Today we're visited by Scott McCrady, the CEO of Solcyber, a leading managed security service provider. He says they're changing the model of how small and medium-sized companies secure their infrastructure against attacks, without any of the typical upfront cost or ongoing maintenance hassles of traditional methods. Have you tried securing your environment, only to suffer "alert fatigue?" Scott feels your pain and has fixed this by doing all of that as a service, which you pay for like a typical SaaS offering. Just a per-user fee per month - one SKU. It's a new way to secure your infrastructure.
Mentioned in this episode:
Interview ad
for those of you growing increasingly concerned about the
Speaker:security of your it infrastructure.
Speaker:This episode talks about the concept of an MSSP managed security service provider.
Speaker:Uh, I think you're really going to like what we talk about.
W. Curtis Preston:Hi, and welcome to Backup Central's Restore it all podcast.
W. Curtis Preston:I'm your host w Curtis Preston, a k a, Mr.
W. Curtis Preston:Backup.
W. Curtis Preston:And I have with me the guy who I've finally experienced what his dog
W. Curtis Preston:is named after Prasanna Malaiyandi
Prasanna Malaiyandi:
Speaker:What's going on, Curtis?
Prasanna Malaiyandi:
Speaker:I know,
W. Curtis Preston:you
W. Curtis Preston:you really weren't sure
W. Curtis Preston:where I, what I was
Prasanna Malaiyandi:so I thought you were going to go for like your stair
Prasanna Malaiyandi:consultant or something like that, but No, I think that's a good thing.
Prasanna Malaiyandi:So,
W. Curtis Preston:no.
W. Curtis Preston:I, I, I got to experience, uh, Kulfi.
Prasanna Malaiyandi:Indian Ice Cream
W. Curtis Preston:um, yeah.
W. Curtis Preston:That was quite, uh, cuz we went to this new, uh, place.
W. Curtis Preston:Uh, and, and I, and I shouldn't, should I say Indian food or
W. Curtis Preston:should I say Himalayan food or?
W. Curtis Preston:Uh, cuz it was the taste of the Himalayas,
Prasanna Malaiyandi:It could be, well, it could be like
Prasanna Malaiyandi:Indian or Nepalese, typically.
Prasanna Malaiyandi:Those are,
W. Curtis Preston:Yeah.
W. Curtis Preston:Nip Nepalese.
W. Curtis Preston:yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, but they
W. Curtis Preston:had, but they had, Vindaloo.
W. Curtis Preston:Although, um, it, it was funny, I, you know, I went, I think I
W. Curtis Preston:told you I went once and I I got a seven outta 10 and it was like, as
W. Curtis Preston:well have been ice cream as far as
Prasanna Malaiyandi:you like really spicy Curtis?
W. Curtis Preston:standpoint.
W. Curtis Preston:And so I said to the, I went back to the waitress.
W. Curtis Preston:So we literally went just a couple days later
Prasanna Malaiyandi:Oh, you went back.
Prasanna Malaiyandi:I didn't know this.
W. Curtis Preston:yeah.
W. Curtis Preston:Oh yeah.
W. Curtis Preston:We went back and I said, I said, you know, I had a seven the other day and it
W. Curtis Preston:was nothing like, I need more than that.
W. Curtis Preston:And she's like, she looked at me
W. Curtis Preston:like, you can have an eight.
W. Curtis Preston:Like, like I was, because I was gonna go for the 10.
W. Curtis Preston:I'm like, if that's a seven, I'm gonna go for the 10.
W. Curtis Preston:She's like, I'll let you have an eight, you know, and I was like, you know what?
W. Curtis Preston:You're not in charge of me.
Prasanna Malaiyandi:And how was he.
W. Curtis Preston:Um, but I had a eight.
W. Curtis Preston:It, it was definitely, it had more bite to it than the seven.
W. Curtis Preston:But I don't know, I've had like authentic Indian vindaloo with,
W. Curtis Preston:with authentic Indian spices.
W. Curtis Preston:This doesn't taste like that.
Prasanna Malaiyandi:well, I, I, I wanna say that each region
Prasanna Malaiyandi:probably does their spices slightly differently based
Prasanna Malaiyandi:on what they have access to.
W. Curtis Preston:yeah, there's that, this is why I asked you
W. Curtis Preston:the question about whether or not it's cheating just to throw in a
W. Curtis Preston:little cayenne.
W. Curtis Preston:And it sounds like it is.
W. Curtis Preston:Cuz I
W. Curtis Preston:tasted cayenne.
W. Curtis Preston:I was like, I, I'm pretty sure they put cayenne in just
W. Curtis Preston:to make it a little hotter.
W. Curtis Preston:Um,
Prasanna Malaiyandi:But then you ended with dessert, which
W. Curtis Preston:you know
Prasanna Malaiyandi:the mango.
W. Curtis Preston:Oh right.
W. Curtis Preston:Which we, yeah.
W. Curtis Preston:Yes.
W. Curtis Preston:And the mango Kulfi.
W. Curtis Preston:And I was like, Kulfi, I know . I finally got to see what
W. Curtis Preston:Kulfi
Prasanna Malaiyandi:he was named Kulfi because when we were adopting
Prasanna Malaiyandi:him, uh, we called up my sister.
Prasanna Malaiyandi:And she was really hungry that day and so on.
Prasanna Malaiyandi:Her mind was food, so she started naming off Indian Foods like Chutney and
Prasanna Malaiyandi:Sambar and Mixture and Jalabi and kulfi.
Prasanna Malaiyandi:And so my wife and I, we decided kulfi was an awesome name and it works well for 'em.
W. Curtis Preston:That's funny.
W. Curtis Preston:That's funny.
W. Curtis Preston:I know.
W. Curtis Preston:He's, he's been on the
W. Curtis Preston:podcast a few times.
W. Curtis Preston:Um, mainly just sort of barking and
Prasanna Malaiyandi:Yes, a couple times.
W. Curtis Preston:wanting
W. Curtis Preston:wanting to be on your lap, right?
W. Curtis Preston:Yeah.
W. Curtis Preston:Well our guest has 25 years of experience working in the
W. Curtis Preston:networking, telecommunications, and information security space.
W. Curtis Preston:Uh, he is currently serving as a c e O of Solcyber managed security services.
W. Curtis Preston:We're excited to have him on the pod.
W. Curtis Preston:Welcome to the podcast, Scott McCrady.
Scott McCrady:Thank you Curtis Prasanna.
Scott McCrady:Very nice to meet both of you.
Scott McCrady:Um, I actually, I was just to pivot off your food conversation.
Scott McCrady:I actually spent a year in Thailand when I was younger.
Scott McCrady:I was a volunteer English teacher, and uh, I remember my very first meal there.
Scott McCrady:I, I thought I was used to hot food.
Scott McCrady:I, I grew up in Dallas, so you know, jalapenos and stuff.
Scott McCrady:And so they asked, do you want it hot, medium, or mild?
Scott McCrady:And I thought, you know, I'll be safe.
Scott McCrady:I'll have, I'll, I'll get medium.
Scott McCrady:Uh, it was, um, I don't know if you've ever gotten the
Scott McCrady:hiccups from having food too
Scott McCrady:hot, but I immediately, you know, two or three bites into it.
Scott McCrady:I'm sweating profusely.
Scott McCrady:And then just out of the blue, you just get this, these hiccups that
Scott McCrady:for like two or three minutes.
Scott McCrady:And, and that's when I realized that, uh, Thai hot food is a different level of hot
Scott McCrady:food than what I'd, uh, what I'd gotten used
W. Curtis Preston:I've been, I've been to, uh, Phuket and I just remember I
W. Curtis Preston:was, I was hanging out with a local and I asked them to order two dishes.
W. Curtis Preston:One that they felt was, you know, for the wimpy American, but still spicy.
W. Curtis Preston:And one that they would eat.
W. Curtis Preston:And I would try the one that they would eat.
W. Curtis Preston:And if I couldn't eat it, then we would swap dishes.
W. Curtis Preston:And I just touched the tongue, touched the spoon to my tongue, and I, my head
W. Curtis Preston:blew off and I was like, swap, swap, swap.
W. Curtis Preston:I, I can't, I can't do it.
W. Curtis Preston:I can't do it.
Scott McCrady:Un for, for, for, for my palate.
Scott McCrady:Uh, the sticky rice and mango as a dessert was amazing.
Scott McCrady:I could live, um, chicken fried rice, uh, with a beer was about
Scott McCrady:as good as you're ever gonna.
Scott McCrady:And I love their stir fries and their curries, but I generally had to tell
Scott McCrady:'em to, to take it down a notch.
Scott McCrady:Um, cuz I could, I could eat decently spicy food I
Prasanna Malaiyandi:it's a different level sometime.
Scott McCrady:it is just a different, it, it's a different level.
Scott McCrady:It is a
Scott McCrady:different level.
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
Scott McCrady:Delicious.
Scott McCrady:By the way, I never, never b been to a Thai restaurant in America that's been
Scott McCrady:able to recreate that unique flavor.
W. Curtis Preston:no, that's the problem.
W. Curtis Preston:This is why no one should travel, right.
W. Curtis Preston:Um, so so, uh, because, you know, you live in, you live in Texas . I
W. Curtis Preston:live in San Diego, I can get decent, uh, Texas style barbecue here.
W. Curtis Preston:Uh, but it's not that, it's not what you can get there.
W. Curtis Preston:Um, and I will definitely tell you, no one here knows what
W. Curtis Preston:a beef rib looks like, right?
W. Curtis Preston:An actual Texas beef
W. Curtis Preston:rib.
W. Curtis Preston:It's, it's two and a half pounds, right?
W. Curtis Preston:It's one rib, it's two and a half pounds.
W. Curtis Preston:And,
Scott McCrady:deliciousness, of sweet, sweet deliciousness
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, uh, yeah, you know, we've already, we talked before the recording that
W. Curtis Preston:you know, that I did this, this barbecue road trip with my wife,
W. Curtis Preston:uh, there, just right when Covid was starting to die down just a little bit.
W. Curtis Preston:Uh, and we did this little road trip and, uh, made a little YouTube
W. Curtis Preston:video of each stop and, um, yeah.
W. Curtis Preston:But, but this is the problem.
W. Curtis Preston:Like, I, like I've been in New Orleans, I've had, , Cajun food in New Orleans.
W. Curtis Preston:It nowhere is as good as
W. Curtis Preston:it is there.
W. Curtis Preston:Um, Indian food in India.
W. Curtis Preston:I've had Indian food in India, right?
W. Curtis Preston:Um, and made one big mistake there.
W. Curtis Preston:I was at a, I was at a buffet and I managed to put, um, a big scoop of chutney
Prasanna Malaiyandi:your problem.
W. Curtis Preston:based on thinking it was, I thought it was a man.
W. Curtis Preston:And, um, so I put a big scoop, big scoop of it in my mouth that, ah,
W. Curtis Preston:you know, didn't burn my mouth off.
W. Curtis Preston:It's just, it's a really strong flavor.
W. Curtis Preston:Right.
W. Curtis Preston:It's, it's something you're supposed to dab on.
Prasanna Malaiyandi:
Speaker:Not eat as a main meal.
W. Curtis Preston:That's both the joy and the, uh, like if you ever get
W. Curtis Preston:a chance to go to, uh, uh, Holland, their, um, their food there, the, the,
W. Curtis Preston:the Thai, the, uh, Indonesian food.
W. Curtis Preston:Right.
W. Curtis Preston:Um, uh, the, the, the rice, the rice dishes.
W. Curtis Preston:Those are really good.
W. Curtis Preston:Um,
W. Curtis Preston:looks like we've lost our
Prasanna Malaiyandi:just went to go look after his pup.
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:how
W. Curtis Preston:how
Scott McCrady:the, I told you guys this was gonna happen.
Scott McCrady:He literally has been perfect today,
Scott McCrady:and now he just threw his his bone underneath the couch.
Scott McCrady:which of course he can't get to it cuz he doesn't have opposable thumbs.
Scott McCrady:And uh, the only time he tends to freak out is if he,
Scott McCrady:if his one of his toys or his
Scott McCrady:bone gets underneath something and then he'll,
Scott McCrady:you know,
Scott McCrady:call
W. Curtis Preston:you said he's, he's six, six months old,
Scott McCrady:Eight
Scott McCrady:months
Prasanna Malaiyandi:get him as a
Scott McCrady:Eight months old.
Scott McCrady:His name I did, he is, uh, I, I traveled all my whole life and so
Scott McCrady:I haven't had to be able to have a
Scott McCrady:dog for, you know, a long time.
Scott McCrady:So, you know, I was
Scott McCrady:like, I'm gonna get a dog finally.
Scott McCrady:I'm not traveling as much, I'm not going overseas.
Scott McCrady:All this jazz.
Scott McCrady:And oh my goodness, he's a blast.
Scott McCrady:So much fun.
Scott McCrady:Such a sweet boy, good puppy.
Scott McCrady:You know, all dogs are nice, but
Scott McCrady:for me he's easy because he's,
Scott McCrady:he's, he's not too
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:It's cra it's sort of the luck of the draw, right?
Scott McCrady:That
Scott McCrady:it is.
Scott McCrady:You gotta love him no matter what.
Scott McCrady:Right.
Scott McCrady:But, uh, I did, I did get lucky.
Prasanna Malaiyandi:awesome.
W. Curtis Preston:Good for you.
W. Curtis Preston:So we're, we're gonna talk about, um, you know, one of our favorite
W. Curtis Preston:topics today, which is, uh, security.
W. Curtis Preston:Um, and I honestly, you know, I can't imagine what it's like
W. Curtis Preston:to manage information security in today's , today's world.
Prasanna Malaiyandi:Oh, I was gonna tell you,
Prasanna Malaiyandi:wait before you go.
Prasanna Malaiyandi:I finished the book, cuckoos net.
Prasanna Malaiyandi:Cuckoos Egg.
W. Curtis Preston:Oh, you
W. Curtis Preston:finished the Cuckoos Egg
Prasanna Malaiyandi:Sorry, I totally forgot to tell you since,
Prasanna Malaiyandi:but we're talking about security now.
Prasanna Malaiyandi:So for those who haven't read it, go read The Cuckoo's Egg by Cliff Stoll.
Prasanna Malaiyandi:It's a really good book.
Prasanna Malaiyandi:It's, or sorry, cliff Stole.
Prasanna Malaiyandi:Yeah, it's a really good book.
Prasanna Malaiyandi:It's from the eighties about, uh, what would you say, an IT
Prasanna Malaiyandi:person trying to find a hacker.
Prasanna Malaiyandi:I'll leave it at that.
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:It's a fascinating story of, he's, he's, uh, a Unix cis admin at Berkeley Uni.
W. Curtis Preston:It's a true story.
W. Curtis Preston:He's a Unix CIS admin at Berkeley University, and they, they had, um,
W. Curtis Preston:this was when the Unix computers, like university Eunice computers with
W. Curtis Preston:Bill for time, and they had both the onboard, like the native time system,
W. Curtis Preston:and they had the, um, and they had a commercial one, and they were, they were
Prasanna Malaiyandi:75 cents.
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:yeah, that's what, 75 cents.
W. Curtis Preston:And so he just went as a project just because, um, and he ended up, you
W. Curtis Preston:know, un uncovering, uh, hackers.
W. Curtis Preston:And this is before, um, that was
W. Curtis Preston:considered a crime.
W. Curtis Preston:So like he, like he's, he goes to the FBI and FBI's like,
W. Curtis Preston:Well, did they steal anything?
Prasanna Malaiyandi:more than a million dollars?
Prasanna Malaiyandi:They're like, no.
Prasanna Malaiyandi:Do they steal classified information?
Prasanna Malaiyandi:Nope.
Prasanna Malaiyandi:They're like, not our problem.
W. Curtis Preston:Yeah.
W. Curtis Preston:It's,
W. Curtis Preston:it is a fascinating story and where it ends up
W. Curtis Preston:is, you know, it, I, I think it just, it
W. Curtis Preston:just gets better and better as
Prasanna Malaiyandi:I think
Prasanna Malaiyandi:everyone should read that.
Prasanna Malaiyandi:If you're into security and you want to see how it was done,
Prasanna Malaiyandi:like in the Hey days, right?
Prasanna Malaiyandi:In the very, very early days before all of this stuff actually happened.
Prasanna Malaiyandi:Read the book
W. Curtis Preston:back when I had brown hair,
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:Go.
Prasanna Malaiyandi:Go read the book.
Prasanna Malaiyandi:It's
W. Curtis Preston:Scott, have you, have you ever read that book?
Scott McCrady:I haven't, but I, uh, I typed it in while you guys
Scott McCrady:were talking, so it will be, uh,
Scott McCrady:I am a voracious reader, so I
Scott McCrady:will, uh, it is on the list.
W. Curtis Preston:it's, it is, it is a, you know, it's written as a, as a story.
Scott McCrady:Yeah.
W. Curtis Preston:Um, and you know, it's in a day before monitors.
W. Curtis Preston:Like he has a, he has a printer.
W. Curtis Preston:He has a printer that's printing, like he puts in honeypots and, and he's sleeping
W. Curtis Preston:in the data center
W. Curtis Preston:to, to
W. Curtis Preston:listen for the printer
Prasanna Malaiyandi:part is he's an astronomer,
Prasanna Malaiyandi:astronomer by education, right?
Scott McCrady:my education.
Scott McCrady:Yeah.
Scott McCrady:But those were just the days where people just got in and
Scott McCrady:started, you know, doing that.
Scott McCrady:I mean, it's actually not that different than today, but,
Scott McCrady:you know, back then it was pretty, uh,
Scott McCrady:it was all, all
Prasanna Malaiyandi:
Speaker:recommend reading that book.
Prasanna Malaiyandi:
Speaker:And the reason I brought it up is because we are talking about
Prasanna Malaiyandi:
Speaker:security and it just, uh, hit me.
Prasanna Malaiyandi:
Speaker:I was like, oh, I gotta remember, tell Curtis.
W. Curtis Preston:Yeah.
W. Curtis Preston:Scott, Scott was like, why are we talking about a book called Cuckoo's Egg?
W. Curtis Preston:Um,
Scott McCrady:Well, we've covered barbecue, spicy food, and books,
Scott McCrady:which are three of my favorite things.
Scott McCrady:So
Scott McCrady:I can we call, can we call the podcast a success?
W. Curtis Preston:Exactly.
W. Curtis Preston:We, we could cover beer if you'd like.
W. Curtis Preston:Um, I.
W. Curtis Preston:I.
W. Curtis Preston:made beer for a few years, uh, so we could talk about that as well.
W. Curtis Preston:So, I mean, but, but let me, let me ask you this, besides what I see as
W. Curtis Preston:the ever present worry of ransomware,
Scott McCrady:Mm-hmm.
W. Curtis Preston:what else, uh, are, are today's IT departments worried
W. Curtis Preston:about from a security perspective?
Scott McCrady:Well, ,I think.
Scott McCrady:Um, That's a great question actually.
Scott McCrady:I don't know if I've ever been asked that question because they'll say
Scott McCrady:what, you know, question or what, what keeps people up at night?
Scott McCrady:But outside of ransomware, I think, you know, Curtis, I think if you were
Scott McCrady:to synthesize right this thing down is ransomware is the, uh, threat of the day,
Scott McCrady:or it's the term that everybody knows,
Scott McCrady:but ransomware now is really sort of morphed into lots of different things.
Scott McCrady:And so, um, you get, there's terms like double ransomware,
Scott McCrady:um, there's, uh, obviously the, the information gets, uh, stolen.
Scott McCrady:And so what's happening is just the extortion where, uh, and so what's
Scott McCrady:happened is just the process of people getting into organizations, uh, is causing
Scott McCrady:this ability because of the threat is really sort of morphed into sort of
Scott McCrady:what we call threat as a service or tax as a service, or hacking as a service.
Scott McCrady:You don't have to be the smartest guy in the room to go hack somebody.
Scott McCrady:Now you can literally just point and click there's, there's wind, you know, things
Scott McCrady:that look like Windows applications.
Scott McCrady:You can install a widget.
Scott McCrady:and all of a sudden you can start hacking for almost nothing and not
Scott McCrady:really know what you're doing besides if you can move a mouse around.
Scott McCrady:So the whole threat landscape scape has changed.
Scott McCrady:Ransomware tends to get the notice because there's notifications.
Scott McCrady:Um, for a lot of the larger companies, it's a way of getting payments out.
Scott McCrady:But when you start talking about the overall small medium enterprise, um,
Scott McCrady:and just the massive number of companies that the, the US has specifically, um,
Scott McCrady:once somebody's inside the organization, they've got, uh, the ability to wire.
Scott McCrady:Uh, so wire fraud is huge.
Scott McCrady:Um, they take taking over an account, uh, and do an extortion based on, uh,
Scott McCrady:components that you have in your account.
Scott McCrady:Uh, so there's all these different sort of knock on effects the
Scott McCrady:customers once they're breached.
Scott McCrady:And what,
Prasanna Malaiyandi:Or I guess you're talking about the knock on effects.
Prasanna Malaiyandi:I guess even once they breach one of these, say small medium businesses, they
Prasanna Malaiyandi:could use that also as a launching point to attack other organizations as well.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:Kind of bringing them.
Scott McCrady:You're right on the money.
Scott McCrady:It's called supply chain risk, right?
Scott McCrady:And that supply chain risk, the classic is the H V A C company that,
Scott McCrady:you know, got, was the mechan, was the mechanism to get into target.
Scott McCrady:Uh, and so those, those small, medium organizations can actually be the
Scott McCrady:threat vector into, uh, a, a future
Prasanna Malaiyandi:In fact, a lot of the attacks we've seen right have been.
Prasanna Malaiyandi:about the actual organization, more about like a vendor or someone else,
Prasanna Malaiyandi:or a third party who had access to a company, which then allowed the attacker.
Prasanna Malaiyandi:And like if I go back and think Curtis about like the Okta hack
Prasanna Malaiyandi:right, was a third party right?
Prasanna Malaiyandi:That had access to Okta.
W. Curtis Preston:Yeah.
W. Curtis Preston:And that was, wasn't that one Scott, where they didn't necessarily do anything Right.
W. Curtis Preston:They just showed that they got access.
W. Curtis Preston:They showed some screenshots.
W. Curtis Preston:Do you remember the, this one, Scott?
Scott McCrady:I don't know if that one specifically, um, what you do see with
Scott McCrady:a lot of the service providers, um, and you just saw it with last pass, is
Scott McCrady:there's a variety of reasons why, uh, an organization would get, would breach.
Scott McCrady:And so it could be just the consumption of the underlying data.
Scott McCrady:So if it's a nation state, they literally are just building profiles
Scott McCrady:on, you know, people in entities and organizations in the us.
Scott McCrady:Um, so it could just be a theft, uh, it could be ransom, it could be
Scott McCrady:financial, um, or it could be, uh, to leave code behind or leave breaches
Scott McCrady:behind that they can then, um, weaponize at some point in time in the future.
Scott McCrady:Uh, and so as, as an example in the past year, uh, you've seen about plus
Scott McCrady:minus about four times as many zero days in the last 12 months, and you
Scott McCrady:saw in the last four years, And so, um, a lot of those appeared to have
Scott McCrady:already been obviously, uh, they were already, no, no, sorry, not known.
Scott McCrady:They're already created, but they hadn't been used yet because they're
Scott McCrady:being, they were waiting to use those when the time was right.
Scott McCrady:And so you, you see these patterns that emerge based on what's happening
Scott McCrady:around the world, um, what's happening in the economy, uh, or if
Scott McCrady:they're what, uh, organizations or nation states want to accomplish.
Scott McCrady:And, and that's sort of, you see this wave of threat patterns of which ransomware
Scott McCrady:is, is obviously fitting inside of that.
Scott McCrady:Um, but when you look at something like a zero day, you're not usually
Scott McCrady:going to use that on a mid-tier
Prasanna Malaiyandi:That's interesting.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:I never would've thought like,
Prasanna Malaiyandi:sort of stockpiling your zero days, right.
Prasanna Malaiyandi:And then using it.
Scott McCrady:Oh, for sure.
W. Curtis Preston:Yeah, but isn't that like if you, so, so what
W. Curtis Preston:you're saying, let me make sure I understand what you're saying.
W. Curtis Preston:So someone develops an exploit that is unknown to anyone but themselves,
W. Curtis Preston:and then they're just sitting there waiting for the right moment to use it.
W. Curtis Preston:Is That
Scott McCrady:That is exactly what I'm saying.
Scott McCrady:Yep.
W. Curtis Preston:Because I would think that once they get an exploit, they'd
W. Curtis Preston:want to use it right away before anybody finds out about it and patches it and
Scott McCrady:Not, if not, if you're a nation state, Curtis, um, you
Scott McCrady:wanna keep these in your back pocket.
Scott McCrady:Now some of these are against, uh, you gotta remember, and, and there's a lot
Scott McCrady:of different verticals that are targets.
Scott McCrady:You've got, um, infrastructure pipelines as an example.
Scott McCrady:You've got, um, systems that, um, operate iot.
Scott McCrady:So there's a lot of different areas.
Scott McCrady:So when you talk about zero days, we tend to think like
Scott McCrady:zero day on a Windows machine.
Scott McCrady:But the, um, but the, the spectrum of what can have a zero day is
Scott McCrady:actually quite large cuz so many connected machines are out there.
W. Curtis Preston:That's, yeah.
W. Curtis Preston:Um, fascinating.
W. Curtis Preston:I, I, I actually never even, never even
Prasanna Malaiyandi:But I guess the one downside of sort of keeping it in
Prasanna Malaiyandi:your back pocket is someone may discover the exploit or the bad code, right?
Prasanna Malaiyandi:And go and patch it before you get it.
Prasanna Malaiyandi:But like you said, it's like if it's existed around for a while, maybe no one's
Prasanna Malaiyandi:going to notice it, and it's probably a risk that they're willing to take.
Prasanna Malaiyandi:Right.
Scott McCrady:Yeah, and again, it
Scott McCrady:really is organizational dependent.
Scott McCrady:So if you're, if you are a, uh, threat acting organization that's really designed
Scott McCrady:around making money, you're probably going to use it relatively quickly.
Scott McCrady:Um, get your money.
Scott McCrady:If you are a nation state, uh, targeting infrastructure, then you may hold in
Scott McCrady:your back pocket because it may not be super common to find, uh, that zero
Scott McCrady:day inside a piece of infrastructure.
Scott McCrady:A zero day in windows obviously is, is, you know, the golden
Scott McCrady:goose in a lot of cases.
Scott McCrady:So each of the systems and the goals of the underlying, uh, technology and the
Scott McCrady:underlying organization dictates the use of how the different attacks are done.
Scott McCrady:One of the things in most of the conversations talk about, uh, malicious
Scott McCrady:activities, by the way, because that's what sort of, everyone's used to,
Scott McCrady:like, they think about the virus on the machine, but really in today's world,
Scott McCrady:a significant amount of the attacks and especially the damaging ones start, um,
Scott McCrady:with known username and credentials.
Scott McCrady:And so about 60 to 70% of the actual, um, More damaging attacks actually start from
Scott McCrady:the fact that somebody harvests it, Scott McCrady's credentials and now the bad
Scott McCrady:actors are logging in as Scott McCrady.
Scott McCrady:So, um, now they may in the future drop a piece of code or they may put a file
Scott McCrady:list, uh, executable up in memory that's downloading stuff from the internet.
Scott McCrady:But because we spent so much time talking about malicious attacks and
Scott McCrady:zero days and things like that, it actually does, I think, obfuscate from
Scott McCrady:the fact that there's a whole breadth of breaches that start from the fact
Scott McCrady:that the bad actors are logging in
Prasanna Malaiyandi:like this is like phishing attacks and
Scott McCrady:So they're log,
Prasanna Malaiyandi:that give their
Scott McCrady:well, no, not even that.
Scott McCrady:So let's, so imagine a phishing attack that says, Hey, you
Scott McCrady:know, um, re-log into Azure ad you click on the button, you put your username
Scott McCrady:and password in, it says, thank you.
Scott McCrady:Now they have your username and
Scott McCrady:password.
Scott McCrady:They log in as Scott McCrady.
Scott McCrady:How do you
Scott McCrady:know that that's not me, right?
Scott McCrady:Because they just logged in as me.
Scott McCrady:So, um, I guess my point being is we talk a lot about malicious,
Scott McCrady:which we should malicious code.
Scott McCrady:There's a whole world around, um, trying to protect
Scott McCrady:organizations from, um, legitimate
Scott McCrady:access
Prasanna Malaiyandi:Do you know what the split in your mind, what the split
Prasanna Malaiyandi:between those two categories would be?
Prasanna Malaiyandi:Like?
Prasanna Malaiyandi:Are most of it through the harvesting credentials side of things?
Prasanna Malaiyandi:Sort of less of it around the malicious attacks.
Scott McCrady:Yeah.
Scott McCrady:60 to 70% of the, uh, of the more significant breaches start with harvest,
Scott McCrady:with some sort of harvested credential.
W. Curtis Preston:and it, it's funny you, you said that literally like the
W. Curtis Preston:question that I was going to ask you before you started talking about this.
W. Curtis Preston:Um, so I say a lot that if everyone.
W. Curtis Preston:just use good password, uh, rules.
W. Curtis Preston:Right?
W. Curtis Preston:Which is like not using the same username and password everywhere.
W. Curtis Preston:Um, using mfa,
Scott McCrady:Mm-hmm.
W. Curtis Preston:you know, and having a decent password.
W. Curtis Preston:Right.
W. Curtis Preston:Um, and not using m or I'm sorry, and, and use mfa if, if just
W. Curtis Preston:everybody did those two things,
W. Curtis Preston:it would stop a significant portion of the attacks out there.
W. Curtis Preston:What do you think about that?
Scott McCrady:If somebody says, what's the one thing I can do?
Scott McCrady:I would say, turn on mfa.
Scott McCrady:Now there's ways of getting around it.
Scott McCrady:Uh, you know, there's
Scott McCrady:there's more elegant means.
Scott McCrady:Most people still think of like the, the phone messages.
Scott McCrady:Uh, but some of the authenticators tied in to, you know, some of the
Scott McCrady:major products these days, um, are, are a lot more seamless than what
Scott McCrady:people probably think they are.
Scott McCrady:Uh, so, um, it, to your point, Curtis, yeah.
Scott McCrady:When I get asked, what's the one thing you do?
Scott McCrady:I'm like, turn on mfa.
Scott McCrady:It's, it's, now there are ways again to get through that, but it is a massive, uh,
Scott McCrady:benefic,
W. Curtis Preston:So let, let, lemme tell you something, uh, Scott,
W. Curtis Preston:there's a, there's a new movie that's in the theaters right now called
W. Curtis Preston:Missing and um, it's, it's a sec.
W. Curtis Preston:It's a standalone sequel to the movie searching.
W. Curtis Preston:Both of them have the same premise where it's, um, where it's somebody's
W. Curtis Preston:searching, looking for somebody that's disappeared and they're doing it all
W. Curtis Preston:on the computer screen and the whole, the whole movie's, the computer screen.
W. Curtis Preston:and and in this movie, one of the plot, you know, developments is
W. Curtis Preston:that the, the character figures out how to hack into an account, right?
W. Curtis Preston:And this person, um, then, then they're able to get into every other account
W. Curtis Preston:cuz they use the same username and password on every one of the accounts.
W. Curtis Preston:And not one of them had MFA turned on , right?
W. Curtis Preston:The movie would've been a lot shorter if, uh, if, if they had
Scott McCrady:A lot less drama if they got caught after five minutes.
Scott McCrady:And, uh,
W. Curtis Preston:Yeah, but I, I've literally, the, the best part is the
W. Curtis Preston:person that they were able to, uh, do this to is a security specialist,
Scott McCrady:Yeah, of course, of course.
Scott McCrady:Welcome to Hollywood.
Scott McCrady:I, I, uh, I lived in, uh, I lived in, uh, you know, overseas, uh, in a few places.
Scott McCrady:And, uh, there, let's just say that the, uh, viewpoint of Americans
Scott McCrady:was very Hollywood centric.
Scott McCrady:So, you know, they'd be like, you know, are, are gangs just running
Scott McCrady:wild and shooting people on this?
Scott McCrady:We're like, I know, you know, that's not, like, that's not happening.
Scott McCrady:Um, and so Hollywood does tend to, I don't know if you guys
Scott McCrady:remember this movie called Swordfish, where Hugh Jackman early days, and
Scott McCrady:like, he's like dancing in his chair as he's hacking into stuff with
Scott McCrady:like 75 screens up in front of him.
Scott McCrady:And I'm like, yeah, that's, that's exactly, that is literally
Scott McCrady:exactly the way it goes down.
Scott McCrady:That's, that's exactly what happens.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, the, yeah, it's funny, I, I, I, I gave up like criticizing movies,
W. Curtis Preston:uh, for the most part for that stuff.
W. Curtis Preston:Uh, and, and more like applauding when they actually get it, uh, correct.
Scott McCrady:yes.
W. Curtis Preston:Right.
W. Curtis Preston:Um, which, which is not , which means I don't have to do it very often, so, yeah.
W. Curtis Preston:So, so you said MFA and Well, let, let me, um, so we, we talked about LastPass,
W. Curtis Preston:uh, and by the way, we did a whole episode on LastPass a couple weeks ago.
W. Curtis Preston:And, and the thing for us, by the way that that's interesting about the
W. Curtis Preston:LastPass story is, is it was their backup system that ultimately, uh,
W. Curtis Preston:was the result of the, it was the, you remember it was a two-phase hack, right?
W. Curtis Preston:And it was the, they ended up being able to access the backup system and
W. Curtis Preston:get, get ac, get their hands on the, you know, the, um, what do you call
W. Curtis Preston:that?
W. Curtis Preston:What do you call that?
W. Curtis Preston:The um, The vault.
W. Curtis Preston:I was gonna use a, like a, anyway, uh, sometime.
W. Curtis Preston:I'm sorry.
W. Curtis Preston:English is not my first language.
W. Curtis Preston:Oh, wait, it is.
W. Curtis Preston:Um, but yeah, that, having, having said that, I am still a
W. Curtis Preston:huge fan of password managers.
W. Curtis Preston:Um, and I I'm just curious if you have a, if you have a, an alternative to that.
W. Curtis Preston:If you, what, what do you think about password managers
Scott McCrady:I mean, absolutely necessary.
Scott McCrady:Uh, we're going to move away from passwords, so it's gonna become a
W. Curtis Preston:at some point?
W. Curtis Preston:Right.
Scott McCrady:in the future.
Scott McCrady:But obviously in today's world, you know, you gotta have a password manager.
Scott McCrady:Uh, but the, and the reality is, is that, uh, the, the joke that we
Scott McCrady:were just making about the Hollywood folks, but it's, it's not an uncommon
Scott McCrady:situation where, uh, you know, the passwords are used more often, you
Scott McCrady:know, more often.
Scott McCrady:And so they're like, well have the, have the 20, you know, letter
Scott McCrady:and number and all that stuff.
Scott McCrady:But again, the way that that's usually, uh, received is from
Scott McCrady:a breach from somewhere else.
Scott McCrady:Or they, they harvest it, right.
Scott McCrady:And.
Scott McCrady:To your point around mfa, changing your passwords, things along those lines.
Scott McCrady:Um, a lot of the work that we do is around securing organizations, uh, obviously
Scott McCrady:from malicious activity, but also from legitimate login via nefarious actors.
Scott McCrady:And so there's, there's outside of, of, um, just looking for malicious
Scott McCrady:code dropped on machines, there's way to look at seeing what people are
Scott McCrady:doing, how they're writing, what things that they're, they're taking care of.
Scott McCrady:So imagine that somebody logs in as, as Scott or Curtis, and they're looking
Scott McCrady:at emails and they want a wire done.
Scott McCrady:This is super common.
Scott McCrady:They'll send a, an email message to someone saying, Hey, this is
Scott McCrady:Scott, please send this wire here.
Scott McCrady:Here's the information.
Scott McCrady:We, there's ways of detecting that now.
Scott McCrady:Um, and just go, okay, that there's almost no chance that Scott, even
Scott McCrady:though they used Scott's name password, he's logged in as him.
Scott McCrady:Uh, maybe it's from a different location than he usually is.
Scott McCrady:There's a lot of his style.
Scott McCrady:Maybe he doesn't put deer in his, you know, response emails.
Scott McCrady:Almost never.
Scott McCrady:I mean, there's all these things that can trigger.
Scott McCrady:That we spend a lot of time on to try to make sure that we can, uh,
Scott McCrady:help secure
Scott McCrady:organizations.
Prasanna Malaiyandi:Past guests on the podcast, we've talked
Prasanna Malaiyandi:about that sort of thing, right?
Prasanna Malaiyandi:Being able to detect these patterns is sort of fine tuning for each environment.
Prasanna Malaiyandi:It's sort of complex, and when you end up with a lot of false positives, it's
Prasanna Malaiyandi:almost like the boy who cried wolf, right?
Prasanna Malaiyandi:At some point people just start to ignore those.
Prasanna Malaiyandi:So how do you go about this
Scott McCrady:Prasanna, I'm gonna, I'm gonna slip you a 20 after this for leading
Scott McCrady:me, leading into my, uh, my spiel here.
Scott McCrady:Uh, no.
Scott McCrady:I, so I spent 20 years in the MSSP space, right?
Scott McCrady:I, I helped build out, um, the largest MSSP in the world, built out their
Scott McCrady:APJ business, and then ran their global s p business as with Symantec.
Scott McCrady:Um, helped build FireEye, Mandy, and SSP business, uh,
Scott McCrady:and we call it alert fatigue.
Scott McCrady:And so the standard model, uh, is.
Scott McCrady:Uh, you have a person or people, especially in the large enterprise,
Scott McCrady:right, they have to weed their way through the 40, 4500 security vendors,
Scott McCrady:figure out which of 'em, um, look interesting, do proof of concepts on
Scott McCrady:the top two or three, land on one, sign the contract, pay the upfront payment,
Scott McCrady:put the, all the stuff in place.
Scott McCrady:And then when they're done, they kick a bunch of data over to the
Scott McCrady:SS P M S P looks through it all and then sends over alerts going back
Scott McCrady:saying, Hey, this is informational.
Scott McCrady:This is a warning.
Scott McCrady:Which means, I don't know, it could be something bad, could not be bad.
Scott McCrady:I don't know.
Scott McCrady:This one looks critical, looks like there's something bad, but
Scott McCrady:we can't do anything about it.
Scott McCrady:Here's some things you can go check.
Scott McCrady:Um, and that model to me was very broken.
Scott McCrady:And so, especially in the mid-market.
Scott McCrady:Uh, and so we took a very different approach and tried to take the lessons
Scott McCrady:learned from 20 years, uh, of doing this for the global 1000 and, uh, trying
Scott McCrady:to deliver something that is much less alert, fatigue and much more, uh, what
Scott McCrady:we call practical security that, uh, allows organizations to have really.
Scott McCrady:truly, you know, fortune 500 level nation state creates security, but
Scott McCrady:tone down the noise and actually just solve the problems as they come up.
Scott McCrady:Keep the breaches from happening,
Prasanna Malaiyandi:Because especially in these companies, organizations, I
Prasanna Malaiyandi:should say, they may not have like the same level of security experts as you
Prasanna Malaiyandi:would in those like global one thousands.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:And so
Prasanna Malaiyandi:they probably don't.
Prasanna Malaiyandi:Well, every once in a while, maybe they spent enough money to hire
Prasanna Malaiyandi:away the right set of folks, right?
Scott McCrady:Mm-hmm.
Prasanna Malaiyandi:Yeah.
Scott McCrady:It's very, so what you tend to find in the, so when we built
Scott McCrady:solcyber, we've explicitly said we wanted to target the mid-market because
Scott McCrady:they struggle to get access to the capabilities and when the capabilities are
Scott McCrady:a combination of, of the classic people, process and technology, but a lot of the
Scott McCrady:best in class tech, they don't really sell it below 2000 users, 2000 employees.
Scott McCrady:It's kind of hard to get your hands on it.
Scott McCrady:Um, the stuff we use for user behavioral analysis, If you're below 10,000
Scott McCrady:employees, you're never, you're, you, you're not even going use it.
Scott McCrady:It's too complex, it's too heavy.
Scott McCrady:Um, and so, uh, it's just hard, um, to get ahold of tech.
Scott McCrady:The second thing is, is the right people.
Scott McCrady:And so, you know, you're 400 employees.
Scott McCrady:You may have two or three folks total, right?
Scott McCrady:One person who may be super savvy at security or maybe
Scott McCrady:actually just a good IT person.
Scott McCrady:And so how do they work their way through this
Scott McCrady:massive mound of security stuff to figure out what actually
Scott McCrady:secures the organization?
Scott McCrady:Or you have somebody who's super, super smart, they really understand security.
Scott McCrady:They don't have the
Scott McCrady:people to manage it, the time to put it all in place
Prasanna Malaiyandi:Or even budgets.
Scott McCrady:Uh, and so,
Scott McCrady:and then the third one is the budget, right?
Scott McCrady:Is stroking these upfront payments so that you're, you're hitting on the head.
W. Curtis Preston:So two things.
W. Curtis Preston:One is, Uh, time for me to do
W. Curtis Preston:our disclaimer, uh, Prasanna and I work for different companies.
W. Curtis Preston:He works for Zoom.
W. Curtis Preston:I work for Druva.
W. Curtis Preston:And this is a, this is an independent podcast, not a podcast by the
W. Curtis Preston:company and the opinion set.
W. Curtis Preston:You hear our ours.
W. Curtis Preston:And, um, also if you wanna join the conversation, reach out to
W. Curtis Preston:me at w Curtis Preston, uh, at gmail or at WC Preston on Twitter.
W. Curtis Preston:And, um, you know, join the conversation.
W. Curtis Preston:Also, be sure to rate us, go to your favorite.
W. Curtis Preston:Uh, most of you, it looks like you're listening on, uh, uh,
W. Curtis Preston:apple, you know, uh, podcasts.
W. Curtis Preston:Uh, just scroll down to the bottom and you can give us, you know, six stars.
W. Curtis Preston:If you can give us six stars, that'd be great.
W. Curtis Preston:Um, by the way, you were, you were talking about, uh, fatigue, right?
W. Curtis Preston:So I just yesterday, so I use, um, uh, Zapier, like an automated tool and I've
W. Curtis Preston:been playing around with it, uh, of doing Reddit searches and, um, Just play.
W. Curtis Preston:You have to be careful with Reddit searches cuz you can get a lot.
W. Curtis Preston:And uh, I was like, oh, I'm gonna pick one of our, without saying who it is one
W. Curtis Preston:of our competitors who has a very unique name that isn't gonna show up anywhere
W. Curtis Preston:other than discussions about them.
W. Curtis Preston:And so I put them in and uh, on the video, uh, I'm gonna take
W. Curtis Preston:this out, but this is today
Scott McCrady:Mm-hmm.
W. Curtis Preston:and I can't imagine if those were security things
W. Curtis Preston:that I had to actually reply to.
Scott McCrady:That's right.
Scott McCrady:No, guys.
Scott McCrady:It literally came up on a conversation with a customer today is they
Scott McCrady:said, how do you get around this?
Scott McCrady:And we actually spent a lot of time talking through how we, uh,
Scott McCrady:really streamlined the alerts, um, and the responses to make it
Scott McCrady:much more practical because they, they'd used an MSSP in the past and.
Scott McCrady:They're like, it was just like
Scott McCrady:they gave me more work.
Scott McCrady:They didn't save me time.
Scott McCrady:They made my life, they made my life worse.
W. Curtis Preston:By the way, I should have, I should have made you
W. Curtis Preston:do this before, but what is an m s.
Scott McCrady:Ah, managed security service provider.
W. Curtis Preston:thank you.
W. Curtis Preston:Uh,
Prasanna Malaiyandi:what does it do?
Prasanna Malaiyandi:Yeah,
W. Curtis Preston:what is that?
W. Curtis Preston:Yeah.
Scott McCrady:Yeah, so it's a great question.
Scott McCrady:It started out, um, historically if you, you know, if you guys, we were
Scott McCrady:talking about the eighties before, uh, when firewalls and IDSS came
Scott McCrady:out, large organizations had NOCs,
Prasanna Malaiyandi:
Speaker:Network Operation Center,
Scott McCrady:Yes, sir.
Scott McCrady:And so if you think of somebody like Eeds or ibm, they had these big,
Scott McCrady:beautiful BU buildings that showed that the network was all up and
Scott McCrady:running and online and all that jazz.
Scott McCrady:Uh, when all of a sudden these firewalls and IDs is inion detection systems
Scott McCrady:started generating lots of data, nobody knew what to do with them.
Scott McCrady:There was no system to dump that data into, right?
Scott McCrady:And so, um, your first security operation center was one who manages
Scott McCrady:the firewall and the IDs just from a day-to-day care and feeding.
Scott McCrady:But two, the, you, you generate the data in order to do something with it.
Scott McCrady:And.
Scott McCrady:Um, the process of gathering up that data and running analytics against it
Scott McCrady:was really the foundation of the first MSSP and that that contrasts with an
Scott McCrady:msp, which is a managed service provider.
Scott McCrady:And these get confused often.
Scott McCrady:And MSP is basically looking after your it, right?
Scott McCrady:Do you have your laptop set up?
Scott McCrady:Is your email turned on?
Scott McCrady:Um, that is not what an MSSP does and somebody like us, um, which is a
Scott McCrady:specialty mssp, we really focus on the threat and trying to keep organizations
Scott McCrady:protected, you know, against the threat.
Scott McCrady:So we don't, you know, we don't manage firewalls.
Scott McCrady:There's tons of infrastructure companies and MSPs that do that.
Scott McCrady:We'll take a data feed from your firewalls, for instance.
Scott McCrady:Uh, and that's really the core
Scott McCrady:difference.
Prasanna Malaiyandi:So when you get this feed, then are you basically acting,
Prasanna Malaiyandi:so are you acting on that data or are you sort of crunching it, looking at
Prasanna Malaiyandi:patterns, anomalies, et cetera, and then spitting it back to the customer's?
Prasanna Malaiyandi:Uh, security operation center?
Scott McCrady:right?
Scott McCrady:That's the standard model.
Scott McCrady:What Prasanna?
Scott McCrady:We built something very different.
Scott McCrady:What we did was, we said, um, for a mid-market company, which we consider a
Scott McCrady:hundred users up to about 200 employees, uh, there's a set of stuff everybody
Scott McCrady:needs to secure their environment.
Scott McCrady:We call it foundational coverage.
Scott McCrady:Uh, and if you look at the kill chain, Lockheed Martin kill chain, there's
Scott McCrady:a big one, there's a small one.
Scott McCrady:Um, there's a standard set of activities that a malicious actor
Scott McCrady:goes through in order to breach an organization and then either lock
Scott McCrady:up the data or exfiltrate the data.
Scott McCrady:And so in order to protect against that, you need about eight different things.
Scott McCrady:What we did was we went out and used the tools that we've been using at,
Scott McCrady:you know, these big, big companies and we put those into a package
Scott McCrady:that we call foundational coverage.
Scott McCrady:And we sell that to an organization and it's all inclusive.
Scott McCrady:So you get your, inst your implementation, you get your licensing,
Scott McCrady:you get your management, you get your monitoring, uh, you get your
Scott McCrady:detection, and you get your response.
Scott McCrady:Um, and so our model is very different because.
Scott McCrady:The tech stack that underlines a lot of the problems in the breaches
Scott McCrady:is not under the control of the
Scott McCrady:mssp, it's under the control of the customer.
Scott McCrady:Um, and our view, especially in the mid-market, is they weren't
Scott McCrady:getting best-in-class tools.
Scott McCrady:We used to joke that they've got AV and a firewall, and that's not gonna
Scott McCrady:protect, uh, people in today's world.
Scott McCrady:And so think of NextGen E P P E D R capabilities.
Scott McCrady:Think of user behavioral
W. Curtis Preston:you're gonna have to define that acronym.
Scott McCrady:E P P EDR is basically endpoint protection and
Scott McCrady:endpoint detection and response.
Scott McCrady:And so think of a really high-end piece of code running on a machine
Scott McCrady:that allows one to detect if somebody's changed a, a process on the machine.
Scott McCrady:And two, allows someone like us to get onto that machine
Scott McCrady:and fix it if something malicious is happening.
Scott McCrady:Uh, user behavioral analysis, U B a, um, process of mapping out of people are doing
Scott McCrady:weird random things that appear abnormal.
Scott McCrady:So
W. Curtis Preston:like suddenly uploading a lot of data from somewhere.
Scott McCrady:perfect example.
Scott McCrady:And so these, these components we actually sell per user per month.
Scott McCrady:Now each of these components, usually you have to pay up front for, you
Scott McCrady:have to deploy them, you have to do a POC on 'em, and then you have to
Scott McCrady:obviously, uh, sell, you know, uh, manage 'em and detect and all that stuff.
Scott McCrady:So what we do is very different Prasanna is we sell all of that.
Scott McCrady:Now on top of that core set of stuff that protects every company.
Scott McCrady:There's a lot of other things that people can send to us.
Scott McCrady:We call 'em data feeds.
Scott McCrady:We, we take data feeds from like 400 different technologies
Scott McCrady:and we'll use that as
Scott McCrady:context.
Scott McCrady:We'll correlate all the data, um, and, and things like that.
Scott McCrady:So that's how we do things differently.
W. Curtis Preston:So li a little confused there.
W. Curtis Preston:Um.
W. Curtis Preston:You, it sound like some of the things a person needs to protect
W. Curtis Preston:their environment you provide and some that they're providing.
W. Curtis Preston:Uh, so he help me understand that.
Scott McCrady:we draw the line between what we consider in, in infrastructure
Scott McCrady:and then threat.
Scott McCrady:And so what we provide is, is all cloud-based capable, but they're
Scott McCrady:tools that land on the endpoint.
Scott McCrady:And so we start at the user and we say, how do we protect
Scott McCrady:the user and the identity?
Scott McCrady:Um, and things that encompass all of that are included in the service.
Scott McCrady:But if, if a, if an, if a customer said, Hey, I've got 400 employees and I've got
Scott McCrady:two offices and my employees are most of the time at the house, but sometimes come
Scott McCrady:to the office and at the office we have a firewall, um, we're like, great, we'll
Scott McCrady:take a data feed from your firewall, but we're not gonna sell 'em a firewall and
Scott McCrady:implement a firewall because generally speaking, we consider that infrastructure
Scott McCrady:traditionally with sort of security.
Scott McCrady:But a lot of that type of stuff has moved over to an infrastructure team.
Scott McCrady:So whoever's handling their router switches and laptops can
Scott McCrady:usually also deploy the firewall.
Scott McCrady:And that's how we define it.
W. Curtis Preston:Just finished the thought here.
W. Curtis Preston:And what about, what about servers, infrastructure and,
W. Curtis Preston:and cloud infrastructure?
W. Curtis Preston:What about, because it sounds like you're focusing on the endpoint.
W. Curtis Preston:What about that other part of the infrastructure?
Scott McCrady:Uh, so servers we consider an endpoint.
Scott McCrady:Uh, so
Scott McCrady:we can take what we're doing, uh, on, you know, Scott's machine and do it at, at a
Scott McCrady:server, which most of our customers do.
Scott McCrady:Uh, and then cloud.
Scott McCrady:Great question.
Scott McCrady:There's essentially two types of security for the cloud.
Scott McCrady:Uh, the first one is threat.
Scott McCrady:So we can actually take a data feed from every cloud provider's
Scott McCrady:security, uh, tools toolkit.
W. Curtis Preston:Mm-hmm.
Scott McCrady:so that's the cloud watchers, what have you.
Scott McCrady:We can take a data feed and we have a bunch of analytics we run against that.
Scott McCrady:The second piece is, um, a more sophisticated layer
Scott McCrady:of security in the cloud.
Scott McCrady:And so there's tools that can be deployed.
Scott McCrady:Into the cloud.
Scott McCrady:So there's a, there's a concept called, uh, cloud security and posture management.
Scott McCrady:So a lot of your big breaches have happened because somebody left the front
Scott McCrady:door open to their storage . Um, and so what this does is in real time looks for
Scott McCrady:a change in that posture that says that that's now probably an open, uh, an open
Scott McCrady:service or an open storage, uh, container.
Scott McCrady:Uh, and so there's tools that can be deployed, deployed there,
Scott McCrady:and we offer all those, we call those extended coverage options
Scott McCrady:because not every customer has a sophisticated cloud infrastructure.
Scott McCrady:Uh, and so we don't put that in foundational because not
Scott McCrady:every customer needs it.
Scott McCrady:Uh, but uh, we do offer those as extended
Prasanna Malaiyandi:Do you support?
Prasanna Malaiyandi:Like I know you talked about server, you talked about
Prasanna Malaiyandi:device, you talked about cloud.
Prasanna Malaiyandi:What about SaaS services?
Prasanna Malaiyandi:Like are there things you do around Microsoft 365?
Prasanna Malaiyandi:and other services like Salesforce, et cetera,
Scott McCrady:Yeah, great question.
Scott McCrady:So the.
Scott McCrady:Majority, probably 80% of our customers are, are, have a cross section of things.
Scott McCrady:That cross section tends to be, uh, mostly remote with some, some
Scott McCrady:small offices, very sass heavy.
Scott McCrady:Right.
Scott McCrady:Um, and on Office 365, that would be like, if you were to say draw the circle, right.
Scott McCrady:80% would sort of land there.
Scott McCrady:And first of all, office 365 provides a lot of amazing identity telemetry.
Scott McCrady:So we scoop all that up and we, uh, we tie it into the back end
Scott McCrady:so that we can actually get the ID telemetry and correlate that
Prasanna Malaiyandi:it's like the data stream that we talked
Prasanna Malaiyandi:about with the firewalls.
Prasanna Malaiyandi:Similar to that, you just get a data stream.
Scott McCrady:exactly, and, and part of the reason why that matters is,
Scott McCrady:and this goes back to the whole alert, fatigue and noise and the, it's very
Scott McCrady:common in a lot of situations where the MSSP is saying something like, ten,
Scott McCrady:ten, ten seven we think has a problem.
Scott McCrady:Sort of like this.
Scott McCrady:These are the four things you need to go check.
Scott McCrady:And then, Prasanna or Curtis, you guys go run off and check it and
Scott McCrady:you come back and say, I'm not sure.
Scott McCrady:And then you contact us and we go back and forth.
Scott McCrady:What we're doing is we're switching that and we're trying to say, um, Scott
Scott McCrady:McCrady and his machine have a problem.
Scott McCrady:And we know that based on the identity data, the machine data, the user
Scott McCrady:data, um, and, and, and this is how we
Scott McCrady:solve that problem.
Scott McCrady:So because we track to user instead of the ips and knowledge
W. Curtis Preston:And, And, it sounds like you're able to, uh,
W. Curtis Preston:actually stop it, that you c you can actually affect the change necessary.
Scott McCrady:we can.
Scott McCrady:So we do.
Scott McCrady:So one of the frustrating parts of of security is these words
Scott McCrady:get sort of used by everybody.
Scott McCrady:And so there's a concept called response.
Scott McCrady:And so a lot of companies are not what I would call, they're being disingenuous in
Scott McCrady:the fact that they say they do response, but what they really are doing is notifi.
Scott McCrady:they're saying, Hey, we think we, we think we detected something, and
Scott McCrady:we're sending you a notification.
Scott McCrady:They call that response.
Scott McCrady:What we do is actual response.
Scott McCrady:So if we are, if we see, uh, a hash on a process change that we know
Scott McCrady:should never change, we're gonna go back there and try to quarantine that
Scott McCrady:process, quarantine that machine.
Scott McCrady:We're gonna do something if we can.
Scott McCrady:Uh, and that's, that's a fundamental difference about what we do because
Scott McCrady:again, if you're looking at the mid-market, do they have the people that
Scott McCrady:know how to go research and track that down and, and do what they need to do?
Scott McCrady:Oftentimes not
W. Curtis Preston:so let me ask you this.
W. Curtis Preston:Um, and, and I'm, I'm gonna preface my statement slash question with,
W. Curtis Preston:with the following statement.
W. Curtis Preston:I have never.
W. Curtis Preston:Bought a security product in my life.
W. Curtis Preston:. Okay.
W. Curtis Preston:Like for IT infrastructure.
W. Curtis Preston:Okay.
W. Curtis Preston:Um, obviously some stuff's from my own stuff, right?
W. Curtis Preston:But not nothing for a company.
W. Curtis Preston:Uh, I looked at your pricing model.
W. Curtis Preston:Um, first I did one of the simplest pricing models I've ever seen.
W. Curtis Preston:Uh, I like that.
Scott McCrady:one SKU,
W. Curtis Preston:What's that?
Scott McCrady:one
W. Curtis Preston:exactly?
Scott McCrady:Customers don't believe it.
W. Curtis Preston:Yeah.
W. Curtis Preston:I, I will say that I choked a little when I saw the number.
W. Curtis Preston:Um, that's why I'm saying I prefaced this with, I've never
W. Curtis Preston:paid for anything like this before.
W. Curtis Preston:Um, it, it, it just seemed like a lot be because it was per user, right?
W. Curtis Preston:I believe the current, it was current was $57, I think per.
Scott McCrady:$57.
W. Curtis Preston:Right.
W. Curtis Preston:So I'm sitting here going, so if I have, so you're going for the
W. Curtis Preston:mid-market, I've got 500 employees, I'm gonna be paying you $25,000 a month.
W. Curtis Preston:Uh, that seems like a lot to me.
Scott McCrady:Mm-hmm.
W. Curtis Preston:me understand how that compares
Scott McCrady:that's not a, that's not a lot
W. Curtis Preston:Yeah,
Scott McCrady:Um, no, it's a great question.
Scott McCrady:First of all, I wa it is funny because as far as I know, we're one
Scott McCrady:of the only companies that actually puts our pricing on our website.
Scott McCrady:Uh, so we have the sing, which we call, um, annoyances, and
Scott McCrady:we put make cartoons about it.
Scott McCrady:And so you'll go out to these, security comes, it'll like,
Scott McCrady:it'll be pricing, you'll click on it and we like contact sales.
Scott McCrady:Um, so we actually list out our pricing.
Scott McCrady:Now, I will say we have bands, so we, and we don't list out every
Scott McCrady:band, cuz that'd just be sort
Scott McCrady:of silly.
Scott McCrady:But, um, so obviously, you know, we're working with a company
Scott McCrady:that's like 4,000 employees.
Scott McCrady:You know, the band's lower than $57.
Scott McCrady:But candidly most com most of the time we sell our deals are at $57.
Scott McCrady:And the way it breaks down is a very basic security stack, not
Scott McCrady:even the stuff that we're doing.
Scott McCrady:If you're a 200 employee company, you're going to run about $40 in
Scott McCrady:license costs per user, per year.
Scott McCrady:Oh, sorry.
Scott McCrady:For per, per user, per month.
Scott McCrady:$40 and just the
W. Curtis Preston:just licensing.
W. Curtis Preston:Okay.
Scott McCrady:but all that licensing is going to be actual annual paid up front.
Scott McCrady:So they, you don't get charged per user per month.
Scott McCrady:You'd have to back into it.
Scott McCrady:You say, well, I'm gonna pay a hundred thousand dollars divided
Scott McCrady:by 200, you know, divided by 12.
Scott McCrady:So most organizations pay around $40 for what we'd call, you know,
Scott McCrady:relatively mid-tier cap capabilities.
Scott McCrady:Now, mid-tier tools, these aren't best
Prasanna Malaiyandi:
Speaker:That's just a softer stack,
Prasanna Malaiyandi:
Speaker:right?
Prasanna Malaiyandi:
Speaker:Yeah.
Scott McCrady:just the software stack, and this is street price by the way.
Scott McCrady:This is all stuff we've purchased in our life that we actually know exactly.
Scott McCrady:I mean, we got to, um, this things that we've, we've purchased.
Scott McCrady:So that's before you get somebody that actually has to deploy it and manage it,
Scott McCrady:has to, that's gonna run the simulations.
Scott McCrady:Um, so that's before what we call care and Feeding.
Scott McCrady:Uh, care and feeding for a standard 200 employee company for, uh, again, a basic
Scott McCrady:security stack is a person, it's a.
Scott McCrady:Today's world called a hundred, $125,000, um, for, you know, a
Scott McCrady:semicon for a competent IT person.
Scott McCrady:Uh, so there you go.
Scott McCrady:Right there, right?
Scott McCrady:So you're already over 57.
Scott McCrady:That's before you get into detecting response.
Scott McCrady:So that's before you actually take all that data out of there and run into
Scott McCrady:a 24 by seven system and then, you know, responds at whatever two in the
Scott McCrady:morning and actually fixes the problem.
Scott McCrady:So we tend to be about 40 to 50% cheaper, believe it or not, um, to do this than
Scott McCrady:actually trying to build it yourself.
Scott McCrady:Uh, we also don't charge upfront fees.
Scott McCrady:So we financially companies love it.
Scott McCrady:And to give you a sense, an MSP that if you were, if you were a hundred
Scott McCrady:or 200 person company, almost all of, use an MSP to manage their laptops and
Scott McCrady:their, you know, email and all that, they charge about 150 to 200 bucks
Scott McCrady:per user per month to do all that.
Scott McCrady:So,
Scott McCrady:um, we tend to get very, very, Yeah, we, we tend to get very, we're people
Scott McCrady:are very complimentary of the model.
Scott McCrady:We, we, uh, businesses is relatively speaking pretty good.
Prasanna Malaiyandi:Wow, that's Well, and just in my head I'm going and
Prasanna Malaiyandi:thinking about, okay, so there was like, you were talking about the M S P was
Prasanna Malaiyandi:like a hundred to 150 a user, right?
Prasanna Malaiyandi:Security is like 50 a user.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:And then I started thinking about, okay, backup.
Prasanna Malaiyandi:And it's like backup is such a small percentage of that if you think about
W. Curtis Preston:Well,
W. Curtis Preston:but yeah, that, and that, that was the problem, Scott, because I'm
W. Curtis Preston:comparing it to like, what we charge and you know, we're, we're like a
W. Curtis Preston:couple of dollars a user, right?
W. Curtis Preston:Um, but it, it's not the same, you know, it's not the same.
W. Curtis Preston:Right.
W. Curtis Preston:Um, so that's, that's where my sticker shot came from.
W. Curtis Preston:But I, by the way, I, I am, you know, I, I get the thing that I work for a
W. Curtis Preston:SaaS company and that of course I'm gonna like the SaaS pricing model, but
W. Curtis Preston:I really like a SaaS pricing model.
W. Curtis Preston:You know, the, the
W. Curtis Preston:old, the old way
Prasanna Malaiyandi:three-year
W. Curtis Preston:I mean, the way you have to buy a.
W. Curtis Preston:Yeah.
W. Curtis Preston:Exact three year contracts, five year contracts, having to, you
W. Curtis Preston:know, on our, on our, in our world, I have to size everything, right?
W. Curtis Preston:I have to,
W. Curtis Preston:how big will my backups be in three years?
W. Curtis Preston:No freaking idea.
W. Curtis Preston:Right?
W. Curtis Preston:And so I'm gonna oversize it and overspend and I have to buy it all now.
W. Curtis Preston:Right.
W. Curtis Preston:Um, and, and 90% of it's gonna go unused.
Scott McCrady:we talked about the Netflix model, right?
Scott McCrady:Or your streaming service model of choice, which, but you all remember, I
Scott McCrady:mean, um, Curtis, you and I are probably older than Prasanna, which I, you know,
Scott McCrady:but
W. Curtis Preston:we are.
Scott McCrady:like,
Scott McCrady:we're probably technically savvy people.
Scott McCrady:So I built a media server at one point in time.
Scott McCrady:I went out and bought all my CDs or Blu-ray discs, and then I bought my
Scott McCrady:media server and I got my Plex server, and I sort of had, quote unquote,
Scott McCrady:on demand entertainment, right?
Scott McCrady:I built it
Scott McCrady:all, and then Netflix came around and basically said, Hey,
Scott McCrady:we're gonna do all that for you.
Scott McCrady:Stream it to you, give you a lot more choices, and we're gonna charge you 9 99.
Scott McCrady:and I was like, I
Scott McCrady:don't really need my media.
Scott McCrady:I mean, I still have it
Scott McCrady:. Um, and so that's the
Scott McCrady:I say it's all the time.
Scott McCrady:It's lost in the eighties.
Scott McCrady:You're going to, you gotta still go build this crap all the time.
Scott McCrady:Pay up front, stitch it all together.
Scott McCrady:Hopefully it works.
Scott McCrady:Oh, by the way, we're not 4k.
Scott McCrady:So now you gotta change it all out so the latest threat comes out and
Scott McCrady:all of a sudden your current security stack doesn't work against it.
Scott McCrady:And there's nobody that's actually solving that problem.
Scott McCrady:and and that's what we're trying to solve.
W. Curtis Preston:As soon as, as soon as you said you had a, and by
W. Curtis Preston:the way, my, my media library or the hardware that comprised my media
W. Curtis Preston:library is right over there in a box . That's, that's gonna go somewhere.
W. Curtis Preston:Cuz I had to save, had the same exact thing.
Prasanna Malaiyandi:I think the other thing with the SaaS service, and I don't
Prasanna Malaiyandi:know if you do this as well, Scott, it's.
Prasanna Malaiyandi:unlike in backup, where you'd have to wait for like the patches to come
Prasanna Malaiyandi:out, and then you'd have to deploy it across your entire infrastructure,
Prasanna Malaiyandi:and that takes time in scheduling.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:With the SaaS service, a lot of times you get the benefits of, Hey, it's
Prasanna Malaiyandi:easier to push updates and upgrade without having to sort of wait for
Prasanna Malaiyandi:some IT person to be like, yeah, let me go schedule these things.
Scott McCrady:No, it's, it's, it's true.
Scott McCrady:So again, we target mid-market and we we're very explicit about that.
Scott McCrady:But one of the reasons is everything we do in the stack itself, so all
Scott McCrady:these best in breed products are now all cloud-based or on, they have both.
Scott McCrady:Some have both.
Scott McCrady:Most of 'em are cloud have shifted.
Scott McCrady:So none of our stuff's on-prim except for the stuff we have to put on
Scott McCrady:the actual endpoint itself.
Scott McCrady:Uh, and so it gives us this unique ability to up, we update the
Scott McCrady:service about every six months.
Scott McCrady:So as we see the threat change, uh, as we see something coming down the.
Scott McCrady:As cyber insurance changes, uh, we just update the service.
Scott McCrady:Um, and as a foundational coverage customer, it's included.
Scott McCrady:So you get on your quarterly business review and we say, Hey, now you get, you
Scott McCrady:know, we added in proactive threat, you know, uh, intelligence, blah, blah, blah.
Scott McCrady:This is
Scott McCrady:you, you now have access to it
Scott McCrady:So we just turn it on.
Scott McCrady:Some stuff
W. Curtis Preston:beauty, that is the beauty of SaaS
W. Curtis Preston:my friend.
Scott McCrady:Yep.
W. Curtis Preston:Um, we say the same thing.
W. Curtis Preston:Um, I'm looking at, and we don't have time to cover all these things,
W. Curtis Preston:but I'm just sort of scrolling through on Solcyber, by the way.
W. Curtis Preston:Tell me, uh, tell me what the story behind the name.
W. Curtis Preston:So l cyber.com.
Scott McCrady:So, uh, sun, so it was basically, you
Scott McCrady:know, a play on, on sun cyber.
Scott McCrady:Uh, and so obviously we're in Texas, it's warm.
Scott McCrady:Um, . And so the idea was really around the fact of soul, cyber, sun Bright.
Scott McCrady:Um, we wanted to be approachable.
Scott McCrady:Um, approachability as a concept, you know, this and security is like,
Scott McCrady:you know, here's the angry falcon as it sweeps down upon you, right?
Scott McCrady:Um, we didn't want to be a bird of prey because everybody's a bird of prey.
Scott McCrady:Um, so we were trying to figure out like, what's, what's approachable,
Scott McCrady:what's, what's more, uh, interesting and what's our, what's our tone of voice?
Scott McCrady:And so we thought soul cyber was just a, an approachable,
Scott McCrady:bright, uh, airy type, uh,
Prasanna Malaiyandi:I like it.
W. Curtis Preston:And Trademarkable, and you can get a, you can get
W. Curtis Preston:a, uh, domain name . So there's, so that's always helpful.
Scott McCrady:The domain name does come in handy.
W. Curtis Preston:what's that?
Scott McCrady:The domain name is Handy
W. Curtis Preston:Yeah, absolutely.
W. Curtis Preston:So just curious, uh, um, do you have any advice for our, our backup listeners
W. Curtis Preston:specifically, you know, with regards to protecting backup infrastructure?
W. Curtis Preston:Uh, you have any thoughts there?
Scott McCrady:first of all.
Scott McCrady:I mean, kudos to them because we do what we do because we really attack sort of
Scott McCrady:the, the threat aspect of life for our
Scott McCrady:customers.
Scott McCrady:But there's a lot of, um, runway organizations can get by doing
Scott McCrady:what I call the basics, right?
Scott McCrady:And so people are always asking me like, what do you tell kids or young
Scott McCrady:people about like being successful in a career or what have you?
Scott McCrady:And I'm like, do the basics.
Scott McCrady:Be nice, show up on time, like be easy to get along with.
Scott McCrady:And it's sort of the same when it comes to security, right?
Scott McCrady:Confidentiality, integrity, and availability is the three
Scott McCrady:pillars of, of security.
Scott McCrady:We handle piece of that.
Scott McCrady:But the concept around like MFA and what we're gonna talk about here, um,
Scott McCrady:disaster recovery in the form of backup.
Scott McCrady:If companies were to do that effectively, uh, and manage it well, uh, a whole bunch
Scott McCrady:of problems sort of get solved and a bunch of risk gets taken off the table.
Scott McCrady:And so, uh, the first thing I'd say is, is will you tell everybody, you
Scott McCrady:know, they, they need to have 'em done.
Scott McCrady:They need to be tested.
Scott McCrady:You probably need to use a service.
Scott McCrady:Um, so that, you know, you take, again, you take some of that risk off the table.
Scott McCrady:Do you really wanna be checking your backups, uh, yourself And
Scott McCrady:most com Most people don't.
Scott McCrady:They
Scott McCrady:just don't.
Scott McCrady:They, they say they do, but they don't, right?
Scott McCrady:They don't have the time.
Scott McCrady:Life gets in the way.
Scott McCrady:So, um, it's absolutely critical.
Scott McCrady:100% mission critical to every organization.
Scott McCrady:We recommend it.
Scott McCrady:Um, a lot of the MSPs we partner with, uh, do it on behalf of the customers.
Scott McCrady:Um, and, uh, it's just something that is, is you can't, you cannot not do it in
Prasanna Malaiyandi:and you were
W. Curtis Preston:Yeah.
W. Curtis Preston:No, we have, we, we have a, uh, Druva has a big s p program now.
W. Curtis Preston:Um, and so trying to roll that out.
W. Curtis Preston:Um, by the way, our name came from,
W. Curtis Preston:it's the Sanskrit word for North Star.
W. Curtis Preston:Um, so we're leading the way.
W. Curtis Preston:I don't know if she That's So you're after a son?
W. Curtis Preston:We're after a star.
Scott McCrady:Mm-hmm.
Scott McCrady:. You gotta pick something,
Scott McCrady:right?
Scott McCrady:Some
Prasanna Malaiyandi:Scott, I know previously earlier we were talking about
Prasanna Malaiyandi:sort of how you map everything to users.
Prasanna Malaiyandi:When you go into these environments with backup servers or with things
Prasanna Malaiyandi:that need to be backed up, do you consider that the same as any other
Prasanna Malaiyandi:user device in the environment?
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:Where it is critical, it is important to make sure that's secure, right?
Prasanna Malaiyandi:Just like anything in, probably, it's actually more important to
Prasanna Malaiyandi:make sure that's very secure, just given all the data that's
Prasanna Malaiyandi:sort of associated with backups.
Scott McCrady:Yeah.
Scott McCrady:Again, good question.
Scott McCrady:So there's two answers to that.
Scott McCrady:Um, is one you do actually.
Scott McCrady:Uh, so there was, there was, if we back up actually, and, and you all
Scott McCrady:may remember these days, there was a really big push around information,
Scott McCrady:um, attribution, uh, in classification.
Scott McCrady:And this was maybe seven or eight years ago.
Scott McCrady:And EY and Accenture, all these guys were like, let's go classify
Scott McCrady:all your information and then we're gonna have different security levels.
Scott McCrady:Relatively the classification of the information super makes
Scott McCrady:sense in, in, in life, right?
Scott McCrady:But it's like trying to keep your Tupper war drawer, you know, organized.
Scott McCrady:Like unless you're that company.
Scott McCrady:It's gonna be a mess relatively soon, even if you're a super organized, uh, person.
Scott McCrady:And so this whole concept around the classification of the
Scott McCrady:underlying assets and information sort of fell by the wayside.
Scott McCrady:Um, and so our view is a much, um, again, we, we call ourselves practical
Scott McCrady:security, as much more practical view.
Scott McCrady:So there's a set of tools that we deployed to every entity, right?
Scott McCrady:Most of those are tied to a user, but the servers, backup
Scott McCrady:servers, all that we deploy.
Scott McCrady:And the second thing is we actually, in the onboarding process, we classify
Scott McCrady:at a much more high level, um, the different types of assets, right?
Scott McCrady:And so, you know, CEOs, CFOs, like cfo, uh, if, if we see, uh, certain
Scott McCrady:types of emails going out from the cfo, they trigger faster than if we
Scott McCrady:see it going out from somebody else.
Scott McCrady:Same thing comes to the underlying assets of the server.
Scott McCrady:So if you are running a certain type of, of server and we see certain types
Scott McCrady:of information going to it, , we'll, we've already classified that at a
Scott McCrady:high level and said, okay, that's, you know, that's, that's benign
Scott McCrady:or that should never be happening.
Scott McCrady:And so we actually have the ability to, um, prioritize different types of assets.
Scott McCrady:Um, and, and that does apply towards certain types of servers, uh,
Prasanna Malaiyandi:And I'm assuming that they would be able to send a data stream
Prasanna Malaiyandi:from like your backup logs or the backup server to you guys to be able to detect.
Prasanna Malaiyandi:And Curtis, maybe this could be one way to catch, I know we talk a lot
Prasanna Malaiyandi:about ransomware and how it goes and deletes all your backups, right?
Prasanna Malaiyandi:, if they sent you a log of, Hey, here's a data stream of events happening.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:That's probably something that could be flagged from a security perspective.
Scott McCrady:you know, it's a great question.
Scott McCrady:I don't know.
Scott McCrady:We actually do take, um, logs from backup systems.
Scott McCrady:Uh, and we have, we have correlated.
Scott McCrady:It's a great, it's a great question, prana.
Scott McCrady:I, it is now on my list with my CTO on our one-on-one tomorrow.
Scott McCrady:Um, because we have the capability, but I don't know, I can't think of anybody
Scott McCrady:having
Prasanna Malaiyandi:because it'd
Prasanna Malaiyandi:be.
Scott McCrady:um, but theoretically,
Prasanna Malaiyandi:things that we, that we've seen at least in
Prasanna Malaiyandi:some cases is right, hacker gets in, they then go to the backup server,
Prasanna Malaiyandi:they disable all the jobs, right?
Prasanna Malaiyandi:They delete all of 'em, and then they delete all the backups that
Prasanna Malaiyandi:exist, and now you're screwed.
Scott McCrady:Yep.
Scott McCrady:And nobody's there.
Scott McCrady:I mean, this is the reason why you do detect and response
Scott McCrady:is literally that story.
Scott McCrady:Now
Scott McCrady:you just used it for backups, but at some point in time there was alerts
Scott McCrady:going off that said that something, something, something's happening
Scott McCrady:that should not be happening, right?
Scott McCrady:And so imagine that's really the
Scott McCrady:job that we have, um, across a, an organization saying there's things
Scott McCrady:that are happening that, and there are
Scott McCrady:things sending off alerts that are notifying that
Scott McCrady:something, that something nefarious is going on.
Scott McCrady:So now imagine, again, we don't manage a backup system,
Scott McCrady:but imagine that we contact.
Scott McCrady:Or whomever and they said, oh,
Scott McCrady:crap.
Scott McCrady:And then they went in, fixed it.
Scott McCrady:Right.
Scott McCrady:That's really the goal, right?
W. Curtis Preston:Sounds great.
W. Curtis Preston:Um, , so, so, we could talk about this for a while.
W. Curtis Preston:And, and also apparently backups, I'm sorry, uh, barbecue
W. Curtis Preston:and, uh, media streamers and Thai food.
W. Curtis Preston:Uh, sounds like we have a lot of the same interests.
W. Curtis Preston:Scott, um, by the way, you have to come, you know, if
Scott McCrady:be beer and bourbon are also on my list.
Scott McCrady:So if
W. Curtis Preston:now see there, there's one.
W. Curtis Preston:That's one vice we do not share.
W. Curtis Preston:I'm
W. Curtis Preston:not a huge, uh, any fan of like, bourbon, whiskey, scotch, any of that.
W. Curtis Preston:I've never, I've never crossed that.
W. Curtis Preston:But
Scott McCrady:German and my dad's Scottish, so I, I don't have a choice.
Scott McCrady:I like, I think it's in, I think, I think as in the dna
W. Curtis Preston:um, I, um, uh, but if you want to come down
W. Curtis Preston:to San Diego anytime, uh, and fi
W. Curtis Preston:and, you know, have some, have some, actual Mexican food, not the stuff
W. Curtis Preston:you guys have over there, right?
W. Curtis Preston:Not the
Scott McCrady:I used to do a lot of work in utc actually.
Scott McCrady:That is, it is a beautiful area,
W. Curtis Preston:Yeah, it's a, it is, yeah.
W. Curtis Preston:La Jolla, which is, uh, Spanish for expensive af.
W. Curtis Preston:Anyway, um, so , so, uh, thanks.
W. Curtis Preston:Thanks a lot, Scott.
W. Curtis Preston:It's been a great conversation.
Scott McCrady:Ah, thanks for having me.
Scott McCrady:Hopefully as useful.
Scott McCrady:I know, uh, uh, the Dr and the backup people out there, uh, appreciate the
Scott McCrady:work and, uh, if any of you are, are like, man, I'm not sure if our security
Scott McCrady:is where it needs to be, then feel free to reach out Scott@soulcyber.com
Scott McCrady:or obviously solcyber.com.
Scott McCrady:Uh, you can find us
W. Curtis Preston:Absolutely.
W. Curtis Preston:And Prasanna, thanks again for your
Prasanna Malaiyandi:I try.
Prasanna Malaiyandi:I try, and Scott, good luck with moose.
Prasanna Malaiyandi:Hopefully he's quieted down back there.
Scott McCrady:He is, he's already back to his nap.
Scott McCrady:It was, uh, obviously, uh, he, he, he wrestled that, uh, piece of, uh,
Scott McCrady:sweet potato to the ground, so he's
W. Curtis Preston:It's a tough, tough day to be a dog.
W. Curtis Preston:So I don't, we don't have a dog, but we have, uh, we have a grand dog.
W. Curtis Preston:Her name is Brulee.
W. Curtis Preston:Um, and, uh, she's a cockapoo and adorable, but, uh, and her favorite person
W. Curtis Preston:in the world is my wife for some reason.
W. Curtis Preston:But anyway, uh, well listen, thanks to our listeners.
W. Curtis Preston:Uh, you know, we'd be nothing without you, and be sure to subscribe