Subscribe
Share
Share
Embed
Billions & Billions of eyeballs, six continents, 10k+ servers, and plenty of lessons learned over 2+ decades in IT. If you're looking for quick tips on optimizing tech, managing suppliers, and growing a business, 20 Minutes Max is the space for you.
Join me as I talk about things that come up during my day and share insights on taking your business to the next level. In less than 20 minutes, you'll walk away with actionable advice and strategies for success. Take advantage of this valuable resource for CEOs, CFOs, and business leader.
I get it. Microsoft E5 Security is alluring. Microsoft has done a great job assembling a bundle with 3 65. There's a lot of value there. Single vendor, single enterprise agreement, single platform, single train.
Speaker 1:I mean, bundles are a big deal in tech for this reason. Right? You know, a lot of times, that provider can, by bundling strategically, can make decisions really easy for you as a buyer to go out and look at it. It also shifts a lot of things. If you're engaged with a vendor doing MDR, that vendor doing MDR, what are what are they really you know, the primary stack that they're putting together for you is they're taking and they're doing endpoint protection, so an EDR.
Speaker 1:They're feeding that into a SIEM. They're overlaying threat intelligence, and they're giving you a SOC. Now a good MDR vendor is doing more than that, but this is a generality that we're just gonna talk about. That MDR vendor has to license the EDR. They have to license the SIEM.
Speaker 1:They have to license the threat intelligence. They have to pay for their human capital and labor investment for the SOC. So the only thing on that lever that they really control outside of volume purchasing and selection, right, if you find somebody that's telling you that they're running carbon black. Right? Like, maybe the answer is they're running carbon black because it's the best, or maybe the answer is is because they get a really good deal on it.
Speaker 1:Or the Fortinet EDR platform or, you know, Palo Alto's releasing an EDR platform. Right? You know, there's a selection process that comes into as the best best technology, or is it the best for the service provider based on economics and other things. So it's also something you kinda have to dig into and understand and and, what's their why? I talk about the why a lot lately, but what's their why?
Speaker 1:What's their why in that platform? Anyways okay. So there's a reason why there's a lot of MDR activity around the e five suite. Right? Because companies will go out and they'll say, hey, you know, we can just turn this on and now we're secure.
Speaker 1:Well, guess what? No. You're not. Enabling e five secondurity and and turning it on does not make your organization secure. It gives you a tool that now you have to configure.
Speaker 1:And there's a lot of knobs and there's a lot of configuration options and there's a lot of additional care and feeding that you have to do to it. But for that MDR vendor, you are now carrying the cost of the EDR and of the SIM and it's not them. Right? So this is really interesting also for for an MDR company because a really sticky point in their sales cycle was dealing with the costs associated with the EDR and with the SIEM. SIEMs get really expensive really fast.
Speaker 1:A SIEM is taking signal data. It's taking data. Right? So log signals or you know, like, it's it's feeding data from across your organization, your IT estate as it were, and putting into a centralized location where then it can look for, you know, patterns, abnormalities, things that are going on, can go back and do event correlation, like, hey. This happened.
Speaker 1:Let's go figure out that everything that happened before that. Right? Sims are fantastic, but they take a lot of data. You wanna store that data for a a good amount of time. And if you're in any sort of let's just call it, like, SOC 2.
Speaker 1:If SOC 2 type 2, chances are you have to store data for 13 months, right? Because you need a 12 month look back. So you have to have 13 months worth of data. You might have another regulatory framework that requires you to store data longer. So lots of data goes into the sim, lots of status gets retained in the sim, and it seems get really expensive.
Speaker 1:It is not unusual for a company to turn a sim platform on and get their 1st or second bill and just go, holy smokes. What is going on with this thing? Again, good for the MDR vendor because now the customer's dealing with it, not them. Like, you're not you know, it's, hey. The SIMS is really expensive.
Speaker 1:What the heck's going on here? And it's like, hey. I don't know. You don't go talk to Microsoft. It's not our issue.
Speaker 1:It's, you know, like one of these things. I don't I don't know what that sound effect was, but, you know, apparently, it's the the point at Microsoft gun, pew pew, you know, noise. Anyways, I get it. The Microsoft E5 bundle is interesting. It's alluring.
Speaker 1:You get a lot of value for it. If you talk about, like, defense in-depth, you'll hear this terminology a lot, especially in the cybersecurity world. Defense in-depth. Right? You want layers, examples.
Speaker 1:Like, you know, at your house, you wanna have a door. You wanna have a lock in the door. You might wanna have an alarm system. Actually, you might wanna door unlock a deadbolt, an alarm system, a dog, you know, ninjas with, you know, swords and throwing stars, you know, like, what you know, whatever it is. Right?
Speaker 1:You you add and add and add. And there's 2 interesting intersections that you have to maintain. Right? So the first one is is how do you create that defense in-depth, and what is the layer of technology that goes into that to provide you adequate you know, this platform didn't catch it, but this platform did catch it. You know, I'm trying to figure out what the simplest way to express this here.
Speaker 1:And then there's a second side of it, which is a new add in too many different disparate systems and try to make them talk to each other, you have diminishing returns as well. So, you know, is that 2? Is that 3? Is that 5? You know, there's there's a point where just throwing more stuff at the problem actually creates more problems than it's worth for you.
Speaker 1:And I've been supporting Microsoft environment since 1997. Look, you know, they're trying to solve a problem for the planet. Right? You know, and when you're making decisions at that scale, the decisions that you're making are being optimized to a different goal. Right?
Speaker 1:And that might not be the decision or the optimization that you actually want as their customer. Windows might be the right optimization for you. 365 might be the right optimization for you. But running Microsoft's EDR and secure email gateway platform and, SIM and threat intelligence on top of all that as well might not be a good decision for you. I also have this other part of it, which is just like, you know, you are selling me software to make your product secure.
Speaker 1:You know, like, there's a certain yes. They're different products. They unlock different pieces of functionality. They do different things. It's a feature.
Speaker 1:You license the feature. You have to upgrade the feature. But for me, there's a certain side of my brain that just goes, are you kidding me? I have to secure your operating system by giving you more money to get this other tool to help me secure. I mean, you know, like, I just have a I don't know if I'll ever ever mentally cross that line.
Speaker 1:But, anyways, I get it. I get it. I understand. Right? You know?
Speaker 1:And if you're an all Microsoft enterprise, maybe it makes sense for you. If you've got a big EA, maybe it makes sense for you. And I would just say that a lot of these decisions aren't you know, there isn't just a giant paintbrush we we paint with here. It's got to be specific to you. And is it doing what you want it to do?
Speaker 1:And of course, we talk about, you know, additional things. And of course, you know, the industry wants to now brand this stuff is like XDR. What the heck is XDR? You know, well, who knows? But if you've got different platforms.
Speaker 1:Right? So now you're talking about it's probably unusual for you to have Microsoft desktops, Mac desktops. Maybe you're looking at Chrome OS as a desktop. You've got iPhones. You've got Ipads.
Speaker 1:You've got Android. You've got all this different stuff coming in. And, like, are you gonna run Intune plus Mass 360 plus Jamf, you know, to maintain this environment? Like, is is that the road you wanna go down? Or is there a different platform that maybe makes more sense?
Speaker 1:And these are the decisions that get really fun in the conversations, you know, because it's really easy to get lost and talk about this just purely from a technical standpoint, especially if you're an engineer and you come from a technical background. You get focused on the tech stuff. But understanding, you know, really, you know, what we'd call, like, the layer 8 issues in the OSI stack, by the way, that's it's an invented term for engineers. You know? You know?
Speaker 1:You you get the joke if you know what I'm talking about. And, you know, these, like, layer 8 decisions becomes, like, the organizational decision of what you're doing and how you deal with decisions as a company. Again, I get it. I'm not gonna I'm not gonna throw shade. We've got lots of providers in our portfolio that specialize in e five secondurity and helping enterprises manage the dragon that they've awaken and descended upon them once they once they turn that feature on and then they realize that they, like, had whoops.
Speaker 1:They just didn't have the skill set to maintain it because it is it's a lot. It really is a lot. It's a specialized skill set. It's not something that just, you know, a desktop or server engineer is gonna be able to get into and say, okay. And, you know, you can use the admin interface to it.
Speaker 1:Sure. But understanding what you're doing and why you're doing it and how that actually impacts things and how do you actually get the outcome that you want, that gets a little that gets specific, and that's where we talk about specialization and why you wanna have a good MDR vendor in place. And by the way, you don't have to go completely outsourced to your MDR. You can augment with an MDR vendor. That's probably you know, it's it's a good thing.
Speaker 1:It really is a good thing. We can go on and on and on about this. If you have any questions, comment below. Reach out. Send me an email.
Speaker 1:Happy to talk to you about it. I hope this video helps.