Jason Pufahl 00:23
Alright, not saying hi, it’s these, this is brutal. I can’t win. So today, we’re actually going to talk a little bit about a, an approach that Vancord is moving towards, to really better manage our clients. I think, you know, one of the issues, and we talk about this on podcasts all the time, right, the challenges of vulnerability management, sort of better security for client infrastructure. And you know, sort of recognizing what a challenge that was, we we’ve started to look over the last few months on ways to get better visibility for client infrastructure. And we’ve really settled on a set of Microsoft technologies, and will start to do sort of ongoing vulnerability management, ongoing threat detection, as a general term, but really focused on this Microsoft ecosystem. I think we’ve seen, well, certainly, right, like everybody, a huge portion of our client base is Microsoft-centric. And Microsoft itself, certainly over the last, I don’t know, Matt, half dozen years, maybe more, has really become much more security conscious, I think really reinvented themselves in this space in terms of cloud computing, sort of data aggregation, and sort of security visibility. So we’ve we’ve termed our sort of, I’ll call it our product, as Vantage Protect, really need to let Matt speak about this, because frankly, it’s his brainchild in many ways to push this, gives me a coy smile, but he knows it’s true. So maybe, you know, spend a couple of minutes on on sort of what the ecosystem is that we’re basing all of this on, maybe what some of the new, the near term capabilities would be. But then I think you know, what some of the vision might be potentially moving forward.
Matt Fusaro 02:16
Sure. So, I kind of want to back up a little bit and talk about why we started doing this now, right? When we, when we merged our two brands together, Vancord and TBNG Consulting, we kind of took on a new responsibility of having to be present and always taking a look at vulnerabilities, threats for all the clients that TBNG Consulting had on contract, right. So we’ve, they take care of quite a few. And we are charged now with managing vulnerabilities for a very large set of customers. This isn’t a normal situation, right? You may find these situations in larger Fortune 500 companies where you’ve got a lot of different business units that you got to take care of. It’s kind of akin to that, just lots of smaller businesses that we deal with, that have the same challenges though, right. So we needed a way to be able to see vulnerabilities, mitigate them, see threats and mitigate them, make it available for our analysts, make it attainable for the infrastructure, people that are actually going out there and working with these clients every day, implementing infrastructure, deploying servers, etc. And like you said, Microsoft is the primary product that these people are using for, for their services. We see some Linux every now and then, we see some AWS every now and then, but for the most part, they’re using things like 365, for email, the productivity apps, all of that. So we decided to go down the route of utilizing a lot of the services that are inside of Azure and the 365 ecosystem to create a whole program basically, you know, we call it a product, but really we we’ve put together quite a few different services from from Azure. We do use some stuff from Tenable as well to kind of supplement some things that we don’t get directly out of Azure. But really, what I want to do is kind of pull back the curtain a bit on how we manage all of this, right? It’s quite a bit of data, quite a few systems, and a lot of different business goals that we have to be aligned with for our customers.
Jason Pufahl 04:21
So one of the things that jumps out to me, and I think we need to talk, really, frankly, specific product capabilities. But I think what jumps out to me is the value of having all of your security data in one platform like that, right? Because you you really are getting system logs, you’re getting your antivirus, right, your Defender logs into this, all your vulnerability data. They’ve created an ecosystem where they have incredible visibility across an entire organization’s infrastructure, which I think is going to be ultimately hugely beneficial from a from a security reporting and security analytics standpoint.
Matt Fusaro 05:02
Yeah, so there’s some core products that we really formed a lot of it around. Inside of Azure is a service called Defender for Cloud, which we utilize to bring a lot of the the vulnerability management and the threat management together, right. It’s kind of an alerting center, it’s a configuration center, compliance center for all this stuff, so so that when we onboard a client into this, we’re able to see all the infrastructure that they have, onboard all of it into it, and turn on services as we need. You mentioned logging, right? Some organizations need more advanced logging, where we’re pulling everything in, there going into a SIEM, and then we’ve got others that really, we just want the important stuff there, maybe track vulnerabilities and give them some threat protection, right. So we can go, there’s many things we can do there and just turn it on instead of having to deploy a whole new services for it.
Steven Maresca 05:52
And I think there’s a key aspect to that that I want to emphasize and just correct me if I’m wrong. But the truth is that it’s not just a Microsoft-centric platform, it’s multi-platform, you alluded to Linux systems a moment ago. Microsoft has explicit support for other platforms baked into some of the services we’re talking about, which makes it all the more attractive.
Matt Fusaro 06:18
Yeah, that’s one thing that a lot of people don’t know is, a lot of the Azure management plane will work directly with Linux most of the time, even even on their their VM side, right. So if you’re deploying Virtual Machines into there, there’s plenty of Linux support, there’s threat protection Linux support, even Mac support these days. Yeah, so they’ve really bought into that ecosystem. They’ve been contributing code for a while now as well to the Linux team. And on top of that, they’re also they’re also able to integrate pretty well with things like AWS and GCP. That’s, GCP is Google’s Cloud if you don’t know. So we can get security posture management, which basically means we can go and scan those infrastructures for things that should be configured or at least a baseline against and say, hey, you know, you should turn XYZ on. And it also kind of helps consolidate all that into a score, right? I’m not a big fan of single scores. But a lot of times, you know, when you get to the executive level of a company, they may want to know, hey, what, where am I? Can you give me an ABC, you know, 100% 10%? Where am I? Right, so we can kind of consolidate that into a score for people. It’s a little bit more consumable than talking about all the individual things that have to happen.
Jason Pufahl 07:35
So where do you see this going? Certainly, certainly day one. I think the emphasis is vulnerability management, patch management, right. So some of the really those fundamental things that we continue to bring up, right, that that’s day one, where you envision. What are some of the other capabilities here that you that you say, you know, sort of near term things that clients might be interested in?
Matt Fusaro 07:56
Yeah, like you said, the primary reason we started this was vulnerabilities and that that’ll be at the core of it is scanning for vulnerabilities on servers, and mitigating those things. We will be building in more network wide vulnerability management into that, so your your switches, your firewalls, IoT devices, all that data will be in there as well. On top of that, I think the real benefit here is threat management. There are some extremely good capabilities. If you’ve, if you’ve never had the chance to use Defender for Endpoint, which is very different from Windows Defender, which is built into every desktop, every server that gets deployed by default. Defender for Endpoint is a full endpoint detection and response system. Its timeline and capabilities of what’s going on on a system are extremely good. When there is an alert or incident that gets triggered, there’s tons of data there. It’s taken our time from, hey, there’s an alert, to, we know what’s going on and compress that quite a bit. That’s that’s what’s important. Now we can get an alert, understand it and respond to a client very quickly, as opposed to using several different tools actually accomplish that the way we used to.
Jason Pufahl 09:10
So, I’m actually really glad that you went down that incident response path, because I think we’ve done a fair amount of that over the last few years, there more often than not, folks that we’re engaged with don’t have any information at their disposal to help to help with exactly what you just described, right, understanding the incident, understanding the impact. The nice thing about rolling into something like this is it does capture a lot of the data that we might need sort of at the basics, right? You can, you can always collect more. But by rolling clients into this, you’re going to get log data, you’re going to get sort of threat intelligence, they’re moving down a path of giving you better, to your point, better clarity of what an attack might look like really in sort of a graphical or pictorial format. I mean, huge benefits there in the ability to recover quickly.
Matt Fusaro 10:00
Right. And that’s a testament to what you said earlier about a lot of the data being in one place. What’s great about this is that is that we can aggregate all of these different data points together, lots of different services can utilize them. But it’s also really easy to ship it somewhere else too, if we can integrate really well with other things, so if we put this on top, and you’re a Splunk user, you’re a QRadar user, however it is that you want to consume data afterwards, we can just pipe it out to you, right. And that was really important for me, because that’s how we need to work with systems all the time, we don’t like close boxes that only work in one area, we want to be able to move data back and forth as we want to. So that was really important for me when we built this, and that’s there. So that’s great.
Steven Maresca 10:42
And, you know, we’re a company that does security research, we have people who develop unique tools to make our services, both standout and more effective for us to use for our customers. I’m most interested in some of these components, because suddenly Microsoft has done the development and integration that would otherwise for us be exclusively internal. It’s an it’s a really interesting shift of focus that, to me speaks to their level of refinement for data analysis and similar.
Matt Fusaro 11:12
Yeah, they’ve definitely put the security aspects to the forefront. I’d say a majority, majority of the services that get deployed on Azure at this point are, they have some type of security angle to them, right, so that’s, I think that’s good for everyone.
Jason Pufahl 11:28
And, so, moving forward, and we’re certainly seeing a lot of focus industry wide about adherence to regulatory requirements. It’s really nice to put the tools in place, just a framework, or does the set of capabilities, support any particular frameworks, or give sort of add security qualities such that they adhere to frameworks?
Matt Fusaro 11:53
Yeah, you get several things out of it, really, I’d say that there’s probably still more work to do on the regulatory side, they focus a lot about assets that are in Azure, so VMs in Azure, services in Azure. But there’s a whole framework there to, to build out. If you’re a CMMC shop, or you want to follow NIST guidelines, you can build them out to even apply to your on site resources as well. Some of its already built in others, other things could probably use some tuning. But there’s the capability there to assess and get the technical controls that are associated with all of those compliances and report on them pretty easily. And again, if data classification is important to you, we have ways to help with that purview is one of the devices or applications inside of Azure that allows you to do that, that basically what this what this is saying is it can come come with you on your security roadmap all the way from, hey, I really just need to get updates and vulnerability management running, to okay, now I’m ready to do things like SIEM, data classification, labeling, regulatory reporting, all of that. So that that’s why we we chose this platform.
Jason Pufahl 13:09
So, it’s a really exciting time for Vancord. And certainly we had discussions about this, as we were thinking through, right, what the outcomes would be when we when we merged the two companies together. Right, the fundamental goal was, let’s make sure that as an MSP, we’re putting security first. I mean, this clearly does that, right, from a from a positioning standpoint, it it emphasizes security for all of our clients, it brings a tremendous amount of data in that they typically wouldn’t have, strengthening all the things that we currently do, while frankly, giving data to the security part of the company to be able to take action on from an incident standpoint, or just from a productivity standpoint. So it really directionally aligned with everything that we had decided to do, you know, six, nine months ago when we talked through that.
Matt Fusaro 14:01
It forced us to create processes internally that not only just involve security folks, but also the infrastructure folks where you know, we’re working together now, we have ways to communicate when something happens. And there’s more standards for when we’re deploying things, and quite honestly checking people’s work, right. None of us are perfect. You install some infrastructure, we want to make sure we did it in a secure way, we now have ways to evaluate that after we’re done. And it’s just the reality of things now, you can’t just be an infrastructure engineer, you kind of have to be a little bit, a little bit of a security engineer too, and this kind of helps you do that without having to take the role on fully.
Steven Maresca 14:39
To me, you know, there are so many smaller organizations that are a little earlier in their security arc of maturity that are already in 365, already in Azure. What this, to me, represents is an opportunity to leverage investments that perhaps that they already have, or are likely to increase as time goes on, without having to stray from that. It’s, it’s an easy decision, from an organizational strategy standpoint to use something that’s already in place.
Matt Fusaro 15:12
Yeah. And it gives you access to more advanced tools and scale that you normally would have never been able to do before. Most of this stuff was typically always reserved for the larger companies that had million dollar plus security budgets. Now, this stuff is pretty accessible, really, the challenge is putting it together and having a process around managing it. And that’s, that’s what we’re doing, decided that’s, that’s our value there. Let’s put it all together and put a process behind it.
Jason Pufahl 15:41
So, certainly day one, right, for any for any of the clients that actually are listening to this that that work with us currently. We will we’ll be rolling this out shortly. But I think the vision ultimately is to create something that we could probably extend further, because I think a lot of the work really is putting the framework together. Rolling unmanaged clients in I think is is on the horizon as well.
Matt Fusaro 16:04
Yep. Yeah, we’re hoping to do that we’re hoping to, we see plenty of opportunity to integrate other tools too, Microsoft goes really far in this path. But you know, there’s other tools out there that can help. But we want to centralize that data in one place. And we’ll be able to do that.
Jason Pufahl 16:23
Any parting thoughts at all? No, I think we covered it pretty well. So we’re certainly excited by it. If anybody is interested in sort of better understanding the components that we’re calling, Vantage Protect, feel free to reach out to us, we’re happy to talk more about it, a basic takeaway could simply be, if you are a Microsoft shop, it’s probably worth looking at some of the security capabilities that Microsoft provides natively, because they really are robust, and I think that they’re improving really, really, honestly, month after month, they’re adding new features. So but if you want to make it simple, feel free to give us a buzz and we’re really happy to help set them up. As always, we hope you got value out of this, hope it moves you forward a little bit on your security journey, and we appreciate you listening.
We’d love to hear your feedback. Feel free to get in touch at Vancord on LinkedIn or on Twitter at Vancordsecurity. And remember, stay vigilant, stay resilient. This has been CyberSound.