Welcome to the Episode 346, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”
This week, James Fair of Executech (http://executech.com/cast) joins us to discuss how they approach cybersecurity as an MSP and we teach James about what NetApp has to offer in that arena.
For more information:
- Behind the Scenes Episode 327 – The NetApp Ransomware Protection Approach
- Behind the Scenes Episode 340 – NetApp Spot Security
- Behind the Scenes Episode 331 – NetApp ONTAP 9.11.1 Security Overview
- Behind the Scenes Episode 324 – Cleondris SnapGuard and NetApp ONTAP for Ransomware Protection
- Behind the Scenes: Episode 220 – ProLion, NetApp and Ransomware Solutions
Tech ONTAP Community
We also now have a presence on the NetApp Communities page. You can subscribe there to get emails when we have new episodes.
Finding the Podcast
You can find this week’s episode here:
I’ve also resurrected the YouTube playlist. You can find this week’s episode here:
You can also find the Tech ONTAP Podcast on:
I also recently got asked how to leverage RSS for the podcast. You can do that here:
http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss
Transcription
The following transcript was generated using Adobe Premiere’s speech to text service and then further edited. As it is AI generated, YMMV.
Episode 346: How Executech Approaches Cybersecurity with James Fair – Transcript
1
00:00:00,533 –> 00:00:03,903
This week on the Tech ONTAP Podcast, James
Fair from Executech comes and joins us
2
00:00:03,903 –> 00:00:06,806
to talk to us all about cyber
security managed services.
3
00:00:08,208 –> 00:00:18,318
[Podcast
4
00:00:18,318 –> 00:00:28,428
intro]
5
00:00:32,565 –> 00:00:35,235
Hello
and welcome to the Tech ONTAP Podcast.
6
00:00:35,235 –> 00:00:36,736
My name is Justin Parisi.
7
00:00:36,736 –> 00:00:38,004
I’m here in the basement of my house
8
00:00:38,004 –> 00:00:41,408
and with me today on the phone
we have James Fair from Executech.
9
00:00:41,408 –> 00:00:45,145
James, what do you do at Executech,
and how do we reach you?
10
00:00:46,079 –> 00:00:48,381
Hey, Justin, I appreciate the invite.
11
00:00:48,381 –> 00:00:49,382
Happy to be here.
12
00:00:49,382 –> 00:00:52,552
So I am a senior vice
president at Executech,
13
00:00:52,552 –> 00:00:54,621
which means basically “everything’s
my fault.”
14
00:00:54,687 –> 00:00:58,691
I take care of the Utah region primarily,
which is where we’re out of.
15
00:00:59,092 –> 00:01:02,328
And I also have a hand
in the internal doings
16
00:01:02,328 –> 00:01:05,732
in cybersecurity at our environment,
just to make sure everyone stays safe
17
00:01:05,732 –> 00:01:06,299
and secure.
18
00:01:06,299 –> 00:01:10,270
You can reach us at executech.com/cast.
19
00:01:10,270 –> 00:01:11,871
(C-A-S-T).
20
00:01:11,871 –> 00:01:14,340
We set up a website
just for podcasts like this.
21
00:01:14,340 –> 00:01:15,442
All right, excellent.
22
00:01:15,442 –> 00:01:18,978
So I would imagine that as senior vice
president, where everything is your fault,
23
00:01:19,012 –> 00:01:20,747
you also get credit for everything, right?
24
00:01:22,482 –> 00:01:23,583
I try not to really.
25
00:01:23,583 –> 00:01:26,986
It’s a leadership belief of mine
that I should give credit to everyone
26
00:01:26,986 –> 00:01:30,323
who was involved in it and not myself
and just take all the blame instead.
27
00:01:30,490 –> 00:01:31,658
That’s actually pretty good…
28
00:01:31,658 –> 00:01:35,495
Make sure that like the people
that you know are doing the actual upfront
29
00:01:35,495 –> 00:01:36,629
work are getting the credit.
30
00:01:36,629 –> 00:01:38,698
And then if something goes wrong, then
hey, sorry, guys.
31
00:01:38,698 –> 00:01:40,800
My bad. Right? Yeah. Yeah.
I should have done.
32
00:01:40,800 –> 00:01:42,902
I should’ve educated you better,
I should communicate it differently.
33
00:01:42,902 –> 00:01:43,236
Right.
34
00:01:43,236 –> 00:01:45,905
So, yeah,
I believe that’s the way to lead people.
35
00:01:46,673 –> 00:01:50,343
So, you know, with that
mentality in place, does Executech
36
00:01:50,610 –> 00:01:51,778
do something similar?
37
00:01:51,778 –> 00:01:55,515
Does it try to take on the blame
when something goes wrong
38
00:01:55,515 –> 00:01:58,585
and, you know, give the credit out
to their customers and their end users?
39
00:01:58,718 –> 00:02:00,253
How does Executech do business?
40
00:02:01,221 –> 00:02:01,588
Yeah.
41
00:02:01,588 –> 00:02:03,723
So just to give you the spiel, right.
42
00:02:03,723 –> 00:02:06,092
We are an award-winning IT Services
provider.
43
00:02:06,092 –> 00:02:07,794
We do IT support, cybersecurity,
44
00:02:07,794 –> 00:02:12,031
and cloud services and we’re really
about people-first environments.
45
00:02:12,332 –> 00:02:16,169
So we’ve got a team of IT people who are,
you know, hopefully down-to-earth people,
46
00:02:16,169 –> 00:02:19,405
friendly, personable, that kind of thing,
and they’re really focused
47
00:02:19,405 –> 00:02:20,473
on the company’s success.
48
00:02:20,473 –> 00:02:23,810
So we become part of the company’s team.
49
00:02:24,110 –> 00:02:27,013
So rather than, hey, it’s us
and we’re separate, we,
50
00:02:27,013 –> 00:02:27,347
you know,
51
00:02:27,347 –> 00:02:30,583
we want to use pronouns like “we”
and “our backups are having challenges”
52
00:02:30,583 –> 00:02:30,984
or whatever.
53
00:02:30,984 –> 00:02:32,952
So we want to be just a member
of the team.
54
00:02:32,952 –> 00:02:33,553
In fact,
55
00:02:33,553 –> 00:02:36,456
when I took care of a construction company
down here in Salt Lake,
56
00:02:36,723 –> 00:02:38,858
they added me to their company directory,
right.
57
00:02:38,858 –> 00:02:42,795
For IT support, you call James
and we get invited to Christmas parties
58
00:02:42,795 –> 00:02:43,396
and things like that.
59
00:02:43,396 –> 00:02:46,966
So we really become
part of the organization’s team as well.
60
00:02:46,966 –> 00:02:48,301
So they feel like we’re one with that.
61
00:02:48,301 –> 00:02:52,438
So we want to come to the table
without that attitude of “IT is superior
62
00:02:52,438 –> 00:02:56,409
and without us you can’t exist.” Brother,
we know that business is the reason
63
00:02:56,409 –> 00:02:57,243
why we’re there.
64
00:02:57,243 –> 00:03:01,047
What sort of managed services
does Executech offer for IT organizations?
65
00:03:01,181 –> 00:03:04,050
Is it, you know, strictly cyber security?
66
00:03:04,050 –> 00:03:06,019
Is it also like storage management?
67
00:03:06,019 –> 00:03:07,887
Is it networking
or is it all of the above?
68
00:03:07,887 –> 00:03:09,556
Yeah, it’s really all of the above.
69
00:03:09,556 –> 00:03:11,357
We want to take care of all the IT needs.
70
00:03:11,357 –> 00:03:13,793
We kind of consider ourselves
an IT outsource department.
71
00:03:13,793 –> 00:03:16,262
So typically we’re in the small
and medium business space.
72
00:03:16,262 –> 00:03:17,597
That’s really our niche market.
73
00:03:17,597 –> 00:03:21,367
Folks that know they need IT support
but don’t want to hire a full-time person,
74
00:03:21,367 –> 00:03:24,504
or they know that there’s a challenge
when you hire a full time person,
75
00:03:24,771 –> 00:03:27,073
because they have only the knowledge
of that one person.
76
00:03:27,507 –> 00:03:31,844
We’ve got some 250 techs across the West,
so we’ve got a really broad
77
00:03:31,844 –> 00:03:35,882
depth of knowledge
and experience that we can call on.
78
00:03:35,882 –> 00:03:38,651
Even if that particular representative
of your organization
79
00:03:38,851 –> 00:03:41,688
may not know the answer,
he’s got a whole team behind him that can.
80
00:03:42,155 –> 00:03:43,423
So that’s really
what we bring to the table.
81
00:03:43,423 –> 00:03:46,392
And yeah, we do all,
you know, cloud services.
82
00:03:46,392 –> 00:03:48,161
That’s a big part of what we do
these days.
83
00:03:48,161 –> 00:03:49,128
Cybersecurity.
84
00:03:49,128 –> 00:03:53,800
We’ve got a cybersecurity team internally
now that takes care of Executech clients
85
00:03:53,800 –> 00:03:54,200
as well.
86
00:03:54,200 –> 00:03:57,270
So we’re doing a lot of cybersecurity
offerings, but our bread and butter
87
00:03:57,270 –> 00:04:00,273
where we came from
was providing all services.
88
00:04:00,273 –> 00:04:00,840
And yeah, it’s
89
00:04:00,840 –> 00:04:04,911
networking, it’s servers, it’s
whatever folks need in the IT Department.
90
00:04:04,911 –> 00:04:07,113
I’ve crawled underneath desks,
plugging in cables before.
91
00:04:07,113 –> 00:04:07,680
We do it all.
92
00:04:07,680 –> 00:04:08,982
So you mentioned cloud services.
93
00:04:08,982 –> 00:04:12,051
And that’s interesting
because the way cloud is designed
94
00:04:12,051 –> 00:04:16,456
is to kind of allow people to provision
their own storage, their own compute.
95
00:04:16,956 –> 00:04:21,628
So when Executech does cloud services,
how do they convince people that,
96
00:04:21,628 –> 00:04:24,063
hey, that’s not the best approach,
let us manage that for you?
97
00:04:24,063 –> 00:04:26,366
Like,
how do you sell people on that, right?
98
00:04:27,100 –> 00:04:30,703
Yeah, I would say for larger
organizations, we’re probably doing
99
00:04:30,703 –> 00:04:34,874
primarily migrations, ongoing support
for things when it gets challenging.
100
00:04:35,141 –> 00:04:36,576
But for the small to medium business
101
00:04:36,576 –> 00:04:39,312
space – like those are typically folks
who are wearing multiple hats.
102
00:04:39,512 –> 00:04:42,482
You know, it’s
probably dropped on some financial guy,
103
00:04:42,482 –> 00:04:45,818
the CFO does not want to try to figure out
how to spin up a server
104
00:04:45,818 –> 00:04:48,454
and that kind of thing.
So in those cases we’re a perfect fit.
105
00:04:48,454 –> 00:04:51,157
We want to come in and manage that aspect,
take it off their plate
106
00:04:51,157 –> 00:04:52,458
so that they don’t have to worry about it
107
00:04:52,458 –> 00:04:55,695
and it’s run by people who are familiar
with it, who do this day in, day out.
108
00:04:55,895 –> 00:04:57,363
A lot of migrations these days. Right.
109
00:04:57,363 –> 00:05:00,967
We’re going to everyone not everyone, but
a lot of organizations are moving from a
110
00:05:00,967 –> 00:05:03,770
– I don’t want to say retro, but,
you know, a server room
111
00:05:04,103 –> 00:05:06,673
to a cloud-based environment
for all the reasons that you cited.
112
00:05:06,739 –> 00:05:08,541
That’s an important point there.
113
00:05:08,541 –> 00:05:12,912
You know, the migration piece of that is
going to be a challenge in and of itself.
114
00:05:12,912 –> 00:05:14,814
So what does Executech
115
00:05:14,814 –> 00:05:19,419
do to help those customers
go from data centers to cloud, like – and
116
00:05:19,519 –> 00:05:22,355
I know you’re doing migration services,
but can you kind of give me the,
117
00:05:22,889 –> 00:05:27,360
I guess the step-by-step process
that Executech follows to try to do that?
118
00:05:27,627 –> 00:05:29,262
Yeah, that’s a really great question.
119
00:05:29,262 –> 00:05:30,930
So one of the things we do
is want to come in
120
00:05:30,930 –> 00:05:33,533
and we want to make sure that organization
has an understanding
121
00:05:33,533 –> 00:05:34,901
of what
they’re getting themselves into. Right.
122
00:05:34,901 –> 00:05:36,402
It is a different beast.
123
00:05:36,402 –> 00:05:39,439
SharePoint is not the same
as your traditional mapped drives
124
00:05:40,073 –> 00:05:41,374
in an environment.
125
00:05:41,374 –> 00:05:44,043
So we want to make sure that before
126
00:05:44,043 –> 00:05:47,280
they jump in feet first, they know what
they’re getting themselves into.
127
00:05:48,047 –> 00:05:48,915
We’ll demonstrate it.
128
00:05:48,915 –> 00:05:51,784
We’ll show it, we’ll talk about,
you know, how things will look differently
129
00:05:51,784 –> 00:05:55,221
in the future, what the impact will be,
what the benefits are, of course.
130
00:05:55,655 –> 00:05:56,522
But that’s the first step.
131
00:05:56,522 –> 00:05:58,291
Want to make sure
people really get an understanding
132
00:05:58,291 –> 00:06:00,560
of what they’re getting themselves into
before they commit to this.
133
00:06:00,927 –> 00:06:03,529
It’s kind of hard to, you know, to go back
once you’ve done that,
134
00:06:03,663 –> 00:06:06,532
then we’ll pick a time
where we’ll work at the organization,
135
00:06:06,599 –> 00:06:10,570
pick a time – a weekend, typically
when we’ll make the full migration over
136
00:06:10,803 –> 00:06:13,206
and then we’ll bring in a team of folks
on Monday morning
137
00:06:13,539 –> 00:06:15,608
to make sure everyone’s got support.
138
00:06:15,608 –> 00:06:17,510
You know, working through the challenges,
139
00:06:17,510 –> 00:06:19,011
the changes that go with
that are involved.
140
00:06:19,011 –> 00:06:22,415
So we’re going to train the users,
show them how to use the new environment.
141
00:06:22,782 –> 00:06:24,317
Then kind of stick with them
through the process
142
00:06:24,317 –> 00:06:27,086
to make sure they’re good to go
before we kind of release them and say,
143
00:06:27,086 –> 00:06:28,788
all right,
you know, call us when you need us.
144
00:06:29,822 –> 00:06:30,456
Or in the case
145
00:06:30,456 –> 00:06:34,427
we’re doing on ongoing IT support
and we’ll do a cloud agreement with them.
146
00:06:34,427 –> 00:06:35,762
But they can use a certain number of hours
147
00:06:35,762 –> 00:06:38,464
per month to call the cloud team
and have them work with them on any
148
00:06:38,998 –> 00:06:42,268
future challenges, issues, adjustments
they want to make.
149
00:06:42,402 –> 00:06:45,405
So an important part of the cloud
is going to be how you secure things.
150
00:06:45,405 –> 00:06:49,509
And I would imagine that Executech
has a way to approach that as well.
151
00:06:49,509 –> 00:06:52,745
So what sort of things does
Executech offer in the realm
152
00:06:52,745 –> 00:06:55,748
of cybersecurity
and securing your cloud environments?
153
00:06:56,048 –> 00:06:59,819
That is definitely a facet that’s you know
– a big upcoming one for all of us.
154
00:06:59,819 –> 00:07:02,522
It’s really
a growing part of our business.
155
00:07:02,522 –> 00:07:07,293
So we offer what we call our threat
detection prevention or our TDP package,
156
00:07:07,760 –> 00:07:11,931
which is really built around the idea
that a lot of organizations
157
00:07:11,931 –> 00:07:14,767
want to be more secure,
aren’t sure how to get there,
158
00:07:14,767 –> 00:07:17,103
and they look at it,
it feels overwhelming.
159
00:07:17,103 –> 00:07:22,542
So we’re going to bring in a combination
of services and software and support.
160
00:07:22,542 –> 00:07:24,877
We’re going to layer on some firewall
and endpoint protection
161
00:07:24,877 –> 00:07:25,978
and these kind of things.
162
00:07:25,978 –> 00:07:29,382
So it’s not necessarily
completing the compliance,
163
00:07:29,549 –> 00:07:33,052
but it’s getting folks a lot further along
that path than they typically would be.
164
00:07:33,286 –> 00:07:35,388
I’ve got the story of where
165
00:07:35,388 –> 00:07:38,691
if there are two identical cars,
one has a car alarm and one does not.
166
00:07:39,058 –> 00:07:41,461
The thieves are probably going after one
without the car alarm.
167
00:07:41,461 –> 00:07:42,662
So we want to make sure that
168
00:07:42,662 –> 00:07:46,666
the organizations we work
with have, in effect, a car alarm setup.
169
00:07:46,666 –> 00:07:48,801
As far as the cloud security goes.
170
00:07:48,801 –> 00:07:49,836
Yeah, we’re going to set it up.
171
00:07:49,836 –> 00:07:52,371
We’ve got a bunch of scripts
we run to make sure it’s secure.
172
00:07:52,672 –> 00:07:54,540
We’re going to monitor it
ongoing to make sure
173
00:07:54,540 –> 00:07:56,075
there are no challenges
going on with that.
174
00:07:56,075 –> 00:07:58,411
There have been times
when we’ve spun up a server in the cloud
175
00:07:58,744 –> 00:08:01,180
and you can immediately
see attacks going on. Right.
176
00:08:01,214 –> 00:08:02,515
People
are trying to get logged in to it already.
177
00:08:02,515 –> 00:08:05,251
So we want to make sure
that we’ll do an external port scan,
178
00:08:05,251 –> 00:08:07,086
make sure all the ports are closed
properly.
179
00:08:07,086 –> 00:08:09,455
And again, we’re gonna work
with those folks on an ongoing basis
180
00:08:09,455 –> 00:08:12,792
to make sure that as they use that,
they’re doing it in a secure fashion.
181
00:08:12,992 –> 00:08:15,228
So I know that top of mind
for a lot of these organizations
182
00:08:15,228 –> 00:08:16,829
is, you know, ransomware, right.
183
00:08:16,829 –> 00:08:20,032
So, making sure that you’re protected
as well as you can recover quickly
184
00:08:20,032 –> 00:08:21,267
from a ransomware attack.
185
00:08:21,267 –> 00:08:23,603
So what does Executech offer
in that realm?
186
00:08:23,703 –> 00:08:29,342
Yeah, that is, unfortunately, another
growing industry that I’m not a fan of,
187
00:08:29,342 –> 00:08:33,212
but one of the things will certainly do
is want to create some backups.
188
00:08:33,212 –> 00:08:33,412
Right.
189
00:08:33,412 –> 00:08:36,415
I want to make sure we’re backing up
the right stuff in the right times
190
00:08:36,682 –> 00:08:40,086
and that that information is secure
and protected.
191
00:08:40,086 –> 00:08:41,487
Because one of the things
the ransomware attackers
192
00:08:41,487 –> 00:08:43,823
do, as I’m sure you’re aware,
is they try to find backups.
193
00:08:43,823 –> 00:08:46,359
They can wipe them out
so you can’t recover from those.
194
00:08:47,059 –> 00:08:49,228
There was a situation here.
195
00:08:49,228 –> 00:08:51,631
The University of Utah
actually got hit by ransomware
196
00:08:51,931 –> 00:08:54,400
and they did everything right.
They had the proper backups.
197
00:08:54,400 –> 00:08:57,003
They did everything by the book
and did it correctly.
198
00:08:57,203 –> 00:08:59,405
And they actually ended up paying anyway.
199
00:08:59,405 –> 00:09:01,941
And the reason was,
is that it wasn’t just a ransom attack.
200
00:09:01,941 –> 00:09:04,110
Now it is.
They’re also exfiltrating data from you.
201
00:09:04,110 –> 00:09:06,012
So they stole a bunch of student data
202
00:09:06,012 –> 00:09:07,680
and they kind of prove
that they had the data.
203
00:09:07,680 –> 00:09:10,683
So the university ended up having to
I don’t know, having to they chose
204
00:09:10,683 –> 00:09:14,053
to pay them in order to not have that
student data released out to the public.
205
00:09:14,620 –> 00:09:16,022
So one of the things we also want to do
206
00:09:16,022 –> 00:09:19,292
is we’re doing our best to prevent
any kind of exfiltration of data.
207
00:09:19,725 –> 00:09:22,562
So we’re going to look at, all right,
how do we lock that down?
208
00:09:22,662 –> 00:09:26,265
Multi-factor authentication, of course,
is an easy win for most folks these days.
209
00:09:26,265 –> 00:09:29,769
We’re in a of what we call DLP
or data loss prevention.
210
00:09:30,036 –> 00:09:33,573
So going to look for email patterns,
you know, are there credit card
211
00:09:33,573 –> 00:09:36,576
information and anything like that
that’s stored in an email.
212
00:09:36,842 –> 00:09:38,678
Last couple of layers
get a little technical from there.
213
00:09:38,678 –> 00:09:42,181
But ransomware is a huge business
for a lot of
214
00:09:42,481 –> 00:09:45,918
these criminal organizations out there,
and we are absolutely doing our best
215
00:09:45,918 –> 00:09:47,653
to prevent
that from being an issue moving forward.
216
00:09:47,653 –> 00:09:50,957
I wish we could all band together
and stop this from being a thing.
217
00:09:51,390 –> 00:09:52,124
Yeah, absolutely.
218
00:09:52,124 –> 00:09:54,260
It’s definitely a growing problem. Right.
219
00:09:54,260 –> 00:09:56,596
And it’s really annoying because it’s,
220
00:09:56,596 –> 00:09:59,098
you know, you don’t really necessarily
deserve what’s happening to you
221
00:09:59,098 –> 00:10:02,635
and you kind of have to prepare
for this thing that you didn’t ask for.
222
00:10:03,636 –> 00:10:07,106
And it’s really
just an extortion technique by a lot of…
223
00:10:07,139 –> 00:10:07,907
It really is.
224
00:10:07,907 –> 00:10:10,776
And it’s unfortunate to every industry,
every organization that,
225
00:10:11,110 –> 00:10:13,646
you know, back in the day
when it first started out,
226
00:10:13,646 –> 00:10:15,548
like charity organizations
could have a discussion with them
227
00:10:15,548 –> 00:10:16,682
and say, look, we’re just a charity.
228
00:10:16,682 –> 00:10:20,453
And then they would decrease the fee
or whatever you want to call it.
229
00:10:20,453 –> 00:10:23,589
They’re paying that extortion, the ransom.
230
00:10:23,589 –> 00:10:27,560
But I had the unpleasant job of going
and searching
231
00:10:28,294 –> 00:10:30,963
one of the ransomware attackers
dark web sites to see
232
00:10:30,963 –> 00:10:34,233
if a company’s data had was up for sale.
233
00:10:34,600 –> 00:10:37,770
And when I look through that list, it was
it was every organization.
234
00:10:37,770 –> 00:10:40,439
It didn’t matter
the size. It was a small gas station.
235
00:10:40,706 –> 00:10:42,375
It was a charitable hospital.
236
00:10:42,375 –> 00:10:43,843
It was a school.
237
00:10:43,843 –> 00:10:47,780
It was like there was no one
who was barred from that list, right.
238
00:10:47,780 –> 00:10:49,882
They just go after anybody,
everybody they can.
239
00:10:50,249 –> 00:10:52,051
So no one’s safe, unfortunately.
240
00:10:52,051 –> 00:10:53,452
Yeah. It’s really unfortunate.
241
00:10:54,954 –> 00:10:58,324
So, you know, ransomware is one of those
big ones.
242
00:10:58,591 –> 00:11:03,829
Well, what are some other lesser known
but growing problems within cybersecurity?
243
00:11:03,996 –> 00:11:06,332
What sort of things
are you seeing out there that are
244
00:11:06,999 –> 00:11:10,469
– maybe aren’t getting as much press
and as much notoriety
245
00:11:10,469 –> 00:11:14,106
that are definitely problems still?
246
00:11:14,707 –> 00:11:16,575
Well,
It well, it continues to be a challenge
247
00:11:16,575 –> 00:11:20,312
where we’ve layered on all these layers
of protection as far as security goes.
248
00:11:20,312 –> 00:11:23,683
And we have a firewall in play,
we have an antivirus program in play.
249
00:11:24,517 –> 00:11:26,152
So the attackers know this.
250
00:11:26,152 –> 00:11:28,054
They’re going after busy humans.
251
00:11:28,054 –> 00:11:31,724
So unfortunately
and you know, we’re all busy.
252
00:11:31,724 –> 00:11:32,191
We get it.
253
00:11:32,191 –> 00:11:32,625
I get it.
254
00:11:32,625 –> 00:11:34,960
Certainly,
I have had my share of this happen.
255
00:11:35,428 –> 00:11:38,731
We’re going after the busy users
who are you know, it’s 6 p.m.,
256
00:11:38,731 –> 00:11:41,834
they’re going through their 200th email
and they’re just like, Oh, I’m so tired.
257
00:11:41,867 –> 00:11:43,936
And then you click on something
that they shouldn’t have.
258
00:11:43,936 –> 00:11:47,106
So really we want to educate users.
259
00:11:47,740 –> 00:11:48,307
We’ll see.
260
00:11:48,307 –> 00:11:52,445
We’re going to do phishing campaigns,
so we’re simulating attackers coming in
261
00:11:52,678 –> 00:11:55,681
and attempting to get them to click
on things or enter their credentials.
262
00:11:55,681 –> 00:11:58,250
Then we’ll give them a report on that.
And we’ll show them, “All right.
263
00:11:58,317 –> 00:11:59,819
You know, here’s the percentage of people
264
00:11:59,819 –> 00:12:02,054
who just open, here’s
the percentage of people click on.
265
00:12:02,054 –> 00:12:04,724
Here’s the percentage,
unfortunately, of folks who actually enter
266
00:12:04,724 –> 00:12:08,160
their credentials in there,”
which would have ended up in attackers
267
00:12:08,160 –> 00:12:11,030
having stolen their credentials,
being able to attack your organization.
268
00:12:11,731 –> 00:12:13,132
So it raises awareness.
269
00:12:13,132 –> 00:12:16,368
We see this every time we do a campaign
like that, that
270
00:12:16,368 –> 00:12:20,473
the number of email messages
sent to the IT group suddenly spikes
271
00:12:20,473 –> 00:12:21,974
because they’re like, Is this real?
Is this legitimate?
272
00:12:21,974 –> 00:12:23,342
Should I worry about this? Right?
273
00:12:23,342 –> 00:12:25,277
And then it tends to taper over time.
274
00:12:25,277 –> 00:12:27,346
So I do recommend doing those periodically
275
00:12:27,847 –> 00:12:30,683
and then training the users
– at least annually.
276
00:12:30,683 –> 00:12:33,486
I recommend having a group
come in and train your users on
277
00:12:33,486 –> 00:12:37,623
how to be more safe and more secure,
what to look for in email.
278
00:12:38,324 –> 00:12:42,228
So I think another thing we’re seeing
these days is called MFA bombing.
279
00:12:42,528 –> 00:12:45,231
So you may have multifactor authentication
set up, where, you know,
280
00:12:45,331 –> 00:12:48,234
you go to log in and it either texts you
or you have an authenticator
281
00:12:48,234 –> 00:12:50,069
you have to click on.
282
00:12:50,069 –> 00:12:53,672
Now they’re doing bombing where they may
have your log in and password
283
00:12:53,672 –> 00:12:56,175
and they’re trying to get you
to just accept it on your phone. Right.
284
00:12:56,208 –> 00:12:59,078
You get the prompt on your phone
that says Click yes if this is you
285
00:12:59,612 –> 00:13:02,848
and they’ll just do it like send it
30, 40, 50 times.
286
00:13:03,182 –> 00:13:06,285
And unfortunately, some users are like,
“Man, I don’t know what is going on.
287
00:13:06,285 –> 00:13:06,685
Fine.
288
00:13:06,685 –> 00:13:07,553
Yes.” Just to end it.
289
00:13:07,553 –> 00:13:09,755
Right, to stop that from blowing them up.
290
00:13:09,755 –> 00:13:12,691
But that, in fact, just gave them access
to their credentials.
291
00:13:13,025 –> 00:13:15,060
I, I, I used to trade in crypto.
292
00:13:15,060 –> 00:13:15,728
I don’t anymore.
293
00:13:15,728 –> 00:13:20,166
I like sleep, but I woke up one morning
like 530 in the morning
294
00:13:20,866 –> 00:13:25,037
and I had a wall of password
attempt attacks on my phone.
295
00:13:25,037 –> 00:13:25,204
Right.
296
00:13:25,204 –> 00:13:26,906
Those,
all these alerts from my Gmail account
297
00:13:26,906 –> 00:13:30,142
that I used for trading
and it was pretty scary.
298
00:13:30,142 –> 00:13:34,346
I’m like, wow, this phone was
the only thing keeping the attackers out.
299
00:13:34,914 –> 00:13:38,083
So I really recommend setting up
something like a authenticators
300
00:13:38,083 –> 00:13:41,854
can prompt you for a code, especially
if you’re in a Microsoft environment.
301
00:13:41,854 –> 00:13:44,790
So I recommend using Intune and setting up
302
00:13:45,024 –> 00:13:47,827
and how it’s trying to put other MFA
policies, what it’s all about.
303
00:13:47,827 –> 00:13:51,330
They have to enter a code and you’ve
provided in that bombing attack method.
304
00:13:51,831 –> 00:13:53,899
So it’s definitely
one we’re seeing these days.
305
00:13:53,899 –> 00:13:56,168
That’s probably a highlight.
I think that a majority of them.
306
00:13:56,502 –> 00:13:58,838
Okay, so inevitably
somebody is going to get in, right?
307
00:13:58,871 –> 00:14:00,139
It’s going to happen.
308
00:14:00,139 –> 00:14:02,374
You just have to really prepare for that
as an I.T.
309
00:14:02,374 –> 00:14:03,242
organization, don’t
310
00:14:03,242 –> 00:14:07,246
assume that your defense mechanisms
are going to kick in and stop everything.
311
00:14:07,246 –> 00:14:13,152
So once something gets in there,
what does Executech offer to organizations
312
00:14:13,485 –> 00:14:18,090
to help them recover
or mitigate the impact of these attacks?
313
00:14:18,324 –> 00:14:20,659
Before I get into that, just real quick,
thank you for bringing that up
314
00:14:20,659 –> 00:14:24,263
because that is one mindset
I would love organizations to take.
315
00:14:24,630 –> 00:14:29,301
Far too many have the belief that, Hey,
as long as I secure us, we’re good to go
316
00:14:29,301 –> 00:14:30,469
and I don’t have to worry about it.
317
00:14:30,469 –> 00:14:31,670
But in fact, it’s
318
00:14:31,670 –> 00:14:35,541
a much better position to take of, “Okay,
what do we do in the event of?” Right.
319
00:14:35,541 –> 00:14:39,812
So we create an incident response plan,
have some plan in place.
320
00:14:40,346 –> 00:14:44,550
It’s a simple plan, but,
you know who to call, who to go to, right?
321
00:14:44,850 –> 00:14:45,918
Do you have a legal team?
322
00:14:45,918 –> 00:14:49,288
Do you have a forensics team
or just have those things ready to go
323
00:14:49,288 –> 00:14:50,256
so that you’re not long
324
00:14:50,256 –> 00:14:53,792
delay in case that happens,
to answer the original question,
325
00:14:54,093 –> 00:14:58,464
yeah, we do offer teams we can roll out
and help in those environment.
326
00:14:58,497 –> 00:15:01,867
We do it unfortunately far too often
because of ransomware.
327
00:15:01,867 –> 00:15:04,503
But that is not an uncommon thing
where we’ll get a call to come out,
328
00:15:04,703 –> 00:15:08,641
we’ll roll a team out,
will deploy some change notification
329
00:15:09,008 –> 00:15:12,645
software, we’ll start blocking things,
and then we’re going through
330
00:15:12,845 –> 00:15:15,714
an incident response plan with those folks
and then help them create one.
331
00:15:15,948 –> 00:15:19,051
So in the future, they have the ability
to respond to those themselves,
332
00:15:19,051 –> 00:15:22,154
but we absolutely will come in
and help folks – I don’t want to say
333
00:15:22,154 –> 00:15:24,290
clean up,
But really, that’s what it’s all about, is
334
00:15:24,290 –> 00:15:27,660
making sure you can recover
because it can be it can be a long time.
335
00:15:27,660 –> 00:15:27,760
Right.
336
00:15:27,760 –> 00:15:28,861
You got to stop the attackers.
337
00:15:28,861 –> 00:15:31,697
Number one, you got to figure out
how you want to recover from the data,
338
00:15:31,931 –> 00:15:34,733
you’ve got to do the recovery
and get back to normal operations.
339
00:15:34,733 –> 00:15:36,669
And you have to deal with the fallout
from all that as well.
340
00:15:36,669 –> 00:15:37,736
So it’s quite a process.
341
00:15:37,736 –> 00:15:39,371
It involves quite a few teams.
342
00:15:39,371 –> 00:15:43,142
That said, is that part of the messaging
that Executech uses
343
00:15:43,142 –> 00:15:45,811
when they’re pitching their services
to these organizations?
344
00:15:45,811 –> 00:15:49,148
Are you being upfront saying, look,
you know, we can only do so much,
345
00:15:49,682 –> 00:15:53,852
we really need you to understand
that these things can happen regardless
346
00:15:53,852 –> 00:15:57,356
of what we can do, and then that you need
to have a contingency plan.
347
00:15:57,356 –> 00:16:00,225
A disaster recovery
plan, a backup plan in place
348
00:16:00,726 –> 00:16:04,163
to recover quickly from this,
because after it’s in there,
349
00:16:04,229 –> 00:16:08,367
there’s only so much that Executech can do
from a managed services perspective.
350
00:16:08,667 –> 00:16:09,268
Yeah.
351
00:16:09,268 –> 00:16:13,005
So our team are a bunch of consultants,
we call them IT consultants, not IT
352
00:16:13,172 –> 00:16:14,139
technicians.
353
00:16:14,139 –> 00:16:17,042
And the reason for that is we’re having
those tough conversations with clients.
354
00:16:17,076 –> 00:16:17,676
Saying,
355
00:16:17,810 –> 00:16:21,280
you know, look, I see you’re not using
any kind of multi-factor authentication.
356
00:16:21,280 –> 00:16:22,982
This is not a best practices.
357
00:16:22,982 –> 00:16:25,484
And certainly
there are small organizations
358
00:16:25,617 –> 00:16:29,421
who are either not equipped
or don’t have the budget
359
00:16:29,421 –> 00:16:31,690
or just don’t feel like it’s
really something they have to worry about.
360
00:16:32,024 –> 00:16:34,259
So we end up in these
ongoing conversations with them.
361
00:16:34,560 –> 00:16:35,894
We had one
362
00:16:37,062 –> 00:16:38,998
– not to name any client names,
363
00:16:38,998 –> 00:16:43,802
but we had a doctor’s office who refused
to do things to be HIPAA compliant.
364
00:16:44,136 –> 00:16:47,940
And so we finally put together,
a not hold liable form and said,
365
00:16:48,374 –> 00:16:50,776
you know, you need to sign this form
that says something goes wrong.
366
00:16:51,010 –> 00:16:53,178
It’s not on your MSP for this.
367
00:16:53,178 –> 00:16:56,315
And that woke them up to like,
Oh, you were serious about this.
368
00:16:56,315 –> 00:16:59,084
Okay, so,
you know, hopefully never comes to that.
369
00:16:59,084 –> 00:17:02,721
But yeah, we are having those
ongoing conversations on a daily basis
370
00:17:02,721 –> 00:17:06,425
throughout all the organizations
and like I teach a compliance class,
371
00:17:06,692 –> 00:17:09,461
so I’ll teach the,
the new onboarding IT consultants
372
00:17:09,995 –> 00:17:12,765
how to have those tough conversations
with folks and what to talk about.
373
00:17:13,065 –> 00:17:16,835
And a lot of organizations
look at that at security and go
374
00:17:16,835 –> 00:17:18,737
there’s too much it costs too much.
375
00:17:18,737 –> 00:17:20,906
There’s just too much involved.
We can’t do all this at once.
376
00:17:20,906 –> 00:17:21,840
There’s no way.
377
00:17:21,840 –> 00:17:25,477
So what we do is we come in
and we offer helping them build a roadmap.
378
00:17:25,477 –> 00:17:27,679
So yeah, you may be in an insecure place.
379
00:17:27,679 –> 00:17:29,314
We want to get you in a secure place.
380
00:17:29,314 –> 00:17:31,116
Let’s not try to throw everything on it
at once.
381
00:17:31,116 –> 00:17:35,087
Let’s create a roadmap that makes sense
for the organization, for the budget
382
00:17:35,454 –> 00:17:37,956
and put together a plan to move that way.
383
00:17:38,524 –> 00:17:41,894
Or, as I mentioned before,
we offer a package, we can come in
384
00:17:41,894 –> 00:17:44,763
and drop in most of that stuff
and take care of that for them as well.
385
00:17:44,997 –> 00:17:47,833
So with the ransomware and the, you know,
intrusion
386
00:17:47,833 –> 00:17:51,103
stuff, what sort of tools
are you leveraging at Executech?
387
00:17:51,203 –> 00:17:53,772
Like,
how are you handling intrusion detection?
388
00:17:53,772 –> 00:17:57,843
How are you handling ransomware detection
and how are you handling the recovery?
389
00:17:57,843 –> 00:17:59,978
Like, what are you recommending
to these customers?
390
00:18:00,279 –> 00:18:04,083
Number one, we’re putting in a firewall
right next generation firewalls,
391
00:18:04,083 –> 00:18:05,284
deep packet inspection,
392
00:18:05,284 –> 00:18:06,919
they call it where it’s digging
through every packet,
393
00:18:06,919 –> 00:18:09,321
looking through them, making sure
there’s nothing malicious inside of there.
394
00:18:09,321 –> 00:18:12,724
Coupled with that we’re doing
endpoint protection with what we recommend
395
00:18:12,724 –> 00:18:15,761
is an MTR solution
or a managed threat response.
396
00:18:15,761 –> 00:18:20,265
So we’re actually working with an endpoint
provider, you know, a security provider
397
00:18:20,566 –> 00:18:24,536
who also has a team
monitoring the environment at all times.
398
00:18:24,770 –> 00:18:27,539
So we’re kind of double covering
whenever we can with these organizations.
399
00:18:27,539 –> 00:18:29,975
We’ll drop
in a change management software.
400
00:18:30,342 –> 00:18:34,413
So we’re looking for events such as –
a user suddenly became an administrator
401
00:18:34,413 –> 00:18:39,118
when they shouldn’t have or a user logged
in at 2AM, which is unusual for them.
402
00:18:39,118 –> 00:18:41,186
So we’re looking for unusual behaviors.
403
00:18:41,186 –> 00:18:43,689
We also want to drop in
some anti-ransomware software.
404
00:18:44,089 –> 00:18:49,728
So unlike the traditional antivirus
software where someone gets hit by a virus
405
00:18:49,928 –> 00:18:52,865
and then everybody else gets the signature
to prevent that from happening.
406
00:18:53,165 –> 00:18:56,602
Anti-ransomware is moving also to –
and I hope, more security tools
407
00:18:56,602 –> 00:19:00,105
do this in the near future
– moving to a more behavioral-based model
408
00:19:00,405 –> 00:19:03,542
where it’s looking to see,
oh, some files got encrypted.
409
00:19:03,542 –> 00:19:04,643
Well, that’s not unusual.
410
00:19:04,643 –> 00:19:07,045
Some people do that, right?
That can be a user thing.
411
00:19:07,446 –> 00:19:09,681
But now we’re at 50 files, 100 files.
412
00:19:09,681 –> 00:19:11,550
Look, I’m going to stop that process.
I don’t know what it is.
413
00:19:11,550 –> 00:19:12,684
I can’t clean it up.
414
00:19:12,684 –> 00:19:13,819
The software can’t,
415
00:19:13,819 –> 00:19:17,856
but it will alert us and say, hey, there’s
something suspicious going on here.
416
00:19:17,856 –> 00:19:19,424
We see a bunch of files get encrypted.
417
00:19:19,424 –> 00:19:20,926
So we’ve stopped the process.
418
00:19:20,926 –> 00:19:24,196
So it tends to work
with any variant of ransomware as well
419
00:19:24,196 –> 00:19:27,599
because now it’s not reliant
on a signature, it’s looking at behavior.
420
00:19:27,599 –> 00:19:31,303
So we’re looking at a lot of behavioral
based model wherever we can
421
00:19:31,336 –> 00:19:33,138
to help secure the environment.
422
00:19:33,138 –> 00:19:37,142
So with this behavioral piece,
is it simply user behavior or is it data
423
00:19:37,142 –> 00:19:37,676
anomalies?
424
00:19:37,676 –> 00:19:40,112
Like, you know, we see a bunch of changes
to a bunch of files
425
00:19:40,112 –> 00:19:43,048
and that’s kind of a clue
that we have something going on there.
426
00:19:43,649 –> 00:19:45,717
Yeah, that’s exactly what it is,
it’s looking for
427
00:19:46,084 –> 00:19:48,420
processes
that are doing things out of the ordinary.
428
00:19:48,754 –> 00:19:50,656
Why are there suddenly
a whole bunch of files changes?
429
00:19:50,656 –> 00:19:52,891
Why is this big export happening?
430
00:19:52,891 –> 00:19:55,127
Why are a whole bunch of files
been encrypted all at once?
431
00:19:55,460 –> 00:19:58,830
Those are triggers that will, you know,
and maybe sometimes it’s a false alert.
432
00:19:59,031 –> 00:20:01,166
There’s no doubt it happens,
but it’s pretty, pretty rare.
433
00:20:01,166 –> 00:20:02,901
Fortunately, I’d rather err
434
00:20:02,901 –> 00:20:05,771
on the side of caution in this case
because ransomware is just too prevalent.
435
00:20:05,938 –> 00:20:07,239
You know,
I don’t know if you’re familiar with what
436
00:20:07,239 –> 00:20:10,576
NetApp offers,
but we do have similar functionality
437
00:20:10,576 –> 00:20:14,479
within the ONTAP software
where it’s detection of these anomalies.
438
00:20:14,479 –> 00:20:18,050
And then what we do in addition to that
is, you know, send out a notification
439
00:20:18,050 –> 00:20:20,519
saying, hey,
there’s something going on to our admins.
440
00:20:21,186 –> 00:20:23,488
And then we take an immediate
snapshot, right?
441
00:20:23,522 –> 00:20:28,493
So that we have a point in time before
everything gets kind of fubar, right.
442
00:20:28,894 –> 00:20:30,195
So like it.
443
00:20:30,195 –> 00:20:30,495
Yeah.
444
00:20:30,495 –> 00:20:32,998
So like, you know, it’s an all
and it’s all automatic.
445
00:20:32,998 –> 00:20:36,868
So does Executech have similar mentality?
446
00:20:37,002 –> 00:20:40,639
Is there like a snapshot that kicks off
when this stuff happens
447
00:20:40,639 –> 00:20:43,775
or is it, you know,
are you simply just advising customers,
448
00:20:43,809 –> 00:20:47,679
hey, monitor
this and do something once it happens?
449
00:20:47,779 –> 00:20:49,581
We’re a little different
from a traditional MSP.
450
00:20:49,581 –> 00:20:51,116
We aren’t hosting
451
00:20:51,116 –> 00:20:54,253
client data, so we’re setting up
environments for each client separately.
452
00:20:54,886 –> 00:20:56,922
So it kind of depends on the client.
453
00:20:56,922 –> 00:20:59,791
Some are large, some are small, some
may have cloud environments, some may not.
454
00:20:59,791 –> 00:21:03,161
So I’d like to explore this a little more,
if you don’t mind, if you could tell me.
455
00:21:03,161 –> 00:21:05,030
I know NetApp
does some cloud-based stuff as well.
456
00:21:05,030 –> 00:21:08,133
So what is the you know, tell me
about that space if you wouldn’t mind.
457
00:21:08,200 –> 00:21:08,767
Right, right.
458
00:21:08,767 –> 00:21:11,336
So, you know, there’s
the automatic ransomware detection,
459
00:21:11,336 –> 00:21:14,773
which I talked about, which is, you know,
detecting anomalies, triggering events,
460
00:21:15,140 –> 00:21:17,442
telling your admins, hey,
there’s something weird going on.
461
00:21:17,442 –> 00:21:20,312
We’ll take a snapshot
so that you have a way to recover quickly.
462
00:21:20,312 –> 00:21:23,615
And these snapshots in ONTAP,
they take instantly.
463
00:21:24,116 –> 00:21:27,719
Once you want to restore from them,
you can either restore files directly.
464
00:21:27,719 –> 00:21:30,889
out of them if you want,
or you can restore the entire volume
465
00:21:30,889 –> 00:21:33,392
if you choose, right?
So you can basically blow everything away.
466
00:21:33,392 –> 00:21:36,128
So if something gets entirely encrypted
by ransomware,
467
00:21:36,128 –> 00:21:37,929
you’re not sitting there panicking
because you’re like,
468
00:21:37,929 –> 00:21:39,598
oh, I’ll juat revert back to this snapshot
469
00:21:39,598 –> 00:21:42,601
and maybe I’ll lose
30 minutes of data, but, you know,
470
00:21:42,601 –> 00:21:46,672
that’s better than paying two, $2 million
to this ransomware, right?
471
00:21:46,772 –> 00:21:49,708
For sure. Right.
So that’s one aspect of it.
472
00:21:49,741 –> 00:21:51,376
And then you have
the compliance aspect of it.
473
00:21:51,376 –> 00:21:53,945
We can replicate it to a DR site.
474
00:21:53,945 –> 00:21:56,948
So you have an offsite backup,
which is always part of that disaster
475
00:21:56,948 –> 00:21:58,450
recovery backup plan. Right.
476
00:21:58,450 –> 00:22:00,218
You don’t want to keep everything on site
477
00:22:00,218 –> 00:22:02,054
and it’s an exact replica of your volumes.
478
00:22:02,054 –> 00:22:04,923
And then we have something
called SnapLock, which is,
479
00:22:05,057 –> 00:22:08,927
hey, these snapshots,
not only can you not touch the data
480
00:22:08,927 –> 00:22:12,731
inside of them, it’s read only,
but the snapshots themselves are locked
481
00:22:12,998 –> 00:22:15,901
and we have a clock that set on those
where, you know you can’t touch them
482
00:22:15,901 –> 00:22:18,937
for five years or seven years,
whatever you set that to.
483
00:22:18,937 –> 00:22:21,606
Right.
So that’s part of that HIPAA compliance.
484
00:22:21,840 –> 00:22:24,276
That’s part of the other compliances
that you see out there.
485
00:22:24,276 –> 00:22:28,847
So, you know, it’s really about
taking the onus off of the admins
486
00:22:28,847 –> 00:22:31,383
and putting it on the software,
making the software do the work.
487
00:22:31,383 –> 00:22:36,088
So the admins can focus on other things
like the actual ransomware intrusion.
488
00:22:36,088 –> 00:22:37,322
How do we fix those holes?
489
00:22:37,322 –> 00:22:38,023
I like it.
490
00:22:38,023 –> 00:22:41,126
Immutable backups are something
that I’ve been exploring recently to see.
491
00:22:41,126 –> 00:22:43,328
All right. I couldn’t create those.
492
00:22:43,328 –> 00:22:47,099
I don’t have a great solution
at the moment, but this may be one.
493
00:22:47,099 –> 00:22:48,800
Thank you for sharing that. Yeah,
absolutely.
494
00:22:48,800 –> 00:22:53,705
So, that said, I mean,
tell me about in a dream world, right?
495
00:22:53,705 –> 00:22:55,774
Let’s say money’s no object.
496
00:22:55,774 –> 00:22:57,542
You can do whatever we want.
497
00:22:57,542 –> 00:22:59,144
How is your organization
498
00:23:00,212 –> 00:23:00,779
making a
499
00:23:00,779 –> 00:23:04,783
complete data protection
ransomware secure solution?
500
00:23:04,783 –> 00:23:06,518
Like, what are they doing from end to end?
501
00:23:06,518 –> 00:23:07,919
Well, with,
502
00:23:08,086 –> 00:23:10,822
you know, security and ease of use
tend to be opposite ends of the spectrum.
503
00:23:11,089 –> 00:23:14,893
But we would remove admin rights
from your average users.
504
00:23:14,893 –> 00:23:15,127
Right.
505
00:23:15,127 –> 00:23:18,330
So and that’s a challenge
that we have internally because
506
00:23:18,330 –> 00:23:22,367
we are deploying technicians
who need to be able to,
507
00:23:22,401 –> 00:23:26,705
you know, use all the suite available
to them on their devices.
508
00:23:27,139 –> 00:23:32,310
So and we are using tools that are often
used in ransomware environments.
509
00:23:32,611 –> 00:23:33,812
So we get alerts, right?
510
00:23:33,812 –> 00:23:36,014
Someone’s using a rootkit scanner.
511
00:23:36,014 –> 00:23:38,150
Well, yeah,
part of our job would be using rootkits.
512
00:23:38,150 –> 00:23:42,587
So it has been a challenge for us
internally to attempt to roll out
513
00:23:42,721 –> 00:23:46,591
a secure environment where we still allow
514
00:23:47,025 –> 00:23:50,729
technical system administrators
to do their job for their clients.
515
00:23:50,729 –> 00:23:53,131
So I definitely use an MTR solution.
516
00:23:53,131 –> 00:23:54,633
So we’d have another party
517
00:23:54,633 –> 00:23:58,603
also monitoring the environment
because I like layers and layers of folks.
518
00:23:58,970 –> 00:24:03,842
So we would have immutable backups
that run preferably real time, right?
519
00:24:03,842 –> 00:24:07,646
So there’s this backup going all the time
that, as you said, can’t touch
520
00:24:07,646 –> 00:24:09,181
for a certain amount of time.
521
00:24:09,181 –> 00:24:10,916
It’s not deleteable.
522
00:24:10,916 –> 00:24:13,819
But I still like the change detection
and the anti-ransom software.
523
00:24:14,052 –> 00:24:16,955
We would lock down all ports
in the firewall unnecessary
524
00:24:16,955 –> 00:24:20,926
and yeah, figure out some way
that if we detect any of these it triggers
525
00:24:20,926 –> 00:24:24,529
a, you know, a red alert goes off,
someone hits that big red button
526
00:24:24,529 –> 00:24:29,334
that’s on the side of the server room
and all the backups stop
527
00:24:29,534 –> 00:24:32,938
or it takes a sudden snapshot
because we don’t want to override the data
528
00:24:32,938 –> 00:24:34,306
that we have already out there.
529
00:24:34,306 –> 00:24:36,508
It sounds like you’re talking
about ONTAP. I’m just saying.
530
00:24:38,076 –> 00:24:40,612
I think so.
531
00:24:40,612 –> 00:24:43,181
Yeah, there are definitely
some large organizations we work with
532
00:24:43,648 –> 00:24:48,420
where I would really make me be able
to sleep better at night, that’s for sure.
533
00:24:48,420 –> 00:24:50,188
Knowing that we had that employed.
534
00:24:50,188 –> 00:24:52,757
I totally didn’t plan it.
I mean, I was like, Hey, perfect solution.
535
00:24:52,757 –> 00:24:54,259
And then you’re like, Hey,
536
00:24:55,093 –> 00:24:56,962
it’s basically what you just said.
537
00:24:56,962 –> 00:25:00,031
And it happens to be ONTAP, right… um…
538
00:25:00,265 –> 00:25:01,366
I’m looking into this ONTAP stuff.
539
00:25:01,366 –> 00:25:02,434
There’s also like
540
00:25:02,434 –> 00:25:06,404
aspects of NetApp’s portfolio,
which is beyond the ONTAP piece, right?
541
00:25:06,404 –> 00:25:10,242
We have cloud native things
such as Cloud Backup Services,
542
00:25:10,242 –> 00:25:13,845
where we kind of approach it
from an application angle, NetApp Astra,
543
00:25:13,845 –> 00:25:16,982
where we kind of handle the Kubernetes
data protection side of it as well.
544
00:25:16,982 –> 00:25:20,552
So there’s a lot there
that people may or may not know about that
545
00:25:20,886 –> 00:25:24,990
fit into this overall data protection
security mentality.
546
00:25:25,390 –> 00:25:27,559
And it really it’s
just about getting the word out.
547
00:25:27,759 –> 00:25:30,195
So NetApp started as a storage provider.
Yeah, right.
548
00:25:30,195 –> 00:25:31,263
That was the original. Yeah.
549
00:25:31,263 –> 00:25:35,133
Well, originally, like, you know, way back
like 30 years ago or so, you know.
550
00:25:35,200 –> 00:25:37,202
I’ve been in the business a long time.
551
00:25:37,202 –> 00:25:38,870
It was it was called a filer, right?
552
00:25:38,870 –> 00:25:40,305
Or a toaster.
553
00:25:40,305 –> 00:25:42,474
Right. So, like, simple.
554
00:25:42,774 –> 00:25:45,143
Do one thing, serve NFS data.
555
00:25:45,577 –> 00:25:46,244
Right.
556
00:25:46,411 –> 00:25:50,215
And then throughout the years, it’s
evolved and they’ve bolted on more stuff.
557
00:25:50,215 –> 00:25:52,684
And, you know,
now it’s this this, you know, giant
558
00:25:53,818 –> 00:25:56,821
multi-purpose operating system.
559
00:25:56,821 –> 00:25:59,791
But we also have, you know, acquired
other companies and integrated their IP,
560
00:25:59,891 –> 00:26:01,226
that sort of thing.
561
00:26:01,226 –> 00:26:01,893
But ultimately,
562
00:26:01,893 –> 00:26:04,896
you know, what they’ve moved
towards is more of a cloud first mentality
563
00:26:04,896 –> 00:26:08,533
or hybrid cloud mentality
where you can kind of go on-prem or cloud.
564
00:26:08,533 –> 00:26:12,804
So that’s really where NetApp stands
today is kind of we live in both worlds.
565
00:26:12,804 –> 00:26:15,240
Right. We understand
that it’s not going to be all cloud.
566
00:26:15,240 –> 00:26:16,608
It’s not going to be all on-prem.
567
00:26:16,608 –> 00:26:19,411
We have to be able to play in both spaces.
Yeah, absolutely.
568
00:26:19,411 –> 00:26:22,981
Because that’s all we’re looking at
right now is how do we get the speed
569
00:26:22,981 –> 00:26:27,652
of being local and have the protection
and the accessibility of being cloud
570
00:26:28,019 –> 00:26:30,589
and juggling
those to depend on the environment.
571
00:26:30,889 –> 00:26:32,190
You’ve seen this with Executech.
572
00:26:32,190 –> 00:26:36,394
If you don’t adapt and just accept
that there’s going to be cloud,
573
00:26:36,895 –> 00:26:37,662
you don’t survive.
574
00:26:37,662 –> 00:26:39,531
And we kind of touched on it
earlier, where, you know,
575
00:26:39,531 –> 00:26:42,901
people are doing these things themselves
now more often because of cloud.
576
00:26:43,368 –> 00:26:45,704
So how does a managed services survive?
577
00:26:45,704 –> 00:26:48,473
How does a on-prem storage solution
survive?
578
00:26:48,473 –> 00:26:51,543
They adapt
and they adjust and build the cloud
579
00:26:51,543 –> 00:26:55,580
into their overall strategy
for providing services.
580
00:26:55,880 –> 00:26:59,484
Yeah, I read something recently
that said only 8% of IT
581
00:26:59,484 –> 00:27:02,287
service providers out
there are trained in how to do cloud.
582
00:27:02,821 –> 00:27:06,691
And it’s growing at a far greater
rate than 8%, I assure you.
583
00:27:06,691 –> 00:27:07,058
Yeah.
584
00:27:07,058 –> 00:27:07,759
And you know,
585
00:27:07,759 –> 00:27:11,162
you have to kind of take that into account
or you’re just going to get left behind.
586
00:27:12,397 –> 00:27:13,465
And cloud isn’t just cloud.
587
00:27:13,465 –> 00:27:16,635
It isn’t just like going into a AWS
and like creating a,
588
00:27:16,668 –> 00:27:18,870
you know, an instance,
right? It’s also learning
589
00:27:18,870 –> 00:27:22,207
how to automate, learning
how to, you know, script, how to code.
590
00:27:22,507 –> 00:27:25,543
So you really have to kind of approach it
from multiple angles.
591
00:27:25,744 –> 00:27:26,011
Yeah.
592
00:27:26,011 –> 00:27:29,180
One of the things that we looked at doing
was spinning down VMs in the evening
593
00:27:29,180 –> 00:27:31,249
when they’re not in use
to save the client money, for instance.
594
00:27:31,249 –> 00:27:34,252
So, yeah, I get the automation
and scripting for sure.
595
00:27:34,285 –> 00:27:34,819
All right, James.
596
00:27:34,819 –> 00:27:36,488
So before we close it out,
I want you to give me
597
00:27:36,488 –> 00:27:40,492
your top three top of mind security issues
that you see out there.
598
00:27:40,492 –> 00:27:43,094
As it relates to IT organizations.
599
00:27:43,461 –> 00:27:46,164
It’s, I think I mentioned it before,
it’s really finding that balance
600
00:27:46,431 –> 00:27:50,602
of how to support a technical team
and keep them in a secure environment.
601
00:27:50,602 –> 00:27:52,570
So it’s really a juggling act, right?
Yeah.
602
00:27:52,570 –> 00:27:55,306
As you can imagine,
MSPs are targets these days
603
00:27:55,607 –> 00:27:58,043
because attackers know
that if they can get access to the MSP,
604
00:27:58,043 –> 00:27:59,811
they have access to the keys
to the kingdom,
605
00:27:59,811 –> 00:28:03,048
to a whole bunch of other organizations
out there, potentially infrastructure
606
00:28:03,048 –> 00:28:06,384
organizations and, you know, critical
support organizations, that kind of thing,
607
00:28:06,384 –> 00:28:09,187
where they can leverage
huge ransoms that they were able to.
608
00:28:09,587 –> 00:28:14,125
So one of our tough jobs
is trying to maintain security across
609
00:28:14,125 –> 00:28:16,361
all of our clients
and across multiple platforms
610
00:28:16,361 –> 00:28:18,363
because they’re all in different
environments.
611
00:28:18,363 –> 00:28:20,432
They all have different view
of what security looks like.
612
00:28:20,432 –> 00:28:24,402
How do we allow our consultants access
613
00:28:24,402 –> 00:28:28,940
to those keys to the kingdom, but
only the ones they need to do their job?
614
00:28:28,940 –> 00:28:31,843
Not all of them should. You know,
I hope it never happens.
615
00:28:31,843 –> 00:28:34,713
But should one of their credentials
be compromised, for instance?
616
00:28:35,313 –> 00:28:37,882
And then we’ve talked about it
in depth here.
617
00:28:37,882 –> 00:28:40,351
Of course, it’s how do we protect everyone
against ransomware,
618
00:28:40,985 –> 00:28:43,088
the ongoing threat we all have,
we all see today.
619
00:28:43,088 –> 00:28:44,489
So those be my top three.
620
00:28:44,489 –> 00:28:45,423
All right.
621
00:28:45,423 –> 00:28:47,492
Sounds like a good top three there.
622
00:28:47,492 –> 00:28:49,394
So, again, James…
623
00:28:49,394 –> 00:28:51,196
keeps you busy. Yes. Right.
624
00:28:51,196 –> 00:28:53,364
So, again, if we wanted to reach you,
how do we do that?
625
00:28:53,431 –> 00:29:02,907
Yeah, I’m gonna send you to the same site,
Justin so would be executech.com/cast or
626
00:29:02,941 –> 00:29:05,744
C-A-S-T please. All right. Excellent.
627
00:29:05,777 –> 00:29:08,480
Thanks so much for joining us today
and talking to us about Executech,
628
00:29:08,480 –> 00:29:11,382
as well as how they approach
cybersecurity solutions.
629
00:29:11,583 –> 00:29:12,450
It’s been my pleasure.
630
00:29:12,450 –> 00:29:14,986
Thanks for opening my eyes to the NetApp
options. Yep.
631
00:29:15,019 –> 00:29:16,521
No worries, man. That’s my job.
632
00:29:18,056 –> 00:29:18,757
All right.
633
00:29:18,757 –> 00:29:20,825
That music tells me it’s time to go.
634
00:29:20,825 –> 00:29:21,893
If you’d like to get in touch with us,
send us
635
00:29:21,893 –> 00:29:26,131
an email to podcast@netapp.com
or send us a tweet @NetApp.
636
00:29:26,531 –> 00:29:30,335
As always, if you’d like to subscribe,
find us on iTunes, Spotify,
637
00:29:30,435 –> 00:29:35,607
Google Play, iHeartRadio, SoundCloud,
Stitcher, or via techontappodcast.com.
638
00:29:36,007 –> 00:29:37,976
If you liked the show
today, leave us a review.
639
00:29:37,976 –> 00:29:40,178
On behalf of the entire Tech
ONTAP Podcast team,
640
00:29:40,178 –> 00:29:42,881
I’d like to thank James Fair of Executech
for joining us today.
641
00:29:43,081 –> 00:29:44,149
As always.
642
00:29:44,149 –> 00:29:46,951
Thanks for listening.
643
00:29:48,920 –> 00:29:58,963
[podcast
644
00:29:58,963 –> 00:30:09,007
outro
645
00:30:09,007 –> 00:30:19,017
theme]
Why Is The Internet Broken? 
Pingback: A Year in Review: 2022 Highlights | Why Is The Internet Broken?