Curious about how a music producer pivots to become a cybersecurity expert? GTT's Global Managed Security Product Director shares his intriguing journey and brings a fresh perspective to enterprise security. Together, we unravel the evolution from traditional perimeter defenses to a more dynamic, user-centric approach in an era dominated by remote work and cloud environments. Eric offers invaluable insights into GTT's robust suite of services, including managed SD-WAN, DDoS protection, firewall management, SSE, SASE, and managed detection and response.
Navigating complex cybersecurity landscapes can be daunting, especially with the prevalent IT skill shortages. Eric helps demystify the deployment and management of security solutions, emphasizing the pivotal role of managed service providers like GTT in streamlining these tasks. We dissect the critical components of SASE and SSE solutions, such as firewalls, SD-WAN, and zero trust, and underline the importance of a layered security approach. Through our discussion, the necessity of ongoing monitoring and the often-overlooked human factors in cybersecurity become clear, showcasing how GTT enhances IT teams' capabilities.
As we face increasing global network security challenges, Eric sheds light on GTT’s strategies for tackling issues like import restrictions and encryption regulations in various regions. Leveraging their extensive global network infrastructure, GTT ensures robust security measures worldwide. Finally, we delve into the unsettling rise of AI-powered phishing threats, where cybercriminals use sophisticated tools to outmaneuver traditional defenses. Despite these challenges, Eric highlights the innovative strides being made in cybersecurity, demonstrating GTT's unwavering commitment to protecting enterprises globally.
Curious about how a music producer pivots to become a cybersecurity expert? GTT's Global Managed Security Product Director shares his intriguing journey and brings a fresh perspective to enterprise security. Together, we unravel the evolution from traditional perimeter defenses to a more dynamic, user-centric approach in an era dominated by remote work and cloud environments. Eric offers invaluable insights into GTT's robust suite of services, including managed SD-WAN, DDoS protection, firewall management, SSE, SASE, and managed detection and response.
Navigating complex cybersecurity landscapes can be daunting, especially with the prevalent IT skill shortages. Eric helps demystify the deployment and management of security solutions, emphasizing the pivotal role of managed service providers like GTT in streamlining these tasks. We dissect the critical components of SASE and SSE solutions, such as firewalls, SD-WAN, and zero trust, and underline the importance of a layered security approach. Through our discussion, the necessity of ongoing monitoring and the often-overlooked human factors in cybersecurity become clear, showcasing how GTT enhances IT teams' capabilities.
As we face increasing global network security challenges, Eric sheds light on GTT’s strategies for tackling issues like import restrictions and encryption regulations in various regions. Leveraging their extensive global network infrastructure, GTT ensures robust security measures worldwide. Finally, we delve into the unsettling rise of AI-powered phishing threats, where cybercriminals use sophisticated tools to outmaneuver traditional defenses. Despite these challenges, Eric highlights the innovative strides being made in cybersecurity, demonstrating GTT's unwavering commitment to protecting enterprises globally.
More at https://linktr.ee/EvanKirstel
Speaker 1:
Hey everybody, super timely and intriguing topic today around the future of enterprise security. You know, a topic that's all in the news every day and is so important to dive into, particularly around SASE and related solutions with Eric from GTT. Eric, how are you Doing? Wonderful today. How are you, evan? I'm great Thanks for joining Really intrigued to have you here. You're a real industry insider and veteran. Maybe, before we dive in, introduce GTT some of the core services you offer a little bit about yourself and your personal journey.
Speaker 2:
Sure. So yeah, my name is Eric Norquist. I am the Global Managed Security Product Director here at GTT. Say that five times fast. I always have to look it up my official title. It's been a long road to where I am now, so I basically handle cybersecurity offerings here at GTT, our managed services. It was a long road to get here.
Speaker 2:
In another life I actually did music production, which is kind of interesting. People always find that like you know, how do you go from music production to you know cybersecurity and product management. But that's how it happened. After music I transitioned to kind of a medium-sized ISP that, like a lot of service providers, were making that shift to offering managed services. But at that time I did a lot of different things. I've done things such as field tech work. I had customer-facing roles as well.
Speaker 2:
I dealt with abuse of customers, meaning if they were spamming, hacking, sending you know, doing malicious things, we would often be the ones to reach out to them and say, hey, you're doing this, you know you need to stop it. And most of the time they say, well, we don't do that, we don't send spam, and you have to kind of inform the customer that you know you're not intentionally doing these things. This is it's over half the time businesses find out they've been breached from a third party. And so back in that position, I was that third party really telling them look, yes, you're not doing this intentionally, but it looks like you have a compromised machine on your network. So that's really how I got kind of got started in cybersecurity. From there I did some network planning and built a customer-facing web hosting service, which kind of looks very antiquated these days, but then I built security on top of that and that's really how I started moving into the security realm. I dealt with DDoS attacks on our network and I was kind of customer-facing on that. So eventually I moved into product. You know, I got a call saying hey, look, you really should be in product with your background and what you're doing and the way I spoke with customers I think is really what gave me a leg up in terms, because I tend to not speak in over technical terms. I'm not really big on throwing out a bunch of glossary terms to customers, or even salespeople, for that matter. I try to remember what it was like when I knew nothing about security, nothing about networking, and try to use that same language in what I call plain speak so people can really understand what you're talking about instead of just throwing about a bunch of acronyms. So, anyways, from there, ultimately I moved to GTT.
Speaker 2:
It's a much different environment. We are more mid-sized to enterprise-type customers, global in nature, generally speaking, multi-country, multi-continent type of customers. What does GTT do? I can give you the tagline we simply and securely connect people to their applications and data, wherever they are. We're a tier one service provider. We like to boast that one third of the world's Internet traffic flows over the GTT backbone. So we provide access services. But on my end of the spectrum we deal with managed services and managed security specifically. But we have a managed SD-WAN offering Under security. Under my belt is managed DDoS protection, managed firewall, managed SSE and SASE, as well as our managed detection and response services. So those are all services that I oversee and we really try to bring customer-focused managed services to customers and really try to help them out, because the cybersecurity skills gap is real and that's where GTD really comes in to try to help. We don't try to replace ITT teams, we really try to enhance their teams by becoming an extension of them.
Speaker 1:
Fantastic approach.
Speaker 2:
Long-wind of them. A fantastic approach, long-winded approach.
Speaker 1:
There you go. It's a complex space and you have a great bird's-eye view of all the pressing challenges in the industry today. What are your customers and partners telling you? What are they seeing in the field as we speak on some of those challenges?
Speaker 2:
Yeah. So certainly there's the never-ending cyber threats, the growing in complexity and sizes and how much damage they can do. That's never really gone away and it's ever-growing. I'd like to talk about the fact that these are cyber criminals. These are not people sitting in their basement trying to hack into systems like all the old movies were.
Speaker 2:
I grew up in the 80s so there was a lot of one, the Matthew Broderick one, and the name escapes me at the moment, anyways. So Wargates right where he's just hacking for fun. Those days are long gone. These are cybercriminals. This is organized crime, and they are financially motivated to try to evade these technologies that are out today and there's certainly plenty of them. So you know they're getting smarter every day.
Speaker 2:
The technology tries to counteract what they're doing. The attack surface is changing and growing all the time. I think there's a stat that there's roughly 560,000 new pieces of malware detected every day, so that's huge, and so there's always that increased complexity. Then, obviously, covid happened, where we had more of your traditional you know I'll protect my perimeter because everybody's behind the firewall. Those days are gone with the you know work from anywhere type of solutions. So now again, we have to protect users and applications also move to the cloud. So this complexity cyber criminals really try to take advantage of that and where there's gaps.
Speaker 2:
But I think the one thing often overlooked is people tend to focus on the technologies, but the technology is kind of meaningless unless you have the right people with the right skills using that technology. So I think that's one thing that's often overlooked and what I like to talk to customers about. They'll often have trouble finding and keeping cybersecurity talent as soon as they get somebody guess what? Somebody's trying to recruit them out because that knowledge and that skill set is highly sought after. So I think that's really the unspoken biggest challenge to the industry right now is really finding, keeping that cybersecurity talent to make sure that you're receiving the full return on an investment for the security offerings that you may be putting in place.
Speaker 1:
Got a really great point and when it comes to making decisions, of course you have the CIOs and the CISOs I mean lots of decision makers but what are some of the top two or three critical areas that you think enterprises should focus on now, based on where we are?
Speaker 2:
Yeah, so there's many areas to look at. I think you can start with you know which technology best fits your needs right. If you're entirely remote or if you have a hybrid type of work environment, that's going to come into play. You need to have a solution that can address both of those. Looking at what applications and where they are and how to properly protect them. That all comes into play. You know there's tons of options with just as many vendors all making promises, so how do you know which ones are the best? That could take a lot of due diligence. That's where somebody like a GTT can come in and help with those type of things. We offer what we consider the best and breed approaches, but we don't just offer one flavor. We'll have different options that can fit different customers' needs. No enterprise is the same. They might have special needs, and so looking at all those factors and then determining which technology fits them.
Speaker 2:
Next is how is this going to be managed? It teams can say, hey, look, I have the team, I can do it all myself with my team. That's becoming more and more difficult. Like I said, with the cybersecurity skills challenges out there today. Is it hard or easy to deploy? What's the level of effort to deploy, because oftentimes, oh, I can operate it, but getting something properly put into the network and implemented can be a challenge in itself Again, and that's where a managed services provider like GTT can often help out.
Speaker 2:
There's cost to look at both short-term in terms of deploying it, and the long-term, and you've got to be careful. You don't want to buy a solution and invest in a solution that's going to be obsolete in a year or two. And again, this is where the value of a managed service can come in. We're providing and offering solutions that are already vetted by us and we've tested the different solutions. So oftentimes businesses want to do proof of concepts, but they'll struggle to have the time to do that concepts, but they'll struggle to have the time to do that. But at GTT we've already done that. So we've fully vetted these services and really can look at the needs of the customers and say, hey, this is what we think is best for you. And we're really trying to make sure, again, that these businesses and these enterprises get the full return on their investment for these security offerings, because oftentimes they're not cheap.
Speaker 1:
Yeah, and they're not cheap and you know there's so many providers out there. Sase, for example, is such a hot topic, yet there's a lot of education required to really understand SASE, how it's evolving, how to implement it correctly. What do you think when it comes to SASE, how do you think about defining and implementing SASE solutions, and what are your sort of best practices?
Speaker 2:
and what are your sort of best practices? Yeah, I think the industry itself has made it difficult for people to understand what SASE and SSE are. Again, I like to talk about plain speak. Sase and SSE are really just a bundling of services and technologies that already existed, such as Firewall. Oftentimes we take that kind of on-prem solution, that firewall, and have now moved it to the cloud and you have a basic form of SSE Secure Service, edge right and then adding zero trust on that, and that's now become a true SSE offering. If you layer on SD-WAN on top of that, now you have SASE, and a lot of people hear these acronyms and all these different things and have no idea what they mean.
Speaker 2:
But in the end it's really just a way to inspect traffic that's going in and out of your network or to your cloud applications and from your users wherever they are. So you can protect both on-prem and branch locations as well as your employee base that may be working from anywhere, and so that's often a challenge to understand. And then you have to kind of build these solutions, especially these days when you're dealing with mostly hybrid environments, where, again, you're protecting the branches as well as those users wherever they are and you really want to streamline the management of the networking because this is a combination, streamline the management of the networking because this is a combination. Sase and SSE, for example, is a combination of both networking elements, like with SD-WAN for example, as well as the security component. So you really have to combine the two and that can be a challenge.
Speaker 2:
And again, this is where we like to think that GDT can come in and help enterprises deal with those complexity and figure out the best way because there's often more than one way to deploy certain technologies. But we've had the repetitions and the customer base that we've dealt with to really be able to identify the best ways, the best technologies to help our customers move forward. Again, SASE in that world is kind of overly complicated by some of the vendors and them trying to sell the value of what they're doing. But when you break it down to the fundamentals and look at it as a networking and security piece and how best to deploy it, I think that's the best way to go and don't get caught up in these large jargons and deal with the fundamentals of networking and security.
Speaker 1:
Yeah, great, great insight. And you know I love technology. We're tech geeks here, but we often focus so much on the tech and we overlook other areas when it comes to human factors and organization and so forth. What areas tend to get overlooked in an implementation or in a cybersecurity playbook?
Speaker 2:
Well, I think what happens is people get too confident in the technology. They think, okay, well, great, we'll get this, make sure this is properly set up, and it's kind of a set it and forget it type of approach. I think those days are long gone. That used to kind of be the approach, but these days you really have to look past. That are long gone. That used to kind of be the approach, but these days you really have to look past that. Like we talked about earlier, cybercriminals are highly motivated to bypass these traditional security measures. So taking it past the implementation of a technology into the monitoring of that technology, I think is often overlooked. But I think the good news is that enterprises are starting to understand the importance of the technology. But then Making sure you're properly monitoring that technology. After the fact and this is really when we're where we move into managed detection and response Services right, you have your firewalls, your active directory or EDR agents, etc. So you have all the technologies in play, which is important because security is all about building a layered approach. There's no one silver bullet that's really going to deal with everything. So, again, you have to build this layer approach.
Speaker 2:
Where managed detection and response comes in is it takes all those different layered elements and monitors them. So you're looking for indications of compromise. You're looking for when those hackers, when those cyber criminals, have invaded that traditional technology and gone onto your network. There are stats that vary from around 260 to 290 days is the average time to detect and mitigate a breach. That is a long time for a cyber criminal to have access to your network. A long time for a cyber criminal to have access to your network. During that time they can take basically one device that maybe was compromised via a phishing email and from there they move laterally and now they've got control of potentially hundreds of devices on your network. And they may not necessarily be going after data, because some companies may say well, I don't have the kind of important data that healthcare may have. That doesn't mean that they don't take value in your network.
Speaker 2:
Oftentimes you're going to take advantage of using your processing power and your bandwidth and wrap that up as part of a botnet and resell it. Oftentimes the first indication that there's a compromise in your machine or malware is what the machine starts feeling slow. Right, you don't see anything wrong. But why is this so slow all of a sudden? Well, that's because the hacker has malware on your device and is using your processing power to do other things in the background that you don't really even know is happening. So, again, mdr and the value of it and where I think some people really need to look in the future, is yes, you have the technology, but now you've got to make sure it's monitored 24-7. And that's where services like managed detection and response come in and there's big growth in that. I think there's only some stats between 10% and 15% of enterprises have it today, but there's huge growth expected here in the next few years because organizations understand the importance of not just having the technology but making sure it's properly monitored as well.
Speaker 1:
Yeah, no small task, and there's so many options that businesses enterprises are often overwhelmed by choices not just of vendors but of technologies, different approaches, different MSPs. How do you guys sort of differentiate yourselves, set yourself apart in this really crowded, complex space?
Speaker 2:
Yeah, well, we focus on what we first. Start by focusing on more the midsize and larger enterprises that are kind of global in nature. You would think you know, okay, a service provider in America could provide the same managed services globally, and that's somewhat true when you're talking just of the management of, say, a firewall, for example, it doesn't matter where it is, I can log into it, I can deal with that. But oftentimes just the logistics of getting a firewall into certain countries can be a huge challenge for enterprises. There's import restrictions in some countries, taxes and fees and things like that, and more regional MSPs oftentimes struggle with that greatly.
Speaker 2:
We have the experience in dealing with countries over multi-continent, different countries. Some of them can be very challenging to get equipment into. So we have experience there. China, for example, is very difficult in terms of dealing with security over there. They have certain encryption regulations that you have to deal with, and some of these other countries as well. So, because we have the experience in dealing with these countries, uh, in some of these restrictions, that's where oftentimes these multinational corporations come to us and look for help. Plus, we just have the repetitions by having a large customer base dealing with security issues. If an IT team or security team were doing some of these things themselves, they may come up with a problem that they're trying to troubleshoot Well, because GDT has a bunch that they're trying to troubleshoot. Well, because GDT has a bunch of customers oftentimes who have seen these problems already and can immediately say, hey, I've seen this problem before, I know how to fix it, and so that time to resolution is greatly reduced because we have this experience across a wide variety of customers. So that's one thing I'm always very excited about is really helping these customers resolve these problems faster, because they're certainly going to happen.
Speaker 2:
The other thing that we do here at GGT with some of our managed services is simple things like patching. It doesn't sound very exciting, but it actually is very important, and oftentimes IT teams are so overwhelmed with their day-to-day things that they're not properly patching their systems and that can lead to some serious problems and they certainly probably don't have time to be testing, you know, firmware versions before they start deploying them. They just kind of okay, the vendor's telling me to you know, put this new patch on it, okay, I'll just do that, without any regard to what that may happen to them. So what we look at, we don't deploy the quote latest, greatest patches from vendors, for example. We test them first and we're always looking for the most stable and most secure versions to make sure the customer's uptime is ensured and that they're properly protected. So that's another thing I think is often overlooked are some of the simple and fundamentals of security, like patching these security devices as well.
Speaker 1:
So Fantastic, and you mentioned global footprint. You have quite a backbone globally. Maybe share a little bit about your network, your points of presence, and it's very impressive traverses us at some point.
Speaker 2:
Wow, yeah, I don't know if I may, I thought I said it earlier, maybe I didn't. I say it so much sometimes I forget when I've said it. So, yeah, and we'll see. Like, for example, in Europe, right now, with the Euros happening in the soccer tournament, we're seeing a lot of traffic, you know, going over our network just from that alone. But but we have a lot of service providers and other technology vendors as well that when they have cloud services, oftentimes they're using GGT resources as well, so we can mitigate threats wherever they are.
Speaker 2:
We like to talk about our 34 and growing pops for cloud-based security services. When it comes to DDoS, we have 11 inline scrubbing centers globally with almost what is it? 2.8 terabytes of mitigation capacity. These are some of the things that we like to boast in our speed. We're constantly upgrading. I think we are upgrading our network to 400 gig interfaces, so really helping with capacity and speed at that level. Gig interfaces, so really helping with capacity and speed at that level. So all these things are very excited about. But we take that and the network is just one piece of it, but integrating that network and the advantages of it, along with our managed services around security, sd-wan, et cetera. That's a really powerful combination. Obviously, if a customer has issues whether it's access or a security incident, they know they can just call one number to help us deal with those problems. They're not having to get one service provider in contact with another to try to troubleshoot these issues. And again, when we have that global reach, that's really important to a lot of our global type of enterprise customers.
Speaker 1:
One throat to choke. Not a very nice analogy, I always thought, but it's certainly valid. What about customers and industries you serve? Any that stand out in particular, or is it pretty much? Everyone these days needs cutting edge security?
Speaker 2:
Yeah, anytime you ask somebody at a mass service provided, they're going to say everyone, of course, because you don't want to leave anybody out. But I would say, especially in Europe, we're very big in the manufacturing industry, but we just signed a big deal around networking and security with a oh, I forgot the I can't say their name, of course, Of course, yeah, yeah, but they're a research company. So we have high tech, we have retail, really all of them. But I would say that you know, in Europe, you know manufacturing was a big one for us, but again, we don't really specifically do that. We see education, like I said, so really all over the place, I guess, is what I'm saying.
Speaker 1:
Well, we need it all over the place. I mean, just today there's something in the press about automotive dealerships under attack through ransomware and I went in yesterday to get my Toyota serviced at a huge dealer and they said sorry, but our complete network is down. This was at every Toyota dealership in the US. So I mean I call that retail, but it's almost every provider now needs to think about and the impact I can only imagine nationwide network of dealers, the revenue impact, just astounding.
Speaker 2:
That's often something that people don't think about. They think about security oh, I'm going to astounding. That's often something that people don't think about. They think about security oh, I'm going to lose data. And what are those costs?
Speaker 2:
But really the biggest cost when there's problems related to cyber incidents is downtime, like you just spoke about. That is the real heavy cost of these cybersecurity attacks. Yes, data is one thing you may have to pay fines, etc. But there's short and long-term costs for these things when they happen. But downtime is one of the big ones, of course. Then there's loss of reputation. You could potentially be losing customers because of this. You may have to replace technologies and things like that. So the cost of these cybersecurity breaches is pretty extensive. They're getting more and more expensive over the years.
Speaker 2:
I used to have a stat at the top of my head and I can't think of it right now for the cost of cybersecurity threats these days, but it just keeps going up and every year, you know these attacks seem to get bigger and bigger, but they attack all businesses, big or small, doesn't matter the vertical. Obviously there are certain ones that are targeted more by cyber criminals, but everybody's really a target. Your financial and healthcare are obviously top targets because they have Social Security numbers and names, et cetera, that cyber criminals can turn around and monetize in terms of credit cards and things like that. But everybody's a threat. Like I said, if they're not after your data, they're after your processing power and bandwidth, which they can use just as well and monetize that.
Speaker 1:
Yeah, it's just a terrible situation. Felt so bad for all the frontline workers, the service and support staff at the dealer. Just like standing around, you know, can't help customers.
Speaker 2:
So and we forget how important it is these days. You know networking, right. You know it used to be. You know, growing up for me it was like there was no real internet and it wasn't part of our life. Then it kind of, you know, came onto the scene early with email, right, but now your phones are run over the internet. All your applications are now in the cloud for the most part. Applications are now in the cloud for the most part, and so when these things go bad and you can't access them, it's really challenging.
Speaker 2:
So the internet and access is great, and that's one thing IT and security teams have to balance, and some people don't think about that. It's like, yes, we want to enable you with lots of access to these great applications and we want to make them very fast, but as soon as we enable access to something outside of our network, now there's a potential security threat. There there's a tax surface, so they're often balancing access with security. For example, I know here at GTT there are certain things I cannot reach that annoy me to death. So there's some personal resources that I can't get to from my work machine or our work network. But I understand that it's kind of an inconvenience. So that's our security and our IT team, balancing that access and how it can make you more productive with staying secure.
Speaker 1:
Well, it's a mic drop moment. But one last question here, looking ahead with ai and gen ai, do you think the threat uh landscape is is going to get worse before it gets better? Or do you think these tools will give us some superpowers to defend against all these emerging threats?
Speaker 2:
or I guess both well, the there's a saying that my parents used to say if it's good for the goose, it's good for the gander. I'm probably really aging myself there, but AI is great if you're a white hat and you're trying to defend against these threats, but guess what? The cyber criminals are going to be using it even more. I have a feeling that they've been probably utilizing these tools a lot more than the defensive technologies, and I can see a thing like chatbots or whatever, where it's automatically you know it's going to send you a phishing email and maybe the first one doesn't have links like it used to do, so it can, you know, evade that, get through to you, right? If it's got a bad link, well, it's going to get blocked by a defensive technology. So I can imagine you know phishing campaigns where it emails you and it's it's chatting back and forth with you in a sense, with some emails, but there's no human on the other side.
Speaker 2:
It's just an ai trying to get you to a point where, oh, yes, I'm going to get you to go to this malicious website I'm going to get you to do something I want you to do, so I can, you know, take over your machine or, you know, get a process over the network, so I think it will only get worse, unfortunately. It is going to help us, though, in some of the defensive technologies and things like that, but again, the bad guys have it too, and they're going to try to take advantage of it as well.
Speaker 1:
So well, on that terrifying low note we we'll have to say goodbye for now, but thanks, eric, a really intriguing, insightful discussion. Congrats on all the great work you're doing. And, yeah, everyone reach out, follow GTT. They're doing some wonderful work. Really inspiring to see all the amazing stuff you're building.
Speaker 2:
Yeah, hey, and thanks for having me on today Appreciate it All right.
