26 Jul Finding Threats Efficiently: Q&A with Todd Willoughby, Director of Security & Privacy, RSM Defense.
Here are four reasons why an on-premises deployment might be the right choice for your organization.
– Stephen Salinas, Head of Product Marketing, Stellar Cyber
San Jose, Calif. – Jul. 26, 2024
Every organization has masses of data, and sifting through it to reveal cybersecurity threats can be very difficult. Stellar Cyber product marketing head Steve Salinas sat down with Todd Willoughby, director of security & privacy at RSM Defense, to get his ideas on this topic from supporting a global client base.
Steve: Thanks for joining me today, Todd. We know cybersecurity is a data game. What are you and your team seeing with data?
Todd: Data is everywhere — it’s the new gold. We’re finding that customers have more data than they know. They have data in places they didn’t think of. We want to collect as much data as possible to drive threat detections, and the Stellar Cyber platform is one of the tools we use to do that. At the same time, we want to collect only the data we can use, like from points of ingress, and we want to be sure that data is validated.
Steve: We have customers who are using 30-50 separate products. How do you select the right data sources?
Todd: It starts with a conversation between the client and their vendors. We have a shared security model with our clients, and we each have responsibilities in maintaining best practices under that model. As to data selection, the easy stuff is Office 365 logs, Azure or AWS data, or any data lakes they may have — those are some of the points where the bad actors try to get access.
Steve: Right, but collecting the data is just the beginning. You have to analyze it, too.
Todd: Yeah, and the first step is getting all the data in a normalized taxonomy — which is something Stellar Cyber does very well — and we work with our clients to determine which data points are meaningful to them, such as when people normally log in or where they normally log in, so we can write use cases that look for anomalies in that data.
Steve: What are your thoughts about proactive threat hunting?
Todd: That was one of the capabilities that attracted us to the Stellar Cyber platform a few years ago. It gives you indications of where problems lie — we call them trailheads — so our teams can investigate quickly. These trailheads are often just the start of the journey. You may go through identity management, then pivot to a firewall, but knowing where to start really speeds up mean time to resolution. Also, we continually update our playbooks because threats are constantly evolving. As a result, our threat-hunting workload is pretty constant, rather than having peaks and valleys.
Steve: One of the things I love about working with MSSPs is the network effect that comes from supporting a lot of different customers — you see different exploits in different places, and then you can replicate them into your playbooks.
Todd: A lot of that comes from generating your own threat intelligence. Most of our threat intelligence is derived internally. Fortunately, we work with a lot of customers serving hundreds of clients worldwide in different sectors and verticals, and we can tailor our playbooks to meet each type of customer environment. That way, we’re not rewriting everything — we can start with a vertical industry profile and then tailor it for each client in that vertical.
Steve: Another trend we’re seeing is that more customers want outside help with cybersecurity because they don’t have the expertise in house.
Todd: We know each client has investments in different tools in their security stack, but we’re not looking to rip and replace. We can ingest the data from any tool. That’s the beauty of Stellar Cyber — it doesn’t care which tools they’re using.
Steve: Where should people go to learn more about RSM and your services?
Todd: They can go to RSMUS.com and look under security and privacy, check out our LinkedIn page, or email me at todd.willoughby@rsmus.com.
Steve: Thanks again for your time, Todd, and thanks everyone for viewing this video. You can learn more about Stellar Cyber at https://stellarcyber.ai.
– Stephen Salinas is the head of product marketing at Stellar Cyber.
About Stellar Cyber
Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.