The Wireless Way, with Chris Whitaker

Michael Sci with eSentire, a different take on safe spaces, cybersecurity explained. Who are the pretenders vs. the contenders.

Season 3 Episode 40

Something a little different, a great conversation with Mike Sci on the topic of cybersecurity.
Here is our discussion outline.

  1.  What’s not in the Bio 
  2. Why are people intimidated by cyber security
  3. How can people get more comfortable with the subject
  4. How do you start a cyber security discussion
  5. Why do you refer to cyber security as a big data problem?
  6. There are a lot of acronyms in cyber Security market.  what is MDR, NDR, EDR, EDR?
  7. There is a lot of competitors in the MDR security market.   What are some key questions to ask potential MDR providers when trying to select the best solution for your business
  8. What is the benefits to using a security service vs. products?
  9. How can MDR protect companies with wireless and IOT environments? 
  10. What is the most common reason a company has for not having an adequate sec posture? 
  11. What trends do you see now compared to years past? 

Mike Sci, a Senior Channel Solutions Architect, brings more than 20 years of technology and security experience to his current role at eSentire, a managed detection and response (MDR) security provider. Mike’s specialty is using network, endpoint and cloud security services to reduce the risk of cybercrime on businesses. Mike takes the time to understand each of his client’s unique security requirements to design a security solution that best fits their desired business goals.

Learn more about Mike- https://www.linkedin.com/in/mikesci/

Learn more about eSentire-https://www.esentire.com/


Support the show

00:00:00
 Chris Whitaker: This post is dedicated to you, the curious one, the one that happened, the one that just wants to add value to everything you do. Just like today's guest, Mike she, with eSentire, we kind of talk about safe spaces, I should say secure places, as we did into cyber Security. Explain. Enjoy it begins now. Welcome to another episode of the wireless way i'm your host, Chris Whitaker, occurred has always. I am super grateful that you're here to listen in on this conversation around safe spaces and maybe I should call it secure spaces. As we touch on some cyber security and we always try to bring on some great guest, today is no different. My guess, Mike Sci. When call Michael Sci, is a senior channel solutions architect, bringing more than 20 years of technology and security experience to his current role at eSentire. A manage detection and response security provider. My specialty is used in network in point, in cloud security services to reduce the risk of cybercrime on businesses. Mike takes the time to understand each of us clients: unique security acquirements, to design a solution, a security solution that is that best fits their desired business goals, Mike. Thank you for making time to join the show today. How are you?

00:01:29
 Mike Sci: I'm doing great, Chris. Thanks for having me on.

00:01:32
 Chris Whitaker: Now this is great, said we've we've been talking about this for a long time. Jason Stein, my counterpart here at Telarus, we know there's really no technology conversation. You can have a, well I should say, no complete technology conversation you can have with you if you don't bring up the topic of security. So I'm glad that you're with us today and kind of share with us. You know what you've seen in the business, but before we get to that, as always, you know we kind of have your. You're linked in bio there. We know you're doing now, but what's not the bio? I mean? Surely you were like an elementary school going. You know what they have this sink outside for security one day and I'm going to be. How did you get here?

00:02:14
 Mike Sci: Yeah, you know it doesn't happen overnight and I think it's really interesting because my son's 20 and I'm trying to talk to him and encourage him to get into cyber security and you start realizing it doesn't happen overnight. It happens over time and it's a process, little steps at a time. But originally you know earlier on I was more post sales. I was in the project management arena and doing post sales integration work and I noticed that you know there were guys that would come into the office and girls as well and and they are dressed sharp and and they would present new solutions to us. And I'm like I really like what those guys do. They're out there selling things from a technical perspective and it seemed like an exciting role. So at the time, you know I was working for a company called Okami and post sales project management and that's where I really got my star into pre-sales you know back then Okami was a content delivery network. They also did web web application firewalls on the edge. So that was kind of the beginning, into the security space, moved into solutions engineer role and started supporting sales reps with, you know, content delivery networks along with web application firewall. So that was kind of my opening acts, so to speak, into the press and security space.

00:03:48
 Chris Whitaker: That's interesting. What I find really interesting, though, you said you kind of started out in the post sales. Do do you feel your experience as a post? Having that post sells experience? I should say: how does it help you become more of a press?

00:04:01
 Mike Sci: Resource, yeah, well, you know it's really the overall customer experience and it's great to make a sale. We all like to sell things, we like to get a check, but ultimately the customer needs to be satisfied with the product or the service that they're purchasing and being on the post sale side. You are an integral part of that and you are the customer experience after the sale. So you know, understanding those aspects and making it an exceptional experience for the customer really makes makes a difference and makes you change your mindset a little bit. When you're selling something to a customer because it's not about the one time sale, you really want to make them happy customer and make them, you know, excited about what they purchased and make them feel like they made a smart, educated decision and they made a right decision. So that's more important than the short-term sale is the long term relationship.

00:05:02
 Chris Whitaker: So you mentioned the know. It's all about the customer experience. Let's pivet a little bit and back up. Going back into even the partner experience. Maybe kind of bleeds over into the customer experience. But around the whole topic of siver security it seems like people are intimidated by it. I mean what. Why do you think that is?

00:05:22
 Mike Sci: Yeah, people are intimidated because I think a lot of it is the fear of the unknown. It's new, it's a new marketplace for a lot of our partners. They've not sold side security in the past or sold very little of it and they're heavily dependent upon. You know the subject-matter experts, and they're a little fearful to get their feet wet, so to speak. And you know, I think if they take the time and they educate themselves a little more about the subject, they will be more comfortable having those conversations we like to say here in entire security doesn't have to be a scary conversation and it definitely doesn't so you know, my advice to people that want to learn more about security and get more involved is, you know, look for security mentor, follow security experts online. You know your favorite security, personal twitter or integram, you know, and and I think it will start to make you more comfortable even getting a good book inside security. And you know people laugh about this. But there's a lot of books for dummies, siber security for dummies, for malware and stuff like that, and reading some of those. Just understanding the terms is important as well, just to make you more comfortable.

00:06:48
 Chris Whitaker: It reminds me now there's partners that are crushing it with all kind of cloud solutions and cast and cast and when. But there was a time, I mean if you be in this business, for you know more than 10 years, the time that those weren't.

00:07:02
 Mike Sci: Common.

00:07:03
 Chris Whitaker: Solution either didn't exist, or at least they weren't called that. They existed in some form under a different name but same story. There I mean they had to have their first big deal and they were probably, you know, had some anxiety or nervousness around it. But the reality is they educated themselves on it. All the things you said. I mean all of those sayings. You do the same thing. This is kind of washing, repeat kind of thing here. If you're not familiar. Security, all the different acronyms and terms, we're goin to talk about some here in a minute. Be proactive, you know, go ahead and lean in. This is an investment. You know it's hard to talk about something that you're just. You're clueless on, but the good news is at the same token, you don't have to be a total expert either, and that's where you are you.

00:07:51
 Mike Sci: And I'm not even an expert, but you learn as you go and the key is not to be intimidated, and I'll bring it back to my son again today. He went to job for school, he goes to Georgia College state university and he's intimidated about about some of the terms and not being technical enough. And I think a lot of people are. And and the message is: don't be intimidated, intimidated. You're not going to learn it overnight, you're going to start slow, you're going to digest it getting into any new industry. You're going to have to learn the terms and the acronyms and the buzzwords. And that's half the battle. But just don't be scared, go for it and start, because starting is the hardest part.

00:08:33
 Chris Whitaker: Speaking of starting cyber security discussions, in your experience and in your opinion, I mean how would you advise a partner? How would you start a security discussion?

00:08:46
 Mike Sci: Yeah, and that's that's a great question, and you know one that is really important, because we talk about not being intimidated. You got to, you got to break it down from a business perspective because even though you're having a sidebar security discussion, there are business requirements that the client is trying to meet and understanding those business requirements can help you come up with a solution. So I would say: start by asking questions to the person you're having a conversation with. You know what are, what are the challenges that they're having? What problems are they really looking to solve? Speak in a non intimidating way. You know, try to acronyms right, because there's a lot of acronyms out there talk about basic things. You know what are they doing today from cyber security hygiene perspective, like the basic level things. So asking questions and taking notes and starting to paint the picture for what type of infrastructure or environment that the client's operating in today and what challenges they're experiencing and taking those notes and starting to understand, let's just say, the symptoms kind of from a doctor perspective. What are the symptoms? You have to understand the symptoms before you come up with with a pragmatic solution.

00:10:13
 Chris Whitaker: What I love about what you said. It's so similar to the conversation and machine learning conversation. We really don't talk about technology. We try to avoid going into the jargon as well. It's always about. You know what is the outcome that the customers looking for, what problems are they struggling with? And when you get really good at this, I think you can even help in users and customers identify problems that they may not even realize what's a problem to begin with. I mean that's when you're really winning. Right. You mention acronyms. I mean there's a lot of them, obviously all our industries. Inside security. I mean there there's a handful that you've already mentioned. You know, I mean. What what do those mean? Are any of you had to say? Hey, here's a couple of crimes. You really need to know, or at least be familiar with. What would you say to some of the basic?

00:11:13
 Mike Sci: You know I started in the space or was in the managed security services provider space. You know, and MPS have evolved and they've evolved really into, because one of the gaps with MPS were that they would identify potential threats to customers infor structure, but they wouldn't necessarily respond and eliminate the threat. So that was the evolution of managed detection and response and I really like the acronym because it's well-suited for what we do. It's able to detect the threats and then, most importantly, respond to the threats. And that was one of the gaps with traditional MSP providers. So important to know. And you know, not all providers are created equal. We call it the big and the little the big is embedded real-time incident response, whether there's one incident or a 100 incidents, we're going to eliminate it and then notify the customer. The little means that ultimately it's up to the customer to respond to the threat. The provider or provider may send an alert, provide some guidance, but ultimately the customer needs to respond to the threat, and that's the little. The next acronym is, which stands for extended detection and response, and that's a newer acronym. And the way I think about that is that's really the brains behind is the ability to pull in all the raw telemetry makes sense of the telemetry. So it's kind of like a big data lake. So yo're going to take all your curated threat intelligence. You're going apply machine learning and ultimately you're going to take all that data and whittle it down to make it actionable. You know all the data that comes in. I call it a sum of data. It's tough to make sense of that data and how do you make it actionable? And that's where extended detection response comes into play. The other acronym? Well, another acronym is network detection and response, and that's doing full packet capture on the network. And then the other one is, which stands for point detection and response. And what all these have in common is its telemetry from the customer's infrastructure shore, pulling in all this different telemetry into the platform to make sense of it and to correlate it across the platform. So hopefully that wasn't more confusing.

00:14:03
 Chris Whitaker: Well, now it is very helpful and as you were talking I was like. I need to make sure I put the transcripts of this conversation in the show notes, because if you're driving or listening to this and you're not writing these down, you're probably going to forget em all. So I'll have to show notes for you as a transcript. So my body, Jason Stein, here, tells you know he has a slide where he shows all the different competitors in this security market. You know, so we needed a lot of em. So you know what device do you have for partners? You know what are some key questions to ask poor providers when you're trying to set the best solution for your customers. I mean for your business if you're listening as a business owner.

00:14:46
 Mike Sci: Yeah, there's there's some basic questions you can ask potential providers. One of them would be: what level of visibility do they have to your infrastructure and when? When I say that, I mean can they see network traffic at your corporate data corporate headquarters, at your data center? Can they see point telemetry from remote workers in the cloud servers on premise? Can they pull in cloud telemetry from workloads in the cloud of the big three azure? Are they able to see those workloads in the cloud where there's an instance elastic load balancer three bucket? Can they see telemetry from cass applications salesforce to any type of software of service? Can they see that telemetry? So understanding what level of visibility they have of your hybrid infer structures important? Another one would be: how do they detect threats? Is it simply signature based threats which are really known threats that exist already? Do they? Can they detect unusual behavior? Use your behavior analytics, disturbance in the force? Do they do proactive threat hunting on your network? So that's an important one. And another one is I talked about the little and big who's responsible for responding to the threat? Is the provider just going to provide some alert, some guidance recommendations? Is it ultimately up to the customer to respond and eliminate the threat or is the provider going to respond and eliminate the threat along the same lines of threat response? Is it limited? Is there a cap on how many times to respond within a given contract period, or is it unlimited response? They're going to investigate, forensic analysis, respond, whether there's one incident or a 100 incidents during the course of the contract. And I think finally, an important thing is is to coverage 24 7365. You know that's important to understand as well. Are they going to respond at three in the morning or someone on call?

00:17:19
 Chris Whitaker: Interesting, you know, as you were talking to, I was just thinkin. I remember years and years ago I can't remember how many, maybe 10. I was working the company. We were selling dedicated internet and we thought it was so cool that we were offering every customer a free subscription to as detection. We thought that was the security service. You know our product more likely so that now I mean we were talking about this pre-show little bit o what are the benefits to use in a security service versus, say just a.

00:17:54
 Mike Sci: Yeah, that's that's a good question. So you know a lot of companies have at least 10 to 15 security products in place today. It could be a firewall, is sand point technology some type of case, it could be a whole two factor of. It, could be a whole list of things, but ultimately need to keep these products up-to-date I call future proof. You need to keep them future proof, whether it's patch management, keeping up with the latest updates and any type of tuning or maintenance. That's that's all part of it. So you know there's a lot of work to keep products up-to-date let alone monitoring and responding 247, and that's some of the benefits of having a service. For example, our service uses best in breed technology in order to deliver the service and the service ultimately is to make sure you do not have a business impacting event, conducting business on the lowest cost channel, the internet. And that's what we do. We monitor 2473 and 65 and make sure there's not a business impacting event and at the same time we're going to keep our service. Future proved it's great to use best and breed products to deliver the service, but you have to keep it future proof. So we have a team. We have a threat response unit, that they're looking at the threats in the wild in the deep Dark web on twitter across across the world and as we find zero or potentially new threats, we're going to update our service to detect those threats. So we're going to do that as part of the service. So that way you purchase the service. It's one cost, its opes, its predictable. You know it's going to cost to procure the service on board and care free maintenance. It's one price and you don't have to worry about hiring people to keep it up-to-date to monitor 24 by seven. Everything is included.

00:20:05
 Chris Whitaker: The bad guys don't take a break either. Tho they they're they're 247, they're 24.

00:20:10
 Mike Sci: And you know they happen to know our schedules right. They they know when the weekend is, they know when Memorial day is a fourth of July and they understand when staff is superlite and they're very opportunistic and that's when they're going to strike.

00:20:25
 Chris Whitaker: You used the phrase in your earlier comment: zero day defined that for us.

00:20:31
 Mike Sci: Zero is a threat that has not been seen before, so that means there's no set signature to detect it. So when we're trying to detect threats we're doing full packet capture on the network. We're pulling an endpoint telemetry log data, cloud data and there's already signatures that are written that will detect those threats. But if it's zero you can't detect it. So it's important to have a three hunting team as part of the service to look for anomalous, unusual activity or, as I like to call it, a disturbance in the forest where they can go in and actually investigate it.

00:21:10
 Chris Whitaker: So i'm sorry, go ahead.

00:21:14
 Mike Sci: Once they understand the new threat and they do a forensic analysis on it, they detonate it in the sand box. They understand what makes it tick. They're going to take that information and they're going to be able to understand. Hey, this is a new threat. It's not been seen before and then they're going to publish it out to our entire customer base. So now we can detect it across our customer base from a signature perspective which is much easier to detect and respond to.

00:21:41
 Chris Whitaker: Fantastic, so bringing a kind of full circle back to the wireless way.

00:21:47
 Mike Sci: Tell me the bit more about how.

00:21:49
 Chris Whitaker: It protects companies with wireless and environments.

00:21:55
 Mike Sci: Yeah, you know, things are changing a lot and there's a lot of customers who have. You know wireless networks and the internet of things and you know a lot of times those are the ones that are least protected, specifically it environments. There. There's there's a story you may have heard of about a fish tank in Los Vegas in a casino. It was a smart fish tank and the advisers were able to get into the hot fish tank device because that was the path of least resistance resistance and that's how they got into the network. Another example is, you know, at your house you have a nest or smart thermostat a lot of times default passwords. You're not updating it. It's the easiest way for the adversary to get in. So on our end we try to protect against those easy access points from leveraging our network service. So we do full packet capture on the network. Good example will be: we have some hospitals that we protect and we deploy a network device. It spans the firewall, hooks into the internal and external or switch and it does full packet capture on the network. So any packet coming and going from that choke point from the network. We we have visibility to that. So at a hospital you have these iot devices, you have these medical devices, you have wireless networks. Typically the wireless networks in the devices are going to back hall over that physical pipe, that 13 going out to the internet. So we are at an advantage because our network device sees every packet, every coming and going from the network. So we can spot that unusual activity, whether its command and control activity payload trying to be downloaded. We can see that regardless of what device is connected, because it has to go out through that chokehold ingress egress point.

00:24:05
 Chris Whitaker: That's interesting. How many conversations would you say if you had a ballpark? Guess the dozens or hundreds or more? How many conversations would you think you've had with either partners or in users around these topics?

00:24:21
 Mike Sci: Specifically in wireless.

00:24:24
 Chris Whitaker: Just some security in general.

00:24:27
 Mike Sci: I mean all the time.

00:24:29
 Chris Whitaker: I mean, would you say more than a 100?

00:24:32
 Mike Sci: More than a 100.

00:24:33
 Chris Whitaker: That's all right. Thinking about those last 100. We didn't i'm Spring in the Son, we didn't talk about this one, but I'm sure you all have a good answer on it, though, what is the most common reason a company has for not having an adequate security posture? You know what kind of I don't know-it-all he excuses, or what. What do you hear from these calls?

00:24:59
 Mike Sci: I think one of the more common ones is, you know they don't have the resources, they have trouble finding qualified resources and the resources are are very expensive and you know if they're trying to do ever security on their own, it's very cost prohibitive and you start adding it up like hey, I need you know someone who can manage a firewall or manage sim. Well, those are two people, two separate sets of expert teeth. Right then they have to have 24 by seven. Is Bob going to take a pager home at night and wake up at three in the morning when something unusual fires off? So I think it's resource constraints is the number one challenge and its cost prohibitive. And what we try to evangelize to potential partners as well as customers is that we can solve a lot of these problems by having a service and it's a predictable price. It's a lot more portable than doing it on your own and you can sleep at night and you can focus on your core competency of your business and let our service protect you from doing business on the lowest cost channel, the internet.

00:26:15
 Chris Whitaker: So thinking about those same conversations, I mean you've been doing this. You said for a long time. Are there any trends? You know that you see, say now in the last year, compared to maybe years past men. Wha kind of trends are you noticing?

00:26:31
 Mike Sci: I mean II really think is a hot topic because, like I said, it's it's become very expensive and the market is super crowded with point solutions. There are hundreds of point solutions to buy. They're very expensive. There's a lot involved to keep them future proof. Like I mentioned, the care feeding, the maintenance, finding the expertise and we're finding. People kind of put their hands up in the air, saying hey, it's it's overload, it's too much of a burden for my business. It's cutting into the bottom line. So we've seen a lot more of providers step up to fill the void of the ability to monitor and respond. 27. Now the challenge for the customer is: you know who is, who are the pretenders and who are the contenders? Right and understanding who is who is important. So hopefully some of the things I spoke about today will help you sort out. You know facts from fiction and understand who's the proper solution for your your requirements.

00:27:41
 Chris Whitaker: It kind of reminds me of the bakers and the makers who's making it happen and who's facing it. So as we wrap-up here, you know last words, anything we didn't hit on, that you would like to go over or anything and thought you on leave us with.

00:27:57
 Mike Sci: I mean, I think it's important for customers really to do the research and understand who are the competitors out there. How are they different and, most importantly, understanding what are their personal needs? What are they trying to for? I think always the first step is, you know, going over what is, what are the basic things they're doing today from Sir Security Hygene perspective? And what are some things they can do to understand their overall risk? Because ultimately, cyber securities about about risk and you want to reduce risk. So how can they reduce risk? You can't totally eliminate risk, but you can reduce it and being an educated consumer.

00:28:50
 Chris Whitaker: Good words to end on Mike. Thanks so much for your time today. I'm glad we're able to get this scheduled. I know we. We met at Telarus event. We got to talking about it and I love it. When it goes from an idea, we can check the box done. Thank you, my friend, for all time.

00:29:06
 Mike Sci: Absolutely, Chris. Well, thanks for him, Mona really enjoyed it and we will talk soon.

00:29:11
 Chris Whitaker: Yes, if you're listening and you're like ok, we've talked about a lot. We heard a lot of acronyms. Check the show notes. I'll have more about Mike, about centre there, as well as the transcripts of the conversation. And if you're wondering, how can I identify the pretenders from the contenders? Are the faces from the makers again, Mike. That's what he does for a living. Contact him. Contact is as entire and of course are Jason Stein at Telarus and we have a team of engineers who would love to help you with that conversation as well as always. Thank you for checking out this episode and we'll see you next time on the wireless.