It’s time to rethink what security should actually deliver.
We unpack why the traditional XDR model isn’t enough, and how WhiteDog is rewriting the rules with a curated, evergreen platform that evolves in lockstep with attacker behavior and customer needs.
Kirstin Burke:
Really excited about today's topic. We have been at several events this spring, been having a lot of conversations with partners, therefore hearing about a lot of their conversations with their customers. And really, you know, our takeaway is there are too many tools out there. They are giving too little protection.
And as we kept hearing this and hearing this, and you know, I think even Gartner supports this. One of their latest pieces of research said an average company might have 43 security tools. And obviously that might be on a higher enterprise side. But I mean, if you think about it, even 5 or 10 or 15 is an awful lot. And if you think about this record spending, if you think about these record numbers of just security tools, we then look at the data that says 9 out of 10 companies were breached last year. And so you look at that and say, okay, something's wrong.
Brian Moody:
Clearly something's wrong.
Kirstin Burke:
Or, what is not happening? And we really wanted to take a little bit of time to just talk kind of about this market situation that we're in that our partners are in. And then we want to talk a little bit about what WhiteDog's doing in response to that, or maybe how we are leading through that. Because we've got some exciting things going on within WhiteDog right now that are extremely relevant to this conversation. So, Brian, I want to turn it over to you and say, what's going on and why doesn't more tools equal better security?
Brian Moody:
Well, I think the biggest challenge is the maturation of the criminal cyber community, the use of AI, the use of automation, their ability to continue to get better and better, to thwart the tool sets and to thwart the security that we're putting up. I mean, the defenses that we're putting up. So, you know, more tools don't necessarily equate to better security. And I think it's because of this toolset mindset, and it's been that way for a long, long time. WhiteDog now has been in production for over eight years. Our founder and CEO, Shahin Pirooz, he recognized this exact issue. In fact, WhiteDog was truly founded based upon the frustration of this issue. The fact that we continue to implement tools in customers infrastructures and they continue to be attacked. And then we were a part of that response. We were a part of helping them recover. And then as Shahin always says, then they kind of got knocked down and got a black eye and a bloody nose. And then we helped them, we put a band aid on it. Then we handed them a bill for a million dollars for the next step. And it just didn't feel right. And that was the point where he said, we have to get better. And at that time, what we saw was, is there is an absolute disconnect between the technology debt, which is something that we talk about, which is implementing all these tools is to continue to create a mature framework in order to protect the modern enterprise.
To your point, it takes a lot of tools. But that single threaded approach of implementing each one of those tools is a problem because the tools aren't integrated. And not only that, but we talk about this all the time, is that if you're the CMO or the lead technical officer for every one of these security tools, I would challenge our audience because our partners and our audience, you go to the same RSA, Xchange, PAX8 conference, we go to the same conferences. What do you hear? Even on main stage, our platinum sponsors stand up and what do they say? You just need our tool, you just need us, you know, implement us and we'll secure you. And unfortunately, if that was the case, you would only have to buy one or two tools, you wouldn't have to buy 43. Right?
So this single threaded mindset I think is the biggest problem of just adding another tool. And the challenge behind that is it creates a massive amount of technical debt. And you hear us talk about this all the time, managing those tools. So first of all, purchasing them, identifying what's the right tool to put in. There are four to six thousand security tools that exist in the market today. Which one do you pick? Which one is complementary to the other tools that you've put in place, which ones integrate well, which ones are interoperable.
And then not only that, but now once I pick that tool now I've got to integrate the tool, I've got to configure the tool and I've got to manage the tool. So second component of the technical debt now is the people debt is the OPEX associated with now hiring to that tool set and actually having a security team that understands, understands actually what the tools are actually telling us.
So the thing is, is that we see this over and over again is the management of the single threads and not truly having an understanding of the integration of the tool set and then the correlation associated with respect to what the tool set is telling us, because that's going to lead us to, hey, there's something going on in our environment.
And I think, Kirstin, the biggest issue is that yes, we're seeing, we're just needing to add another tool to plug the hole, but the economic debt of buying all these tools, the technical debt of having to manage all these tools and they're all single threaded, they're not integrated. And I think Shahin recognized that years and years ago, which is why WhiteDog has brought this integrated, composable, curated security platform to market that has all of the integration, all of the automation, all of the correlation, all of those components are done for you. And that is then brought into our security operations centers, which we have two of today, a third in development, from a standpoint of there is an experienced security operations and analyst team that is evaluating the telemetry that's coming in from the WhiteDog platform.
Kirstin Burke:
Right. Well, you talked a lot about technology debt and I think that is so relevant because whether it's five tools, 10 or the 43, there is a sunk cost. And there is an intent from the organization buying it. Not that this is going to last us six months, but this is the horse we're riding for two years, three years, five years. And unfortunately our adversaries adapt much faster than that. And so, you know, you've paid this money, you are under this contract and then all of a sudden, midway, wow, identity starts being the most vulnerable area. But the solutions that you've got don't factor in that criteria. The way that the adversaries are now taking advantage of and. But you're stuck. So I still have two years more on my contract. So either I eat it or I just hope that...
Brian Moody:
Well, I'm not hoping. It's exactly what we're talking about. What I do is I buy another tool, right? Because economically I've been trapped in these contracts because if you look at most of these companies, they require a one, two, three year contract, you know, and I've even heard of people saying, well, we signed a five year contract. I don't know of a security tool in the market that's got a hard efficacy for a five year period of time. You know, without considerable development and change in the back end to adapt to what the cyber community is doing, because the criminal community is absolutely figuring out a way.
You know, just in the years that I've been in this business and have watched technology grow from infancy now to where it's at today, especially with cybersecurity is honestly there's nothing they can't get into. And I think you almost have to take this approach, and almost assume that they're in. Because I think even if you take it to the level of statecraft, I don't think there's anything that they cannot get into. Especially when you get up into [unitelligible] In a sense, I would think that you know the type of governmental approaches that are capable today.
But you know, from that these folks just, they continue to add these tool sets to it and just adding another tool isn't the problem. But when you get tied up into these contracts again, I think that's one of the huge advantages that we bring to WhiteDog because as we talk we're curated and composable, meaning that we can fit into a current set where you might be contracted so we can fill gaps. But we're consumption based and we have no long term contracts. But the other aspect for us is that if we find one of our tools isn't as efficient as it was, we change it out. And not only that, but if we also find, which I think is a topic that we'll get to because we've got some super exciting announcements around our XDR platform and enhancements that we've brought to that. But what we do is that we add the tool. But in adding a tool, what we've done is that that tool gets integrated, correlated and becomes composable across our architecture so that it becomes complementary, too, versus I'm adding another piece into the puzzle. We're doing that, but we're doing that with an expertise and full security operations behind it.
Kirstin Burke:
Well, and I think we talked a little bit earlier about the pace at which these adversaries go, right? We've got ransomware as a service, we've got, I mean, we just, I mean it's everywhere. Like you said, there are no areas that are sacred. There aren't any organizations that have zero vulnerabilities. As long as you're plugging in a computer into something or trusting your data with somebody else. You're vulnerable. And so the challenge for folks like us is how do you build out a response that can adapt at the speed necessary? So how do you either pace with, or even in some cases think ahead of the adversaries and have a service and a solution or a platform that can keep your partners and your customers, let's call it debt free.
And so at any given point in time, if we see any service or any tool becoming long in the tooth or, at any given time, if we see a new area that requires deeper protection, that that is something that we build in while that plane is flying. We build that in, swap it out, and our passengers are not disrupted.
And I think that is the thing that excites me so much about WhiteDog is our response to the market really making that enterprise grade, security accessible, scalable, always current for our partner community to be able to then, you know, sell, pass on and support their customers with.
Brian Moody:
Absolutely. And you started your comment with the word vulnerability. So this is, I think, the biggest aspect of how do we stay ahead of the hacker community? How do we keep one step ahead if we can? Because so many folks implement a security infrastructure, you know, and there's hope because what you've done is you've implemented a security infrastructure and it's responsive. It's almost one way. And I'm using this term one way because I was just off the phone with one of our partners in India yesterday and he came to me and said, Brian, I'm talking to these customers, you're talking about these additional enhancements that you're making to your XDR platform. And this customer said, you know, wait a minute, why does your XDR platform need or have all of these features? Because most of what we're seeing, they're kind of, and he used the term one way. And that was that was the comment from the customer.
These XDR, they have these functions, but they seem to be one way. And one way again talks to single threaded. One way also talks to the responsiveness. Now you talked about response, so let's address response and vulnerability. So those are two of the most key critical points of how we stay ahead. So day zero, whether you're running operating systems or you're running infrastructure, or someone has figured out a way to take advantage of a hole or something in a piece of software that they could take advantage of, day zero, very tough to defend against.
But having the infrastructure in place to be able to respond to that is critical. Second piece is the vulnerabilities. So back to the single threaded component. And you know, my response back to Yash was is that's the point. We recognized this eight and a half years ago is that the single threadedness of XDR, extended detection and response. If I've got extended detection, but I'm single threaded on response, I only respond at the endpoint. So why do we have all of these features in a WhiteDog XDR solution? Because our founder recognized immediately that the paradigm had to shift. The paradigm had to shift from this single threaded approach to this multi-tool approach, to this integration capability, but not only but to have the response capability at all of the vectors. So if we've got an extended detection and we're extending detection through to firewall, through to network, through to ID, through to mail, so I can see these things, but I monitor, identify, notify. I don't have response capability, I'm single threaded, I'm one way. So what we've done at WhiteDog is create the platform so that we can address the vectors and have response capability at mail, at DNS, at network, at endpoint included in our XDR solution. So it is by no means single threaded. The other aspect is, so now we've kind of got that response capability across the platform, not single threaded, not one vector. But the other aspect is understanding the vulnerability. And that is one of the key things is how do you stay ahead of these hackers is that you've got to understand the vulnerabilities that exist in your environment. And with that data we then tune the responsiveness of the applications, of the tool sets, of the integrated interoperable, correlated tool set across the environment. So that vulnerability help gives us a roadmap to protect the organization. And so how do we understand that vulnerability? That is the proactive approach.
And here's a great place for us to kind of begin to talk about some of the enhancements that we're bringing to the XDR platform is that Shahin and our product team have created, something we that we are categorizing as our Attack Surface Management platform. Ultimately, I think there will be roughly seven or eight capabilities that exist within this platform. What we're super, super excited to announce about within our XDR platform today is we have brought three to four key to see that there's identity, there's storage, there's network and there's external. So there's four that are critical today that we're bringing to market. So within this platform what we've done is we've historically done External Security Posture Management. So what is this? This is understanding credentials, information, potential vulnerabilities that we have that are on the dark web. So this has been a part of our XDR platform for many years now. What we've done now is we've extended that now to three additional capabilities that are included. Now this is about understanding our vulnerabilities. This is about understanding what could happen and what might exist that would leave us vulnerable to the criminal community. Understanding this allows us to then tune our responsive infrastructure in order to protect against these things.
So the first of all is that we recognize long ago that mail was the number one attack surface. 93% of threats come from email. Now the second component of that was 80% of those need to reach out to a command and control session. So whether direct IP or through DNS, they have to reach out to that command and control session in order to implement either access to a machine or download a RAT, random access Trojan or some code profile that would allow them to take control of that machine or to execute some process. So that's the second key component.
Well, the other biggest attack surface that we recognized was identity. I mean, everyone is after the identity. So that gives them access and then from there they potentially can elevate privilege and move through an environment. So what we've now brought to our XDR platform is identity security posture management. So this is our ability to be able to analyze Active Directory or Entra ID and understand the username profile, the username permissions, the username grouping, the username access and understand that environment. To understand did someone just retire account and give it super user capability? Did someone just elevate privileges on an account that didn't have those privileges? Did an account get created that doesn't fit into a grouping profile? Does an account in a certain group have way too much access that the other statistical folks in that particular group don't have? So it allows us to analyze and then be able to respond actually to these events that might exist in the identity area.
So second component is now understanding. So if I do get access, what does my network look like internally? So now let us begin to do network security posture management and let's begin to analyze and scan the internal network to see if any vulnerabilities exist. If they do, we can identify them and then recommend remediation in order to close those vulnerabilities so that the hacker community can't take advantage of it. So we're doing external posture management, looking from the outside. Now what we've done is we've taken that, extend that to the inside to evaluate do we have things happening on the inside of our network that are a potential risk. Then we are now then looking at, okay, we've got, looking at the network components identity and access.
Now let's look at the data back to my point I made earlier. Just assume they're in. So from a standpoint of understanding. So this is something that our product team is developed that we are tying to digital or data rights management. And what this is all about in our DRM solution is understanding the security and the storage and what type of data that we have in our environment. And then we're using some AI and analysis to look at. Those types of data that have been ransomed in the global scene today and then we can place a value on that information. So the type of information you have, that if you were attacked and that data was ransomed, they're going to ask you for $5 million for this, for this data that might ask you for 10 million. So we can give you a risk profile with respect to the types of data that you have in your organization and if something were to happen, what's the risk profile associated to that data? And then ultimately down the road with respect to our DRM solution when it comes to full productivity, when it comes to full production, is that we will give you the capability in that DRM solution to encrypt that data. So single button encryption of that information. So full use capability in your environment, within your employees. But if that data were to be exfiltrated, it's encrypted be almost useless. So for critical attack surface management, security posture approaches to the environment, to understand externally, do we have vulnerability, do we have network vulnerability, do I have vulnerabilities being created in my identity community? And then ultimately the types of data that I do I have, do I have any vulnerability there? Understanding that vulnerability is a critical part of protecting the environment. And, and we feel a very important methodology to stay ahead of what the hackers are after.
Kirstin Burke:
Well, and you know, as I listen to you describe each of these, I have a couple of thoughts. If I am a consumer or if I'm an organization, right. Obviously each one of these on their own. You're, I mean, I hear you talk about it and it's like, well, of course I need that, of course I need that, of course I need that. And, and there are tools out there that can help you do each one of these things.
But if you think of the, the overhead that just Attack Surface Management, forget everything else that we talked about. When you think about the overhead, the resources that it requires to do security right is very difficult. And if you're a small business, if you're a medium sized business, if you're a large business, you're all a target. And so if you're smaller, it doesn't mean you have leeway to do security less. Right. Or to cut corners because you're smaller and they don't care as much about you. Every single organization is a target.
And so as you think about these things, as you think about the benefit to an organization of having them all together as part of a single platform, that you're not buying each one, you're not integrating each one, you're not supporting each one. That's immense. And I then think about for our partners that exist today that are already selling this platform, how cool is it as a partner to walk in and say what you just did to me and to this audience and say, guess what? You know, we sold you this XDR platform a year ago and as of June 1st, guess what else you're going to have, right? That we understand that these threat actors are changing. We understand where new vulnerabilities are. And guess what? You don't have to worry about it. Done. Already done.
Brian Moody:
And not only that, but guess what? If you're on our platform and you're already paying that fee, you're grandfathered. And guess what? You, you're going to get all of these improvements at no additional cost, right?
Kirstin Burke:
I mean, where else can you get that? I mean, to me, that benefit to a business to just know I'm good, I'm not good, I'm great, right? And as a partner, to know that they really have kind of this security strike team, you know, helping deliver this service to their customers so that they know that they are offering a premium security service, however much or little that customer needs or wants of this service. But that on the back end, we're the ones that are making sure it's current, we're the ones that making sure it adapts. We're the ones that making sure all of these things are correlated and what a burden that takes off to deliver the type of security service that anybody would want to build if they could on their own.
Brian Moody:
Yeah, it was you and I, we were both at an Xchange conference, it was late last year and there was a lot of Gartner kind of statistics that were quoted. But the one that really kind of stuck with me was that for small medium business and even medium business, large business, and that was up to like 500 to 750 employees, which is a decent sized company.
But the statistic was kind of scary because in that size company there was 0.6 persons engineer dedicated to security. So not even one security person. And if you think about the average security engineer, and I'm being very conservative, 65, 70, maybe to $110,000 a year for that engineer for something that really knows what they're doing. And then the cost associative to experience goes up even after that with respect to the right person. Very hard to get, very hard to keep.
But if you look at the cost associated with implementing a managed, curated, composed solution, it's about the cost of an engineer, but we take that technology debt away. So for those companies that have a software engineer or really a challenged IT staff, Kirstin, this is almost impossible for them to implement. To implement 15, 20, 30 tools and have 0.6 people try to manage that, it's almost impossible.
Kirstin Burke:
Well, I can, from virtually far away, I sense the energy that you have around this and the excitement. And I tell people this about WhiteDog. Obviously we're in business, we want to grow, we want to expand our services and expand our footprint. But there is a part of this that feels like a public service to me because it is so clear the challenge and the risk that organizations out there face. And it is so difficult for any one organization to be able to, to feel confident that they are investing in the right things and protecting their assets the way they need to.
And so I love what we do because, you know, we're really able to help businesses stay in business and stay focused on what it is they need to do. We're able to help partners expand their service portfolio and really add that value to organizations that need to care about security. So I love that we were able to talk about these XDR enhancements. And it's just such a perfect time and a perfect example to really showcase how we adapt and grow and change over the course of time as things dictate. So it was a great opportunity to share that.
And Brian, thank you for your sharing, for your examples and obviously for any partner that is listening, that if any of this kind of perked up your ears or if you thought, wow, you know, I could use some of this, I could use all of this. Absolutely. Get in touch with us. We can help you evaluate what you're doing today. We can help you chart a course for how you might integrate WhiteDog into your business and expand that to your customers. This is a not a long runway to get to be able to implement this. We've got a 30 day onboarding guarantee. So this is something that if you're interested, we can have you up and running and we can have you delivering services by summer to your customers. So, you know, take the chance, take the opportunity, you know, at least have the conversation and see what it might be able to do for your business.
Brian Moody:
And you, you bring up a point for me that is, I love what we're doing because I love to walk into the sock and have the guys go, oh man, we just saved someone's bacon last night, right? 2:00am, you know, 50 machines got encrypted and we stopped it in six minutes. I mean, that's just, it's amazing to hear. We just, we just helped someone. And then on the flip side, the heartbreak is, just last night I'm on the phone with a company that was referred to us by a customer. They were attacked. And just the frustration and the stress in their voice with respect to, you know, they are, they're like, they're shut down. And we can help them. And we are helping them. And you're right, it feels good.
But I think for our partner community, this company was built to help you grow. This company was built to help you be a greater value to your customer. And we have partners that are taking advantage of that and doing just that. And that's the other fun piece for me as well is interacting with our partner community and watching them grow their business and becoming more efficient and more profitable. Which is the biggest piece is how do we grow your business? How do we help you find new markets, and how do we help you become and be a better value to your existing customer base? It's what we do. And it feel good. It is. It just feels good.
Kirstin Burke:
Well, on that happy note, we're going to wrap for May. Thank you, Brian. This is a great conversation. No, thank you. And thanks all for joining us. We hope to hear from some of you soon.
