BizTech BizTech Podcasts

55. Why is "Response" in Managed Detection so critical now? With Guest JW Stanley

February 8, 2023

Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube

Listen today with JW Stanley of the Telarus Sales Engineering team as he kicks off our track around Security and MDR. He talks about why the Response portion of Managed Detection and Response is so crucial now, more than in the past. He drives home great discussions around alert fatigue, and how to draw out these types of projects so you can help customers solve known and unknown problems.

Transcript of episode can be found below.

Josh Lupresto (00:01):
Welcome to the podcast that is designed to fuel your success in selling technology solutions. I’m your host, Josh Lupresto, SVP of Sales Engineering at Telarus. And this is Next Level BizTech.

Josh Lupresto (00:14):
Everybody, welcome back to another episode. We are talking about a topic that is not new, but we’re talking about an important area within security. So today we are talking about managed detection and response, but more importantly, the title is Why is the R in Managed Detection and Response. So, more importantly, the r why does that matter so much? So we’re not gonna answer that now, but we’re gonna get into that as we go. And hopefully answer that. For you throughout with us on today, we have a good man named JW Stanley, who is a C I S S P. We’ll talk about what that is. Telarus Engineering extraordinaire Barbecue Pro. I dare you to challenge him all. Lots of good stuff. I could go on and on about you. JW. Thanks for coming on, man.

JW Stanley (00:54):
Thanks, Josh. Appreciate it.

Josh Lupresto (00:56):
Hey I like to hear people’s paths in life. Sometimes this world of, of telecom and cloud and, and all these things suck you in and you just go, how did I get here? And others set out to do this. And so I would love to hear, how did you get here? What, what, what was your path?

JW Stanley (01:14):
Yeah, no. So that’s an interesting story. So my undergrad studies is actually in marketing, the special events. I wanted to be an event organizer for something like the Olympics or like a music festival, something like that. However, as I was given my internship speech, the planes hit nine 11. I graduated that December. Struggled finding the job as industry was pretty much as a standstill, as you can imagine. And you know, I had I had a bunch of buddies that was going to law school, and I had a little bit of arrogance. I’m like, you know what, I’ll do that too. And so, , I I got on at the I got on a local corporate law firm you know, just to kind of, you know, have it to where if I kind of thought, you know, if I had this on my resume, you know, this is gonna really help out for law school applications.

JW Stanley (02:03):
Such so, got on there, started working in IT department, because technology was always a hobby. As I fast forward from that you know, as I saw the, you know, the way that the attorneys worked and all that stuff, I’m like, I have absolutely no interest in law, you know, being an attorney at all. And I really enjoyed the technology aspect of it. So my boss at the time, he’s the one that taught me networking encouraged me to go back to school. So went back to school, got my master’s in telecom engineering with a minor network security, and you know, did that well, story doesn’t stop there. You know, again, my focus was security. And so I had an interest in, you know, BEC going to law enforcement, you know, after graduate school and had applied and done all like the physical tests and everything I needed to do to become a a, a Tulsa police officer in the cyber crime unit. That was kind of like my goal. However, the mayor ended up cutting the budget mm-hmm. and such. So the, the academy that I was supposed to attend, the mayor ends up cutting the budget for that. And so, you know, I waited for a little bit and before the next academy came about I actually got offered a job at one of the local ISPs. And so started there and, and now here I am today.

Josh Lupresto (03:17):
Love it. Good stuff. I love a good non-linear path. That’s awesome. I think life is like that. You know, when we, when we’re growing up and we start out, we just, I don’t know, at least I did, we think that life has to look this certain way and this is how you get here. And I mean, I think there’s been, more often than not it just doesn’t look that way. And so I love it. I love hearing, it’s a good story

JW Stanley (03:38):
When I think, you know, whenever you truly find your passion and you kind of go that direction, it makes a world of a difference.

Josh Lupresto (03:44):
Yeah, I think so. I learned that taken nine years to get my four year degree. My passion was not to stay in school any longer. I’m with you there. Okay. So l let’s get a, a role for anybody that’s not familiar, right? Your role is part of this team from an engineering perspective. Break that down, right? I mean, because I think maybe people listening to this, maybe they haven’t worked with you, maybe they don’t know how engineering can help them. Walk us through just at a high level, what that role is and how it helps.

JW Stanley (04:11):
Yeah, absolutely. So I am one of the regional sales engineers at Telarus. I cover the the central Midwest region, and I really help partners with things like supplier education discovery calls as well as aligning the right suppliers to an opportunity. So, you know, from that, I’m kinda like your main, you know, point of contact. Folks will bring me in at the very beginning. And then, you know, based upon discussions that we have either, you know, the partner and I or the partner customer, and I based upon those conversations, I look at, you know, whether or not, you know, we need to bring in additional resources. So like, maybe one of our solution architects or maybe one of our inside engineers. I’m really kinda like that, you know, team approach. You know, we’ll do such as needed.

Josh Lupresto (04:55):
Good. I’m, I’m gonna come back a little bit about how, how you’ve been able to help some of these partners evolve and learn new things and do different deals and get into their customers. But I wanna, I wanna back up for maybe just a second. So, if, if we flash back, you know, you, you talked about some of these IT jobs, some of these things that you had, if we talk about, you know, defining what this security and managed detection and response is, I mean, w walk us through how you define that. And it’s certainly, it’s evolved over time and we’ll, we’ll talk evolution in a second, but, but how do you look at that, you know, coming fresh off of that security cert, but you know, just in what you do in your day-to-day, how do you define that broader space?

JW Stanley (05:32):
Yeah, so so I gotta give a shout. So Jeff Hathcote, I get all of my network security knowledge from him. , that, pretend that I was gonna say that. No, that’s a, you know, as the, as the solutions have evolved you know, one of the things I’ve done is I’ve routinely, you know, taken in a continued education classes I’ve done, you know, certifications, different things like that. And when it comes to md r you know, manage detection and response, it really is, it’s an end-to-end solution that encompasses people, process, and technology to deliver the the security outcomes they’re looking for. You know, it provides that detection, but also the response.

Josh Lupresto (06:10):
So where, if, if we look back, maybe the first time you interacted with this, this could be whenever, right? I mean, walk me through maybe what your first experience, cuz we’re gonna, we’re gonna show the opposite end of this as we kind of build about the advancement of this technology in something more recent. But maybe just walk me through what was it like going through that first deal, right? Were, were you a seller? Were you an IT manager? Were you on the fence, you know, help me out understand that.

JW Stanley (06:35):
Yeah. So this one’s gonna take us back probably not as far as the radio Radio shack discussion that, you know, you and Hathcote had on you guys podcast. What Radio Shack? I mean, if folks, you know, if they haven’t checked it out, they definitely should. It was great. But but no, this one it was pretty soon after joining Telarus, you know, so it’s probably one of the very first ones that I had worked on. And the the customer, it was like, it was a three person, it, you know, person it shop, you know, they were supporting a handful of locations. They had some decent standalone, you know, hardware, but they really struggled, you know, supporting all of it as well as their other day-to-day, you know, job task and such. So, you know, from that they needed a solution that they can, you know, take the monitoring and response responsibilities, take that off their shoulders, and really, you know, kind of outsource that, have somebody else, you know, help them from that.

Josh Lupresto (07:25):
That’s good. Now let’s, let’s look at the evolution of the partner’s relationship in, in a segment of this, right? I mean, when I started in this, we were just, we were a little bit limited on the products that I think we had to sell. So certainly there was a lot of networking and things like that and, and, and some of the LD and, and, and voice services. But as, as you’ve been able to wrap your arms around this and, you know, like you talked about, you’re very deal facing, very discovery call, helping partners. How do you feel that having a technology like this or being able to sell something like this, how does that help the partners and, and really their relationships evolve or, or see roi? You know, walk me through that.

JW Stanley (08:03):
Yeah. This technology really, you know, it helps partners provide like the extra layer of service to their customers. You know, in the past, the focus, you know, has been just on networking or on the voice. However, you know, as we see more security events, you know, impacting those networks and voice, you know, customers, they’re looking for someone that can holistically, you know, help them. And so, you know, time and time again, those partners, you know, that can provide that type of help they’re the ones that are not only seeing growth, but they’re also the ones that are maintaining their customer base. And unfortunately, those partners that struggle, you know, with that pivot find our customer base, you know, starting to shrink because there’s others out there that are helping ’em with this technology

Josh Lupresto (08:44):
Fair. Right? If, if, if they’re not asking the question, somebody is for sure, go. If we think about the journey, if we think about where, where we’re at at mdr, right? We’re talking about mdr. Maybe the next thing to come when we add an AI is xdr, right? We’re helping AI make us smarter and detect things on the endpoints. We just back this journey up before it was MDR was endpoint detection, response, edr, maybe customers manage it themselves. And before that it was just antivirus, you know, the Norton and the MacAfee that just bury your computer and CPU resources. And we all complained about how heavy they were and all that good stuff. I would love your opinion on how and kind of why that technology’s evolved, what’s created that to get us where we’re at now.

JW Stanley (09:27):
Yeah, so let’s kind of look at like, you know, antivirus, you know, antivirus, it’s a program. It was designed to stop, define and remove viruses or malware. It scanned the workstation and, oh, look, you know, we found something and it would remove the the bad application. Well, what happened is, after that, you know, bad actors, they started writing viruses that can mutate or change or, you know, to try and hide from the the antivirus. So this led to companies, you know, towards like an EDR type of solution edr the you know, endpoint you know, detection and response. And that was the next level of replacement for such. Instead of focusing on preventing, you know, threats by using a set of, you know, known malware definitions or scanning the the workstation, an EDR solution was also using technology to analyze the behaviors of the workstations.

JW Stanley (10:17):
So let’s say like there’s a workstation that normally is only used between eight to five, well, suddenly it has a lot of activity after hours as well. The EDR would actually detect that and alert to administrators. Now, EDR, it’s great. But what about your entire network over time? EDR, you know, the offerings have become, you know, more complicated incorporating technology such as machine learning behavioral analysis, as well as the ability to integrate into other complex tools. And so this has created a need for more resources, more time to fully utilize the the company’s EDR solution. And that’s where MDR has come into play. As mentioned earlier, MDR to end-to-end solution protecting your network, and not only just by one product or tool, but you know, MDR is looking at the entire network and it’s introducing, you know, that human expertise, you know, that mature processes and in threat intelligence. Yeah. Let, as well,

Josh Lupresto (11:13):
Let’s, let’s, let’s talk about that, what you bring up, right? That, that human expertise, I mean the, the, the talk track that we’re in, we’re we’re talking about why the R is so important and, and so, you know, you’ve laid out a good vision of why we’ve had to evolve, why the software providers have had to do this to now we’re not, we’re not talking about Northern and McAfee on the endpoints anymore. We’re talking about Carbon Black, and, you know, these Sentinel Ones and CrowdStrike and Defender, all, all of this stuff. But if we look at the r in, in, in, and I think obviously you went through this going and getting your C I S S P, but what, what is it about, now that we have all this great tech, why do you think that we still need the r What, what have you seen? I mean, your, I think your opinion is really important here because you get to see customers all day, every day. So what is it about now that you think we need the R and why is that so important?

JW Stanley (12:04):
Yeah, so the RS changed, the RS changed from just response of alerting an administrator to, you know, going towards that remediation. So it’s one of those where, you know, do I you know, do a response where, you know, it’s telling me that that I have something I need to look at or do I, you know, get a response that says, Hey, this is what we found, but this is how we also fixed it. So, you know, the RS definitely come into play and you know, helped out, you know, companies quite a bit as far as, you know, making that proactive approach.

Josh Lupresto (12:35):
So if I think about, maybe this is a little bit of a religious conversation, right? The, obviously we have a lot of providers that can help around the r the remediation side, and, and on, I think one of those previous Hathcote when Hathcote was on, we talked about the, should you build your own SOC? Should you not build your own SOC, right? I mean, you could argue that part of that SOC is to do remediation. I mean, if a customer, just because they can do remediation, just quick thoughts, do you think they should?

JW Stanley (13:04):
So it really depends on the customer. You know, personally, I, I do think they should however, really it goes into like the discovery call. And so, you know, one of the things that that I help out with our partners is those discovery calls. And one of the analogies I really like to use whenever we’re talking to customers is kind of using, you know, just discussion in my house, kind of puts it in more of like a layman’s term. And so, you know, one of the things that I always mention is like, so I have teenagers so we get a lot of packages at our house, you know, being delivered by Amazon. So much so that like my ring door security is constantly alerting me. So, you know eight to five, and I’m gonna give my, my address here on, on the podcast, but from eight to five, you know, typically my my, you know, I’m not paying attention to those security announces on my phone.

JW Stanley (13:52):
So you know, from that though, like, what if it wasn’t the delivery driver that, you know, was there, how, you know, what if it was like a porch pirate that’s hovering all, you know, hovering all over those those goodies that my family had just purchased and had shipped us? And so I think that’s where we talk about the differences between EDR and NDR that’s where the response really makes the difference. Do I see the anomalies, you know, and letting me know that I have an issue. So like, there’s somebody that’s, you know, hovering over my porch for an extended period of time, or do I see, you know do I see the anomalies and then also let me know, but then also the steps that it took, you know, on my behalf. And so every time I use this analogy, I just, I just imagine my next door neighbor, like the my neighbor kid, you know, coming out of nowhere with like a super soaker and just like, just letting loose on a porch pirate or, you know, AKA a bad actor from that ran over your packages. I went ahead and took care of that for you.

Josh Lupresto (14:49):
Love it. Love it. Great example. No I, I, I, I want to, you know, you called out kind of the discovery call side. I wanna talk about the difficult parts of this. I, I think, you know, maybe early on in security, the idea of people outsourcing and doing some of the management was, was foreign. It was, no, I can do this. And then over the last few years, we’ve gone through the whole shortage of security, the shortage of qualified people you know, all of that good stuff. So when you’re talking to a customer and, and, you know, you’re, you’re trying to help a partner do these discovery calls to help them understand the need. What, what do you do when they don’t know that they need help? Or, you know, what are some of these challenges that you’ve run into, and how do you get over ’em?

JW Stanley (15:28):
Yeah, no, that’s a great question. A lot of times, you know, whenever I see, you know, some, some IT administrators, they still have that mentality of, you know, if I let somebody else do this and I don’t have a job. And so really just kind of walking them through explaining to them, you know, why, what the solution is, how I can be an extension of their team, you know, how I can free them up for more proactive, you know day-to-day operations to really show their value. That’s really where it comes into play. And oftentimes, once you can kind of, you know, do that, you’ll start seeing kind of light bulb, you know, click inside their head and like, Hey, you know what I mean, this really is, this is a great solution for me.

Josh Lupresto (16:08):
Good point. All right. I wanna get into an example. So I think the funny thing that we always talk about here internally is the deals, sometimes the way they start is not how they end. And really what happens is we walk into, we can help in a lot of different areas that maybe we’re not brought up in the beginning. And that’s just, I think, part of our discovery process. We gotta understand how this integrates with data. It ties into this server, where is that server? Oh, it’s on prem, you know, so the UCaaS becomes a cloud and secure. It all kind of blurs. So what I would love to hear from your perspective is, and, and we can certainly keep a, you know, customer name out of this, but if we can say, walk us through an example of one that you got pulled into and, and, and what were you told that the problems were and what did you ultimately discover and find and, and what, what was the end solution that they needed?

JW Stanley (16:58):
Yeah, so this one’s actually gonna probably scare you just a little bit. So I was actually working with a, a partner and a a university. They had decent hardware, you know, and they wanted to create their own SOC. Which, you know, that’s fine, you know, that’s a, that’s a great ambition. However, one of the things that they were wanting to do was they were wanting to have the SOC led by their students. So, you know, they had students within , I know, right? , they had they had students within their security program. They’re like, Hey, like, we’ll just have, you know, the security students lead the SOC and see, you see where I’m going with this? No, yeah, . So we have, you know, some conversation and everything about, you know, okay, so you have this type of hardware today.

JW Stanley (17:43):
This is kind of what you’re, you’re looking at from that standpoint. And, you know, you’re looking at the SOC, but really like, who’s doing the remediation? Because these folks, these students, I mean, you know, depending on what year it is, they don’t necessarily have that knowledge or skillset to to apply to that. And so that’s really where the MDR came into play. We we got them aligned with, you know, some really good suppliers had the conversations. And once, you know, we kind of, you know, show them, you know, it, it got to the point where we show, talked to ’em about it, and they were kinda like, okay. But whenever we showed them the demo and kind of, you know, like, here’s how MDR can assist you, that right there was a game changer for them. They could, they quickly decided that maybe that the students were not necessarily the best, you know, to run it to have that kind of a piece of it. And then, you know, with the MDR type of solution, the students were able to see the remediation part too. So they kind of gave them, you know, a little bit of what they were looking for from an educational institute, but also gave them the protection that they needed as well.

Josh Lupresto (18:46):
Love it. Yeah. That’s terrifying. Glad you’re there to help. Let’s let’s get to final thoughts here. So, you know, I i, if we’ve got partners listening to this, maybe haven’t ventured this deep into security yet, or maybe they’re just in an adjacent area, maybe they’re doing SD-WAN, maybe they’re doing contact center, maybe they’re doing something like that. What, you know, with what we’ve talked about here in, in underscoring this importance, and this is a difficult conversation to have with customers sometimes. And, and obviously the, the premise here is ask to a certain point and then leverage you and, and, and the team members to come in and help. But what do you, what do you tell partners they’re, if they’re not comfortable selling this what, what’s your advice there? Is it, is it a couple questions to ask and pause? What’s J W’s perspective?

JW Stanley (19:34):
Yeah, so there’s a couple of different options that we have. Telarus, we have what’s called our security, QSA. And so this allows folks that aren’t comfortable necessarily within the scope, they can have that customer discussion and kind of that journey along security just very, just basic, you know, questions to be able to ask and kind of, you know, engage their customers to gain, you know, more insight. I also recommend, you know, partners, you know, quite often are not comfortable with this technology is engage your, engage your Telarus engineer. You know, we have a great number of engineers on the team. All of us are, you know, we have years of experience and we’re all glad to help you with those customer calls. And then, you know, at also there’s Polaris training education opportunities. So, you know, if there’s one in your area, we have those throughout the year. If there’s a training opportunity within your market, you know, definitely go to one of those, attend that because you know, that’s gonna help you understand it, that’s gonna help you, you know, be able to position it as well as sell the the technology as well as other technologies a as well.

Josh Lupresto (20:37):
Yeah, great point. You know, I think, I think the QSA is critical in that, because this we, we’ve had great feedback on this from the partners where, you know, they can put their branding on on it, they can walk through the customer with it. They don’t have to be the expert, but it really is like having somebody right there at your side to just pull out all this information that you can then, you know, give back. You can give to the suppliers, we can have us have further conversations. But great, great advice on there. Love the events too. We get a lot of people learn. We do a lot of good content out there. Team put some great stuff out.

JW Stanley (21:05):
Yeah. you know, oftentimes, like the QSAs for example, I’ve had several partners say, you know, whenever they have had those conversation with their customers, you know, they, they position as, Hey, this is gonna be an, an area where we’re gonna walk through this. We’re gonna ask some questions, and then based upon this, I’m gonna engage my engineer and bring him back, you know, him or her back, and be able to have further discussions with you. And oftentimes it gives it a more qualified discovery call, you know, for that second call whenever you’re, you’re talking to them. And it really just kind of puts them at ease too, because there’s not that, you know, I’m kind of guarded and I don’t necessarily wanna share anything. It’s just a very much a a conversational type of approach, which is a great job.

Josh Lupresto (21:45):
Great point. All right, last question. Your prediction on the future and if you get this right I’m gonna put some, some money on some of the upcoming football games, but look, this, this technology evolves at a crazy pace more than anything I’ve seen in the last five to 10 years. Now it’s, it’s even more accelerated. So if you look at security and we look at how it’s evolved from antivirus to EDR, to, to, to MDR and whatever comes next, xdr, what’s your opinion? If we look 12 months, it’s hard to look past that. But if we look 12 months plus, what’s your opinion? Do we change strategy? Do we do anything different? Do we do the same? Your thoughts?

JW Stanley (22:24):
I think, you know, this is a good strategy to have in place today, and then we can evolve as the technology evolves. You know, I definitely see more ai, you know, coming into play more geofencing, so, you know, making it to where you’re kind of, you kind of set perimeters as far as your traffic, where it’s going, things like that. As well as, you know, that anomaly piece, you know, I think, you know, definitely there’s gonna be this, this field. I mean, it’s constantly evolving. You know, just I forgot what I read. I think it was earlier today, the predictions of, you know, from like today’s, you know, numbers of, you know, costs and stuff as far as like a, a breach, things like that. We’re talking like trillions you know, like we’re not talking like small numbers here, but just the, you know, the expansion of that how much it was gonna cost, you know, in years to come. It’s, it’s astronomical. And so you’re gonna have those things that can help, you know, remediate things very quickly. And so, you know, the conversations that we’re having today are gonna be the conversations we’re having tomorrow. But just with a more focus, you know, as far as, you know, here’s why we need this kind of approach.

Josh Lupresto (23:32):
Great stuff. Maybe by then future amazing tools. It’ll just be implanted in our brain and all will be well, and it’ll be, it’ll be great, but we’ll still need the remediation. Good, good stuff. All right, J Dub man, that that wraps us up, buddy. I really appreciate you coming on. Thanks so much for doing this with me, man.

JW Stanley (23:47):
Yeah, thank you. Appreciate it.

Josh Lupresto (23:51):
Okay, everybody that wraps us up, I’m your host Josh Lupresto, SVP of sales engineering at Telarus. JW Stanley. If you haven’t engaged him, please do. This is Next Level BizTech.