XDR vs SIEM: Do you need to choose?
In this episode, we explore the differences between XDR and SIEM, two crucial tools in the world of security monitoring. Our guest, Dez Rock, CEO of SIEMonster, shares her fascinating journey from professional hacker to building an affordable, scalable SIEM solution that encompasses SOAR and XDR capabilities. We discuss the importance of evaluating security tools based on their true capabilities rather than just market perception, and Dez provides real-world examples of how SIEMonster's SIEM/XDR tool automatically detected and shut down a ransomware attack at a large hospital client. Tune in to learn about the evolving security landscape, the pros and cons of XDR vs SIEM, and how you may not have to choose! Whether you're an IT professional or simply interested in the latest cybersecurity trends, this episode offers valuable insights into the future of security monitoring.
Speaker:
W. Curtis Preston (2): This week on the backup wrap-up we cover the world
Speaker:
of security monitoring and response.
Speaker:
We talk about SIM soar and XDR tools, what they are, how each plays
Speaker:
a role in your security posture.
Speaker:
We also talk about a scalable SIM solution called sea monster.
Speaker:
That does all three.
Speaker:
It was built by a red team to help blue teams, our guests and expert this
Speaker:
week is desert rock of sea monster.
Speaker:
And she has some definite opinions on this market that I
Speaker:
think you'll find very useful.
Speaker:
I know, we usually talk about backup and recovery here, but this popular episode
Speaker:
from last year will definitely help you to begin that conversation that you've been
Speaker:
wanting to have with the security team.
Speaker:
If you're not familiar with me.
Speaker:
I'm w Curtis Preston, AKA Mr.
Speaker:
Backup.
Speaker:
And I've been passionate about backup recovery, Dr.
Speaker:
For over 30 years ever since I lost data and I had no backups of it, I had to tell
Speaker:
my boss, we couldn't restore the database.
Speaker:
I don't want that to happen to you.
Speaker:
And that's why I do this on this podcast.
Speaker:
We turn unappreciated backup admins into cyber recovery heroes.
Speaker:
This is the backup wrap-up.
Speaker:
Welcome to the show.
Speaker:
I'm your host, w Curtis Preston, AKA Mr.
Speaker:
Backup.
Speaker:
And I have with me my senior H D M I consultant, Prasanna Malaiyandi.
Speaker:
W. Curtis Preston: How's it going?
Speaker:
Prasanna.
Prasanna Malaiyandi:
I'm good.
Prasanna Malaiyandi:
Curtis.
Prasanna Malaiyandi:
I'm I, by the way, my bill is in the mail, so, or invoice
Prasanna Malaiyandi:
W. Curtis Preston: Alright, I'll,
Prasanna Malaiyandi:
because once again, once again, you ended up having a fountain of
Prasanna Malaiyandi:
knowledge about a random technical topic that ended up being very useful.
Prasanna Malaiyandi:
I mean, the fact that you just were like, oh no, I think that's the, the H
Prasanna Malaiyandi:
G M I 1.7 spec that came out in 2009 or.
Prasanna Malaiyandi:
Um, and they're like, and then when I, so, so basically, yeah, so I have
Prasanna Malaiyandi:
a new Apple TV and meaning the, the little box, and I was trying to connect
Prasanna Malaiyandi:
it to my 2009 plasma television.
Prasanna Malaiyandi:
And, uh, it uses, uh, HDMI-CC.
Prasanna Malaiyandi:
Yep.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, to control the power off and power
Prasanna Malaiyandi:
on and it wasn't working for me.
Prasanna Malaiyandi:
And uh, I was just talking to Prasanna about that.
Prasanna Malaiyandi:
And then once again, you were like, oh, well if you checked the
Prasanna Malaiyandi:
setting and such, watch a macall it.
Prasanna Malaiyandi:
And you, you solved my problem.
Prasanna Malaiyandi:
Yeah, and I solved your problem that Apple
Prasanna Malaiyandi:
support couldn't even solve for you.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, yeah, apple support was worthless.
Prasanna Malaiyandi:
Uh, and this is all just a process of getting towards my new big giant
Prasanna Malaiyandi:
TV that will at some point arrive.
Prasanna Malaiyandi:
Um, I'm just, I'm just waiting for that moment to buy the big, the big giant tv.
Prasanna Malaiyandi:
But, um, I bought the soundbar first, so I have this old
Prasanna Malaiyandi:
Prasanna Malaiyandi: And was your wife happy
Prasanna Malaiyandi:
W. Curtis Preston: My wife was so happy that she could turn
Prasanna Malaiyandi:
the television off, you know?
Prasanna Malaiyandi:
I mean, it was so, it was such a burden for her to have to get
Prasanna Malaiyandi:
up and turn on the TV when she first starts watching television.
Prasanna Malaiyandi:
Uh, and
Prasanna Malaiyandi:
well, and I think, I think just to clarify, I think
Prasanna Malaiyandi:
off work, turning off the TV work,
Prasanna Malaiyandi:
W. Curtis Preston: off.
Prasanna Malaiyandi:
turning on.
Prasanna Malaiyandi:
W. Curtis Preston: Which is what made it so confusing off worked, but on did not.
Prasanna Malaiyandi:
And, um, but now they both work and my wife can watch
Prasanna Malaiyandi:
television without, you know,
Prasanna Malaiyandi:
Cursing your name
Prasanna Malaiyandi:
W. Curtis Preston: Exactly.
Prasanna Malaiyandi:
Prasanna Malaiyandi: being like Curtis, why do
Prasanna Malaiyandi:
W. Curtis Preston: and now, now, once again, she will, she
Prasanna Malaiyandi:
will give you credit for it.
Prasanna Malaiyandi:
Uh, and I
Prasanna Malaiyandi:
will get no credit, but, Such is life.
Prasanna Malaiyandi:
So, um, let's move on to our guest.
Prasanna Malaiyandi:
I found her her background, fascinating.
Prasanna Malaiyandi:
She has degrees in both business and law and she finished her M B a
Prasanna Malaiyandi:
while actually running the company that we're talking about today, which
Prasanna Malaiyandi:
is, uh, SIEMonster, that's s i e.
Prasanna Malaiyandi:
Monster, an affordable security monitoring software solution.
Prasanna Malaiyandi:
She's now their c e o and you can find her on Twitter as @deztraction
Prasanna Malaiyandi:
so that's d e z traction.
Prasanna Malaiyandi:
Uh, welcome to the Pod Dez Rock.
Dez Rock:
Thank you.
Dez Rock:
Thank you for
Dez Rock:
having me
Dez Rock:
guys.
Dez Rock:
W. Curtis Preston: So, uh, you, so you've been, you've been all over
Dez Rock:
the globe and you are now currently.
Dez Rock:
I think just a few miles where I lived
Dez Rock:
for a
Dez Rock:
while.
Dez Rock:
Where, where, where exactly?
Dez Rock:
You're in Delaware
Dez Rock:
I am, I just gimme a minute.
Dez Rock:
I want 'em to announce it like the locals.
Dez Rock:
No.
Dez Rock:
Uh,
Dez Rock:
W. Curtis Preston: Are you in Newark?
Dez Rock:
No, no, exactly where
Dez Rock:
I'm,
Dez Rock:
W. Curtis Preston: yeah.
Dez Rock:
So that's actually where I got my start.
Dez Rock:
In backups back in 1993, I was fresh out of the Navy.
Dez Rock:
I was, I had, the Navy had sent me to Philadelphia, so my ship was in
Dez Rock:
dry dock up there in Philadelphia.
Dez Rock:
And um, so I got out and immediately went into, uh, backups, uh, because it was like
Dez Rock:
many people, it was the job I could get.
Dez Rock:
No one, no one wakes up, you know, no one dreams of being a, a backup
Prasanna Malaiyandi:
Hey, don't shatter people's hopes.
Prasanna Malaiyandi:
You know, I'm just saying, Curtis, maybe there
Prasanna Malaiyandi:
W. Curtis Preston: you wanna be a backup person, there is demand.
Prasanna Malaiyandi:
Trust me.
Prasanna Malaiyandi:
Uh, there's just not a line.
Prasanna Malaiyandi:
and, but yeah, I got my start there on Christiana Road.
Prasanna Malaiyandi:
The, that was where, uh, bank of America was.
Prasanna Malaiyandi:
Uh, I have a, I have a daughter who's now 28, who was born on Christiana
Prasanna Malaiyandi:
Road at Christiana Hospital.
Prasanna Malaiyandi:
So I'm feeling very close to you right now, even though you're all the way
Prasanna Malaiyandi:
on the other side of the country.
Dez Rock:
That's lovely to hear.
Dez Rock:
Cause I know you're in
Dez Rock:
California,
Dez Rock:
W. Curtis Preston: absolutely.
Dez Rock:
The, the, the complete opposite corner of the country.
Dez Rock:
Um, now clearly based on how I'm hearing you speak, uh, you were
Dez Rock:
raised in, in a different part.
Dez Rock:
Uh, probably a, probably a different hemisphere, I'm guessing.
Dez Rock:
Do you
Dez Rock:
wanna
Dez Rock:
W. Curtis Preston: Oh,
Prasanna Malaiyandi:
This is Curtis's favorite thing.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: It's, it's not fair because I, I looked at your LinkedIn page
Prasanna Malaiyandi:
and I knew that you went to Victoria.
Prasanna Malaiyandi:
Uh, so, uh, that's not fair, but I, I would've gotten it either way.
Prasanna Malaiyandi:
I, I definitely, uh, my favorite is trying to, trying to,
Prasanna Malaiyandi:
within a few phrases, trying to
Prasanna Malaiyandi:
distinguish whether or not I'm talking to a Kiwi or a, or an Aussie.
Prasanna Malaiyandi:
Um,
Dez Rock:
And Aussie, so my accent is not the one that the Americans are used to.
Dez Rock:
And I, and I can drop it down to what you guys would most people think I'm from
Dez Rock:
England and when I come to the us right?
Dez Rock:
Unless, unless I start talking a bit like this.
Dez Rock:
And then, then they'll, they'll really know then it's
Dez Rock:
W. Curtis Preston: Exactly.
Dez Rock:
And so what's really, what's really hard to fathom, most Americans
Dez Rock:
I've, that accents can differ in a country.
Dez Rock:
It's remarkably
Dez Rock:
W. Curtis Preston: they should, it shouldn't, uh,
Dez Rock:
surprise them.
Dez Rock:
I mean, we have like 20 in this country.
Dez Rock:
Yeah.
Dez Rock:
know.
Dez Rock:
I know.
Dez Rock:
I know.
Dez Rock:
W. Curtis Preston: Yeah.
Dez Rock:
And, and what's more amazing to me is how much accents can vary in England, right?
Dez Rock:
Prasanna Malaiyandi: I was just gonna bring
Dez Rock:
W. Curtis Preston: little country.
Dez Rock:
And, you know, you have a different accent between north and South London, right?
Dez Rock:
I I, and it's just, and, and then you have accents, accents
Dez Rock:
vary based on class, right?
Dez Rock:
On education and, and
Dez Rock:
all of that,
Dez Rock:
right?
Dez Rock:
Um, so yeah.
Dez Rock:
That's
Dez Rock:
W. Curtis Preston: yeah,
Dez Rock:
I, I, I enjoy.
Dez Rock:
But the same can be said in New York, New York, right?
Dez Rock:
I mean, a New York accent depends on how they, you could tell literally
Dez Rock:
where, whereabouts they're from because of that, and that's just one
Dez Rock:
W. Curtis Preston: That is true.
Dez Rock:
So it is just the inability to apply the exact same rule to other
Dez Rock:
countries.
Dez Rock:
W. Curtis Preston: We, we, um, Yeah, we, I don't know.
Dez Rock:
I don't know what to say.
Dez Rock:
America.
Dez Rock:
Um, so, so, but you're, you're here now, so, uh, you're,
Dez Rock:
you actually live in Dallas.
Dez Rock:
The company is headquartered in Delaware.
Dez Rock:
I'm seeing
Dez Rock:
New York also.
Dez Rock:
Where, what is, how does New York figure into it?
Dez Rock:
so we were in New York Post, uh, pre pandemic with the
Dez Rock:
headquarters, and I used to be, I, I've transferred from New York.
Dez Rock:
I, I used to live in New York as well, and uh, New York is where we went
Dez Rock:
through Techstars in 2018 as well.
Dez Rock:
So that's why, uh, that's why we have a presence or had a presence in New York.
Dez Rock:
I'm about to pull out of New York.
Dez Rock:
Um, stick to, um,
Dez Rock:
Dallas.
Dez Rock:
W. Curtis Preston: Nice.
Dez Rock:
All right.
Dez Rock:
Well, I've been in all those places.
Dez Rock:
I love all those places.
Dez Rock:
Let's, let's talk about, um, by the way, Dallas, uh, clearly
Dez Rock:
wins, uh, from a barbecue perspective, um, unless you're,
Dez Rock:
Right?
Dez Rock:
Yes.
Dez Rock:
Well, you don't,
Dez Rock:
they'll let
Dez Rock:
you.
Dez Rock:
W. Curtis Preston: Yeah.
Dez Rock:
Yeah.
Dez Rock:
yeah.
Dez Rock:
Although of the, of the three cities they win.
Dez Rock:
Although if I'm in, if I, if I get to choose my Texas cities based on
Dez Rock:
barbecue, Dallas wouldn't be it.
Dez Rock:
Sorry folks.
Dez Rock:
Sorry.
Dez Rock:
Dallas folks.
Dez Rock:
I'm a bit of a Austin Barbecue fan, but
Dez Rock:
anyway, I've had great, but I've had great barbecue in, in,
Dez Rock:
in Dallas.
Dez Rock:
Uh, my favorite was at Terry Blacks.
Dez Rock:
but anyway, we.
Dez Rock:
Yeah, that's exactly what I've
Dez Rock:
heard as
Dez Rock:
W. Curtis Preston: we could easily have an entire podcast about
Prasanna Malaiyandi:
But we're not.
Prasanna Malaiyandi:
Yes,
Prasanna Malaiyandi:
but
Prasanna Malaiyandi:
W. Curtis Preston: not.
Prasanna Malaiyandi:
That's not why we're here to talk.
Prasanna Malaiyandi:
So, did you see the way he's reining me in Des so let, let's go back to 2016.
Prasanna Malaiyandi:
When you, you got this idea to, to, you know, start this new company,
Prasanna Malaiyandi:
what problem did you see that you were trying to.
Dez Rock:
Well, at the time we were Kustodian with a K and we were
Dez Rock:
professional hackers, so we were pen testers, um, working all over the
Dez Rock:
world, a small elite bespoke group, um, with clients all over the world.
Dez Rock:
One of our Australian clients, um, BlueScope Steel, fourth largest steel
Dez Rock:
manufacturing in the world, uh, had some issues with some ransomware.
Dez Rock:
I know that's a topic that.
Dez Rock:
You guys were Yeah.
Dez Rock:
Wanna touch on.
Dez Rock:
But, um, had some issues with that and, um, instead of, uh, that,
Dez Rock:
that we would be testing them every year for their compliance,
Dez Rock:
you know, for penetration testing.
Dez Rock:
So they actually asked us, well, are there no tools for this?
Dez Rock:
Uh, is there no way that we can support or, you know, protect our data?
Dez Rock:
And we are red team, right?
Dez Rock:
So we.
Dez Rock:
I don't know.
Dez Rock:
Let have a look.
Dez Rock:
W. Curtis Preston: You're like, we don't do that.
Dez Rock:
We don't do protect.
Dez Rock:
We do
Dez Rock:
we, we don't do that.
Dez Rock:
We, we know, we know how to get
Dez Rock:
in and we we get in real, like we know that we know how to penetrate very well.
Dez Rock:
Right.
Dez Rock:
Um, there isn't a area, and that's one of the, like, there isn't a
Dez Rock:
customer, a location, a challenge that we have not risen to by the way.
Dez Rock:
Right.
Dez Rock:
So, Badge of honor that we wear.
Dez Rock:
Um, so these clients are, so they asked for software to be Blue team, right?
Dez Rock:
Like protect, and um, to which we said, let's have a look.
Dez Rock:
And the one name at that time that came up was Splunk.
Dez Rock:
They can handle really big data and they can do this.
Dez Rock:
And so we said you wouldn't believe this cuz that Splunk is now, we said, let's
Dez Rock:
just let you know we're happy to bro.
Dez Rock:
Like let's introduce you to Splunk.
Dez Rock:
Right?
Dez Rock:
So we did and, and Splunk gave them a quote.
Dez Rock:
And it was at that point, to cut a story short, it was at that point that BlueScope
Dez Rock:
said to us, is there no way that we could perhaps solve this any other way?
Dez Rock:
And we said, you know what?
Dez Rock:
Let's have a look at some open source tools, right?
Dez Rock:
And so, the need was affordable security for big data.
Dez Rock:
Um, and that was the, uh, field in which we went into.
Dez Rock:
And at the time we went with open source tools, right.
Dez Rock:
And we patched them to, you know, like we basically stitched them up.
Dez Rock:
We made, you know, like put a cover on it, made it easier to
Dez Rock:
use, made it easier to roll out.
Dez Rock:
And that's how SIEMonster started.
Dez Rock:
And SIEMonster was always, we thought at the time, an annex to what we already.
Dez Rock:
I mean, we were pen testers, we're hackers.
Dez Rock:
We thought this is just this cute little project that was happening on the side.
Dez Rock:
One off.
Dez Rock:
Well, our, what started like a very small snowball got bigger and bigger.
Dez Rock:
Uh, the Australian government, including us, Aus Cyber backed us.
Dez Rock:
Um, to come to San Francisco to rsa, which we were now nominated product
Dez Rock:
of the year back then as well.
Dez Rock:
So we started to track momentum.
Dez Rock:
Uh, we saw that then that's where we saw further needs.
Dez Rock:
Okay, so this wasn't just a one off.
Dez Rock:
There really is a need for big data to be secured down at
Dez Rock:
a far more affordable price.
Dez Rock:
Right?
Dez Rock:
Um, because we vehemently believe that, uh, security
Dez Rock:
should not be gate kept by price.
Dez Rock:
Right.
Dez Rock:
So, uh, that's a fundamental that that's, by the way, that's harks back to the
Dez Rock:
days of when we were hackers as well, because we, uh, participated in the
Dez Rock:
DEFCON culture way back when as well.
Dez Rock:
So we were always giving back to community and feeling this way.
Dez Rock:
So that hasn't changed.
Dez Rock:
So that is the, uh, origin story
Dez Rock:
of SIEMonster.
Prasanna Malaiyandi:
So just a quick question.
Prasanna Malaiyandi:
I know you mentioned a couple times big data.
Prasanna Malaiyandi:
So did you feel that in the big data space there weren't any
Prasanna Malaiyandi:
tools available that were simple?
Prasanna Malaiyandi:
There weren't tools available that were
Prasanna Malaiyandi:
affordable or all the above?
Dez Rock:
If we go back to the origin story, the original, uh, thing
Dez Rock:
was it wasn't affordable, right?
Dez Rock:
By the way, the SIEM space was not as crowded as what it's now.
Dez Rock:
Right.
Dez Rock:
Um, so it's quite different now.
Dez Rock:
And I know a lot of people are doing a lot of things and that's, that's
Dez Rock:
really great to see that we're all that, that give, people are giving
Dez Rock:
Splunk a run for their money.
Dez Rock:
Um, but I dunno how many people.
Dez Rock:
Attacking the big data spaces.
Dez Rock:
You know, there's a lot that will go small, medium.
Dez Rock:
And the other thing that a lot of, um, people are doing, if you know
Dez Rock:
this space really well, is they will charge by node or by, you know,
Dez Rock:
they, they'll charge by endpoint.
Dez Rock:
And when you do that, you are asking your security operators to pick
Dez Rock:
and choose what they wanna cover.
Dez Rock:
Now that's vehemently against.
Dez Rock:
Belief system too, because if you do not put locks on all your doors,
Dez Rock:
then your house is not secured.
Dez Rock:
It's a zen.
Dez Rock:
It's as simple as that, right?
Dez Rock:
So, uh, we thought, well, that's a design flaw.
Dez Rock:
Again, this is red team thinking about blue, right?
Dez Rock:
Because we know how to get in.
Dez Rock:
So if you leave a door open, we already know that we're gonna,
Dez Rock:
like, that's the best way to get in.
Dez Rock:
So if you're not covering all your end points, then your system is not secure.
Dez Rock:
Period.
Dez Rock:
End of story right there.
Dez Rock:
That's why we decided big data is.
Dez Rock:
Where we need to aim for.
Dez Rock:
Right.
Dez Rock:
And it doesn't mean big data, big organizations.
Dez Rock:
It just means any data, all data, all encompassing.
Dez Rock:
Hmm.
Dez Rock:
W. Curtis Preston: interesting.
Dez Rock:
So I heard, I heard you say two things that to me sound like they
Dez Rock:
conflict and they probably don't.
Dez Rock:
So I just need you to help me understand.
Dez Rock:
One was you said that you, you, you agree with.
Dez Rock:
Me that you know, you know, you need to protect everything, right?
Dez Rock:
If you're not protecting everything.
Dez Rock:
And then it sounds like you have a solution that's aimed
Dez Rock:
specifically at Big Data.
Dez Rock:
So does that mean there's other parts of the organization that
Dez Rock:
you're not protecting?
Dez Rock:
No, what I'm trying to say is that our solution is, uh, is scalable.
Dez Rock:
Right.
Dez Rock:
And that's part of the story of our success.
Dez Rock:
We're scalable.
Dez Rock:
So it doesn't matter what you throw at us, we will put a circle
Dez Rock:
around your entire organization.
Dez Rock:
And if you, if you grow, we grow with you.
Dez Rock:
It's as simple as that.
Dez Rock:
Um, and without hesitation, and no one can do the EPS that we do, like the
Dez Rock:
events per second, the challenges that that requires, like we excel at that.
Dez Rock:
So when we started, like what started off.
Dez Rock:
Helping one client.
Dez Rock:
Let's face it.
Dez Rock:
Like helping one client then started to become like, how do we,
Dez Rock:
and it was always with the red, uh, red team, uh, vision, right?
Dez Rock:
We need to protect everything clearly, right?
Dez Rock:
We all agree in that if you're not protecting everything, you're not
Dez Rock:
protecting the entire organization.
Dez Rock:
So if that's the case, then how do we do that?
Dez Rock:
But do it really fast as well, because you do not wanna slow
Dez Rock:
the network down as well.
Dez Rock:
You see how they all, it's all hand in hand and it all comes down to, again,
Dez Rock:
the way we do things cause of who we are.
Dez Rock:
Right, and so that's why big data and all encompassing
Prasanna Malaiyandi:
So just pushing back on what Curtis had said, right.
Prasanna Malaiyandi:
I think probably Curtis, what you were confused about was
Prasanna Malaiyandi:
probably the big data word, right.
Prasanna Malaiyandi:
And phrase, right.
Prasanna Malaiyandi:
I think it's really like Des, like you had said, right?
Prasanna Malaiyandi:
You scaled depending on if you are a small shop and growing
Prasanna Malaiyandi:
or if you're a big shop, right?
Prasanna Malaiyandi:
It's a single solution that you could use.
Prasanna Malaiyandi:
That scales as you grow versus a lot, I'm guessing in this space there's
Prasanna Malaiyandi:
a lot of people where it's like, Hey, if you have a small solution,
Prasanna Malaiyandi:
you're probably not gonna use
Dez Rock:
They
Prasanna Malaiyandi:
They won't use the exact same implementation because
Prasanna Malaiyandi:
either it's too expensive to deploy like your enterprise wide, and we see
Prasanna Malaiyandi:
this in other software stacks as well.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
You have an enterprise-wide solution, which is more complex and has all
Prasanna Malaiyandi:
the bells and whistles, but, uh, sort of a small medium company, it's too
Prasanna Malaiyandi:
complex because they may not have the dedicated IT resources to use.
Prasanna Malaiyandi:
And then you have the opposite problem, where if you have a solution
Prasanna Malaiyandi:
for small, medium businesses, when you get to enterprise, it
Prasanna Malaiyandi:
doesn't quite meet the scale and the security requirements and other
Dez Rock:
You have hit the nail right on the head there.
Dez Rock:
So we are a solution that can be used by small, medium businesses
Dez Rock:
and can scale all the way up to enterprise without a blink of an eye.
Dez Rock:
Immediately, you don't have to do anything.
Dez Rock:
It just does it.
Dez Rock:
So that's part of the technology that we've built in.
Dez Rock:
and by the way, if you're small, medium, you actually get the
Dez Rock:
benefit of enterprise grade security.
Dez Rock:
So there's that too.
Dez Rock:
W. Curtis Preston: Our audience is primarily data protection focused folks
Dez Rock:
who might not actually know what a SIEM solution is.
Dez Rock:
So, uh, and by the way, is, is that, by the way, is
Dez Rock:
that how it's generally pronounced?
Dez Rock:
Cuz I've always said SIEM solution.
Dez Rock:
I think, um, I think it's pronounced different
Dez Rock:
in different countries.
Dez Rock:
And when we saw it, we, in Australia, we saw it as SIEM.
Dez Rock:
Right.
Dez Rock:
In fact, we didn't even know what a SIEM was.
Dez Rock:
We were like something held your pants up.
Dez Rock:
No idea.
Dez Rock:
That's where we started.
Dez Rock:
Right.
Dez Rock:
Um, uh, it was only later.
Dez Rock:
Once we named the company SIEM Monster, right?
Dez Rock:
The way we named it, then we realized that a lot of people call it SIEM.
Dez Rock:
So, uh, and then we were stubborn about it and we started calling it, right?
Dez Rock:
Um, that's that too.
Dez Rock:
SIEM stands for s, it's s i e M, right?
Dez Rock:
Uh, security info Information event management.
Dez Rock:
It's another way of saying monitoring software that SOCs
Dez Rock:
will use, for example, right?
Dez Rock:
Or any security analyst will use.
Dez Rock:
Uh, so it's to give you a God view of your entire organization and
Dez Rock:
the events that happen in there.
Dez Rock:
Now there is a lot of things, and the definition of SIEM is a
Dez Rock:
really good one because there's a lot of confusion out there.
Dez Rock:
People think that are such a searchable database is a SIEM, it's not.
Dez Rock:
So you need to add some context around.
Dez Rock:
Prasannas laughing.
Dez Rock:
Cause I think, you know, it's Right.
Dez Rock:
So, right.
Dez Rock:
Um, so you, a SIEM ought to have some enrichment into as well.
Dez Rock:
And that happens when, um, with recognition that
Dez Rock:
this needs to be an event.
Dez Rock:
And then of course we have certain factors like SOAR capabilities
Dez Rock:
and XDR capabilities, which is the newest version of SOAR, let's say.
Dez Rock:
And so SOAR, and I'm gonna give a very basic, uh, analogy here, is when we.
Dez Rock:
Have a rule set apply to events that always happen.
Dez Rock:
And I like to use the logging, you know, like putting in the wrong
Dez Rock:
password over and over again.
Dez Rock:
So when that happens, or someone logs in, like you guys are a Delaware based
Dez Rock:
company and you're all in Delaware and yet somebody in a different
Dez Rock:
country is starting to log in, it's flagged from, you know, the location.
Dez Rock:
Right?
Dez Rock:
So things like that that you would say these as a ruleset, This is
Dez Rock:
something that I need to know about.
Dez Rock:
So it needs to turn into an event to alert me for, right?
Dez Rock:
So you can write rules about that.
Dez Rock:
And that's called SOAR, right?
Dez Rock:
That's S O A R.
Dez Rock:
So then the next iteration of that in the industry is called xdr.
Dez Rock:
And what XDR does is a lot of automation of that.
Dez Rock:
So then it not only picks out the events, it tells you what's happening.
Dez Rock:
It actually tells you that this is something that you need to do and
Dez Rock:
sometimes can shut it down as well.
Dez Rock:
And I.
Dez Rock:
I do have a story about that.
Dez Rock:
Uh, when a ransomware tried to get into one of our clients, a large hospital
Dez Rock:
and the XDR component literally shut it down before anyone could do anything.
Dez Rock:
Oh, it before it was infiltrated and saved that company.
Dez Rock:
Yeah.
Dez Rock:
W. Curtis Preston: So you threw out a couple of, uh, acronyms
Dez Rock:
there, and we always ask our guests to, to spell out the acronyms,
Dez Rock:
uh, that, that they use.
Dez Rock:
So what SOAR and xdr.
Dez Rock:
Certainly SOAR is security
Dez Rock:
orchestrated automation and response.
Dez Rock:
So as I mentioned, it automates and responds, so it'll give you, you know,
Dez Rock:
it'll actually run a script and then give you a response as an alert on your
Dez Rock:
Slack email, however you like to have it.
Dez Rock:
So something has been done and alerted, certainly helps your.
Dez Rock:
SOC team or your an analyst have a better idea, you know, so they're not
Dez Rock:
literally, because what usually happens with any SIEM is that events come in.
Dez Rock:
You need a way to prioritize them to say what is urgent, what is not.
Dez Rock:
SOAR will actually handle a lot of the very similar uh,
Dez Rock:
events that need to be action.
Dez Rock:
For you, that's what a SOAR is.
Dez Rock:
XDR or E D R is a extended detection and response.
Dez Rock:
So it basically builds on that.
Dez Rock:
And what that is, is, um, uh, the newer, um, technology,
Dez Rock:
which again involves automation.
Dez Rock:
As well.
Dez Rock:
So that will not only tell you that something has actually
Dez Rock:
W. Curtis Preston: Okay, so, so if I were to summarize these threes
Dez Rock:
tools, the SIEM tool is the thing that notices that something bad happened.
Dez Rock:
A SOAR tool will tell you that something bad happened and an XDR e d r tool
Dez Rock:
will actually respond, uh, that like
Dez Rock:
it can actually do things to stop the thing from happening.
Dez Rock:
Does that sound about.
Dez Rock:
So a SOAR will tell you true, but a SOAR will actually respond as well
Dez Rock:
because running on script, you can build custom made scripts as well, right?
Dez Rock:
So in your organization, you only, you know your organization the way
Dez Rock:
you, you know, it's, it's, everyone's quite unique in that fashion.
Dez Rock:
So what.
Dez Rock:
You can't have out of the box rules.
Dez Rock:
You definitely need your own set of rules to match your organization.
Dez Rock:
That's what a SOAR will do.
Dez Rock:
The XDR or E D R will actually action to take down commonly.
Dez Rock:
For example, if it's a known attack vector coming in, right, it will actually shut
Dez Rock:
down that IP and say no more from here.
Dez Rock:
So that is not just saying, Hey, if this happens, let me know.
Dez Rock:
This is like, if this happens, let me know and also shut it
Dez Rock:
down before I even get there.
Dez Rock:
So it's an.
Dez Rock:
It's, it's not, before that, it was the ANA analysis or analyst doing the action.
Dez Rock:
This is now the program actioning,
Dez Rock:
W. Curtis Preston: But it sounded like you said Soar can do some actions as well.
Dez Rock:
That's why I was, um, So, and it's, I'm just, again, help me
Dez Rock:
understand, like with the, with the SOAR tool, the, the main action
Dez Rock:
that I think it's doing is, is letting you know, right?
Dez Rock:
It's sending you messages, whatever it is that you want do.
Dez Rock:
That's the
Dez Rock:
W. Curtis Preston: That's,
Dez Rock:
So just to clarify, that's the action it's
Dez Rock:
doing.
Dez Rock:
Exactly.
Dez Rock:
W. Curtis Preston: to actually shut down something or block
Dez Rock:
ports or whatever, that's where a, an XDR e D R tool.
Dez Rock:
Correct.
Dez Rock:
That's when you start to get into that automation side of things where
Dez Rock:
it's starting to think for you.
Dez Rock:
It's starting to, and that's where the ai, the exciting part of, you know, the AI can
Dez Rock:
come into, it's starting to think for you.
Dez Rock:
It's starting to get to know patterns.
Dez Rock:
That's where, by the way, there'll be another iteration of this.
Dez Rock:
So we have, if we can imagine, SIEM would be the core, right?
Dez Rock:
The core that is protecting all of your data.
Dez Rock:
SOAR would sit around that, but SOAR is kinda like version one, let's say.
Dez Rock:
And then you've got xdr, which encompasses all of SOAR Does that make?
Dez Rock:
So it does everything that SOAR does, but a little bit more.
Dez Rock:
And I can imagine that as the future goes on, we'll have another
Dez Rock:
version of that, which will then
Dez Rock:
include.
Dez Rock:
W. Curtis Preston: So are these three separate tools then,
Dez Rock:
or there are tools that encompass all three aspects.
Dez Rock:
I'm certain that there are companies saying that
Dez Rock:
they are three separate tools, but that's not what we think.
Dez Rock:
Should happen.
Dez Rock:
We think security should have be able to do all of that.
Dez Rock:
So even though, you know, we are titled a SIEM uh company, we actually
Dez Rock:
have SOAR and XDR capabilities and quite quietly working on the next,
Dez Rock:
uh,
Dez Rock:
the
Dez Rock:
W. Curtis Preston: So the answer, uh, and at some point, Prasanna, I'll let
Dez Rock:
you speak, but I, this is, you're the first person I've had that's really been
Dez Rock:
able to sort of lay all this out for me.
Dez Rock:
Uh, So there probably are SIEM tools, SOAR tools, XDR tools,
Dez Rock:
individual products that I can buy.
Dez Rock:
Uh, there are probably hundreds of them, uh, but there are maybe a smaller set of
Dez Rock:
companies that like yours that can do all three
Dez Rock:
We'll do all of them.
Dez Rock:
W. Curtis Preston: Okay.
Dez Rock:
Correct.
Dez Rock:
And even smaller that can handle the data volume that we
Dez Rock:
can.
Dez Rock:
W. Curtis Preston: Okay.
Dez Rock:
All right.
Prasanna Malaiyandi:
Yep.
Prasanna Malaiyandi:
W. Curtis Preston: You, you may now speak for Prasanna.
Prasanna Malaiyandi:
Thank you Curtis.
Prasanna Malaiyandi:
Uh, so Des, when you were talking earlier about sort of, okay, you need
Prasanna Malaiyandi:
this automation with Soar, right?
Prasanna Malaiyandi:
To be able to figure out and alert you properly, right?
Prasanna Malaiyandi:
Um, I think a lot of our listeners may not necessarily realize sort of
Prasanna Malaiyandi:
the volume of events that may come in.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Could you talk a little bit about sort of like what you see in some maybe
Prasanna Malaiyandi:
like small, medium businesses, right?
Prasanna Malaiyandi:
Where they might be like, Hey, I just have an IT guy.
Prasanna Malaiyandi:
They can just mi manually monitor,
Prasanna Malaiyandi:
right?
Prasanna Malaiyandi:
All these events and why some of these things may not
Prasanna Malaiyandi:
work yet.
Dez Rock:
Well, first of all, let's start
Dez Rock:
with what.
Dez Rock:
Like, what is a SIEM?
Dez Rock:
Remember I said there are some people thinking that a searchable
Dez Rock:
database is a SIEM because it we're collecting everything.
Dez Rock:
But that's just, for starters, that sounds like a nightmare because now it security
Dez Rock:
guy literally has look for, that's,
Prasanna Malaiyandi:
Yep.
Dez Rock:
that's not telling, giving any ranking.
Dez Rock:
That's, that's a searchable database.
Dez Rock:
That's not a SIEM.
Dez Rock:
So, um, So with a SIEM.
Dez Rock:
With just a SIEM, the amount, and remember everything is an incident.
Dez Rock:
It doesn't know if it's a good incident or a bad incident.
Dez Rock:
It's just an incident.
Dez Rock:
Okay?
Dez Rock:
Everything is creating, everything is, uh, giving you a trigger.
Dez Rock:
So we need to then assess.
Dez Rock:
If it's a good thing or a bad thing, is it an event?
Dez Rock:
Right?
Dez Rock:
So, by the way, if it's an event, is it a good event?
Dez Rock:
Is it a bad event?
Dez Rock:
So we start ranking, right?
Dez Rock:
So we start to say, ok, so when people are trying to break in bad, super bad, right?
Dez Rock:
Someone turning on the printer.
Dez Rock:
It's an event.
Dez Rock:
We don't need to do anything.
Dez Rock:
There's no alert there.
Dez Rock:
But it's still, you see, you're still being, it's an event.
Dez Rock:
You're still recording.
Dez Rock:
But it's not something that needs to be actioned.
Dez Rock:
These are very basic examples, but I, I like working with really basic
Dez Rock:
analogies and then building out, right?
Dez Rock:
So, um, in that case, Their volume.
Dez Rock:
You're talking about volume.
Dez Rock:
Even the bad ones could, like you could have pages and pages, how like that
Dez Rock:
makes it very difficult and like small to medium businesses usually have one guy,
Dez Rock:
like you are the security guy, go do it.
Dez Rock:
Right?
Dez Rock:
So that's a lot of pressure for one guy.
Dez Rock:
So you need to make it easier for them.
Dez Rock:
So that's why.
Dez Rock:
You know, alerts to, uh, slack channels, alerts to phones, or, because they can't
Dez Rock:
be sitting there staring at a screen like this is not, uh, wall Street ticker.
Dez Rock:
Do you know what I mean?
Dez Rock:
You cannot have that, that you just, you cannot be doing that.
Dez Rock:
So you need ways to put some, uh, framework around, well,
Dez Rock:
human flaws like blinking, right?
Dez Rock:
So we need, uh, a system in which we can, first of all, rank.
Dez Rock:
And then like I said, a SIEM was probably not enough because it depends
Dez Rock:
on the volume of data coming in.
Dez Rock:
Not enough.
Dez Rock:
So you'd probably want some actionable items to say this usually happens
Dez Rock:
and when this usually happens, I want if that, then this, right?
Dez Rock:
Then that's basically what SOAR is, right?
Dez Rock:
So, um, then I want these things to be done.
Dez Rock:
Makes your IT security guys life so much easier and
Prasanna Malaiyandi:
would you say that that transition from just
Prasanna Malaiyandi:
a normal SIEM to soar, does that happen at a certain employee count,
Prasanna Malaiyandi:
at a certain data set size count?
Prasanna Malaiyandi:
Like what do you, or is it basically everyone should be thinking about
Dez Rock:
Everyone think, look, the way it's going is everyone should be
Dez Rock:
thinking about XDR way at the beginning.
Dez Rock:
Everyone should, because I think that you right now, you do
Dez Rock:
not need to run a SIEM, right?
Dez Rock:
To run a SOC.
Dez Rock:
You need highly specialized people, and that's a cost point.
Dez Rock:
Like small to medium organizations cannot be doing that.
Dez Rock:
So what they need is tools that will make a job easy for an IT person to say, this
Dez Rock:
is something that needs to be actioned.
Dez Rock:
The, the benefit of something, and I hate to, I hate shilling, but
Dez Rock:
the benefit of our product is, is that you don't make that decision.
Dez Rock:
It's there.
Dez Rock:
It doesn't matter.
Dez Rock:
Like if you're small, if you're large from the start, it's there.
Dez Rock:
Yeah.
Dez Rock:
W. Curtis Preston: it.
Dez Rock:
It's not a choice
Dez Rock:
W. Curtis Preston: Yeah, and I think the.
Dez Rock:
The worry.
Dez Rock:
Right.
Dez Rock:
Come, you know, there's a lot of us that have been in it for a minute, right?
Dez Rock:
That's, that's the kids say and um, The worry historically with automated things
Dez Rock:
that are going to actually do things in my environment to help protect me is that
Dez Rock:
they're going to trigger too often, right?
Dez Rock:
That they're gonna, it's obviously, it's the false question, and you, you
Dez Rock:
know, you've decided that we're under attack and so we shut down the network
Dez Rock:
or, or whatever it is that, that we've decided that we're gonna do that.
Dez Rock:
How?
Dez Rock:
How do.
Dez Rock:
Get to that level of comfort.
Dez Rock:
So well, we have professional services for that, where we actually
Dez Rock:
rule out, and that's the rule sets that we write to literally customize
Dez Rock:
that stuff for your organization.
Dez Rock:
So you've removed the false positives, right?
Dez Rock:
Because we, you can't imagine that people are going to be able to
Dez Rock:
know how to do that off the bat.
Dez Rock:
It's probably one to be left to the professionals,
Dez Rock:
right, to set it up for you.
Dez Rock:
Kinda like anything, almost like buying a new, um, apple TV and
Dez Rock:
connecting it to your TV and needing a professional to come in and help you
Dez Rock:
set.
Dez Rock:
W. Curtis Preston: a, as a technical person, the fact that I needed
Dez Rock:
professional assistance to set up my Apple TV is a, was a bit insulting.
Dez Rock:
Okay, here's another really important question.
Dez Rock:
I'm assuming that these tools and, and your tool of course,
Dez Rock:
They manifest themselves in a couple of different ways, right?
Dez Rock:
How do people buy these products, put them in?
Dez Rock:
And then how does your, how does your product work?
Dez Rock:
Okay, so this is a very pertinent question right now because
Dez Rock:
we're about to release version five and we're the only SIEM product out there
Dez Rock:
that'll be available on AWS marketplace where you, if you're technical enough,
Dez Rock:
you can actually do it yourself with the support portal and go for it.
Dez Rock:
You don't need any help.
Dez Rock:
As done implementations, you'll have it up and running within minutes.
Dez Rock:
Again, unheard of if you know about any of this, right?
Dez Rock:
Unheard of.
Dez Rock:
But we're here to break the, again, we're here to make sure that, uh,
Dez Rock:
security is not gate kept right?
Dez Rock:
And that's part of it.
Dez Rock:
Um, now if that is outside of your technical scope, then we
Dez Rock:
are here to help implement and, and put that in for you as well.
Dez Rock:
Um, so you have two
Dez Rock:
options
Prasanna Malaiyandi:
When you do talk about that second case
Prasanna Malaiyandi:
or even the first case, right?
Prasanna Malaiyandi:
Is it customer or you are deploying it in their infrastructure?
Prasanna Malaiyandi:
In their environment on servers?
Prasanna Malaiyandi:
Is it offered as like a SaaS service that they log into?
Prasanna Malaiyandi:
Especially if you have multiple sites, so it's
Prasanna Malaiyandi:
all managed centrally.
Prasanna Malaiyandi:
Like what does that
Prasanna Malaiyandi:
deployment model look like?
Dez Rock:
Correct.
Dez Rock:
So the, the unique part of our, um, product is, is that
Dez Rock:
they all can hold tenants.
Dez Rock:
So again, if say for example, you are, uh, a small business, you're growing and
Dez Rock:
now you have different, uh, locations.
Dez Rock:
So you have different op, you can literally sit different tenants
Dez Rock:
and have one panel of view, uh, and your system will grow with you.
Dez Rock:
That this is what I mean about highly customizable and uh, very, Incredibly
Dez Rock:
scalable, so you could sit different tenants inside right now, off the bat,
Dez Rock:
through AWS and it's in the cloud.
Dez Rock:
By way performance, we utilizes technology in order to make this happen as well.
Dez Rock:
W. Curtis Preston: So you're, you're, you're a service
Dez Rock:
and I like that very much.
Dez Rock:
Uh, I do think that that's clearly the way it is going and, and it
Dez Rock:
makes it so much simpler for a lot of people, especially SMBs.
Dez Rock:
Um, but I don't understand.
Dez Rock:
So you're up in the cloud, but you need to, uh, see things, right?
Dez Rock:
These events that you described, uh, you use that term events per second, right?
Dez Rock:
E p s.
Dez Rock:
So how are you able to see these things
Dez Rock:
that are going on inside my environment?
Dez Rock:
How do we make that connection?
Dez Rock:
So during the implementation stage, you'll be asked to input all of
Dez Rock:
your data traffic into that to, to us.
Dez Rock:
You'll actually be told to, or you could actually even have a local agent.
Dez Rock:
So a virtual local agent within, and then what happens is that
Dez Rock:
acts as a, um, repository.
Dez Rock:
So everything goes to that agent, and then it becomes one funnel up
Dez Rock:
to the cloud that allows for, um, your, your guys are in backup, right?
Dez Rock:
That allows for two things as well.
Dez Rock:
That means that if there's a disconnection anywhere, you've actually got local
Dez Rock:
storage of events, which is really good for forensic and anything else.
Dez Rock:
It's just due due diligence, right?
Dez Rock:
And so when the connection is reestablished, it will.
Dez Rock:
Uh, take all of that, um, events back up to
Dez Rock:
the cloud.
Dez Rock:
W. Curtis Preston: That makes a lot of sense.
Dez Rock:
And then of course I will
Dez Rock:
need someone to monitor that, the service.
Dez Rock:
Right.
Dez Rock:
Um, or I can hire somebody to do that.
Dez Rock:
Correct it, it does depend on the, uh, on the skillset of
Dez Rock:
your staff and your organization, what type of organization it is.
Dez Rock:
If you're looking for just compliance and just let me know
Dez Rock:
if someone is trying to hack in.
Dez Rock:
I think you're good.
Dez Rock:
Like I, I I think you're good.
Dez Rock:
Your It can do it.
Dez Rock:
If your data is incredibly sensitive and you need 24 7 monitoring, then
Dez Rock:
you would probably outsource that.
Dez Rock:
And I suppose it comes back to the actual value of having red
Dez Rock:
team create blue team security.
Dez Rock:
We think of every, every design element, we don't put just
Dez Rock:
funnels straight up because what happens if there's a disconnect?
Dez Rock:
What happens if there's a power failure?
Dez Rock:
What happens if that, like even that needs a.
Dez Rock:
That's all been thought through.
Dez Rock:
Right.
Dez Rock:
Um, so the redundancy isn't intended to be kept there.
Dez Rock:
It's, it's intended to just in case there is a disconnection,
Dez Rock:
a power internet, whatever.
Dez Rock:
Right.
Dez Rock:
Um, and these are all the things that have been thought through.
Dez Rock:
Uh, so the system is secure.
Dez Rock:
It's not just protecting you.
Dez Rock:
The entire system is
Dez Rock:
secure at
Prasanna Malaiyandi:
Okay.
Dez Rock:
Yeah.
Dez Rock:
W. Curtis Preston: it's like, it's like,
Dez Rock:
bank robbers that built a bank.
Dez Rock:
Exactly right.
Dez Rock:
It's just, you know, the other thing, the o the only thing, the
Dez Rock:
other thing is, is like, it's like, it's like having a motorcycle gang
Dez Rock:
as personal protection, right.
Dez Rock:
It's probably, you know, the outlaws that's the trying image I'm trying to get.
Dez Rock:
It's like having outlaws and going, I'm, these are gonna be
Dez Rock:
my security guards and you know,
Dez Rock:
you've got the best damn security guards on you could ever get.
Dez Rock:
Right.
Dez Rock:
Because ain't nobody's gonna mess
Dez Rock:
with you.
Dez Rock:
Because the p that's exactly the, exactly.
Dez Rock:
Um, the
Dez Rock:
W. Curtis Preston: So do you, do you still do the red team
Dez Rock:
stuff or, or is it, this is going so well that you're not.
Dez Rock:
You're not doing that.
Dez Rock:
Yeah.
Dez Rock:
So we always keep a foot into the red team world.
Dez Rock:
We still attend Defcon, um, in Las Las Vegas every year.
Dez Rock:
Um, and.
Dez Rock:
We, but unfortunately, um, the, this has overtaken everything and
Dez Rock:
this has grown from what was a kind of side act to the main event.
Dez Rock:
Yes.
Dez Rock:
W. Curtis Preston: I like that, that, I mean, that, that's, you know, you're,
Dez Rock:
you're clearly meeting a need, uh, and.
Dez Rock:
If you're helping SMBs to have better security, I am.
Dez Rock:
I am all for it.
Prasanna Malaiyandi:
Des, at the beginning you had alluded to a
Prasanna Malaiyandi:
ransomware story that you think we might be interested in hearing about.
Prasanna Malaiyandi:
Um, maybe you want to talk about what happened.
Dez Rock:
Oh, okay.
Dez Rock:
So that, that's one of our clients who's a large hospital.
Dez Rock:
Most of our
Dez Rock:
clients
Dez Rock:
don't
Prasanna Malaiyandi:
We're totally fine.
Prasanna Malaiyandi:
yeah.
Dez Rock:
So just bear with me here.
Dez Rock:
And, and I, and I'm in the, I'm in the Secret Keeper
Dez Rock:
business, okay?
Dez Rock:
So a large
Dez Rock:
Hospital.
Dez Rock:
Uh, was infiltrated, um, by an incident that was basically going
Dez Rock:
to be an attempted, uh, ransomware.
Dez Rock:
Right.
Dez Rock:
malware was attempt to lock down their system and it was our, um, including the
Dez Rock:
SOAR and the XDR capabilities, and he, and the project was called Project Skynet.
Dez Rock:
It was, it's just, Phenomenal.
Dez Rock:
Once you hear this guy's story about it, I've literally got
Dez Rock:
a, um, I was so interested.
Dez Rock:
I had him interviewed right?
Dez Rock:
And wanted to get what his story out there.
Dez Rock:
It's a brilliant, brilliant story of exactly this.
Dez Rock:
It's exactly how, uh, attempt was made and the SIEM did its job.
Dez Rock:
It literally did its job.
Dez Rock:
It's kind of like, are you.
Dez Rock:
Fans of Harry Potter by any chance, you know, the last movie when all of the,
Dez Rock:
uh, statues come to life and finally start protecting the, uh, castle, right?
Dez Rock:
So it's a phenomenal SIEM, right?
Dez Rock:
It's like finally they sit there and, but they find that's exactly what happened.
Dez Rock:
The SIEM came to life and, and killed the ransomware.
Dez Rock:
Identified it, knew what it was, shut it down before we could.
Dez Rock:
This was then passed along to management to say, this is because it's one thing to
Dez Rock:
say, damn it, we've been hacked or dam it.
Dez Rock:
We've got ransomware to deal with.
Dez Rock:
Right?
Dez Rock:
That's panic mode.
Dez Rock:
But to hear, listen, they tried it.
Dez Rock:
But they didn't get anywhere because this was, we stopped.
Dez Rock:
This was stopped.
Dez Rock:
It's you.
Dez Rock:
That's a different emotional journey.
Dez Rock:
You're not sure if it's like, did it happen?
Dez Rock:
Did it not happen?
Dez Rock:
What happened?
Dez Rock:
You know, like, like, you know.
Dez Rock:
Um, and so great story for that.
Dez Rock:
So that's exactly a story that's happened that because ransomware, and
Dez Rock:
here's the other thing I gotta tell you.
Dez Rock:
Alright.
Dez Rock:
Just lean in boys.
Dez Rock:
Every company that's been hacked, Every company that's had ransomware
Dez Rock:
attacks, all of these guys have got security software too,
Dez Rock:
right?
Dez Rock:
W. Curtis Preston: Yep.
Dez Rock:
Just think about
Dez Rock:
W. Curtis Preston: Yep.
Dez Rock:
And, and every one of them that were unable to restore
Dez Rock:
their data had backup software.
Dez Rock:
Right.
Dez Rock:
Um, and yet, and yet sit.
Dez Rock:
because you know what they say.
Dez Rock:
W. Curtis Preston: What do they say?
Dez Rock:
You know what they say
Dez Rock:
Nobody gets fired from, from buying a Gartner Quadrant product, right.
Dez Rock:
Exactly well known, which means security people, and I'm guessing backup people
Dez Rock:
or two are not doing their research on the technology and the advancements.
Dez Rock:
They're just doing what everyone else is doing.
Dez Rock:
They go to Google what is the best thing, what is the best backup pro, whatever, and
Dez Rock:
going with that, not necessarily the best.
Dez Rock:
So the companies out there that are being hacked, that are getting ran
Dez Rock:
ransomware softwares, I guarantee you they've got really, really
Dez Rock:
well known security software in.
Dez Rock:
And they're doing a phenomenal job, aren't they?
Dez Rock:
Phenomenal.
Dez Rock:
Absolutely brilliant.
Dez Rock:
W. Curtis Preston: I, I sent, I sense a tad bit of sarcasm there.
Dez Rock:
Well, Des, you've been, you've been fascinating, you've been entertaining,
Dez Rock:
uh, and, and very educational.
Dez Rock:
Uh, I do not know as much about this space as, as I should.
Dez Rock:
And, and I, I think, I think I'm, you know, I'm, I'm not alone in that.
Dez Rock:
So, you know, you really helped us understand what that market does.
Dez Rock:
I, I love this idea of a product that is, You know, I mean, the fact
Dez Rock:
that your product sort of starts with affordable as, as your leading thing.
Dez Rock:
Uh, I, you know, I love that the idea that you said that, you know, your, your
Dez Rock:
the customer that started this, they said they, they wanted Splunk and then
Dez Rock:
they got a quote and they're like, ha.
Dez Rock:
Right.
Dez Rock:
They had, uh, sticker shock.
Dez Rock:
And, and I do think that that.
Dez Rock:
Problem cost, right.
Dez Rock:
Is a barrier for a lot of areas of technology, and I really agree with you
Dez Rock:
that it should not, you shouldn't have to be rich, uh, to, to have decent security.
Dez Rock:
Right?
Dez Rock:
Um, and so I, I'm, I'm glad your company's there.
Dez Rock:
I'm glad you're doing well.
Dez Rock:
Uh, I wish upon you that you will have no time left for Red Team Business.
Dez Rock:
Um,
Dez Rock:
And, uh, so tha thanks a lot for coming on the pod
Dez Rock:
Oh, thanks for having me.
Dez Rock:
It's
Dez Rock:
been a
Dez Rock:
pleasure.
Dez Rock:
W. Curtis Preston: And
Prasanna Malaiyandi:
Des, just, uh, one question.
Prasanna Malaiyandi:
If, uh, our listeners wanted to find out more information about
Prasanna Malaiyandi:
SIEMonster, where can they go?
Prasanna Malaiyandi:
Can
Prasanna Malaiyandi:
they, like, is there a website they could hit?
Prasanna Malaiyandi:
Like what should they
Prasanna Malaiyandi:
do?
Dez Rock:
SIEMonster spelled SIEMonster com.
Dez Rock:
Um, that's our home.
Dez Rock:
And um, yeah, that's where you can find out more about the product and um, get
Dez Rock:
W. Curtis Preston: I like it.
Dez Rock:
I, I wonder if, because of the way we pronounce it in the US I wonder
Dez Rock:
if people call your company SIEM Monster and they don't understand
Dez Rock:
all the time.
Dez Rock:
They don't understand the J the joke, because remember when we first started we
Dez Rock:
were like, We, we heard it as SIEMonster.
Dez Rock:
We were like, haha,
Dez Rock:
the
Dez Rock:
W. Curtis Preston: Aren't we
Dez Rock:
clever?
Dez Rock:
Lago.
Dez Rock:
You know, like, you know, so that's, aren't we clever tongue?
Dez Rock:
Right.
Dez Rock:
Um, and we even had, our servers had different names, we had different code
Dez Rock:
names, we had all had monster names.
Dez Rock:
Uh, we had Kraken, we had, we had had, we had so much fun coming up with all of
Dez Rock:
that at the start, you know, when we were just re really start, you know, starting.
Dez Rock:
So the SIEMonster stuck, had to get rid of, uh,
Dez Rock:
but we still have them on Slack and they're be private and they're.
Dez Rock:
W. Curtis Preston: Uh, don't keep that character.
Dez Rock:
Um, yeah.
Dez Rock:
So, uh, Prasanna, thanks.
Dez Rock:
Uh, thanks.
Dez Rock:
You know, great conversation.
Prasanna Malaiyandi:
as always then thank you.
Prasanna Malaiyandi:
W. Curtis Preston: All right.
Prasanna Malaiyandi:
And, uh, thank again to our listeners.
Prasanna Malaiyandi:
The backup wrap up is written, recorded and produced by me w Curtis Preston.
Prasanna Malaiyandi:
If you need backup or Dr.
Prasanna Malaiyandi:
Consulting content generation or expert witness work,
Prasanna Malaiyandi:
check out backup central.com.
Prasanna Malaiyandi:
You can also find links from my O'Reilly Books on the same website.
Prasanna Malaiyandi:
Remember, this is an independent podcast and any opinions that you
Prasanna Malaiyandi:
hear are those of the speaker.
Prasanna Malaiyandi:
And not necessarily an employer.
Prasanna Malaiyandi:
Thanks for listening.
Listen On
