TechSperience

Transcript of Episode 18 - Cyber Security from the Cisco Point of View

March 4, 2020

Episode 18 – Cyber Security from the Cisco Point of View

with Penny Conway

 

 

This transcript was first posted on the Connection Community

 

Penny Conway:

Welcome to another episode of Connection TechSperience. We are continuing our cyber security month, and today we have again in the studio, our special security experts from our TSG group. But we are highlighting today, a very valued partner of Connection with Cisco. And we have our very own really Cisco resources here within Connection.

 

And today to talk to us, from the TSG group with Cisco is David Booth, and then our very own Product Development Specialist Marsilda Bialczak. And they're gonna talk to us specifically about where Cisco is playing in the security landscape, and maybe help us clarify, and demystify, which is one of my favorite words, the Cisco-Meraki partnership that came to play about five years ago and some future things going on with duo, as well.

Penny Conway:

So, David, Marsilda, welcome. And David, why don't we start with you about what brought you to Connection and sort of how you help our customers today within our security practice.

David Booth:

So, I've been with Connection about six years this month. was an IT director prior to coming to the company. So, I've got about 30 years’ experience as a customer of technology. I'm a Cisco fire jumper so that gives me some understanding from a sales perspective on how Cisco can help.

David Booth:

And of course, I've learned a great deal from Steven who's with us today and Bill today. So, it, it, it's always been a passion of mine to understand how security can or should be helping our customers.

Penny Conway:

And Marsilda, why don't you tell us a little bit about yourself.

Marsilda Bialczak:

So, I've been with Connection for three years on the Cisco security space for a couple of years. So, basically my role as a Product Development Specialist is making sure that, we're connecting customers with the right resources from Cisco and our team to help them with pre-trials, demos, but also find the right solutions for their environment. And of course, helping co-managers with every step of the process.

Penny Conway:

Why don't we dive right in with Steve, Bill and Rob, our reoccurring security experts on the podcast. And, Steve, let's start with your team and understand really where Cisco has played in your security portfolio over the past few years. And maybe a little bit back and forth about that Meraki partnership that's going on.

Steve Nardone:

Sure. Absolutely. So, we've talked about this in, in some of the other podcasts as well. But one of the things that we really value is the ability to be able to do a complete integrated security approach for our customers. You know, we work with our customers to help them identify their risk and put strategies together on how to mitigate that risk over time.

 

And you know, that is a people process in technology addressable, you know, area, right? And so, when we're talking about technology, we talk about Cisco and how it fits into that overall strategy. There are a lot of components that help us and in that complete visibility across the entire enterprise.

 

Whether or not it's Endpoint, whether or not it's Edge Security, whether or not it's intrusion detection and prevention. Whether or not it's email security, whether or not it's network access control and authenticating users appropriately in an environment. And that, that security stack is something that plays very well, and particularly with our security landscape optimization process.

 

Penny Conway:

David, you said that you, you know, you really have the opportunity to talk to customers, really upfront, you know, that, that presale conversation, that discovery. What are you hearing from customers right now that is most concerning? And where Cisco is really helping them, you know, identify those pinpoints and resolve those pinpoints?

 

David Booth:

I think one of the biggest challenges we have with our customers always revolves around budgets and, and the money. Customers identify a particular security solution, and, and, and think that's the be-all and, all of this. And, and it can't be. I take a more layered approach to, to security.

 

If I look at a product it may cover the, the solution or the challenge that I'm dealing with, but it has other areas that it can also protect. And then I'll look at another security problem that may overlap that. So, I, I see security and protecting our environment. It’s gotta be layered.

 

It can't be a single point of, of contact for, for anything coming in or penetration or anything like that, it has to be layered. So, you know, we'll sell a product that will be, that will cover situation A, B, and C. And then the next product will cover B, C, and D. And so on, and so forth. So, you have that interconnecting technology.

 

I think customers, we need have tried to help them understand that buying one solution isn't the end of the, the, the, the challenge. We have to look at how they all interconnect and how they work together. Does that make sense?

 

Penny Conway:

Oh, it makes complete sense. And I think s- really echoes what we've been talking about over the, the past couple of episodes, where we think just like you said, "Oh, I'm, I've got this piece of software. I've installed this. I'm good to go. I'm ready. I don't have to think about it again. I don't ..." Or in Rob's case, who, likes to have his Internet of Things at home, thinks he's completely, (laughs), secure, and we like to poke a little fun at him.

 

But yeah, that, that's what we're seeing is customers think that they bought one product, they installed it, and now, you know, they don't have to have that fear that maybe they had before (laughs) installed that product. But what are, sorta, what are the key, when you look at Cisco's portfolio.

 

What are, what are the solutions? What are the solves, like, what are the situations that you're running into with customers, where you say, "You know, yeah, product A can fill that, product B can fill that?"

 

David Booth:

So, let's give you an example. Somebody buys a next generation firewall. You know, it has URL filtering in, it has threat detection in, it can even potentially have IPS. I would still advise them to get Umbrella. Umbrella, it being a DNS solution now. Umbrella can reduce firewallers by 60%. It can also do URL filtering. So now you have two devices pr- having the same function. Your next generation firewall URL filtering, DNS, URL filtering.

 

Having that conversation and understanding that, that having that layered approach is, is going to be important. And the va- that's the value of Cisco. Is, is, it's just its large portfolio of all interconnecting technologies. You know, next generation firewall, ISE for its network access control, Stealthwatch.

 

It's great having a technology that can analyze the data that's coming into your infrastructure. But if it does nothing with it, it makes no choice, what's its value. Who's going to pay someone at four o'clock in the morning, say, "We're getting attacked?"

 

Penny Conway:

(laughs).

 

David Booth:

How's that going to help?

 

Penny Conway:

(laughs). Right.

 

David Booth:

What I want is a technology that's, that's gonna say, "Oh, we're getting a, we're getting a situation here. Now, let's make a choice. Let's, let's get the firewall involved. Let's lock down that path. Let's look down that technology that internally has, has been infected and, and do something."

 

Penny Conway:

And I, I think, but you know, when we were chatting before we hopped on the podcast, you had mentioned that, you know, we're really facing a security, wit- we were very lighthearted about it, but like a s- security world war or world war three around security. There's so much attacking happening from, you know, just home-grown hackers that are learning how ...

 

I was at a conference this weekend. Someone made the comment that kids start learning to code now in sixth grade.

 

David Booth:

That's right, yeah.

 

Penny Conway:

That's when they, they start to just do the very basics. And by the time they're in high school, we could have some really sophisticated hackers that maybe aren't necessarily looking to do anything malicious, but maybe ... And I told the story about on the last time we were together a high school boyfriend of mine that was, you know, (laughs)-

 

David Booth:

Oh, that's right, I remember that, yeah. (laughs).

 

Penny Conway:

... a high school hacker and they're not necessarily looking to do anything dangerous for the most part, but we are educating kids to have that skill and who knows what happens with that, you know, beyond high school. So, there's really a whole new generation of threat. That's coming, not just from the human aspect.

 

But, you know, outside of our, our walls, outside of our country, everyone's sort of worried about this constant barrage of a security threat. And it sounds scary, but I mean it kinda, is, right? Scary with, when you think about the potential of it. So, what is, you know, how is the, how do you tackle that as, as a customer? Like there's a lot of fear around it.

 

So how do we kind of maybe take this piece by piece with, with an organization or, you know, either that a public organization, private organization, and, you know, in the different sectors that we cover. How do we unpack that for a customer to make them, you know, not seem like it's world war three?

 

And they, you know, if something's e- eminent, we know it's a matter of, of when, but kind of scale down a little bit for them and make it a little more consumable and understandable. How does Cisco is, how is Cisco having those conversations with customers?

 

David Booth:

I think the important thing for our customers to do is to acknowledge first of all that there is a problem. That thi- this is a big, big issue. You take a look at the, the FBI's most wanted list for cyber security. And you can see on there, that there are people and there from different countries and they're representative of, of their countries.

 

So, we know that this is not just a national issue, it's an international issue on the biggest levels. If we can acknowledge that, that we have a problem, then our priorities change. You know, and we've got a lot of customers that will turn around and say, "Why, I've got these projects this year in this project, this year ..." If we can acknowledge that there's a serious issue, then that becomes our priority. Security becomes on number one project.

 

Penny Conway:

Do you see security hitting the back burner more? Like do you start down a path with a customer and then, you know, I've heard that print gets put on the back burner a lot, but-

 

David Booth:

Mm-hmm (affirmative).

 

Penny Conway:

... security to me is really number one priority when I think about it. But I don't own an organization. Is that what customers are saying? You start and then kinda stop and then start and stop?

 

Steve Nardone:

Well, so typically, you know, any environment if you ask a CIO or director of IT or whoever is responsible for security where it sits, you know, it's gonna be at the top of the stack. Usually, you know, CIO will say it's one of my top three concerns. So, customers definitely recognize cyber security is an issue.

 

The problem is they don't understand threat and they don't understand risk and therefore they don't know what to do about it. I can't tell you the number of times I've talked to customers at events and they say, I work for a company that's not interesting, right? No one's ever gonna want to try and attack us because we're just not that interesting. And it's not true, right?

 

If you're connected to the internet, you're a susceptible to exploitation. So, you know, the key thing is, is having that conversation with them about actual threat and how that threat translates into risk. Main threat is the potential that something could happen. Risk is the likelihood that it will happen, right? A vulnerability is a flaw that a bad person or a malicious actor could exploit. All of those things are all really critical for conversations with customers.

 

And, you know, one of the actually really interesting things that Cisco provides, and maybe David can talk about this a little bit, is that that concept of threat and what Cisco does about understanding and educating and supporting that threat analysis for customers. Cause that's really one of the key places that you want to start.

 

David Booth:

So, I wanna echo what's, what's Steve just said. I have a customer in Boston and they, they have their own intellectual property. And, and we did the, a service for them, it's a security online visibility assessment that Cisco offers zero cost. It's a 14-day assessment, we put some technology on their infrastructure, and it collects their telemetry of their metadata as we call it. We spotted six, over six gigabytes. The data disappeared to Russia and Romania.

 

Penny Conway:

Wow.

 

David Booth:

As part of this, we got a little bit more in depth and it was their intellectual property was the stuff, it was their patents for their GPS technology that had disappeared. That, that's the type of thing that we can get involved. And that's the type of thing that we need to do. So, a company may turn around and say, they're not going to touch us. We're, we're Boston-based or whatever. But the reality is they've got something that somebody wants.

 

Penny Conway:

Right.

 

David Booth:

The CEO phoned me a couple of weeks later and said, "You know, if you haven't found that it's the Cisco in connection hadn't found this, we would never have been able to put things in place on the internet so that if our technology comes up for sale, we can now do something about it." So, it doesn't matter who you are. You know, I, I've seen companies that that do boats for police departments. I'd seen them getting hacked.

 

Penny Conway:

Uh-uh (negative).

 

David Booth:

I've seen, obviously healthcare is a big thing, but I've seen small little companies, police departments, it doesn't matter who you are, it's not when you're gonna get hacked, if you are gonna get hacked.

 

Penny Conway:

Right.

 

David Booth:

So, you need to have something in place, you need to do that. So, I agree that that is the top three of any CEO's list, the question comes, when does storage for example, become more important than protecting that storage?

 

Penny Conway:

Right.

 

David Booth:

And that's the challenge I have. Yes, it's right at the top, we're running out of space. Yeah, but, what's the point in expanding your space if you're not protecting it, adequately? And, and that's the concern I would have. Would you agree Steve?

 

Steve Nardone:

Yeah, absolutely. Right. It's, it's all associated with prioritization and understanding of risk and, you know, the things that the top level IT officers in a corporation are confronted with you know, upgrading their database infrastructure, upgrading their overall web service infrastructure that could trump cyber security.

 

But of course, my response would be as you're doing that, you should be paying attention, (laughs), to the cyber security.

 

Penny Conway:

Right? (laughs).

 

Steve Nardone:

Nothing should ever be built and deployed and implemented without cyber security. In fact, Penny and I went through, one thing you were talking about high school kids, right? Maybe on the other side of the coin, maybe some of these people will come out of high school and be really good, secure code developers. Right?

 

Penny Conway:

Actually, it's true.

 

Steve Nardone:

That's, that's what we hope for, right?

 

Penny Conway:

No one ever says that, they make it sound so doom and gloom, but you could have an entire generation and people that are better at cyber security. (laughs).

 

Steve Nardone:

They actually know how to write code and have it be, you know, bulletproof as far as the cyber story security perspective, is concern.

 

David Booth:

Bulletproof.

 

Bill Virtue:

Yeah. And another thing to think about, right? You think about threat, you think about risk, you were getting to this David, where it's impact, right? What's going to actually happen is if that, you know, did you help those people realize their IP was getting leaked? That's a major impact to them. Assign a dollar value to that, right?

 

How long is it going to take you to recover a system that goes down? What actually happens if that IP stolen and someone goes to market faster with a product? So, think about the impact, what's that dollar value and then sign a fraction of that to security and thinking about protecting it that way.

 

David Booth:

Cost of remediation.

 

Bill Virtue:

Exactly, so, yeah.

 

David Booth:

So, it's always more than the cost of-

 

Bill Virtue:

The people that's going-

 

Marsilda Bialczak:

Oh, and totally.

Bill Virtue:

... come in to fix it, the contractors, your internal staff. So, if you think about all that and then think about how much that's actually going to cost. Maybe assign some of that dollars that you could be spending when you, you know, the doomsday comes to putting some protection in place.

 

Steve Nardone:

Every customer has a limited security budget-

 

Bill Virtue:

Yeah.

 

Steve Nardone:

... that I talked to until something happens.

 

Bill Virtue:

Exactly.

 

Marsilda Bialczak:

Right.

 

Steve Nardone:

Then it's like, let me just start printing.

 

David Booth:

All the money.

 

Steve Nardone:

Yeah, exactly.

 

Penny Conway:

The city of Baltimore finding-

 

David Booth:

Yeah.

 

Steve Nardone:

Yeah.

 

Penny Conway:

$10 million, (laughs).

 

Steve Nardone:

That's right. Or the city of Atlanta, right?

 

Penny Conway:

Right, yeah.

 

Steve Nardone:

There was had with ransomware and brought down a lot of their, their services. Right? So, what did we say? Prepare for the win, right?

 

Penny Conway:

Mm-hmm (affirmative). Right.

 

Steve Nardone:

Make sure you're preparing for the win and you're putting in place a people process and technology strategy for preparing for that event. 'Cause this is gonna happen, right? Whether or not you think you're interesting or not. I mean, think about this concept as well, right? Attackers leverage other organizations or other infrastructures to attack other entities. Right?

 

Steve Nardone:

Happened a lot, you know, very early on in the whole cyber war perspective, where universities were being used to launch attacks because their .edu services were wide open and, and, you know, all our adversaries were getting in there and dropping in code and, and attacking corporations across the country. You don't have to be the target. You just need to be susceptible to exploitation in order to be breached.

 

Penny Conway:

Right?

 

David Booth:

So, we're looking at some, some technology, but there's, there's even a bigger point to all of this. If you're in healthcare and you get hit by anything you have to put you put on the wall of shame for want of a better word.

 

Penny Conway:

Right?

 

David Booth:

So, you know, we were heard about Target. Target's still paying for, for what happened to them some years ago. So, it isn't just about how we prevent, this is what we do afterwards. And, and Connection thankfully has a, a couple of solutions, incident management solutions. But when you do get hit, and, and one of the things that I really like about those is, is the crafting of the message.

 

Some of those solutions have that they have people who will come along and help you to explain what's happening to you to try and mitigate some of the, the things that are going to happen when, when your customers move away from, from you. And that kinda thing is all part of that security conversation.

 

Penny Conway:

Right.

 

David Booth:

Isn't just about firewalls, it's not just about Stealthwatches and, and, and all these other assessments. It's about what do we do, you know, when, when it hits the farm and we're all, we're all panicking, what do we do about that? And getting these, these, these, these, the vendors in place before it happens, we'll certainly help you deal with the aftermath.

 

Marsilda Bialczak:

Yeah, that's something we've talked about before. It's like we're, we're, you know, we can do an assessment and we can show a customer where they're weak. We can put a plan in place to, you know, improve their security, put new product solutions in place. But in the meantime, what is if s- something, what if it all hits the fan?

 

Wha- what do we say? What's the game plan? How do we recover? How do we do all of that stuff? And that, sometimes that in between gap is what customers aren't thinking about solving for. They're just on the road to fix it, but not thinking about that intermediate plan should something happen. So that's, it's a great thing and a great point that's, that you're, kinda stepping in there and having that conversation with a customer.

 

How do we help you in the meantime? While you, you get to this, well, Steve might say it's not a final destination because once we've upgraded and improved something, there's probably a new threat that we're gonna identify. (laughs).

 

Steve Nardone:

Right. Yeah, I mean the terminology as you're seeing now quite frequently a zero hour, right? It used to be zero day. I actually believe I coined that phrase about a year ago, but I won't take credit for it (laughs). Anywhere.

 

Marsilda Bialczak:

We'll give it to you here.

 

Steve Nardone:

Yeah, yeah, absolutely. And so you know, you're never done. That's the one thing, you know, there's never a point in time where, as a risk owner, you lean back in your chair, put your arms, your hands behind your head, you feed up on a desk and say, you know, I'm done. Right? It is a constant feedback loop.

 

You're always looking at technology and at people and that process and what can be done to adjust it, because you're right, threat changes on a regular basis. You know, I say this all the time, right? You can have a tremendous budget and capability to train your people and make them cyber security specialists.

 

I don't care what you do, you will never be able to equal what the malicious actors out there, especially the nation state actors do. They spend literally tens of billions of dollars on offensive security and, and capabilities and skills to be able to attack what they consider to be their adversaries. Right? Which of course we are one.

 

And so, you, you just can't match that. They have unlimited budget, unlimited time, unlimited skills and they're constantly thinking about new ways to be able to breach existing technology or a process or, or whatever happens to be the overall security strategy of any company or the government organization in the United States.

 

David Booth:

So, I, I had the privilege of attending the manufacturing Academy that we hold internally a couple of weeks ago. And, and they took us to a brewery, local brewery. And I was sitting there looking at if, if anybody had gone in and taken one of those machines or just one of those machines out, the millions and millions of dollars an hour, that company is losing just on that-

 

Penny Conway:

Right.

 

David Booth:

... that's our reason for doing this. That's why we're having this conversation today. That's where it is, world war three. You know, that's people's pensions. That's people's paychecks going out the window because we didn't protect one machine. We've got to start looking and taking this seriously. It needs to be number one.

 

And Steve says it's in the top three. I say, number one, it needs to be the first thing you think about when you get up in the morning. What am I doing to protect my employees, my customers?

 

Steve Nardone:

We should protect that guy's right.

All:

(laughing).

 

Marsilda Bialczak:

We'll call it mission to one.

All:

(laughing).

 

Steve Nardone:

Yeah, that's right. That's we all want it to be one. But you know-

 

Marsilda Bialczak:

There's your new campaign Cisco. (laughs).

 

Steve Nardone:

It years ago, right? I mean a, you know, say five or six years ago it would probably be number 10 on the list and now it's, you know, it's definitely popped up the stack because people are now starting to recognize that it's a serious issue. But, you know, the important point, and it, it pinpointed this out, is that until they feel the pain, they don't think they need to worry about it.

 

And we get conversations with customers all the time about a risk owner. You know, it might be a small and medium business and they say, "I get it. I understand we want you guys to help us understand our risk. But unfortunately, I'm not sure the C suite understands what needs to be done. How do I make them aware of what they need to do?"

 

And I say, "Let me get in front of them and do my scare the pants off of them presentation. Right?" Because that has a lot of effect ... When you talk about active reaches, what has happened, how it has happened. You talk about the fact that over 50% of the breaches that happen in, in the world are from human error or misconfigured systems rather than those crazy people in the rooms with their hoodies, you know, coding and figuring out these newer attacks.

 

It helps open up and, and, and increase awareness. And that's really where we need to be. Everybody needs to understand this is not an issue that can be ignored anymore. It really is cyber war. We're in, we're in cyber war to.

 

Bill Virtue:

No- not to mention the, the C suite now are stakeholders in the business. So, yeah.

 

Penny Conway:

Right.

 

David Booth:

That's right.

 

Marsilda Bialczak:

And Steve, you brought up a good point because a lot of customers, they don't have the right it budget, therefore they don't have a lot of cybersecurity incident response teams. If you think about our incident response teams are recently being developed and even big companies that we can name them, I'm not going to name them today. (laughs).

 

But they're currently still developing their incident response team. You could see how lack of scars, resources they have, but what they don't understand is that companies like Connection, they partner with Cisco and other companies as well to provide those resources to walk them through different solutions and make sure that they're buying the right solution.

 

'Cause if they don't know what a solution does, if they're not trying it for a couple months or a month and so on, and we do offer all those for free, they don't know if that's the best solution. And let's say they bother solution then what's next? What's the ABC? Right? So, it's always making sure they have the multi-layer because with one layer is never enough. There's always loopholes. There's not a solution out there that actually has everything that the customer needs.

 

David Booth:

So, I think bill says something of a community go, we're also selling a technology called Digital Network Architecture. And there's a presentation I do and there's, there's three numbers that I, I use. 96%, and this was an IDC survey that Cisco asked for, 96% of network changes are still being done manually. Right?

 

Penny Conway:

Wow.

 

David Booth:

70% of policy violations are caused by human error. This is resulting in a 75 to 85% Op- OpEx cost. Now, I, I have been an IT guy and I've been a network guy for really, really long time. And, and part of my presentation, I put two slides up and there's five lines of code in each slide. And I asked the, I asked our customers, what's the difference between the two?

 

One creates a tunnel using SSL one and one creates a tunnel using SSL two. SSL once been compromised by missing one single line. Okay. Of about five or six characters. If you do that, you've potentially put in a compromisable tunnel, straight away. So, I, I, I think those are really, really important numbers. 70% of policy violations are caused by human error.

 

You know, we need to, we need to, we need to identify this. We need to get that information together. We need to make sure that, that we recognize this and goes back to my point right at the beginning. C- our customers, ourselves, other manufacturers got to understand and accept how serious a conversation this is.

 

Penny Conway:

I love that you kind of say that the human, and we've echoed that on a couple of different episodes, that the human element of the security risk is the greatest and the most unpredictable. And I, I've, I've said a statistic before that I think 70 about 70%, similar to yours, 70% of upper management, 70% to 75%, I think, have no idea of the risk they pose when using their machines.

 

And these are, these are the people who are running our companies who are making decisions and things like that, but it's, it's kind of really grown over the years. And so, you know, a lot of these guys and girls who started, you know, maybe in the industry or whatever industry they're in 20 years ago, they weren't thinking about this.

 

And now they're running companies and it's like a, it's new and it's shocking and the amount of data and security risk that's out there is just, it's tough to wrap your head around and maybe some are just hoping they'll retire before-

 

All:

(laughing).

 

Penny Conway:

... it becomes an issue for them. But I think when you, when you look at how big the threat is getting and what people like Cisco and Connection are doing in the industry, there's a lot of people popping up. There's a lot of security solutions and this and that, get this patch, get this piece of software.

 

And I'm sure there's a lot of investors in Silicon Valley that are trying to like pump money into the, the security, the security industry. But I know Cisco is really trying to build up their offer and their stack and their company to try to have that full portfolio. When you guys acquired Meraki about five years ago and I think that there is a new acquisition with duo.

 

So, what, what is that kind of added to what Cisco can offer? How did it round out? And maybe even clarify a little bit, you know, what the f- differences are between that Meraki product and that Cisco product.

 

David Booth:

So, Cisco s- puts a great deal of money into our re- research and development. But they also put a great deal of money to acquisitions. And, and bringing Meraki into the fold was, was, was a great way of understanding where having a cloud-based controller system, specifically around wireless access points and, and that's grown. We now do firewalls, we do switches, we do cameras. So, that, that, kind of in-self has definitely grown within the, the, the Cisco portfolio.

 

Let's take a look at the traditional stuff. We have the access points there, we have cr- controllers there. So, the, again, we now have two recently kind of different technologies doing the same kind of thing. What underpins all of them is, is the threat grid that the Cisco acquired in another acquisition and tell us, which is the largest non-government funded research organization in the world for security.

 

And all of our technologies are, are Cisco, are, Meraki all uses that information, that we resource. We talked about Rob having a lot of IoT at home. Hey Rob, I got 45 devices sitting on my Meraki stack

 

Rob Di Gerolamo:

Believe it.

 

Steve Nardone:

... of IOT devices.

 

Rob Di Gerolamo:

Yeah, yeah.

 

Marsilda Bialczak:

Whoa.

 

Rob Di Gerolamo:

See-

Marsilda Bialczak:

He's got your beep.

 

All:

(laughing).

 

Bill Virtue:

Now we have a, a new guy to reference.

 

Steve Nardone:

Right.

 

All:

(laughing).

 

Steve Nardone:

And you know I now-

 

David Booth:

I now have a new target.

 

Steve Nardone:

That's right.

 

Marsilda Bialczak:

Yeah, right.

 

All:

(laughing).

 

Penny Conway:

You're off the hook.

 

David Booth:

I have it all on the Iraqi. I have the firewall, I have the switch, I have the access point and all of that has embedded into an umbrella. So, I, I use umbrella completely. I have no alerts on my phone (laughs), firewall at all.

 

Penny Conway:

Wow.

 

David Booth:

Because again, it's a layered approach to that technology. I have endpoints on my devices. Even my IoT devices have some kind of security on them. And, and I hope this doesn't encourage people to come along and hack me by them.

 

All:

(laughing).

 

Penny Conway:

I was gonna say I-

 

Rob Di Gerolamo:

(laughs), you say how often, you know-

 

Penny Conway:

How often are you doing a security health check on your network there, David?

 

David Booth:

That's, that's a great suggestion. You know I don't. Meraki has that inside you can actually do a self-analysis. You have ways in Meraki to actually do your own health checks. You went and house check your security health check. It's built into the technology. But I think the bringing those two together, they are very distinct technologies.

 

And they're very specific to the use cases that they have. Okay. But as I said, what underpins them all is that research team. Is that, that advanced malware that they produced and shared across all the technology. And I think that's the key to that. You know, they are two different things and they help, they meet two different objectives for our customers.

 

But it, you can sit there with the kind of knowledge that they all are sharing that level of data. If we, if we take one of the largest software companies in the world and we look at how much data they see on a daily basis, what Cisco sees right now on, on the internet is almost they see in a day what this other security company or this other software company sees in a month.

 

Penny Conway:

Wow.

 

David Booth:

And that's important. Last number I saw was 60% of the internet runs on Cisco technology. Now it doesn't matter whether you're a fan or not a fan of Cisco, you have to accept that if they're seeing that much telemetry that seemed that much data passing through that gonna know, a lot more than most other people are gonna know.

 

Penny Conway:

Right.

 

David Booth:

Th- that make sense?

 

Penny Conway:

Oh, makes complete sense 'cause that's what we've, we've talked about that in the past as well. Is the amount of, with all of the cloud based technology, without, with everything running through the internet as everything gets better because we have the users on those platforms and we're collecting data and they self-improve.

 

So the fact that you've got an increase or a majority of traffic passing through and data passing through, it only makes you able to get better and find, you know, gaps and find weaknesses and, you know, really learn from the user base to improve the product across the entire portfolio. And it's really interesting.

 

I, I didn't know that, that, that Cisco had kind of that we'll say market share, for lack of a better word of the internet. (laughs).

 

David Booth:

(laughs). Visibility.

 

Penny Conway:

Visibility. (laughs).

 

David Booth:

There, there is something else we kind of touched on a little while back and we ta-, I talked about some technologies that can analyze the data that's going through your infrastructure and, and potentially page you at some time in the morning to say, "Hey, we've got a problem here." We need to get into a place where this technology can make choices for us. You know-

 

Penny Conway:

Very true.

 

David Booth:

...our very own-

 

Penny Conway:

Yeah.

 

David Booth:

... president of a marketing department, Jamal talks about, official intelligence and does a great presentation on that. Cisco's moving into that, you know, the se- the servers has a great technology. Its endpoint connects to its UTM to its, its, it's firewall. And if it detects something, it will shut down that, that device, which saves you going around pulling network cables out of things.

 

Great technology, great ideas actually called heartbeat. Cisco has something similar. You know, we have the next generation firewalls, we have ISE for the network access control, and we have Stealthwatch. It's Stealthwatch monitors and see something that's abnormal to the way data moves across your infrastructure. It'll make a choice. The choice that you preserve that says, "I'm going to stop this. This is not going to happen anymore."

 

I'll give you an example. In most cases, most companies we see about a third of the traffic being encrypted, okay? We know that encrypted traffic is now being used for malware. If we see you sitting in the company and I'm suddenly over half of the tropical or maybe three quarters of the traffic is now starting to be encrypted, that's a question.

 

"Why is this happening? This is not our normal amount of data that's moving across, let's make a decision." This technology can do that. If we see this much technology now starting to go or this much data starting to move across there that we're not expecting, we're going to make a choice, we're going to do something to shut that down.

 

Or at least put it in a state where a human being can come along and make a decision. And, and that's what we need to be with this technology.

 

Penny Conway:

Right? Right.

 

Steve Nardone:

Well the key points are, are complete visibility or as much visibility as you can across the entire ecosystem. And that takes, you know, technology that is in different locations within the stack itself that actually can communicate and collaborate together, and there's definitely something as Cisco brings to the table.

 

We find and we always advise our customers to be thinking about that overall strategy rather than buying, you know, 25, 30 different pieces of technology from different vendors. I look at something that is a unified security stack kind of approach and that gives you that level of valuabilty.

 

So, when that, when something does happen, you know, the end point sees something, the end see something, gateway see something, all of those things are all correlated together. Say this is probably, you know, an event that really needs to be looked at it in some way, shape or form. You know, especially if it's behavioral related, right?

 

So that, that's really sort of the key thing and having our customers understand that they need to be thinking about that as a solution. And a strategy is something that we're always talking about. But again, this gets back to perception of risk and budget and, you know, that's where the big challenges is, is trying to that.

 

Penny Conway:

Right.

 

Bill Virtue:

They, they, from a Cisco perspective, the customers I talked to you, they've got empathy end point. They've got ISE for net, they've got DNS security with umbrella, but they don't have Stealthwatch. Right? So how do they get that visibility and that analytics in there? They've got all this great platform, all this great technology in place, but they don't have that visibility across the infrastructure.

 

Steve Nardone:

Yeah. And it gets back to that. We talked about this in one of the earlier podcasts as well. Oh, are they really? Do they, are they aware of what they have? And are they leveraging everything they have? Right. And we see that on a regular basis. They don't even recognize that there are tools that are at their fingertips and all they have to do is simply turn on and there'll be a lot better protected from that.

 

Complete visibility, protect, you know, prospective, we just talked about.

 

David Booth:

And, you know, Cisco is addressing this as well with its moving to doing enterprise agreements. You know, we, we, we recognize the seriousness of this, of this, this type of technical challenge that we have. So, Cisco turns around and says, well, you know, if you're buying Stealthwatch, if you're buying umbrella or if you're applying ISE, well let's put it into an EA.

 

We, we know you're as conscious as we are about your budget. Let's put it into an enterprise agreement. Once they put in the EA, they have access to all of the other security products. So, again, Connection is now we have customer success managers that are part of our organization. So, you know, we sell these, these EAs or we sell this technology and, and we find that the customer hasn't even turned them on.

 

We go back 12 months later and say, "Here's your renewal." "What am I renewing for? I never used any of this stuff. Are you kidding me?"

 

Penny Conway:

Right.

 

David Booth:

Right. Okay. I, I'm, I'm either the world's greatest salesman because I made you spend $300,000-

 

Penny Conway:

That is true. (laughs).

 

Steve Nardone:

(laughs), That's right.

 

David Booth:

[inaudible 00:34:12], grand event. I mean seriously. So, we have people in the company, Tiffany Lou, Gary Harmon, that will help a customer to get the best out of their investment. So, we can address those questions when we involve them. We can turn it on and say, "You now have this EA, you bought it because you wanted stuff. Well she bought it because you wanted ISE.

 

But you do have umbrella now and you have amp for endpoints, and you have access to a virtual email security appliance. You have this, let's get it working, let's, let's, let's start engaging our security practice and getting the best out of the investment you're making."

 

Penny Conway:

That's excellent. So i- it's, we've kind of talked about, you know, overall for, for weeks we've been talking about the, the, the threat that just keeps growing and growing. And companies like Connection and Cisco trying to develop and combat those threats and get ahead of them, be more proactive versus waiting for something to happen.

 

So, if your organization is, you know, in a position where security is in the top three, hopefully it's getting to the top one. And you're not quite sure what you have out there currently on your network or what your solutions are in place. Marsilda, I think, put it perfectly a quick, you know, 14 day, I think proof of concept or trial or discovery, proof of concepts.

 

One of my favorite words, (laughs), across the board. But taking some time with our team to understand what those threats are, what our remediation plan is, what a gap plan is. And then on the other side of it, maybe, I think you are a really good salesman if you, I mean I wanna buy it right now, but, you know, after that sale, after you've had that discovery, after you've, you know, you've bought in, and you're gonna be more secure.

 

And this is a top priority it's important to know that on the other end of things, there's customer success managers that are gonna really help you implement that now. And do reviews with you and make sure that, that technology is being utilized the way that it should be. And so, bravo to you, 'cause I think that, that is a huge gap sometimes in that follow up.

 

After the sale of making sure that there's value in it because they could still buy it, not really implement it, have a risk. And then there's this perception that what they bought didn't actually help them at all. So if you're an organization out there, and this sounds familiar, and you are in this, (laughs), seat right now, give our team here at Connection a call our Cisco team, our security team, and we will get you on the path to being more secure.

 

But David, I'm not going to let you off the hook just yet and do a fun little exercise with my guess. I'm gonna ask you, you and Marsilda a couple of questions and then we will close out for the day. So, David, I know you've been an IT director in past life. Hopefully this isn't your answer, but if you weren't doing what you're doing today at Connection what would you be doing as a job?

 

David Booth:

Well, I, I, (laughs).

 

Marsilda Bialczak:

(laughs).

 

Penny Conway:

Dream job as well. That's why ... don't say IT Director.

 

David Booth:

That's a, that's a, that's a tough question. I've had a lot of jobs when I was at the hospital. I was IT director of a hospital. I, I wanted to be the best IT director I could. And I, I would have tra- challenges talking to some of the, the providers, some of the doctors and nurses.

 

So, I actually went through and took my first responder EMTB NMTI classes so that I could have a clinical background. So, if I was to go back, I'd reactivate those. And, and part of that process is being in a fire department. So, you know, I, I've got those certifications. So, if I wasn't doing IT, I'd probably be doing some other kind of customer service roles, like being an EMT or fireman again.

 

Penny Conway:

Oh, I love that.

 

Steve Nardone:

I think that's all. It's a good answer.

 

Penny Conway:

Marsilda, how about you?

 

Marsilda Bialczak:

I am a huge believer on what David said, that every step, every experience in your life leads to something else. So, even if I would have gone back in time, you know, I've been in sales, I've been in marketing, I worked for startups and big companies, but like, he basically led me to here and I love my job.

 

I love helping account managers, helping customers and working with David very closely on making sure those customers are happy with what we provide here at Connection. So, I'm happy where I am, so I don't think I would change that.

All:

(laughing).

 

Penny Conway:

Wow, that's pretty impressive. (laughs).

 

Marsilda Bialczak:

Yes.

 

David Booth:

That's a connecting-

 

Penny Conway:

Your, Your dream job. I was gonna-

 

All:

(laughs).

 

Penny Conway:

... say here, you know what though, if people looked at my LinkedIn or my Facebook, I say the same thing. Like I, I really enjoy what I, what I do here at Connection. So, I, I echo that right there, Marsilda-

 

Marsilda Bialczak:

We do have a great team.

 

Penny Conway:

Last, last set of questions for you David, for your personal use, what is your favorite piece of technology that you use? And, I'll ... you have 40 IoT devices. So, I'm really interested to get your opinion here.

 

David Booth:

So, I, I'm, I'm, as I say, I've been in IT for 30 years so people can probably guess my age. My generation were the ones who really got into playing games. We were the arcade experts; we were the ones who spent a lot of that time. So, I'm a big follower of a particular gaming, kind of stories actually Assassin's creed. So, I spent a little time playing, Assassin's creed. So, my, my favorite technology is going to be my, my 4K 9Q Samsung TV.

 

Penny Conway:

(laughs).

 

Steve Nardone:

(laughs).

 

David Booth:

I definitely a big Samsung fan and my PlayStation and hopefully the new PlayStation, when it comes out.

 

Penny Conway:

(laughs). And what's your least favorite piece of technology? But it's useful so you keep it around.

 

David Booth:

You know, and we don't have, a least favorite. I- I am a tech, I'm very passionate about technology and I value technology. I- I think it, it, it allows us to do the more important things in life. If we can ge- get rid of the mundane tasks, we can get rid of the things that we don't need to focus on, and we don't need to put that energy into.

 

It allows us to use that energy for something else. I really don't have a least favorite. So, I, i- it's difficult question to answer.

 

Penny Conway:

I like the, but I like your, it's a good answer. It's, you actually clearly are using it to its fullest advantage. So good answer. And-

 

David Booth:

My, my blinds get opened in the morning, automatically turn around to Alexa-

 

Marsilda Bialczak:

(laughs).

 

David Booth:

... say Alexa, "Open my blinds,"

 

Penny Conway:

Oh my God, I love it.

 

David Booth:

I have about 30 windows downstairs. (laughs).

 

Steve Nardone:

(laughs).

 

Marsilda Bialczak:

Waking me up. (laughs).

 

Penny Conway:

(laughs). We all have our own pieces of technology.

 

Marsilda Bialczak:

Yeah.

 

Bill Virtue:

You keeping it with that Rob. (laughs).

 

All:

(laughing).

 

Penny Conway:

We're getting, we're going to do a battle of the IOT house over here. (laughs).

 

Rob Di Gerolamo:

Let's just say I'd lose, you know.

 

Penny Conway:

And Marsilda, what's your favorite piece of technology that you use?

 

Marsilda Bialczak:

So, I'm really into social media, like, you know, bringing communities together and sharing what our team does here. So definitely, recently I started like, using the Umbrella free version and also duo on my phone as well to make sure that at least I have some type of protection. But at the same time, not super giggy so, I rely on my husband to protect us from all those (laughs).

 

All:

(laughing).

 

Marsilda Bialczak:

That's in the house so we can have a, he's in the cyber security field as well, so it works perfectly fine.

 

Penny Conway:

Excellent. And your least favorite piece of technology?

 

Marsilda Bialczak:

I don't know. Nothing comes to my mind yet. (laughs).

 

Penny Conway:

All right. That's a tou- that's been a tough question for people. The least favorite?

 

Marsilda Bialczak:

It is.

 

Steve Nardone:

I don't have one.

 

Rob Di Gerolamo:

I got one. Oh, okay. Rob, what is it? Well, I would say it wouldn't be hard for me. It's my task manager that he used to manage all my tasks-

 

Penny Conway:

All the things you have to do.

 

Rob Di Gerolamo:

It just constantly reminds me how much I suck. It's a use to have a tones, you know.

 

All:

(laughing).

 

Bill Virtue:

It's not the app it's-

 

Rob Di Gerolamo:

Yeah, it's not the apps, but maybe it's me, I don't know.

 

Marsilda Bialczak:

Oh, great.

 

Rob Di Gerolamo:

But, definitely my least favorite.

 

Marsilda Bialczak:

(laughs).

 

Penny Conway:

Oh, I love it. All right. Thank you so much, David. Thank you, Marsilda and our entire security team here with us, again. Visit Connection.com and engage our Cisco and security team, to help you be more secure. Thank you, guys.

 

All:

Thank you to.

Play this podcast on Podbean App