, we try to look at what is
integrating more openly. Who has APIs to integrate into other tools?
When it comes to
security, time is money.
8. Page 8 of 10
Internal Use Only
Talking about Bitdefender, with this recent acquisition that we have had, they do a lot with
Microsoft Azure Sentinel, so we’re working on an integration into Azure Sentinel so that we can
have cross-platform capabilities and a layered approach.
We want to make sure the tools that we have can integrate with the overall platform so that we
can pick and choose the right platform to deploy to our customers. The other piece of it is you
really have to work closely with the customers to make sure they have proper operational
maturity levels.
I look to five different levels of operational maturity, and you should move up and to the right in
the levels. You should take that same approach with security. Make sure you’re starting with the
core components to make sure that you have the big building blocks there first -- such as
endpoint security, firewalls, advanced threat protection, on-site and off-site backup, and policy
management -- before you move to some of the next-generation, such as SaaS technology,
zero-touch network access, zero trust at the endpoint level, and DNS protection. You can go on
and on and on.
Security awareness training is also key. For example, our enterprise security and risk
management teams came up with a top 10 list that we present as a place to begin. And then we
start to talk about where to go as your budget allows.
The other big thing is to get out in front of the
process from a budgeting perspective with
your clients. I tell them that security costs are
probably five times what they were just five
years ago, but we don’t necessarily see that in
the budget. A lot of times, IT has a real
struggle relaying the value of that to the
business leadership.
I like to tell stories and relate things back to what I’ve seen in the past. For example, I was at a
trade show and one of the security analysts was telling us about a letter he received the day
before from one of his MSP clients. It was basically an extortion letter from a cyber attacker who
said, “We’ve been in your business for the last 30 days. We have 300GB your files. Here’s the
list of files we have. You can pick any three, and we’ll send a copy of the files just to prove that
we have them.”
This was purely financial: “Here’s how much money we want. And by the way, if you don’t pay
us, we’re going to start calling every one of your competitors and every one of your customers
to tell that we have your data and then try to extort them in the same fashion.”
You tell that story to a business owner and it almost makes you sick. Those types of things are
happening out there every day. A lot of times, I don’t think they’re very well publicized because
people don’t want to know who has been hacked. But it’s real, and they need to react to it and
take it seriously. By telling those stories, or if they know somebody who has been hit up for
ransomware or extortion, whatever it may be, those stories make a big difference, too.
Gardner: On measuring that value, what are your most important key performance indicators
(KPIs) to demonstrate to your leadership that you’re spending your money properly and wisely?
When it comes to things like EDR and what Bitdefender is providing for you, how do you
measure the value?
Get out in front of the process from a
budgeting perspective with your
clients. … Security costs are probably
five times what they were just five
years ago, but we don’t necessarily
see that in the budget.
9. Page 9 of 10
Internal Use Only
Nuss: That’s always a tough question. At the end of the day, we look at where we see threats
and infections and the reactive support needs. We have an incidence response team here to
help clients. And we try and track what’s happening there -- how many alerts, remediations, and
things that are fixed on a monthly basis to prove value.
From an MSP perspective, we send out reports
to our clients showing all the security events
that we’ve seen. These are the things that have
been blocked to make sure that they
understand the value that’s there. Otherwise,
the value is out-of-sight, out-of-mind, right? If
they don’t have a problem, they don’t
necessarily think that any problems ever existed because you’re blocking something. You’re
doing a good thing, but they don’t always realize that.
Gardner: Of course, not being hacked or ransomed or extorted also factors pretty high up there.
Nuss: Yes, for sure.
Gardner: Okay, let’s look to the future. What comes next? What are you looking to do in the
next three years?
Take down tool sprawl with consolidation
Nuss: Some of the big things that we’ll look at include which tools are working better together
and where we can consolidate reporting. So, combating tool sprawl. It’s a real problem out
there, trying to bring reporting from the different tools together so we can show the overall,
cohesive strategy. That is going to be more and more important.
We want to work with vendors that are really open. I would be surprised if we don’t see more of
the security vendors adopt standards where they’re sharing things in a more cohesive fashion.
Whether it’s endpoint security, DNS protection, or zero trust – ways that security threats can be
more consistently delivered to reporting mechanisms to develop better overall dashboards.
You’ll start to see more API integrations, where you have reporting tools that now are able to
work with vendors to block things. So maybe your endpoint security is integrated into your SOC
services. You could, at the click of the button, have a disconnect or block of a particular event
automatically -- or even manually -- when they see those issues without necessarily having to
move into different tools.
That’s where you’ll see the automation components come in. And then they’ll start to create
workflows that work with that, so if an event is triggered they can use that to run scripts against
things to start to shut things down or just connect them or remediate at inception to prevent it
spreading. That’s where I think things will be headed more and more.
Gardner: I’m afraid we’ll have to leave it there. You have been listening to a sponsored
BriefingsDirect discussion on how IT services providers are moving beyond past practices to
seek out more automation, integration, and acquiring modern security solutions as a service.
If they don’t have a problem, they
don’t necessarily think any problems
ever existed because you’re blocking
something. You’re doing a good thing,
but [clients] don’t always realize that.
10. Page 10 of 10
Internal Use Only
And we’ve learned how Heartland Business Systems is seeking new ways and new partners to
assure that security incidents are kept in check across a variety of hybrid IT services and
scenarios.
So please join me now in thanking our guest, Jason Nuss, Vice-President of Cloud Services at
Heartland Business Systems in Little Chute, Wisconsin. Thank you so much, Jason.
Nuss: Thanks for having me, Dana.
Gardner: I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator
for this ongoing series of BriefingsDirect discussions. A big thank you to our sponsor,
Bitdefender, for supporting these presentations.
Also, a big thank you to our audience for joining us. Please pass this on to your IT and security
communities, and do come back next time.
Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender.
Transcript of a discussion on why more automation, integration, and acquiring security services “as a
service” are in hot demand amid rapidly growing IT security costs and the added complexity of protecting
distributed workforces. Copyright Interarbor Solutions, LLC, 2005-2023. All rights reserved.
You may also be interested in:
• Defending the perimeter evolves into securing the user experience bubble for UK cancer
services provider
• How A-Core Concrete sets a solid foundation for preemptive security
• How an MSP brings comprehensive security services to diverse clients
• Better IT security comes with ease in overhead for rural Virginia county government
• SambaSafety’s mission to reduce risk begins in its own datacenter security partnerships
• How MSP StoredTech brings comprehensive security services to diverse clients using
Bitdefender
• For a UK borough, solving security issues leads to operational improvements and cost-
savings across its IT infrastructure
• How an Architectural Firm Retains Long-Term Security Confidence Across a Fully Virtualized
and Distributed Desktop Environment
• Regional dental firm Great Expressions protects distributed data with lower complexity thanks
to amalgam of Nutanix HCI and Bitdefender security