Behind the Scenes Episode 346: How Executech Approaches Cybersecurity (with James Fair)

Welcome to the Episode 346, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

2019-insight-design2-warhol-gophers

We also now have a presence on the NetApp Communities page. You can subscribe there to get emails when we have new episodes.

Tech ONTAP Podcast Community

techontap_banner2

Finding the Podcast

You can find this week’s episode here:

I’ve also resurrected the YouTube playlist. You can find this week’s episode here:

You can also find the Tech ONTAP Podcast on:

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

Transcription

The following transcript was generated using Adobe Premiere’s speech to text service and then further edited. As it is AI generated, YMMV.

Episode 346: How Executech Approaches Cybersecurity with James Fair – Transcript

1
00:00:00,533 –> 00:00:03,903
This week on the Tech ONTAP Podcast, James
Fair from Executech comes and joins us

2
00:00:03,903 –> 00:00:06,806
to talk to us all about cyber
security managed services.

3
00:00:08,208 –> 00:00:18,318
[Podcast

4
00:00:18,318 –> 00:00:28,428
intro]

5
00:00:32,565 –> 00:00:35,235
Hello
and welcome to the Tech ONTAP Podcast.

6
00:00:35,235 –> 00:00:36,736
My name is Justin Parisi.

7
00:00:36,736 –> 00:00:38,004
I’m here in the basement of my house

8
00:00:38,004 –> 00:00:41,408
and with me today on the phone
we have James Fair from Executech.

9
00:00:41,408 –> 00:00:45,145
James, what do you do at Executech,
and how do we reach you?

10
00:00:46,079 –> 00:00:48,381
Hey, Justin, I appreciate the invite.

11
00:00:48,381 –> 00:00:49,382
Happy to be here.

12
00:00:49,382 –> 00:00:52,552
So I am a senior vice
president at Executech,

13
00:00:52,552 –> 00:00:54,621
which means basically “everything’s
my fault.”

14
00:00:54,687 –> 00:00:58,691
I take care of the Utah region primarily,
which is where we’re out of.

15
00:00:59,092 –> 00:01:02,328
And I also have a hand
in the internal doings

16
00:01:02,328 –> 00:01:05,732
in cybersecurity at our environment,
just to make sure everyone stays safe

17
00:01:05,732 –> 00:01:06,299
and secure.

18
00:01:06,299 –> 00:01:10,270
You can reach us at executech.com/cast.

19
00:01:10,270 –> 00:01:11,871
(C-A-S-T).

20
00:01:11,871 –> 00:01:14,340
We set up a website
just for podcasts like this.

21
00:01:14,340 –> 00:01:15,442
All right, excellent.

22
00:01:15,442 –> 00:01:18,978
So I would imagine that as senior vice
president, where everything is your fault,

23
00:01:19,012 –> 00:01:20,747
you also get credit for everything, right?

24
00:01:22,482 –> 00:01:23,583
I try not to really.

25
00:01:23,583 –> 00:01:26,986
It’s a leadership belief of mine
that I should give credit to everyone

26
00:01:26,986 –> 00:01:30,323
who was involved in it and not myself
and just take all the blame instead.

27
00:01:30,490 –> 00:01:31,658
That’s actually pretty good…

28
00:01:31,658 –> 00:01:35,495
Make sure that like the people
that you know are doing the actual upfront

29
00:01:35,495 –> 00:01:36,629
work are getting the credit.

30
00:01:36,629 –> 00:01:38,698
And then if something goes wrong, then
hey, sorry, guys.

31
00:01:38,698 –> 00:01:40,800
My bad. Right? Yeah. Yeah.
I should have done.

32
00:01:40,800 –> 00:01:42,902
I should’ve educated you better,
I should communicate it differently.

33
00:01:42,902 –> 00:01:43,236
Right.

34
00:01:43,236 –> 00:01:45,905
So, yeah,
I believe that’s the way to lead people.

35
00:01:46,673 –> 00:01:50,343
So, you know, with that
mentality in place, does Executech

36
00:01:50,610 –> 00:01:51,778
do something similar?

37
00:01:51,778 –> 00:01:55,515
Does it try to take on the blame
when something goes wrong

38
00:01:55,515 –> 00:01:58,585
and, you know, give the credit out
to their customers and their end users?

39
00:01:58,718 –> 00:02:00,253
How does Executech do business?

40
00:02:01,221 –> 00:02:01,588
Yeah.

41
00:02:01,588 –> 00:02:03,723
So just to give you the spiel, right.

42
00:02:03,723 –> 00:02:06,092
We are an award-winning IT Services
provider.

43
00:02:06,092 –> 00:02:07,794
We do IT support, cybersecurity,

44
00:02:07,794 –> 00:02:12,031
and cloud services and we’re really
about people-first environments.

45
00:02:12,332 –> 00:02:16,169
So we’ve got a team of IT people who are,
you know, hopefully down-to-earth people,

46
00:02:16,169 –> 00:02:19,405
friendly, personable, that kind of thing,
and they’re really focused

47
00:02:19,405 –> 00:02:20,473
on the company’s success.

48
00:02:20,473 –> 00:02:23,810
So we become part of the company’s team.

49
00:02:24,110 –> 00:02:27,013
So rather than, hey, it’s us
and we’re separate, we,

50
00:02:27,013 –> 00:02:27,347
you know,

51
00:02:27,347 –> 00:02:30,583
we want to use pronouns like “we”
and “our backups are having challenges”

52
00:02:30,583 –> 00:02:30,984
or whatever.

53
00:02:30,984 –> 00:02:32,952
So we want to be just a member
of the team.

54
00:02:32,952 –> 00:02:33,553
In fact,

55
00:02:33,553 –> 00:02:36,456
when I took care of a construction company
down here in Salt Lake,

56
00:02:36,723 –> 00:02:38,858
they added me to their company directory,
right.

57
00:02:38,858 –> 00:02:42,795
For IT support, you call James
and we get invited to Christmas parties

58
00:02:42,795 –> 00:02:43,396
and things like that.

59
00:02:43,396 –> 00:02:46,966
So we really become
part of the organization’s team as well.

60
00:02:46,966 –> 00:02:48,301
So they feel like we’re one with that.

61
00:02:48,301 –> 00:02:52,438
So we want to come to the table
without that attitude of “IT is superior

62
00:02:52,438 –> 00:02:56,409
and without us you can’t exist.” Brother,
we know that business is the reason

63
00:02:56,409 –> 00:02:57,243
why we’re there.

64
00:02:57,243 –> 00:03:01,047
What sort of managed services
does Executech offer for IT organizations?

65
00:03:01,181 –> 00:03:04,050
Is it, you know, strictly cyber security?

66
00:03:04,050 –> 00:03:06,019
Is it also like storage management?

67
00:03:06,019 –> 00:03:07,887
Is it networking
or is it all of the above?

68
00:03:07,887 –> 00:03:09,556
Yeah, it’s really all of the above.

69
00:03:09,556 –> 00:03:11,357
We want to take care of all the IT needs.

70
00:03:11,357 –> 00:03:13,793
We kind of consider ourselves
an IT outsource department.

71
00:03:13,793 –> 00:03:16,262
So typically we’re in the small
and medium business space.

72
00:03:16,262 –> 00:03:17,597
That’s really our niche market.

73
00:03:17,597 –> 00:03:21,367
Folks that know they need IT support
but don’t want to hire a full-time person,

74
00:03:21,367 –> 00:03:24,504
or they know that there’s a challenge
when you hire a full time person,

75
00:03:24,771 –> 00:03:27,073
because they have only the knowledge
of that one person.

76
00:03:27,507 –> 00:03:31,844
We’ve got some 250 techs across the West,
so we’ve got a really broad

77
00:03:31,844 –> 00:03:35,882
depth of knowledge
and experience that we can call on.

78
00:03:35,882 –> 00:03:38,651
Even if that particular representative
of your organization

79
00:03:38,851 –> 00:03:41,688
may not know the answer,
he’s got a whole team behind him that can.

80
00:03:42,155 –> 00:03:43,423
So that’s really
what we bring to the table.

81
00:03:43,423 –> 00:03:46,392
And yeah, we do all,
you know, cloud services.

82
00:03:46,392 –> 00:03:48,161
That’s a big part of what we do
these days.

83
00:03:48,161 –> 00:03:49,128
Cybersecurity.

84
00:03:49,128 –> 00:03:53,800
We’ve got a cybersecurity team internally
now that takes care of Executech clients

85
00:03:53,800 –> 00:03:54,200
as well.

86
00:03:54,200 –> 00:03:57,270
So we’re doing a lot of cybersecurity
offerings, but our bread and butter

87
00:03:57,270 –> 00:04:00,273
where we came from
was providing all services.

88
00:04:00,273 –> 00:04:00,840
And yeah, it’s

89
00:04:00,840 –> 00:04:04,911
networking, it’s servers, it’s
whatever folks need in the IT Department.

90
00:04:04,911 –> 00:04:07,113
I’ve crawled underneath desks,
plugging in cables before.

91
00:04:07,113 –> 00:04:07,680
We do it all.

92
00:04:07,680 –> 00:04:08,982
So you mentioned cloud services.

93
00:04:08,982 –> 00:04:12,051
And that’s interesting
because the way cloud is designed

94
00:04:12,051 –> 00:04:16,456
is to kind of allow people to provision
their own storage, their own compute.

95
00:04:16,956 –> 00:04:21,628
So when Executech does cloud services,
how do they convince people that,

96
00:04:21,628 –> 00:04:24,063
hey, that’s not the best approach,
let us manage that for you?

97
00:04:24,063 –> 00:04:26,366
Like,
how do you sell people on that, right?

98
00:04:27,100 –> 00:04:30,703
Yeah, I would say for larger
organizations, we’re probably doing

99
00:04:30,703 –> 00:04:34,874
primarily migrations, ongoing support
for things when it gets challenging.

100
00:04:35,141 –> 00:04:36,576
But for the small to medium business

101
00:04:36,576 –> 00:04:39,312
space – like those are typically folks
who are wearing multiple hats.

102
00:04:39,512 –> 00:04:42,482
You know, it’s
probably dropped on some financial guy,

103
00:04:42,482 –> 00:04:45,818
the CFO does not want to try to figure out
how to spin up a server

104
00:04:45,818 –> 00:04:48,454
and that kind of thing.
So in those cases we’re a perfect fit.

105
00:04:48,454 –> 00:04:51,157
We want to come in and manage that aspect,
take it off their plate

106
00:04:51,157 –> 00:04:52,458
so that they don’t have to worry about it

107
00:04:52,458 –> 00:04:55,695
and it’s run by people who are familiar
with it, who do this day in, day out.

108
00:04:55,895 –> 00:04:57,363
A lot of migrations these days. Right.

109
00:04:57,363 –> 00:05:00,967
We’re going to everyone not everyone, but
a lot of organizations are moving from a

110
00:05:00,967 –> 00:05:03,770
– I don’t want to say retro, but,
you know, a server room

111
00:05:04,103 –> 00:05:06,673
to a cloud-based environment
for all the reasons that you cited.

112
00:05:06,739 –> 00:05:08,541
That’s an important point there.

113
00:05:08,541 –> 00:05:12,912
You know, the migration piece of that is
going to be a challenge in and of itself.

114
00:05:12,912 –> 00:05:14,814
So what does Executech

115
00:05:14,814 –> 00:05:19,419
do to help those customers
go from data centers to cloud, like – and

116
00:05:19,519 –> 00:05:22,355
I know you’re doing migration services,
but can you kind of give me the,

117
00:05:22,889 –> 00:05:27,360
I guess the step-by-step process
that Executech follows to try to do that?

118
00:05:27,627 –> 00:05:29,262
Yeah, that’s a really great question.

119
00:05:29,262 –> 00:05:30,930
So one of the things we do
is want to come in

120
00:05:30,930 –> 00:05:33,533
and we want to make sure that organization
has an understanding

121
00:05:33,533 –> 00:05:34,901
of what
they’re getting themselves into. Right.

122
00:05:34,901 –> 00:05:36,402
It is a different beast.

123
00:05:36,402 –> 00:05:39,439
SharePoint is not the same
as your traditional mapped drives

124
00:05:40,073 –> 00:05:41,374
in an environment.

125
00:05:41,374 –> 00:05:44,043
So we want to make sure that before

126
00:05:44,043 –> 00:05:47,280
they jump in feet first, they know what
they’re getting themselves into.

127
00:05:48,047 –> 00:05:48,915
We’ll demonstrate it.

128
00:05:48,915 –> 00:05:51,784
We’ll show it, we’ll talk about,
you know, how things will look differently

129
00:05:51,784 –> 00:05:55,221
in the future, what the impact will be,
what the benefits are, of course.

130
00:05:55,655 –> 00:05:56,522
But that’s the first step.

131
00:05:56,522 –> 00:05:58,291
Want to make sure
people really get an understanding

132
00:05:58,291 –> 00:06:00,560
of what they’re getting themselves into
before they commit to this.

133
00:06:00,927 –> 00:06:03,529
It’s kind of hard to, you know, to go back
once you’ve done that,

134
00:06:03,663 –> 00:06:06,532
then we’ll pick a time
where we’ll work at the organization,

135
00:06:06,599 –> 00:06:10,570
pick a time – a weekend, typically
when we’ll make the full migration over

136
00:06:10,803 –> 00:06:13,206
and then we’ll bring in a team of folks
on Monday morning

137
00:06:13,539 –> 00:06:15,608
to make sure everyone’s got support.

138
00:06:15,608 –> 00:06:17,510
You know, working through the challenges,

139
00:06:17,510 –> 00:06:19,011
the changes that go with
that are involved.

140
00:06:19,011 –> 00:06:22,415
So we’re going to train the users,
show them how to use the new environment.

141
00:06:22,782 –> 00:06:24,317
Then kind of stick with them
through the process

142
00:06:24,317 –> 00:06:27,086
to make sure they’re good to go
before we kind of release them and say,

143
00:06:27,086 –> 00:06:28,788
all right,
you know, call us when you need us.

144
00:06:29,822 –> 00:06:30,456
Or in the case

145
00:06:30,456 –> 00:06:34,427
we’re doing on ongoing IT support
and we’ll do a cloud agreement with them.

146
00:06:34,427 –> 00:06:35,762
But they can use a certain number of hours

147
00:06:35,762 –> 00:06:38,464
per month to call the cloud team
and have them work with them on any

148
00:06:38,998 –> 00:06:42,268
future challenges, issues, adjustments
they want to make.

149
00:06:42,402 –> 00:06:45,405
So an important part of the cloud
is going to be how you secure things.

150
00:06:45,405 –> 00:06:49,509
And I would imagine that Executech
has a way to approach that as well.

151
00:06:49,509 –> 00:06:52,745
So what sort of things does
Executech offer in the realm

152
00:06:52,745 –> 00:06:55,748
of cybersecurity
and securing your cloud environments?

153
00:06:56,048 –> 00:06:59,819
That is definitely a facet that’s you know
– a big upcoming one for all of us.

154
00:06:59,819 –> 00:07:02,522
It’s really
a growing part of our business.

155
00:07:02,522 –> 00:07:07,293
So we offer what we call our threat
detection prevention or our TDP package,

156
00:07:07,760 –> 00:07:11,931
which is really built around the idea
that a lot of organizations

157
00:07:11,931 –> 00:07:14,767
want to be more secure,
aren’t sure how to get there,

158
00:07:14,767 –> 00:07:17,103
and they look at it,
it feels overwhelming.

159
00:07:17,103 –> 00:07:22,542
So we’re going to bring in a combination
of services and software and support.

160
00:07:22,542 –> 00:07:24,877
We’re going to layer on some firewall
and endpoint protection

161
00:07:24,877 –> 00:07:25,978
and these kind of things.

162
00:07:25,978 –> 00:07:29,382
So it’s not necessarily
completing the compliance,

163
00:07:29,549 –> 00:07:33,052
but it’s getting folks a lot further along
that path than they typically would be.

164
00:07:33,286 –> 00:07:35,388
I’ve got the story of where

165
00:07:35,388 –> 00:07:38,691
if there are two identical cars,
one has a car alarm and one does not.

166
00:07:39,058 –> 00:07:41,461
The thieves are probably going after one
without the car alarm.

167
00:07:41,461 –> 00:07:42,662
So we want to make sure that

168
00:07:42,662 –> 00:07:46,666
the organizations we work
with have, in effect, a car alarm setup.

169
00:07:46,666 –> 00:07:48,801
As far as the cloud security goes.

170
00:07:48,801 –> 00:07:49,836
Yeah, we’re going to set it up.

171
00:07:49,836 –> 00:07:52,371
We’ve got a bunch of scripts
we run to make sure it’s secure.

172
00:07:52,672 –> 00:07:54,540
We’re going to monitor it
ongoing to make sure

173
00:07:54,540 –> 00:07:56,075
there are no challenges
going on with that.

174
00:07:56,075 –> 00:07:58,411
There have been times
when we’ve spun up a server in the cloud

175
00:07:58,744 –> 00:08:01,180
and you can immediately
see attacks going on. Right.

176
00:08:01,214 –> 00:08:02,515
People
are trying to get logged in to it already.

177
00:08:02,515 –> 00:08:05,251
So we want to make sure
that we’ll do an external port scan,

178
00:08:05,251 –> 00:08:07,086
make sure all the ports are closed
properly.

179
00:08:07,086 –> 00:08:09,455
And again, we’re gonna work
with those folks on an ongoing basis

180
00:08:09,455 –> 00:08:12,792
to make sure that as they use that,
they’re doing it in a secure fashion.

181
00:08:12,992 –> 00:08:15,228
So I know that top of mind
for a lot of these organizations

182
00:08:15,228 –> 00:08:16,829
is, you know, ransomware, right.

183
00:08:16,829 –> 00:08:20,032
So, making sure that you’re protected
as well as you can recover quickly

184
00:08:20,032 –> 00:08:21,267
from a ransomware attack.

185
00:08:21,267 –> 00:08:23,603
So what does Executech offer
in that realm?

186
00:08:23,703 –> 00:08:29,342
Yeah, that is, unfortunately, another
growing industry that I’m not a fan of,

187
00:08:29,342 –> 00:08:33,212
but one of the things will certainly do
is want to create some backups.

188
00:08:33,212 –> 00:08:33,412
Right.

189
00:08:33,412 –> 00:08:36,415
I want to make sure we’re backing up
the right stuff in the right times

190
00:08:36,682 –> 00:08:40,086
and that that information is secure
and protected.

191
00:08:40,086 –> 00:08:41,487
Because one of the things
the ransomware attackers

192
00:08:41,487 –> 00:08:43,823
do, as I’m sure you’re aware,
is they try to find backups.

193
00:08:43,823 –> 00:08:46,359
They can wipe them out
so you can’t recover from those.

194
00:08:47,059 –> 00:08:49,228
There was a situation here.

195
00:08:49,228 –> 00:08:51,631
The University of Utah
actually got hit by ransomware

196
00:08:51,931 –> 00:08:54,400
and they did everything right.
They had the proper backups.

197
00:08:54,400 –> 00:08:57,003
They did everything by the book
and did it correctly.

198
00:08:57,203 –> 00:08:59,405
And they actually ended up paying anyway.

199
00:08:59,405 –> 00:09:01,941
And the reason was,
is that it wasn’t just a ransom attack.

200
00:09:01,941 –> 00:09:04,110
Now it is.
They’re also exfiltrating data from you.

201
00:09:04,110 –> 00:09:06,012
So they stole a bunch of student data

202
00:09:06,012 –> 00:09:07,680
and they kind of prove
that they had the data.

203
00:09:07,680 –> 00:09:10,683
So the university ended up having to
I don’t know, having to they chose

204
00:09:10,683 –> 00:09:14,053
to pay them in order to not have that
student data released out to the public.

205
00:09:14,620 –> 00:09:16,022
So one of the things we also want to do

206
00:09:16,022 –> 00:09:19,292
is we’re doing our best to prevent
any kind of exfiltration of data.

207
00:09:19,725 –> 00:09:22,562
So we’re going to look at, all right,
how do we lock that down?

208
00:09:22,662 –> 00:09:26,265
Multi-factor authentication, of course,
is an easy win for most folks these days.

209
00:09:26,265 –> 00:09:29,769
We’re in a of what we call DLP
or data loss prevention.

210
00:09:30,036 –> 00:09:33,573
So going to look for email patterns,
you know, are there credit card

211
00:09:33,573 –> 00:09:36,576
information and anything like that
that’s stored in an email.

212
00:09:36,842 –> 00:09:38,678
Last couple of layers
get a little technical from there.

213
00:09:38,678 –> 00:09:42,181
But ransomware is a huge business
for a lot of

214
00:09:42,481 –> 00:09:45,918
these criminal organizations out there,
and we are absolutely doing our best

215
00:09:45,918 –> 00:09:47,653
to prevent
that from being an issue moving forward.

216
00:09:47,653 –> 00:09:50,957
I wish we could all band together
and stop this from being a thing.

217
00:09:51,390 –> 00:09:52,124
Yeah, absolutely.

218
00:09:52,124 –> 00:09:54,260
It’s definitely a growing problem. Right.

219
00:09:54,260 –> 00:09:56,596
And it’s really annoying because it’s,

220
00:09:56,596 –> 00:09:59,098
you know, you don’t really necessarily
deserve what’s happening to you

221
00:09:59,098 –> 00:10:02,635
and you kind of have to prepare
for this thing that you didn’t ask for.

222
00:10:03,636 –> 00:10:07,106
And it’s really
just an extortion technique by a lot of…

223
00:10:07,139 –> 00:10:07,907
It really is.

224
00:10:07,907 –> 00:10:10,776
And it’s unfortunate to every industry,
every organization that,

225
00:10:11,110 –> 00:10:13,646
you know, back in the day
when it first started out,

226
00:10:13,646 –> 00:10:15,548
like charity organizations
could have a discussion with them

227
00:10:15,548 –> 00:10:16,682
and say, look, we’re just a charity.

228
00:10:16,682 –> 00:10:20,453
And then they would decrease the fee
or whatever you want to call it.

229
00:10:20,453 –> 00:10:23,589
They’re paying that extortion, the ransom.

230
00:10:23,589 –> 00:10:27,560
But I had the unpleasant job of going
and searching

231
00:10:28,294 –> 00:10:30,963
one of the ransomware attackers
dark web sites to see

232
00:10:30,963 –> 00:10:34,233
if a company’s data had was up for sale.

233
00:10:34,600 –> 00:10:37,770
And when I look through that list, it was
it was every organization.

234
00:10:37,770 –> 00:10:40,439
It didn’t matter
the size. It was a small gas station.

235
00:10:40,706 –> 00:10:42,375
It was a charitable hospital.

236
00:10:42,375 –> 00:10:43,843
It was a school.

237
00:10:43,843 –> 00:10:47,780
It was like there was no one
who was barred from that list, right.

238
00:10:47,780 –> 00:10:49,882
They just go after anybody,
everybody they can.

239
00:10:50,249 –> 00:10:52,051
So no one’s safe, unfortunately.

240
00:10:52,051 –> 00:10:53,452
Yeah. It’s really unfortunate.

241
00:10:54,954 –> 00:10:58,324
So, you know, ransomware is one of those
big ones.

242
00:10:58,591 –> 00:11:03,829
Well, what are some other lesser known
but growing problems within cybersecurity?

243
00:11:03,996 –> 00:11:06,332
What sort of things
are you seeing out there that are

244
00:11:06,999 –> 00:11:10,469
– maybe aren’t getting as much press
and as much notoriety

245
00:11:10,469 –> 00:11:14,106
that are definitely problems still?

246
00:11:14,707 –> 00:11:16,575
Well,
It well, it continues to be a challenge

247
00:11:16,575 –> 00:11:20,312
where we’ve layered on all these layers
of protection as far as security goes.

248
00:11:20,312 –> 00:11:23,683
And we have a firewall in play,
we have an antivirus program in play.

249
00:11:24,517 –> 00:11:26,152
So the attackers know this.

250
00:11:26,152 –> 00:11:28,054
They’re going after busy humans.

251
00:11:28,054 –> 00:11:31,724
So unfortunately
and you know, we’re all busy.

252
00:11:31,724 –> 00:11:32,191
We get it.

253
00:11:32,191 –> 00:11:32,625
I get it.

254
00:11:32,625 –> 00:11:34,960
Certainly,
I have had my share of this happen.

255
00:11:35,428 –> 00:11:38,731
We’re going after the busy users
who are you know, it’s 6 p.m.,

256
00:11:38,731 –> 00:11:41,834
they’re going through their 200th email
and they’re just like, Oh, I’m so tired.

257
00:11:41,867 –> 00:11:43,936
And then you click on something
that they shouldn’t have.

258
00:11:43,936 –> 00:11:47,106
So really we want to educate users.

259
00:11:47,740 –> 00:11:48,307
We’ll see.

260
00:11:48,307 –> 00:11:52,445
We’re going to do phishing campaigns,
so we’re simulating attackers coming in

261
00:11:52,678 –> 00:11:55,681
and attempting to get them to click
on things or enter their credentials.

262
00:11:55,681 –> 00:11:58,250
Then we’ll give them a report on that.
And we’ll show them, “All right.

263
00:11:58,317 –> 00:11:59,819
You know, here’s the percentage of people

264
00:11:59,819 –> 00:12:02,054
who just open, here’s
the percentage of people click on.

265
00:12:02,054 –> 00:12:04,724
Here’s the percentage,
unfortunately, of folks who actually enter

266
00:12:04,724 –> 00:12:08,160
their credentials in there,”
which would have ended up in attackers

267
00:12:08,160 –> 00:12:11,030
having stolen their credentials,
being able to attack your organization.

268
00:12:11,731 –> 00:12:13,132
So it raises awareness.

269
00:12:13,132 –> 00:12:16,368
We see this every time we do a campaign
like that, that

270
00:12:16,368 –> 00:12:20,473
the number of email messages
sent to the IT group suddenly spikes

271
00:12:20,473 –> 00:12:21,974
because they’re like, Is this real?
Is this legitimate?

272
00:12:21,974 –> 00:12:23,342
Should I worry about this? Right?

273
00:12:23,342 –> 00:12:25,277
And then it tends to taper over time.

274
00:12:25,277 –> 00:12:27,346
So I do recommend doing those periodically

275
00:12:27,847 –> 00:12:30,683
and then training the users
– at least annually.

276
00:12:30,683 –> 00:12:33,486
I recommend having a group
come in and train your users on

277
00:12:33,486 –> 00:12:37,623
how to be more safe and more secure,
what to look for in email.

278
00:12:38,324 –> 00:12:42,228
So I think another thing we’re seeing
these days is called MFA bombing.

279
00:12:42,528 –> 00:12:45,231
So you may have multifactor authentication
set up, where, you know,

280
00:12:45,331 –> 00:12:48,234
you go to log in and it either texts you
or you have an authenticator

281
00:12:48,234 –> 00:12:50,069
you have to click on.

282
00:12:50,069 –> 00:12:53,672
Now they’re doing bombing where they may
have your log in and password

283
00:12:53,672 –> 00:12:56,175
and they’re trying to get you
to just accept it on your phone. Right.

284
00:12:56,208 –> 00:12:59,078
You get the prompt on your phone
that says Click yes if this is you

285
00:12:59,612 –> 00:13:02,848
and they’ll just do it like send it
30, 40, 50 times.

286
00:13:03,182 –> 00:13:06,285
And unfortunately, some users are like,
“Man, I don’t know what is going on.

287
00:13:06,285 –> 00:13:06,685
Fine.

288
00:13:06,685 –> 00:13:07,553
Yes.” Just to end it.

289
00:13:07,553 –> 00:13:09,755
Right, to stop that from blowing them up.

290
00:13:09,755 –> 00:13:12,691
But that, in fact, just gave them access
to their credentials.

291
00:13:13,025 –> 00:13:15,060
I, I, I used to trade in crypto.

292
00:13:15,060 –> 00:13:15,728
I don’t anymore.

293
00:13:15,728 –> 00:13:20,166
I like sleep, but I woke up one morning
like 530 in the morning

294
00:13:20,866 –> 00:13:25,037
and I had a wall of password
attempt attacks on my phone.

295
00:13:25,037 –> 00:13:25,204
Right.

296
00:13:25,204 –> 00:13:26,906
Those,
all these alerts from my Gmail account

297
00:13:26,906 –> 00:13:30,142
that I used for trading
and it was pretty scary.

298
00:13:30,142 –> 00:13:34,346
I’m like, wow, this phone was
the only thing keeping the attackers out.

299
00:13:34,914 –> 00:13:38,083
So I really recommend setting up
something like a authenticators

300
00:13:38,083 –> 00:13:41,854
can prompt you for a code, especially
if you’re in a Microsoft environment.

301
00:13:41,854 –> 00:13:44,790
So I recommend using Intune and setting up

302
00:13:45,024 –> 00:13:47,827
and how it’s trying to put other MFA
policies, what it’s all about.

303
00:13:47,827 –> 00:13:51,330
They have to enter a code and you’ve
provided in that bombing attack method.

304
00:13:51,831 –> 00:13:53,899
So it’s definitely
one we’re seeing these days.

305
00:13:53,899 –> 00:13:56,168
That’s probably a highlight.
I think that a majority of them.

306
00:13:56,502 –> 00:13:58,838
Okay, so inevitably
somebody is going to get in, right?

307
00:13:58,871 –> 00:14:00,139
It’s going to happen.

308
00:14:00,139 –> 00:14:02,374
You just have to really prepare for that
as an I.T.

309
00:14:02,374 –> 00:14:03,242
organization, don’t

310
00:14:03,242 –> 00:14:07,246
assume that your defense mechanisms
are going to kick in and stop everything.

311
00:14:07,246 –> 00:14:13,152
So once something gets in there,
what does Executech offer to organizations

312
00:14:13,485 –> 00:14:18,090
to help them recover
or mitigate the impact of these attacks?

313
00:14:18,324 –> 00:14:20,659
Before I get into that, just real quick,
thank you for bringing that up

314
00:14:20,659 –> 00:14:24,263
because that is one mindset
I would love organizations to take.

315
00:14:24,630 –> 00:14:29,301
Far too many have the belief that, Hey,
as long as I secure us, we’re good to go

316
00:14:29,301 –> 00:14:30,469
and I don’t have to worry about it.

317
00:14:30,469 –> 00:14:31,670
But in fact, it’s

318
00:14:31,670 –> 00:14:35,541
a much better position to take of, “Okay,
what do we do in the event of?” Right.

319
00:14:35,541 –> 00:14:39,812
So we create an incident response plan,
have some plan in place.

320
00:14:40,346 –> 00:14:44,550
It’s a simple plan, but,
you know who to call, who to go to, right?

321
00:14:44,850 –> 00:14:45,918
Do you have a legal team?

322
00:14:45,918 –> 00:14:49,288
Do you have a forensics team
or just have those things ready to go

323
00:14:49,288 –> 00:14:50,256
so that you’re not long

324
00:14:50,256 –> 00:14:53,792
delay in case that happens,
to answer the original question,

325
00:14:54,093 –> 00:14:58,464
yeah, we do offer teams we can roll out
and help in those environment.

326
00:14:58,497 –> 00:15:01,867
We do it unfortunately far too often
because of ransomware.

327
00:15:01,867 –> 00:15:04,503
But that is not an uncommon thing
where we’ll get a call to come out,

328
00:15:04,703 –> 00:15:08,641
we’ll roll a team out,
will deploy some change notification

329
00:15:09,008 –> 00:15:12,645
software, we’ll start blocking things,
and then we’re going through

330
00:15:12,845 –> 00:15:15,714
an incident response plan with those folks
and then help them create one.

331
00:15:15,948 –> 00:15:19,051
So in the future, they have the ability
to respond to those themselves,

332
00:15:19,051 –> 00:15:22,154
but we absolutely will come in
and help folks – I don’t want to say

333
00:15:22,154 –> 00:15:24,290
clean up,
But really, that’s what it’s all about, is

334
00:15:24,290 –> 00:15:27,660
making sure you can recover
because it can be it can be a long time.

335
00:15:27,660 –> 00:15:27,760
Right.

336
00:15:27,760 –> 00:15:28,861
You got to stop the attackers.

337
00:15:28,861 –> 00:15:31,697
Number one, you got to figure out
how you want to recover from the data,

338
00:15:31,931 –> 00:15:34,733
you’ve got to do the recovery
and get back to normal operations.

339
00:15:34,733 –> 00:15:36,669
And you have to deal with the fallout
from all that as well.

340
00:15:36,669 –> 00:15:37,736
So it’s quite a process.

341
00:15:37,736 –> 00:15:39,371
It involves quite a few teams.

342
00:15:39,371 –> 00:15:43,142
That said, is that part of the messaging
that Executech uses

343
00:15:43,142 –> 00:15:45,811
when they’re pitching their services
to these organizations?

344
00:15:45,811 –> 00:15:49,148
Are you being upfront saying, look,
you know, we can only do so much,

345
00:15:49,682 –> 00:15:53,852
we really need you to understand
that these things can happen regardless

346
00:15:53,852 –> 00:15:57,356
of what we can do, and then that you need
to have a contingency plan.

347
00:15:57,356 –> 00:16:00,225
A disaster recovery
plan, a backup plan in place

348
00:16:00,726 –> 00:16:04,163
to recover quickly from this,
because after it’s in there,

349
00:16:04,229 –> 00:16:08,367
there’s only so much that Executech can do
from a managed services perspective.

350
00:16:08,667 –> 00:16:09,268
Yeah.

351
00:16:09,268 –> 00:16:13,005
So our team are a bunch of consultants,
we call them IT consultants, not IT

352
00:16:13,172 –> 00:16:14,139
technicians.

353
00:16:14,139 –> 00:16:17,042
And the reason for that is we’re having
those tough conversations with clients.

354
00:16:17,076 –> 00:16:17,676
Saying,

355
00:16:17,810 –> 00:16:21,280
you know, look, I see you’re not using
any kind of multi-factor authentication.

356
00:16:21,280 –> 00:16:22,982
This is not a best practices.

357
00:16:22,982 –> 00:16:25,484
And certainly
there are small organizations

358
00:16:25,617 –> 00:16:29,421
who are either not equipped
or don’t have the budget

359
00:16:29,421 –> 00:16:31,690
or just don’t feel like it’s
really something they have to worry about.

360
00:16:32,024 –> 00:16:34,259
So we end up in these
ongoing conversations with them.

361
00:16:34,560 –> 00:16:35,894
We had one

362
00:16:37,062 –> 00:16:38,998
– not to name any client names,

363
00:16:38,998 –> 00:16:43,802
but we had a doctor’s office who refused
to do things to be HIPAA compliant.

364
00:16:44,136 –> 00:16:47,940
And so we finally put together,
a not hold liable form and said,

365
00:16:48,374 –> 00:16:50,776
you know, you need to sign this form
that says something goes wrong.

366
00:16:51,010 –> 00:16:53,178
It’s not on your MSP for this.

367
00:16:53,178 –> 00:16:56,315
And that woke them up to like,
Oh, you were serious about this.

368
00:16:56,315 –> 00:16:59,084
Okay, so,
you know, hopefully never comes to that.

369
00:16:59,084 –> 00:17:02,721
But yeah, we are having those
ongoing conversations on a daily basis

370
00:17:02,721 –> 00:17:06,425
throughout all the organizations
and like I teach a compliance class,

371
00:17:06,692 –> 00:17:09,461
so I’ll teach the,
the new onboarding IT consultants

372
00:17:09,995 –> 00:17:12,765
how to have those tough conversations
with folks and what to talk about.

373
00:17:13,065 –> 00:17:16,835
And a lot of organizations
look at that at security and go

374
00:17:16,835 –> 00:17:18,737
there’s too much it costs too much.

375
00:17:18,737 –> 00:17:20,906
There’s just too much involved.
We can’t do all this at once.

376
00:17:20,906 –> 00:17:21,840
There’s no way.

377
00:17:21,840 –> 00:17:25,477
So what we do is we come in
and we offer helping them build a roadmap.

378
00:17:25,477 –> 00:17:27,679
So yeah, you may be in an insecure place.

379
00:17:27,679 –> 00:17:29,314
We want to get you in a secure place.

380
00:17:29,314 –> 00:17:31,116
Let’s not try to throw everything on it
at once.

381
00:17:31,116 –> 00:17:35,087
Let’s create a roadmap that makes sense
for the organization, for the budget

382
00:17:35,454 –> 00:17:37,956
and put together a plan to move that way.

383
00:17:38,524 –> 00:17:41,894
Or, as I mentioned before,
we offer a package, we can come in

384
00:17:41,894 –> 00:17:44,763
and drop in most of that stuff
and take care of that for them as well.

385
00:17:44,997 –> 00:17:47,833
So with the ransomware and the, you know,
intrusion

386
00:17:47,833 –> 00:17:51,103
stuff, what sort of tools
are you leveraging at Executech?

387
00:17:51,203 –> 00:17:53,772
Like,
how are you handling intrusion detection?

388
00:17:53,772 –> 00:17:57,843
How are you handling ransomware detection
and how are you handling the recovery?

389
00:17:57,843 –> 00:17:59,978
Like, what are you recommending
to these customers?

390
00:18:00,279 –> 00:18:04,083
Number one, we’re putting in a firewall
right next generation firewalls,

391
00:18:04,083 –> 00:18:05,284
deep packet inspection,

392
00:18:05,284 –> 00:18:06,919
they call it where it’s digging
through every packet,

393
00:18:06,919 –> 00:18:09,321
looking through them, making sure
there’s nothing malicious inside of there.

394
00:18:09,321 –> 00:18:12,724
Coupled with that we’re doing
endpoint protection with what we recommend

395
00:18:12,724 –> 00:18:15,761
is an MTR solution
or a managed threat response.

396
00:18:15,761 –> 00:18:20,265
So we’re actually working with an endpoint
provider, you know, a security provider

397
00:18:20,566 –> 00:18:24,536
who also has a team
monitoring the environment at all times.

398
00:18:24,770 –> 00:18:27,539
So we’re kind of double covering
whenever we can with these organizations.

399
00:18:27,539 –> 00:18:29,975
We’ll drop
in a change management software.

400
00:18:30,342 –> 00:18:34,413
So we’re looking for events such as –
a user suddenly became an administrator

401
00:18:34,413 –> 00:18:39,118
when they shouldn’t have or a user logged
in at 2AM, which is unusual for them.

402
00:18:39,118 –> 00:18:41,186
So we’re looking for unusual behaviors.

403
00:18:41,186 –> 00:18:43,689
We also want to drop in
some anti-ransomware software.

404
00:18:44,089 –> 00:18:49,728
So unlike the traditional antivirus
software where someone gets hit by a virus

405
00:18:49,928 –> 00:18:52,865
and then everybody else gets the signature
to prevent that from happening.

406
00:18:53,165 –> 00:18:56,602
Anti-ransomware is moving also to –
and I hope, more security tools

407
00:18:56,602 –> 00:19:00,105
do this in the near future
– moving to a more behavioral-based model

408
00:19:00,405 –> 00:19:03,542
where it’s looking to see,
oh, some files got encrypted.

409
00:19:03,542 –> 00:19:04,643
Well, that’s not unusual.

410
00:19:04,643 –> 00:19:07,045
Some people do that, right?
That can be a user thing.

411
00:19:07,446 –> 00:19:09,681
But now we’re at 50 files, 100 files.

412
00:19:09,681 –> 00:19:11,550
Look, I’m going to stop that process.
I don’t know what it is.

413
00:19:11,550 –> 00:19:12,684
I can’t clean it up.

414
00:19:12,684 –> 00:19:13,819
The software can’t,

415
00:19:13,819 –> 00:19:17,856
but it will alert us and say, hey, there’s
something suspicious going on here.

416
00:19:17,856 –> 00:19:19,424
We see a bunch of files get encrypted.

417
00:19:19,424 –> 00:19:20,926
So we’ve stopped the process.

418
00:19:20,926 –> 00:19:24,196
So it tends to work
with any variant of ransomware as well

419
00:19:24,196 –> 00:19:27,599
because now it’s not reliant
on a signature, it’s looking at behavior.

420
00:19:27,599 –> 00:19:31,303
So we’re looking at a lot of behavioral
based model wherever we can

421
00:19:31,336 –> 00:19:33,138
to help secure the environment.

422
00:19:33,138 –> 00:19:37,142
So with this behavioral piece,
is it simply user behavior or is it data

423
00:19:37,142 –> 00:19:37,676
anomalies?

424
00:19:37,676 –> 00:19:40,112
Like, you know, we see a bunch of changes
to a bunch of files

425
00:19:40,112 –> 00:19:43,048
and that’s kind of a clue
that we have something going on there.

426
00:19:43,649 –> 00:19:45,717
Yeah, that’s exactly what it is,
it’s looking for

427
00:19:46,084 –> 00:19:48,420
processes
that are doing things out of the ordinary.

428
00:19:48,754 –> 00:19:50,656
Why are there suddenly
a whole bunch of files changes?

429
00:19:50,656 –> 00:19:52,891
Why is this big export happening?

430
00:19:52,891 –> 00:19:55,127
Why are a whole bunch of files
been encrypted all at once?

431
00:19:55,460 –> 00:19:58,830
Those are triggers that will, you know,
and maybe sometimes it’s a false alert.

432
00:19:59,031 –> 00:20:01,166
There’s no doubt it happens,
but it’s pretty, pretty rare.

433
00:20:01,166 –> 00:20:02,901
Fortunately, I’d rather err

434
00:20:02,901 –> 00:20:05,771
on the side of caution in this case
because ransomware is just too prevalent.

435
00:20:05,938 –> 00:20:07,239
You know,
I don’t know if you’re familiar with what

436
00:20:07,239 –> 00:20:10,576
NetApp offers,
but we do have similar functionality

437
00:20:10,576 –> 00:20:14,479
within the ONTAP software
where it’s detection of these anomalies.

438
00:20:14,479 –> 00:20:18,050
And then what we do in addition to that
is, you know, send out a notification

439
00:20:18,050 –> 00:20:20,519
saying, hey,
there’s something going on to our admins.

440
00:20:21,186 –> 00:20:23,488
And then we take an immediate
snapshot, right?

441
00:20:23,522 –> 00:20:28,493
So that we have a point in time before
everything gets kind of fubar, right.

442
00:20:28,894 –> 00:20:30,195
So like it.

443
00:20:30,195 –> 00:20:30,495
Yeah.

444
00:20:30,495 –> 00:20:32,998
So like, you know, it’s an all
and it’s all automatic.

445
00:20:32,998 –> 00:20:36,868
So does Executech have similar mentality?

446
00:20:37,002 –> 00:20:40,639
Is there like a snapshot that kicks off
when this stuff happens

447
00:20:40,639 –> 00:20:43,775
or is it, you know,
are you simply just advising customers,

448
00:20:43,809 –> 00:20:47,679
hey, monitor
this and do something once it happens?

449
00:20:47,779 –> 00:20:49,581
We’re a little different
from a traditional MSP.

450
00:20:49,581 –> 00:20:51,116
We aren’t hosting

451
00:20:51,116 –> 00:20:54,253
client data, so we’re setting up
environments for each client separately.

452
00:20:54,886 –> 00:20:56,922
So it kind of depends on the client.

453
00:20:56,922 –> 00:20:59,791
Some are large, some are small, some
may have cloud environments, some may not.

454
00:20:59,791 –> 00:21:03,161
So I’d like to explore this a little more,
if you don’t mind, if you could tell me.

455
00:21:03,161 –> 00:21:05,030
I know NetApp
does some cloud-based stuff as well.

456
00:21:05,030 –> 00:21:08,133
So what is the you know, tell me
about that space if you wouldn’t mind.

457
00:21:08,200 –> 00:21:08,767
Right, right.

458
00:21:08,767 –> 00:21:11,336
So, you know, there’s
the automatic ransomware detection,

459
00:21:11,336 –> 00:21:14,773
which I talked about, which is, you know,
detecting anomalies, triggering events,

460
00:21:15,140 –> 00:21:17,442
telling your admins, hey,
there’s something weird going on.

461
00:21:17,442 –> 00:21:20,312
We’ll take a snapshot
so that you have a way to recover quickly.

462
00:21:20,312 –> 00:21:23,615
And these snapshots in ONTAP,
they take instantly.

463
00:21:24,116 –> 00:21:27,719
Once you want to restore from them,
you can either restore files directly.

464
00:21:27,719 –> 00:21:30,889
out of them if you want,
or you can restore the entire volume

465
00:21:30,889 –> 00:21:33,392
if you choose, right?
So you can basically blow everything away.

466
00:21:33,392 –> 00:21:36,128
So if something gets entirely encrypted
by ransomware,

467
00:21:36,128 –> 00:21:37,929
you’re not sitting there panicking
because you’re like,

468
00:21:37,929 –> 00:21:39,598
oh, I’ll juat revert back to this snapshot

469
00:21:39,598 –> 00:21:42,601
and maybe I’ll lose
30 minutes of data, but, you know,

470
00:21:42,601 –> 00:21:46,672
that’s better than paying two, $2 million
to this ransomware, right?

471
00:21:46,772 –> 00:21:49,708
For sure. Right.
So that’s one aspect of it.

472
00:21:49,741 –> 00:21:51,376
And then you have
the compliance aspect of it.

473
00:21:51,376 –> 00:21:53,945
We can replicate it to a DR site.

474
00:21:53,945 –> 00:21:56,948
So you have an offsite backup,
which is always part of that disaster

475
00:21:56,948 –> 00:21:58,450
recovery backup plan. Right.

476
00:21:58,450 –> 00:22:00,218
You don’t want to keep everything on site

477
00:22:00,218 –> 00:22:02,054
and it’s an exact replica of your volumes.

478
00:22:02,054 –> 00:22:04,923
And then we have something
called SnapLock, which is,

479
00:22:05,057 –> 00:22:08,927
hey, these snapshots,
not only can you not touch the data

480
00:22:08,927 –> 00:22:12,731
inside of them, it’s read only,
but the snapshots themselves are locked

481
00:22:12,998 –> 00:22:15,901
and we have a clock that set on those
where, you know you can’t touch them

482
00:22:15,901 –> 00:22:18,937
for five years or seven years,
whatever you set that to.

483
00:22:18,937 –> 00:22:21,606
Right.
So that’s part of that HIPAA compliance.

484
00:22:21,840 –> 00:22:24,276
That’s part of the other compliances
that you see out there.

485
00:22:24,276 –> 00:22:28,847
So, you know, it’s really about
taking the onus off of the admins

486
00:22:28,847 –> 00:22:31,383
and putting it on the software,
making the software do the work.

487
00:22:31,383 –> 00:22:36,088
So the admins can focus on other things
like the actual ransomware intrusion.

488
00:22:36,088 –> 00:22:37,322
How do we fix those holes?

489
00:22:37,322 –> 00:22:38,023
I like it.

490
00:22:38,023 –> 00:22:41,126
Immutable backups are something
that I’ve been exploring recently to see.

491
00:22:41,126 –> 00:22:43,328
All right. I couldn’t create those.

492
00:22:43,328 –> 00:22:47,099
I don’t have a great solution
at the moment, but this may be one.

493
00:22:47,099 –> 00:22:48,800
Thank you for sharing that. Yeah,
absolutely.

494
00:22:48,800 –> 00:22:53,705
So, that said, I mean,
tell me about in a dream world, right?

495
00:22:53,705 –> 00:22:55,774
Let’s say money’s no object.

496
00:22:55,774 –> 00:22:57,542
You can do whatever we want.

497
00:22:57,542 –> 00:22:59,144
How is your organization

498
00:23:00,212 –> 00:23:00,779
making a

499
00:23:00,779 –> 00:23:04,783
complete data protection
ransomware secure solution?

500
00:23:04,783 –> 00:23:06,518
Like, what are they doing from end to end?

501
00:23:06,518 –> 00:23:07,919
Well, with,

502
00:23:08,086 –> 00:23:10,822
you know, security and ease of use
tend to be opposite ends of the spectrum.

503
00:23:11,089 –> 00:23:14,893
But we would remove admin rights
from your average users.

504
00:23:14,893 –> 00:23:15,127
Right.

505
00:23:15,127 –> 00:23:18,330
So and that’s a challenge
that we have internally because

506
00:23:18,330 –> 00:23:22,367
we are deploying technicians
who need to be able to,

507
00:23:22,401 –> 00:23:26,705
you know, use all the suite available
to them on their devices.

508
00:23:27,139 –> 00:23:32,310
So and we are using tools that are often
used in ransomware environments.

509
00:23:32,611 –> 00:23:33,812
So we get alerts, right?

510
00:23:33,812 –> 00:23:36,014
Someone’s using a rootkit scanner.

511
00:23:36,014 –> 00:23:38,150
Well, yeah,
part of our job would be using rootkits.

512
00:23:38,150 –> 00:23:42,587
So it has been a challenge for us
internally to attempt to roll out

513
00:23:42,721 –> 00:23:46,591
a secure environment where we still allow

514
00:23:47,025 –> 00:23:50,729
technical system administrators
to do their job for their clients.

515
00:23:50,729 –> 00:23:53,131
So I definitely use an MTR solution.

516
00:23:53,131 –> 00:23:54,633
So we’d have another party

517
00:23:54,633 –> 00:23:58,603
also monitoring the environment
because I like layers and layers of folks.

518
00:23:58,970 –> 00:24:03,842
So we would have immutable backups
that run preferably real time, right?

519
00:24:03,842 –> 00:24:07,646
So there’s this backup going all the time
that, as you said, can’t touch

520
00:24:07,646 –> 00:24:09,181
for a certain amount of time.

521
00:24:09,181 –> 00:24:10,916
It’s not deleteable.

522
00:24:10,916 –> 00:24:13,819
But I still like the change detection
and the anti-ransom software.

523
00:24:14,052 –> 00:24:16,955
We would lock down all ports
in the firewall unnecessary

524
00:24:16,955 –> 00:24:20,926
and yeah, figure out some way
that if we detect any of these it triggers

525
00:24:20,926 –> 00:24:24,529
a, you know, a red alert goes off,
someone hits that big red button

526
00:24:24,529 –> 00:24:29,334
that’s on the side of the server room
and all the backups stop

527
00:24:29,534 –> 00:24:32,938
or it takes a sudden snapshot
because we don’t want to override the data

528
00:24:32,938 –> 00:24:34,306
that we have already out there.

529
00:24:34,306 –> 00:24:36,508
It sounds like you’re talking
about ONTAP. I’m just saying.

530
00:24:38,076 –> 00:24:40,612
I think so.

531
00:24:40,612 –> 00:24:43,181
Yeah, there are definitely
some large organizations we work with

532
00:24:43,648 –> 00:24:48,420
where I would really make me be able
to sleep better at night, that’s for sure.

533
00:24:48,420 –> 00:24:50,188
Knowing that we had that employed.

534
00:24:50,188 –> 00:24:52,757
I totally didn’t plan it.
I mean, I was like, Hey, perfect solution.

535
00:24:52,757 –> 00:24:54,259
And then you’re like, Hey,

536
00:24:55,093 –> 00:24:56,962
it’s basically what you just said.

537
00:24:56,962 –> 00:25:00,031
And it happens to be ONTAP, right… um…

538
00:25:00,265 –> 00:25:01,366
I’m looking into this ONTAP stuff.

539
00:25:01,366 –> 00:25:02,434
There’s also like

540
00:25:02,434 –> 00:25:06,404
aspects of NetApp’s portfolio,
which is beyond the ONTAP piece, right?

541
00:25:06,404 –> 00:25:10,242
We have cloud native things
such as Cloud Backup Services,

542
00:25:10,242 –> 00:25:13,845
where we kind of approach it
from an application angle, NetApp Astra,

543
00:25:13,845 –> 00:25:16,982
where we kind of handle the Kubernetes
data protection side of it as well.

544
00:25:16,982 –> 00:25:20,552
So there’s a lot there
that people may or may not know about that

545
00:25:20,886 –> 00:25:24,990
fit into this overall data protection
security mentality.

546
00:25:25,390 –> 00:25:27,559
And it really it’s
just about getting the word out.

547
00:25:27,759 –> 00:25:30,195
So NetApp started as a storage provider.
Yeah, right.

548
00:25:30,195 –> 00:25:31,263
That was the original. Yeah.

549
00:25:31,263 –> 00:25:35,133
Well, originally, like, you know, way back
like 30 years ago or so, you know.

550
00:25:35,200 –> 00:25:37,202
I’ve been in the business a long time.

551
00:25:37,202 –> 00:25:38,870
It was it was called a filer, right?

552
00:25:38,870 –> 00:25:40,305
Or a toaster.

553
00:25:40,305 –> 00:25:42,474
Right. So, like, simple.

554
00:25:42,774 –> 00:25:45,143
Do one thing, serve NFS data.

555
00:25:45,577 –> 00:25:46,244
Right.

556
00:25:46,411 –> 00:25:50,215
And then throughout the years, it’s
evolved and they’ve bolted on more stuff.

557
00:25:50,215 –> 00:25:52,684
And, you know,
now it’s this this, you know, giant

558
00:25:53,818 –> 00:25:56,821
multi-purpose operating system.

559
00:25:56,821 –> 00:25:59,791
But we also have, you know, acquired
other companies and integrated their IP,

560
00:25:59,891 –> 00:26:01,226
that sort of thing.

561
00:26:01,226 –> 00:26:01,893
But ultimately,

562
00:26:01,893 –> 00:26:04,896
you know, what they’ve moved
towards is more of a cloud first mentality

563
00:26:04,896 –> 00:26:08,533
or hybrid cloud mentality
where you can kind of go on-prem or cloud.

564
00:26:08,533 –> 00:26:12,804
So that’s really where NetApp stands
today is kind of we live in both worlds.

565
00:26:12,804 –> 00:26:15,240
Right. We understand
that it’s not going to be all cloud.

566
00:26:15,240 –> 00:26:16,608
It’s not going to be all on-prem.

567
00:26:16,608 –> 00:26:19,411
We have to be able to play in both spaces.
Yeah, absolutely.

568
00:26:19,411 –> 00:26:22,981
Because that’s all we’re looking at
right now is how do we get the speed

569
00:26:22,981 –> 00:26:27,652
of being local and have the protection
and the accessibility of being cloud

570
00:26:28,019 –> 00:26:30,589
and juggling
those to depend on the environment.

571
00:26:30,889 –> 00:26:32,190
You’ve seen this with Executech.

572
00:26:32,190 –> 00:26:36,394
If you don’t adapt and just accept
that there’s going to be cloud,

573
00:26:36,895 –> 00:26:37,662
you don’t survive.

574
00:26:37,662 –> 00:26:39,531
And we kind of touched on it
earlier, where, you know,

575
00:26:39,531 –> 00:26:42,901
people are doing these things themselves
now more often because of cloud.

576
00:26:43,368 –> 00:26:45,704
So how does a managed services survive?

577
00:26:45,704 –> 00:26:48,473
How does a on-prem storage solution
survive?

578
00:26:48,473 –> 00:26:51,543
They adapt
and they adjust and build the cloud

579
00:26:51,543 –> 00:26:55,580
into their overall strategy
for providing services.

580
00:26:55,880 –> 00:26:59,484
Yeah, I read something recently
that said only 8% of IT

581
00:26:59,484 –> 00:27:02,287
service providers out
there are trained in how to do cloud.

582
00:27:02,821 –> 00:27:06,691
And it’s growing at a far greater
rate than 8%, I assure you.

583
00:27:06,691 –> 00:27:07,058
Yeah.

584
00:27:07,058 –> 00:27:07,759
And you know,

585
00:27:07,759 –> 00:27:11,162
you have to kind of take that into account
or you’re just going to get left behind.

586
00:27:12,397 –> 00:27:13,465
And cloud isn’t just cloud.

587
00:27:13,465 –> 00:27:16,635
It isn’t just like going into a AWS
and like creating a,

588
00:27:16,668 –> 00:27:18,870
you know, an instance,
right? It’s also learning

589
00:27:18,870 –> 00:27:22,207
how to automate, learning
how to, you know, script, how to code.

590
00:27:22,507 –> 00:27:25,543
So you really have to kind of approach it
from multiple angles.

591
00:27:25,744 –> 00:27:26,011
Yeah.

592
00:27:26,011 –> 00:27:29,180
One of the things that we looked at doing
was spinning down VMs in the evening

593
00:27:29,180 –> 00:27:31,249
when they’re not in use
to save the client money, for instance.

594
00:27:31,249 –> 00:27:34,252
So, yeah, I get the automation
and scripting for sure.

595
00:27:34,285 –> 00:27:34,819
All right, James.

596
00:27:34,819 –> 00:27:36,488
So before we close it out,
I want you to give me

597
00:27:36,488 –> 00:27:40,492
your top three top of mind security issues
that you see out there.

598
00:27:40,492 –> 00:27:43,094
As it relates to IT organizations.

599
00:27:43,461 –> 00:27:46,164
It’s, I think I mentioned it before,
it’s really finding that balance

600
00:27:46,431 –> 00:27:50,602
of how to support a technical team
and keep them in a secure environment.

601
00:27:50,602 –> 00:27:52,570
So it’s really a juggling act, right?
Yeah.

602
00:27:52,570 –> 00:27:55,306
As you can imagine,
MSPs are targets these days

603
00:27:55,607 –> 00:27:58,043
because attackers know
that if they can get access to the MSP,

604
00:27:58,043 –> 00:27:59,811
they have access to the keys
to the kingdom,

605
00:27:59,811 –> 00:28:03,048
to a whole bunch of other organizations
out there, potentially infrastructure

606
00:28:03,048 –> 00:28:06,384
organizations and, you know, critical
support organizations, that kind of thing,

607
00:28:06,384 –> 00:28:09,187
where they can leverage
huge ransoms that they were able to.

608
00:28:09,587 –> 00:28:14,125
So one of our tough jobs
is trying to maintain security across

609
00:28:14,125 –> 00:28:16,361
all of our clients
and across multiple platforms

610
00:28:16,361 –> 00:28:18,363
because they’re all in different
environments.

611
00:28:18,363 –> 00:28:20,432
They all have different view
of what security looks like.

612
00:28:20,432 –> 00:28:24,402
How do we allow our consultants access

613
00:28:24,402 –> 00:28:28,940
to those keys to the kingdom, but
only the ones they need to do their job?

614
00:28:28,940 –> 00:28:31,843
Not all of them should. You know,
I hope it never happens.

615
00:28:31,843 –> 00:28:34,713
But should one of their credentials
be compromised, for instance?

616
00:28:35,313 –> 00:28:37,882
And then we’ve talked about it
in depth here.

617
00:28:37,882 –> 00:28:40,351
Of course, it’s how do we protect everyone
against ransomware,

618
00:28:40,985 –> 00:28:43,088
the ongoing threat we all have,
we all see today.

619
00:28:43,088 –> 00:28:44,489
So those be my top three.

620
00:28:44,489 –> 00:28:45,423
All right.

621
00:28:45,423 –> 00:28:47,492
Sounds like a good top three there.

622
00:28:47,492 –> 00:28:49,394
So, again, James…

623
00:28:49,394 –> 00:28:51,196
keeps you busy. Yes. Right.

624
00:28:51,196 –> 00:28:53,364
So, again, if we wanted to reach you,
how do we do that?

625
00:28:53,431 –> 00:29:02,907
Yeah, I’m gonna send you to the same site,
Justin so would be executech.com/cast or

626
00:29:02,941 –> 00:29:05,744
C-A-S-T please. All right. Excellent.

627
00:29:05,777 –> 00:29:08,480
Thanks so much for joining us today
and talking to us about Executech,

628
00:29:08,480 –> 00:29:11,382
as well as how they approach
cybersecurity solutions.

629
00:29:11,583 –> 00:29:12,450
It’s been my pleasure.

630
00:29:12,450 –> 00:29:14,986
Thanks for opening my eyes to the NetApp
options. Yep.

631
00:29:15,019 –> 00:29:16,521
No worries, man. That’s my job.

632
00:29:18,056 –> 00:29:18,757
All right.

633
00:29:18,757 –> 00:29:20,825
That music tells me it’s time to go.

634
00:29:20,825 –> 00:29:21,893
If you’d like to get in touch with us,
send us

635
00:29:21,893 –> 00:29:26,131
an email to podcast@netapp.com
or send us a tweet @NetApp.

636
00:29:26,531 –> 00:29:30,335
As always, if you’d like to subscribe,
find us on iTunes, Spotify,

637
00:29:30,435 –> 00:29:35,607
Google Play, iHeartRadio, SoundCloud,
Stitcher, or via techontappodcast.com.

638
00:29:36,007 –> 00:29:37,976
If you liked the show
today, leave us a review.

639
00:29:37,976 –> 00:29:40,178
On behalf of the entire Tech
ONTAP Podcast team,

640
00:29:40,178 –> 00:29:42,881
I’d like to thank James Fair of Executech
for joining us today.

641
00:29:43,081 –> 00:29:44,149
As always.

642
00:29:44,149 –> 00:29:46,951
Thanks for listening.

643
00:29:48,920 –> 00:29:58,963
[podcast

644
00:29:58,963 –> 00:30:09,007
outro

645
00:30:09,007 –> 00:30:19,017
theme]

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s