While many RMM vendors are adding security features and branding themselves all-in-one solutions, cybersecurity cannot be treated as a simple add-on. It requires a holistic strategy and specialized expertise that RMM vendors typically lack.
Kirstin Burke:
Welcome to everybody. I'm Kirstin Burke. I'm joined by Shahin Pirooz.
Shahin Pirooz:
Hi, everyone.
Kirstin Burke:
And we're delighted to hit on this topic this morning. We have been seeing a lot of folks, whether it be tool providers or service providers, really talking about this all-in-one concept. Right? You start as a PSA, you start as an RMM provider, and then acquire, acquire, add this tool, add this tool, and all of a sudden, I can give you the Swiss Army knife of security. And it really came to head last month as we had an interview with one of our partners, BACS, and they brought that up as well, that that was really one of the considerations they had when they were thinking about really how to right-size, up-size their security. And they made a comment that there was a lot of it that fell short and that they really felt that that incompleteness was going to put them at risk with their customers.
And so we got to thinking about that and said this was a really good topic because even when I reviewed, I went on Reddit and I kind of looked around on what other MSPs were saying, and the comment was, "These security promises and what these folks are saying are very different. They'll use the same words and it's wildly different what you get, so make sure you read the fine print." And so we thought it would be really interesting to kind of debunk what all-in-one means, what it doesn't mean, and what folks ought to know, MSPs ought to know and think about, as they're building out their security platform for their customers.
Shahin Pirooz:
Yeah, it's, I look back to 20, 30 years ago when things were much less complicated and we were acquiring, security was not at the forefront. Security was something you just did, it was part of IT delivery. There wasn't even focused security people 30 years ago. There was no concept of a CISO. It was really just there was the security guy on the IT team, and usually it was your network people who did the firewall. But there was less tools, there was, you're really talking at that point we had antivirus, both at the end point and at the email gateway. So those were really the security then.
Then the malware press for image malware and all those things started to happen, so email security started getting more complex. And so as things started to get more and more complex, more and more technology providers or vendors, manufacturers, started writing tools and that's when we started to get a glut on the security ecosystem. And there's two real driving factors to that, it really is a problem. It's, security is complex and the bad actors are using really good technology and capabilities to try to evade detection and try to grab hold of our data, and exfiltrate it so that they can then ransom your environment and make money. And clearly, it's working. We're in the trillions of dollars of ransomware business at this point, and it wouldn't keep growing faster than the GDP if it wasn't working, which translates to, something's broken.
Kirstin Burke:
Something with the tools or something with the philosophy is not working.
Shahin Pirooz:
If we have 4,500 security vendors out there that are writing security tools to try to stop these bad actors, but the bad actors are growing faster than the security tools, it can't just be that they're smarter than us. That can't be the only thing. And as you dig back into that, that was really the foundational concepts and thinking that led into becoming what White Dog is today. We got really frustrated with the ecosystem and we got frustrated with empty promises that the folks on Reddit are communicating now, that all you need is this one tool or this one company and we've got you covered, from a security perspective.
And I've been using the Swiss Army analogy for 25 years now. It started when we created the first MSP in the country. We were talking about, you can find somebody who does everything but it's usually a Swiss Army knife and they're a really good knife, but you don't want to open the bottle of wine with that corkscrew.
And that's kind of the scenario we've gotten into with these roll-ups and acquisitions, where we may have a company who has a phenomenal EDR solution, but they go acquire six or seven other companies to do CNAP, for example, or network telemetry, or logging or you pick a category, and they're trying to pull those things together to have a unified security system. But those other tools aren't the best in class. It's not the best log collector. It's not the best map, it's not the... So you get one really phenomenal tool out of that Swiss Army knife and the rest of them, I don't know about you, but I don't like using the toothpick inside the Swiss Army knife. It's awful. The corkscrew, I've broken plenty. So I just think people need to be cognizant of the fact that this one throat to choke, one vendor to rule them all, is kind of a mythology that we've created that sounds like a nirvana, but in reality, it's actually a nightmare because we end up getting substandard technologies to solve a very serious problem.
And now we're seeing transitions, it's not only manufacturers now. We saw over the last decade, PSA providers realize that they have to have now an endpoint visibility. So they added RMM, they started acquiring our RMMs to integrate into the PSA. There's our RMM providers that started building PSA functionality because they realized they're not going to be able to sell their RMM if the PSA has an RMM. And so they started crossing over and started cross-pollinating, if you will, to compete with one another effectively.
Fast forward to today, all of these RMM and PSA providers are now acquiring security tools, and the talk track is consistent. They're all going to solve all your problems with regards to security and IT. They've got tools at the endpoint that act like an MDR act, like a monitoring tool, act like a remote management software distribution, patching, all the stuff. Sounds phenomenal. Where do I sign up? But then you start to peel back the onion and you're like, okay, that MDR doesn't really act do anything. They either acquired a technology or use an open source technology or their OEM means some third party underneath the surface that they've integrated with their RMM. And fundamentally, you're getting this problem of getting, once again, substandard Swiss Army knife functionality.
What's even worse from the PSA and RMM roll-ups, is some of them are partnerships that they acquire, some of them are acquisitions, but they're all independent, unique platforms. They're not integrated to one another. They're not a single ecosystem that is tightly interoperated. At least the manufacturers that are acquiring are trying to integrate like crazy. They don't do a phenomenal job either, but the PSAs and the RMMs are not. They do very light integrations, pass data back and forth, allow you to jump from one console to the other, but you still have 30 consoles to manage, not one.
Kirstin Burke:
Right, right. Well, and I think when we flip back to last month when we had an interview with one of our partners, that was one of their comments that the holy grail, right, is simplicity, easier to manage, but you have these multiple consoles. So you're still trying to figure out commonalities, correlations, you're still jumping from one place to another.
And then the other thing is we've got these gaps. Right? You still have these partnerships or acquisitions of all of these different companies that have their own technology debt, that at some point and maybe sooner rather than later, they've gone past their effective date. And so now these MSPs have to go back to their customers and say, "Hey, you know what? This all-in-one provider has just had to do an upgrade. They just have to do new acquisitions, so now we have to start charging you more money," or, "There's this gap that we didn't know about, so now we have to do something else." And there is a brand perception of the MSP, not the provider, that, well, do you not have your act together? Why do you keep coming back to me for money? Or why do you keep coming back to me and saying, "Oh wait, there's a gap here. We need to fix it," right? When you sold this to me as something, that's all-in-one, why is it not what you sold me?
And so from the MSP perspective, their concern was, I don't look so good when I keep going back and have to, in a sense, renege on the sales promise that I made.
Shahin Pirooz:
Exactly, exactly. Yeah, it's frustrating. I recently had a conversation with an MSP who is, they are using one of the EDR manufacturer's backend SOC offering. So they're selling the EDR solution, plus the managed MDR solution from that EDR manufacturer. And they said, "Why would I consider using WhiteDog instead?" And the tool set is the same tool set, just to be clear. And I said, "The reality is that when you look at manufacturer and what their skill is, their skill is building on that EDR tool. Their skill is not security operations. They may have come from a security operations background and had an idea about how to solve the problem, but that is not what their bread and butter job is. They may have built a decent SOC team, but really what their job is, is to make sure their tool shines and continues to be clean and is fine-tuned and is doing... But they're not really doing the threat hunting that's required. They're only doing what the tool announces, in other words, they're counting on the tool to solve the problem, not the people."
We've taken a very different approach to it, and we at a very similar price point, to getting it directly from the manufacturer. We are providing real threat hunters that are curious. They find something that looks and smells phishy, and pun intended by the way, but they will go and dig deep to try to find, is this real or is this not real? And we take a 1-10-60 approach to the world, we're going to identify something within a minute. We're going to investigate it and escalate it within 10 minutes, and strive for a resolution by 60 minutes. So that model makes it so that threats are identified super quickly, and the outcome, which is what our entire driving mission is built on, is reduced dwell time from six months to six minutes. And we achieve it on a regular basis, none of these manufacturers, none of these PSAs, none of these RMM providers can make any claim like that. They talk about days and weeks for dwell time, not minutes.
Kirstin Burke:
Well, and I think back to when you gave your example of an EDR tool that has added top capabilities or whatever, right? Whatever business you started as, or whatever your core business is, that's going to be kind of your true north, and that's going to be how you have to align your employees. Right?
Shahin Pirooz:
I think so.
Kirstin Burke:
And so there is a difference there, and there's no malice here, so, be clear. I mean, everyone here is trying to find a way to solve the same problem, and we're all out there seeing that the bad guys are winning. And so we all have a philosophy of how to win, not maybe just the battle, but the war. Right? So what do we put out there so that we reduce the number of issues you have over time, and put you in a better position over time. And so there's just a different philosophy. Right? So one is we maybe have this great piece of the pie that is very solid. Now we're going to try to piece part some other things in here to expand that footprint. Right? And the other one is, well, why don't we get the best of everything? Why don't we find people with integration experience and people with experience, so that we can continuously manage, migrate, evolve, and improve? Because it's not like this is a static environment. The hackers don't-
Shahin Pirooz:
Spoiler alert, that's what we do.
Kirstin Burke:
Well, and the hackers aren't going out there doing the same thing time and time again. Right? So thinking that whatever it is you're putting out there is going to continue to solve problem X, is not reasonable.
Shahin Pirooz:
Yeah. I do want to echo something you said and add some color to it. This concept of, there's no malice intended here. There really isn't, because we can't do what we do without these tools, right?
Kirstin Burke:
Right, exactly.
Shahin Pirooz:
Frankly, we take an ecosystem of commercial technologies and open source technologies, about 45 technologies in the suite to make up an enterprise security platform that is consumable, one node at a time. And we can only accomplish that if there were great people out there writing good tools. What we do that's different is we didn't create one tool and then buy a bunch of substandard tools and say, "You only need us." We go and find that one tool at each manufacturer that is the best tool in the market and integrate those together and create an integrated suite that is made up of best in breed technologies.
And another way to think about what I just said is, you don't have weapons manufacturers building armies. They're not out on the battlefield fighting the war. They are arming the army to go out and fight the war, because the army is trained how to do the fight. The weapons manufacturer's expertise is building the best weapons that don't get jammed, that shoot as many rounds as possible, so that the army can do what they do and defend the country. And that's really what we're talking about here. We're a security company. We are that special force, special ops team that takes the tools and puts them to good use, as opposed to trying to create the tools.
Kirstin Burke:
So what would you tell an MSP who might be evaluating and probably has already made an investment in something, right? So maybe one of those great tools or maybe several tools, who's kind of trying to look at this different maybe and who's saying, "Okay, so I get we've got a battle, we've got a war, and this war is going to be ongoing. This war is going to be dynamic." How should they orient themselves maybe in a different way? Because we know WhiteDog may not be for everybody, right? And you may have different teams, different staff that maybe a tool's focus makes sense. How would you help someone orient themselves to kind of figure out, depending on my skillset, depending on my customer base, which way should I go?
Shahin Pirooz:
I'll try to answer that question in a couple of anecdotes. There's the companies that we are not a good fit for are those companies that have a not invented here mindset. I'd rather build it myself, I don't think anybody can do it as good as we can. And there is nothing that we've done that somebody else couldn't go do. So if that's the type of culture you have, then by all means and more power to you, go pick the best tools, best technologies in the market, and figure out how to integrate them. And then make sure you have people who are continuously evolving that technology stack, because security tools last three years, maybe five at the max. And then they're no longer effective because the bad actors have outpaced them so fast that the technical debt in their platform is going to hold them back and prevent them from being able to keep up.
So now you have to switch the EDR tool, them the phishing tool, then whatever, and it just is a continuous evolution of the platform and the tools underneath the platform.
Kirstin Burke:
So that kind of has to be your core competency?
Shahin Pirooz:
It becomes a core. You have to develop that core competency of continuous improvement. And a lot of MSPs do some of that already with the technologies they use for managing the environment. From an IT perspective, adding security is not the same team. You can't have the same team who is picking IT tools, what's the best RMM? What's the best patch management? What's the... Those tool sets do specific things and they're operational and they are more proactive in nature, in terms of trying to solve the problems from an IT perspective. And they are hand-in-hand, it's very similar to the left and right of boom. They're hand-in-hand with the security tools that are more reactive in nature, but if you close the holes and be proactive, then there's really not a need to do too much on the other side. So what the IT teams are doing are important, but they can't be the same resources that do the security side.
So if that's the path you want to go down and to build this and to build it from scratch, have ownership of it, understand that you're going to be putting together a tools team, an architecture team, an integration team, and then the ongoing operations, the security operations. Now there are some potential overlap for the operations. You could have your NOC also do SOC functionality, but you'd have to train them and uplift them.
So the advice to MSPs, MSSPs that are already building it is, if you're doing it and you're doing it well and you're comfortable and it's not straining your business and it's not taking your eye off the ball for something else, keep going, fantastic. It's the more people fighting this battle along our side, amazing.
But what the anecdote I'll tell you is I can tell you that there's at least four of our partners, I've had dialogues with their executives, chief executives, and each of them has said, "I could do this, but it takes my eye off the ball and it takes margin and it takes time. And I constantly have to be hiring this staffing model of security operations, and I constantly have to be picking tools. And I want to focus on growing my business. I don't want to focus on building this thing, so I'd rather be a consumer of this, as opposed to a composer of it."
And so those are really, I would say, and there's probably people in the middle that are on the fence that have done some. And I would tell you, if you're relying on the tools from a PSA vendor today or an RMM vendor to be your security stack, you're doing a disservice to your customers because those tools are not the best tools in the market and they're not integrated. So you have to still hire people to monitor, manage, understand all the consoles, train them, be able to keep them up to date, refresh the endpoints, all that kind of stuff. So it's a lot of work for not a lot of benefit and reward because the tools aren't great. Will they do the job? Sure. Will they be 100% effective? No. Is any security to 100% effective? No. So you better have really, really good people who know how to respond when they're not effective.
Kirstin Burke:
Right, there's more of a burden on those people than, yeah.
Shahin Pirooz:
Yeah, and it's the level of effectiveness, it goes down as the tools are not as... The level of effectiveness of the tool impacts the effectiveness of the people, meaning they have to be corollary wise conversely more effective because the tools aren't effective.
So I would say the advice to somebody who's looking at this is first of all, very selfishly and not, altruistically, take a look at WhiteDog. I mean, we've spent a good eight years building what we built and have scaled it to about 25 countries and five continents. We're supporting customers across the globe and we're securing infrastructures that are very complex, very large. Largest customers are up to 30,000 seats, smallest customers are one sea,. And these are end customers of our customers, which are MSPs, system integrators, and bars.
And so while you could do everything we just talked about, it's not rocket science, it's not magic. It's hard work, rolling up your sleeves, and time, and money. And then constant staffing, constant tool evaluations. So if you're doing it and you're doing it well, keep it up. If you're not doing it well or you haven't started, then really take a deep look at WhiteDog, rather than relying on your PSA partner to say, "Hey, we've got all those things. You're fine."
Kirstin Burke:
The simple path, the easy button. The easy button may not be the best button.
Shahin Pirooz:
Yeah, the easy button is hardly ever the easy path.
Kirstin Burke:
Yeah, yeah, yeah. Well, you're talking through your recommendation reminded me, we were an event this spring, and we have an external scan that we can do that we share with MSP partners that they can also share with their customers to just do a quick evaluation of, if I were hacker, if I were the bad guy, what would I find out on the dark web? What would I find out about you that would make you vulnerable? And it was an interesting conversation that we had because we were meeting with a group of people and we decided to do this scan on their behalf to just say, "Hey, here's what we found about you."
Shahin Pirooz:
On their own domains, yeah.
Kirstin Burke:
And yeah, and our thought process was we had some people with A's and A pluses, we had some people with C's and D's. And so our interpretation was, well, probably the people that are going to be really interested in talking to us are those with C's and D's. But what was very interesting was we had some conversations with those who had A's and A pluses, and really our comment to them was, "Congratulations, keep it up," but the comment they made to us was, "We're tired, and."
Shahin Pirooz:
It takes a lot of work to get that right.
Kirstin Burke:
"Do you know what it takes to be an A or A plus?" And one gentleman, he in fact was saying, "Well, I'm retiring soon and I don't have the confidence that without me, that we can keep this up. And we have to keep it up somehow some way, we need that A, A-plus security posture. But once I leave, I don't know that we can do it anymore."
Shahin Pirooz:
And now multiply that across your 50 or 100 customers.
Kirstin Burke:
Right, and so it was a very interesting conversation we had and it was kind of that side of, yes, I've been doing it. Yes, I know how to do it. Yes, I built it, but I don't know that that's the business I want to be in anymore.
Shahin Pirooz:
Exactly.
Kirstin Burke:
So yeah, we're kind of a great, at least a great data point to look at and say, "Well, this is what I'm doing now." You know what you're doing, what you're spending, the burden that you have, and then kind of seeing what it might take from an economic standpoint, an integration standpoint, to really think about, do I slowly or quickly move over to use some of these services that maybe might shift that burden?
Shahin Pirooz:
That's perfect. Third scenario, which I didn't mention, first scenario obviously was if you're doing it and doing it great, keep it up. Second one is if you're not doing it or frustrated with it, take a look at us.
That third one is in the middle, which is, or maybe even been leaning one side or the other, which is, you made investments, you're using tools. You're doing a good job, but the burden is becoming heavy and you don't want to maintain that burden anymore. And we've got tools to help you determine what your spend is and how you would translate that spend and when to do the cut over from one technology to another, and have built a very composable stack in such a way that you can pick the pieces and parts that fit a particular problem and do those over time. So this is not a band-aid approach of rip the band-aid off and run and hope WhiteDog covers you. It's really more a thoughtful transition to a technology stack that from that point on is continuous.
And you tagged, coined the term, never buy another security tool, which I love. It's the reality of what we're ultimately talking about. You're subscribing to a stack that happens to have all the best in breed tools in it, and you'll never have to buy another technology tool, have negotiations, contract, any of those types of things.
Kirstin Burke:
Well, I think at least for our MSP partners, and I would imagine it's consistent across the board, you're all about serving your customers. Right? So what is the unique value you bring to your set of clients? How are you going out there to market and growing that customer base, right? And depending on what it is that you do and that you do very well, security may or may not be a part of that. But what we really pride ourselves in is allowing our partners, whether they want to white label this, whether they want to use the WhiteDog brand. We are all about helping our MSP partners provide that better, deeper, more cost-effective solution to their customer base. Right? Because back to the no malice, we out here are all about trying to help make or I guess, shrink the attack surface, right? Not just for our customers, not just, I mean, anything that we can do to make it harder for the bad guys to win is what we want to do.
Shahin Pirooz:
That's the only thing we can do. Our goal has to be, it's the primary goal, the primary mission for what we arm our analysts to do is to reduce dwell time. Find the bad actors as fast as possible so they can't cause damage. How do we prevent them from causing damage? Let's not make it easy for them to cause damage.
So let's add those two things together. Let's make it difficult, put a bunch of hurdles in their way and give us time to find them before they can bypass hurdles. That's something that's missing in every single security tool in the market is that everybody talks about reduction of dual time, but they all do it based on machine learning, artificial intelligence. Things that are literally just taking correlations based on historical data and saying, "I'm going to pop up an alert." What's missing is a human factor of threat hunting, which is, I saw something that should have been alert but it wasn't an alert. Let me investigate it and see what it is, if it's real or not. That's an example of something that you won't get from manufacturers, PSAs, other technologies that are stepping into the ring with us.
Kirstin Burke:
So back to your special forces analogy. Right? So for our MSP partners, they've got the Navy SEALs of security working on their behalf-
Shahin Pirooz:
Exactly.
Kirstin Burke:
... to really help for what's going on on behalf of their customers.
Shahin Pirooz:
And we have really good weapons manufacturers to help us as well.
Kirstin Burke:
Right, right. Well, anything else that you want to leave anybody with as we close this out?
Shahin Pirooz:
No, I think we're good. I think that covers a lot about the platform.
Speaker 3:
Okay, and-
Kirstin Burke:
What we'll do-
Shahin Pirooz:
Do you have a question?
Speaker 3:
Yes, we do have a question-
Kirstin Burke:
We have a question, excellent.
Speaker 3:
... From Tim Johnson in the comments. What has been the most effective method you've seen for educating potential clients and messaging prospects to bypass keeping the status quo or mistakenly thinking they have the resources to build or monitor their own security stack?
Kirstin Burke:
Let's repeat the question.
Shahin Pirooz:
Yeah, so it was a lot, so I'll try, so help us. What has been the most effective method for teaching or educating customers and clients, how to bypass the status quo they're in, and help understand, why is it important to improve the security stack? Was that close enough?
Speaker 3:
Yes.
Shahin Pirooz:
Okay, I got a nod. I'll break this into two different categories. One of them is the end customer. The end customer themselves is the customer of our clients, which are the MSPs and system integrators. We are lucky because the MSPs and system integrators have been targeted and attacked over the past five years or so with targeted attacks through the PSAs, through the tools they use through RMMs they use. And so they recognize the importance of the status quo causing potential issues for them. So they're looking, they're actively looking for better ways to secure it because on they're hook if they customers get attacked.
And just like it started with the mechanical contractors, air conditioning contractors back when the attacks started spreading, the bad actors find, what is the easiest path into the large companies? The easiest path is to find somebody who doesn't have good security and go through them to get into the large company. The target breach which we've talked about-
Kirstin Burke:
Or the broad customer base?
Shahin Pirooz:
Yeah, broad customer base. So the MSPs are targets because it's not that their security is low, it's that they have a broad customer base and they can jump in. And historically, they've been focused on IT, and now we've got these PSAs that are bringing substandard tools. So if I were a bad actor, I would focus on somebody who's using those substandard tools because I know how to get around them, I know how to bypass them, there's known vulnerabilities. And just to protect the guilty, I won't call out any manufacturer's names, but we all know what I'm referring to.
Now, the MSPs, there's two different categories that are talking to the end customers. There's MSPs that have embedded and included a security stack with their services. And in those conversations, the customers are completely trusting them. And when they say, "We are doing this, this is how we secure your environment." The customers are saying, "Great." So that's one side of it. The other side of it is those that are pure play security and not necessarily an MSP or MSSPs. They're having to go into a customer that may have an MSP that may already be doing IT themselves, and they're trying to convince the end customer that there's a better way to look at their ecosystem. That is where the complex stuff starts to come in. So that is where it's difficult to tell someone that the status quo or their baby isn't so pretty as they might've thought it was, and that there are definitely solutions for dealing with some of the challenges they might face.
The answer to how to get those things over the line is things like Kirstin was referring to. We have tools for our MSP customers and system integrator customers to be able to do a security health check against their prospects, and be able to share with them like, "Look, this took me five minutes and any bad actor can do the same thing. Here's all your accounts that are on the dark web. Here's all the vulnerabilities and exploits that are available outside of your environment. And by the way, here's a couple of exploits that we've seen bad actors take advantage of." And that gets them real factual data as opposed to emotional conversations around, well, you pick this tool when it's not a very good tool, or you pick... There's religion around technology whether we like to accept that or not. And for us, we try to take the religion out of it by doing shootouts and efficacy tests and continuously evaluating the tools we use, but those conversations are always very difficult when you're telling someone they could do something different and better stack.
In the case of the MSPs that are embedding security, we have partners that have literally rolled us out to all of their customers because they control the security stack, they don't sell it to the customer. They're embedding it as part of their service, and they can change out the technology whenever they feel like it. For those that are reselling technology and are now having to go back and have the dialogue that Kirstin was referring to earlier, which is, "I know I sold you this, but it's not effective anymore," that's a much harder conversation and that's where the efficacy dialogue and continuous improvement dialogue has to happen.
Kirstin Burke:
Well, I think too, you talked about removing the emotion and certainly the people that built this, you give them something that says, "Gosh, your stock doesn't look so good, or you have these vulnerabilities," and there can be an, "Oh my gosh" moment that if the board is asking for me to review my security policy and now I have to go tell them that I don't look so good or that what I built doesn't look so good, but I couldn't do so well because I didn't have the budget. Right? There becomes all of that, like the ball of yarn that gets untangled.
And so I think really, I think helping those customers think about their outcomes, not their tools, right? So switching that dialogue, you mentioned, we've all been trained to think about things in terms of tool solutions, and I think everything is so convoluted. You've got 4,500 tools and how do things work together and do they work together? And I have to change them. You kind have to change your thought process for, what is the outcome you want, right? And what, depending on that outcome, here are the different levels of spend that you can provide, that you can go to deliver that outcome. And really kind of take the religion out of it, not because there aren't better tools or worse tools, but if you're working with someone whose job it is to stay on top of that, then you start thinking about the outcome. Right?
And so maybe you have, maybe your customers have a cybersecurity audit that they've got to go through and they've got to pass. Maybe they're doing a merger and acquisition, but I would think as an MSP, if you could start talking to your customers about the outcomes either that you want to help them achieve or the outcomes that you're centering that they've got coming up, that working in what they've already spent and helping them get to something that is a better posture, is really where we try to help lead them.
Shahin Pirooz:
Right, and it's always very interesting because you get this, when you go to talk to someone who is doing their own security, an IT organization that is doing their own security, and you bring a report that doesn't look good, the very first reaction for somebody who is thinking about this as a report card is, I failed and I can't let my boss see this, I just need to quietly fix this. And so that transition is very difficult because that individual feels attacked and they're not going to follow up with you.
So the approach is really to be able to have that dialogue with them and say, "We're going to find some thing," like set up the conversations on, "We're going to find some things, we find something everywhere. And those things we're going to find, we're going to give you answers for how to close those gaps and how to solve those problems." Rather than just saying, "Here's the hot mess of a report card. Hope to God you got this covered." Helping them to understand that you're arm-and-arm and partnered with them to get to a resolution-
Kirstin Burke:
Right, you're the hero.
Shahin Pirooz:
... to get to that outcome to make them win. That's really the best way to get an end customer across the line with these things, because I can tell you in my early days, we used to go in with a, we used to call it the RYG report, the red, yellow green report. And the IT guy would be panicked and be like, "Oh my god, there's a lot of red on this RYG report."
Kirstin Burke:
Nobody can see this. Right, right.
Shahin Pirooz:
So we learned and we all learn and evolve. And I'm sure most of the folks out there listening on the MSP community can relate to what I just said. It's trying to help them focus on their business as opposed to technology. That's what we're all here for.
Kirstin Burke:
But that's a great question because I think as an MSP, when you're considering anybody to work with, right? Tool, vendor, provider, whatever, what experience do you have to help me get over some of these hurdles, whether they be technical hurdles, sales hurdles, support hurdles? And one thing that as we built this out that we were very aware of was, wanted to be simple to work with, wanted to have our MSP partner's back. And so even on the back end, we have got a portal, a single pane of glass for people to see all of their customer services. We've got an enablement platform and training academy, and a lot of personal touch that can really help our MSP partners from right when they've signed a contract, all the way through supporting their customers that are really going to help them feel like they've got someone that's a part of their team.
Shahin Pirooz:
Exactly.
Kirstin Burke:
So, thank you all for joining us and obviously if you've got interest in just checking us out or learning more, you can visit our website. You can email either one of us, Shahin at WhiteDog Cyber, Kirstin at WhiteDog Cyber, and I would love to have a conversation. So until next time, thank you.
While relying on a single cybersecurity vendor may sound convenient, the Swiss Army knife approach has a critical flaw—many tools, but few are best-in-class. RMM and PSA vendors often lack deep integration and specialized security expertise, compromising unified protection and leaving users juggling multiple consoles.
