How Cybersecurity Integration Partners Work Together

Transcript

Opening

Mike Krass: Hello, and welcome to What's the Problem, the podcast where we dive deep into some of the more pressing issues facing cyber and data security professionals and leaders today. In each episode, we're joined by guest experts who share their insights and their experience on the things that they're facing in the world of security today. So whether you're a seasoned veteran or a new leader to the field, this podcast provides valuable info and some strategies that you can take away to get your organization to the next level. So join us as we explore the ever evolving landscape of security and discover new ways to tackle the problems that keep us up at night and during the day. This is What's the Problem. I am your host, Mike Krass. Let's get started.

Conversation

Mike Krass: Today, we are joined by Nick Hansen. Nick, say hello to the guests and the listeners.

Nick Hansen: Hello, Mike and team. We're looking forward to talking to you.

Mike Krass: Absolutely. So Nick, as we always do in this show. First question: why are you qualified to talk about security?

Nick Hansen: So I've been in the software development business for about 20 years, IT technology. In the last 10 years or so, I've been focused on security related issues. Whether it be software security, and more recently, endpoint security. I've been involved with managed service providers lately for the past three and a half years. And looking at the endpoint detection response and manage detection response in the cybersecurity business that are affecting all sizes of enterprises and small and medium sized businesses as well. For the last little bit, that’s something that I've been focused on.

Mike Krass: Awesome. So today, the topic we're going to spin around with our listeners is integration partners. Now, Nick, before we get too far down the rabbit hole here, integration partners. What's an example of a pair of integration partners that you could share with our listeners.

Nick Hansen: So if you think about it, you’re a business. You’re a software provider. You're not going to build every piece of software that you sell. Or you're a service provider that needs to go out and find customers that are in either enterprise or small to medium sized businesses and bring together technologies of different sizes and shapes and form factors. So there's a big, big market right now for software as a service, the SaaS market. You've heard about it. The cloud based software that you access through a browser. You're gonna have different partners for offering different services. If you're a managed service provider that's actually looking to get new clients, you're going to partner with other vendors that are actually producing tools. One thing that I happen to be very interested in and I've been paying attention to for a while is this idea of endpoint security. The security of the devices that are inside the networks of businesses, large and small. And those integration partners are the different tools that you can bring to bear for your business or your enterprise and your networks to keep them secure.

Mike Krass: Give us an example of integration partners that you've seen out in the wild, out in the world.

Nick Hansen: It's sort of more specific to the services market. But there's some big cybersecurity players on the market right now. Microsoft is one of them. They're obviously an integration partner for so many reasons. But then there's other ones that are like SentinelOne and CrowdStrike and some of those other up and coming cloud based security providers that have  both an agent that lives on devices as well as the cloud presence for intelligence and reporting of issues as they're found.

Mike Krass: Got it. Yeah, SentinelOne, CrowdStrike, obviously. Large scaling security businesses. Big, big product awareness. Not as much as Microsoft, obviously, but there can only be so many Microsoft's in the world. Right, Nick?

Nick Hansen: That's right. They’re the gorilla in the room, right?

Mike Krass: Absolutely. So you got a little bit into how the integration partners work with the example of endpoints, using endpoints and devices. The agent is on a device. Let's call it a phone or a tablet. And then, I'm assuming, on the other end of that agent, in this cloud or SaaS platform, this pane of glass that folks are looking at. You're looking at the network at that point. So these devices, the endpoints are connected to the network and that's how that integration works. Did I kind of capture that correctly?

Nick Hansen: That's right. The device or the phone and the tablet market, that's more of the MDM, mobile device management. So with the big players, the Apples, the Googles, the Androids of the world. They have their platforms. The endpoint stuff like the laptops and desktops that you're using if you're at a coffee shop or working from home, those tools at this agent reports up to these cloud platforms. And then there's a management interface that administrators, whether they be local to your organization or by a service provider who you pay to manage it across your business, look at it. This integration point is what we call API's. Advanced programmatic interfaces. This is how the agents talk to these cloud services. That's really where the rubber meets the road. Where you're actually making calls across the internet to secure services. And these API endpoints, as we call them, is what takes that data and does things with it, like puts it into data lakes or these big data warehouses for aggregation and analysis. Most of it’s automated. So this whole idea of AI in the security world is looking for patterns in the data that's flowing in on a constant basis. We're talking about terabytes of data across these big services on a daily basis. I've heard some numbers that were mind blowing to tell the truth, as I talk to some of these providers about the data ingest that they're taking in. All these security data points that are protecting those devices, watching for attackers coming at you in so many different ways. That's one of the biggest threats or one of the biggest things you have to get your head around is that these attacks are ever changing. The threat marketplace or the threat landscape continues to change on a daily basis. There's good guys and there's bad guys on both sides. Smart teams on both sides to tell you the truth. And these bad guys, unfortunately, are getting pretty well organized. Whether it be nation states or just criminal gangs across oceans.  They literally have development teams that are working just like software development teams. They just happen to be creating a product that they don't sell. They monetize it by attacking people. So the tools that you have to have in place to protect your networks have to be responsive. And that's that cloud angle where you can get the intelligence from the cloud. Without getting too deep into each vendor, most of them have a cloud receptacle or database that's available for information that the agent connects with, talks to, and says, Hey, I'm seeing this. Is it a problem? Yes, it is. No, it's not. It passes through those checks and gates as devices just keep motoring on. As you're clicking on links from emails, all those kinds of things are being checked on a second by second basis.

Mike Krass: How do you spot a good integration partnership? I asked that question because a lot of our listeners are making decisions on different security products or services to invest in for their organization. And, as one of our guests said previously, there's not a week that goes by where they don't have a handful of 5,6,7 meetings on their books with security vendors. You're trying to parse out what's going to work for our company? What's going to plug into our stack? What do we need? Because there isn't a single product that I can click buy on, and all of a sudden, all my security problems are covered. That just isn't real.

Nick Hansen: That’s for sure.

Mike Krass: So how do you spot a good integration partner? Because that's probably how some of our listeners are thinking about this episode. They're like, Well, I heard about some of these integration partners. Or I could buy the best of this and the best of that. Then, through an API, they could be connected securely. This could help to power a secure operation of our business. So tell us, Nick, how do you spot a good partner? Like, what are some of the characteristics?

Nick Hansen: So these days, the availability of those API's or cloud based services. API's are also known as application programming interfaces, as well. The ones that have the mature, very modern interfaces are the ones that are being built now. There's a lot of legacy platforms out there. Unfortunately, some businesses haven't modernized.

Mike Krass: What's an example of a legacy platform just for the listeners?

Nick Hansen: A legacy platform would be a platform that hasn't updated or one that has a SOAP API, let's say. A SOAP or XML based API versus a REST API. So if you're looking at the marketing materials, or you're looking at the docs.company.com for the vendor you're looking at, look for things that say REST API. So REST, Representational State Transfer interfaces, are the new norm and the modern interface for getting data out of systems, putting data into systems. SOAP is an older protocol that's been around, but you'll see it in some legacy platforms. A lot of the big ERP or CMS kind of systems that were built a couple decades ago and they've just been milking maintenance revenue and licensing for a while. Look for the newer players. There's some cloud native players in the market. Right now, cloud security is huge for the services that you're using. You're probably using things like Salesforce, or Google, or M365. Those are SaaS services that have to be secured in their own right to make sure that the correct access is provided to the correct actors in your environment, and that threat actors are prevented from accessing those resources.

Mike Krass: That's a great takeaway. Looking at REST API. SOAP and XML API's are going to be considered more of a legacy. Not a cloud native architecture or a modern architecture. So REST API's is kind of the takeaway there. Is there another key takeaway that you could share with us?

Nick Hansen: Oh, I’d said another one is that SaaS model where it's actually delivered in a browser. So you do have to have agents installed for some things, but you want to keep those agents as minimized as possible. Keeping as little footprint on your devices as possible is another big, big win.

Mike Krass: Why does having a smaller footprint or agent footprint on the devices matter?

Nick Hansen: It's the attack surface. So there's a lot of stuff. Posture management or attack surface management are abbreviations and acronyms that are being thrown around in the cloud security space right now. And minimizing that is key. Just like anything, the less attack surface there is, the more chance you're going to be secure. The less stuff you have to protect, the easier it is going to be to protect.

Mike Krass: Attack surfaces, we can't necessarily touch it. Sometimes you can, sometimes you can't. But the attack surface is like a literal surface that you're thinking about. The tighter you can keep it, the smaller you can keep it, there are fewer vectors in or on that surface that can leave you exposed. So you want to keep it tight. You want to keep it small. This is basically a golf score. We're not playing basketball. We're playing golf here.

Nick Hansen: That's, that's exactly right. There’s the idea of thinking about what's actually touching the Internet, what the internet can see when you're not looking. So this idea of ports and internet servers. Internet facing, that's the attack surface we're talking about. So if you're at home, behind your home router, keep those things up to date. Keep them patched. Make sure that you understand. If your devices, your modems or your routers, come from your service provider, your ISP; or you bought them yourself like D-Link or some of these other brands that are out there, keep those things updated. Because that's that attack surface. What the internet can actually see at an IP address is what they're going to try to get into. And the more services you have open, the more surface there is for those attacks to get in.

Mike Krass: Earlier, we were talking about this four way handshake. And it just brings to mind an incredible visual just four hands kind of clump into the middle and are all trying to shake at the same time. What or who are the four hands that we're talking about? Let's start with that question.

Nick Hansen: So in a services provider model, there's a business that has a client. That client is, let's say it's a small business. It's a dentist office on Main Street that needs IT services. They want to be cleaning people's teeth and taking care of root canals, not worrying about the security of their email attachments and doing those kinds of things. So in order to get that security tool, that MSP, that managed service provider needs to work with vendors to get those tools. Now that four way handshake, it could be different tools coming from different providers. And the one thing in business you need to think about; if you're selling a product, you're thinking about the margin you're making on what it costs you to procure it and then to sell it on. And so having the four way handshake of a software vendor working with another software vendor, selling it to an MSP. Each one of those parts of that handshake needs to be happy with the margin they're making. And then it needs to be at a price point that the small business, that dentist office, can actually pay for. And that handshake has to work for the economics of the environment for the software security market to work. And you'll see that a lot, I think, going forward. As these new security services come about, there's gonna be more players in the market. You can see some of the stuff that's popping up now with companies like Wiz and Lacework. They're offering cloud services and they're taking big valuations getting a lot of money, but also offering new kinds of services for protecting the new attack surfaces that are coming online and will be coming online in the future.

Mike Krass: Nick, I've really enjoyed this conversation today. Listeners often write in and they say, Hey, I heard Nick on the show, and I'd love to connect with this guy. So what's the easiest way for people to connect with you?

Nick Hansen: So I'm on Twitter. Nick Hansen. Just straight. Twitter, I've been on there for a while. And then also you can find me on LinkedIn. Nicholas Hanson on LinkedIn. I'm happy to take calls or meet some clients. I've got my own consulting business now. I’m happy to talk more about this stuff in depth to anyone who'd like to talk.

Mike Krass: Awesome. Thank you, Nick.

Outro

Mike Krass: And to our listeners, that is a wrap on this episode of What's the Problem? I hope you found our conversation with Nick Hanson to be insightful, to be informative. You can take away a few actions that you can immediately bring into your business. Remember to tune in next time for more discussions on the challenges and topics in the world of cybersecurity. I also want to give a quick shout out to our host MKG Marketing. MKG is focused on helping cybersecurity companies get found, get leads, and close deals. So if your cybersecurity business is struggling to generate leads or close deals, let us help you. To learn more, you can check out our website mkgmarketinginc.com