Threat actors waste no time when it comes to inflicting damage, as recent Secureworks research revealed. In just two years, the average ransomware dwell time has dropped from 5.5 days to just short of 24 hours. That’s why monitoring your environment is more important now than ever – and why it’s becoming increasingly critical to cover all the bases. In this episode, we talk to Bud Ellis, a Secureworks expert in the cybersecurity market. Join us to discuss current challenges – and how to address them – from an expanding attack surface to the growing cyber skills gap. You’ll hear the difference holistic monitoring can make when it comes to protecting your business and how the right MDR solution is equipped to plug every gap.
Secureworks Interview with Bud Ellis
Sally: Hi everyone and a very warm welcome to Let's Talk SoC. I'm your host Sally Eaves and with threat actors not wasting any time before inflicting their damage today. We're focusing on why monitoring your environment is more important now than ever before. And to do exactly that, I'm delighted to be joined now by Bud Ellis who is Product Marketing Senior Advisor at Secureworks. Welcome Bud.
Bud: Hey, Sally, great to be on with you. Thanks for having me today!
Sally: Oh, my absolute pleasure! Perhaps a great place to start, share a little bit more about yourself, Bud, and your role at Secureworks.
Bud: Sure. So, I've been here a while. I've been here 14 years. Spent seven years running our RFP response team, helping our sellers build out RFP proposals. And then the past seven years, I had been in the product marketing organization as a senior advisor. And my focus area is on our MDR portfolios, so Taegis Managed XDR, along with our Taegis Managed XDR Enhanced Premium tier, and then our Elite and our new OT add-ons. So, I spend a lot of time working on content, both internal and external messaging and positioning, looking at the outcomes that customers and prospects are trying to achieve, studying the market, working with customers on case studies and advocacy, and a whole lot of fun stuff in this very, very dynamic and ever evolving space.
Sally: I love that Bud, and I have to say as well, your LinkedIn profile description is one of my favorite ones as well. So, for people listening there as well, I'd encourage you to have a look at that. I love the focus. It's so warm, but also that diversity of experience and loving learning.
It really, really comes across so strongly. So, I absolutely love that. So, I would make a note of that as well, Bud. Brilliant. Thank you so much indeed. I really appreciate that. And talking about diversity as well, in terms of what we're seeing in the cybersecurity market right now, the different threats that are emerging and evolving and kind of scope scale and sophistication of what's happening, with so much going on, what are your customers asking for most at the moment? What is kind of top of mind of concern right now?
Bud: I mean, it's ever evolving, right? It never stays static for long, which is exciting and invigorating. And, but if you're a CISO trying to figure out what to do, it can be a little overwhelming as well. One of the things that really grabbed me is we had our Secureworks State of the Threat report come out and it called out the median dwell time for ransomware. And two years ago, that number was five and a half days. And that's a relatively short time, but...
That number dropped the four and a half days last year. And now it's all the way down to 24 hours. So, you know, you think about ransomware and how it's been in the headlines for so long and how it remains top of mind for organizations. Well, there's a reason why right there, because threat actors are getting in and they're not dwelling. They're not staying quiet. They're moving quickly. So, to me, it calls out the need for coverage and that coverage that has to go way beyond just one aspect of an organization's tech stack. So, you think, you know, in years past, you know, organizations would buy a technology solution. It's really focused on one area, like the endpoint, like EDR solutions. But in this day and age with where the threat landscape is at, Sally, organizations really need broader coverage. It goes way beyond just the parameters of EDR and to have a complete answer. One, it's inclusive of not just endpoint, but cloud, identity, email, can't forget network either as well, business applications, operational technology. And we've seen organizations really begin to shift their strategy to this more broad and holistic approach. And I think that's only going to continue as the IT landscape continues to evolve. And I mentioned the OT operational technology. That is really becoming a big focal point for these industrial customers as threats continue to increase in that space. That's an area that historically hasn't really gotten a lot of attention from a security perspective but you're seeing things such as a single server will go down in a production environment. And it takes these production environments that oftentimes run 24-7 offline. That's not good for production but it also impacts profits. It impacts where the organization sits in the whole connected supply chain, and it can jeopardize employee safety. So, and then you look at kind of the broad thing that really hasn't changed in quite some time and it feels like it's never going to change. There's not enough talent out there. I hear it all the time when I do my case study and my advocacy interviews, when I talk to customers, when I travel to industry events and I talk to prospects, they tell me, we don't have the people, the people we do hire, we can't keep them. They get overwhelmed and they run away.
So, it's that never-ending cycle that I like to call, it's higher, it's trained, and then you hope to retain. And it's an issue again, I just don't think it's going to go away.
Sally: Oh, do you know what? I'm so glad you mentioned that there in terms of the skills piece and culture because it really is this holistic focus isn't it isn't just about the technology and so many skills can make a difference here. And when you look at the makeup of teams like the diversity of teams, frankly, again, massive benefit there for when you're looking at cybersecurity threat evolution. Because again, you need that diversity of perspective be able to think differently and put yourself into those different mindsets particularly with some of the other trends we're seeing as well.
For example, bad actors collaborating more together. And you mentioned there about IT and OT, that the convergence there as well, again, escalating different types of threats, kind of threat diversification, definitely up there as well that I've been seeing as it's a big issue. And obviously, you can't go anywhere at the moment, can you, in terms of focus on AI and generative AI? And that very much is that juxtaposition, isn't it, in terms of, can be an enabler to reduce some of the overload you were talking about there and really support operational teams, but at the same time can also be weaponized and be a new threat vector in of itself as well. So, so many different things happening there. I think we really brought that to the diversity of those different vectors to the four there as well. And you mentioned holistic. I think absolutely right. We need this holistic focus, but an integrated one at the same time. And can you unpack a little bit more about what you mean by holistic in terms of monitoring in particular?
Bud: Yeah, so holistic monitoring has become one of those terms that kind of gets used a lot, and I think people think they're buzzworthy and it's designed to get your focus and get your attention, but I really think the essence of it, Sally, that it goes way beyond this historic focus that organizations have had of, hey, we'll go buy an EDR solution. We'll go buy a network detection solution and that will get us by.
There's simply too many tools out there. Depending on what stat you want to believe, the basic enterprise organization has 50, 60, 75 different tools. And it's too much from a security perspective to expect to be able to stitch all of that together into one place. That technology's different. It just doesn't work well together from a security perspective of getting that holistic view.
What organizations need and what I'm told over and over again, and I believe it whole-heartedly is you need a security solution that's easy to use, that minimizes the time that the people you have, and you may not, you don't have the people that you need anyway, we've talked about that, but you really need to minimize that time that's spent getting to the results that your organization needs. And it's simple stuff, right? What threats are present in my environment?
I see something that's anomalous. Is it benign? Does it represent a real threat? How do I prioritize what to do next? And I like to tell people all the time, you can't go with confidence if you don't understand where you're at, if you're sitting in your car and what's out your windshield. If it snowed overnight, you go out, you clean off your windshield. If you're driving and it starts raining, you turn on your windshield wipers. So, you've got to be able to see. And the right solution can help for that.
I look at the managed detection and response solutions that are out there in the market, and there's so many of them now. Even thinking back five years ago, there's just a proliferation of MDR solutions, but many of those are built with a real narrow focus on one aspect of a tech stack, such as EDR. Or it is an existing solution, like we see in the SIM market, that's kind of been repurposed. We'll bolt a few things on, it's MDR and we'll roll with it. Now it's a step in the right direction. Absolutely. Cause organizations have to do something. But in my view, that approach falls way short of what organizations need because there's not the holistic view. There's not the holistic net across their entire environment. And they don't have the context that they need to make the right decisions to drive to the right outcomes.
Sally: I couldn't agree more strongly. It's that intelligence to act, isn't it? And make that informed decision-making. I think when we talk about some of the other things we're seeing in the market too, around compliance is one great example of that. We've seen some things from the SEC in recent weeks and from an EU perspective with NIST too, for example, too. Even on the ESG side, we've got a real acceleration of compliance with a lot of geographical differences as well. But again, that monitoring piece.
There's an interrelationship there too. And we talk a lot, don't we, about the latest technology, but it comes back down to data being the differentiator in so many ways and the protection of that. So, I think what you're talking about there is absolutely key. And I love, for example, like your SOC setup, 24 by 7, 365, another area again, about that holistic support that's always available. And it just kind of, as we're talking about all these different things, there's so much to manage and to govern and to monitor, et cetera, as well.
There's a lot to deal with here. We've talked about some of the talent shortages and some of the pressure and tool sprawl and other areas like this as well. So how are you finding that from what customers are speaking to you about in terms of facilitation? How are they looking for support here? You know, is it going down the manager on your own or actually saying, no, really, to deal with all of this, we need that facilitation and trusted partnership? I'd love to hear a bit more about how you're dealing with that.
Bud: Yeah, so I'll start with a story, right? I was at an industry event about a year and a half ago, and it's the first time I've traveled since COVID. And I was really excited to get out and talk to people about what Secureworks is doing in this space. And a lot of people came up to us and said, what are you doing? And I would explain to them, well, our approach is foundational XDR technology, extended detection, and response. And people were just cutting me off when I would start talking about that saying, Oh, that's great. But I have nobody. I have no people. The people I do have, they don't have the knowledge. They don't have the talent. They don't have the skill sets. They don't have the time. And it goes back to that, you know, thought process of there's just such a lack of cybersecurity professionals in the workforce right now. Cybersecurity Ventures tells us that as of today.
there are three and a half million open cybersecurity jobs worldwide. That number is expected to be 3.5 million in 2026. So, you gaze out across the horizon, like I said earlier, that problem is not going away. And that is mind blowing to me. So, you think about Sally, the talent that are in seats today and a lot of times they're just overwhelmed. It's really hard to be tactical or it's really hard to be strategic when the tactical is so heavy, right? You know, the alert volume, the lack of context and threats, like we were talking about, is this a threat? Is this not a threat?
The lack of time to go through and the lack of ability to investigate, to determine what should we do about this. ESG tells us 63% of cybersecurity professionals say that their job today is more difficult than it was just two years ago. And over one in four tell us it is much more difficult. And why is that? Well, It's the growing attack surface. It's the continuing evolution of threat actor activities. It's the increasing complexity and the increasing workload that these understaffed cybersecurity teams are having every day. So, when I think about the value of strong MDR solution, I like to think about, okay, what is MDR done right looks like? And it all comes back to what is the right way to do this. And from an MBR perspective, Sally, I think the right solution completely wraps around a customer. It really envelops the entire organization, right? Talking about the personnel that a customer may have, whether it's one, two, 10, it may have empty seats, it may not have empty seats, but the people that they do have on board on that team,
Being able to wrap around them, being able to wrap around an organization's tech stack. What are their business priorities and objectives? Let's get away from just the blocking and tackling, but where do organizations want to go? Being able to give the talent that they do have that rapid and direct access to security experts, experts who know threat hunting, experts who know incident response. Being able to engage in incident response practice if something really bad happens, access to threat intelligence, that the research and the hunting of those threats and that context, because threat actors continue to evolve. Like I said, in the threat landscape, does not stay static for long. So, you think about that, and then you underpin that with a really powerful technology foundation, one that has the advanced analytic capabilities, has that impactful and current threat intelligence fed into it, powerful detectors that can sniff out stealthy threats, machine learning, the ever-evolving capabilities of AI. I can't wait to see where artificial intelligence takes all of this in the months and years to come. And the things, these are all things, Sally, that an organization just really has trouble doing on their own, right? You think about security experts at a security provider who provides the right MDR solution. They're going to the plate every single day. They're triaging threats. They're, there looking at data. They're investigating anomalous activity. They've got the access to threat hunting data, threat intelligence, incident response findings from today and years past. This is what they do. And that right solution enveloped around a customer that really provides that the power of technology along with the power of holistic security expertise, that really gives organizations the peace of mind and gives them the ability to get on the road to make progress toward having a mature, robust security posture. And the customers I talk to, you think about that one-two punch, I like to say, of the tech and the people. It gives the security teams who are down in the trenches, it gives their leadership, it gives the board of directors, it gives every person who works in that organization the confidence that there is a holistic, complete security solution in place that is going to enable them to grow their business, to protect their customer data, to reach the outcomes that they want to reach. And when I look at what we've built here at Secureworks, our MDR solution, Taegis Managed XDR, it's the solution that has those elements, right? It has the Taegis platform. It has the power of the advanced analytics and the threat intelligence from our counter-threat unit, the findings from our incident response practice, our adversarial testing engagements.
And we do thousands of those a year. And what we learn, we're able to kind of feed into that. That's context that's really hard for an organization who's not a leading security provider to be able to feed into their solution. And then the people, right? You talk about wanting to be shoulder to shoulder with organizations, helping them along this journey, right? Well, being able, you know, one of the powerful things about Taegis is, organizations can reach out to us and they can get a security experts within 90 seconds through live chat. They don't have to jump through a bunch of hoops. They don't have to go through call routers or non-technical people like me. 90 seconds, whether it's a question about their solution, question about the platform or hey, something has happened, and we need help. Being able to quickly pivot and engage security expertise like that. Our customers tell us all the time, it lets them know that we're standing right beside them in the fight against threat actors and enabling their business and their organization and their people to grow and go to the places that they want to go.
Sally: So, so important and from the confidence piece, you know, not just the capacity to act, but the confidence and to be asking the right questions earlier and earlier, because I also have this thing about changing the narrative about cybersecurity to the cost of insecurity. And so many things we've mentioned today really drill into that, but that support piece that you mentioned. The other thing I wanted to say is the community you have as well. I thought I really saw that at the threat summit that you had very recently as well. As everything was happening, the conversations going on both kind of live in the room and around it, there is such a powerful community around what you're doing as well. And so, the sharing of knowledge around this is fantastic. And I also just think, just thinking about some of the things that you brought to the fore there with Taegis, but also that the people support and the education and the skills and the accessibility. I think that's also reflected in your recent results with Forrester Way, for example, as well, because your kind of highest possible marks in many criteria there really kind of brought out some of those elements too, from managing investigations, for example, about transparency and time to value. So, I think that's really being recognized in the market as well. So, you know, real kudos for that. I think it's really echoed exactly what you've been delivering. So that's awesome to see.
Sally: Budd I know we have to bring this to a close for today. I know we could go on further as well, but honestly, I think it's been a really powerful deep dive into the why monitoring matters so much, so many different vectors of change, sophistication of threats. But also, for me, this is a powerful combination about the right technology, but with the right people partnership as well and that trusted relationship support. I love how we brought that holistic focus to the floor, but thanks so much for spending time with us today.
Bud: Thank you, Sally. I appreciate the opportunity to come on and talk to you.
Sally: Oh, my absolute pleasure. Thank you, Bud. And thank you all for watching and listening to. We'll be back soon with another episode of Let's Talk SoC. Thanks so much for joining us!