Spend Advantage Podcast

How to 10X Savings & Performance For Your Email Security

Varisource Season 1 Episode 45

Welcome to The Did You Know Podcast by Varisource, where we interview founders, executives and experts at amazing technology companies that can help your business save a lot of time, money and grow faster. Especially bring awareness to smarter, better, faster solutions that can transform your business and give you a competitive advantage----https://www.varisource.com

Welcome to the did you know Podcast by Varisource, where we interview founders and executives at amazing technology companies that can help your business save time and money and grow. Especially bring awareness to smarter, better, faster solutions that can transform your 

U1

business. 1.3s Hello, 

U2

everyone. This is Victor with varisource. Welcome to another episode of the digital podcast. Today on the podcast, we're excited to have Vade Security and Eric Courtwright with us. Eric is the head of Sales for Vade. Vade is essentially an AI email security solution for every business. Welcome to the show, Eric. 

U1

Thanks for having me. I appreciate it. 1s

U2

Yeah, obviously, security is a huge topic these days, and email is the number one, if not the main reason for hacks for every size organizations. And we're going to talk a lot about different stats today around email security, but one of the ones that I saw I want to bring up first is there was a dramatic increase in phishing and spear phishing attacks, up 31% in Q, three of 2022 alone. So this problem is a huge problem and it's not going away, it sounds like, Eric. 

U1

Absolutely not. And I just want to point out it's always been on the rise, but it really was exacerbated by the pandemic when everybody went remote and we really relied heavily on emails and especially M 365. That being said, 1.3s hackers and cyber gangs have really found the golden way to get in. A lot easier than trying to break through firewalls is just social engineering and email attacks. So, absolutely, we've seen huge growth. 1.4s

U2

Yeah. And that's the one type of growth you don't want? Not really. We're definitely going to talk a lot more about that, but yeah, if you don't mind giving the audience maybe a little bit of your own background and then 2s the company story would be great. Yeah, no, absolutely. I've been in it in one form or another for over 20 years going back, you know, to telecom and when Voipe was first coming out and fiber with Verizon all the way through to working with a lot of the larger names in the industry, from the Semantic, the Trend, micros and IBMS all the way around to backup disaster recovery solutions and into where I am today. And as far as the company is concerned, we're founded in 2009 and really Vade focuses on the development of threat detection and response technology using that artificial intelligence. And our products are designed to protect consumers, businesses, organizations all around from any email born cyberattacks, like the Malware, the ransomware spear phishing, like you mentioned before, really focusing on the business email compromise around phishing too. 1s All in all, your AI is only as good as the data and the amount of data that you have going through it. And through our partnerships, we protect over 1 billion. I think we're up to about 1.4 billion mailboxes around the world. And at some point I think our technology touches a quarter of the email boxes on the planet. And that being said, the amount of data that we have going through our filters really gives us a heads up as far as any advanced threats are concerned. So that's where we are. But overall, you want to look at top down cybersecurity, layered security approach, multiple different things in place because the more you have, the better protected you are. But then on the back side, nothing is ever 100%. So really it's looking at protecting as much as you can on the front end, but then also having a plan when the 1.3s inevitability of being breached could happen. Because when it does come down to it with these email threats that people are getting hit on left and right, 1.8s you really have to have that end user trained as much as possible. But when they do click on something, you've got to have something in place to 

U1

identify that and recover. 1.7s Yeah, I think you just hit it right on the nail on the head, which is about security, which I think a lot of companies, it's a love and hate relationship, right? Meaning you spend so much money, you can never buy enough security products, or at least the market tells you so. And yet when you buy all these things, like you just said is, well, you're still not fully protected. There's still a chance something's going to happen anyway. So it's like, it's kind of frustrating as a customer. And that's why it's so important to pick the right solution and partner. Right. So I want to get into this AI topic, because AI is super hot right now. Everybody's saying AI, but you guys been doing this for a long time. Can you kind of explain what is AI based email security? Because you mentioned a couple of really critical kind of data points. Right? I think one of the data points that I saw is you guys claim that you catch ten times ten X more advanced threats than the built in Microsoft protection alone. But again, like you said, AI is amazing, but AI is only as good as the data that it has to get trained on. And because you manage so many 

U2

more inboxes, you have a lot of data to be able to feed into your AI. But can you kind of talk about how do you guys apply AI? 1.4s In this email security? 

U1

Yes, absolutely. Really, it's a machine learning type of technology. So of course the technology is only as good as what you program into it. And then from there you have to let it learn, let it grow and provide course correction. And that is part of the human element where the AI is a learning based system. So as it sees how 1s different types of threats are evolving, it's learning and kind of trying to anticipate what can happen. But then we also have to have that human element that provides course correction as well. And we do have other filters and other pieces that are built into that AI. But really, overall it's something that has to happen now because just the speed of change and the speed of the way that bad actors are making adjustments all the time. Just for example, a lot of what they're doing, they will send an email out and if it bounces back, they will make little subtle changes. They will provide capital letters instead of lowercase, they will add in some different spaces and different punctuation, any little things that they can do just to get around the filters. And as soon as they find one thing that works, then it's all a hands on deck and they just blast through that. So it's really something that when it comes to the AI, it has to learn, but it has to have human element, 1.1s like I said before, course correct and make those minor tweaks and adjustments along the way. And that's something that Vada has gotten really good at when it comes to identifying threats. And then, of course, 1s doing what we need to do to make sure the filters are constantly updated, because it really is the Tom and Jerry cat and mouse game. We're playing with the bad actors out there where we're always trying to stay that little bit ahead, and whenever they find any kind of anything to get around, they'll blow that out, and we've got to be ready to go. And we have teams in different threat intelligence centers around the planet that are constantly 24 7365 looking at those changes and trying to stay out ahead of it. So it's a combination approach, I guess I'd like to say. 2.2s

U2

Yeah, no, 1.5s that's great kind of explanation on how you guys approach it differently. And I think that's why you guys been able to grow continuously throughout the years and build up that 1s 1 billion plus right. Email accounts you guys are protecting. So for those executives or business owner, SM be companies that feel like, of course we have email security. Right. 1.7s Can you kind of give us some insights? What do most companies have today? And then what are some of the limitations of that? Because a lot of times they just buy Microsoft and it comes with email security, or they buy Antivirus and it comes with email security. They just feel like, hey, I'm protected. I'm good, I come with it. Right. But they don't understand the nuance. They don't understand the difference. And so what are some of the limitations on maybe those more generic 1.1s things that companies get? 

U1

Yeah, and absolutely. Just to touch on the question earlier around Microsoft, microsoft has made a lot of advancements and they've really updated their security in a major way just in the last year alone. But number one microsoft. Fantastic. Their software and everything they do is amazing. But they're not a security company, 1.1s they're just not. And where they've made advances in leaps and bounds, especially around known threats. So any threats that have been identified that are out there that are known and have been designated as some sort of a malicious type of threat, they're great at blocking those. So we really don't see those. 1.2s The bank in Nigeria that wants to send you money and all of those types of things, we really don't see those anymore because Microsoft has updated a lot to fix that. But really at the end of the day when you're getting down into the newest types of threats, social engineer, social engineering, polymorphic types of threats, microsoft is just not there. 2.1s As far as how long we've been doing it, well over a decade ahead of them when it comes to these types of things. And yeah, that is one of the biggest things. But looking at some of the other 1s offerings in the space and some of the other ways they do it, it really depends on each individual company and what their needs are because there are some companies out there that are using different solutions and it just works well for them. And if that's the case, then great. We just want to point out some things that we do differently. And some things that other companies do differently. And it's up to them to really figure out the solution that's going to work best for their needs. Now that being said, some of the other ways that have been the prevalent technology in the area were redirecting your MX records so that would be redirecting the normal flow of traffic out to a filter, then back in again. And by having to do that, you're almost turn off some of Microsoft's native security. You're also making yourself visible to hackers because they can see that you're breaking that natural chain and then they can tailor their attacks around any known vulnerabilities with that specific brand. Where with 1.1s our approach, using a graph API, we're essentially within Microsoft so hackers can't see us. All they see is that Microsoft Security is there and we're in line with Microsoft. So when those emails are coming through, we get to see them at the same time. And anything that layered approach, 1.1s if the license comes with Microsoft security, great, keep it on. We integrate directly, as some others do integrate directly with that Microsoft product and we respect all of the whitelists and everything else that are in there. But at the same time, if something comes through and Microsoft says it's clean and we don't agree with that, then we will override that status and we'll go ahead and move that into the junk folder or the deleted folder, depending on settings. So, all in all, it really depends on what the individual business needs out there and how this type of solution would benefit them based on what it's built to do and also what that company needs. So really, all in all, the product is designed to be set up quickly within a few minutes. It's designed to be able to find what you need. And at the end of the day, we believe that cybersecurity is the most important thing. Obviously, 1.5s if you get breached your business could be compromised and you could have to close down or pay fines or whatever else. But you really shouldn't have to sit there all day long in your 1s dealing with these types of things. So it's designed to be able to find what you need to find, if anything, and then kind of move on with your day and get to more pressing matters. So those are just some of the high level things that I think are important for any type of solution. Whoever they wind up picking is ease of use, ease of setup, ease of integration with other tools, and of course, having some other features like quick remediations and any kind of training built in all. Yeah, 

U2

I think, again, that's why I love talking to you. You're just like the encyclopedia of email security, man. Obviously, the expertise really comes through. And all the nuances that you talked about, I think, is where a lot of business owners or people feel like they just check a checkbox. Do I have email security? Yes, I do. And then they may or may not be an expert in what you just explained, the nuances and puts their companies at risk. But again, what we love about working with you guys is your price points are incredibly competitive. We're typically seeing probably somewhere between 30% to 40% potential savings for a lot of these companies we work with, which is amazing. But then it's also so easy to set up, and that's rare, right? Sometimes when you buy these amazing advanced solutions, then you got to really implement it. It's difficult. You're the best both worlds. It's easy to implement and it's cost effective. So, again, we just love working with you guys. But obviously, when we talk to It teams and you talk to It folks, they get it. They understand it. But when you talk about 1.1s a lot of these terminologies that you've been using, you've been talking about, again, familiar with It, but for business owners, for executives, they may not understand these things, right. And so can you kind of provide some education? Which is what we're all about, right? What is phishing? 1.1s What is it? Kind of describe it and then spear phishing, what's the difference? Can you kind of walk through for maybe somebody who's not an It, but maybe a business owner who may not understand the risk associated with those? 

U1

Absolutely. And it all comes really down to impersonation. So when you're looking at impersonation with just phishing, they're usually impersonating a brand like Facebook or Microsoft or 1.1s DocuSign or something like that. They're impersonating a brand to try and get you to fork over credentials or to do something so they have access to your systems. And that's where phishing really comes into play. Part of that is the logos. So one of the technologies that we have built in is called computer vision, where as emails are going through and they have logos on them from these different types of brands. We're deconstructing that logo in real time, looking for any malicious code, looking to see if the pixels are the same, if the colors are the same, if the logo matches with what the corporate logo actually is out there that we have a database of. So the logo is a big thing, especially when it comes to phishing. But spear phishing is more around impersonating a person. Those come in as innocuous, non threatening emails. There's nothing malicious about them. There's no malicious code, there's no malicious link. It's just trying to establish some kind of legitimacy and also creating some sense of urgency. So the biggest one that I've seen out there is either the CEO fraud, where the CEO tries to get someone to give up, get a bunch of gift card numbers and email them back, or to change bank account information. And that's another big one that we've identified and that we've built out another filter to identify really what those look like when it's, hey, I've gotten somebody reaching out to someone in HR. Hey, I've updated my bank account information, can you change that for my direct deposit? Those types of things. So they're impersonating people or trying to get you to do something like that, where you're changing specific information. So all in all, between the two, it's impersonating brands, it's impersonating people. It's just gotten to the point now where they can look at and see, 1.4s really. 1.2s Do some basic research on you, on different people in the company. They're not blasting out thousands of emails across the board. They're hitting two or three key people with information based on others in the company that they've done research on, and they can find that online, in social media, all over the place. So it's gotten very specific. And that's where we have to be careful. We have to know, hey, this person doesn't usually email me from a Gmail account or, yeah, I know that person. They're one of our vendors, and they want to change something with their banking information. Great. At the same time, double check. Because it just recently happened with a government agency that a legitimate vendor that the government owed money to, that hacker, changed two letters in an email address and got that government agency to make a payment of well over $100,000 into the hacker's bank account by just changing a couple of letters. And all the things were in place to call and make sure they verified this. And the other thing, they just didn't do it. So 1.3s it's getting more and more difficult, more and more sophisticated. And it's got to be one of those things where just like when you're a kid, you're taught to look both ways before you walk into oncoming traffic. We've got to really get used to the fact that 1.3s if there's anything on there that doesn't look right, you've got to ask yourself the question, is this legit? And just assume you're being targeted. 1.3s Yeah, I think I got a couple of thoughts on what you just said. It used to be, I don't know how many years ago, you get an email from Egyptian Prince saying, I want to give my kingdom to you. You're like, okay, that doesn't look right. That's pretty obvious. But I think obviously, just as our technology are getting more sophisticated, it's because the hackers have become a lot more sophisticated. I think a lot of time, it might be difficult for business owners, decision makers to understand that there's people out there that wake up every single day and all they're trying to do every second is figure out how to trick you, how to get into your systems, right? And it's like, wow, that's a lot of effort, like you said. But they're getting very sophisticated. And I think with email, because it's such people get into a comfort zone, right? Like, you see email, you respond 1.1s when you do something hundreds of times a day, thousands of times a week, you start to get comfortable, right? You start to maybe not check every letter and everything. And I think that's what they try to catch people off guard. And if you do it enough to enough people, you're probably going to have some people that kind of fall for the trap, kind of like you said, 2.5s it's a dangerous world out there, I guess. Absolutely. Unfortunately. 

U2

Yeah. So. 2.3s Obviously more than email protection alone. You kind of mentioned threat, intel and investigation, as well as some of your additional capabilities. Can you kind of maybe talk a little bit about other than email security? How else do you guys help organizations? 

U1

Absolutely. And this really depends on what the organization has in place or what they're looking to do. We do integrate with other street strategic partners. We also have open APIs, so that means that we can integrate directly within other tools. So if you have a security operations center, or if you are looking to export your email logs to do additional forensic checking, if you're running a security information and event manager or any kind of other acronyms, XDR, EDR, types of things. And those types of tools are excellent in providing additional advanced security. 1s So we do provide that as well. We also have the capability to analyze different things with file inspectors. And we do have something else in place as far as proactive notifications, just utilizing Microsoft's tools. As far as the reported email feature, like this is Phishing or this is Spam or this is Junk, when users are reporting that by clicking on those, that goes into a report that we see, and we build that out to see if that email, one person responds to it and they say, you know what, I don't think this is good. This is probably junk that builds into a report. So that gives everyone the ability to see that, hey, maybe this might be a little bit different, or maybe some people are seeing something that we're not, or something along those lines. So it gives people more of a proactive vision into the individual and what they're seeing. And it also helps that person who's trying to do the best they can to, you know. 1s Provide feedback and it closes that feedback loop all around to say that, you know what, that might be something that's a little wonky. Let's take an extra look at it. And by doing that with the product, it gets people to take more control over their day to day interactions with their emails. It gives them the ability to really take charge, be part of the solution instead of just saying, well, I'm too small, nobody's going to hack me or nobody's going to come after me. That's the worst kind of thinking. It's because you're small that they will come after you because you're considered low hanging fruit and you're small, you probably don't have a lot of things in place that you're going to get targeted. So that's just even more of a reason to go ahead and take a look at some of these extra features. And again, cost of course is a major factor and there are things out there that you can afford. It's just finding partners to work with that will help you get what you need and having the conversations. But really, at the end of the day, yes, the different types of features in there really allow us to investigate and to look at and to collaborate and to try and partner and help everyone because it is kind of a group effort across the board and that's what we like to see. We want a partner, we want to work with, we want to grow and we want to provide as much support as we can. And that goes in all directions. 1.6s Yeah, that's actually a great segue to kind of our last question of the day. Obviously, SMB mid market. That's who you guys specialize and Target. And usually they're low, limited. They have limited staff, limited It resources, and especially now in this economy, where everybody needs to kind of do more with less, right? So they're really looking for ROI, 

U2

and ROI could come in different formats. But 1s can you give us an idea of what kind of ROI can you drive for companies that are limited in resources and maybe even It staff? How can Vade 

U1

help? Absolutely. And I think a couple of points. Number one, the time factor. 1.6s As I said before, we want to make the 1.3s ease of use one of the primary factors of working with us. So the setup, the settings, everything that we have is really designed for ease of use because time is money, and we want to help you save time. So if we can help by making this a multi tenant solution so different companies 1s can use it, can get in, can get on with their day, that's one of the biggest things. The other thing is, again, it is a tool that 1.6s has everything built into it. So we don't have a lot of all these add ons where, hey, here's the price. But then if you wanted to do these things, you're going to have to add these five other things, and now your price just doubled. That's not the case with us. We want to make sure that everything is contained within. A product. So you can expect what you see on a demo, you can expect what's there. And all in all, when it comes to being a good partner and support, so support is key. Not everybody, again, has the staff to do these types of things. And a lot of people have had to cut back on staff. So if there's ways that we can take the support and help with that and provide some additional services, 1.1s that's what we want to do as well. So all in all, it's an overall approach where we want to be a good partner, we want to make sure the product is doing what it needs to do for you, that the setup is quick, that any kind of changes or updates and settings is quick. If you need to find something, you can do that quickly. And if you need to reach out and ask questions about why something was filtered a certain way, then you can reach out and actually talk to somebody and get somebody on the phone. And I know our SLA for response is under ten minutes. So all in all, regardless of who you work with, those are some of the key things, whether it's us or whomever else out there. Just have that in mind where they need to be a good partner to you and they need to provide these types of things so you can focus on what your core business is. And if something does happen, you know that this is my contact, this is how I escalate, this is how I get this done, and you can get back on with your day to day. 1.5s

U2

Yeah, that's awesome, man. And first of all, you're a great ambassador for Vade. You guys are amazing to work with, and that goes a long way. We obviously want to make sure partners we work with will take great care of the customer, and it's customer centric and customer first, so, yeah, no, super excited to have you on the show. The last question we always ask our guests to kind of wrap up is, you've seen a lot and done a lot in your career. If you have to give one personal and or business advice, whatever it is that you're passionate about, what do you think that would be? 

U1

Wow. That's a good question. It's kind of loaded. 4.5s I would say that 2s not to jump down this rabbit hole too far, but time management is huge. We only have so much time in the day to do what we need to do and block out the time, especially when it comes to picking the technologies that you want to work with, picking the vendors that you want to work with. Take the time if if somebody's willing to show you a demo for a few minutes, and worst case scenario, it's not going to fit or it's not what you need, at least you learned a little something on that demo. Take a few minutes to do it and really figure out what's going to work best for your company, but also be aware that what you have right now, 1.8s you're comfortable with it, but there might be something else out there that does it better. And just because you're comfortable with it doesn't mean that it's the best thing for you. So. 1.6s Block out the time. Take the time every once in a while, see what else is out there. See what new technologies there are and just be aware that maybe the something that you've become accustomed to or used to or you're happy with the way it's working, it never hurts to look around and see what else is out there and ask questions. 2.1s I like that. When my partners come in and say, hey, listen, all this out there, what are you guys doing about this? Or what do you have that'll handle that? Or we see this. It has nothing to do with you, but we wanted to ask you your opinion on it and ask questions. There's nothing wrong with that. It really helps you and your business to know what's going on. And so just make the time, because there's nothing worse than all of a sudden you're hacked this and that and the other thing, and kind of like personal example, I got a new insurance policy and I just went ahead and assumed that it had all these things. And then all of a sudden I got a crack in my windshield and the $11 it would have cost me to add that on for the year, I had to pay full to replace a windshield because I didn't take the time to really 1s look into it a little bit more. So just be aware of what you got, what the tools are, take the few minutes that you need and ask questions and expect things from your vendor, too. So, 1.4s high level, long answer to a short question. Sorry, Victor Beth. 

U2

Yeah, no, I love it, man. I love how you also threw in a little of that personal story and I think kind of I summarize everything we talked about. I think 1.1s comfort zone or being comfortable in cybersecurity or in business is a killer for any business, I think. And, no, I really appreciate your time. Great insights, and we look forward to partnering with you guys. 

U1

Absolutely. It was great talking and thanks so much. Always a pleasure. And again, we're always available for questions, even if it isn't something that's directly associated with what we do. We're happy to help. 

U2

That was an amazing episode of the did you know podcast with Varisource. Hope you enjoyed it and got some great insights from it. Make sure you follow us on social media for the next episode. And if you want to get the best deals from the guest today, make sure to send us a message at sales@varisource.com.