Metaphorically, the tech security world tends to look over a city-scape and hones in on a few shiny skyscrapers, protects them, and declares victory. These big buildings represent the largest institutions. But oftentimes, all the interconnected infrastructure of smaller homes remains unprotected — the smaller homes, in this context, are the SMBs and other various organizations. Sinan Eren, the VP of Zero Trust Access at Barracuda, broke down how security is interconnected across all institutions, regardless of size.
Main Takeaways
- Attackers Have a Market Now Too: Eren explains the challenges around the reality that cyber attackers have their own market now. Gone are the days when a singular attacker might be responsibile for conducting all elements of a criminal act. Instead, Eren reveals that an entire criminal community facilitates these acts.
- The Long Tail Must Be Protected: Eren points out that larger entities that have security in place can still be vulnerable through interactions with smaller and less secure entities in its supply chain. These smaller organizations include SMBs that often interact with larger companies. Furthermore, Eren suggests that there can be an ethical component to make sure that the entire community is secured, not only the largest companies and institutions.
- How to Secure SMBs: Since it is clear, from Eren’s point of view, that large businesses and SMBs are interconnected and therefore all must be secured or none will be, the question becomes: What is the best way to secure SMBs? Eren contends that security must be provided to SMBs through MSPs rather than as direct sales to SMBs. His argument is a very reasonable one — SMBs have too much on their plates already to handle security themselves.
For a more in-depth look at this episode, check out the article below.
Article Notes
Metaphorically, the tech security world tends to look over a city-scapeand hones inon a few shiny skyscrapers, protects them, and declares victory. These big buildings represent the largest institutions. But oftentimes, all the interconnected infrastructure of smaller homes remains unprotected — the smaller homes, in this context, are the SMBs and other various organizations. Sinan Eren, the VP of Zero Trust Access at Barracuda, broke down how security is interconnected across all institutions, regardless of size.
“It’s not just about [a] couple big bands and banks and financial institutions and DOD,” Eren said. “It’s not just those. There is a long tail — a very, very long tail of SMBs that is part of our day to day life. Whether we might not see them firsthand, but that little supply chain vendor that supplies bolts or potatoes to DOD might actually be a beachhead for attackers to laterally move into critical networks.”
On a recent episode of IT Visionaries, Eren described the current state of security attacks and how there is now a market for criminal behavior. Additionally, he explained that the way to secure SMBs is through services provided by MSPs rather than selling straight to SMBs. He also chatted about the interesting way he began his security career.
Barracuda’s security offerings cover a lot of territory.
“We are a…leading player in cyber security with a comprehensive portfolio of data security, network security, application security, and email security products,” Eren said. “It’s a full stack of security products under one trusted brand.”
Certainly, there is a need for security because of the large number of threats. According to Eren, security criminals now have their own sort of market and are able to work together to perpetrate crimes.
“They have a large and complex ecosystem on their side,” Eren said. “Therefore, no one party does everything. They’re easily able to just go out and acquire vectors. They’re like, ‘Hey, there’s a VPN credential that was harvested by this contractor to DOD Why don’t we go and use that VPN credentials to establish a beachhead?’ And once that happens, they invite another operator to deploy ransomware. And then once that’s happened, that’s just actually the tip of the iceberg because now the proceeds needs to be…basically washed. They need to launder the proceeds. So what happens to those cryptocurrencies, they get muled and then translated into payment [like] cars and cash. And there are [a] bunch of other ecosystem partners that will basically help these criminals to monetize their gains.”
Eren explained the need for zero trust security, especially considering the rise in remote work.
He also shed light on the concept of zero trust via comparison to the process of how an individual attempting to fly would gain access to the correct terminal and gate for that person’s flight.
“We authenticate you; we authorize you,” Eren said. “Meaning, do you have access to that gate? Do you have access to that application? Are you in the right organizational unit? Are you in the right user group to have access to this particular app or data? But once we do that, at the same time, we have to verify your posture, which is basically your carry-on going through the x-ray scanner at the TSA line. That’s the same thing as a poster analysis. So, I think it maps very well to the zero trust concept: authenticate, check your ID, authorize, check your boarding pass, let your carry-on through the x-ray scanner, [and] basically do a poster analysis on your device. Is your laptop conforming? Is it secure?”
As Eren described it, even though larger entities may have security in place, they remain vulnerable because many of them interact with smaller, less secure institutions. Therefore, from his perspective, SMBs must also be secured.
“So that long tail of SMBs is something that we really need to secure,” Eren said. “It’s an underserved market because everybody’s chasing big dollar items. But there’s a lot of them. There’s millions of SMBs out there. So it is a viable market. It’s actually a sensible thing for cybersecurity vendors to try to address [by] working with partners.”
The question then becomes: What is the most effective way to help secure more SMBs?
“I don’t think you can sell directly to SMBs,” Eren said. “They have a million other things to worry about. They’re not going to be able to buy a firewall or a data protection suite and install it. They’re not going to buy some cutting-edge DLP solution or zero trust network access solution. They’re just going to work with their partners to get them on board. So I think there’s a lot of responsibility on us to work with MSPs now, all becoming MSSPs, right? Every MSP aspires to be also providing security services, so they are MSP and MSSP rolled into one. All of these folks have hundreds if not thousands of SMB customers. We need to work with them [and] enable them to address this long tail of cybersecurity risk…”
It’s fascinating to uncover what leads to a security leader like Eren’s passion for mitigating security threats. An interest in finding the weak spots in applications is what initially brought Eren into the security arena.
“I did start as a hobbyist,” Eren said. “I was interested in reverse engineering…We were looking into open source and close source; reversing binaries and applications to find basically weaknesses and vulnerabilities from an AppSec point of view.”
To hear more about how Barracuda is helping to secure the entire, interconnected world, check out the full episode of IT Visionaries!
IT Visionaries is brought to you by the Salesforce Platform – the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation – with the customer at the center of everything you do. Learn more at salesforce.com/platform
