Check out our companion blog!
May 2, 2023

What are SIEM, SOAR, EDR, XDR? Are they available as a service?

What are SIEM, SOAR, EDR, XDR? Are they available as a service?

Are you doing all you can to stop ransomware attacks before they happen, or kill them the moment they show up? Have you looked into this and found yourself swimming in alphabet soup (SIEM, SOAR, EDR, XDR)? Have you looked at some of these tools and found them to be prohibitively expensive or too complex? This is the episode for you. We have Dez Rock, CEO of SIEMonster, a SIEM/SOAR/XDR as a service company. She helps us weed our way through these acronyms, and then tells us about how SIEMonster (pronounced sea-monster) is bringing this important technology to companies of all sizes.

Mentioned in this episode:

Interview ad

Transcript
W. Curtis Preston:

hi, and welcome to Backup Central's Restore All podcast.

W. Curtis Preston:

I'm your host, w Curtis Preston, AKA Mr.

W. Curtis Preston:

Backup.

W. Curtis Preston:

And I have with me my senior H D M I consultant, Prasanna Malaiyandi.

W. Curtis Preston:

How's it going?

W. Curtis Preston:

Prasanna.

Prasanna Malaiyandi:

I'm good.

Prasanna Malaiyandi:

Curtis.

Prasanna Malaiyandi:

I'm I, by the way, my bill is in the mail, so, or invoice

W. Curtis Preston:

Alright, I'll, because once again, once again,

W. Curtis Preston:

you ended up having a fountain of knowledge about a random technical

W. Curtis Preston:

topic that ended up being very useful.

W. Curtis Preston:

I mean, the fact that you just were like, oh no, I think that's the, the H

W. Curtis Preston:

G M I 1.7 spec that came out in 2009 or.

W. Curtis Preston:

Um, and they're like, and then when I, so, so basically, yeah, so I have

W. Curtis Preston:

a new Apple TV and meaning the, the little box, and I was trying to connect

W. Curtis Preston:

it to my 2009 plasma television.

W. Curtis Preston:

And, uh, it uses, uh, HDMI-CC.

Prasanna Malaiyandi:

Yep.

W. Curtis Preston:

Yeah, to control the power off and power

W. Curtis Preston:

on and it wasn't working for me.

W. Curtis Preston:

And uh, I was just talking to Prasanna about that.

W. Curtis Preston:

And then once again, you were like, oh, well if you checked the

W. Curtis Preston:

setting and such, watch a macall it.

W. Curtis Preston:

And you, you solved my problem.

Prasanna Malaiyandi:

Yeah, and I solved your problem that Apple

Prasanna Malaiyandi:

support couldn't even solve for you.

W. Curtis Preston:

Yeah, yeah, apple support was worthless.

W. Curtis Preston:

Uh, and this is all just a process of getting towards my new big giant

W. Curtis Preston:

TV that will at some point arrive.

W. Curtis Preston:

Um, I'm just, I'm just waiting for that moment to buy the big, the big giant tv.

W. Curtis Preston:

But, um, I bought the soundbar first, so I have this old

Prasanna Malaiyandi:

Speaker:

And was your wife happy

W. Curtis Preston:

My wife was so happy that she could turn

W. Curtis Preston:

the television off, you know?

W. Curtis Preston:

I mean, it was so, it was such a burden for her to have to get

W. Curtis Preston:

up and turn on the TV when she first starts watching television.

W. Curtis Preston:

Uh, and

Prasanna Malaiyandi:

well, and I think, I think just to clarify, I think

Prasanna Malaiyandi:

off work, turning off the TV work,

W. Curtis Preston:

off.

Prasanna Malaiyandi:

turning on.

W. Curtis Preston:

Which is what made it so confusing off worked, but on did not.

W. Curtis Preston:

And, um, but now they both work and my wife can watch

W. Curtis Preston:

television without, you know,

Prasanna Malaiyandi:

Cursing your name

W. Curtis Preston:

Exactly.

Prasanna Malaiyandi:

Speaker:

being like Curtis, why do

W. Curtis Preston:

and now, now, once again, she will, she

W. Curtis Preston:

will give you credit for it.

W. Curtis Preston:

Uh, and I

W. Curtis Preston:

will get no credit, but, Such is life.

W. Curtis Preston:

So, um, let's move on to our guest.

W. Curtis Preston:

I found her her background, fascinating.

W. Curtis Preston:

She has degrees in both business and law and she finished her M B a

W. Curtis Preston:

while actually running the company that we're talking about today, which

W. Curtis Preston:

is, uh, SIEMonster, that's s i e.

W. Curtis Preston:

Monster, an affordable security monitoring software solution.

W. Curtis Preston:

She's now their c e o and you can find her on Twitter as @deztraction

W. Curtis Preston:

so that's d e z traction.

W. Curtis Preston:

Uh, welcome to the Pod Dez Rock.

Dez Rock:

Thank you.

Dez Rock:

Thank you for

Dez Rock:

having me

Dez Rock:

guys.

W. Curtis Preston:

So, uh, you, so you've been, you've been all over

W. Curtis Preston:

the globe and you are now currently.

W. Curtis Preston:

I think just a few miles where I lived

W. Curtis Preston:

for a

W. Curtis Preston:

while.

W. Curtis Preston:

Where, where, where exactly?

W. Curtis Preston:

You're in Delaware

Dez Rock:

I am, I just gimme a minute.

Dez Rock:

I want 'em to announce it like the locals.

Dez Rock:

No.

Dez Rock:

Uh,

W. Curtis Preston:

Are you in Newark?

Dez Rock:

No, no, exactly where

Dez Rock:

I'm,

W. Curtis Preston:

yeah.

W. Curtis Preston:

So that's actually where I got my start.

W. Curtis Preston:

In backups back in 1993, I was fresh out of the Navy.

W. Curtis Preston:

I was, I had, the Navy had sent me to Philadelphia, so my ship was in

W. Curtis Preston:

dry dock up there in Philadelphia.

W. Curtis Preston:

And um, so I got out and immediately went into, uh, backups, uh, because it was like

W. Curtis Preston:

many people, it was the job I could get.

W. Curtis Preston:

No one, no one wakes up, you know, no one dreams of being a, a backup

Prasanna Malaiyandi:

Hey, don't shatter people's hopes.

Prasanna Malaiyandi:

You know, I'm just saying, Curtis, maybe there

W. Curtis Preston:

you wanna be a backup person, there is demand.

W. Curtis Preston:

Trust me.

W. Curtis Preston:

Uh, there's just not a line.

W. Curtis Preston:

and, but yeah, I got my start there on Christiana Road.

W. Curtis Preston:

The, that was where, uh, bank of America was.

W. Curtis Preston:

Uh, I have a, I have a daughter who's now 28, who was born on Christiana

W. Curtis Preston:

Road at Christiana Hospital.

W. Curtis Preston:

So I'm feeling very close to you right now, even though you're all the way

W. Curtis Preston:

on the other side of the country.

Dez Rock:

That's lovely to hear.

Dez Rock:

Cause I know you're in

Dez Rock:

California,

W. Curtis Preston:

absolutely.

W. Curtis Preston:

The, the, the complete opposite corner of the country.

W. Curtis Preston:

Um, now clearly based on how I'm hearing you speak, uh, you were

W. Curtis Preston:

raised in, in a different part.

W. Curtis Preston:

Uh, probably a, probably a different hemisphere, I'm guessing.

Dez Rock:

Do you

Dez Rock:

wanna

W. Curtis Preston:

Oh,

Prasanna Malaiyandi:

This is Curtis's favorite thing.

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

It's, it's not fair because I, I looked at your LinkedIn page

W. Curtis Preston:

and I knew that you went to Victoria.

W. Curtis Preston:

Uh, so, uh, that's not fair, but I, I would've gotten it either way.

W. Curtis Preston:

I, I definitely, uh, my favorite is trying to, trying to,

W. Curtis Preston:

within a few phrases, trying to

W. Curtis Preston:

distinguish whether or not I'm talking to a Kiwi or a, or an Aussie.

W. Curtis Preston:

Um,

Dez Rock:

And Aussie, so my accent is not the one that the Americans are used to.

Dez Rock:

And I, and I can drop it down to what you guys would most people think I'm from

Dez Rock:

England and when I come to the us right?

Dez Rock:

Unless, unless I start talking a bit like this.

Dez Rock:

And then, then they'll, they'll really know then it's

W. Curtis Preston:

Exactly.

Dez Rock:

And so what's really, what's really hard to fathom, most Americans

Dez Rock:

I've, that accents can differ in a country.

Dez Rock:

It's remarkably

W. Curtis Preston:

they should, it shouldn't, uh,

W. Curtis Preston:

surprise them.

W. Curtis Preston:

I mean, we have like 20 in this country.

W. Curtis Preston:

Yeah.

Dez Rock:

know.

Dez Rock:

I know.

Dez Rock:

I know.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

And, and what's more amazing to me is how much accents can vary in England, right?

Prasanna Malaiyandi:

Speaker:

I was just gonna bring

W. Curtis Preston:

little country.

W. Curtis Preston:

And, you know, you have a different accent between north and South London, right?

W. Curtis Preston:

I I, and it's just, and, and then you have accents, accents

W. Curtis Preston:

vary based on class, right?

W. Curtis Preston:

On education and, and

W. Curtis Preston:

all of that,

W. Curtis Preston:

right?

W. Curtis Preston:

Um, so yeah.

Dez Rock:

That's

W. Curtis Preston:

yeah,

W. Curtis Preston:

I, I, I enjoy.

Dez Rock:

But the same can be said in New York, New York, right?

Dez Rock:

I mean, a New York accent depends on how they, you could tell literally

Dez Rock:

where, whereabouts they're from because of that, and that's just one

W. Curtis Preston:

That is true.

Dez Rock:

So it is just the inability to apply the exact same rule to other

Dez Rock:

countries.

W. Curtis Preston:

We, we, um, Yeah, we, I don't know.

W. Curtis Preston:

I don't know what to say.

W. Curtis Preston:

America.

W. Curtis Preston:

Um, so, so, but you're, you're here now, so, uh, you're,

W. Curtis Preston:

you actually live in Dallas.

W. Curtis Preston:

The company is headquartered in Delaware.

W. Curtis Preston:

I'm seeing

W. Curtis Preston:

New York also.

W. Curtis Preston:

Where, what is, how does New York figure into it?

Dez Rock:

so we were in New York Post, uh, pre pandemic with the

Dez Rock:

headquarters, and I used to be, I, I've transferred from New York.

Dez Rock:

I, I used to live in New York as well, and uh, New York is where we went

Dez Rock:

through Techstars in 2018 as well.

Dez Rock:

So that's why, uh, that's why we have a presence or had a presence in New York.

Dez Rock:

I'm about to pull out of New York.

Dez Rock:

Um, stick to, um,

Dez Rock:

Dallas.

W. Curtis Preston:

Nice.

W. Curtis Preston:

All right.

W. Curtis Preston:

Well, I've been in all those places.

W. Curtis Preston:

I love all those places.

W. Curtis Preston:

Let's, let's talk about, um, by the way, Dallas, uh, clearly

W. Curtis Preston:

wins, uh, from a barbecue perspective, um, unless you're,

Dez Rock:

Right?

Dez Rock:

Yes.

Dez Rock:

Well, you don't,

Dez Rock:

they'll let

Dez Rock:

you.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

yeah.

W. Curtis Preston:

Although of the, of the three cities they win.

W. Curtis Preston:

Although if I'm in, if I, if I get to choose my Texas cities based on

W. Curtis Preston:

barbecue, Dallas wouldn't be it.

W. Curtis Preston:

Sorry folks.

W. Curtis Preston:

Sorry.

W. Curtis Preston:

Dallas folks.

W. Curtis Preston:

I'm a bit of a Austin Barbecue fan, but

W. Curtis Preston:

anyway, I've had great, but I've had great barbecue in, in,

W. Curtis Preston:

in Dallas.

W. Curtis Preston:

Uh, my favorite was at Terry Blacks.

W. Curtis Preston:

but anyway, we.

Dez Rock:

Yeah, that's exactly what I've

Dez Rock:

heard as

W. Curtis Preston:

we could easily have an entire podcast about

Prasanna Malaiyandi:

But we're not.

Prasanna Malaiyandi:

Yes,

Prasanna Malaiyandi:

but

W. Curtis Preston:

not.

W. Curtis Preston:

That's not why we're here to talk.

W. Curtis Preston:

So, did you see the way he's reining me in Des so let, let's go back to 2016.

W. Curtis Preston:

When you, you got this idea to, to, you know, start this new company,

W. Curtis Preston:

what problem did you see that you were trying to.

Dez Rock:

Well, at the time we were Kustodian with a K and we were

Dez Rock:

professional hackers, so we were pen testers, um, working all over the

Dez Rock:

world, a small elite bespoke group, um, with clients all over the world.

Dez Rock:

One of our Australian clients, um, BlueScope Steel, fourth largest steel

Dez Rock:

manufacturing in the world, uh, had some issues with some ransomware.

Dez Rock:

I know that's a topic that.

Dez Rock:

You guys were Yeah.

Dez Rock:

Wanna touch on.

Dez Rock:

But, um, had some issues with that and, um, instead of, uh, that,

Dez Rock:

that we would be testing them every year for their compliance,

Dez Rock:

you know, for penetration testing.

Dez Rock:

So they actually asked us, well, are there no tools for this?

Dez Rock:

Uh, is there no way that we can support or, you know, protect our data?

Dez Rock:

And we are red team, right?

Dez Rock:

So we.

Dez Rock:

I don't know.

Dez Rock:

Let have a look.

W. Curtis Preston:

You're like, we don't do that.

W. Curtis Preston:

We don't do protect.

W. Curtis Preston:

We do

Dez Rock:

we, we don't do that.

Dez Rock:

We, we know, we know how to get

Dez Rock:

in and we we get in real, like we know that we know how to penetrate very well.

Dez Rock:

Right.

Dez Rock:

Um, there isn't a area, and that's one of the, like, there isn't a

Dez Rock:

customer, a location, a challenge that we have not risen to by the way.

Dez Rock:

Right.

Dez Rock:

So, Badge of honor that we wear.

Dez Rock:

Um, so these clients are, so they asked for software to be Blue team, right?

Dez Rock:

Like protect, and um, to which we said, let's have a look.

Dez Rock:

And the one name at that time that came up was Splunk.

Dez Rock:

They can handle really big data and they can do this.

Dez Rock:

And so we said you wouldn't believe this cuz that Splunk is now, we said, let's

Dez Rock:

just let you know we're happy to bro.

Dez Rock:

Like let's introduce you to Splunk.

Dez Rock:

Right?

Dez Rock:

So we did and, and Splunk gave them a quote.

Dez Rock:

And it was at that point, to cut a story short, it was at that point that BlueScope

Dez Rock:

said to us, is there no way that we could perhaps solve this any other way?

Dez Rock:

And we said, you know what?

Dez Rock:

Let's have a look at some open source tools, right?

Dez Rock:

And so, the need was affordable security for big data.

Dez Rock:

Um, and that was the, uh, field in which we went into.

Dez Rock:

And at the time we went with open source tools, right.

Dez Rock:

And we patched them to, you know, like we basically stitched them up.

Dez Rock:

We made, you know, like put a cover on it, made it easier to

Dez Rock:

use, made it easier to roll out.

Dez Rock:

And that's how SIEMonster started.

Dez Rock:

And SIEMonster was always, we thought at the time, an annex to what we already.

Dez Rock:

I mean, we were pen testers, we're hackers.

Dez Rock:

We thought this is just this cute little project that was happening on the side.

Dez Rock:

One off.

Dez Rock:

Well, our, what started like a very small snowball got bigger and bigger.

Dez Rock:

Uh, the Australian government, including us, Aus Cyber backed us.

Dez Rock:

Um, to come to San Francisco to rsa, which we were now nominated product

Dez Rock:

of the year back then as well.

Dez Rock:

So we started to track momentum.

Dez Rock:

Uh, we saw that then that's where we saw further needs.

Dez Rock:

Okay, so this wasn't just a one off.

Dez Rock:

There really is a need for big data to be secured down at

Dez Rock:

a far more affordable price.

Dez Rock:

Right?

Dez Rock:

Um, because we vehemently believe that, uh, security

Dez Rock:

should not be gate kept by price.

Dez Rock:

Right.

Dez Rock:

So, uh, that's a fundamental that that's, by the way, that's harks back to the

Dez Rock:

days of when we were hackers as well, because we, uh, participated in the

Dez Rock:

DEFCON culture way back when as well.

Dez Rock:

So we were always giving back to community and feeling this way.

Dez Rock:

So that hasn't changed.

Dez Rock:

So that is the, uh, origin story

Dez Rock:

of SIEMonster.

Prasanna Malaiyandi:

So just a quick question.

Prasanna Malaiyandi:

I know you mentioned a couple times big data.

Prasanna Malaiyandi:

So did you feel that in the big data space there weren't any

Prasanna Malaiyandi:

tools available that were simple?

Prasanna Malaiyandi:

There weren't tools available that were

Prasanna Malaiyandi:

affordable or all the above?

Dez Rock:

If we go back to the origin story, the original, uh, thing

Dez Rock:

was it wasn't affordable, right?

Dez Rock:

By the way, the SIEM space was not as crowded as what it's now.

Dez Rock:

Right.

Dez Rock:

Um, so it's quite different now.

Dez Rock:

And I know a lot of people are doing a lot of things and that's, that's

Dez Rock:

really great to see that we're all that, that give, people are giving

Dez Rock:

Splunk a run for their money.

Dez Rock:

Um, but I dunno how many people.

Dez Rock:

Attacking the big data spaces.

Dez Rock:

You know, there's a lot that will go small, medium.

Dez Rock:

And the other thing that a lot of, um, people are doing, if you know

Dez Rock:

this space really well, is they will charge by node or by, you know,

Dez Rock:

they, they'll charge by endpoint.

Dez Rock:

And when you do that, you are asking your security operators to pick

Dez Rock:

and choose what they wanna cover.

Dez Rock:

Now that's vehemently against.

Dez Rock:

Belief system too, because if you do not put locks on all your doors,

Dez Rock:

then your house is not secured.

Dez Rock:

It's a zen.

Dez Rock:

It's as simple as that, right?

Dez Rock:

So, uh, we thought, well, that's a design flaw.

Dez Rock:

Again, this is red hat, like red team thinking about blue, right?

Dez Rock:

Because we know how to get in.

Dez Rock:

So if you leave a door open, we already know that we're gonna,

Dez Rock:

like, that's the best way to get in.

Dez Rock:

So if you're not covering all your end points, then your system is not secure.

Dez Rock:

Period.

Dez Rock:

End of story right there.

Dez Rock:

That's why we decided big data is.

Dez Rock:

Where we need to aim for.

Dez Rock:

Right.

Dez Rock:

And it doesn't mean big data, big organizations.

Dez Rock:

It just means any data, all data, all encompassing.

Dez Rock:

Hmm.

W. Curtis Preston:

interesting.

W. Curtis Preston:

So I heard, I heard you say two things that to me sound like they

W. Curtis Preston:

conflict and they probably don't.

W. Curtis Preston:

So I just need you to help me understand.

W. Curtis Preston:

One was you said that you, you, you agree with.

W. Curtis Preston:

Me that you know, you know, you need to protect everything, right?

W. Curtis Preston:

If you're not protecting everything.

W. Curtis Preston:

And then it sounds like you have a solution that's aimed

W. Curtis Preston:

specifically at Big Data.

W. Curtis Preston:

So does that mean there's other parts of the organization that

W. Curtis Preston:

you're not protecting?

Dez Rock:

No, what I'm trying to say is that our solution is, uh, is scalable.

Dez Rock:

Right.

Dez Rock:

And that's part of the story of our success.

Dez Rock:

We're scalable.

Dez Rock:

So it doesn't matter what you throw at us, we will put a circle

Dez Rock:

around your entire organization.

Dez Rock:

And if you, if you grow, we grow with you.

Dez Rock:

It's as simple as that.

Dez Rock:

Um, and without hesitation, and no one can do the EPS that we do, like the

Dez Rock:

events per second, the challenges that that requires, like we excel at that.

Dez Rock:

So when we started, like what started off.

Dez Rock:

Helping one client.

Dez Rock:

Let's face it.

Dez Rock:

Like helping one client then started to become like, how do we,

Dez Rock:

and it was always with the red, uh, red team, uh, vision, right?

Dez Rock:

We need to protect everything clearly, right?

Dez Rock:

We all agree in that if you're not protecting everything, you're not

Dez Rock:

protecting the entire organization.

Dez Rock:

So if that's the case, then how do we do that?

Dez Rock:

But do it really fast as well, because you do not wanna slow

Dez Rock:

the network down as well.

Dez Rock:

You see how they all, it's all hand in hand and it all comes down to, again,

Dez Rock:

the way we do things cause of who we are.

Dez Rock:

Right, and so that's why big data and all encompassing

Prasanna Malaiyandi:

So just pushing back on what Curtis had said, right.

Prasanna Malaiyandi:

I think probably Curtis, what you were confused about was

Prasanna Malaiyandi:

probably the big data word, right.

Prasanna Malaiyandi:

And phrase, right.

Prasanna Malaiyandi:

I think it's really like Des, like you had said, right?

Prasanna Malaiyandi:

You scaled depending on if you are a small shop and growing

Prasanna Malaiyandi:

or if you're a big shop, right?

Prasanna Malaiyandi:

It's a single solution that you could use.

Prasanna Malaiyandi:

That scales as you grow versus a lot, I'm guessing in this space there's

Prasanna Malaiyandi:

a lot of people where it's like, Hey, if you have a small solution,

Prasanna Malaiyandi:

you're probably not gonna use

Dez Rock:

They

Prasanna Malaiyandi:

They won't use the exact same implementation because

Prasanna Malaiyandi:

either it's too expensive to deploy like your enterprise wide, and we see

Prasanna Malaiyandi:

this in other software stacks as well.

Prasanna Malaiyandi:

Right?

Prasanna Malaiyandi:

You have an enterprise-wide solution, which is more complex and has all

Prasanna Malaiyandi:

the bells and whistles, but, uh, sort of a small medium company, it's too

Prasanna Malaiyandi:

complex because they may not have the dedicated IT resources to use.

Prasanna Malaiyandi:

And then you have the opposite problem, where if you have a solution

Prasanna Malaiyandi:

for small, medium businesses, when you get to enterprise, it

Prasanna Malaiyandi:

doesn't quite meet the scale and the security requirements and other

Dez Rock:

You have hit the nail right on the head there.

Dez Rock:

So we are a solution that can be used by small, medium businesses

Dez Rock:

and can scale all the way up to enterprise without a blink of an eye.

Dez Rock:

Immediately, you don't have to do anything.

Dez Rock:

It just does it.

Dez Rock:

So that's part of the technology that we've built in.

Dez Rock:

and by the way, if you're small, medium, you actually get the

Dez Rock:

benefit of enterprise grade security.

Dez Rock:

So there's that too.

W. Curtis Preston:

Our audience is primarily data protection focused folks

W. Curtis Preston:

who might not actually know what a SIEM solution is.

W. Curtis Preston:

So, uh, and by the way, is, is that, by the way, is

W. Curtis Preston:

that how it's generally pronounced?

W. Curtis Preston:

Cuz I've always said SIEM solution.

Dez Rock:

I think, um, I think it's pronounced different

Dez Rock:

in different countries.

Dez Rock:

And when we saw it, we, in Australia, we saw it as SIEM.

Dez Rock:

Right.

Dez Rock:

In fact, we didn't even know what a SIEM was.

Dez Rock:

We were like something held your pants up.

Dez Rock:

No idea.

Dez Rock:

That's where we started.

Dez Rock:

Right.

Dez Rock:

Um, uh, it was only later.

Dez Rock:

Once we named the company SIEM Monster, right?

Dez Rock:

The way we named it, then we realized that a lot of people call it SIEM.

Dez Rock:

So, uh, and then we were stubborn about it and we started calling it, right?

Dez Rock:

Um, that's that too.

Dez Rock:

SIEM stands for s, it's s i e M, right?

Dez Rock:

Uh, security info Information event management.

Dez Rock:

It's another way of saying monitoring software that SOCs

Dez Rock:

will use, for example, right?

Dez Rock:

Or any security analyst will use.

Dez Rock:

Uh, so it's to give you a God view of your entire organization and

Dez Rock:

the events that happen in there.

Dez Rock:

Now there is a lot of things, and the definition of SIEM is a

Dez Rock:

really good one because there's a lot of confusion out there.

Dez Rock:

People think that are such a searchable database is a SIEM, it's not.

Dez Rock:

So you need to add some context around.

Dez Rock:

Prasannas laughing.

Dez Rock:

Cause I think, you know, it's Right.

Dez Rock:

So, right.

Dez Rock:

Um, so you, a SIEM ought to have some enrichment into as well.

Dez Rock:

And that happens when, um, with recognition that

Dez Rock:

this needs to be an event.

Dez Rock:

And then of course we have certain factors like SOAR capabilities

Dez Rock:

and XDR capabilities, which is the newest version of SOAR, let's say.

Dez Rock:

And so SOAR, and I'm gonna give a very basic, uh, analogy here, is when we.

Dez Rock:

Have a rule set apply to events that always happen.

Dez Rock:

And I like to use the logging, you know, like putting in the wrong

Dez Rock:

password over and over again.

Dez Rock:

So when that happens, or someone logs in, like you guys are a Delaware based

Dez Rock:

company and you're all in Delaware and yet somebody in a different

Dez Rock:

country is starting to log in, it's flagged from, you know, the location.

Dez Rock:

Right?

Dez Rock:

So things like that that you would say these as a ruleset, This is

Dez Rock:

something that I need to know about.

Dez Rock:

So it needs to turn into an event to alert me for, right?

Dez Rock:

So you can write rules about that.

Dez Rock:

And that's called SOAR, right?

Dez Rock:

That's S O A R.

Dez Rock:

So then the next iteration of that in the industry is called xdr.

Dez Rock:

And what XDR does is a lot of automation of that.

Dez Rock:

So then it not only picks out the events, it tells you what's happening.

Dez Rock:

It actually tells you that this is something that you need to do and

Dez Rock:

sometimes can shut it down as well.

Dez Rock:

And I.

Dez Rock:

I do have a story about that.

Dez Rock:

Uh, when a ransomware tried to get into one of our clients, a large hospital

Dez Rock:

and the XDR component literally shut it down before anyone could do anything.

Dez Rock:

Oh, it before it was infiltrated and saved that company.

Dez Rock:

Yeah.

W. Curtis Preston:

So you threw out a couple of, uh, acronyms

W. Curtis Preston:

there, and we always ask our guests to, to spell out the acronyms,

W. Curtis Preston:

uh, that, that they use.

W. Curtis Preston:

So what SOAR and xdr.

Dez Rock:

Certainly SOAR is security

Dez Rock:

orchestrated automation and response.

Dez Rock:

So as I mentioned, it automates and responds, so it'll give you, you know,

Dez Rock:

it'll actually run a script and then give you a response as an alert on your

Dez Rock:

Slack email, however you like to have it.

Dez Rock:

So something has been done and alerted, certainly helps your.

Dez Rock:

SOC team or your an analyst have a better idea, you know, so they're not

Dez Rock:

literally, because what usually happens with any SIEM is that events come in.

Dez Rock:

You need a way to prioritize them to say what is urgent, what is not.

Dez Rock:

SOAR will actually handle a lot of the very similar uh,

Dez Rock:

events that need to be action.

Dez Rock:

For you, that's what a SOAR is.

Dez Rock:

XDR or E D R is a extended detection and response.

Dez Rock:

So it basically builds on that.

Dez Rock:

And what that is, is, um, uh, the newer, um, technology,

Dez Rock:

which again involves automation.

Dez Rock:

As well.

Dez Rock:

So that will not only tell you that something has actually

W. Curtis Preston:

Okay, so, so if I were to summarize these threes

W. Curtis Preston:

tools, the SIEM tool is the thing that notices that something bad happened.

W. Curtis Preston:

A SOAR tool will tell you that something bad happened and an XDR e d r tool

W. Curtis Preston:

will actually respond, uh, that like

W. Curtis Preston:

it can actually do things to stop the thing from happening.

W. Curtis Preston:

Does that sound about.

Dez Rock:

So a SOAR will tell you true, but a SOAR will actually respond as well

Dez Rock:

because running on script, you can build custom made scripts as well, right?

Dez Rock:

So in your organization, you only, you know your organization the way

Dez Rock:

you, you know, it's, it's, everyone's quite unique in that fashion.

Dez Rock:

So what.

Dez Rock:

You can't have out of the box rules.

Dez Rock:

You definitely need your own set of rules to match your organization.

Dez Rock:

That's what a SOAR will do.

Dez Rock:

The XDR or E D R will actually action to take down commonly.

Dez Rock:

For example, if it's a known attack vector coming in, right, it will actually shut

Dez Rock:

down that IP and say no more from here.

Dez Rock:

So that is not just saying, Hey, if this happens, let me know.

Dez Rock:

This is like, if this happens, let me know and also shut it

Dez Rock:

down before I even get there.

Dez Rock:

So it's an.

Dez Rock:

It's, it's not, before that, it was the ANA analysis or analyst doing the action.

Dez Rock:

This is now the program actioning,

W. Curtis Preston:

But it sounded like you said Soar can do some actions as well.

W. Curtis Preston:

That's why I was, um, So, and it's, I'm just, again, help me

W. Curtis Preston:

understand, like with the, with the SOAR tool, the, the main action

W. Curtis Preston:

that I think it's doing is, is letting you know, right?

W. Curtis Preston:

It's sending you messages, whatever it is that you want do.

Dez Rock:

That's the

W. Curtis Preston:

That's,

Dez Rock:

So just to clarify, that's the action it's

Dez Rock:

doing.

Dez Rock:

Exactly.

W. Curtis Preston:

to actually shut down something or block

W. Curtis Preston:

ports or whatever, that's where a, an XDR e D R tool.

Dez Rock:

Correct.

Dez Rock:

That's when you start to get into that automation side of things where

Dez Rock:

it's starting to think for you.

Dez Rock:

It's starting to, and that's where the ai, the exciting part of, you know, the AI can

Dez Rock:

come into, it's starting to think for you.

Dez Rock:

It's starting to get to know patterns.

Dez Rock:

That's where, by the way, there'll be another iteration of this.

Dez Rock:

So we have, if we can imagine, SIEM would be the core, right?

Dez Rock:

The core that is protecting all of your data.

Dez Rock:

SOAR would sit around that, but SOAR is kinda like version one, let's say.

Dez Rock:

And then you've got xdr, which encompasses all of SOAR Does that make?

Dez Rock:

So it does everything that SOAR does, but a little bit more.

Dez Rock:

And I can imagine that as the future goes on, we'll have another

Dez Rock:

version of that, which will then

Dez Rock:

include.

W. Curtis Preston:

So are these three separate tools then,

W. Curtis Preston:

or there are tools that encompass all three aspects.

Dez Rock:

I'm certain that there are companies saying that

Dez Rock:

they are three separate tools, but that's not what we think.

Dez Rock:

Should happen.

Dez Rock:

We think security should have be able to do all of that.

Dez Rock:

So even though, you know, we are titled a SIEM uh company, we actually

Dez Rock:

have SOAR and XDR capabilities and quite quietly working on the next,

Dez Rock:

uh,

Dez Rock:

the

W. Curtis Preston:

So the answer, uh, and at some point, Prasanna, I'll let

W. Curtis Preston:

you speak, but I, this is, you're the first person I've had that's really been

W. Curtis Preston:

able to sort of lay all this out for me.

W. Curtis Preston:

Uh, So there probably are SIEM tools, SOAR tools, XDR tools,

W. Curtis Preston:

individual products that I can buy.

W. Curtis Preston:

Uh, there are probably hundreds of them, uh, but there are maybe a smaller set of

W. Curtis Preston:

companies that like yours that can do all three

Dez Rock:

We'll do all of them.

W. Curtis Preston:

Okay.

Dez Rock:

Correct.

Dez Rock:

And even smaller that can handle the data volume that we

Dez Rock:

can.

W. Curtis Preston:

Okay.

W. Curtis Preston:

All right.

Prasanna Malaiyandi:

Yep.

W. Curtis Preston:

You, you may now speak for Prasanna.

Prasanna Malaiyandi:

Thank you Curtis.

Prasanna Malaiyandi:

Uh, so Des, when you were talking earlier about sort of, okay, you need

Prasanna Malaiyandi:

this automation with Soar, right?

Prasanna Malaiyandi:

To be able to figure out and alert you properly, right?

Prasanna Malaiyandi:

Um, I think a lot of our listeners may not necessarily realize sort of

Prasanna Malaiyandi:

the volume of events that may come in.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Could you talk a little bit about sort of like what you see in some maybe

Prasanna Malaiyandi:

like small, medium businesses, right?

Prasanna Malaiyandi:

Where they might be like, Hey, I just have an IT guy.

Prasanna Malaiyandi:

They can just mi manually monitor,

Prasanna Malaiyandi:

right?

Prasanna Malaiyandi:

All these events and why some of these things may not

Prasanna Malaiyandi:

work yet.

Dez Rock:

Well, first of all, let's start

Dez Rock:

with what.

Dez Rock:

Like, what is a SIEM?

Dez Rock:

Remember I said there are some people thinking that a searchable

Dez Rock:

database is a SIEM because it we're collecting everything.

Dez Rock:

But that's just, for starters, that sounds like a nightmare because now it security

Dez Rock:

guy literally has look for, that's,

Prasanna Malaiyandi:

Yep.

Dez Rock:

that's not telling, giving any ranking.

Dez Rock:

That's, that's a searchable database.

Dez Rock:

That's not a SIEM.

Dez Rock:

So, um, So with a SIEM.

Dez Rock:

With just a SIEM, the amount, and remember everything is an incident.

Dez Rock:

It doesn't know if it's a good incident or a bad incident.

Dez Rock:

It's just an incident.

Dez Rock:

Okay?

Dez Rock:

Everything is creating, everything is, uh, giving you a trigger.

Dez Rock:

So we need to then assess.

Dez Rock:

If it's a good thing or a bad thing, is it an event?

Dez Rock:

Right?

Dez Rock:

So, by the way, if it's an event, is it a good event?

Dez Rock:

Is it a bad event?

Dez Rock:

So we start ranking, right?

Dez Rock:

So we start to say, ok, so when people are trying to break in bad, super bad, right?

Dez Rock:

Someone turning on the printer.

Dez Rock:

It's an event.

Dez Rock:

We don't need to do anything.

Dez Rock:

There's no alert there.

Dez Rock:

But it's still, you see, you're still being, it's an event.

Dez Rock:

You're still recording.

Dez Rock:

But it's not something that needs to be actioned.

Dez Rock:

These are very basic examples, but I, I like working with really basic

Dez Rock:

analogies and then building out, right?

Dez Rock:

So, um, in that case, Their volume.

Dez Rock:

You're talking about volume.

Dez Rock:

Even the bad ones could, like you could have pages and pages, how like that

Dez Rock:

makes it very difficult and like small to medium businesses usually have one guy,

Dez Rock:

like you are the security guy, go do it.

Dez Rock:

Right?

Dez Rock:

So that's a lot of pressure for one guy.

Dez Rock:

So you need to make it easier for them.

Dez Rock:

So that's why.

Dez Rock:

You know, alerts to, uh, slack channels, alerts to phones, or, because they can't

Dez Rock:

be sitting there staring at a screen like this is not, uh, wall Street ticker.

Dez Rock:

Do you know what I mean?

Dez Rock:

You cannot have that, that you just, you cannot be doing that.

Dez Rock:

So you need ways to put some, uh, framework around, well,

Dez Rock:

human flaws like blinking, right?

Dez Rock:

So we need, uh, a system in which we can, first of all, rank.

Dez Rock:

And then like I said, a SIEM was probably not enough because it depends

Dez Rock:

on the volume of data coming in.

Dez Rock:

Not enough.

Dez Rock:

So you'd probably want some actionable items to say this usually happens

Dez Rock:

and when this usually happens, I want if that, then this, right?

Dez Rock:

Then that's basically what SOAR is, right?

Dez Rock:

So, um, then I want these things to be done.

Dez Rock:

Makes your IT security guys life so much easier and

Prasanna Malaiyandi:

would you say that that transition from just

Prasanna Malaiyandi:

a normal SIEM to soar, does that happen at a certain employee count,

Prasanna Malaiyandi:

at a certain data set size count?

Prasanna Malaiyandi:

Like what do you, or is it basically everyone should be thinking about

Dez Rock:

Everyone think, look, the way it's going is everyone should be

Dez Rock:

thinking about XDR way at the beginning.

Dez Rock:

Everyone should, because I think that you right now, you do

Dez Rock:

not need to run a SIEM, right?

Dez Rock:

To run a SOC.

Dez Rock:

You need highly specialized people, and that's a cost point.

Dez Rock:

Like small to medium organizations cannot be doing that.

Dez Rock:

So what they need is tools that will make a job easy for an IT person to say, this

Dez Rock:

is something that needs to be actioned.

Dez Rock:

The, the benefit of something, and I hate to, I hate shilling, but

Dez Rock:

the benefit of our product is, is that you don't make that decision.

Dez Rock:

It's there.

Dez Rock:

It doesn't matter.

Dez Rock:

Like if you're small, if you're large from the start, it's there.

Dez Rock:

Yeah.

W. Curtis Preston:

it.

Dez Rock:

It's not a choice

W. Curtis Preston:

Yeah, and I think the.

W. Curtis Preston:

The worry.

W. Curtis Preston:

Right.

W. Curtis Preston:

Come, you know, there's a lot of us that have been in it for a minute, right?

W. Curtis Preston:

That's, that's the kids say and um, The worry historically with automated things

W. Curtis Preston:

that are going to actually do things in my environment to help protect me is that

W. Curtis Preston:

they're going to trigger too often, right?

W. Curtis Preston:

That they're gonna, it's obviously, it's the false question, and you, you

W. Curtis Preston:

know, you've decided that we're under attack and so we shut down the network

W. Curtis Preston:

or, or whatever it is that, that we've decided that we're gonna do that.

W. Curtis Preston:

How?

W. Curtis Preston:

How do.

W. Curtis Preston:

Get to that level of comfort.

Dez Rock:

So well, we have professional services for that, where we actually

Dez Rock:

rule out, and that's the rule sets that we write to literally customize

Dez Rock:

that stuff for your organization.

Dez Rock:

So you've removed the false positives, right?

Dez Rock:

Because we, you can't imagine that people are going to be able to

Dez Rock:

know how to do that off the bat.

Dez Rock:

It's probably one to be left to the professionals,

Dez Rock:

right, to set it up for you.

Dez Rock:

Kinda like anything, almost like buying a new, um, apple TV and

Dez Rock:

connecting it to your TV and needing a professional to come in and help you

Dez Rock:

set.

W. Curtis Preston:

a, as a technical person, the fact that I needed

W. Curtis Preston:

professional assistance to set up my Apple TV is a, was a bit insulting.

W. Curtis Preston:

Okay, here's another really important question.

W. Curtis Preston:

How does, I'm assuming that these tools and, and your tool of course,

W. Curtis Preston:

They manifest themselves in a couple of different ways, right?

W. Curtis Preston:

Like, so in, in the, the, you know, I live in the, the backup software space, right?

W. Curtis Preston:

So either I buy a piece of software, I put it on an appliance, I buy an

W. Curtis Preston:

appliance, or I'm buying a service, right?

W. Curtis Preston:

That, uh, by the way, I should, I, I, I just realized I

W. Curtis Preston:

haven't put out our disclaimer.

W. Curtis Preston:

So, uh, Prasanna and I work for different companies.

W. Curtis Preston:

He works for Zoom, I work for Druva.

W. Curtis Preston:

And, uh, this is not an official podcast either company.

W. Curtis Preston:

And the opinions that you hear are ours.

W. Curtis Preston:

And also, please rate us at, uh, you know, just go to your favorite

W. Curtis Preston:

pod catcher and, uh, scroll down.

W. Curtis Preston:

Give us lots of stars, uh, and, and, and positive comments.

W. Curtis Preston:

And if you'd like to join the conversation, I'm w Curtis Preston

W. Curtis Preston:

at gmail or at WC preston on Twitter.

W. Curtis Preston:

So, um, how about, how does that manifest itself into your.

W. Curtis Preston:

The meaning how, how, how do people put these pro, how do put, put, buy these

W. Curtis Preston:

products, put them in?

W. Curtis Preston:

And then how does your, how does your product work?

Dez Rock:

Okay, so this is a very pertinent question right now because

Dez Rock:

we're about to release version five and we're the only SIEM product out there

Dez Rock:

that'll be available on AWS marketplace where you, if you're technical enough,

Dez Rock:

you can actually do it yourself with the support portal and go for it.

Dez Rock:

You don't need any help.

Dez Rock:

As done implementations, you'll have it up and running within minutes.

Dez Rock:

Again, unheard of if you know about any of this, right?

Dez Rock:

Unheard of.

Dez Rock:

But we're here to break the, again, we're here to make sure that, uh,

Dez Rock:

security is not gate kept right?

Dez Rock:

And that's part of it.

Dez Rock:

Um, now if that is outside of your technical scope, then we

Dez Rock:

are here to help implement and, and put that in for you as well.

Dez Rock:

Um, so you have two

Dez Rock:

options

Prasanna Malaiyandi:

When you do talk about that second case

Prasanna Malaiyandi:

or even the first case, right?

Prasanna Malaiyandi:

Is it customer or you are deploying it in their infrastructure?

Prasanna Malaiyandi:

In their environment on servers?

Prasanna Malaiyandi:

Is it offered as like a SaaS service that they log into?

Prasanna Malaiyandi:

Especially if you have multiple sites, so it's

Prasanna Malaiyandi:

all managed centrally.

Prasanna Malaiyandi:

Like what does that

Prasanna Malaiyandi:

deployment model look like?

Dez Rock:

Correct.

Dez Rock:

So the, the unique part of our, um, product is, is that

Dez Rock:

they all can hold tenants.

Dez Rock:

So again, if say for example, you are, uh, a small business, you're growing and

Dez Rock:

now you have different, uh, locations.

Dez Rock:

So you have different op, you can literally sit different tenants

Dez Rock:

and have one panel of view, uh, and your system will grow with you.

Dez Rock:

That this is what I mean about highly customizable and uh, very, Incredibly

Dez Rock:

scalable, so you could sit different tenants inside right now, off the bat,

Dez Rock:

through AWS and it's in the cloud.

Dez Rock:

By way performance, we utilizes technology in order to make this happen as well.

W. Curtis Preston:

So you're, you're, you're a service

W. Curtis Preston:

and I like that very much.

W. Curtis Preston:

Uh, I do think that that's clearly the way it is going and, and it

W. Curtis Preston:

makes it so much simpler for a lot of people, especially SMBs.

W. Curtis Preston:

Um, but I don't understand.

W. Curtis Preston:

So you're up in the cloud, but you need to, uh, see things, right?

W. Curtis Preston:

These events that you described, uh, you use that term events per second, right?

W. Curtis Preston:

E p s.

W. Curtis Preston:

So how are you able to see these things

W. Curtis Preston:

that are going on inside my environment?

W. Curtis Preston:

How do we make that connection?

Dez Rock:

So during the implementation stage, you'll be asked to input all of

Dez Rock:

your data traffic into that to, to us.

Dez Rock:

You'll actually be told to, or you could actually even have a local agent.

Dez Rock:

So a virtual local agent within, and then what happens is that

Dez Rock:

acts as a, um, repository.

Dez Rock:

So everything goes to that agent, and then it becomes one funnel up

Dez Rock:

to the cloud that allows for, um, your, your guys are in backup, right?

Dez Rock:

That allows for two things as well.

Dez Rock:

That means that if there's a disconnection anywhere, you've actually got local

Dez Rock:

storage of events, which is really good for forensic and anything else.

Dez Rock:

It's just due due diligence, right?

Dez Rock:

And so when the connection is reestablished, it will.

Dez Rock:

Uh, take all of that, um, events back up to

Dez Rock:

the cloud.

W. Curtis Preston:

That makes a lot of sense.

W. Curtis Preston:

Uh, you know, I, I just, I was wondering, uh, and then of course I will

W. Curtis Preston:

need someone to monitor that, the service.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, or I can hire somebody to do that.

Dez Rock:

Correct it, it does depend on the, uh, on the skillset of

Dez Rock:

your staff and your organization, what type of organization it is.

Dez Rock:

If you're looking for just compliance and just let me know

Dez Rock:

if someone is trying to hack in.

Dez Rock:

I think you're good.

Dez Rock:

Like I, I I think you're good.

Dez Rock:

Your It can do it.

Dez Rock:

If your data is incredibly sensitive and you need 24 7 monitoring, then

Dez Rock:

you would probably outsource that.

Dez Rock:

And I suppose it comes back to the actual value of having red

Dez Rock:

team create blue team security.

Dez Rock:

We think of every, every design element, we don't put just

Dez Rock:

funnels straight up because what happens if there's a disconnect?

Dez Rock:

What happens if there's a power failure?

Dez Rock:

What happens if that, like even that needs a.

Dez Rock:

That's all been thought through.

Dez Rock:

Right.

Dez Rock:

Um, so the redundancy isn't intended to be kept there.

Dez Rock:

It's, it's intended to just in case there is a disconnection,

Dez Rock:

a power internet, whatever.

Dez Rock:

Right.

Dez Rock:

Um, and these are all the things that have been thought through.

Dez Rock:

Uh, so the system is secure.

Dez Rock:

It's not just protecting you.

Dez Rock:

The entire system is

Dez Rock:

secure at

Prasanna Malaiyandi:

Okay.

Dez Rock:

Yeah.

W. Curtis Preston:

it's like, it's like,

W. Curtis Preston:

bank robbers that built a bank.

Dez Rock:

Exactly right.

Dez Rock:

It's just, you know, the other thing, the o the only thing, the

Dez Rock:

other thing is, is like, it's like, it's like having a motorcycle gang

Dez Rock:

as personal protection, right.

Dez Rock:

It's probably, you know, the outlaws that's the trying image I'm trying to get.

Dez Rock:

It's like having outlaws and going, I'm, these are gonna be

Dez Rock:

my security guards and you know,

Dez Rock:

you've got the best damn security guards on you could ever get.

Dez Rock:

Right.

Dez Rock:

Because ain't nobody's gonna mess

Dez Rock:

with you.

Dez Rock:

Because the p that's exactly the, exactly.

Dez Rock:

Um, the

W. Curtis Preston:

So do you, do you still do the red team

W. Curtis Preston:

stuff or, or is it, this is going so well that you're not.

W. Curtis Preston:

You're not doing that.

Dez Rock:

Yeah.

Dez Rock:

So we always keep a foot into the red team world.

Dez Rock:

We still attend Defcon, um, in Las Las Vegas every year.

Dez Rock:

Um, and.

Dez Rock:

We, but unfortunately, um, the, this has overtaken everything and

Dez Rock:

this has grown from what was a kind of side act to the main event.

Dez Rock:

Yes.

W. Curtis Preston:

I like that, that, I mean, that, that's, you know, you're,

W. Curtis Preston:

you're clearly meeting a need, uh, and.

W. Curtis Preston:

If you're helping SMBs to have better security, I am.

W. Curtis Preston:

I am all for it.

Prasanna Malaiyandi:

Des, at the beginning you had alluded to a

Prasanna Malaiyandi:

ransomware story that you think we might be interested in hearing about.

Prasanna Malaiyandi:

Um, maybe you want to talk about what happened.

Dez Rock:

Oh, okay.

Dez Rock:

So that, that's one of our clients who's a large hospital.

Dez Rock:

Most of our

Dez Rock:

clients

Dez Rock:

don't

Prasanna Malaiyandi:

We're totally fine.

Prasanna Malaiyandi:

yeah.

Dez Rock:

So just bear with me here.

Dez Rock:

And, and I, and I'm in the, I'm in the Secret Keeper

Dez Rock:

business, okay?

Dez Rock:

So a large

Dez Rock:

Hospital.

Dez Rock:

Uh, was infiltrated, um, by an incident that was basically going

Dez Rock:

to be an attempted, uh, ransomware.

Dez Rock:

Right.

Dez Rock:

malware was attempt to lock down their system and it was our, um, including the

Dez Rock:

SOAR and the XDR capabilities, and he, and the project was called Project Skynet.

Dez Rock:

It was, it's just, Phenomenal.

Dez Rock:

Once you hear this guy's story about it, I've literally got

Dez Rock:

a, um, I was so interested.

Dez Rock:

I had him interviewed right?

Dez Rock:

And wanted to get what his story out there.

Dez Rock:

It's a brilliant, brilliant story of exactly this.

Dez Rock:

It's exactly how, uh, attempt was made and the SIEM did its job.

Dez Rock:

It literally did its job.

Dez Rock:

It's kind of like, are you.

Dez Rock:

Fans of Harry Potter by any chance, you know, the last movie when all of the,

Dez Rock:

uh, statues come to life and finally start protecting the, uh, castle, right?

Dez Rock:

So it's a phenomenal SIEM, right?

Dez Rock:

It's like finally they sit there and, but they find that's exactly what happened.

Dez Rock:

The SIEM came to life and, and killed the ransomware.

Dez Rock:

Identified it, knew what it was, shut it down before we could.

Dez Rock:

This was then passed along to management to say, this is because it's one thing to

Dez Rock:

say, damn it, we've been hacked or dam it.

Dez Rock:

We've got ransomware to deal with.

Dez Rock:

Right?

Dez Rock:

That's panic mode.

Dez Rock:

But to hear, listen, they tried it.

Dez Rock:

But they didn't get anywhere because this was, we stopped.

Dez Rock:

This was stopped.

Dez Rock:

It's you.

Dez Rock:

That's a different emotional journey.

Dez Rock:

You're not sure if it's like, did it happen?

Dez Rock:

Did it not happen?

Dez Rock:

What happened?

Dez Rock:

You know, like, like, you know.

Dez Rock:

Um, and so great story for that.

Dez Rock:

So that's exactly a story that's happened that because ransomware, and

Dez Rock:

here's the other thing I gotta tell you.

Dez Rock:

Alright.

Dez Rock:

Just lean in boys.

Dez Rock:

Every company that's been hacked, Every company that's had ransomware

Dez Rock:

attacks, all of these guys have got security software too,

Dez Rock:

right?

W. Curtis Preston:

Yep.

Dez Rock:

Just think about

W. Curtis Preston:

Yep.

W. Curtis Preston:

And, and every one of them that were unable to restore

W. Curtis Preston:

their data had backup software.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, and yet, and yet sit.

Dez Rock:

because you know what they say.

W. Curtis Preston:

What do they say?

Dez Rock:

You know what they say

Dez Rock:

Nobody gets fired from, from buying a Gartner Quadrant product, right.

Dez Rock:

Exactly well known, which means security people, and I'm guessing backup people

Dez Rock:

or two are not doing their research on the technology and the advancements.

Dez Rock:

They're just doing what everyone else is doing.

Dez Rock:

They go to Google what is the best thing, what is the best backup pro, whatever, and

Dez Rock:

going with that, not necessarily the best.

Dez Rock:

So the companies out there that are being hacked, that are getting ran

Dez Rock:

ransomware softwares, I guarantee you they've got really, really

Dez Rock:

well known security software in.

Dez Rock:

And they're doing a phenomenal job, aren't they?

Dez Rock:

Phenomenal.

Dez Rock:

Absolutely brilliant.

W. Curtis Preston:

I, I sent, I sense a tad bit of sarcasm there.

W. Curtis Preston:

Well, Des, you've been, you've been fascinating, you've been entertaining,

W. Curtis Preston:

uh, and, and very educational.

W. Curtis Preston:

Uh, I do not know as much about this space as, as I should.

W. Curtis Preston:

And, and I, I think, I think I'm, you know, I'm, I'm not alone in that.

W. Curtis Preston:

So, you know, you really helped us understand what that market does.

W. Curtis Preston:

I, I love this idea of a product that is, You know, I mean, the fact

W. Curtis Preston:

that your product sort of starts with affordable as, as your leading thing.

W. Curtis Preston:

Uh, I, you know, I love that the idea that you said that, you know, your, your

W. Curtis Preston:

the customer that started this, they said they, they wanted Splunk and then

W. Curtis Preston:

they got a quote and they're like, ha.

W. Curtis Preston:

Right.

W. Curtis Preston:

They had, uh, sticker shock.

W. Curtis Preston:

And, and I do think that that.

W. Curtis Preston:

Problem cost, right.

W. Curtis Preston:

Is a barrier for a lot of areas of technology, and I really agree with you

W. Curtis Preston:

that it should not, you shouldn't have to be rich, uh, to, to have decent security.

W. Curtis Preston:

Right?

W. Curtis Preston:

Um, and so I, I'm, I'm glad your company's there.

W. Curtis Preston:

I'm glad you're doing well.

W. Curtis Preston:

Uh, I wish upon you that you will have no time left for Red Team Business.

W. Curtis Preston:

Um,

W. Curtis Preston:

And, uh, so tha thanks a lot for coming on the pod

Dez Rock:

Oh, thanks for having me.

Dez Rock:

It's

Dez Rock:

been a

Dez Rock:

pleasure.

W. Curtis Preston:

And

Prasanna Malaiyandi:

Des, just, uh, one question.

Prasanna Malaiyandi:

If, uh, our listeners wanted to find out more information about

Prasanna Malaiyandi:

SIEMonster, where can they go?

Prasanna Malaiyandi:

Can

Prasanna Malaiyandi:

they, like, is there a website they could hit?

Prasanna Malaiyandi:

Like what should they

Prasanna Malaiyandi:

do?

Dez Rock:

SIEMonster spelled SIEMonster com.

Dez Rock:

Um, that's our home.

Dez Rock:

And um, yeah, that's where you can find out more about the product and um, get

W. Curtis Preston:

I like it.

W. Curtis Preston:

I, I wonder if, because of the way we pronounce it in the US I wonder

W. Curtis Preston:

if people call your company SIEM Monster and they don't understand

Dez Rock:

all the time.

Dez Rock:

They don't understand the J the joke, because remember when we first started we

Dez Rock:

were like, We, we heard it as SIEMonster.

Dez Rock:

We were like, haha,

Dez Rock:

the

W. Curtis Preston:

Aren't we

W. Curtis Preston:

clever?

Dez Rock:

Lago.

Dez Rock:

You know, like, you know, so that's, aren't we clever tongue?

Dez Rock:

Right.

Dez Rock:

Um, and we even had, our servers had different names, we had different code

Dez Rock:

names, we had all had monster names.

Dez Rock:

Uh, we had Kraken, we had, we had had, we had so much fun coming up with all of

Dez Rock:

that at the start, you know, when we were just re really start, you know, starting.

Dez Rock:

So the SIEMonster stuck, had to get rid of, uh, but we still have them on

Dez Rock:

Slack and they're be private and they're.

W. Curtis Preston:

Uh, don't keep that character.

W. Curtis Preston:

Um, yeah.

W. Curtis Preston:

So, uh, Prasanna, thanks.

W. Curtis Preston:

Uh, thanks.

W. Curtis Preston:

You know, great conversation.

Prasanna Malaiyandi:

as always then thank you.

W. Curtis Preston:

All right.

W. Curtis Preston:

And, uh, thank again to our listeners.

W. Curtis Preston:

Remember to subscribe so that you can restore it all.

W. Curtis Preston:

There was a file, but I deleted it to backup system.

W. Curtis Preston:

Needed your backup.

W. Curtis Preston:

You had a chance.

W. Curtis Preston:

To fix instead.

W. Curtis Preston:

It's all Jack.

W. Curtis Preston:

How?

W. Curtis Preston:

Alright.

W. Curtis Preston:

On Facebook about you.

W. Curtis Preston:

Don't underestimate the things that I do.

W. Curtis Preston:

System isn't worth space

W. Curtis Preston:

from

W. Curtis Preston:

thinking that you could restore it all.

W. Curtis Preston:

You.

W. Curtis Preston:

It didn't work at all.

W. Curtis Preston:

Maybe it would work if it wasn't beta.

W. Curtis Preston:

And rescue me.

W. Curtis Preston:

Blow yourself into every back front, just for once.

W. Curtis Preston:

It'll be completely done.