The Key to Managed Cybersecurity Services💡

So it still takes the expertise Yep. To tune the systems, watch the systems respond, and then a broader expertise to to follow that instant response plan and involve the right people along the way. We're not editing that, by the way. We had to already start over once. Alright. So we're here to talk about events. Yes. Which often are alerts. They can be alerts. They can they can create alerts. Correct. So and, incidents and and specifically how they relate to security, but but you've dealt with events for a long time or the IT side of it. I dealt with events that were IT related. So, you know, events and, incidents are two different things. An event is something that could become an incident, and an incident is something that's actively happening that, you know, at least in the IT world, whether bring your systems down or or hugely impact your ability to do business So, one example would be, like, performance indicators and a an an alert that comes across as a performance indicator across mall I'm gonna geek out a little bit multiple, virtual machines that are on the same data store. But when you really dig into it, you find that it a controller that has like a, like, bad cash on and on the host itself. Like, that would be, that would suddenly move it from an event into an incident. That that needs to be corrected immediately, you know, because that's impacting everything. Yeah. So it's safe to say an incident could be caused by one or more events. Correct. And the incident is when you have the the impactual is that a word? Impactual. I don't. I do not think that that's a word. I think it's a word. So so what I'm hearing is you are better at knee jerk conversations than you are when you have to retread the same ground. This is interesting. I'm getting to know more about you. It's good. I'm I'm used to having AI. Right things for me now. So it's it's to come up with them off the top of my head. So so those are are when the business actually experience an impact, right, from one or more events Correct. And and the true the the same is true for security as well. We use that same framework or same way of thinking about events and and instance. Why? I mean, why don't we just respond to every event that happens? Whether it's IT or Because we'd be running around like chickens with cut off, and we would we would likely muddy the waters. So you have to, you have to really look into, you know, one, it's not one size fits all. Some of it is, but not all of it. Some of it's, you know, definitely cater to your business. And then one example I can think of is, you know, out of the country, alerts that would be events for, like, people who are maybe in Egypt logging in. Well, they might have a very good reason. Somebody might actually be in Egypt logging in. And if you were treating every one of those as an event, I mean, sorry, as a, as an instant, I mean, you would that's all you would do all day long. So you have to have some checks and balances in place. You have to have people who understand, understand the the tool set, right, and can easily you know, tune it to tune out any of the white noise that would happen and really dig and really, you know, identify what are, instance versus what are just, like, events that can be easily looked through very quickly and going, okay, just a couple pieces of corroborate, corroborating evidence, and we understand that that's likely an actual, incident. Okay. Yeah. That that makes sense. So You're responding. You're like, Okay. Okay. Well, it was kind of a long response. Well, it was a long question. It was short question. I think it was pretty long. So we'll play it back. So so if if we think about, you know, in terms of security posture and and what matters, we don't wanna we don't wanna respond to every event. Do wanna capture them all. Right. And then how do we figure out which ones are becoming incidents? Or at what point do we know when happens. Yeah. So, I mean, the enrichment of data from other, apps, or different, different reporting technologies can be brought in to a seam SIM. Either one is correct. Depending on who you talk. I hate you. Okay. So, and Microsoft actually provides a a really good, SIM application that is backed by AI. And if you haven't watched the video, we did make a video on AI. That can help identify programmatically, what could possibly really be incidents. And it's not it's not bad. It's pretty good. So so, you you know, another way to think about this is the more events you have the better you're gonna understand your incidents because you have more data points to back up what's happening. And once we determine an incident is occurring, there there's something we do different than an event. Right. We're we're likely, you know, engaging teams to start analyzing what's happening, lock it down, and then gain some perspective and start remediating. Okay. And that's done through a a process. Yes. That's done through a process and procedure. I just can't remember the name of it. Instant response, please. Thank you. I can't. I couldn't. I honestly couldn't remember it. Let's just keep going. So so as as we look at the way IT departments deal with incidents, we see a lot of variation, a lot of inconsistent see across the board. We see people that, you know, spend way too much time on on the events that are happening not enough time on incidents. We see people that turn every event into an incident. And our like you said, you know, you're running around. We we see people with emergency for emergency. We see people who think they're covered to get them back up by their insurance provider, but that's not what their insurance provider is there to do. With their forensics teams. Like, it's just, you know, misplaced, understanding of what's what's really happening and what you purchased. Like, so it's it's across the board. It's it's different. And really the way we do it here is we have a a combined team of administrators and secure of IT administrators and security analysts. One set is really working towards figuring out where, something's happening and can maintaining it. The other one the other side's figuring out how to, you know, maintain, like, keep you running as a business, or if you are down, bringing you back up as fast as pop So you can ship whatever widget you need out of your shipping department, right, like getting your trucks moving. Right. So that's the way that we found is the, is the best solution to this problem. And it and it's always evolving. It's always evolving. So so Yeah. That that makes a lot of sense. What what do you see when you work with a new company that maybe has some of the tools in place, but is spending a lot of time chasing events or has a lot of events, but not a good incident response plan. What are the, like, what does that lead to? It's training of resources. I mean, I don't think, I don't think when, leadership really, really sits down. They understand what it what having a cybersecurity team or having some cybersecurity awareness really looks like day to day. I mean, you know, you have to staff to have people kind of aware about what's going on. Twenty four seven three sixty five. We don't see a lot of these, incidents happen, while everybody's awake. Right. You know? And while while people are able to jump on it, Ealey. Yeah. One of one of my favorite examples of that is, I got a call Easter Sunday morning. I yeah. And, you know, it it was not for a customer, but it was for a a business that we had been talking to you about working with us, and that event started the night before. So, you know, the those events led to an incident but were not detected until that instant was was well down the road to BNA. Really, you know, having a big impact on the business. And this customer had a firewall sorry. This prospect had a firewall. They had some applications that were security minded. They had alerts. They actually had an MSSP in place. That that only I forgotten that part. Only alerted, but didn't take any action. Right. And I think that's, you know, one of the things that that I tell people when when talking to them about this is, you know, all the tools you can monitor everything. It's like a security system in your home. Mhmm. You're gonna have it all there if you don't ever arm it, when you leave, you're never gonna know when somebody breaks in right till you get back. And and you could look back and say, oh, man. Me open my door while I was gone Mhmm. And see the that event, but but you don't know or you can't take action that actually could prevent the impact of of those And we, and at one point in time, we we operated out of that paradigm too. It was a while ago, but we had like the separate cyber solution that would, you know, just basically throw, throw the alerts and everything for remediation over the fence. I mean, that was quite a while ago. But That's true. But it's a common way of of operating issues. Yeah. We have this security team. All they do is watch for these So when they happen, they say, Hey, IT team, you need to fix this. Right. And that's that's a breakdown point. When can't afford a breakdown. The last the last thing we need is a mishandling of of what's the the start of a security incident that we likely could shut down very quickly. No one's gonna care, you know, when they get breached that they didn't buy our cyber security offering that, you know, our name is right alongside theirs in the newspaper. So Yeah. Yeah. It makes complete sense to have, to have teams that are, that are integrated, you know, that that can respond with a with a full gamut of IT and and cyber security knowledge. And I think we we do that pretty well. Yeah. Yeah. I I we do, but most businesses don't have the resource to have somebody watching twenty four seven, somebody available to respond. Yeah. It's multiple somebody's, right? Right. It's multiple somebody. So now you're talking about expanding, expanding the amount of employees you have, you know, giving them benefits. It it's it's quite a task. And You can the other thing that we see often is, well, if I just buy X, well, so you bought X. Now you have to configure X that that watches whatever you need it to watch. And then you have to, administrate X, right? And then you have to the maintenance on it to keep it up to keep it, like, up signatures up to date and and alerting up to date and all that stuff. Like, that all takes, human, human capital. That's what it takes. And I think the the cool thing is that we, we've bought that human capital. We have that human capital. And we can easily deploy it to, you know, prospects almost anywhere in the world. Yeah. The, the easiest part of this is buying the tools. Yeah. The hardest part is making those tools really work for you and and protect you. And I know we've gone into multiple environments that had tools but the alerts were shut off. Yeah. They they're mothballed, essentially. And and I and I get it why their IT administrators did that, right? Because it's like I I can either help Brenda get her printer back online so she can, you know, print out checks for people, you know, payroll and stuff like that, or I can deal with four hundred alerts, I don't really understand might, and most of them might just be white noise. And they're all it takes to that one that's really not. And I and even, was Equifax, or who was the, who's the, the credit card company that, that had the, the breach. And it was one, like, alert Yeah. That had fired like six months or three months prior to that. I'm sorry, I I don't remember which one it is, but it was a major one. And they just had thought that was white noise. Yeah. You know, I can I can completely understand? This is not on any of those guys. So it still takes the expertise Yep. To tune the systems, watch the systems respond, and then a broader expertise to to follow that instant response plan and involve the right people along the way. One of the most frustrating, instance that that I was a part of, the executive team, the leadership team, didn't find out until things were way, way too far gone. So decisions that that they should have been involved in, they weren't involved in. And so having that in response plan, knowing what happens is these events turn into an incident and knowing when to involve the rest of your company is a is a key part of that as well. And something that that either you have to invest the time for or you use a provider like Corsica that they can do they can do that for you. Yeah. Everybody has to be kind of on board from the top down. It can't be driven by IT. Yeah. So security is a it's a business issue. It's not a technology issue. Right? Okay. Well, well, Nate, this has been this has been great. For spending some time. Yeah. No problem. I enjoy this time. I do to you. And and