HITT- Understanding Cybersecurity Challenges and Solutions- May 19, 2025
In this training session, Telarus VP of security Jason Stein emphasizes the importance of a comprehensive approach to cybersecurity, highlighting that it is a business problem rather than just an IT issue. He discusses the critical need for privileged access management and the prevalence of human error in security breaches, with a focus on phishing attacks. Stein also outlines the significance of integrating security into network conversations and the role of cloud security in protecting data. He encourages understanding customer needs and leveraging operational efficiency through machine learning and AI to stay ahead of evolving threats. The session concludes with a promotion for managed detection and response services, emphasizing the consultative approach to cybersecurity.
Transcript is auto-generated.
Introduction to Cybersecurity Solutions
Today we enter the cybersecurity arena and take a detailed look at individual cybersecurity products and pit them against more holistic cybersecurity solutions.
Which of these holds the key to fortifying your clients defenses against relentless cyber threats?
It’s a three hundred sixty degree approach. We’ll find out if that’s the best one, including threat detection, incident response, and risk management.
Products versus solutions in today’s high stakes battle for digital supremacy.
Today, Telarus VP of security Jason Stein presents today’s hit training along with industry experts from Comcast Business, including security product specialist Rich Korn, and senior director of global partner sales, Eric Solomon.
Welcome to each of you. Jason, there is an amazing quantity of products and solutions competing for advisers’ attention right now. We’re gonna talk about a bunch of them today.
Thanks, Doug. Appreciate it. It’s, great to see everybody. Thanks so much for taking time out of your busy schedules to join.
Very excited to showcase the Comcast business. You know, it’s interesting as we start to think about products versus solutions. A lot of times partners will call us and say, hey. I just spoke to a customer, and they started talking about firewall.
Can you help? And then we’ll jump on the call, and it ends up being everything but a managed firewall solution. But I’m excited to showcase one of our amazing and and, you know, most impressive suppliers that we have. And I think you’re the best kept secret sometimes in cybersecurity, which is Comcast.
So Rich Korn, Eric Solomon, welcome.
Good morning to see you.
Thank you for the invite.
So, hey, everybody. I’m Eric Solomon. I’m the senior director of global partner sales with Comcast Business.
I’m basically gonna introduce Rich, and I will be monitoring the chat. Please feel free to ask questions.
I I will be gathering them for Rich, and and and answering what I can in the meantime.
Understanding Comcast’s Security Background
Real quickly before we introduce Rich, not everybody understand you know, knows that that we are an established security company. It’s something we’ve been doing for about twenty five years. It’s one of the reasons why Comcast business purchased Masergy, a number of years back, and it’s a high priority for us. It’s something we do. We do well.
Rich Corn has been with us, and selling us for, I believe, seventeen plus years. He was a partner of ours before before he came on board because he believes in this. So I’m gonna go ahead and hand it off to Rich, and and and I’ll be monitoring the chat if there’s questions.
Cool. Thanks a lot, Eric. So, yeah, as Eric had said, I’ve been in this industry now since August third of nineteen ninety eight, give or take a few hours.
Moved over to Masergy specifically about six and a half seven years ago now. And then as, Eric had mentioned, we were acquired as part of the Masergy acquisition. So we’ve been doing the security practice for over twenty five years, and I’m sure Jason and I will get a little bit more into the background on that.
I did notice that my title is, has not been updated. It should not say security product specialist. It should now say security solution specialist. And, Jason, I will get a little bit into today on what those differences are. And I do love the fact that you mentioned Masergy in there, and I’m sure we’ll talk about that a little bit as well.
Navigating Cybersecurity Terminology
Awesome. Jana, let’s jump into the next slide. So, you know, Gartner does all these amazing acronyms and makes it really, fun and challenging. So if you’ve been a voice and data expert or a CX expert for most of your career and now you wanna pivot to cybersecurity. Welcome to, Gartner’s favorite new acronyms.
So, you know, when we start to think about all the different components when it comes to cybersecurity, you know, you used to just have managed firewalls and antivirus, and Rich and I have been working together for a long time even before he was at Masergy. But now you have to protect the network. You have to protect the data. You have to protect all the users.
You have to protect the cloud. You have to protect your email and your applications, and now you have to protect artificial intelligence. So this this mesh architecture is kind of a little snapshot on what we do for our ascends. We have a a couple of ascends coming up.
The first week in June, we’re gonna be in Nashville. The second week in June, we’re gonna be in Denver. If, one of those things you’d like to come and join us, we’re gonna get even more granular. We’re gonna give you a little bit of a snippet as to what we do there.
So, you know, let’s go into the first one for me, Chandler. The next slide. I wanna showcase EDR.
It’s interesting. EDR is the, advancement of antivirus, and it stands for endpoint detection response. But, you know, Rich, we have all these crazy terms, EDR, MDR, which is managed detection response. You know, we have XDR now.
We have SOC. We have SIM. You know, what are all these different terms, and why are they important, Rich? Let’s start with the definition of each.
And then what percentage of customers already have some type of EDR or antivirus in place today?
Yeah. This, the the acronym SEWPENT and you forgot my favorite one, which is all encompassing of SOC as a service.
Anything as a service, it really comes down to operational efficiency. So I use that one to kinda describe the entire area.
I’m not gonna go through and define all these because what you’re gonna find in this industry is pretty much every single vendor is gonna define them differently. Every customer is gonna define them differently. So as you’re talking to your customers, it goes very, very important to understand how they’re defining them.
Some people, for example, will take and and I think, Gartner originally defined MDR as a company that focuses on endpoints and sends alerts. Well, the industry’s evolved where that’s not even we’re we’re gonna call EDR anymore, because now in the EDR space, if you’re looking at a managed EDR solution, they’re gonna be focusing on those endpoints, but they’re gonna take mitigation action. Some people will go into what Josh likes to call big r. They’ll take it all the way into the recovery component. Certainly, it becomes important to understand how your customer is defining these and how the individual, vendors are defining these to make sure that customers understand exactly what it is they’re truly getting.
In the end, that entire SOC as a service area really comes into the monitoring, that detect and respond stages of that NIST cybersecurity framework, taking all this data, all the different alerts that come into play, and making sense out of them. Right? People, processes, technology combined is what’s gonna define a solution.
Be very, very careful on how you ask that question to your customers. Because if you ask a customer, do you have ransomware protection? They might say yes because they think antivirus is ransomware protection. And the reality is the reason EDR is where it is in the industry is because antivirus can’t keep up. It’s signature based. And there’s an estimated one million plus new pieces of malware being created every single day. They can’t write code that fast.
The Shift from Signature to Behavioral Protection
So EDR, MDR, XDR, all of these are based on behavioral components as opposed to signature components, and that’s the way the direction the industry is going.
So the question you should be asking is, what are you doing for malware protection, or what are you doing for ransomware protection?
And if you don’t know what to follow-up with, that’s fine. That’s why you have Jason and his team bring those answers back and say, hey. Where do I go from here?
I love it. You know? So you touched on a couple different things. One, I think that, you know, ninety five to ninety nine percent of your customers are already gonna have some type of antivirus or EDR in place.
It’s software. It’s it looks for anything with an IP address, helps protect it. You know, you know, Rich and I talked a little bit about the SOC as a service or managed services is the part that a lot of people don’t have. They don’t have the MDR, which you know, and and they don’t have that that SOC.
They don’t have humans looking through and and finding anomalies.
You know, sir, Rich, you know, a lot of organizations and a lot of suppliers provide the first two letters, the managed and the detection.
They’ll actually detect bad things, and then they’ll let, the the client know, and it’s up to the client. They don’t have the r. How does Comcast approach the r? And then I want you then to say, how do you then pivot and have a conversation with clients around, EDR, MDR, and providing SOC services? What’s the easiest way to pitch that from a simplistic business conversation to customers?
The Business Perspective on Security
Yeah. And and you just hit in that last statement.
Security is not an IT problem. It’s a business problem. And so it comes down to the business drivers. So number one, we start taking a look at that solution.
There’s one thing that come into play with regards to a solution versus a product. You know, Jason hit it exactly. You buy that product. Now it’s incumbent upon the customer to have the expertise in that product to properly configure it, manage it, patch it, tune it, and then make sense of what that data means.
If you buy a product, it’s gonna be tuned for all industries across the globe. When you’re buying a solution from a partner such as a Comcast business, we work in partnership with those customers to do that tuning assistance for each individual specific customer environment.
So one of the questions I love to ask customers is how many people do you have in IT? I don’t care. My follow-up question is how many of them are dedicated to security?
Most customers are lucky if they have one or two people dedicated to security. Well, it’s a twenty four by seven job. So that’s that missing link is that people. There’s a reason we stress people process then technology.
Operationalizing EDR Solutions
Now what we get into into there is we’re gonna provide SentinelOne as our provider of choice for EDR. There’s a lot of good EDR products. The question mark comes into how you’re gonna operationalize that particular technology.
So when we talk about that response component, we’ll take things up to and including the immediate mitigation.
Mitigation is gonna solve for your cybersecurity insurance requirements because it limits their liability.
Mitigation means the problem can’t get any worse.
Remediation is taking that next step of things like recovering from backups, etcetera.
We draw the line at the mitigation because of governance and compliance and audit. You wanna make sure you have an audit trail of the individual analyst that did that work. So that’s where we draw the line at the mitigation step. Now one of the things I love about the partner community is Jason’s got, what, eighty five different security products in your portfolio from people that will do professional services before a compromise to incident response retainer people that we work with on a day by day basis. So if we’re doing that monitoring and that response procedure says, hey. I need to go ahead and recover Jason’s machine from backup. We can send that to an incident response retainer that you’ve also sold as part of a comprehensive security solution so we can maintain checks and balances and have that entire recovery covered properly.
I love it. So you you nailed it. You know, when we’re talking about, one, it’s a business problem, security is, two, it’s a resource problem. Most customers don’t have it.
Expanding the Cybersecurity Conversation
So, Rich, now a partner is talking to their client and the the the client says, we need help with our EDR. We need help with our MDR. We don’t have the resources to be able to do this on our own. How then do you pivot the conversation to then expand it to a holistic cybersecurity conversation and so that we can touch more products?
What are some of the other follow-up questions that you like to ask when a client basically says, we need help. We don’t have the resources. We don’t have the expertise. We don’t wanna do this ourselves.
And I wanna tell all the the the partners on this call, eighty percent of your clients today, according to Gartner, are gonna outsource at least one component of their cybersecurity.
So then how do we expand that, Rich?
And and that figure should probably be a lot higher than eighty percent.
The answer to that is I’d like to do I used an entire training called follow the wire, and it has the same kind of a concept. So if you go and you look at that really busy acronym slide that we showed right in the beginning, all these different components.
Good security requires defense in-depth. So if I’m talking about an EDR environment, if I’m talking about an MDR environment, to grow that, okay, great. EDR is the best value in the industry because the biggest risk in this was at ninety two or ninety three percent of all compromises of the direct result of human error. So you want visibility into what those endpoints are doing. But EDR is not gonna be looking at things like your firewalls.
Sixty two percent of all breaches occur at the perimeter. So you want visibility into what the firewall’s doing. You want visibility in your flow traffic. You want visibility into everything you can get visibility into. That’s that MDR, that holistic approach.
What’s the perimeter? Rich, what’s the perimeter so everybody’s aware?
Perimeter is gonna be your your outside.
Your local area network and then your wide area network. Your local area network is what we’re gonna refer to as east west traffic, and you would hope that’s gonna be safe. But if someone plugs a USB drive in, you can have problems there as well. And then the wide area network, the Internet, your other locations, that’s where your biggest threat’s gonna be coming in. That’s what we’re gonna refer to as your north south traffic or your ingress egress traffic.
So we start taking a look at that in order to grow it. One of the questions I like to ask is, have you done an analysis on what a compromise would cost you?
If they don’t know what a compromise is gonna cost them, you know, you know, if they have a you you can do it back of the napkin rough idea. But if they don’t have a general idea of what that looks like, they have no idea what their budget should be. And so I start talking about that without doing fear, uncertainty, and doubt. I hate fear selling, but I do it as a consultative engagement.
I would need them to understand that I’m here to help them, not to sell them something because the first thing I need to sell as a security professional is myself. So if I can start to have that conversation and I begin now to grow that okay. Cool. So we think we’re doing this from a detection response.
How do you know your protection stage is doing well? Well, this now comes into pen test and vulnerability scanning. Guess what? I don’t do pen test.
Guess who does? You guys. You have that in your portfolio.
How are you gonna recover from things? That’s an incident response retainer. Guess who doesn’t sell that? Guess who does? We start getting into the consultative environment.
Yeah. You have a whole lot of phishing attacks. Maybe you should start looking at some awareness training. I don’t sell that, but that’s in your portfolio.
In other words, if I’m doing my job correctly, I’m gonna help expand that into those other categories, areas that I don’t sell, but that you do have in your portfolio.
Love it. Thank you. Let’s go to the next slide, Chandler.
The Importance of User Behavior Analytics
So let’s talk about PAM. So we have one of the biggest topics this year according to Forbes, according to Gartner, according to Deloitte, according to our engineers is UEBA, this user behavior analytics, and studying how to protect users. So eighty eight percent of all breaches are caused by humans. We need better search cybersecurity, security awareness training. We have an issue with employees not wanting to do them. Still, Gartner says that most employees spend forty nine minutes a year doing cybersecurity awareness training. So we have things like privilege access management.
We have things like, you know, looking at your user behavior, passwords, making sure that your employees aren’t using the same passwords over and over to log into their system, to get into their CRM like Salesforce, to get into the finance folder.
And then we have passwordless identity and access management. You know, then we’re starting to look at how AI can play a role in this. So, Rich, tell us what is privileged access management? Why is it important?
Why do we need to protect the users more than ever in the, in in our organizations and clients? And then let’s talk about how do we then position this to clients to help them be an extension of their team and to start the conversation.
Yeah. It’s this is this was becoming critically important. So really what it is, privileged access management is gonna be all the different tools that we combine to start looking at things based on identity. You might hear it referred to as role based access controls and all kinds of different scenarios where you wanna limit who has access to start making changes, who has access to data based on your higher value systems, based on what their roles are.
This is where you start getting into things like zero trust network access. You start getting into things like your CASB type of a solution, your multifactor authentication.
If you look at cybersecurity insurance right now, the number one thing they have, you have to have multifactor authentication.
Number two, endpoint detection or response.
But then the passwords come into play into here. This ties back into what I kind of hinted on a little bit earlier with defense in-depth.
You can have all the access controls in the world, but it’s not enough. You need to have what I’m gonna call policy controls. So just because I have access to a system, policy gets into what can I do within that system?
And then you start getting into the user behaviors that Jason mentioned right in the beginning. Just because I have permission to do something doesn’t mean I do it. Someone in the organization has to have the permission to do things like disabling the EDR provide tool on the CEO’s machine. But if all of a sudden that starts to happen at two o’clock in the morning, that better be triggering a behavioral alert.
So when you start taking a look at the privileged access management component, what we start getting into is that threat reduction.
The Rise of Phishing Attacks
The number one issue that we’re running into right now, and and I forgot the exact statistic. It was ninety seven point nine percent or ninety seven point eight percent of all first attempts to get in an organization are phishing attacks, social engineering attacks.
You can social engineer your way around an administrator. If you look at MGM, if you look at Caesars, there’s examples left and right where people are able to social engineer their way to get around multifactor authentication, to get around ZTNA.
In other words, access controls isn’t enough. This is why we take that step into policy controls, and then the behavioral monitoring becomes critically important. So it’s that defense in-depth structure.
Heath asked a really good question in the chat. You know, what are the leading practices for Pam for rotating admin, credentials?
Do they do it after each use, quarterly, both?
Yeah. So CISA has actually changed this in the last two years. It used to be you had to make your password change and your really strict password based rules. And they’ve come by and they said, you know what?
Forget that. That’s a waste of time. It’s a waste of energy. Everyone writes their password down, sticks it on the monitor in the top of their desk drawer anyway.
IT people spend forever resetting passwords because people can’t remember them. So what they’ve now changed their methodology to and their recommendations is to, yes, have a very strict password that you can remember, but not to worry about changing it. Instead, they now want you to combine that with things like ZTNA, multifactor authentication, and then the user behavioral analytic monitoring. In other words, you can have the same password. I’ve been using the same two passwords for two of my critical applications for nine, ten years, but I make sure I monitor those environments. So if there is a compromise in a password, you recognize that, you get alerted to that, there’s services that will do that, and then you go through and change your password. Great question.
Transitioning to Holistic Security Conversations
I love it.
John, we’ll get to your question. That’s a great question.
Let’s see. So, you know, when we’re talking privileged access management, user behavior, how do we then pivot this conversation into more of a holistic conversation?
So, Rich, you know, customer you know, you got a customer on the phone, and you’re sitting there talking to them, and they say, listen. I just can’t get my arms around. You know, eighty eight percent of all breaches are call coming from my employees. How then do you pivot this conversation and expand that into the other areas?
Yeah. Just like so much of the security space when you’re expanding, it’s a matter of asking those open ended questions. Okay. Cool.
So I’m gonna ask, what tools do you have in place to, you know, for for privileged access management, to limit access to your environment? And they’re gonna give you an answer. Okay. Great.
You give a validating statement. Most people don’t have that much. You’re at you’re down the right track. What are you doing to to limit your policy?
How is your policy gonna change based on the device being used, based on time of day, based on their location?
Okay. You’ve got that. Awesome. Now that next step is the behaviors. How are you monitoring and tuning for that behavior analysis component? You start getting in these different areas, and you start just to follow that wire, follow that in-depth defense in-depth strategy until you get to something that they don’t have. And now you have an opportunity to bring a member of Jason’s team and to take that farther.
Don’t be afraid to say, I don’t know. I’m not a security expert, but I’ve got a guy. Right? Everyone’s got got a guy.
You have an appliance issue, I got a guy. You need a painter, I got a guy. You need a plumber, I got a guy. You have a guy for security.
So don’t be afraid to start getting over your skis to say, I’m not a security expert. So let me bring somebody in, and your goal is to really sell that meeting.
Yeah. I love that. You know, if for everybody on this call, it’s it’s not if you should start a cybersecurity conversation or worried about it getting too technical, it’s definitely becoming more of a business conversation. We just need to start it and whatever they say that they need, they have initiatives, they have goals for two thousand twenty five.
You know, that’s where we can bring in some of our amazing, suppliers, some of our amazing engineering resources and continue that conversation. Chandler, let’s go to the next slide for me. Alright. So next on the the list is cloud.
The Role of Cloud Security Posture Management
You know? So we got artificial intelligence jumping in, large language models. People are virtualizing.
You know, Kobi and our and our cloud solutions are killing it. We have so many requests for virtualization, for people moving their, resources into a data center environment. Now we need to protect it. So let’s talk about what CSPM is, cloud security posture management. Why do we need to worry about this and CASB? You know, protecting the cloud. Why are some of these things important, and why is it even more important now, Rich, when it comes to artificial intelligence playing a role in the cloud?
This one’s a fun one for me. If you go back about five years and everyone’s moving to the cloud, one of the reasons is these different cloud providers were marking the cloud as being secure.
Jason and I were both at RSA two weeks ago and the two primary things I was running into, number one, were a lot of customers having that rude awakening that, guess what, the cloud isn’t secure, so you still have to secure it. If you go back ten years ago, you had firewalls and antivirus. Your data was on prem or in a colo behind the castle walls. Well, now with COVID, we’ve all these remote workers. People work from anywhere, and now our data is in the cloud. So now we have people outside the castle accessing data outside the castle. In the castle perimeter of the walls are like, what what do we do?
Visibility and Security in Cloud Environments
This is why I stress security is about visibility everywhere, and I stress that level of defense in-depth. So cloud security posture management is a great marketing term. All it means is doing the exact same kinds of things you were doing before when the data was on prem. You just now have to do it with the cloud in mind. It’s all the same tools. It’s all the same everything.
The difference is now that identity and the access controls become critically important, So you need to be putting in things like MFA and ZTNA.
CASB is stands for cloud access security broker, which means absolutely nothing. What that really is is a tool that you put in place specifically to tie identity to policy for SaaS based applications. Right? Software as a service or cloud based applications.
That’s what CASB does. So you have all these different tools out there Bringing those different tools together with that people process technology is what’s gonna make it a solution.
And this is becoming critically important because your cloud applications aren’t safe. There’s actually things out there now. I’ve been on some different panels with some people where there’s now bad guys who can actually sit here and do application to application attacks within a VM or within a cloud environment. So it never even has to come to a firewall if they get an initial compromise.
So this goes back again to security being about visibility everywhere there’s data, wherever that data is on prem, in a cloud, in the colo, in transit, on an endpoint.
That’s all cloud security posture management is. It is the same things that we were doing on prem, but now we’re doing it for cloud based environments.
I love this. So we were both at RSA last week, and, gosh, AI was everywhere.
You know, everyone was doing augmented AI, and they were talking about, you know, adopting more from a cloud perspective. A lot of our suppliers are getting hit up there. So let’s say client comes to you, starts talking about their cloud environment. How then do we pivot the conversation? What are some of the the takeaways and stories that you have coming out of RSA that really showcase how we need to be adopting a cloud and cybersecurity conversation as one conversation?
Yeah. The AI thing was entertaining. It remind me about five, ten, fifteen years ago when everyone was going to the cloud. You know?
Yes. That’s not the cloud. That’s just Photoshop. That’s all it is. They’re calling it the cloud.
AI right now is the same way. I’m gonna call AI machine learning. AI is a marketing term. Machine learning is the actual technology utilizing Python, etcetera.
So AI or I’m gonna call it machine learning is becoming critically important. As we start to expand our data, people can’t keep up.
That being said, if you’re using the product by itself, it’s tuned in learning for all industries across the globe.
So as Doug mentioned in the beginning with the Agenic AI. Right? You’ve got artificial general intelligence, artificial superintelligence.
All these different things come into play. All it really comes down to is the language models and the amount of data that these different machine learning tools have to pull from.
So machine learning is critically important to help simplify the tasks of the people, but they don’t operate operate effectively without the people in the process. It has to be that combination.
And this is not just in native to the cloud. This is gonna cover across the board. You have to have that machine learning, that security posture wherever the data is. So if someone comes to you and you’re talking about, I need to protect my cloud based data, don’t be afraid to ask, is all of your data in the cloud?
Is it in IS? Is it in SaaS? Where’s your data? How’s it being accessed? You need to have this understanding in order to understand what products to bring into play and how to combine them as part of a comprehensive solution.
So I love that. Thank you so much. Let’s go to the next slide, Chandler. I think that there’s a lot to be said for cloud. Now you’ve mentioned ZTNA several times on this call. We have zero trust network architecture, zero trust network access.
Understanding Zero Trust Network Architecture
Then, you know, it’s also some in in some instances, we’ve dropped the n, and it’s just zero trust access. Let’s talk about why is it important to look at this and control users and put all these other parameters in place. You know, we’re talking about SD WAN now on the network. Then we’re also talking about, you know, how do we protect that with SaaS, secure access service edge? And then we have this this network component in trying to lock down this. Why is ZTNA important? How then do you bring it up from a business perspective?
Yeah.
ZTNA, Sassy, two of my favorite buzzwords because they’re critically important if done correctly. And that last statement, that last caveat is so critical.
If you have ZTNA by itself, I’m actually gonna call that a false sense of security because ZTNA, it’s right in the term. It’s an access control.
True zero trust is a methodology that requires access controls, policy controls, and those behavioral controls. And I’m gonna reiterate that again because I think it’s critically important.
Access is simply can I get to the application?
Policy is what am I allowed to do within that application, and how’s my policy change based on various variables, time of day, location, machine I’m using, etcetera.
ZTNA now limits my access based on identity. Are you gonna run ZTNA to a network, to a subnet, to an IP address, or to an individualized application?
I read a statistic that ninety three percent of all ZTNA implementations are done incorrectly.
And guess what your cybersecurity insurance company is looking for? One reason did not pay out.
And then even if you have your access tied to identity, you have your policy tied to identity with things like CASB.
Now you have to have that behavioral monitoring. It’s gotta be all three to be a part of a comprehensive solution. That’s a zero trust methodology, a zero trust solution versus a product. If you have the product by itself and you’re not doing the behavioral monitoring and the policy component, it’s one percent a false sense of security just like SASE is.
So I think ZTNA is super important. We wanna find out, hey. You know, or if you’re talking to a client, is zero trust something that you’re, implementing?
How far along are you? Are you twenty percent there? Are you fifty percent there? Are you eighty percent there? Do you need help finalizing, adopting, getting your the rest of your organization completely, you know, into a zero trust framework? So, Rich, let’s go to the next slide and let’s talk about, you know, you you and Eric kind of teased it.
Why is Comcast so good and the best kept secret right now in cybersecurity? You know, you actually do a lot in this space, but I don’t know if everybody understands the breadth and depth. So let’s first talk about, you know, SD WAN and SASE, and why is that security conversation still important? I think still, you know, somewhere around fifty percent of customers are buying network and not securing it.
Integrating Network and Security Conversations
In today’s world, number one, you cannot have a rational conversation about network without talking about security and vice versa, and that goes back to that follow the wire and expanding your conversation.
We’re part of the best kept secret because we’re victims of our own success.
Comcast business, when they put their mind to something, does something very, very well, they’re gonna dominate that industry. They chose to start off originally, right, as a cable company and then begin to grow. And so they dominate well over, I think, it’s like fifty six percent of that small business market, which is insane.
What most people don’t realize is that they saw that and they said, oh, this is what they do.
And we got pigeonholed that way. I’m not gonna lie. When we were acquired, I almost quit on the first day because that was my perception being in on the partner side of the house as well.
Thankfully, I didn’t because that’s a completely erroneous perception as you start getting into what we actually are capable of. As an example of that, two weeks ago, it was announced, and most people don’t know this, Comcast business is now the largest SD WAN provider in the United States.
Bigger than AT and T, bigger than Verizon, bigger than Lumen, and it’s because they put their mind to it that they wanted to be the largest SD WAN provider in the United States.
When you start taking a look at the SaaS component, this comes back again to focusing on desired business outcomes. I’ve never had a customer come to me and say, my desired business outcome is a SaaS solution.
Consultative Selling in SaaS Solutions
They think that SaaS is gonna solve for those business outcomes. So whenever someone comes to me and says, I’m looking at Sassy, I become that five year old kid. Why?
And I continually to ask why until, invariably, I end up with two desired business outcomes. I I wanna improve my security.
And number two, I wanna optimize my application performance.
Well, how that gets done is gonna vary from customer to customer.
If you start taking a look at the definition of SASE as it was written, it directly violates those two desired business outcomes for many customers, if not most customers.
So when we talk about our approach to SASE, number one, if you want the definition of SASE, we’d one hundred percent have that. Based on the Fortinet environment, we can do cloud based firewall, secure web gateway, zTNA, CASB inline. We have the SD WAN. We have that definition.
But for most customers, that’s not the right solution.
So if you truly wanna be a consultative seller and adviser, you need to understand where the data is, where the users are, how are they accessing that data.
What are the application performance requirements site by site? So now when you begin to build that network, what’s the correct access types site by site taking the consideration that app that site’s application performance requirements?
Where are their security requirements?
Where are their locations? How are they communicating?
So when you start taking a look at some of those differentiators, there are applications out there that specifically recommend not using a centralized gateway. So in our SaaS environment, I can allow for site to site connectivity. I can allow for local Internet breakout. If I’ve got two sites in Moab, why should I have them both come all the way back to Salt Lake City to the pop in order to communicate?
That’s adding latency and jitter.
So we start taking a look at that security component. Very important question is, where should I be enforcing that security policy so I’m not degrading my application performance?
Well, in our world, I can put firewalls in the cloud. Sure. But I can also put them on prem, in a colo, between departments, at someone’s home, and the endpoints themselves.
And then you wanna simplify that policy via centralized management.
So we begin to start to build this customized solution for the customer keeping in mind their desired business outcomes.
And then you have that security component.
It’s not part of the definition, but, Jason, we’ve hit on this multiple times today already. Endpoint detection and response gives you visibility into those end users that’s your biggest risk. Best value in the industry. Not part of the definition.
Big oversight on the part of Gartner, unfortunately.
MDR, same kind of a thing. Where’s the behavioral monitoring in the definition of SaaS? So we begin to add those types of things onto this overall solution.
When you take this kind of an approach, it really becomes a business conversation.
And if the definition of SaaS is the right solution, great. But for most customers, it’s gonna be something different. It might be a mix of private and, private and public networking. It might be the monitoring. It might be different tools. So it becomes very, very important to understand what the customer’s looking to do and then build that solution to focus on their desired business outcomes. That’s the approach that we tend to take.
Perception Challenges for Comcast Business
So, Rich, let’s talk about this. So you hit a couple things, and I wanna wrap up, you know, the next couple of minutes and then open it up to some great questions that we have. So, you know, Comcast, to your point, seen as a cable provider.
You know, and, historically, you know, now they have this, you know, amazing security over the last couple years. But, you know, one, how does a partner overcome the fact that it’s perceptually seen as just a voice and data transactional organization, typically handles small SMB type of transactional deals? And how does it overcome a a customer that says, oh, I use them for my voice and data and didn’t have a great experience?
Is it a different experience? Is it a different group that handles it?
Great question.
What’s the breadth and depth? And, Chandler, can you go to the next slide? What’s the breadth and depth to your portfolio, and why should people trust Comcast business with their cybersecurity?
Yeah. That is a great question. And RSA, I literally started asking people, you didn’t even know we had a security practice, did you? And people would be stunned like, no. I didn’t. So number one, I love the fact in in if it was an oversight, I’m glad you did it. If you did it on purpose, even better.
In the beginning on the introduction slide, it still said Comcast BusinessMasergy.
The security practice is twenty five plus years old. It came over as a part of the Masergy acquisition.
One of the smartest things Comcast did is they left us alone.
So it is not the Comcast business auto attendant hell when you’re calling for service like you would on cable.
It is a completely different organization, different phone numbers, different SOC. We don’t even use an auto attendant. Seconds matter in security. So I want a human being to answer the phone.
Our SOC is staffed with analysts and engineers, not ticket takers. So whoever answers that phone, I think it’s a ninety eight point six percent last time I checked first touch resolution rate.
Again, seconds matter in security.
When you start taking a look at the size and that perception, number one, I I remember one call one one person, a a VP of a bank literally took the conversation with me just to complain about our home cable network.
We are not Xfinity.
We are Comcast business, upstream, Medlar enterprise based space, etcetera.
To overcome that objection, most customers don’t realize our size. This is why I talk about the fact that we are the largest ISP in the United States. We are the largest SD WAN provider in the United States.
The Importance of Security Operations Centers
Our SOC has been with us for twenty five years. You could actually argue that we invented SOC as a service as as as far as that particular pioneer.
When you start taking a look at the size and the scope of what we see because of the size of our network, twenty nine billion events, two point six billion phishing attacks, etcetera.
These are the kinds of things that come into play to understand what the size of our group is and what we can go ahead and do.
And then you start getting into the customization. And I have an entire training that we I I’ve shared with with Jason, and we’ll talk a lot more about this over the course of time with with regards to his SE so they’re ready to go on this. But you start to overcome that objection via statistics, our size, what we can actually see, and then the partnership and the operational efficiency. You heard me mention in the beginning, SOC as a service is all about operational efficiency, that combination of people, process, and technology.
I’ll pause there because, you know, Jason, that could go on for hours.
No. You can. I think you nailed it. And, look, Comcast, the reason we’re showcasing you, you guys do so many amazing things. So, Doug, let’s get to some questions, and then I want I think Eric and Rich may have a, promotion going on that we wanna touch on.
So, Doug, what were some of the the questions that, we saw in the chat that we wanna You know, I’ve tried to group a few of these together into some categories that might help us a little bit, but there is a a a theme that runs through a few of these.
Wanted to ask the, experts. Yeah. For most companies, what would you say are the primary responsibilities of the company itself, and what things given today’s market and, you know, should they be outsourcing to a Comcast or another provider?
The answer to that is all engineering answers begin. It it depends.
In most cases, you wanna outsource whatever you possibly can so long as you can still guarantee that personal accountability of any kind of activity.
So it’s a matter of the customer’s gonna be responsible for sending the data to the MDR provider as an example.
And then we can take that up to the including the mitigation. And in our world, when we talk about giving an alert, we wanna make sure we give that level of context. So we’re gonna give them the guidance on what they need to do within their own environment. But typically, if they own the product, they’re gonna be responsible for touching it and configuring it. If it’s part of the MDR environment, we’ll handle that. Jason, anything you’d add to that?
Oh, I agree completely. You know, every customer is so different in their DNA and where they’re at. You know, we definitely want to be able to, meet the customer where they’re at and try to put them into the best solution that makes sense for their organization. Everyone definitely has people with expertise in different areas, and and we’re not trying to shove them in a situation that it doesn’t fit. But they they are realizing that they cannot do it themselves.
It’s just a lack of resources. And let’s face it. What are the average threats that are getting through all your security layers? Are they things that everyone’s seen before?
Are they brand new? They’re brand new because if they were seen before, we would stop them. So what is the average cybersecurity, you know, person within an organization able to do when he sees something for the first time? Does he understand how to remove that, eradicate it, and then get them back up to to running and make sure that there’s not bad stuff left over in their environment?
And how long is it even gonna take to find it? The bad guys are writing malware designed to avoid detection. Exactly.
It’s impressive. That brings up a great question too. We had mentioned earlier that AI is really machine learning, and I wrote that down specifically because I liked that phrase.
The Role of AI in Cybersecurity
But given the advancements in AI right now, and the fact that as you just mentioned, the bad guys are writing code faster than we can defend against it.
What role does AI play in trying to stay one step ahead of that as we consider the various solutions that may be available for a business?
Let me start and then I’ll pass over to you.
So at while we were walking through RSA, every single booth had AI on it, and they had AI SOC.
First, let’s talk about what that is, Rich. But we’ve been doing AI and machine learning and cybersecurity for fifteen years. It’s just now become more of a buzzword within the industry. You know, artificial intelligence is huge because it can sift through lines of code within seconds, which I think is super important versus before where a human had to do that and try and find, you know, a needle in a haystack is more challenging. But everywhere you look up in Northern California, every billboard, everything said AI. Rich, I know it’s a buzzword, but it is important, and AI is truly a part of cybersecurity in the future.
Yeah. We’ve been using machine learning since the year two thousand.
So if you wanna say we’ve been doing AI for twenty five years, you know, based on marketing terminology, you’d actually be accurate. But, yeah, everyone now is jumping on the AI bandwagon, and it is machine learning. The real question right now becomes how fast can they add components and tune components to their large language models. That’s where they become become the operational efficiency. How fast can the machine learning sift through things without making mistakes? You’re gonna hear a lot talked about noise in the industry because you don’t wanna be sending, you know, false positives, but you also don’t wanna be sending false negatives.
Certainly, it comes down to the operational efficiency of the AI, the machine learning tools. And the challenge we’re running into is the bad guys don’t have to deal with SecDevOps the way we do. They’re less concerned with making mistakes. They’re the earliest adopters of AI, so we’re constantly making this catch up game, which is why you’ll never tell me or ever that an AI product is enough. You have to have that people process and technology.
And then now the one thing, there’s one guy walking around. He’s like, so, are you securing your AI security tools? And that’s gonna be that next evolution. So it’s a constantly you know, it’s it’s it’s this constant ongoing race between the good guys and the bad guys.
It’s absolutely true. We’ve got some other good questions in here, and we’ll leave the chat window open for some additional responses as we continue on. But I do wanna leave some time for you to talk about the promotion that Jason hinted at. Tell us what’s going on.
Current Promotions for Cybersecurity Services
Yeah. So we do have an MDR promotion that is running through the end of June. Hopefully, it gets extended, but that’s out of my pay grade.
What this entails is as we’re trying to get more and more customers into that detection and response component, growing that conversation, we are right now offering either two free months on a twenty six month term or three free months on a thirty nine month term. It is the first free, free month months that you get for free. So if you are with somebody, maybe say you’re doing a Splunk seam as a service and you decide I need a more holistic approach, we can help out by giving the three months during that transition time, during that tuning phase. Now that promotion does require two things. It requires the one year of data storage, which I always sell with it anyway, and it does require on monthly SOC reviews, which is a new offering. This is not going through tickets. This is consultative.
We’re gonna sit down, look at the trends that we see within the environment, and give recommendations for security posture improvement, whether that be cloud based or premise based, even if that’s in areas that we don’t sell. So as an example, if I see a lot of phishing attacks, we might recommend you go buy an awareness training. We don’t sell that, but the partners do. So it becomes that comprehensive where we’re gonna help you grow your customer base in the security space with that entire chart that Jason showed in the beginning as a part of what we do as our our our daily job.
Phenomenal incentive for advisors to, take a a close look at this and see where it fits with their clients. Really appreciate the information. Eric, any last words? And then, Jason, take us home on this.
I have a couple more questions that were in the in the chat. Is it too late for that?
Is it too if we do it quickly, go right ahead.
Alright. So so, Rich, can we talk touch on international capabilities and data storage where the where where the data is inspected, I should say?
And I’m gonna table that conversation mostly. So yes, we are fully international. There are some countries with wars going on and with sanctions we can’t ship things to. And Jason has in his portfolio one of the first companies he worked at. You guys actually have compliance as a service organizations.
Depending upon what the specific compliance is, there are things that we can do with regards to data storage, but that’s gonna open a whole different can of worms I don’t wanna take time on.
Okay. We’ll follow-up on that one. Norman asked about where we and this could be a trick question. Where we inspect, SSL and VPN?
That’s gonna be more of a different things based question.
So there are some different ways that can be done based on different product sets and different solution sets. So that’s a question I would actually defer to, Ryan Myers probably on our networking team so I don’t put my foot in my mouth.
Okay.
Lastly, there there were some questions regarding cyber cyber insurance compliance.
Navigating Cyber Insurance Compliance
Right? So, yes, we can help become more compliant, but I know you love compliance based questions. Maybe you wanna touch on that for a quick second.
Insurance, every insurance broker is gonna have different rules, different policies. There’s, like, twelve common steps. Number one is MFA. Number two is EDR.
If an insurance company is trying to force a customer into a specific vendor, walk away. Tell them to go find a new insurance company because it means they’re getting kickbacks on the back end. They should be making recommendations for technology, but not vendor specific recommendations.
There’s a lot of conflict of interest. There’s some different things with regards to legislation going on there.
Cybersecurity insurance is the last line of defense behind awareness training, behind protect, behind detect and respond, behind the immutable backups disaster recovery as a service. If you haven’t done those first four things correctly, insurance isn’t paying out anyway.
So let security and those security business drivers determine your direction for security.
If you’ve done that, then it’s checking the boxes easy for insurance. If you’re letting insurance drive your security, you’re gonna have gaps.
Okay. Now you got a lot more to cover. So, you know, I think the the biggest component is ask about what what clients have going on from a cybersecurity standpoint for the rest of this year in two thousand twenty five. Do they need help? Do they have enough resources?
Engaging Clients in Cybersecurity Conversations
And then bring in one of our incredible engineers to continue the conversation. It’s easy to pivot the conversation into a holistic security.
The point solution is the foot in the door, then we can follow-up and bring in all the other things. But, you know, just come to one of our ascends, come to one of our virtual ascends, and we’ll expand on all this. Thank you so much to Comcast for being a part of this conversation today.
Thanks for having us.
Absolutely. Great job to each of the three of you. We genuinely appreciate it. There’s going to be a lot, that happens after this in terms of ongoing discussions.