Listen to "All Things MSP" on Your IT Podcasts!
Justin Esgar:
This week has been absolutely insane with technology, right? Just everybody is coming at us this week with stuff. The amount of requests this week and it, it's not like nitpicky stuff either. It's just been all week. Is it just because Christmas break is officially over because now it's February that people are I think so. Yeah. I hate it. Hey, that's
Eric Anthony:
How you make money. So Liquid Death, hashtag not a sponsor, right? If we discussed it before on the show, I don't know that sparkling water, if I drink too much of it, it can cause me problems with gout and stuff like
Justin Esgar:
That. Yeah, I think we did a little bit.
Eric Anthony:
So what I did this past week was I ordered a liquid death water bottle so that I can have a liquid death water bottle while we're recording the show and can be on brand
Justin Esgar:
Hashtag
Eric Anthony:
Not a sponsor. And thanks to our sponsor, super ops.ai, the P-S-A-R-M-M platform that's designed for fast-growing MSPs built for future, built for growth Super Ops. And don't forget, they've got Super Summits coming up all over the place this year. Check 'em out. Go to atp.link/super Ops.
Justin Esgar:
What's up everybody? Welcome to the All Things MSP podcast. I'm your host Justin Esker. With me always my good friend and podcast producer extraordinaire and non-Apple Vision Pro owner. Mr. Eric Anthony. I dunno if you can see it. If you're watching this in the video, I can even see this incredibly, I have red marks on my head here. It's because you can't see it. I've been wearing the Apple Vision Pro for the last four hours, immersing myself away from reality. We have a great show for you today. We're not talking about the Apple Vision Pro, that'll come later, but we have a guest today. I love it when we have a guest makes the show a little bit easier for everybody. We'll bring on our guest from UTM Stack. Hi Mr. Yay. This is Rick Valdez from UTM Sac. Rick, what's up man? How are you?
Rick Valdes:
Hey, doing great. How is that Vision Pro? How is the experience so far?
Justin Esgar:
I'm not dizzy, so we'll go with that. I haven't walked into anything with broken any ovens. By the way, if anyone hasn't seen that, there's a TikTok of a woman trying out. It was like someone's mom was trying out some VR set for the first time and she ran right into her oven and her knee shattered the glass all over. That was good. Check it out. We'll find that TikTok and post it at facebook.com/groups. All things speak Rick's here from UTM Stack though. Let's talk about that. Rick, why don't you give everybody a two minute rundown on what is UTM Stack and who are, and then we'll get into talking a little bit more about it.
Rick Valdes:
Sure. Probably will take me about 30 seconds only. It's not a long story. Well, I'm the founder at GTMS Stack. UTMS stack is an open source 100% free project. In summary, it's a cybersecurity platform that delivers block management, threat detection and response threat intelligence, vulnerability management. The solution has been evolving since 2016 and we have a lot of contributors around the world. There are no caps. So the solution is free and open source accessible for everyone. Licenses, comprehensive and friendly for MSPs. And well, I'm very grateful for this invitation to this podcast today, so happy to answer any questions.
Justin Esgar:
Yeah, awesome. Thanks for being here. So let's just jump right into it. You're offering a security solution that is open source. And I know a lot of people listening are going to question this, right? Because when it comes to open source solutions, the question that many of the people have will be the level of support or the level of it being up to date and actually functional. Because as an open source platform, you're typically not backed by the giant PE firms or Cisco or whoever. So what is the advantage point here other than it being open source for UTM stack over some of the other security platforms that are out there?
Rick Valdes:
Well, there are several advantages. The first one is by being open source and these should not be seen as an open source solution that is being maintained in an informal way. Actually, we have a lot of enterprise contributors behind product the project. The main contributor of course is UTM Stack Corp. It's a company here based in Florida, the Sunshine State. So we keep the solution very well maintained. If you go to arpo, you will see more than a hundred commits every single month. We have releases almost like one release per month. We keep track of course, of all the dependencies. We check that there are no vulnerabilities. We have static analysis in place, dependency analysis in place to make sure everything is safe and well maintained. And that's the business model. So UTMS stack is 100% free paid customers get the same thing that the open source free customers are getting. So our differentiator is support. We need to make sure that the solution is well maintained, that is up to date and we need to be able to provide support for that. If not, there is no business for us. So it's an open source solution, but it's maintained by enterprise. So you will get pretty much the same level of support and maintenance you will get from a traditional closed code cybersecurity solution.
Justin Esgar:
So the paid model is that if you pay to get support, otherwise you're on your own, right? That's what you're saying?
Rick Valdes:
Yeah, but even being on your own, you will still have the latest code. You will have a code that is free of errors because our paid version goes at the same speed as the free open source version. There is no difference. The support will be for things like, hey, training, I need help setting up this integration. I need help with installation and configuration. More like an assistance type of engagement.
Justin Esgar:
So money aside, why go open source? Why do an open source? I mean look, security is a big thing in our industry. Everybody's trying to get a piece of that pie. Why go an open source with it?
Rick Valdes:
Well, at UTM stack, we believe there is actually a big gap in the market for open source solutions. We have two options. We either go close code and compete with the big guys, we'll know their names. Splunk Alien Vault curator, they're great solutions. They have been established in the market for a while. So for a solution that was born in 2016 to establish in the market and compete with these guys on a closed school market, it would be extremely hard. However, there is' a space that a lot of MSPs struggle with and it's a gap in the market in which you are in a small MSP, maybe anywhere from three to 20 or 25 employees, you need a cybersecurity solution to provide SOC services to your customers to get them compliant with regulations. And you go out there and you realize that the cost of the solution is more expensive than what you're paying for, what your customers are going to pay you for the service.
So UTMs Stack as an open source solution will allow you to get started without having to get into any type of commercial engagement. Your own developers or your own engineers, if they want to specialize in the open source solution and push forward, they will be able to do it. They will be able to support it even without a commercial engagement with UTM stack itself, there is a big space in the market right now. We look at the open source solutions out there. They say, Hey, we are open source solution. But when you go and look at the fine prints, the small letters behind below it, most of them say, Hey, we have an elastic license and this elastic license say, Hey, if you're a managed services provider, you cannot use this solution. That happens with a bunch of seams in the market right now that unfortunately stop being through open source options.
Justin Esgar:
I mean, look, it sounds like you've put a lot of time and effort and thought into that, right? Because to be a David in the field of Goliaths when it comes to security by going open source, and so kudos you for doing that one. What are some of the tools that come within your security stack?
Rick Valdes:
Well, some of the things that you can do. So it is security stack. UTM is a unified management, but the core is log management. The idea is that it's something simple to deploy, connect with everything, get log management in place, get compliance with regulations, hipaa, G-L-B-A-C-M-M-C, any regulations that you need to comply with. And of course get other features like the ability to track user activity, file classification, wound net scanning, threat intelligence. Those are all also features that can be enabled inside the stack.
Justin Esgar:
Obviously log management really important because you want to know who's doing what and when. And if you're an MSP and you're not thinking about doing any sort of log management, you know what? To be honest, I'm saying this out loud and I'm calling Bluff on myself because Apple people don't give a crap about this. So if you're a PC based, if you're Windows based msp, you should care about log management, you should be thinking about that kind of stuff because that data is massively important for those compliance reports. And especially if you're a smaller MSP and you want to get in the game of bigger clients, you could be a two person MSP and taking care of a healthcare system. It's been done before, but you need to know that you have the right stuff, the right tools in place to protect that client. And I think that's kind of what Rick you're getting at here is that it being open source, it being free is allowing those smaller MSPs to have a chance at getting those larger clients because they can backbone off your platform. Yeah,
Rick Valdes:
Yeah. That is one way. And you mentioned something there that is key. Usually the type of clients that will be interested in these solutions are the ones that have to comply with some regulations. For example, financial institutions, healthcare. And they usually don't have the personnel in house to do that. So what do they do? Well, they have to look for an MSP to provide the service. The MSP is usually going to be the first door. They're going to be knocking, Hey, and you guys do this. If the MSP says no, then they're probably going to SaaS offering or somewhere else. But this is a very powerful revenue generator opportunity that MSPs can start capturing if they have the solutions in place to tell those clients, yes, I can do it when the opportunity appears.
Eric Anthony:
So what platforms does UTM stack support? Windows, Mac, Linux?
Rick Valdes:
Well, they can connect to pretty much everything. You can connect it to Cisco devices, you can connect it to Windows Mac, office 365, Azure, AWS, Google Cloud. We have more than a hundred integrations so far I think that you can connect to them, correlate all the events that happened and if the threat is detected, well take action.
Justin Esgar:
So I'm on your website here, we're taking a look, right? I see there's services, you got sock as a service dark web monitoring, which I think is major, which if you're an MSP, you should absolutely be selling dark web monitoring at this point to your clients vulnerability assessment and even pen testing. You have pen testing built into your platform? Yeah,
Rick Valdes:
More like a tool. So the platform is a really good tool for penetration testing. What we do is we basically compile the results of the vulnerability scanning and the asset discovery that happens inside the platform. And we mix that with something called SOC ai. It's an AI built inside UTM stack. And with a combination of those two, we can generate some sort of automated type of penetration testing, but the ultimate goal is to help penetration testers do their job a little bit faster. So that's kind of in a nutshell, the things that are supported in tech.
Justin Esgar:
Tell me more about your So ai, I like the name of that.
Rick Valdes:
So let's say you're an MSP, okay? This big hospital came to you and said, Hey, we have this opportunity, we need to be HIPAA compliant within the next six months. You get UTM stack, you install it, you get it up and running, and your engineers are maintaining it all good. Now, how do you keep this organization protected? What happens if a ransomware starts to spread out at 2:00 AM or at 3:00 AM or what happens if someone is trying to break into the network with an unprotected file server or an IS server exposed to the internet where they didn't block the RDP port? That type of things could happen at any point during the day. So you really need someone to be on top of that. And usually that's what security operation center teams do. So you would probably need something like a 24 7 SOC around the clock checking what's going on.
Hey, I have this alert, what's happening here? Let me investigate a little bit. So SOC AI helps those organizations that don't have the personnel or the budget to get a 24 7 SOC. Instead of having a twenty four seven SOC just name on-call engineers, Hey, you're my on-call engineer and have soc ai do the 24 7 monitoring. If the AI sees something that could be considered right threat, it will tell the engineer on call, Hey, there is an incident here, you should look at this. And the way this AI gets better and better and better is by modifying its baseline continuously. So the longer it runs, the more it learns from your architecture and from your company. So it will get to the point where it will be really smart and I will know exactly everything that is happening and every point during the day in your organization. So it's that alternative to a 24 7 security operation center.
Eric Anthony:
So speaking of sox, are you compatible or are you partners with any of the outsourced SOCs that are out there so that if an MSP already has a SOC but they want to utilize UTM stack, are there some of the SOCs that actually work with UTM stack?
Rick Valdes:
Well, any SOC team could use UTM stack at any point in time. It would actually be very simple to implement, just have to spin up UTM stack and connect it to the data sources that are streaming logs and events. Just repoint them to the UTM stack collectors. So yeah, it all depends on the scenario, but your answer I would say is yes.
Eric Anthony:
And then we're talking about AI with the SOC AI and what probably the language model doesn't matter, but is the language model spun up specific to a client or specific to an MSP or is it a shared large language model?
Rick Valdes:
So that's a really good question. So when it comes to the large language model that we use, we actually give the MSP the flexibility to choose. 99% of the time it's going to be some sort of open ai. Now, the main difference between using the open AI large language model directly and using, I'm using soc ai, is a retrieval augmented generation database. So UTMS stack has a retrieval augmented generation mechanism inside it in which it will be able to pull relevant information from the database and from the history of events and from vendor documentation. Once all this information is collected, then it is provided to the LLM as contextual information. So the LLM is not only analyzing the data, but it's analyzing the data with context that is going to tell it, Hey, Cisco says this is a high severity alert, and also this vendor says that this happened back then and also this alert has never happened in your organization before. Okay, so it is going to get all that information as context, that's what it's called, redevelopment generation provided to the LLM. And at this point, the LLM just becomes a resource to create a polite answer or an apple polite explanation to the user because all the relevant context is already being given. So that's the power of So ai,
Justin Esgar:
I do like that. I like that a lot. I think the idea of using AI to weed out all of the stuff, because all of these tools, especially your entire development that you have here at UTM sec, it's so overwhelming for a one two person, three person shop. And to have AI basically parse that out for you and say, you know what? Don't worry about these things over here. I got that. Here's the important thing that you need to worry about. Which out loud sounds completely ridiculous. So many of us were brought up and like, no, I got to take care of everything and every little prom and everything, whatever. But in reality, taking this out of UTM staff for a second, we use Uptime Kuma at Virtua and the amount of alerts we get are unbelievable. Literally our Slack channel for it is flooded because it's up, down, up, down, up, down.
And usually it's fine when it's up. I would love something like this in this, bring it back to sock AI would be like the, Hey, it's 9:00 AM and these are still down kind of thing. You should go look at this because I've already looked at all the other ones and they're all up for you. You know what I mean? That's what you're getting at, which I think is really important because you could have the system extrapolate the important stuff that someone needs to get done to make sure that their client is safe and secure and probably puts money in their pocket as an MSP.
Eric Anthony:
Yeah, and it's very similar to what I used to do manually. So I put rules and autotask so that when back when I was using Hound Dog, if something went down, it created an alert and created a ticket. But unless it was down for more than 10 minutes, the ticket never, the ticket notification never came to me. So it's kind of like that, but it's in something that can automatically learn and understand the context of, okay, this is happening over here and this is happening over here in another place. What do those two things happening at the same time maybe mean?
Justin Esgar:
Yeah, Rick, lemme ask you, everybody loves a good dashboard, right? What kind of dashboarding am I getting for my free open source security stack here?
Rick Valdes:
Well, you're actually getting the same thing that the paid customers get. There is no difference between paid and free plan support is the only difference. Would you get a dashboard visualization builder? It's 100% flexible and everything is interactive. So back in 2016 when we started the development of UTMS stack, we were actually using Kibana behind the scenes and we were like, this is not exactly how I would like the system to be behave, because QA is a great tool, but it's a jack of all traits. You can analyze metrics, you can analyze logs, you can do a bunch of things with it. And when you click something, it does not necessarily render the behavior that you would like for a scene. So in 2017, king, we said, Hey, we need to come up with our own thing. So UTMS tech dashboard and visualization system is completely flexible.
You can create your own visualizations, your own dashboards with no lines of code required, just a bunch of clicks and everything is interactive. So you click a component and it was going to take you to the event or the alert that explains what is going on. So it's not like they're going to click it and something weird is going to happen. You click it and you're going to see the information that is relevant to what you're clicking. And those and a few other features were the main reasons why we decided when it's something great, especially for a team,
Justin Esgar:
The lack of coding is a good thing. Especially, I mean, I always say I'm business for a technology second, and whenever I have to look at, I mean, I could barely speak English little in another code or understand what an API get is or whatever. So the fact that it's drag and drop makes me kind of excited. I don't have to really worry about, because we have people on our team who manage that stuff and they try to explain it to me and I'm just like, nah, is it purple? Which really undermines my authority for hosting this podcast, but you all know you love me. Well, this is all really awesome. So completely free full stack security for people. Where can people find you? Where can people find out more about UTM Stack online?
Rick Valdes:
Well just type UTM stack. You're going to find us in a bunch of places. You're going to see the GitHub repo where we have all the history of the project, the contributors, you can open an issue if you have free open source users with no support plan can open issues there, and it will be taken care of. You can also see a few implementation guides published by linux.com. We are contributors to open source, several other open source products, and we have partnership members of the Linux Foundation. So you will see a few articles about UTM stack there as well. And well in general, you type UTM stack in Google and you're going to have a lot of options.
Justin Esgar:
Awesome. Well, Rick, thanks so much for being here and explaining what UTM Stack is. I think it's a great product. I think a lot of MSPs can get a lot of value out of it, especially if you think about the fact that, like Rick said, it's free unless you need support. And if you're that good, leverage it and use that to make money on your clients and add this to your stack. Make sure your clients are compliant and get some sleep because the AI's doing its job. That's it for us here at the All Things MSP podcast. Check us out on all your favorite podcasting apps. Go do facebook.com/groups/all things MSP to see what's going on. Get a welcome from Eric once a week, and usually me if you join the group, check us out on YouTube, youtube.com/at all things msp, subscribe, like share, leave a review, tell everybody you love us. That's really all we care about. I'm Justin, that's Eric, that's the show. Bye.
Eric Anthony:
Thanks for listening and don't forget to subscribe to us on your favorite podcast platform. You can also follow us on Facebook, but better yet, go ahead and join the Facebook group. You can also follow us on Instagram if that's your thing. And make sure you subscribe to our YouTube channel at all things MSP to catch us in all of our video glory. And last, but certainly not least, if LinkedIn is your thing, you can follow us there as well. And a special thank you to our premier sponsors Super Ops Move Bot goes into Easy DAC and comtech. And we also want to thank our vendor sponsors. The All Things MSP podcast is a biz POW LLC production.