Ever wonder if you should be offering cybersecurity services? Are you taking on liability that isn't worth it? I sit down with Scott McCrady CEO of SolCyber to discuss the opportunities and benefits of partnering with an MSSP.
[00:00:00] Welcome to MSP 1337. I'm your host Chris Johnson, a show dedicated to cybersecurity challenges
[00:00:14] solutions, a journey together, not alone.
[00:00:21] Welcome everybody to another episode of MSP 1337. It is Tuesday and we are releasing a
[00:00:28] unique experience opportunity to hear from someone in the industry. I have asked the CEO
[00:00:37] of SoulCyber to join me Scott McCrady. Welcome to the show.
[00:00:41] Hey Chris, thanks for having me. Pleasure to be here.
[00:00:46] So if you could just tell our listeners a little bit about yourself, kind of give them
[00:00:50] the elevator pitch of who SoulCyber is and then we'll jump into today's topic which
[00:00:56] is the intersection of MSPs and MSSPs.
[00:01:00] Yeah, perfect. So hey everyone, thanks for listening. Thanks for joining Chris's podcast.
[00:01:08] I've been in the MSSP space for almost since its infancy. I'm an engineer by trade and
[00:01:14] way way way back in the day I was rolling out firewalls and IDSs for any of you who
[00:01:18] have been around the block. These are the old Nokia appliances. You need to hit one
[00:01:22] if you want a checkpoint and you hit two if you wanted ISS real secure. We're
[00:01:25] deploying those all over the world. At the time we didn't know what to do with the data.
[00:01:30] So actually started building a sock inside the Knox for EDS again this is way back in
[00:01:36] the day and then ended up getting hired away by into Symantec and Riptek. So Riptek
[00:01:43] was the very first MSSP founded out in DC and again this was focused on sort of
[00:01:50] the Fortune 500 and at the time everybody that had money in the big into town they sort
[00:01:57] of knew that they could use somebody to take a look at the data analyze it and let them
[00:02:01] know when something bad was happening. So the secret sauce was really the Sym in the
[00:02:05] cloud at the time getting large enough servers on prem wasn't really feasible to
[00:02:12] actually build a Sym. So your Sym actually was in the cloud way back in the day.
[00:02:16] And so that was that was what we did was we took data feeds from back then firewalls and
[00:02:22] IDS is we correlate them analyze them and let the customer know when something bad was
[00:02:25] happening. So I helped build their APJ business. So I got sent to Sydney and set up socks
[00:02:31] in Asia, India, Japan, and then I ran the global MSSP business for Symantec for
[00:02:39] quite a few years and then went from there and helped set up fire or I amandians
[00:02:43] business. So those have been around the block fire I so this lends itself beautifully to our
[00:02:52] conversation today because question that comes to mind for me was when you're dealing with
[00:02:56] clients like that what did the responsibility matrix look like you know that the shared
[00:03:01] responsibility matrix that I think about you know yeah so do you watch our stuff like between
[00:03:07] eight and five and if you do more than that like how does the billing work and like don't call me
[00:03:13] when I'm on the golf course like because if you're just telling me bad things are happening
[00:03:18] who's who's remediating. Yeah it's it's I really love that question because that really
[00:03:23] goes to sort of why why Sol cyber after doing this for 20 years why did we need to start
[00:03:27] another MSSP and one of the core reasons is MSSP is in the traditional model which would
[00:03:34] be something like what you talked about Chris which is large global 1000 they set up all their
[00:03:39] security stuff they send the data to an MSSP MSSP sends back alerts and that fortune or global
[00:03:45] 1000 consumes those alerts it's a very arms length relationship there we are really just
[00:03:51] an alerting service for the most part in the legacy model and so the ability to help
[00:03:56] remediate was very limited in the capabilities for most of the traditional MSSP is out there
[00:04:02] and ironically still to this day that model is the primary model you'll see which again is
[00:04:09] relatively limited support for remediation. Yeah it's it's funny last week so I do a monthly
[00:04:17] fireside chat with Matley from Pac-Sate and we've been stepping through the CIS controls
[00:04:23] and last week low and behold was you know control 13 network monitoring and defense
[00:04:29] in the first safeguard in there is centralized security event alerting which is exactly what
[00:04:33] you were describing so so continue on like tell me more about why Sol cyber because I think for
[00:04:40] you know those listening you know hearing from MSSP is a different model than hearing from
[00:04:47] the more traditional vendor space where it's like where your sock where you're
[00:04:50] filling the blank where the Swiss Army knife for your security outsourcing saying MSSP
[00:04:56] really gives me a different kind of comfort than just the smorgasbord or buffet of security
[00:05:02] service offerings and it's like oh no you didn't check that box we don't provide that service
[00:05:06] that's an additional those are all the olacart things or you know the integrations that we
[00:05:11] have but not necessarily you know what makes us the vendor that we are. Yeah so to keep it
[00:05:19] pretty high level the fundamental problem that you see in organizations is their ability
[00:05:24] to operationalize security programs right so they can all go out and buy a great tool great
[00:05:28] endpoint tool they can go out and buy a sim they can go out and buy there's there's great
[00:05:33] technology out there so how does that companies keep getting breached well the ability to
[00:05:37] operationalize those tools into a consistent pattern in a repeatable effort that can
[00:05:44] sort of withstand pressure over time is really a major gap and so Sol cyber we put ourselves into
[00:05:50] the mssp category because honestly it's about the only one out there but we're really more of
[00:05:54] like a drop in security program as a service and so you get your tooling and we use best in class
[00:05:59] tools and we evaluate like every tool we use and we really do try to find like the best in class
[00:06:04] we're not trying to find like the cheapest AV solution again you're not saying like use our
[00:06:08] proprietary Sol cyber firewall you're saying based on you sent a one yeah yeah so uh so you
[00:06:18] guys advertise this on your website like I think it's something to the effect of like the five
[00:06:23] cybersecurity tools that you should be using talk to me a little bit about that and then we'll
[00:06:27] jump into the that the intersection of the two yeah so the we actually viewed as like a spectrum
[00:06:34] right so the very like the basics you should have in place would be obviously something around
[00:06:40] endpoint and something around I mean something around at least the legacy antivirus I mean
[00:06:45] right and so um but really where we see most of our customer start is what we call the trifecta
[00:06:52] and this is essentially advanced email security so not hygiene so one of the problems that we
[00:06:58] have in the industry is when people think email security what they're actually talking about
[00:07:02] is hygiene it's like oh spam got through yeah that's not advanced email security advanced email
[00:07:07] security is business email compromise detection account takeover uh and obviously advanced
[00:07:12] phishing and whaling techniques sure you need advanced email right you need advanced
[00:07:16] endpoint capabilities um and obviously the management detection response around that
[00:07:22] and you're talking about a shift from what an msp is probably already has some of the things that
[00:07:26] you're referring to as they should be doing like the more of the spam filter the those types
[00:07:32] of things and and what you're referring to is is they shift into sort of that security stack
[00:07:37] the trifecta is now what's being layered on top of that correct correct and then you should have
[00:07:43] security awareness uh training and obviously phishing simulation sure and those are like the three
[00:07:49] basics and again anyone can go buy you know a great email security a great endpoint and a great um
[00:07:58] you know tool for security awareness training sure problem is again we see people not operationalizing
[00:08:04] even those three what we call you know the trifecta very well well because you I mean I think one of
[00:08:10] the things that we used to see all the time is we would buy tools because they were shiny
[00:08:14] they allegedly solved the problem based on the line card and then we'd run into the brick wall
[00:08:19] because we weren't experts on how to implement and configure so allegedly we turned them on and
[00:08:24] in many cases we turned them right back off because we're like we're not getting any mail
[00:08:28] that's right no and it's amazing how many people out there have really good tools that aren't
[00:08:33] actually working at all or very well I'll use the edr like sure we use we use crotchbreak and
[00:08:38] sentinel one they're really really really good but they're not your av of old where you just
[00:08:44] right deploy them and let them run I mean they're have to tune them you have to tune them you have
[00:08:48] to use them you have to use them to look at stuff you have to watch adobe acrobat what's
[00:08:53] going on oh yeah that's not an approved application that's right that's right and so
[00:08:57] it's it's you get people are like well you know I need to upgrade my end point so I'm just going
[00:09:01] to buy a good tool and we're like right yeah we saw a lot of that when I was so once upon a time I was
[00:09:08] with an mssp it's getting further and further in my review but one of the things that we'd run into
[00:09:13] is we often came in after something bad had happened so they've gone through a forensics
[00:09:18] the fill-in-the-blank vendor had deployed something like a crowd strike and yep like so
[00:09:22] were we bringing this over to you does it go away and we're like well let's take a look at
[00:09:26] what the configuration was and oftentimes for forensics they just turned on default because
[00:09:31] they're just looking for the big anomalies that's right and then when we look at okay this is you
[00:09:36] know counterintuitive to the product you're using that goes alongside that so you know you don't want
[00:09:41] to run probably crowd strike and set in a one at the same time in the same environment that doesn't
[00:09:45] make sense and we would get a lot of those because you know of what had happened and so to
[00:09:50] your point like you know just getting a product because it's a good product doesn't
[00:09:53] necessarily mean it's the right product for the environment you're deploying it into
[00:09:57] 100 we call it the we call it the overlapping fence syndrome so you're building a fence around
[00:10:01] your property and what do you do is you put three pieces of wood right beside each other on top
[00:10:05] of each other then you leave this big gap and you put these other three pieces of wood
[00:10:09] on top of each other and you have another gap and then they go I don't know why I don't know how
[00:10:12] someone got through you can't talk but you can't knock the whole fence over because like it'll
[00:10:16] stop whatever runs into it it's just it has to run into where those three boards are exactly
[00:10:22] and so we we spend a lot of time with customers trying to optimize because there are things that
[00:10:26] you can do that if you do them well get you a lot of coverage sure classic 80 20 right if you do the
[00:10:31] 20% really really well you can get 80% of your coverage I mean you you literally are just defining
[00:10:36] in the security space the 20% rule is actually a big deal you don't have to do all of it you
[00:10:42] just have to get some of it I mean if we can stop some things it would slow down a lot of things
[00:10:48] right like I think that's one of the things that people miss like well it's going to happen
[00:10:50] to me anyways it's like well what if you could remove three of the 10 things from happening to you
[00:10:56] and those seven of the 10 the probability of them happening today is relatively low over the next
[00:11:02] 20 years relatively high and by the time you move forward you started to remove bits and pieces
[00:11:09] from that remainder that by the time we hit the 10-year marker or 15-year marker in theory
[00:11:15] bad things still haven't happened because you continued to pick away at those things that
[00:11:19] could have happened now we have the technology to to help with that the automation to help with
[00:11:24] that the people with the skill set to help with that you're 100% correct and so I think that's
[00:11:30] really where we spend most of our time is talking about what we call hanging the security stack
[00:11:35] together sure so if you if you hang the right tools that we know work and then they talk
[00:11:40] to each other and they're operationalized against each other and then they're running a
[00:11:43] consistent operational manner you can really get a lot of bang for your buck by doing all
[00:11:48] of that really well and so what we when we talk to customers it's like we have two choices you can
[00:11:54] either try to do all this yourself it's very expensive you got to hire the people the people
[00:11:58] have to have a really broad set of skills because they got to be deployment people they got to be
[00:12:03] like sort of you know there's a difference between someone who likes new tech
[00:12:07] sort of the cto and somebody who is good at day in and day out making sure that
[00:12:12] they're managing the thing well they love using the tools right they're they're trying to
[00:12:16] screwdrivers and adjusting and they're like oh this was too tight and or maybe I have the
[00:12:20] valve open too far those right yeah it's funny because you're tuning just what you're talking
[00:12:26] about with regards to tuning I mean it like literally deja vu we just had this conversation
[00:12:30] with the cis controls and I mean 1311 is to tune the security events and make sure that
[00:12:37] you know whatever the frequency is that you've settled on like you and I were talking
[00:12:40] about before like bad things can happen if the frequency is um yep we're gonna let you
[00:12:45] know once a week what we saw in the logs and we only check them on Friday so hopefully between
[00:12:50] Friday and Friday nothing bad's gonna happen to you because well we're only going to check it once
[00:12:55] a week and in some cases that frequency may be just fine but I think to your point that's
[00:13:00] largely tied to capability an msp probably has a lot of other things that are far more
[00:13:06] critical to the reason why they were hired by their client you know hey my printer doesn't
[00:13:11] work no kidding let's see what we can do about that but hey your your computer is running really
[00:13:16] really slowly well let's solve the printer problem first yeah yeah there's a it's a classic urgent
[00:13:21] versus important right and so we're we're we because we partner with a lot of msp's around the fact that
[00:13:30] doing good security like let's quit selling customers like sort of crappy security right
[00:13:36] just because they're like well the only thing I can afford is a dollar and you say well here's
[00:13:40] the thing for a dollar and then they have this false sense of security or assuming the product is
[00:13:44] the security right I think that's another fallacy that we hear all the time like I have these things
[00:13:48] how come it didn't save me it's like well you missed all the human elements that we were like you
[00:13:53] haven't done any of the phishing training simulations that we put in front of you because
[00:13:57] you said you didn't have time and I'm pretty sure what just happened is tied directly to one
[00:14:01] of those you know we have a phrase we use all time tools don't stop breaches right but at
[00:14:06] the end of the day there's a very big mindset in the industry that tools do stop breaches all right
[00:14:12] because the tools keep getting more expensive there's more tools to choose from they advertise and
[00:14:17] promote more things and in some cases unfortunately there are vendor tools that literally are
[00:14:21] advertised as we stop the following things from happening awesome that's what we need to hear
[00:14:28] and having done this for a long time like you have I've seen the most sophisticated companies
[00:14:34] have the most highly qualified tools still get breached right right and it goes back to the age
[00:14:40] old like just because you have them and you figured out where the on off switch is doesn't mean you
[00:14:45] should be operating that tool in the first place I wouldn't go out and recommend to people that have
[00:14:49] never used a chainsaw like hey so this is how it works here you go good luck or here read
[00:14:53] the manual yeah good luck but I mean it's it's insane how many customers we talk to that are
[00:15:00] still in the mindset of I've got email security it's email hygiene and I've got a relatively mediocre
[00:15:06] endpoint technology and they think they are fine I mean it is absolutely mind boggling how many
[00:15:12] customers are still in that mindset I remember back in the day you could turn on a windows machine
[00:15:17] fresh out of the box connected to the internet and get compromised with some sort of weird
[00:15:21] gobbly kook thing that was novelizing and you haven't even done anything yet so
[00:15:25] yep we know that hasn't gone away that's right well and the other thing is people don't realize
[00:15:31] that getting breached is just a matter of time so on my board is a guy by the name of general
[00:15:36] Keith Alexander he started us cyber command which is the and he's on two boards mine and amazons
[00:15:42] nice and you're like well why is this guy on on scott's board well he really feels strongly
[00:15:46] that the middle part of america needs better security sure and so he um he talked about
[00:15:53] the fact that like it is impossible for customers not to be breached not to be breached because
[00:15:58] it's inevitable he goes really the key piece is how fast can you detect it and how fast can you
[00:16:03] get him back out he goes so can you can you take a breach and just turn it into an incident right
[00:16:08] right so the exfiltration is not happening and the ability to get back to operational is
[00:16:13] reasonable within the time frame that doesn't have you closing your doors because you couldn't
[00:16:17] run payroll or otherwise bingo yeah two or three machines that get sort of have a problem great
[00:16:22] we stopped it we caught it we quarantined them we quarantine process the first whatever
[00:16:27] you've rolling back no harm no foul right that's very different than i've got call my insurance company
[00:16:32] right and i think um part of it is actually when we had this conversation a few weeks back
[00:16:37] um we're doing tabletop exercises and we were talking about words you are not allowed to use
[00:16:42] because of the implications of just using those words that to your point what you're talking
[00:16:48] about is if someone were to say oh my my machine's been compromised well that's very different than
[00:16:54] saying my data on my machine's been exfiltrated and i'm pretty sure we have a breach that we have
[00:16:58] to report to insurance that's right that's right i just said the b word i'm probably gonna get
[00:17:02] bleeped out by explicit content um so you get it and so what we're trying to do is really
[00:17:10] just help educate customers you know our core product we built was something called foundational
[00:17:14] coverage which was really like these are the basics that you put in place and if you do it
[00:17:19] so any of our customers get about a 40 discount on their cyber insurance because the cyber
[00:17:23] insurance industry was like these are the things that we want everybody to do and they're not
[00:17:27] doing it and so if you do it for them we'll reward them with a significant discount on
[00:17:32] cyber insurance and as far as i know we are literally the only company in america that
[00:17:37] you can buy their service and immediately get a massive discount on your cyber insurance
[00:17:41] policy is this across carriers or is this specific to you know carriers that you are already working
[00:17:47] with so it's across brokers so we got it you don't have to yep you don't have to switch out your
[00:17:51] broker the broker can just go to a couple of the underlying carriers that have signed up and
[00:17:55] they can just ask for a quote that's awesome we actually don't even sell it by the way we're
[00:17:59] just like yeah you're letting yeah hey if we know that if you have what we provide and you go talk
[00:18:05] to them and tell them that you have what we provide these are the things contact us say did
[00:18:09] they actually buy it we say yes they say great and then they just give them a quote so you talk about
[00:18:14] we've talked about a few of the the trifecta we talked about you know that obviously edrxtr was
[00:18:21] one of the things that we know needs to be in there you went beyond email spam filtering that
[00:18:27] kind of thing you talked about making sure that it was good phishing simulation training going on
[00:18:31] did we miss any of the trifecta yeah so those are the trifecta in foundational coverage we had a
[00:18:36] few other things so you know this most of the customers don't but most of the threats today
[00:18:43] are around identity sure and so some dns protection end point bingo so we actually in foundational
[00:18:50] coverage you get really good advanced dns security and you get very good user behavioral analysis
[00:18:56] security and that's all integrated and so the idea would be we can track the identities we roll
[00:19:03] everything back to identity and so anytime there's a threat against an organization we're not tracking
[00:19:09] back to the old days of 192.168 which is yeah I think everything's coming from 127.0.0
[00:19:15] for me exactly it's something to track down what that is and who yes um so we track everything
[00:19:20] back to user um and then obviously we track user behavioral analysis across all the tools plus
[00:19:24] some sim and other ueba that we have set up across the industry and so which contextually
[00:19:30] since you know post-covid with everybody working from home the identity piece is really the only way
[00:19:34] going forward we can really be successful and that's why like we get like classified sometimes
[00:19:40] like a modern mssp and the main reason for that is when we set up the service we literally set it
[00:19:46] up from identity going out sure this perimeter coming in which is where obviously most of
[00:19:51] the organizations uh set up their mssp structure well everything we've described gets into to
[00:19:57] your point if we could solve for the three of the 10 bad things that we know happen you know user error
[00:20:04] user um compromise or human compromise is like the number one like even when we look at the you
[00:20:12] know Verizon breach report it's talking about things that ultimately came down how they could
[00:20:16] compromise access so if they don't call it social you know um social engineering now it's
[00:20:22] called like you know system compromise you're like yeah but they social engineer to get to
[00:20:26] the system compromise well so the again it's funny when you talk mid-market and these are
[00:20:32] companies 2000 5000 employees i mean these aren't like you know 50 people they're still pretty unaware
[00:20:37] of the fact that identity is the primary threat vector i mean you still get a lot of like well
[00:20:43] i'm thinking about upgrading from some ab to crowd strike we're like great wonderful that's a great
[00:20:49] idea however you know if somebody logs in as scott and they're roaming around the network as
[00:20:54] scott um you know what are you going to do about and you don't and you don't know that they're not scott
[00:20:59] yeah like well i mean that you're talking about behavior analysis now like well this is the first
[00:21:03] time scott has ever decided to copy everything in the marketing folder and move it to the sales
[00:21:09] or wherever folder we literally caught somebody the other day doing exactly that and it's not
[00:21:14] you have to remember that's not malicious right well it's vicious yeah uh but that this
[00:21:22] happens all the time right like this and we talked about the bad the threat actors the outside
[00:21:26] compromise but internal compromise to ip and and and where data gets exfiltrated to doesn't necessarily
[00:21:33] mean someone dropped you know a payload in the environment we literally someone just said oh i'm
[00:21:37] gonna put this on my flash drive that's right so we we literally contact customer you know like
[00:21:43] just recently and said hey we this this has all the sniffing smells of somebody who's
[00:21:49] getting ready to leave the company or somebody's been breached and they're trying to exfiltrate
[00:21:52] data soon sure but we can't validate it because maybe they just got given an assignment that says
[00:21:56] go to these locations and download that data and we don't know that right and and this kind of goes
[00:22:01] back to legacy or the more traditional uh tools or even just having tools as an msp i think about
[00:22:07] products like netrics for your like yep we know that scott did this yep what do you want me
[00:22:12] to you know like we're alerting on this a no one's on the other end the phone's ringing
[00:22:17] no one's answering yep one in this particular case the customer's like went and checked on it sure
[00:22:22] enough the guy had just submitted uh his tenure uh his uh notice so oh geez yeah like there was a
[00:22:29] direct correlation on this one yep so um a couple of things um you you talk about um one
[00:22:37] of the things that you guys do is the annual ransomware assessment what that's the first
[00:22:43] time i've actually heard that like i can tell you like dude i think you got ransomware here's why
[00:22:49] but to do like a an annual like ransomware assessment what what does what does that look like
[00:22:56] so it's a mini consulting engagement it's included in the service and what we're trying to do
[00:23:01] is um help organizations because it's a generally speaking it's multi uh functional organization
[00:23:11] that has this that has the problem so what happens is you have this the security it team saying well i
[00:23:16] wouldn't got an endpoint product and then you've got the infrastructure team saying well i may or may
[00:23:21] not have you know meetable backups and so what we're trying to do is we're trying to pull together
[00:23:25] saying ransomware generally speaking across most companies there's a multifunction problem like
[00:23:30] here's how it would actually breach that because you don't have the you're missing these pieces
[00:23:35] that's right and so some of this isn't stuff we do we have partners that will do it but
[00:23:38] we'll say let's just walk through all the stuff that you need to be in a pretty good posture
[00:23:44] around ransomware and that includes by the way cyber insurance right so it's like
[00:23:47] if we don't sell cyber insurance this is like a subset of like a security risk assessment
[00:23:51] or a gap analysis you're you're saying let's these are great things to do but let's let's go even
[00:23:57] more granular and say hey look we know that cyber threats are probably the 80 percent of what
[00:24:02] is probably going to happen the most environments because of the issue between you know the
[00:24:07] fingertips and the keyboard yep compromise this happened can we get your data like what are the
[00:24:14] things that need to be in place to get your data back or to at least get back to we're not going
[00:24:19] out of business because yeah okay that's awesome i i've never heard that said that way that is a
[00:24:26] great for those of you listening you should be doing those you haven't figured out what those
[00:24:30] are um well then that means that you probably need an mssp to partner with it's it's a great
[00:24:36] little tool because well we spend a lot of time on just trying to help customers just get better
[00:24:41] i mean obviously we're selling a service but at the end of the day we've been doing this for 20
[00:24:45] 25 years and we're just like there's a lot of basics that um probably the example i use all the
[00:24:50] time which is it's like okay let's just say i really like a clean house and i've now set a goal
[00:24:55] for myself to make sure that every friday from four to seven i clean my house right and i'm
[00:25:01] going to go well guess what happens something happened on friday i get busy hey my family calls
[00:25:06] me hey you need to go run the store and then lo and behold i handle the front i do 30 minutes so maybe
[00:25:11] i clean the counter if i don't sweep and i don't mop right and then or i do an hour or i don't do
[00:25:17] any of it this is what every company is out there doing when it comes to security in like
[00:25:21] ransom and what we're saying is so what's the option well i can either hire like like try to
[00:25:27] force myself to do it or i can literally just hire a cleaning service who's literally the expert at
[00:25:32] cleaning and they're going to show up and they're going to clean it they're going to make sure nothing's
[00:25:35] missed well that's a common thing right and but then now you're getting into this so i'm going to
[00:25:40] ask this question because i think that's a great analogy and i think it's so true but not everybody
[00:25:45] can afford a cleaning service you're correct but as a company if if you don't do the cleaning
[00:25:51] service and then you're you go out of business it's a it's a reason to have it right obviously
[00:25:56] from a personal standpoint yeah but but i i guess my point is i think that it goes back to how this
[00:26:03] conversation started you know what are the tools what are the products and services that we need
[00:26:07] i can buy the best in class tools and i'm still not secure because all i've done is turn them on
[00:26:12] to your point i can i could hire a cleaning service and tell them to clean the following
[00:26:18] areas but i didn't have them clean the whole house because i didn't want to pay for it or i forgot
[00:26:22] about like oh yeah that room my bad that's on me it's like landscaping go oh yeah you didn't do the whole
[00:26:29] yard yeah we did the backyard the whole thing well i think of my yard is what has grass that needs to
[00:26:35] be mowed whether it's in the front of the house or the back of the house so so to your point like
[00:26:40] just because you can't afford it doesn't mean you can't bake it into what you need to be paying
[00:26:47] for as you start to scale and plan for i need to partner and odds are and correct me if i'm wrong
[00:26:53] here if i were to go out and buy a lot of these products and services myself directly and buy
[00:26:59] them from the vendors and taking into consideration fte time to get them stood up and the alerting
[00:27:04] and the apis to get stuff correlated i probably would have spent a whole lot less effort if
[00:27:09] not less money engaging in mssp correct i mean we've run the numbers backwards and forwards
[00:27:16] you're always going to spend less money using us than than doing yourself well i knew it was going
[00:27:20] to be that but i mean like generally speaking one would argue that the fte is if that was the only
[00:27:26] thing we were measuring there's no way msp who's not built a security stack and been doing it
[00:27:32] themselves for some time are going to have that and like you said you're going to miss
[00:27:36] something with one of your clients because getting to that consistent repetitive process is
[00:27:40] not easy unless you're adding them on a very frequent basis that's right and i think
[00:27:44] just to circle back on the other point about the cleaning service we obviously have inter-level
[00:27:48] services we have entry levels so foundational coverage is sort of like i can't believe most
[00:27:52] of our customers sort of end up there but we have ways of saying okay if if if budget is tight this
[00:27:57] year for whatever reason you just need to get going on the journey great yeah this is probably
[00:28:01] the most likely place it's going to get you a lot of bang for your buck the minimums right or
[00:28:06] as i like to say maturity starts with step one we don't mature to you know best in class
[00:28:13] in a perfect environment whether you're an msp or the client or even an mssp it's a journey that says
[00:28:18] you know you got to take the first step and as long as you go in the right direction
[00:28:23] each step is still an improvement just make sure that your journey isn't going
[00:28:28] the wrong direction because then all steps going forward as i heard
[00:28:32] someone say today then each step after that will also be wrong
[00:28:36] that's true so i mean you get it when it comes to the msp's we just we we spend a lot of time with msp's
[00:28:44] and we it's a very candid conversation which is where we do not want to get in their business
[00:28:49] so we very work very hard like we don't do vc so services we get asked to do all kinds of stuff
[00:28:54] that like 80 percent of the msp's do and so we just like listen you know we're not going to go
[00:28:59] deploy firewalls because you guys do that we can well obviously we know how to but that's a great
[00:29:04] service for you guys to go do go do it but do you really want to be taking the data from those
[00:29:08] and looking at that 24 by 7 365 and running a bunch of advanced analytics against it probably not
[00:29:14] i don't know many msp's that want to do that or that are good at it so we're like hand that off
[00:29:20] we'll do that heavy lifting and you guys do that and it's a great partnership so we have some
[00:29:23] really really great msp's but we're always looking for more because we get lots of customers
[00:29:27] that are like hey we need other stuff that we don't do yeah i appreciate it um i think this
[00:29:32] was a great uh insights into msp's what they do well where msp's can augment or definitely
[00:29:38] facilitate a maturity growth in the cybersecurity space ironically we got to talk about you know
[00:29:45] cis control number 13 that monitoring piece and i think it was funny because what we said in the
[00:29:51] in that um in that episode was that uh you probably as an msp are going to partner with
[00:29:58] somebody in order to do this successfully because the number one reason is the financial barrier
[00:30:04] um there's at least three or four safeguards in there that talk about what you're doing with things
[00:30:08] like kids and nids and nips and etc and and that data collection that data aggregation it's not
[00:30:15] cheap and then you got to put eyes on glass and i think that who's hiring the eyes on glass for
[00:30:20] something that if you were doing it on a scale you can watch a lot of that data flow with one
[00:30:25] set of eyes and smaller msp's do not have to watch all of their clients in real time 24-7 it goes back
[00:30:32] to what you said once a week is not enough that's right any last things to share with uh our audience
[00:30:39] where can they find you scott easy uh mine's easy scott at soul cyber it's sol spanish for sun
[00:30:46] soul sol cyber dot com uh soul cyber dot com obviously website and we're always looking
[00:30:52] for new partners we'd love to work with some of your msp partners and if customers ever have questions
[00:30:57] or anybody listening has questions around like how do you get started on the journey happy to
[00:31:01] have that conversation cool i appreciate it thanks for your time for those of you listening
[00:31:05] this has been msp 1337 thanks and have a great week