Why Email Security is Falling Behind
93% of successful cyberattacks start with email—what the heck is going on? Traditional gateway-based email solutions fail to protect against the volume and sophistication of attacks coming our way.
Kirstin Burke:
Hello, everybody. And welcome to Security Bytes. We are so excited to be here with you today. This is WhiteDog's inaugural livestream. My name is Kirstin Burke and I am joined by Shahin Pirooz and James Berger, special guest. And we're just delighted to be here with you today. Before we get going, we're going to do a couple quick introductions. Shahin?
Shahin Pirooz:
Hi, I'm Shahin Pirooz. I'm the founder of WhiteDog. We're a cybersecurity firm that is built for MSPs.
James Berger:
My name is James Berger. I am the co-founder and CIO of BACS. And we are a Bay Area MSP focused on security and enterprise applications.
Kirstin Burke:
Fantastic. So, today, as we get going and as we introduce all of you to WhiteDog, just wanted to spend a little time, first of all and let you know who is WhiteDog and why aren't we WhiteDog. But also, we have James here along with us to just really from the MSP perspective, to talk about what's going on in the market, what MSPs like him are facing, and what types of solutions they're looking for to really help accelerate the security posture of their customers. As we all know, security is not going away. In fact, it's getting more and more complicated, not only for organizations but for the MSPs that serve them. And so, we're just really excited to be here to have this dialogue and we'll get going. So, Shahin, tell us a little bit, we've got WhiteDog, what's this all about?
Shahin Pirooz:
I started in this space roughly with Kirstin and actually knew James back then, and with a bunch of people with us at WhiteDog. That in one of the first MSPs, probably the first MSP in the country about 20 some odd years ago, back in 1999, when that acronym didn't even exist. And we quickly learned and adapted to the challenges faced by doing remote IT for people and remote security. And over the years, as we grew, we had to help vendors shape their tools, and technologies, and create multi-tenancy and subscription pricing, and create models where an MSP could brand something as their own and take it. And it was a challenge. It was difficult. And even today, it still continues to be difficult. Some vendors do it, some don't. The subscription models are all messed up and confusing. And at the same time, the security landscape kept getting harder, and harder, and harder to deal with.
And used to be back in the day, we used to have antivirus and email security and we were done. Everything was great and firewalls. That's clearly not enough these days. And today, there's a huge breadth of companies out there that have rebranded themselves as XDR, when they're really doing nothing more than endpoint and maybe some firewall logs. And it's become really frustrating. And over the past eight years or so, we've been building behind the scenes WhiteDog to address these problems and challenges and help companies to get their security from a level 1, 2, 3 to a 5 overnight. And it was designed from the ground up to be a backend security operations offering for MSPs to take to their customers.
And so, all of the lessons we learned over the last 20 years were embedded into it. And behind those scenes why WhiteDog was, there was two factors for us. One of them was really around this notion of white labeling and being able to let the MSPs brand the services their own. The other was really about the concept of WhiteDog, which is the distillate that comes off of the still before it becomes bourbon. They take that WhiteDog and they put it in barrels and age it, and that's what is the bourbon that we all enjoy today. And being a big whiskey fanatic, that was a factor. We create this core distillate that then every single MSP can go and take and make their own and brand it the way they like it, and age it the way they like it, and flavor it the way they like it. So, that was one of the real foundational components to what is WhiteDog all about.
And then obviously, we had some fun with the logo and we got some great ideas. Our mascot is Cybero, the cyber dog. So, that's really the foundational background around enabling MSPs to focus on doing IT super well and not have to lose sleep at night with security, where we create a backend security offering and portfolio that is evergreen, and ever evolving, and continuous improving.
Kirstin Burke:
So, James, from your perspective, talk to us about BACS, your customer base, what you see them facing from a security challenge and really how that parlayed over to BACS, and how you guys were really struggling to stay in a leadership position to secure them. I mean, what's going on from the MSP side of the world?
James Berger:
So, like Shahin had said, a long time ago when technology became a thing, the running joke was you buy a new computer today. And six months later, hardware's coming out at such a fast pace that your computer's now old, even though you bought it six months ago. Security's the same way, especially now. Back then, yes, you can install antivirus and a firewall and you're good to go, but today there's so many different vectors. There's a cloud, there's end user workstations, there's work from home, there's public wifi. And it's moving so quick. If that's not enough, there's so many different ways to attack. And nowadays, they're not even looking to steal information. They're looking to make you so uncomfortable that you pay a ransom or whatever the case may be.
So, when we start to think about that with our clients, about two, three years ago, we sat down with a team and we said, what's the best way to protect our clients? Well, we need this and we need this. We need endpoint security, we need cloud security piece, we need firewall, all of a sudden you're talking about six or seven different tools. And I was like, okay, so let's go out and figure out what those tools are, but let's make sure we pick the best possible tool and put it all together, and somehow make it all work with each other. And oh, by the way, since we're going to be managing this, how do we set this up so that we're not looking at five or six different panes of glass in order to manage it? Because now, all of a sudden, you could spend so much time switching from different screen to different screen, that you're not really doing your client a service.
On top of all that, once you put all this stuff in place, how do we make sure it's actually working? It says it's on, it says it's protecting, but is there a way that we can say, proactively attack our clients to say, okay, yes, now I feel comfortable that not only do we have a solution in place, but it's also working? So, when we started down this journey, we found that in every different area that we wanted to protect, there was dozens, sometimes hundreds of different options. And it's like, it literally took us two years to get to the point where, okay, we select this, we're selecting this. But then when we packed it all together, the costs was so astronomical that, how are we going to get the customers to buy into this?
So, when Shahin approached me about WhiteDog and he told me about what they've done, I was like, holy cow, this is literally what we've been trying to do for the last two years and thank you. I will say that the one part though that when he told me about it and he said, it's easy to deploy, so being an MSP, the worst thing you want to hear from any vendor is, oh, yeah, it's really easy to deploy. Nothing's ever easy to deploy. We deployed this out to our first client, 300 endpoints, week and a half. I mean when you said I really put it to the test. And I got to say, leveraging a RMM tool, it was so easy to deploy. The support team's been great. Yeah, it's fantastic.
Shahin Pirooz:
Thank you. Add on the point you just made about the how do you test it, how do you continuously validate it? One of the things we strove to do was make sure that it's not just the tools, but we need to give you the results that they're doing what they're supposed to do. And our extended security controls validation was all about that. I have another partner who's at Exchange Security right now. And he was texting me. He said, "I'm talking to this company and they say they do everything you do, what's different?" So, I jumped on their website and looked. They have the same five attacks we do, synthetic attacks in the target environment. Our XDR portfolio includes that. At a price, that's the price of EDR. Their solution was you have to buy the SIEM, you have to buy the other things. And then it's $1,300 per attack, every attack. So, we do five attacks every month. It would be $1,300 times five every month on top of the service that they're getting. And he said, "That's the soundbite I needed. Thank you, I'm off."
James Berger:
I appreciate the fact that you come from an MSP background. So, in a very big way you understand, not just from a technology standpoint what we need, but to offer it at a price point to which our clients will easily adapt to it or easily adopt to it. So, we've been talking to customers. And even customers with tight budgets, because look, budget's a real thing. Even clients with a tight budget have come back and said, yes, we want to move forward with it. We got to figure out how we're going to put it into our budget, but one way or another we're going to do it. Even new clients that come on board now, it's mandatory. It is now mandatory that they select a security package with WhiteDog in order to become a client. If any client says, no, that's too much, or we can't do that, then unfortunately they do have to find another MSP.
Kirstin Burke:
So, talk to us about why you're doing that. Because when you told me that a couple weeks ago, I thought that was so interesting. You are taking such a strong position and it's not about WhiteDog, but it's about you and your business, that you are implementing that with your clients. What's going on with that?
James Berger:
Well, there's a few things. Number one, it's a way to let customers and businesses out there know how important security is. Up to this point, people don't really take security seriously unless they've been directly affected before, they know someone, or they've been affected in some way, shape or form where they've seen the impact to the business, to the protectivity. We don't want them to get to the point where they have to experience that before they take security seriously. And also, we as a company want to focus on what's important, and that's their business. And if we really focus on making sure they're productive, making sure that they're efficient, making sure that they're able to do everything that they need to do to run their business successfully, security has to be a part of that. It has to be. And I would argue with anybody who thinks differently.
Kirstin Burke:
And so, even your companies, you have a range of different sized customers, you are presenting that message large and small, because I think there are smaller organizations that are, "You know what? Got a firewall. You know what? Got antivirus. Good." So, equally, you're sending that message across your entire customer base.
James Berger:
It doesn't matter how big, how small, again, we hear this a lot, well, I don't have any information that they would need or want to steal, or if they steal it, it's not really a big deal. I can recreate it. Really, again, as I said earlier, it's not about the information they're stealing or want to steal, it's about making you uncomfortable. It's making your business come to a standstill. There's a hospital in Illinois, I just read in the newspaper the other day that they went out of business because they couldn't recover from a ransomware attack that happened to them in 2021.
Literally, out of business. We see government agencies, the city of Oakland not too long ago, and right now the city of Hayward's dealing with it. This is a real thing and it's not happening to just big companies. It's the big companies that get all the press, because it makes for good news or good media or whatever. Nobody wants to talk about Joe's Whiskey shop that just got hacked or whatever. But those are happening more often than we actually know.
Shahin Pirooz:
Quite often. On that point, one of the things we include in our portfolio is continuous incident response in addition to the continuous pen testing. How important is that to you?
James Berger:
It's really important. So, I had mentioned to you that this product has allowed me and the team to sleep better at night. Phone calls that we get in the middle of the night now potentially are now real. They're not, hey, look into this, it might be something, this and that. They're real. So, that continuous incident response where the SOC is continuing to follow up with us. And not just follow up and say, hey, have you taken care of this? But they actually helped. Here's some things that we need to do. Here's some things that we need to try. How can we help you? And it just rings home, because these are the same things that we say to our clients, how can we help you? How can we make you better? It's refreshing to hear a vendor say that to us when it comes to the security product.
And the continuous incident response is great, but the active threat hunting, the forensics, if something happens, clients go into cybersecurity insurance. And the first thing the insurance company wants to do is forensics. How great is it to say, hey, we've already done that, here it is? It doesn't slow down the process. Now when customers ask us to assist them with their insurance questionnaire, we're saying yes to everything now. Instead of, yes, you're doing this, but no, you're not doing these three or four things. It's so refreshing. They're getting cheaper insurance, they're getting qualified for insurance. It's just end to end, and I can't say enough. That makes a difference.
Kirstin Burke:
It sounds like part of the value that you as an MSP get as well, when you say we can go through that questionnaire and say, yes, yes, yes. You're accelerating their ability to get to wherever it is they need to be. So, if I need to be insured, if I need to enhance my security posture, all of these things, you're able to say, yep, done. Or yep, we can implement that in a week and a half or whatever it is. Whereas, what did the past look like to you before you were able to do this?
James Berger:
They would generate tough conversations. Conversations that's where they would come back and say, hey, how come these are nos? How come we're not doing these things? It's not that we don't want to do them, it's because you can't afford it in your budget. Or there was never the right solution that would be cost-effective enough for the customer to say, yes, I want to move forward and do this. And so, I'll be honest, when we first talked and you told me about all the things that you're doing, in my head I'm like, okay, this is all great, but it's going to cost me an arm and a leg. There's no way I can provide it to my clients, because 99.9% of my clients are budget strapped. And so, there's no way.
I mean, hey, great job, fantastic, let me pat you on the back. Awesome for putting together a great solution, but there's no way I'm going to afford it. And then when you told me how much it's going to cost to the client, I was blown away. I'm at the point where I'm like, how are you even making money? You know what I mean? But before WhiteDog, it was a real struggle. Because even when you find the solution, again, technology moves at such a fast pace, something that you put in today, six months down the road, something else might be better or more cost-effective, where the customer can save money or the customer can have even greater protection.
Can you imagine us rolling out a solution and then having to replace a component, having to go back out to every client and removing that and adding it? I mean, it's nonstop. And the fact that you guys do that proactively, I mean it's almost a no-brainer.
Shahin Pirooz:
For our audience, I think, to peel that back a little bit...
Kirstin Burke:
Thank you. That was my next question. What is it?
Shahin Pirooz:
One of the things James is referring to is the continuous improvement I hinted towards at the beginning of this. There's a lot of companies out there, manufacturers out there that build their own EDR solution, their own XDR solution technology. And as James said, I'm a big believer, I've always been a believer and have had to do technology refreshes my whole career, where especially in the security space, the lifetime of a good solution, unless they're innovative and keep changing, is no better than five years. And somebody else will leapfrog them and do something better. The hackers will figure out how to bypass them. There's a top EDR solution out there right now that there is a virus killer that squashes them and bypasses them, no problem, that the majority of you are probably using today.
That ecosystem change and challenge creates a real problem. I always liken it to painting the Golden Gate Bridge. Those poor guys paint the bridge, takes a year, they get to the end, got to go back and start over again. They start painting and it never ends. It's a constant, continuous cycle. And what we chose to do, instead of developing all of the actual products and technologies underneath the surface, the engine that makes all this work, it's about 30 commercial products and a handful of open source products that integrate it all together and create this security portfolio. And our partners don't have to worry about that tech refresh. The only aspect of it is, as you mentioned, the rollout, which was in a week to your 300 seat customer to put out the new tool and uninstall the old tool. And that doesn't happen every week.
That's many years, tools will stay in place and then it cycles through. But that continuous improvement makes it so that you are comfortable that the best in class technologies are always being used. And then our continuous pen testing runs five attacks every month. It's a ransomware, password capture, lateral movement, data exfiltration and connection to command and control. So, not only do you get a sense that that endpoint tools and email security tools and all those things are working, but is the customer's firewall configured properly? Is it blocking this? Does DNS defense actually prevent connection to command and controls? So, all those factors are baked into this overall solution. But because we picked best in class, our stuff will never go stale.
Kirstin Burke:
We like to call it an evergreen security platform.
James Berger:
And that's so important to us, because now we know the solution's not only in place, but there's someone that is continuing to approve the product. And if there's something that needs to be replaced, it gets replaced and we get notified of it. The information that we get, the reporting that we get is all everything that we're looking for as an MSP to provide to our clients. We talk about security, and one of the biggest things about security that I think sometimes gets overlooked is vulnerability scans. And that really helps us, because it allows us to make sure that our patch management policies are actually working. These things that we say we're patching, the vulnerability scans basically is that second check that says, okay, yes, all these patches that you did, it's confirmed that it's patched. And if something isn't patched, then we can go back and say, okay, hey, this needs to be pushed out again or whatever the case may be.
Kirstin Burke:
So, Shahin, we've talked a lot about security. We've talked about the security platform, we've alluded to what it is. Can you just quickly, what is it that we are offering to organizations like James'? What is included? Why did we pick those set of services to include in this platform? Just so we can be super specific in the minds of anybody listening.
Shahin Pirooz:
I've been in this role of CISO for almost 30 years now. And the world, from my perspective, has forgotten aspects of security or relies on traditional security in a way that we can't anymore. Firewalls are an example. There is no edge. Your users are everywhere. They're sitting in Starbucks, they're sitting at home, they're sitting all the places James was talking about earlier. And so, thinking that I built this great firewall, the best in class firewall only helps those people and systems that are in your office. But then you create a VPN and let them into the network. And by implicit trust, that IP address on your network now has access to your network. So, if that machine at home is compromised and they VPN in, now your network is compromised. So, even with the best security at the edge, you're still not securing.
So, what we've built is a portfolio of services that cover the two halves or the two sides of the coin. One side of the coin is the cyber, the endpoint, the user aspect. So, what they access, how they access it, how they're protected from the two largest threat vectors, email and DNS. And then on the backside, it's the network. What is the access controls? How do you segment systems from each other? How do you prevent lateral movement? How do you block a hacker who compromises one system from impacting the entire network? And we've come in after the fact and done incident responses for companies that were not customers. And countries, they may be across multiple countries and every country isn't encrypted. Every system and every country and their network's down, it takes them months to recover.
We've done incident response for customers that are on the service. It's 48 hours and they're up and running again. And it's not a matter of if you will get hacked, you will get hacked. Every one of your customers at some point will get hacked. How well are you set up to defend against it? So, that notion of those two sides of the coin, protecting the endpoint and the user, and then protecting the network are really what we put together. So, we have this portfolio of XDR services that are really focused on DNS, email security. And email security is not your traditional gateway security. It's more advanced phishing protection, business email compromise, the key things that are big problems today that gateways don't solve. DNS defense is all about protecting... The 80% of all malware requires DNS to function. So, preventing that malware from getting to command and control, you just knocked out 80% of the stuff that lands on the system.
And then, obviously, the MDR endpoint protection is a key factor and key component. Beyond that, based on your client's needs, there's SIEM add-ons to that so that you can expose a SIEM to the customer. Some regulatory requirements require a customer to have their own SIEM. So, we've got that capability. On the SASE side, we have ZTNA and secure web gateway functionality. We have ZTWAN, which is zero trust, MPLS replacement, global network. And we also have NDR, which is segmentation and deception integrated together. And then there's other ancillary services for most of those our MSP partners do themselves, but we have it in case somebody doesn't. And so, it's really this portfolio that's designed to close gaps and be, I like to call us the special operations team in the background.
You guys are the infantry, taking care of everything, taking down the core battle and making sure we're moving the front forward. And we're just there to help if stuff goes wrong. And that's really the operations team that we put together in the back end, is a support layer on the security side. And then the tools are there to have that frontline defense, prevent the stuff from getting in at all, prevent the attacks from happening if we can. And like I said, no tool is perfect and the hackers are pretty freaking smart. They keep leapfrogging any security controls we put in place. A perfect example is there was most recently one of the endpoint tools we have, there was a compromise found in it. And we deployed the fix in that compromise across every one of our systems as overnight, because we're constantly on top of what's happening.
If you're busy and your help desk is busy dealing with end user support and claims and you don't have time to look at the feeds, and the threats, and all that that are coming in, it's hard to do both. It's hard to do the front end, back end without a large team, which is what James was hinting at.
James Berger:
And I'll add something to that. I think earlier I talked about picking all the different technologies to secure clients, but making them work together is a skill in itself. And the fact that, to me, that's what really put me over the finish line with you guys, was not only did you select the tools, but you've masterfully configured everything to feed and work off of one another so that it works together seamlessly. And that's tough to do. And aside from selecting a product, that's what really makes it special, is the fact that you've done that. And because you've done that, you can replace a piece and still make sure that everything's running smoothly together.
Kirstin Burke:
And on that point too, James, you had mentioned earlier that as you thought about building this and managing it, just all of the different consoles and all of the different information, and how do you stay on top of it? From your experience as the MSP in between WhiteDog and the customer, how is that experience for you now? What are you able to see, view, manage?
James Berger:
So much better. Our frontline team does not need to log into any portal and check on anything, because purple team's taking care of them. So, purple team will notify us if something's going on and it then triggers our own incident response plan with our own internal team. The information and everything that's available to us now really goes to our account managers. Our account managers now can log in, get this information, and now all of a sudden our quarterly business reviews with our clients become so much more substantial. It's not just talking about, hey, where's your business headed? Here's what we've done and here's what we plan on doing. But now we can add the security piece to say... And we share it with them raw.
So, here's how many threats actually came in, but here's how many we're taking care of. And here's what the security that you're paying for to prove to you that you're constantly being attacked, here's proof that it's all being taken care of. That's a good feeling. It's a good feeling. Our account managers will come back and say, hey, this is great. We can go in there now more confident about security, just knowing that it's taken care of. So, it's huge.
Kirstin Burke:
Do you want to talk a little bit, Shahin, on the same note about the portal that comes along with the WhiteDog service for the MSP partners?
Shahin Pirooz:
Yeah. One of the things early on when I was having dialogue and engaging the MSP community to see what do we need to do, what's appealing, what's interesting. I had conversations with James. I had conversations with a couple of our other partners. And the one thing that we heard is you got to add some value. You can't just come in and sell a bunch of tools. And so, to that end, we started thinking about how do MSPs work and play. And we created a portal which we're just now launching. And this portal is a white label branded portal for our partners, which will show all of your customers it's end level multi-tenancy. So, there's some MSPs that have subs that they sell their services through. And you can have those as subs underneath you and their companies as sub-companies. And so, we've created this end layer multi-tenancy structure in our...
And when I say end layer, most vendors out there are lucky. You're lucky if you get two level. So, the MSP and the customers, but nothing beyond that. But we've created this so that you can go as many layers deep as you need to. And the logic behind that was we understand that business changes and people grow, and they want to do different things. And so, that model allowed us to, number one, create a place where you go and get the content that James is talking about. So, there's information about the vulnerabilities, the threats, the DNS, the posture of DNS, the things that are important to a customer. Also, we decided just showing the data that we are collecting isn't enough, because you care more about other things in the customer network than you do just what we do.
So, one of the things we did, many MSPs use a platform called Liongard in their portfolio. We created an interface to Liongard. And those of you who use it will agree with me, the interface is not fantastic for Liongard, just so we're clear. So, we created a much better interface through Liongard data. So, it makes it very simple for an MSP who's leveraging it, using it to collect Office 365 data, Azure data, AWS data, other tools that the customer might be using. And all of that data is aggregated in our portal in one place for the account managers, the customer themselves, where customers can log into the platform. And then on top of that, we decided nobody wants to log in with multiple credentials and remember different things. So, we created single sign-on with our WD auth platform that integrates with Microsoft authentication and Google authentication.
So, you use your own credentials for you and your customers use their own credentials for them, and everybody is happy and can log in and see what they need to see. And then beyond that, we did role-based access. Today, the portal is read only the first releases, but over time there'll be more actions that come into it. And that role-based access has partner level admin support, and user, and then customer level admin support and user, so that you can delegate rights appropriately to whoever in that company needs to see what... All of that was down that path of white labeling. And in the integration you talked about, how do we pull together this data in a simple way that's consumable.
So, we're pretty excited about what we've done there and what's coming out. And it's being well received by early adopters. James has not had the fortune of seeing it yet, but right after this session we're going to be showing James what he's got. So, I'm looking forward to that. But we literally launched at the beginning of this month, the import one.
Kirstin Burke:
So, as we wrap up, James, I'll just give you the last word. You've got peers out there who probably are somewhere along the same trajectory that you had been. What are either some recommendations or what are some takeaways that you would share with them as they walk this security path? What would you leave with them?
James Berger:
Yeah. I think simply put, whatever security solution you have in place today, however good you may think it is, a conversation with WhiteDog is at least warranted. At least have the conversation, see how it stacks up and compares to the stack that you are currently deployed and how much better it can be. And then compare it from everything. Compare price point, compare cost, compare technologies. As MSPs, especially business owners, we want to really focus on what's important to us, growing the business and focusing on the client. The last thing we want to deal with is a cybersecurity threat, things like that. If you truly want a solution that's going to make you sleep better at night, make you feel more comfortable that you're doing the right thing for the client, give Shahin and team a call. I mean if nothing else, it's worth the conversation at the very least.
Kirstin Burke:
Well, thank you both for joining us.
James Berger:
Yeah, thank you.
Kirstin Burke:
We're so excited about the business. We're so excited about launching it out more to the public. James, thank you so much for joining us and for your insight. And for any of you who have listened who are interested in my next step in checking it out, please feel free to reach out to us, either whitedogcyber.com or shahin@whitedogcyber.com or kirstin@whitedogcyber.com. We'd love to have a conversation with you. So, thank you and we'll see you next time.
Shahin Pirooz:
Thank you.
While many RMM vendors are adding security features and branding themselves all-in-one solutions, cybersecurity cannot be treated as a simple add-on. It requires a holistic strategy and specialized expertise that RMM vendors typically lack.