Granite Telecommunications is focused on defense, not rescue, while RedLegg tackles cybersecurity with intelligence and automation.
IT Glue has built a large collection of security features to help ensure the security of information stored on its platform. And Lumen Technologies has security built into the core of its architecture.
Those are some of the reasons these companies say customers should choose them to protect against the ever-expanding network of cybercriminals. The four companies competed in Tuesday’s Security Thunderdome during Channel Partners Virtual 2021.
Kevin McDonald, COO and CISO of Alvaka Networks, moderated the thunderdome. The competitors were:
Mark Palmer, Granite’s vice president of managed services.
Lynn Weddle, founder and co-partner of RedLegg.
Nadir Merchant, IT Glue’s general manager and CTO.
Andrew Harris: Lumen’s senior director of cybersecurity and strategic solutions.
The battle didn’t get heated. And most agreed about the importance of automation in fighting cybercrime.
“We can't operate at the speed of machines,” McDonald said. “We're being attacked by machines and by automation, so we all better be prepared to respond in kind. I do believe that if we look at security like the old board and the holes in it, the more holes you close, the less likely the marble is to fall through one of the holes. It's very important that we all work together.”
30 Seconds in an Elevator
If you had 30 seconds alone in an elevator with a potential customer, what would you say to get them to hire you instead of the other panelists? That’s one of the questions asked of the contenders.
“Except for Lumen, I don't think we really compete directly with the other guys,” Palmer said. “So for us, it's really the front door, it's the access, it's the entire play in putting the fabric together to secure your network. We look at best-of-breed devices, so we're not pigeonholed into a specific security appliance. We look at what the customers are doing, what their needs are, and then match them with their budget to the best possible outcome for them. We're big enough that we can leverage our size to create some force, but we're still privately held. We have no debt. So we really help drive our customers’ needs by not having outside forces pushing us to do things that we don't want to do.”
Weddle said automation is what gives RedLegg a competitive advantage.
“Our practice has changed over the last five years, with the heavy focus on automation and trying to get customers with it's no longer a, ‘Hey, what's the problem, go buy a product and put it in,’” he said. “The narrative's changed. Automation’s in the platform. And when you get into stitching tools together, that's honestly where we're focused. What's the use case? We have a process. You have to be mature enough to build it and then you need to stitch it together. So it kind of addresses the people problem. It's a mind shift in the way people approach projects, but it's where things are going right now.”
IT Glue’s password manager is by far the most secure in the industry,” Merchant said.
“Our host-proof hosting solution has been vetted by third-party security experts,” he said. “You can find the data on the web around exactly what was done there. But it is by far the most secure way to store and share passwords for things like your Microsoft Office-delegated password, where you have a shared credential that you need to share and you can't have individual passwords.”
Lumen built security into its core so it's “at the heart of everything we do,” Harris said.
“We take a foundational approach with our clients and we aren't trying to sell a product just to sell a product,” he said. “It’s products need solutions, not solutions need products. And that's the exact approach that Lumen takes. So we have our resources internally. We have our own infrastructure. And we're not relying on third-party resources. So we can really be that strong foundation to give our clients a starting point and build that bridge from the ground up.”
Best Advice for Making Decisions
With all the competing noise in the market,it can be difficult for organizations to cut through all of that to determine who they should hire for cybersecurity, McDonald said.
Harris said it goes back to two questions. Those are how quickly a provider can identify and respond, and if they understand your core assets.
Palmer said prevention is the key.
“You have scary stories about what happens to people that don't take security seriously,” he said. “But the bottom line is, why should they? Because prevention is important. And if you don't, that's how you get into that other category.”
Due diligence is important for organizations to make smart decisions, Weddle said.
“The sales folks of the world make it really tough for customers to get a handle on, whether it's a service line or what you're good at,” he said. “And it puts a lot of onus on the customers to honestly do their due diligence. It’s looking at the company and understanding what their pedigree is.”
Merchant agreed due diligence is important.
“I think that we have to kind of take a step back and look at who are we choosing to work with and make sure we really understand who they are, who they are as a business and what they're doing to make sure that they are a business that we want to work with from a security perspective,” he said. “And we recommend everybody does the same thing. You have to understand your supply chain in order to at least give you the best chance of being successful.”
Profiting off Rescue
The last thing clients want is to work with a security provider who’s constantly making money off of coming to their rescue. They’re looking for someone who gets it right from the start.
The perimeter is dead, so work from home is a big topic, Harris said.
“And with our global reach and all of our solutions, which are anything from distributed denial of service (DDoS), to incident response and professional security services, we really enable our customers to take multiple different approaches,” he said. “We really try to understand what our customers’ needs are and build out a solution that may contain the products necessary, but ultimately it solves what they're looking for.”
Weddle said Redlegg is built around advisory managed services and tested services, “so we're always trying to have a practical approach for customers.”
“Everybody's in a different situation, so how do we approach the problem considering budget and resources, and give the customer what they're looking for?” he said.
“Ultimately, we're here to make sure the information that you have about your clients is available at your fingertips so you don't need to go searching for that information, your technicians don't need to go tapping shoulders and asking each other for information,” Merchant said. “They can simply access that with a few keystrokes in IT Glue. They can know exactly what they need to in order to solve a client's problems and to act like a tier-three technician who understands the problem and the customer very well, even if they are brand-new to your business.”
The contenders were asked what providers should be most focused on over the next two years. Palmer said subscription-based services are the key to everything now.
“There's ransomware as a service,” he said. “You look at those things and it’s not getting easier to defend; it’s getting harder to defend. And that’s the key, it's prevention. Prevention is what people should be thinking about and … when something happens, what do you do and what can you do? And I think [over] the next two years, it's the evolution of these things like Netlocker that are kind of in their infancy now. But how does that grow and how does that get bigger? Because it's going to, there’s money to be made.”
Harris said he’s seen a “huge uptick” in DDoS attacks.
“With the ransomware, it kind of has evolved to being held for ransom as a threat that if you don't pay, we're going to hit you,” he said. “I think that that's honestly where we're going to see a huge increase. And it's really easy for anybody to go out and DDoS somebody. I mean, I've been on calls with customers, schools, and a student isn't prepared for finals. So they Google DDoS for hire and pay somebody $50 and take the school network down and finals are postponed. And health care, it’s life and death if their network's down. I mean it’s very critical. If your corporate network is down, your employees aren’t doing anything and it’s going to cost companies a lot of money.”
Providers need to implement today’s best practices, Merchant said.
“Forget about future and new threats,” he said. “There are so many companies and people that haven't rolled out multifactor authentication (MFA) and they haven't rolled out just the basics of having backup in place. We have to get that solved going forward. Work from home, even if it's not here permanently at the scale it is today, there are going to be bits and pieces of it, much more so than we saw three, four or five years ago. And it’s extremely important that we can manage to secure people in an environment where everybody is dislocated and we don't have the same physical control that we used to have.”
Weddle said automation is where things are going now.
“The response piece, we're doing both operational security and even non-security right now,” he said. “It's companies swapping out tools with an automation backbone in place. It's getting rid of the mundane task focused on efficiency and not eliminating humans, but really just to play off of getting more of the tools with less human effort.”