What's Up with Tech?
Tech Transformation with Evan Kirstel: A podcast exploring the latest trends and innovations in the tech industry, and how businesses can leverage them for growth, diving into the world of B2B, discussing strategies, trends, and sharing insights from industry leaders!
With over three decades in telecom and IT, I've mastered the art of transforming social media into a dynamic platform for audience engagement, community building, and establishing thought leadership. My approach isn't about personal brand promotion but about delivering educational and informative content to cultivate a sustainable, long-term business presence. I am the leading content creator in areas like Enterprise AI, UCaaS, CPaaS, CCaaS, Telecom/5G and more!
What's Up with Tech?
Transforming Cybersecurity: Level Blue's AI-Driven Managed Security, Global Threat Intelligence, and Future Innovations with Teresa Lanowitz
Interested in being a guest? Email us at admin@evankirstel.com
Unlock the secrets of cutting-edge managed cybersecurity with our special guest, Teresa Lanowitz, Chief Evangelist of Level Blue. Join us as Teresa takes us through the pioneering journey of Level Blue, aiming to transform managed security services. Discover how the company's three-pronged approach—cybersecurity consulting, managed security services, and the innovative Level Blue Threat Intelligence Labs—is pushing the boundaries of what's possible in cybersecurity. Learn how their globally distributed 24/7 SOCs and NOCs, combined with machine learning and initiatives like the Open Threat Exchange, are setting new industry standards.
In our next segment, we tackle the vital role of artificial intelligence in modern cybersecurity. With hybrid work environments becoming the new norm, understanding and managing your IT estate is more critical than ever. Teresa shares compelling insights on the essential nature of digital transformation programs designed to protect against cyber threats, using a real-world example of a small healthcare organization to underscore the shift from viewing cybersecurity as merely a technical issue to recognizing it as a crucial business requirement. The importance of round-the-clock managed detection and response services is brought to light, reinforcing their role in safeguarding sensitive data and ensuring operational security.
As we wrap up, we explore the transformative impact of AI on both offensive and defensive cybersecurity strategies. From making phishing attacks more convincing to helping professionals generate detailed reports and draft code, AI is reshaping the landscape. Teresa also shares her excitement for future events like the Lone Star Application Security Conference (LASCON) and Cyber Awareness Month, which aim to elevate cybersecurity practices.
More at https://linktr.ee/EvanKirstel
Hey everybody, fascinating topic and guest today talking securing the modern enterprise how LevelBlue is redefining managed security services. Hot topic Teresa, how are you?
Speaker 2:I'm great, Evan. Thank you so much for having me on the podcast today.
Speaker 1:Well, thanks for being here, Really excited for our chat. Maybe personal introductions to start To yourself, your journey to Level Blue and what's your mission at the company.
Speaker 2:Sure, my name is Teresa Lanowitz and, as you mentioned, I'm the chief evangelist with Level Blue. And Level Blue might be a new name to some people, but let me just give you a little bit of a background on who we are and how we have evolved. Let me just give you a little bit of a background on who we are and how we have evolved. So in May of 2024, level Blue was announced, and Level Blue is a joint venture between AT&T and Will Jam Ventures, and our goal is to be a strategic extension of your team, and we do that in three ways. First, we help you to protect your business intelligence through our cybersecurity consulting. Help you to protect your business intelligence through our cybersecurity consulting. Second, we help you to predict your security investments through our managed security services. And third, we help you to foster innovation and mitigate risk through our Level Blue Threat Intelligence Labs. And Level Blue is cybersecurity simplified, and that's just a little bit about who we are and what we do.
Speaker 1:Wonderful Simplification is what we need, and many businesses are turning to MSPs given the lack of talent and skills out there. So maybe talk about your unique approach at Level Blue and how you compare to the many hundreds of other management providers that are out there today.
Speaker 2:At Level Blue. What we have in terms of our security operation centers is we have four global security operation centers and three global NOCs, and those SOCs and NOCs are staffed and managed 24-7, 365.
Speaker 2:So, if you're coming to us and you have specific data requirements from a particular geography, we can certainly handle that. If you're coming to us and you have hardened requirements from government entities and so on, we can certainly handle that. So that's how we really differentiate ourselves is that we are manning and staffing those SOCs and NOCs 24-7, 365 around the world. And then, of course, our Level Blue labs team, our threat intelligence team. They're looking at indicators of compromise constantly and using machine learning to be able to go through those millions of indicators of compromise that come in every single day and be able to send that out to our SOCs. So we're using that data coming from those Level Blue labs threat intel teams to be able to fuel what's going on in the SOCs. So our SOCs are able to keep abreast of everything that's going on around the world and be able to help with any type of incident that's going on inside of the managed service.
Speaker 1:Fantastic Talk about the role of threat intelligence. These days it's such an important activity. It's no longer something sort of behind the scenes, sort of a black art. But what is your team doing there?
Speaker 2:Right and, like you said, it's something that has come into the fold recently, probably in the past year or so, and I think we started to see that with so many high profile public breaches people would say, well, what was the threat intelligence on this? And in reality, those threat intel teams they have been working diligently behind the scenes for decades. And our team, our Level Blue Labs team, is incredible. We work with OTX, the Open Threat Exchange, and it's a crowdsourced way that anybody in the world can actually come and submit an indicator of compromise OTX, that open threat exchange. They then take them and enrich them and say, all right, here's what we're seeing Again.
Speaker 2:We use machine learning to do that because there's no way a human being could be able to handle all of those indicators of compromise coming in. So our threat intel team takes everything coming from the open threat exchange, enriches it and sends it out to our SOC so that they can then help our clients through the SOC. And also our cybersecurity consulting team uses that threat intelligence coming through from the Level Blue Labs team as well. And our Level Blue Labs team. They've done quite a few discoveries. Back in July they were the first threat intel team to uncover Squid Loader, so a lot of these new types of malware that are coming out there. Our Level Blue threat intelligence team is right on top of that and making a lot of those very important discoveries in the market.
Speaker 1:Well, well done, much needed help. So lots of companies are behind in their cybersecurity modernization efforts. Of course you have to meet customers where they are. Where are you seeing customers these days in terms of their readiness and their approaches to cybersecurity and you know, seeing lots of folks behind and how can you help them get ahead of the curve here?
Speaker 2:So I'm a more optimistic person than pessimistic, so I don't like to say they're behind. I say that there are different phases of their journey, different stages of their journeys, and you take a look at the market and where people are and sometimes I think the cybersecurity news coming out can be a little daunting, a little overwhelming and maybe a little pessimistic, because people like to say, oh, we're behind. We're behind by 4 million cybersecurity professionals globally. Well, yes, we do have a cybersecurity skill shortage, but there's certainly a way to counter that and one of the ways is to work with a trusted third-party advisor. And that's where a such as Level Blue comes in. We can be that trusted third-party advisor on your journey to cybersecurity resilience. And being that trusted third-party advisor says we can come in, we can help you understand what your security posture should be. Many organizations don't really understand what's going on with their cybersecurity, with what they have implemented for cybersecurity. Are they completely exposed? Are they moderately exposed, you know? Are they very well protected? What's going on in their industry? So, bringing in that trusted third-party advisor, somebody who has done this before, to do something as simple as a posture assessment Our cybersecurity consulting team can also happen with managing vulnerabilities that you may have within your organization. They can also come in and conduct tabletop exercises, so giving you a scenario where here's what the breach was, what do you do, how do you manage this? And again, then going on and helping with things such as incident response and so on. And one of the things we know from the research that we did this year at Level Blue is that only 35% of organizations out there have a formalized incident response program, and that's something that every organization should have and that's where, again, our cybersecurity consulting teams can help you with that. And then, in terms of being that trusted advisor through managed security services, that's where we aim to really act as that strategic extension of your team. So what we also found out through our research is that organizations are looking for somebody who has done this before.
Speaker 2:We see a lot of new computing coming on the market. If we think of things such as everything that IoT is bringing, everything that edge computing is now bringing, we see things that are no longer just us doing input and output through our computer screens. We see things that are happening automatically. So some of the use cases, some of the popular use cases that are out there remote patient monitoring, for example in healthcare. You have an operation, you go home after surgery, your physician wants to monitor your heart rate, your blood pressure, your blood glucose, your oxygen saturation that sort of thing critically important and you don't have to do any type of input to that. You just wear it and it sends everything back to your physician so that physician can monitor it.
Speaker 2:Other things, such as smart buildings Smart buildings are something we've been talking about for a while, but getting all of that data coming from a building, doing things such as preventive maintenance so as to not to disrupt the normal flow of traffic, and so on so those are the types of things that really need to be protected those new types of endpoints coming online in addition to our traditional endpoints such as phones, tablets, laptops, desktops and so on.
Speaker 2:So there's a lot going on in the world right now. There's a lot going on with computing and if we look at what's happening to the IT estate, the IT estate is doing nothing but expanding and growing, and I would argue that most organizations out there do not have a very good idea of everything that's in that IT estate and by not having that visibility into the IT estate, that's where the adversary can be one step ahead of you. Yeah, daunting proposition. I see you also have your ownP or MSSP out there in the channel an MSP and you want to get into cybersecurity clients, managed security services whether that is for something from maybe there's a language preference that they want to use a local MSSP for, maybe there's a geographic or time zone or sort of vertical market type of difference that they want to use a local MSSP for, market type of difference that they want to use a local MSSP for. So that's a great way for those MSPs to really focus on being an MSSP managed security services provider by using our USM platform.
Speaker 1:Oh, fantastic. So, as you know, we're in this world of hybrid work work from anywhere, work from home still for many of us, and it still presents a number of challenges that present themselves in different ways. How do you see the world of hybrid work evolving and some of the lingering issues around security for those employees?
Speaker 2:Well, it's very interesting you bring that up, because I think the pandemic changed everything and I know that is a trite thing to say and somewhat of a cliche type of thing to say, but what we saw happen during the pandemic. At the beginning of the pandemic, we saw everybody move to remote work, everybody work from home, if you can, and so we had to make changes to the way our network security worked. Oftentimes people did not necessarily have a laptop or a tablet to take home, and so they were relying on using maybe a tablet or a laptop that they were sharing with their kids who are doing remote learning, that sort of thing. So we've come a long way in the past couple, three years on this idea of hybrid work, but now it is just accepted as this is the way we work. We work from anywhere, anytime, any place, and we want to be protected, as though we're sitting in our office. We want to be protected while we're working in a coffee shop, in a hotel room, on a plane, in an airport. So that idea of making sure that we're protected and making sure that we're secure from anywhere we're working is something that is critical, and that's where we saw a lot of these digital transformation programs come into play over the past couple three years, and what we also found out this year with some of the research that we did, is that a lot of these digital transformation programs they're incomplete, and so, with these incomplete digital transformation programs, what we're seeing is that leaves the door wide open for some of these cyber adversaries to walk right in.
Speaker 2:So if you are living in an organization and you don't understand what your IT estate looks like and you underwent some digital transformation over the past couple three years because of the pandemic, make sure that your digital transformation programs are complete. Make sure you understand what your attack surface looks like. What are your endpoints? Are those endpoints necessary to be on your network?
Speaker 2:Oftentimes, what we saw with digital transformation, we saw organizations spin up different experiments and oftentimes they said, well, this isn't going to work for us, and they just left those endpoints out there. So those endpoints are sitting out there. They're still connected to your network. The adversary only has to be right once to try to get in. So make sure that those endpoints that you're no longer using are no longer connected to your network. So to get back to your question, the hybrid world is here to stay. We're not moving away from that hybrid world and, if anything, we're going faster in terms of saying we have to be able to not just work but consume computing power, consume technology from anywhere. You know those use cases I gave of remote patient monitoring, smart buildings those are not us sitting down working, those are things that are happening in near real time. So that's where we're really moving.
Speaker 1:Oh, fantastic news. Talk a little bit about how your managed detection and response services work in real life. I know it's hard to talk customer names and stories. Customers are quite sensitive on these topics. But any anecdotes about how that works in the real world?
Speaker 2:going to use any names. These are all real people, but I'm not going to even use kind of fake names. I'll just give you the gist of the story. So there's a healthcare organization and small healthcare organization and they had two people in their quote, unquote sock inside of their own organization, inside of their security operations center, and they were just looking at logs every single day, doing a great job with the alerts that came in. They worked Monday through Friday, nine to five. And they kept saying to their senior leadership, to their C-suite leadership they said you know, we're two people sitting here looking at all of these alerts coming in and we're bound to get something that happens when we're not here in the office, something that happens before nine, something that happens over the weekend, something that happens in the middle of the night. And their C-suite leadership said to them you're doing a fantastic job, just keep doing what you're doing. And they kept raising the issue. Well, sure enough. They went home for a long weekend and they came. It was a holiday weekend here in the United States. They came back in and turned on their turned on their computers and found out that they were the target of ransomware. So you know, ransomware works. You get that rent, you get that ransom note right on your computer screen. And they went to their C-suite and they said you know, here we are. We were gone for a long weekend. And once they did the forensic investigation on it, they found out that the adversary had been dwelling in their network for a couple of months, knew that there was a long weekend coming up and waited for them to be gone and just went in and went on a virtual shopping spree.
Speaker 2:And it was at that moment that cybersecurity moved from being a technical issue to being a business problem. And they said, yes, we're going to go with you so that you can come in. We're going to go with you, level Blue, so that you can come in now and be our managed security services provider. So we now have protection 24-7, 365. And that is a switch in the way the C-suite was thinking, because these very smart cyber people knew what their limitations were. And their C-suite was saying you're doing a fine job because nothing's happening.
Speaker 2:And as soon as something happened, the idea of cybersecurity went from being you two cybersecurity people over here, you're doing a wonderful job, monday through Friday, nine to five. It went from being that technical issue that they knew that those two people could handle very well, to being a business problem. Because now we have a business problem. All of our customer data is exposed, all this personal health information is exposed. What do we do now? We have billing, we have credit cards, we have all of this information that can now be put onto the onto the dark web.
Speaker 2:And you know when you're in a situation, with ransomware for example, you're negotiating with cyber criminals, um, and in this case, the cyber criminals did give them the um, the decryption key, and they were able to recover their data and nothing was leaked out, because they went ahead and they theyated with what the cyber adversaries were requesting. So that's an example, I think, of how organizations need to think about cybersecurity, that it's not a technical issue, it is a business requirement, and every C-suite leader has to have some responsibility for cybersecurity and everybody in the organization has to have some responsibility for cybersecurity. So I think that's a perfect example of what we're able to do through our managed security services is come in, provide that 24-7, 365 operational efficiency for you.
Speaker 1:Oh, it's quite a mic drop moment. Well done there. I'd love to talk about the future, of course. Everyone's excited about the role of AI and Gen AI in cybersecurity operations and beyond. It presents for folks like yourselves and the white hats and the good guys. Or are you more worried about what the black hats and the bad guys are going to do with AI over the next months years?
Speaker 2:Absolutely more optimistic about the opportunities that it brings for us and I think again the idea that we can generate a lot of fear around this. That's what sells, that's what makes things attractive, that's what you have to be afraid of. For years, when you thought about a cyber adversary, everybody would show the nefarious hacker in a hoodie. And now we're looking at AI and we're saying there are a lot of problems that it's going to bring, but there are also a lot of solutions that it can bring are a lot of problems that it's going to bring, but there are also a lot of solutions that it can bring. And in some of the research that we did this year, every year we do primary market research and we publish it through our annual Level Blue Futures Report. This year we asked where are you in terms of AI? And we wanted to find out where organizations were with generative AI, artificial intelligence, machine learning and deep learning. We also wanted to find out where organizations were with generative AI, artificial intelligence, machine learning and deep learning. We also wanted to find out how quickly organizations were bringing AI on. So 61% of the organizations we surveyed and this comes from 1,050 survey participants around the world, 18 different countries 61% said we're being very cautious with how we bring AI into our organization. We're making sure we have the right guardrails up, we're making sure that we're doing things correctly. We're going through, we're doing a lot of education and I think what we see with AI is this is certainly a new technology. It can bring a lot of problems, but it can bring a lot of solutions and I think across the board organizations, business in general they're not backing away from this technology. They're embracing this technology fully and head on and saying, yes, we can, we can use it inside of our organization. Let's figure out the best way to do this, and most of our survey participants said 35% said that they were using artificial intelligence and this is for cybersecurity.
Speaker 2:Some of them said that they were using generative AI for cybersecurity and if you look at generative AI I mean generative AI has been the defining word of the past couple of years. Generative AI says that the phishing emails that you get are going to be so much better. They're no longer going to come with the spelling mistakes. It's going to look as though it's coming from your bank or your healthcare provider or whoever they're trying to impersonate. So that comes down to making people aware through personal cyber hygiene.
Speaker 2:But then the flip side of how you can use that from a cybersecurity perspective you can use your own large language model to write reports, to create and generate reports that are going out to your clients to say here's what's going on, here are the types of incidences that we're seeing, here's the trends that we're seeing. So you can use a lot of this to your advantage. You can use generative AI. You can use artificial intelligence to comb large language models to help you write outlines for source code, to help you write outlines for source code, to help you write outlines for, maybe, proposals that you're doing. So there are a lot of ways that you can use AI. I don't think that people should be afraid of it. I think people should definitely embrace it, and definitely on the cybersecurity side, because if you don't embrace it on the cybersecurity side, the adversary is embracing it and it can be weaponized against you.
Speaker 1:Wow, great insights, great points. Well, I'm leaving on an optimistic note as well, speaking of which, you're in a beautiful part of the world, near Bellingham, washington. What are you looking forward to this fall? Personally, professionally? What's on your agenda?
Speaker 2:So professionally. One of the things we're doing as Level Blue is we are sponsoring there's a conference coming up in Austin Texas Great place to be, great time of year to be there. End of October we're sponsoring a conference in Austin Texas called LASCON, the Lone Star Application Security Conference. And I personally I come from a development background, software development background, so I love this conference every year because it's software developers who are concerned about cybersecurity and want to know more about cybersecurity and how they can really make application security not sort of that last mile. Application security for too long has been mile. Application security for too long has been. It's been just, I don't want to say ignored, because that wouldn't give the proper respect to the people who have been doing application security over the past several years. But application security has been sort of that last mile in the security effort. So this is a two-day conference in Austin Texas where they talk about all things application security.
Speaker 2:I'm also looking forward to Cyber Awareness Month starting next week in October and every year. You know we always say this but everybody should be very cyber aware all year long. But the Cyber Security Awareness Month does a really wonderful job of promoting different pillars and this year they're focusing on cyber hygiene, which everybody should focus on, whether you're in your personal life or your professional life. Looking at multi-factor authentication, I think one of the big breaches that we saw at the beginning of the year was a result of not having multi-factor authentication turning on. So they're talking about how multi-factor authentication is critically important. So if you take a look at Cybersecurity Awareness Month, that's certainly a big thing coming up in October and then personally here, I'm looking forward to the weather in the beautiful Pacific Northwest here coming into the autumn season, so the leaves are changing. I have a lot of yard work to do because those leaves just pile up and pile up, and the rain's coming soon too.
Speaker 1:Well, the rain will come, but in the meantime you've got orcas and mountains and amazing coastlines. Exactly, enjoy that. Thanks everyone for watching A really insightful discussion. Look forward to keeping in touch with Level Blue on their journey. Take care, teresa. Thanks so much. Thank you, evan.