Richard Kirk, SVP, Telecom and Service Provider Sales at AlienVault, interviews Mario Duarte from MSSP partner GoGrid.
Interviewer: Welcome to RSA San Francisco 2014 and to the AlienVault booth. I’m very pleased to have Mario from one of our customers GoGrid here today, and we’re going to be talking about Managed Security Service Providers. Mario welcome.
Mario Duarte: Thank you.
Interviewer: So perhaps we can start off by you just telling us a little bit about yourself, about GoGrid, and more importantly how you found out about AlienVault and security.
Mario Duarte: Great, yeah. My name is Mario Duarte, and I’ve been doing security for about 15 years. I work for GoGrid. We are the premier big data as a service company. How we came about with AlienVault? Well that’s an interesting question. So about 2 years ago I was asked to join GoGrid to help with the security program internally and also for a production environment. One of the challenges that we had was deploying the right set of tools across the enterprise and knowing how to analyze all of that data. So for example we deployed Ossec, we deployed some vulnerability assessment tools, and we had poor me and a few other guys in my team reviewing all of these logs daily and trying to analyze all of this information. So we were struggling quite honestly, and this is when we started saying “We need to go find a solution that’s going to be able to holistically look at all of this dispersed data and make sense of it and let us focus on what’s important.” And this is how AlienVault came in. We looked at several different products and we felt AlienVault was the right product for us because it allowed us to get us running quicker than other products, and the learning curve was a lot easier.
Interviewer: Thank you. So I suppose that since we’re here in RSA and there are thousands and thousands of companies here, your job must be very difficult, because imagine having to walk around trying to make sense of all of these companies, and I suppose that a unified security approach must help you, it must help you to sleep at night.
Mario Duarte: Right. I would say that one of the challenges we’ve had is trying to keep up with the recent attacks and zero-day attacks that we experience and that we’re seeing across the board. I love all of the products that we see here today, but the thought that always comes to my mind is “How do you look at it all holistically? How do you bring them together and make sense of it?” I think they’re exciting products, but in the end, how do you make it work together? And I think that’s really the key.
Interviewer: Well let’s talk a bit about your business. So it’s inevitable that if a company is going to use a cloud service, they have to give up quite a lot of control. This inevitably must lead to issues of trust. How does AlienVault Unified Security Management help GoGrid to be able to satisfy your customers that they can sleep well at night?
Mario Duarte: Right, that’s a good question. One of the things we allow our customers through AlienVault is we allow them to have visibility into their environment, and also parts of our environment. So by using the web interface for the USM product, the customer not only sees portions of their environment, they also see what we’re doing on behalf of them. So it really provides visibility. So we’re not taking away… we don’t just send a report at the end of the month for our customers - we actually engage our customers on a daily basis, and we ask them to also access the user interface, the web interface from the USM product so they can actually see what’s going on. So for example, if I make a change to their policy, they get alerted, they get notified that a change has occurred. So in essence, USM and the AlienVault products have allowed us to monitor the monitors and give that to our customers.
Interviewer: Hmm, that’s very interesting. So let’s talk a bit about some of the challenges that perhaps you face. Infrastructure as a service, which is what you are, I would imagine requires far more stricter security controls than just software as a service. What recommendations do you have for your end-users when they start to look at infrastructure as a service?
Mario Duarte: Right. One of the strong recommendations that I make is to look at Cloud Security Alliance and look at their control matrix. I think they’re doing a phenomenal job as an organization. When I was on the other side as a consumer of the cloud and I was just beginning to learn about the cloud, one of the things was “Well, how do I assess this? What’s the security threats? What are the security issues that I would incur moving to the cloud?” And Cloud Security Alliance really helps with their control matrix because then it shows who’s responsible for what. AlienVault, once you identify those controls, what AlienVault does for you is then you can set up and monitor those controls for you and you can get alert, you can get reports, and you can keep an eye on your controls.
Interviewer: So now if we turn our attention to regulatory controls, because of what the cloud represents, it’s inevitable that governments are going to introduce new regulations. What’s your advice to your customers, and how do you help them to be able to meet and address those regulatory compliance requirements?
Mario Duarte: I have to say HIPAA is one of those regulatory compliance that has actually been a game-changer in the industry. You know, even just recently as a year ago before the omnibus bill for HIPAA was passed or took effect, really infrastructure… as infrastructure as a service cloud providers, we really didn’t know whether we were business associates or not. So did HIPAA involve us or not? Since we don’t have access to a lot of this PII. I mean, the customer has access to the servers, but we don’t have necessarily access to their servers. So how does that impact us? And I think with the omnibus HIPAA bill last year, that changed. In essence “You’re a cloud provider, infrastructure as a service, it doesn’t matter, you’re a business associated, so you fall under HIPAA”. That’s become a game-changer. So breach notifications, understanding changes that are happening in your environment, who’s accessing your PII, that has become a major challenge for a lot of companies. We went through a HIPAA compliance initiative ourselves. We had about 6, 7 months to become HIPAA compliant, and one of the tools that we use to make us HIPAA compliant was AlienVault because it allowed us to have visibility into the things that were happening across our entire environment. So a change that’s maybe minute and small on one corner of the company can actually have a big change and a big impact across the board. AlienVault provided us that visibility.
Interviewer: I remember when you and I last met, you were telling me how you had managed to create a service for HIPAA, and I remember a great example. You told me about a company that monitors patients remotely, where they have devices attached to them and their heart and heart-monitoring and so on is done remotely, and how your customer needed to be HIPAA compliant. That was a fantastic story because that was a real business problem that you as a security cloud service company were able to solve. Could you tell us a little bit more about that?
Mario Duarte: Right. So what worked for us: We thought “Look, we need to be HIPAA compliant and we have 5, 6 months, 7 months to become HIPAA compliant”, so we needed to really expedite things. So we recognized that the challenges that we face are not necessarily unique just to GoGrid, but rather is across the board. Sure, you’re dealing with a customer, our customer is dealing with biometrics and that’s their specialization. However they still have to manage servers, they still have threats from the public internet. So how do you handle those threats? Well we thought that the same challenges we had, because we’re in the cloud, if we had the same solutions that helped us out, we can actually help our customers. We don’t make you HIPAA compliant for our customers, we tell our customers “You’re not going to become HIPAA compliant, however we’re going to facilitate your efforts. We’re going to give you visibility so if there is an actual threat to your PII or your PHI, we actually can notify you and alert you as it’s happening so you can reduce the impact to your patients, to your customers.”
Interviewer: And one of the subjects that is under debate right now is the idea of pure cloud versus hybrid. In other words customers that either are completely in your cloud or they have a mix between on-premise and your cloud. It seems to me as though that represents some really unique security challenges for the hybrid users because they’re split between 2 different locations. Tell us a little bit about how you actually solve that problem for your customers.
Mario Duarte: Right, right. Yeah, I like to think that we’re reaching that point. I don’t think we’ve gotten there yet because for managed security services, for GoGrid, what we’re doing is we’re providing managed security services on-prem, on our location, in our cloud environment. The good thing is our customers like it, they love the product, they like the service that we’re providing them. The challenge is now they’re saying “Help us. Help me protect my own organization. My off-prem. I have laptops at home, I have people that travel all of the time, I have my offices across the world. How can you help me protect my environment?” And so no longer are we talking about just protecting their servers in the cloud at GoGrid, now they’re asking us to look at other locations. One of the things we’re running by is leveraging, again, AlienVault and deploying the right agents across different locations so they can then send information back to us. So now they’re leveraging our cloud solution for their off-prem servers and agents.
Interviewer: And Mario, I always enjoy talking with you because I think you’re one of the most experienced security professionals that I’ve met, and I suspect that’s a combination of you and your experience plus the job that you do today, and I remember you telling me about the bitcoin, what was happening with bitcoin and some of the security challenges that are huge that represent to you. In the wider context, what do you see are the biggest challenges your customers face in 2014, and what opportunity does that represent to GoGrid in terms of your own business?
Mario Duarte: Right. A lot of the new… back to HIPAA, it’s a good example, HIPAA’s a good example for this. A lot of companies are good at what they’re making, or they specialize on what they do in, again, biometrics, learning what your patient’s heart rate is and alerting them, or alerting the doctor or the ambulance when they’re getting sick and they need help. But these are very small and dynamic organizations that may not have the budget to have an actual security staff on site even when they have a security person. I mean a 24 by 7? I mean monitoring alerts and breaches? That’s a big, big effort. Having to look at different logs, your antivirus logs, your IDS logs, your firewall logs, your system logs, all in separate locations is impossible to do without having a solution that brings it all together. And again, for us, AlienVault has been that important partner in solving that problem.
Interviewer: How do you think security as a service is going to evolve? I mean if we were having this conversation in a year’s time, what do you think that you would be telling us in terms of how your service has evolved over the year?
Mario Duarte: Right, I think customers are going to ask once we develop a baseline of the control…. we help them with their baseline controls or their basic controls, they’re going to want us to move up that pyramid of support for them. So no longer are we just doing system-level, network-level, but they’re going to ask us to start monitoring their applications for security. So the responsibility, there’s going to be more responsibility for us. And that is also a double-edged sword because what’s happening is the bad guys are now going to target the security organizations, right. Because now if you’ve got the security guys, the security companies that you break in and take ownership or their environment, now, because they’re supporting multiple organizations themselves, their customers, now you have an ability to actually impact more people. Zero-day attacks is one of those things that worries me. I mean, I think about what happened to Bit9 last year. And here you go, they had a website, nothing to do with their building or their product, it was just a website on the internet and it got hacked through SQL injection, somehow they got in to one of their code products and they were able then to compromise 3 other customers from Bit9. Here’s where, again, the whole holistic approach is very important, and the big challenge for us in security is “How do you put together all of these little pieces and visually and holistically view these threats?”
So then you’re able to focus on, you know, here’s something going on at the very opposite side of my organization at some, you know, a QA tester guy has no connection to your actual production environment but somehow his machine got compromised, and then that was the entry point for production. Having that holistic approach is really going to be important.
Interviewer: And if you were able to ask for one thing of the technology vendors, of ourselves and all of the other companies here, what would that be? What is the thing that is uppermost in your mind in terms of perhaps something that is not yet being provided from a technological point of view?
Mario Duarte: That’s a good question. I think we need to… one of the things that I see emerging is big data and how we’re going to be managing big data. The idea of bringing your own devices to work have just changed everything. I mean the days of the organizations where they could build their firewalls and keep everybody outside, it’s over, it’s done, right. You’ve got people doing Dropbox, you’ve got people going to Gmail, your employees bringing their own iPhone or smartphones, those become entry points into the environment. And I think that is going to require, and that’s why I started thinking big data. How do you consume all of that amount of data so quickly and analyze and focus on what’s important? That’s what I want to see our vendors do. I want to see how they’re going to be able… You know, everybody’s specializing in things, I like a vendor that’s able to put together all of these different challenges and bring it together as one view.
Interviewer: Well that’s a great segue into our last question. I should say that I think as a vendor we have a duty to be able to help you on that.
Mario Duarte: Thank you.
Interviewer: My last question is coming back to the beginning. Why did you choose to partner with AlienVault - you could have chosen anybody - and what do you think is special about GoGrid and AlienVault partnering together in terms of helping your customers, and frankly helping you to build your business and make money?
Mario Duarte: We’re a lean, we’re a small company, we’re 120 employees supporting over 12,000 customers. That’s a big challenge. You know, you have to be able to be nimble and fast and quick and be creative and coming up with solutions. So you don’t have a lot of time to be testing, coming out with new solutions, and it’s just the challenge is much bigger. One of the things… You know, look, I’ve used Tripwire, I’ve used Splunk, I think they’re great products, I like them, but honestly it take a lot of technical knowhow. You deploy these products, you think they’re ready to go, you’re not. It takes a while, it takes an expert months at a time to figure out the environment and then to use the right tools. Again, mentioning those other products. What I liked about AlienVault that I thought was very unique to AlienVault is you get this product up and running within minutes, 5, 10 minutes, right, and immediately you start seeing information. Now the good thing about it is that you don’t have to tweak the product or change or modify it to your environment to get real data, to get real information, to get “Hey, here’s a guy brute-forcing my server” to get a guy “Here’s a person attacking my website”, that happens almost instantaneously with AlienVault, and I would say at a fraction of the cost of the competition quite honestly, and that’s really helpful. It’s a very approachable pricing for what they’re doing, but at the same time you actually can modify AlienVault. So it’s not just “Here’s a standard, you cannot modify it, that’s all you can do with it.” Actually AlienVault can actually grow with the organization, so you can actually adjust it and make it more useful for you. So now for our customers, we actually don’t just look at attacks, but we’re actually now looking at change management in their environment, so they know who’s making changes throughout the organization, and we’re able to do that with AlienVault very easily.
Interviewer: Mario, thank you very much.
Mario Duarte: Thank you
Interviewer: Appreciate it. Thank you.