Never Buy Another Security Tool: An Evergreen Solution for MSPs

Break free from the conventional tool mindset with WhiteDog and consume a comprehensive, unified cybersecurity platform—backed by 24x7 security operations. We keep up with security trends, ensuring the tech stack adapts to evolving threats.

posted on
May 15, 2024
Transcript

Kirstin Burke:

I'm Kirstin Burke, and I'm joined by Shahin Pirooz and Brian Moody, happy to be here. And if any of you read the promotion for this, you might've noticed we made a pretty dramatic claim or a pretty dramatic aspirational promise, which is, what if you never had to buy another security tool again? And it's something that this team has been talking to the market a lot about over the last year, we've been talking to a lot of MSP partners, and if you take a look at one of my team members here, he has a t-shirt that says something about not being a tool.

Brian Moody:

We're not a tool.

Kirstin Burke:

I'm going to open it up to you guys, why can we make this promise? Why are we talking about this claim? What's going on in the markets today that we just feel maybe a tool centric approach isn't where you start, but maybe you got to have a mindset first and then how is it that maybe tools fall in the secondary position to that?

Shahin Pirooz:

It's funny, I just came back from RSA, and last year at RSA, it was, this tool is the only tool you need and everything was endpoint focused then tool, tool, tool. It's good to see that the ecosystem is following pace with us and the conversations we're shifting more into data protection and, first of all, I want to give a tremendous amount of kudos to my marketing team here because they came up with not a tool without anybody saying anything, we've been barking and yelling, not a tool for a while and I love the shirt. But the marketing teams out there will put out, let's call it, marketecture. And marketecture is tied to acronyms, which are whatever is floating in the industry and the ether at the time. And we're very acronym rich ourselves, so I can't say we're immune from that.

We try to make those acronyms actually mean something and do something, and this is where the divergence from a tool to a service comes from. When you look at, for example, very simple things like XDR in the market, XDR for most manufacturers is a tool, maybe two tools, but it's something they sell, it's a thing, it's a product. For us, our XDR platform is about 10 different technologies, and those 10 technologies work in concert and are integrated in their enterprise security capabilities that make up an extended detection and response solution.

That's really the difference between the WhiteDog message that we're trying to bring from market and what the industry is doing from a tool centric perspective, which is, this tool will solve all your problems. Our answer is, there is no single tool on the planet that will solve your problems, not one. And you have to have a holistic security solution that is proper enterprise security, proper layers of defense, and it can't be a tool if you're doing layers, it has to be many tools.

Kirstin Burke:

Brian, you're out there talking to tons of MSPs and digging into what they're doing today versus where they need to be. Let's say an MSP out there bought 10 tools, why is this tool-centric perspective still falling short? What if you bought 10 tools, what is the rub there? What is not working with that tool-centric approach?

Brian Moody:

I think the biggest thing that we talk about is technology debt, a matter of fact, we just got off the phone with an MSP owner and he was talking about, well, I have got three guys and the industry keeps changing terms and the vendors keep coming at me. And he said, "how hard is it for our customer to figure this out, when I've got three guys doing this seven by 24 all day, the terms change, the tools change, we're having trouble just keeping up with it. How is our customer supposed to keep up with this?"

So it's this technology debt that I think is such a challenge because Shahin says it all the time and we see it actually in our implementation, a tool's lifespan is maybe two or three years and it's being leapt or leapfrogged so to speak by other tools in the industry and if you're not on top of that, you're leaving yourself vulnerable. And that challenge has become just a huge technical debt for any MSP that is trying to stay on top of this for their customer.

Kirstin Burke:

Well, and this is usually one part of their practice or one part of the solution that they're taking to their customers. So you've got security, you might have IT, you might have help, whatever, so this is part of a larger portfolio that an MSP typically has.

Brian Moody:

Exactly.

Kirstin Burke:

And so if you're having to spend all of this time and focus trying to figure out this security thing that's always changing, you might be pulling away from other things that you're trying to do for your customers.

Brian Moody:

Right, that's critical to your business.

Shahin Pirooz:

The way we like to think of the world is, security ends up having very much of a military mindset and the way we approach things. And the way we like to think of the world is, if you look at the United States military, not everybody's infantry, there's Marines and then there's special ops for every division, every branch of the military, every special ops is specialized in doing the things they do so that you can take a holistic approach in a defense or battle or attack. And it's no different in this industry, we have specialized people who are the infantry, let's call them our help desk, they're attacking the front end, they're dealing with the day-to-day breaking through the walls and channels and issues that the end customer might have.

Then behind them, you have your network people, your server people, your active directory people, and then the next layer of defense is what we believe is this security ecosystem and there's network security, there's endpoint security, there's DNS security, and we've built a cybersecurity stack that is not tool-centric, it is outcome-centric. What are the problems that we need to address when we're talking about DNS defense? What's the issue when we're talking about endpoint security? What needs to happen when we're talking about extended detection and response? What are the moving parts that make it extended versus just EDR with extended telemetry?

And so those factors, coming back to what you asked earlier, which was, what is the problem if somebody makes an investment in 10 tools versus this approach we're talking about, they have 10 consoles to look at, they have 10 tools they have to learn and interact with. They have to figure out how to integrate those 10 consoles together if they want a meaningful set of telemetry. They have to figure out how to correlate the data from all of those things so that they can say, if an attack happened in the DNS tool and an attack happened in the endpoint tool and an attack happened on the network, and by the way, they're all the same IP, how do I know those things happen unless I look at all three consoles?

And what we solve, is we've done that level of integration, we've created this curated, what we call composable stack, and composable goes to the point that Brian made, these tools change. The lifespan might be a little longer than two to three years, but let's just take the extreme, let's say a tool's good for five years, you still have to in five years change that tool out and figure out how to integrate it with everything else in your ecosystem, how to roll it out to all your customers and pull back the old tool. And we do that without a hiccup, without a change to the customer's business, without a change to their cost model, without a change to their pricing to their customer, without a change to the capabilities and features they get. And that's probably the key distinction in our world, is that we're giving you the same functionality, features, pricing, better service, continuously improving platform, meeting the outcome as opposed to looking for what tool are you using.

Kirstin Burke:

Mm-hmm. Well, it seems we've been to quite a few channel industry events over the last year and what was interesting to me is, even you have the tool companies where maybe one or two problems we're solving, you then have these, I don't know, maybe platform partners where they're taking maybe three or four of the things and putting them together, but it's still incomplete. And so you still as an MSP have this convergence that you've got to figure out, this integration that you've got to figure out. So the MSPs that we've been talking to, Brian, what has stood out to you in terms of where they're currently struggling, what's not working either with tools or with these pseudo solutions, where is it that they're struggling most and how does this no tool value proposition play for them?

Brian Moody:

You simplified it very quickly with, there's a couple of tools which address a couple of the key issues, and then you have this convergence of maybe three or four tools that are addressing something that are attempting to put together a solution. And at the last conference we were at, I thought a very interesting and Gartner talked about actually they were talking about that the Broadcom acquisition of VMware and the ripples that has had now between the marketplace.

And if you think about, we have that same issue in the security space, so you have these tools and we actually, as Shahin says to me all the time, I hear these vendors come up and say, you just need us. This is what our MSP partners are hearing, I'm a tool, you just need us, you just need us, and maybe one other thing and you-

Shahin Pirooz:

And they're very compelling in their arguments.

Brian Moody:

They have very good CMOs, their marketing message is fantastic. So this is the constant messaging that happens and the really smart MSPs are starting to go, "I need a collection of these tools in order to deliver this solution because I have a lot to address. What you're also seeing are the vendors going, I need now a collection of tools in order to continue to build out my solution." So we have acquisition happening and I'm not sure if I can go back in history, and we've both been doing this, I've been 30 years here in Silicon Valley, if I've seen an acquisition that's actually resulted in a positive outcome of that technology.

Shahin Pirooz:

There's very few.

Brian Moody:

There's very few. And so the challenge that we have, the challenge our MSP partners have is, as these tools come up, they're just tools, now I do, I have to create this convergence of them to create a solution. But our tool vendors are acquiring tools and impacting, we get impacted by it as well when we have a tool that we're using in our overall solution and it gets acquired, it creates a challenge for us.

I think this is the challenge that these MSPs and our partners are dealing with, is what tools do I use in my solution? What's their lifespan? How do I make them work? But from a standpoint of the constant change that happens within the industry, it's a challenge. The constant messaging is changing as I've said. And so this is probably one of the biggest things, is how do you know what tool to use? What company do you pick? How do they integrate? Do they interoperate? Do I have gaps?

Kirstin Burke:

Well, and on top of that, these folks have their customers coming to them saying, we need security. And so if you're still building that plane, they need security now or next month.

Shahin Pirooz:

It's more than that, it's a mix of their savvy customers are coming and asking, but they have other customers that just intrinsically implicitly expect they're doing in security. And I had a conversation with an MSP a couple of weeks back that said, "I can sleep now because I was so worried that the tools we're investing in, we don't have time to watch them 24 by seven, we don't have time to make sure they're doing what they're supposed to do, we don't have time to fine tune them and now I know you guys are taking care for us."

Kirstin Burke:

Mm-hmm. We know folks need to invest in a number of tools, 10, 20, 40 depending on what market research you read. Clearly, we're out there saying one tool doesn't solve everything, even three tools don't solve everything yet now we're out there saying, well, you just need us, so what's the difference?

Shahin Pirooz:

Don't listen to them saying us, just us.

Brian Moody:

Just us.

Kirstin Burke:

What's different?

Shahin Pirooz:

I think that is different, we're not a tool, there's not one tool. And there's other players, as you mentioned, that are doing a platform which is a aggregation of tools, one of the biggest disservices to the MSP ecosystem right now is the PSA players because they've become distributors because they're acquiring security companies, not best in class, but the ones that make sense for them to easily roll out. They target tools that MSPs are using today, they acquire them, they create a portfolio and they say, we're the only vendor you need, it's a single bill for everything.

Compelling, but they do nothing to integrate those technologies together, they're all separate companies over-managed as a umbrella by this umbrella corporation that is acquiring them. They have different product teams, they have different sales teams, everything is distinctly different, it's like an aggregation, think of it as a clearinghouse of tools. And what we're bringing to the market that is very different than all of that is, we're not selling a single tool ever, we never resell technology to our customers, we OEM with all of our partner relationships, we have OEM relationships with them and we license the technology to WhiteDog, we integrate that technology into the ecosystem presented in our portal, create WhiteDog APIs in front of all of it. So if you create API connections into us for automations in your environment, if we change the tool, the APIs don't change.

That's a huge distinct difference versus, if you're going to them and you decide you don't like tool A that they bought or you don't like PSA partner A and you go to PSA partner B, now you've got a whole different tool ecosystem and now you have to rewrite all your portal interfaces and everything else, your reporting interfaces. And then we've also built integrations into all those players, so if you love your PSA tools, no problem, we integrate with them. If you feel you don't need your PSA tool, we've got you covered there too.

And then there's a series of ecosystem tools that we've created coming from this space, we've spent 25 years in the MSP space, we're not new to this game. This was built out of frustration, I got really frustrated over those 25 years with vendors that didn't understand what I needed. And so we built a solution that was MSP first in its design so that we can answer the questions, problems, challenges MSPs have. And we've created value, capabilities, and services way beyond security. Things like, for example, partnership with GlassHive, so you can do your own marketing, CRM, coding, and content integration with us and with other partners that we just give away to our silver and better partners. There's things like that that we think that none of these players are really thinking about, how do I make the MSP ecosystem and their lives easier that we think about.

Kirstin Burke:

Well, and you just go back to the whole security situation overall and the things customers struggling with. And MSP does, the technology is changing, the adversary is super creative in finding any hole to poke. And so if you're the person that is stewarding security for a multiple number of companies, that burden is even heavier because you feel the weight of those technology decisions you're making of the things that you're uncertain or certain of that something has changed and am I on top of it?

And I think this whole tool-centric mantra that I think everybody is trained on in the industry, I'll just go buy this, I'll just go buy that, I think that is what the industry has trained us, how they have trained us to think. And the beauty of what something like WhiteDog does, it simplifies not only your decision-making, but your operations, your billing, your support, it accelerates anything you need to do. So I have this new customer that's come on board or I want to mandate that all of my customers out there do these few security things so we can better support them. We accelerate their ability to do that like 30 days versus six months or a year, so we just put them from a business value, we put them so much more in the driver's seat of whether it'd be economics or operations or customer service that it would be so hard to get from trying to put all these tools together and hope something works.

Shahin Pirooz:

And going back to that special ops team, you're not just gaining tools, you're gaining expertise in pen testing and threat hunting, in incident response, in security operations, in tools engineering, integration, and development. So you're building a full security team in 30 days, that's very difficult for any one tool vendor to offer.

Kirstin Burke:

One thing we've been sharing with MSPs recently, Brian, is a report that we're able to run to really just take a high-level look at an MSP's security posture with publicly available data. So the hackers are looking at this too, but it's been really interesting to see how folks have responded because not only does this report show them their health, their gaps, whatever, but then they've had this aha moment of, wait, now is this something I can share, or is this something I can perform on my end customers? Being able to offer an MSP, that level of insight just at a high level, how have they responded to that and how are you seeing them use that either as impetus for maybe change or moving some of their tools over to a service-based focus, and how are they looking at using that for their customers?

Brian Moody:

This is part of our security posture management offering that we bring as part of the solution that WhiteDog delivers and it's that proactive approach to security. So this is that left of boom component as we've talked about, we're left and right of boom in previous conversations. And so for our MSP partners, we've ran these, so this is table stakes for hackers, it's public data, it's what on the dark web, it's easily accessible data with tools that they have to go out and find this information.

And so we've run these for our MSP partners to show them what their security external posture management looks like. And we've run these for our partners customers at their request and they're using them in a couple of ways, one, when they haven't scored well, it's an aha moment to say, what I'm doing is not working because it's clear I've got data escaping from the infrastructure. Secondarily, we've turned these reports over to our MSP partners who got A pluses, so had very little threat exposure in the dark web. But the interesting comment that came back from one of our MSP owners was, "I know what goes into that A plus, I know what I've had to invest and how much time that we've put in order to be vigilant about maintaining that A plus score."

And this ties back to a forum too that I was on where we asked some MSP partners, "coming into '24, what is your biggest concern?" And along that line of my effort, his comment was, "my biggest concern in '24 is the continued maturity of the attacks that are coming in, what new tool do I have to buy to protect that? And my fear is as I continue to understand the ecosystem for my customers, my cost increases, but they constantly have the other vendors coming in saying, we could do that for less-

Kirstin Burke:

For less.

Brian Moody:

And his point is that, as I understand to protect my environment and I work to protect my customer's environment, there's a cost to that. It's not just the tool, so that's another aspect that we can talk about is the labor associated and the time factors behind the tool. But so these reports show them where they are, but it highlights the effort that it takes to score well. But his comment is really interesting from a standpoint of the continued cost that it takes because the customer doesn't always get that.

And so when someone's coming in saying, I will do it less expensively, he says, "my fear is, I understand my costs go up because I need to protect my customer, but my competition is coming in saying they can do it for less, and that threatens my overall account base that threatens the capability of my company." So for them to find a methodology or a partner who can bring economics to that offering is critical.

Kirstin Burke:

Well, and who doesn't jack up the price every time something changes?

Shahin Pirooz:

I want to tease back because if I'm sitting as one of our listeners and listening to this, there's 40, 50 companies that do external posture management. And external posture management doesn't mean you're going to get hacked, it's an indicator, and most of the solutions out there do nothing but vulnerability scanning. I had one of our partner account managers come to me this morning and say, "we have this end client for one of our partners that has a pretty bad score, they got a D, and they were scared to death and they wanted to know what to do with it and they went back to their web hoster because this is an external poster because all the vulnerabilities were in the external poster and the web hoster told them to take a hike, "we don't have time to deal with all those."

And so he said, "what should I tell them?" And I said, "well, there's a couple of things, first of all, I looked at the report and there was something like 700 high vulnerabilities, so it's pretty bad, the website's a hot mess, we all accept that." And I said, "there's 700 high vulnerabilities, I'm about to talk about something none of your posture tools will do, we're the only player who does this. We take those 700 vulnerabilities and we attempt to exploit them and we identify the ones that are exploitable." So of those 700 vulnerabilities, only 30 of them were exploitable, so I said, "go back to them and tell the web hoster to fix these 30, we'll come back and talk about those things later, but these 30, we know hackers can take advantage of because we took advantage of them." That's the difference between what WhiteDog does and what a tool does, a tool will just tell you, you have 700 vulnerabilities, WhiteDog tells you, go focus on these 30.

Kirstin Burke:

Which is the priority because you're always going to have more alerts more than you can humanly focus on. And so the value is in, what is it that I got to do now?

Shahin Pirooz:

Yes.

Kirstin Burke:

For sure.

Shahin Pirooz:

100%.

Kirstin Burke:

Well, and I think that ties into this level of responsiveness that I think the MSP's maybe aren't getting from some of these tools out there too, they're getting notified, they're getting alerted, but then the burden of effort is switched over to them. I went out and I bought these tools and they said they're going to help me monitor something or whatever, but now I've got this ground swell of alerts over here and I got to figure out what to do with them.

Shahin Pirooz:

Exactly.

Brian Moody:

Monitor, identify, notify, that's what we talk about, MIN. It's part of minimum, the least number of actions that you need to take to meet a requirement, so almost all the tools in the security industry, they monitor, identify, notify, but that notify factor does what?

Shahin Pirooz:

If they include operations.

Brian Moody:

Right. They notify back to the MSP partner, here's 700 vulnerabilities, you go do something about it. Again, I talk about that until we talk about that technology debt, it just comes right back on the MSP.

Shahin Pirooz:

Who's already busy.

Brian Moody:

Well, and you made an interesting point that I thought was interesting, is what is their business about? And I love that you always talk about the why, get to the why, and in many cases, security services, security operations for some of our customers and for our MSPs is part of their business, it's not their core business, this is something they've added as part of their overall expertise portfolio. And so for us to be able to bring a WhiteDog solution in, for us to take the technology data away, because as Shahin said, we don't sell you a tool and help you manage it, we are managing the tool, we're delivering the service. So their engineering teams now can free up to literally focus on the strategic severity components that we feed back to them, these are the strategic piece, now you need to go to secure the environment. Or they have time now to focus on what they do best, which it might not be security.

Shahin Pirooz:

Without losing access or control as we give them access to the consoles on this enterprise stacks.

Kirstin Burke:

Got it. That are available not as 10 separate consoles that they're still 10, but they're aggregated into one pane of glass.

Shahin Pirooz:

They do, they have a single point of interface that from there they could leap into the consoles if they wanted to. The big advantage I would say is that I spoke to an MSP again several weeks ago, different MSP, and the conversation was early dialogue, they were thinking about being a partner and they said, "well, what about my people? How are they going to get into the tools?" And so I explained the same thing, I said, "you get access to all the consoles you want, you don't ever have to log in because we're doing it all for you, but you can and we welcome it." And they're like, "well, are you going to limit our access?" I said, "no," he said, "what if we break it?" I said, "then we'll fix it." And he said, "well, I don't do that with my customers," I said, "you can with us, but it's up to you."

And the outcome of that dialogue was really, he got to a point where he said, "I don't know if I even want my people logging into the console," and I said, "your choice." And that's what we've tried to create here, it's the problem we're solving, the entire genesis of WhiteDog was really foundationally from frustration. Frustration with the industry, with telling us all you need is one tool, with telling us that if you just do this, you're secure and yet we look at metrics in the industry that are completely the opposite of that statement. And nobody is really doing a service to the MSP industry by saying, I'm all you need.

Kirstin Burke:

Mm-hmm. For sure.

Shahin Pirooz:

And yes, I recognize we're saying, "I'm all you need."

Kirstin Burke:

For sure. And I think that's interesting, I think the differences we've highlighted though are significant because, and you spoke about this early on, we are about outcome based, we're about an outcome, we're not about a tool. So depending on what security layer you need to secure, depending on maybe the tools that you already have and the gaps that you have, these are business outcomes that you need accomplish.

And therefore, we have a much broader lens we can look at things with instead of, let's go out and do an RFQ on this type of a tool, it's like, what is the outcome you need? What do you already have or what do you not have, and how do we get you to where you need to go? And so there are many different ways that can happen within the cybersecurity portfolio that WhiteDog has. So I think that's super unique in the industry that it's one place to go, but it's not one way to solve everything.

Shahin Pirooz:

100%. And it's not a static way to solve the thing, so the technical debt is something we've engineered out of our solution by not designing with technical debt. We design with the concept of removing technical debt when it gets heavy, and we do that with that composable infrastructure I was talking about. The other aspect I would say of what is enablement in this space is that you have the ability to take advantage of the pieces and parts of the ecosystem that fit best to close the gaps in your environment. Something that MSP owners have really been enjoying is what we call our economic roadmap, which is showing the timeline for when your current investments expire and a proper decision point of, do I continue, do I renew, or do I choose to embed a WhiteDog service that does those capabilities?

And over time, it shows the TCO of a build versus buy, what gaps you have and you can start with the gaps and then eventually transition to other services if you choose to. So we make it very easy to partner with us, we help you determine what fits, what doesn't fit. And I literally had a conversation with a customer the other day that said they kept wanting this particular service, and I said, "that service doesn't fit for you, and here's the reasons why, and we will never sell you something just to sell you something, we're here to help."

Kirstin Burke:

Well, I think that's a great place to wrap up. And I think for those listening, there are a couple of things we've discussed that if you're curious about how WhiteDog might fit into what you're doing today, we've talked about the scan that we're able to do for your business to take a look at what a hacker might be seeing, that's something that is complimentary that we would be happy to do for you. We've talked about the economic roadmap, which is able to take a look at what you've got. We know that nobody has nothing, Brian's quip, so we know that you've made some investments, and so how are those investments working for you? Where might those investments be leaving gaps? And so where is it that maybe WhiteDog helps you round that out? So we're here to help.

And to Shahin's point, a lot of what we've done is saying there's got to be a better way, there's got to be an easier way, there's got to be a simpler way, there's got to be a more economic way, and so we'd love to share that with you based on what you are doing today. With that, we will leave you, thank you gentlemen for joining, and we'll see you next time.

Shahin Pirooz:

Thank you.

Let's talk!

We’ve Got a Shared Goal, To Secure Your Customers