What's Up with Tech?

How AI-Driven Resilience Fixes Firewall Misconfigurations and Closes Security Gaps

Evan Kirstel

Share episode

Interested in being a guest? Email us at admin@evankirstel.com

A single unchecked setting can hand your network to an attacker—and it happens more often than most teams admit. We sit down with Adam BennettCo-Founder and CEO from SureStack to unpack how “resilient intelligence” marries standards, deep practitioner experience, and AI to find misconfigurations fast and guide clear, step-by-step fixes. From the jaw-dropping story of a default admin credential on a major firewall to the subtle ways “any/any” rules and exposed management interfaces creep into production, we break down why configuration management is the real frontline of cybersecurity.

We explore how attackers are already using AI to write convincing phishing, accelerate recon, and even generate malware, and why defenders need to out-automate that momentum. Adam walks through StackChat, an AI cyber assistant that reads your actual configs, cross-references vendor documentation, and explains exactly how to remediate issues—so even a new hire can harden devices with confidence. The point isn’t buying more tools; it’s extracting the protection you’re already paying for and verifying it daily. One enterprise case hinged on two disabled endpoint features—turn them on, stop the breach.

If you manage a sprawling stack across an enterprise, MSP, or MSSP, you’ll hear how continuous assurance, prioritized quick wins, and attack-surface minimization reduce risk at scale. We look ahead to partner expansion, government adoption, and the push toward self-healing guardrails that keep environments secure even as they change. Security isn’t a snapshot; it’s a system that learns, explains, and acts.

If this conversation sparks ideas, share it with your team, subscribe for more deep dives, and leave a review to help others find the show. Got a configuration horror story or a quick win to share? Drop us a note—we might feature it next.

Support the show

More at https://linktr.ee/EvanKirstel

SPEAKER_01:

Hey everybody, fascinating discussion today as we talk about uh one of the biggest challenges in cybersecurity configuration management with an innovator in this space at ShureStack. Adam, how are you? Great. Thank you. How are you doing, Evan? I'm doing great. Thanks for joining. Uh, really intrigued by what you guys are up to. Uh, maybe talk about your bio background and what led you to the mission at ShureStack.

SPEAKER_00:

Sure. So I've been in uh cybersecurity has been my my career and my passion um for over 20 years. And uh I've done pretty much every job you can do from uh in cyber, from you know, uh doing vulnerability assessments, pen tests to security engineering architecture, um, even you know, responding to incidents, um, and even uh a CISO. Um, and so um, you know, I I've seen a lot of products come and go. I've seen you know a lot of hype in the market, uh, a lot of uh fear, uncertainty, and doubt as well. Um, and so what led me to this was um, you know, the desire to be able to create something that um could scale and could have a real impact on the problem, right? So there's this defender's dilemma. We never have enough, you know, uh people like myself. Uh it's always easier to get in than it is to keep people out. Um, and so a few years ago, um we we've had AI, you know, for a while. Uh I studied it even in college. Um, but what's different, you know, is uh obviously scaling up uh on the hardware side and the large language models and and just a lot of a lot of new opportunity there. And so a few years ago, um I had this idea uh to create Sure Stack to really, really ultimately try to um through uh through AI and automation and combining that with our our experience in in cybersecurity um to create something that could you know sort of rebalance the scale a little bit.

SPEAKER_01:

Fantastic. Well, important mission. And um maybe start with an anecdote, a real world story of how a small misconfiguration can lead to a big security risk.

SPEAKER_00:

Yeah, so I'll give you I'll give you one um that we that we saw uh recently. Um there was a there was a penetration test that was done uh in a in an environment customer of ours, and and this this customer has um you know their firewalls are being managed, their network devices are being managed by a managed security service provider. Um however there was a well-known firewall brand device that um was found to have a default admin SSH that wasn't, it was never changed. So as you know, it's it's game over. The attacker now has full control of this device, which means, you know, especially with the capabilities of these systems today, you know, they got full packet capture, you know, on the network. They can do all kinds of stuff. So it's it's definitely not a piece of gear you want compromised. So and that and and again, this is being managed by a group that's that's their job, right? So they should have playbooks, they should have all these things. So it we solved for that. So, you know, we're gonna find if there's a amongst a whole bunch of other things, we're gonna find if there's a default uh username password there that that could be owned. Um, so that's just one of got many others.

SPEAKER_01:

Great story. And it's uh source stack.ai, and clearly your your product uses AI. Um, how does it kind of change the game compared to traditional tools and approaches you've seen over your 20 years?

SPEAKER_00:

Yeah, so you know, again, what what we're doing, we have the concept, our our our patent, which is pending using these things sit around, uh, is based on a concept called resilient intelligence. So what the heck is that? Well, what it's basically we are combining our uh years of of expertise with standards and best practices and with the power of AI. So um, for example, you know, let's say uh we find um a finding on a firewall, you know, maybe they've got um a rule that's too wide open. You can you can you know you can hit it, hit their firewall management interface from anywhere or go traverse the firewall. Uh it's it's like a you know too porous. Um so um we'll have these like quick wins, and the the AI kind of generates that, and then you can pivot right to something called Stack Chat, which is our AI uh cyber assistant. And you and you can literally just click on that and it'll tell you step by step in terms that even like a junior person could understand exactly how to fix that vulnerability. And that will, and we try to we do this quick wins thing because we we want to focus the the network defenders' attention on where they can increase their score, a little bit gamification there, and reduce their risk uh the quickest. And again, the this so the AI piece there is giving you you know detailed uh remediation steps uh that make it really easy to follow. Also, you know, um StackChat, which is the AI assistant we have there, um, you know, you can you can ask it all kinds of questions about your environment. You know, maybe a maybe a new person comes on board and hey, what's our password policy? Or you know, how or or maybe troubleshooting, maybe they try to push policy. I've actually done this myself. I try to push policy to a firewall, and I'm getting this error, and I'm like, you know, I'm maybe I'm not seeing in the documentation or I do a quick Google search, I don't see it. You can literally ask StackChat and it knows because it has your can your exact configuration, it'll be able to tell you um, because it's got all the vendor documentation and all that stuff. Um, it'll be able to tell you how to fix that. And I was able to troubleshoot that much faster that way.

SPEAKER_01:

Fantastic. So um you you mentioned default username passwords. That's the clear blind spot. What are what are some other security blind spots we see companies overlooking, you know, again and again?

SPEAKER_00:

Yeah, so um definitely um on firewalls having um you know rules that are too lax, like maybe you know, any service or any IP uh or misconfiguring their management interface so that they could, you know, someone they're not restricting who can access the firewall. Well, uh at least from a management interface. Now, so there have been a lot of vulnerabilities in security products over the you know, over the years, especially over the last, I'd say, five to ten years. They were never immune, but you know, um, there's been a lot of them. And so a firewall, for example, if let's say you have a vulnerability in your firmware. Well, if you don't have the attack surface exposed, if you don't have that management interface exposed, um there's no opportunity for the exploit. Well, so but the problem is this happens over and over again. There were thousands of, you know, I'm not gonna pick on any particular brand, but there's a some very well-known um firewall brands which we integrate with, so you can narrow it down, that which were owned because of misconfigurations. And this, and I know for a fact this is an impacted, it's not just small businesses and managed service providers, it's even enterprises. I know some large enterprises that had firewalls get compromised as a result of this. And so, you know, you may have a perfect configuration today, but there's a concept of you know, human error and and the concept of entropy. And it's just these, you know, security products and technology in general, there's there's so many options and config I call them knobs and twists, so many configuration options. Well, on the one hand, that's power, right? Because the product company is giving you the user of their product, they're giving you the power um to configure something. The problem is, you know, uh people don't really necessarily understand the complexity there. It's a it's a it's a balance, and so we can help with that. Um, and again, we do it today, and then we do it every day. So it's a continuous thing, and the machine does it, right? It's automated.

SPEAKER_01:

Amazing. So we're also, of course, seeing attackers using AI too. I get phishing emails and texts that look really good. They're really well written. The graphics, the images are spot on, which is really uh scary. Uh, but what new risks do you see emerging from AI?

SPEAKER_00:

Yeah, and it and you and I'm really glad that you brought that up, Evan, because AI is a double-edged sword in the security space, right? So, and I would say if you ask me who's winning, I you know, we're we're not winning right now overall. It's the other side. Because um, again, it's they're taking it already easier to get in. And now, you know, just like regular everyday people, they're you know, the the threat actors are using this technology to uh automate and to make their job easier and faster and more scalable. Um, and I don't know if you read the art read about this, but there was um there was this an attack this year where the attacker used a well-known um AI platform to do, I want to say like 90 some percent of their actual you know uh work. I mean, it even like generated malware. Now, obviously the guardrails, you know, that's a huge issue. It's a cat and mouse game, but that's profound to me that they were able to go that far and you know to be undiscovered for I don't know, a few months. But um, but yeah, it's definitely um easier to to do the work. Uh, but again, on the other side of things, with products like like Sure Stack, you know, we're trying to use the technology for good. Um, and so I think um the market is is pretty large for AI and cyber and just in general, and it's only gonna continue to grow um for a couple of reasons. Again, like I mentioned, there's there'll never be enough people. You know, if you ask me, is it gonna put security security professionals out of work? I I don't think so. I think maybe if you're a tier one SOC analyst, you need to skill up and do some other things. But um no, I think it's going to uh that's what that's what get me gets me excited. You know, it's good it's going to be able to be used for good. And it'll always be a cat and mouse game. Um and that's what motivates me, you know, every day.

SPEAKER_01:

Oh, great mission. Um so as you know, some large banks or enterprises will have dozens and dozens. I've seen one bank with 80 different tools, yeah, uh uh applications, uh, et cetera. When they say, well, we're already secure, I mean, how would you challenge that? That's true.

SPEAKER_00:

Yeah, and I think that you know, uh uh our product actually, you know, is designed. You know, if you we're not trying to sell you more security tools, we're trying to make what you have already, you know, we're trying to optimize that, right? So we will make sure, number one, that you don't have misconfigurations and vulnerabilities in the ironically, in the tools that are supposed to protect you. We'll make sure that you're getting the best return on investment that you can from those tools. I'll give you another quick example. Uh, a few years ago, I was working on an incident, and uh at when we got to the end of it, we we we did the forensics, the analysis, we did all this stuff. This organization had a pretty advanced endpoint product. What we found was there were two settings in that product that were not enabled that had they been enabled would have stopped that attack cold. So that's an example of okay, if you look at it, um, you know, is that really a vulnerability? Well, yeah, because they're not taking advantage of something that they're already paying for. So for those banks and those organizations that are, you know, say they're good, well, they're not. And I would say the more tools they have, the exponentially the more chances are that they're not getting the ROI out of them. And and like those enterprises I mentioned earlier uh that were affected by this firewall, the chances that there's human error and there's a problem there. So I actually think um, you know, our product really can help with that. Um because um, you know, and again, here's the other thing. Let's say, let's say they're they're right. Today they're good. Okay. Hey, good job. Today you're good. Tomorrow you're not. You don't have so it's change, right? So, you know, and so uh you need these, you need a system like uh like SureStack um to test that continuously because these environments don't environments don't stay static and the threats don't either.

SPEAKER_01:

Oh, such a great point. So looking a couple years out, what's your vision of success? What are you excited about over the next year or two as you continue to grow and scale up?

SPEAKER_00:

So we're um we're working with the managed service providers and some managed security service providers right now. Uh I want to massively grow uh the number of partners that we have there because we can help them do their job better, right? Especially I I'd say MSSPs and MSPs, both of them. You know, MSPs have a different challenge than MSSPs because MSSPs are their security focused. That's where they're really trying to hone in on that. MSPs generally are more technology focused. They're trying to get into more net space. But um, but in any case, they're managing hundreds and sometimes thousands of devices and and tools and a huge security stack. And so they have a lot of risk, right? Because it's not just you know their own stuff, it's their customers' stuff. And so um we found um for one partner, um uh, you know, a case where, excuse me, they they had uh an outdated like end-of-life, you know, firewall that was out there, a couple of them. And you know, at first when you say that, you're like, oh gosh, how could they let that happen? Well, they're managing hundreds of devices and things. So, you know, that's another thing. So I think, so what does it look like? It's getting to be able to help a lot more of those organizations to do their job better, and also uh large enterprises and government. You know, my partner, my co-founder Austin and Hoax Dedler and I, we have a lot of government background. Um, the mission is great, um, and we have a lot of understanding there. They uh they have these challenges too. Large enterprises have these challenges. So it's really just expanding the impact that we can um, you know, that we can help these folks to re rebalance the scale um through automation and and and AI in our platform. Um, there's some other exciting, you know, like roadmap things that we're we're excited about that um, you know, I think we'll will really um in sort of some automation and um self-healing type capabilities that are really really cool.

SPEAKER_01:

Can't wait to see it. So you're in northern Virginia, kind of ground zero for a lot of what's happening on the security side, policy side. Uh um where can people meet you, see you? Uh, what are you looking forward to? Any meetups, get togethers otherwise. The next one.

SPEAKER_00:

Yeah, there's a there's a few um entrepreneur meetups in DC. We're gonna go to there's uh, I think November 19th, there's a show. Uh I think Orange Slices AI. We were we did another, they had a lot of government folks there as well as industry. Um we did a show in I think May or June in Maryland. We're doing another one at the Guinness Brewery in Maryland. So any excuse to have a pint to talk cyber, you know, it's good. Sounds good. Sorry, good.

SPEAKER_01:

No, I say I really appreciate what you guys have done and are doing. And uh years to uh more success. Appreciate it.

SPEAKER_00:

Thank you.

SPEAKER_01:

And thanks for thanks for joining. And thanks everyone for listening, watching. Also, check out the new TV show on Fox Business and Bloomberg Tech Impact.tv. Thanks, Adam. Thank you. Thanks, everyone. Take care.