Video: Sophos Academy: Cybersecurity 101 | Duration: 3596s | Summary: Sophos Academy: Cybersecurity 101 | Chapters: Introduction to Cybersecurity (8.48s), Cybersecurity Landscape Overview (437s), Mobile Device Vulnerabilities (909.435s), Ransomware Impact and Costs (1202.66s), AI in Cybersecurity (1514.855s), Cybersecurity Solutions Overview (1858.45s), Cloud Security Responsibilities (2715.595s), MDR Reporting Options (2892.0352s), MDR Integration Capabilities (3021.99s), Cybersecurity Conversation Strategy (3099.6602s), Building Customer Trust (3282.3699s), Comprehensive Security Solutions (3446.29s), Concluding Remarks (3558.6702s)

Transcript for "Sophos Academy: Cybersecurity 101": Hi, folks. Welcome to the session. We'll give people a couple of minutes to join. So we'll start at, a couple of minutes after the hour. Just a reminder, if you've got any questions during the session, please use the q and a box. The slides that we're using, you can download them from the docs tab. So yeah. Yeah. We'll kick off in a couple of minutes time. So, yeah, if you just joined, great to see you. And so we'll kick off in a in a minute's time. Just give give people a few minutes to, to get on to the session. Okay then. So, once again, welcome to the session. Today, we're covering cybersecurity one zero one. So, really, an introduction to cybersecurity. So we're covering some some key topics. We're gonna talk about, some technologies, some of the problems we encountered, some some things to think about when you're having conversations with with, prospective customers. So that's the end of the session. Just if you've just joined, on your, on your interface, you'll see there's a docs tab. So if you're interested in downloading the presentation, then you can do it from there. If you've got any questions, please use the q and a box, and I'll check that periodically, to, to see if I can, yeah, see if there are any questions there. In case you're interested, so we have been asked after these sessions, you know, are we planning a two zero one session? Sort of a little bit more in-depth, and that is something that's in the works. Not available yet, but we are we're planning to do that. So so, keep listening for that. Right. So without further ado, I shall kick off. And remember, any questions, please ask away. Right. So just, as a as a actually, I'm just thinking. What I always forget to do is to introduce myself. So I'm gonna go back to slide number one. I'm gonna start again. So you probably guessed my name is Jason Brown. It's on the slide. Just to give you an idea, my my background is is, I'm coming up to, I think, twenty twenty nine years in cybersecurity. So I started at doctor Solomon's with antivirus when when cybersecurity was perimeter firewalls and antivirus software. That was it. From then on, it's it's kinda grown quite considerably. Lots of new technologies, lots of new problems, things moving a lot quicker, than they were when floppy disks were the the way of communicating. So the whole world's changed since then. So that's that's where I've come from. I've worked around endpoint, risk and compliance, gateway security, and I've I've worked, in The UK. I've worked within Europe, Middle East, and Africa, and I've worked for a number of different Skype cybersecurity vendors. So that's that's where I am. If you want to connect with me on LinkedIn, please please feel free. And right. Let's start again. So the aim of the session then is to really give you an idea of what cybersecurity means, So to give you a basic understanding of things. But probably more importantly, to allow you to ask those questions that you yeah. The the the information the things that you're after. If things aren't clear, if you want a little bit more information on certain topics, please feel free to ask away so we can we've got time to sort of, to to focus on things that are of interest. So please, if you've got anything that you want to know more about, ask away, and we will we'll continue through the presentation. So we're gonna cover a number of different topics. We're gonna look at the threat landscape. So look at what we see is happening in terms of the threats, the type of threats, the way that threats are being implemented, and some some things to be aware of. So basic understanding of how sort of, what what threats look like. We're gonna look at some types of protection. So endpoint protection and edge protection are probably the two most basic forms that have been around for a long, long time. But we're gonna talk about what's available today in those areas. We're gonna cover a couple or a number of three letter acronyms. In cybersecurity, you probably noticed there's lots and lots of acronyms. Lots lots of established acronyms, and every now and again, I come across acronyms that people just made up on the spot. So, try to avoid them if you possibly can because what you know from as an acronym, it it may not be something that other people understand. So try to avoid using acronyms if you possibly can do. It avoids confusion. But we're gonna talk about some common ones and what they mean. We're gonna give some analogies, to hopefully make it a little bit more clear, the the difference between some of these technologies. And then we're gonna look at, the kind of things that you can think about when you're starting a security conversation. So the kind of things that you might want to ask about, the the techniques, etcetera, that you might want to use when you're starting a conversation with a with a potential customer. So let's let's get into the meat of the presentation then. So number one concern for IT administrators, oftentimes, it's cybersecurity. It's one of those things that the administrator cannot fully control. They can choose what applications are being used. They can choose how the network is configured. They can choose all the things that are within their remit. They can choose cybersecurity products, but what they can't choose is when they're gonna be attacked and what the result of the attack is. So there's a lot of unknown with cybersecurity. The other challenge is it's constantly evolving. Something I've seen over every every year, every few years, there's new techniques being used. Cybersecurity or the the challenges of cybersecurity are constantly evolving. It's a little bit like a cat and mouse game. The threat actors will do something, the cybersecurity companies will counter that. Once that is dealt with, then something else will be developed and so on. So it's it's certainly, it's a moving goal, in lots of different respects. And, obviously, the the technology that you're trying to protect equally is a moving goal. Operating systems being updated, new applications are coming out, etcetera, etcetera. So it's it's something that's gonna keep you busy. It's not something that you learn about and then move on to something else. It's constantly changing. If we look at the motivation behind cybercrime, largely, it's money. Not exclusively. You know, there are other reasons for cybercrime. But if you look at the numbers that are involved within cybercrime, there's a there's a lot of money to be made. Oftentimes, it's seen as a almost like a victimless crime. It's not against an individual, it's against a company, and they've got money, or it's a crime where you're not gonna get caught because you're sitting wherever you're sitting, your your target is the other side of the world, etcetera, etcetera. But I think despite all of that, the the key thing is there's a lot of money to be made and every year we see more money being made. So there's no reason to think this problem is gonna go away anytime soon. We look at some trends within the threat landscape, the kind of things that we're seeing. Ransomware is a a constant problem. It's been there for a long time. It's such a a fast route to to making revenue for the the the threats the the bad access, but it's likely to remain. If you've not come across ransomware before, typically, your documents are encrypted, You're given a link and you need to pay in order to get access to them. That's the very basic form of ransomware. But we see triple we see double and triple extortion ransomware where perhaps a a threat actor has got hold of your data. So not only are they encrypting it to stop you accessing it, they're also threatening to post it on the internet, which obviously can have a very negative impact to your customers, to your partners, to anybody that you do business with. And then triple extortion, where they might actually go after the people whose data or or whose details are contained within your data. And we'll talk about some numbers on ransomware, but it's a it's a a huge problem. Data theft, as I've alluded to, is another element of this. It could be with ransomware. It could be separate from ransomware. But we know, that data is money. Data has a value. So, the ability to steal data, sell it on, threaten to expose it, all these kind of things, you know, it it's something that can make money or cause other difficulties for organizations. Cybercrime as a service. So we kinda get this idea that there's a somebody sitting somewhere that's maybe a group of people and they're writing a piece of malware, and then they're launching that malware, and they're making money. And that may well be true. But there's another side to things where cybercrime is is or or the elements of a cyber attack are being sold typically as a service. So you might have a group of criminals that want to launch a ransomware campaign and they will buy a piece of ransomware. They'll brand it with their own branding, and then they will launch an attack against, particular victims. So it's it's not always the people that are writing the code that are actually using the code. Quite often there's, things are done sort of separately. We're also seeing ransomware as a service and many other forms of criminal activity delivered in a sort of service model. Thinking about the attacks and how they happen, dual use tools. So if you ever heard of PowerShell, probably the most famous dual use tool, very advanced command shell for administrators. It can do lots of clever things remotely. What a great tool for a bad actor to use. So there's a lot of, malware that's delivered through PowerShell. And the challenge with any dual use tool is the fact that you can't simply say, I'm gonna block the tool. If it was a piece of, you know, virus, or a piece of malware, you could block the piece of malware. But if it's a case of it's something which is used for both good and bad, you not only need to say, okay, we need to monitor it, but we need to work out is that PowerShell or any other of the numerous dual use tools? Are they doing something legitimate? You can't just simply block things. Remote desktop protocol, another dual use tool. Very useful for admins to fix problems, but so often, we see RDP used by used within attacks. Poorly low, accounts that have got a great deal of permissions, but perhaps a very weak password, out of date operating systems that can be compromised, and RDPs often used during attack. It's a great way for an attacker to move from one system to another to another, across the organization. Social engineering. You don't even need a piece of malware. If you've been following the news, the the attacks against, a number of retailers, a lot of those attacks were social engineering attacks. Ringing up, pretending to be the help desk. Can I have your password, please? And very, very successful attack. We've probably all heard of phishing attacks, where you'll get what looks like a legitimate login screen. You put your username and your password in, and that will be stolen. But we're seeing more sophisticated attacks, vishing. So voice phishing attacks where, basically, somebody's rung up. And various techniques are used to get them to do exactly what the attackers want them to do. And that typically involves revealing details that gives the attacker a chance to use that within their attack. Mobile malware, an interesting one. Think about mobile devices. They they contain a lot of data. Yeah. They've got your emails on them. They may have your, if you're using, Office three six five or Google Docs, they may have your data on them. So your normal Office data on them. In addition to that, they've often got your multi factor authentication capability. So if you can compromise a mobile device, you've got access to everything that's on a laptop, plus potentially a whole lot more. And yet, very rarely do we see mobile devices protected. And yet, you know, one data point, if you think about Apple devices, I always used to think it's an iPhone that's safe. But with Android, I'd be a bit more concerned, but it's an iPhone so it's safe. But if you look at the the updates for iPhones, then pretty much every single one that I've looked at in the last three or four years contains fixes to vulnerabilities. So, when you're looking at protecting an environment, it's not just the laptops, the desktops, the servers. It's looking wider than that, looking at what else can be can be compromised because that's what the attackers are doing. You know, they aren't focusing on just a particular, set of set of, capabilities. They're looking at, you know, what's available, what can we do. Right. So quick quick scan through the, the chat. That's good. Question answers. Okay. So one of the questions well, the one question we've got so far, you know, what do criminals make most of their money from? I think if you if you look at the technology type, ransomware is the big, big one because it's such a direct route to making revenue. You know, there are other ways of extorting people, but ransomware is so damaging because it isn't something you can ignore. You need your data to do business. Now we have seen situations where companies have gone out of business because they haven't been able to access their data. So it's not something that you can ignore. Typically, you need to recover it in some way. We have a state of ransomware report every year. We release one a couple months ago. And, yeah, we look at trends from year to year to year. And, you know, ransomware isn't going away. The problem's getting bigger. Customers are getting more able to do things, more able to recover or I think when we looked at this year's report, the 2025 report, slightly less people were unable to recover. So slightly more people were able to recover from attack using things such as backups. But again, cyber criminals are getting wise. They'll go after backups. So I think, you know, ransomware, probably the number one, because it's such an obvious way of attack, which very much thank you, Jerry. Very much lines me up to this slide here. Number one fear. We we're not clicking the button. So so it's ransomware. You probably guessed it. Is ransomware for mobile devices a common problem? I've seen it, but it's not something that, we hear about very often. I think one of the one of the typical features with if you've got a mobile device and it has ransomware, wipe it and start again. Because a lot of stuff on that's on there is, either app based or it's coming from somewhere else. So, you know, it's it's, yeah, the actual ransomware of a mobile device probably quite a rare thing. But, yeah, it's it's I've certainly seen it. But, yeah, it's I think it's a lot more common on desktop servers, laptops. Yeah. And, yeah, talking about where we see ransomware, the typical approach of an attacker is to look for something that's not protected and then launch the attack remotely. So they might get onto a network, like, that that has protection enabled, get through get onto a device and then start looking around the network for a device that doesn't have protection enabled. And the reason they're doing that is it's a lot easier to launch a ransomware attack from a device that doesn't have protection. And that is exactly what they're doing. That is a very difficult thing to stop because from the defender's perspective, all that they see is files changing. You know, they don't see any strange processes at work. They see something on the network is changing files. And you know that could be a user. So that's a very difficult problem to solve. It's a it's a problem that software solves, but most vendors can't go anywhere near solving that problem. So, yeah. Yeah. And somebody else, you know, mentioned in the QA, the best solution to ransomware is having physical security, and that holds backups. And we would always recommend, when you think about ransomware, thinking about data security, the three two one rule. So the three copies or three backups, two different media. So if your tape drive fails, you don't lose it all. So it's on two different forms, and at least one of those is is kept off-site. So that's that means that, you know, if somebody you know, if your if your data center burns down, then you've got a copy elsewhere. If something terrible happens to to the machines or the environment or whatever, you've got you've got something. And that, you know, that off-site copy can really help save, you know, save a a situation that's that's not good from being one that's very, very bad. The problem with that, it's it's extra hassle. So it's a really good thing to do, but a lot of times, customers just won't do it or they they don't do it. It's on the to do list, but things come in and get in the way and it it doesn't happen. And that is why so many customers pay to get their data back. So talking talking numbers, so this is an estimate. It's actually an estimate for, yeah, for, yeah, for this year. $42,000,000,000. You can see it's a lot of money. This is so this is the the worldwide figure, the estimated, revenue from ransomware. So it it's it's a huge amount of money and, you know, a very good reason that it's that these kind of attacks are gonna continue. If we look at the rate of ransomware attacks, so this is the percentage of organizations hit with ransomware. So an interesting one. So all of well, apart from in 2021 when something else was was probably happening, organizations have got more than a fifty fifty chance of being impacted by ransomware. So it they're more likely than not to get a ransomware attack. So if if they're talking to a customer, they have never encountered ransomware, then I would certainly point them at the direction of our ransomware report, which gives a, you know, an unbiased, view of what lots of organizations, totally independent from Sophos, organizations have actually experienced and and what they've gone through, and what the results have been. Because if they've not experienced it, it's it's difficult to understand the all of the the hassles and the feelings and the problems and all of the things that you need to deal with when ransomware does occur. So it's it's certainly well worth, looking and reading about what other organizations have been through. Because it can really make you think, okay. Well, I need to do things a little differently. Look at some numbers on here. So ransomware is is obviously a big problem. I think the that $2,000,000 figure, I think that's actually dropped to $1,000,000 in the $1,000,000 in the ransom the latest ransomware report. So this is the main ransom payments that's made. About 2,730,000 is the recovery cost of a ransomware attack. Again, I think that's dropped slightly. But the figures are roughly are are roughly correct. So ransomware is still a very big problem. It's still a costly problem. If you encounter a ransomware attack, it's not gonna cost you a few thousand dollars. It's gonna cost you hundreds of thousands of dollars or millions of dollars. It is a, you know, a very significant thing. And, obviously, a lot of attackers don't care, you know, where that money comes from. They don't care about the organization they're impacting. And it could be a small one, could be a big one. It's it's all money to them. So it's okay. So let's get the let's get the attacks out as far and as wide as we can go, to maximize our revenue. Yeah. A question about how often do people get data back after paying ransoms. I think it's around about 50%. There's there's all sorts of challenges with this. If if an organization decides they need to pay to get their data back, which if they don't have any other options in terms of recovery, which which many don't, then they have to do that. It's challenging. So, obviously, you've got the fact that not that that attackers are not necessarily going to give you the, the encryption case. Although a lot of them do. You know, it's a business model, so a lot of them do. But you've got the you've got the hassle of sometimes the decryption routines don't work. So with all the will in the world, you know, you've got the encryption keys, you've got the encrypted data, sometimes things don't work to recover the data. You've also got that challenge that, you might get your data back, but is it where it needs to be? You know, is that is that in the folder, in the file structure that you need to be? Or you're gonna take weeks to actually put the data back to where it's needed? We also see that quite often, if you're the victim of ransomware attack, it won't be one off. You know, your details will be shared. You'll be attacked subsequently because they know you've paid up. So you're somebody that's gonna make the money. So why stop attacking you once? They'll go you know, they'll attack you multiple times. So lots of reasons why it's not necessarily a good idea to pay up. I think the the governments are looking at making it or the possibility of making it illegal for public sector organizations to pay ransomware, really, with the idea of discouraging attacks against those organizations. So, you know, that's could be a way that could work, but it's gonna be a very painful process, as that as that is introduced, you know, if it is introduced. How can AI contribute to safeguarding your organizations against cyber attacks? If yeah. I mean, so AI is something that, obviously, we hear about every day. AI is this thing which has come along, then it's revolutionized the way we're doing things. In cybersecurity, AI has been been around probably for at least probably ten, twelve, fourteen years. AI is absolutely not new. We've been using AI for many years to protect against all sorts of attacks. So machine learning is a form of AI pioneered by Cylance around 2012, 2013, something like that. Every vendor is now using elements of that in order to detect attacks. So that's one way it's used. Another way it's used is within, EDR, XDR technologies, which I'll talk about in a little while. But that's where you've got a huge amount of data and you're trying to figure out what does it all mean, which is what AI, you know, again, can be very useful at doing. At Sophos, we have got AI embedded in all sorts of different areas. We got large models, small models, depending on what you're looking to do with it. But a significant amount of that is geared at detecting attacks. Obviously, the the challenge with detecting attacks is that the ones that you really are worried about are the new attacks. You know, if it's an old attack, you've got absolutely no reason to not stop it. If it's a new attack, then, you know, what does it look like? How does it how is it similar to other things that we've seen? How is it similar to bad behavior? AI can be very useful in gaining those kind of insights to to make suggestions. How reliable are they? It it really depends. Obviously, you know, for machine learning, we've had them for many, many, many years. So, I think even at the start, some vendors AI was very good. Others was pretty poor. But I think, you know, given the fact that it's been there for a decade or more, a lot of times it's it's pretty good. But having said that, we see that, you know, there's there's there's always threats that get through. You know, there's always things that cannot be stopped. The whole reason EDR or XDR solutions came about was because the there's an acceptance that threats not all threats can be stopped. So it's a case of where can you get visibility to what's going on to make an to make a a decision if that thing that's not been stopped is actually a bad thing. And again, AI can help there. Percentage, well, I I couldn't really give you a percentage because it's there's a there's a lot of things in there that you don't know about. So it's it's difficult to say, okay. We're stopping 20% or 60% or whatever. But things are things are getting better. Again, AI within attacks. We've seen a number of situations where AI is used to generate attacks, to look at vulnerabilities. I think there was a there's a study, and I don't remember the exact the exact numbers behind it, but they lined a up AI up against vulnerabilities that were described. And they found out that AI was able to create proof of concept for something like 90% of those vulnerabilities. And that's, you know, obviously, that's a very scary thing because when a vulnerability comes out, you want some breathing space in order to somebody to create a patch and the organizations to then test it and deploy it. So, obviously, if you're generating a proof of concept code that could export that vulnerability and you're doing it just like that, then a lot of that breathing space is gone. So, again, a, you know, a big, big challenge. Okay. Just a quick look. Yep. Cool. I think I think we'll review things in a moment or two. So let's talk about cybersecurity and what can we do to stop threats. Cybersecurity now covers a lot of different areas. I said at the start, you know, it was antivirus and and corporate firewalls when I started. Here, we've got other examples of of solutions or areas where I where antivirus or endpoint security, as it says, sits. So things the endpoints, the the the servers, the network devices. Now if I if I can stop it as far away from the target as possible, that's that's a good thing. Email, wireless cloud. So there's a lot of areas where, that can be used or there can be protection points. Each of these Sophos that plays a part. And pretty much all of these are found in pretty much every organization. So these are areas within every organization, pretty much that Sophos can offer a solution. One of the things that customers have been asking for for a long time is, hey, can I have a single pane of glass? One place to go to. Variance of that phrase. So being able to deliver, protect in what's the different areas can really go a long way towards delivering that single pane of glass. Sophos has Sophos Central, which really does, that that, it it meets that need. So that that first slide was technologies that pretty much every organization has. The second slide, again, it's where Sophos play. But these are areas, which a lot of organizations are looking at now. Identity protection. You know, phishing is a big challenge, all about stealing identity and credentials. So having the ability to detect attacks there will make it harder to, compromise identities. It's a very useful capability. Network discovery and response, an area where you're looking at identifying and and identifying threats on the network. Obviously, very very convenient, because you're you're looking you're finding it before it hits the endpoint. And then manage risk, where we're looking at vulnerabilities, and what can be done about them. Where they are, what they are, and how they can be, mitigated. So certainly up and coming areas. And again, Salesforce plays in those areas. So technologies, and we'll dig a little bit deeper into the technologies to the technologies in a minute. I've got so one thing that you'll need to do, I guess, when you're talking to customers, is understand where they're coming from. So the on this slide, there's some suggestions as questions to ask customers. This one takes, like, a few seconds. Just take a look at that slide. And in the chat box, you know, what what would you say is the most important question there? I'll just take give you a few seconds to look through those six questions. What do you think is the most important question there? And just pop it into the chat. So while while you're doing that, I'll take a look at the q a q and a, and I'll see if there's anything else in there. Yeah. That's good. But, yeah, any thoughts on there? What the most important yeah. I'm starting to see some come through. Yeah. And I think that, you know, there's a there's a variety of responses. And I think it's, to a degree, it depends where the question where the sorry. Where the customer is with their security. For me, a big problem is what what problems do they have? Because if they recognize they've already got problems, then that's something they're probably gonna want fixed. Certainly things like, you know, who responds to alerts is a really interesting one. Because, you know, that then kind of beckons the question of, okay. Well, do they work weekends? Do they have public holidays off? Who does things after hours? You know, we know a lot of customers are running nine to five security, but we know a lot of attackers know that a lot of customers are running nine to five security, so they're gonna attack at 06:00 or on Sunday. So, certainly, they're all useful questions. For me, understanding where the customer is is probably the most important thing. And that's not only what problems do they have, but where are they going? You know, we talk about road maps in terms of what Sophos is doing, the technologies and the updates that we are releasing, etcetera. But customers are never standing still. They're always looking at what's gonna happen next, what do they need to do to their environment. So if you can, understand where they're going, then you could be in a position to position solutions or position additional security to meet their needs rather than waiting for them to get there and then start asking how they you know, what what what you can do and what they can do to help themselves. If you know where they're going, you can position that security upfront. That can be very helpful. I think, you know, the other question is, you know, important. Licensing is is important. If you're looking to move from one vendor to another, that's probably gonna take a minimum of six months. So if a customer's got a license renewal next week, unless they're doing something very strange, they are not gonna be renewing. They're not gonna be changing their vendor because they need time to test and to remove and etcetera. So, you know, it's it's again, it's really useful to have that road map. You know, if they're looking at reviewing the market now, then, you know, what's their road map for changing, you know, if they if they're going to another vendor? So, yeah. And obviously, what they don't like about the solution, what they think is missing. So all good stuff. So let's focus in on some technologies that we have then. We look at, first of all, network edge. So the edge is typically a firewall. You're all probably using firewalls at the moment. If you've got a wireless router, it's doing two things. It's doing the wireless bit and it's doing the routing bit. Rooting is moving from one network to another, and in most cases, you've got a firewall sitting between the two. So the bad things on the Internet are not getting through to your wireless network. So you've got one on your router. Organizations have them, obviously, at the corporate firewall. They may have internal firewalls. If they're looking to protect things like, operational technology. So let's think about manufacturing machines, medical devices, other fixed function devices that can't have security installed on them, one way of protecting those is to sit them behind a firewall and be very restrictive in terms of what can connect what can connect to those devices. So that's a, you know, another way in which you can deliver protection within the organization. In terms of Sophos and firewalls, we have TIN. So we have physical appliances. We have virtual appliances. So software firewalls that can be installed, for example, within a within a, a VMware environment, for example. We also have cloud based solutions. So that all the customers are at least partially moving to the cloud. They may have things happening there, critical functions in the in the cloud. And the question might be, how are they protecting those from attack? We know the cloud is a, you know, it's a wide open target. So it's worth thinking and asking the questions. Are they using the cloud? Okay. How are you protecting the cloud? Do you have a firewall, that's giving you protection that's identifying, attacks that you're being subject to, within the cloud? So all areas where where Sophos can help. Endpoint a server, so the devices that the users are sitting behind and working behind and accessing data, a big, big area, for that that needs to be protected. If if an attack happens, it's probably gonna manifest itself on these type of devices. This is where you're gonna see it first. So this is where, you know, things like antivirus and anti malware, which are terms that were probably first coined thirty plus years ago and often used by customers, endpoint security, they're all the same thing these days. It's all about providing multiple ways in which you're protecting an endpoint against an attack. We also have device encryption as a class of protection. So looking to protect the data that's on those devices. So those are sort of typical places an attack can take place and typical technologies that that can be used to provide a level of protection. And obviously, servers, we talked about cloud based servers. Customers like to have some on premise servers as well. So again, it's all about understanding what do they have, how they're protecting it, what are the problems that they're seeing. We're gonna focus now on endpoint, on the endpoint. So the desktop, the server, the laptop, the device the user is typically sitting behind. I'm gonna talk about some of the, technologies that are there to provide protection on those devices, the different classes of protection that's available. And to do this, we've got some, we've got some, analogies. That's the word I'm looking for. So pretty much every vendor that did antivirus does some form of endpoint protection. So we can see this as the most basic form of protecting an endpoint. It's something that's there to stop things happening. So it's stopping people getting in the gates. It's stopping people coming through doors. It's stopping people opening windows. It's all about stopping things. So it's what antivirus wanted to be. It wanted to stop the attacks or remove them if they got in. Somebody got in, then the dog is there to chase the attacker off. So that's really a way of thinking about endpoint protection. It stops things. But we know that endpoint protection can't stop everything. So the question is then, what do I do? So probably around about probably again ten, eleven, twelve years ago, we had the concept of initially EDR, which was endpoint detection and response, but now it's more commonly XDR, which is extended detection and response, which is all about monitoring. It's all about understanding what's actually happening. So if an attack isn't stopped by your endpoint protection products, it's understanding what the device is doing, what behaviors it's seeing to work out if that represents an attack. So that's the detection side of it. The other side of it is the response. So okay. If we were watching things, we've got cameras, security lights, etcetera, we're waiting to detect things that are happening. And if we see those things, somebody needs to make a decision whether that's a good or a bad thing. And if it's a bad thing, it's a case of performing the response. So calling the police or local security or whatever it is, but dealing with the problem by responding to it. So that is XDR. It runs typically alongside endpoint protection to help you deal or help customers deal with the problems that endpoint protection can't stop by itself. The big point about ADR or XDR is it's typically the customer that has to observe what's going on, watch the detections, understand the detections, understand what detections mean, and then make the decision that they either need to do something about it or they don't. So the the focus of making that decision is with the customer, and that is the challenge. A lot of customers don't have the resources. They have the people, the skills, the time, the coverage to do that thing, which is why MDR or managed detection response is very, very popular. And I think currently, Sophos has like 33,000 MDR customers. So that is running alongside your endpoint protection, but the big thing it gives you is access to experts that are doing that thing in the middle. They're watching for detections. They're making a decision about is it good or is it bad, and then responding. So similar to, to XDR, your endpoint protection is there doing its thing, stopping as much as it can do. Your monitoring is there, giving you data to tell you about what's happening within the environment. That's where the that's where your experts come in and say, okay. Yeah. That's good. That's good. That's bad. Let's deal with it. And when they do, they will then call on the expertise of a team that know how to deal with the bad things. Because again, the challenge with customers is, if they see something bad that's happening and they make that decision, whilst they may have recognized the problem, they may not be in a position to efficiently deal with it. They've never dealt with that type of malware before. They're not necessarily gonna know how to do it. Whereas a company that seeds lots of malware all the time in lots of different ways, obviously, you know, it's in a much better position to work out. Let's do a b c because that's the most logical and most efficient way of dealing with a problem. One thing just to cover off around the cloud, so I've heard this not recently, but certainly, I've heard it in the past where customers say it's okay. All fine. I'm safe. I'm in the cloud. Absolutely wrong. It's just a case of how exposed are you. And there's different cloud models. So focusing on the key models, the SaaS or software as a service, PaaS, which is platform as a service, or IaaS, which is infrastructure as a service. Depending on which of those models you have, you are more or less protected by the cloud. And what I mean by that is, the cloud, whether it's Azure or Google or AWS or any other public cloud, there's a shared responsibility model, which means the cloud provider is responsible for some of the security. They're always gonna be responsible for the building security that the servers that run the shared environment, that run the cloud are actually operating within. So they're always responsible for their own buildings and their building security and that kind of thing. But it's a case of what else are they responsible for. In the case of, software as a service, they they are responsible for all the things that run underneath that application. Whereas in the case of infrastructures of service, they're responsible for a lot less. The customer's responsible for the operating system, the network, the applications, the vulnerabilities or the patching, etcetera, etcetera. So really helpful to understand what's the customer doing in the cloud, what cloud are they using, and what are they what model or models are they using, and help them understand what they are responsible for protecting. And again, we can help there. Obviously, if you compare to on prem, the customer's responsible for everything on prem. So there's less customer responsibility, but there is always some responsibility. Okay. Alright. Cool. Okay. So just some I just got a quick look through the the q and a before I talk about this section. Okay. Is your MDR team reporting to its end customers or dealing with periodic reports of threats they stopped? It's actually both. So, we MDR or our MDR service offers the customers a choice. So do they want us to do everything for them? So if we see a problem, we'll deal with it, we'll tell them about it? Or do they want to be involved? So we see a problem, we will tell them about it and then we take action together. Or do they want us to be only only doing things automatically if it's a if it's a Christmas day or a Sunday or it's happening at 09:00 at night? So the customer gets the choice of when we should get involved. We will always send them reports because, you know, the worst thing in the world is, hey, I don't need MDR. I don't have any problems. You don't have the problem because you've got MDR. So, you know, one of the things that we want to allow customers to be able to do very easily is to justify their investments. So we will report to them what we've seen, what we found, what we've done, how they've been protected. We also reported the average response time. And that's an interesting one because, Gartner did a did a report and then they worked out that the homegrown security operation center. So in other words, there are customers doing it for themselves. On average, it took that security operation center sixteen hours to deal with an incident. Worst case scenario, thirty hours. The average for Sophos MDR is thirty eight minutes. So, you know, we've heard the term time is money, never more so than within cybersecurity. If you can deal with an instance straight away, it's almost certainly gonna cost a lot less than, than if you deal with it ten hours down the line. Okay. So is everyone okay. So is everyone is likely invested in some sort of security solution? Does Sophos align with other vendors? Absolutely. So if you've got a, we can manage or we can provide MDR if you're using other solutions. It doesn't need to be the softphones solution. You know, there's there's extra things that we can give you that are provided because or if you are using a software solution, but it doesn't need to be. You know, you can have another vendor and we can perform the managed detection response with, with, you know, another product. And a very popular one here is Microsoft. Everyone has got some sort of security. A lot of customers are going to Microsoft because it's seen as free, or they're already paying through it, so why not use it? So we can offer MDR for customers that are using Microsoft security, as well as a lot of other vendors. So it it's absolutely not a any kind of blocker if if a customer's using a different solution. The key thing is, what do they what's missing for them? What do they need? What's not good? If it's MDR, then absolutely we can help. But, perhaps, if there's any other questions. Yeah. I think I think we're up to date. Cool. So some things to think about if you're having a conversation about cybersecurity. A lot of this is asking questions and gathering information. You know? And probably the first meeting is all about understanding where the customer is, not proposing solutions to them. Because at that first meeting, you probably don't have all the information you need to to to to tell them what's gonna help them. So it's asking questions, understanding what they're doing. You know, are they expanding? Are they changing? Are they consolidating? Do they have additional devices? Whether it's network devices or or, end user devices or servers. Are they moving servers to the cloud? You know, what are what are they doing? How are they protecting things? Are they using EDR tools? So endpoint detection response or XDR, are they using those tools? Some are, some aren't. So what do they do about unknown threats? How do they deal with that? What's their strategy? Are they looking at what they can do? You know, if the customer's experienced ransomware, what was that ransomware experience? Was it was it a painless one or was it a very painful one? You know? Twenty four seven monitoring. How are customers dealing with that situation? How do they deal with after hours? Do they know that attackers often attack after hours because they know a lot of customers are not there to identify and spot the spot the signs of a problem? You know, compromised devices, rogue devices, how do they identify them? How do they deal with them? Thinking about the network. Yeah. Thinking about network firewall, there's been a lot of changes in firewall technology. So all the things there that can, you know, or all the new technologies within the firewall that can make them more secure. You know, part of what we're doing in selling cybersecurity is really informing customers. Let them know the latest things that that's happening, both in terms of threats, but also in terms of protection technology, you know, and and and, how that can help them. So lots of questions there. Obviously, lots of general questions. So it's all about gathering information. You know, where are they at? What problems do they see? What are they what are they planning to do in the future? What changes are they making? What projects have they got on the go? All of these things. And how, you know, how they're dealing with with, you know, twenty four seven coverage. So all about gathering information, taking notes, understanding things, asking. And that will you know, that should lead you to a situation where you can hopefully see something which may be beneficial to the customer. And certainly, if they've got problems, if they see issues, they wanna do things differently, if they're changing their environment, That's all great opportunities to, to show what we can deliver. This is very basic training. So we have, a lot of training within the partner, training within the partner portal. So if you scan the QR code, that will take you there. It will show you what courses are available. And I'm I'm a fairly recent starter, so I've been here just under a year. I think, you know, of all the training I've seen across all the vendors, this is probably some of the most comprehensive I've ever seen. There's a lot of training available, which both from a sales perspective, but also from a technology perspective to really bring you up to speed. Just some thoughts about, you know, talking to a prospect. There's a there's a talk track here that you can see on the slide and you can download. But but some things I would say about this is you need to build rapport because you want customers to share sensitive information with you. They need to trust you. And and if they trust you, they'll open up more. They'll let you know what's really going on. And that will give you very valuable information in working out what might help them versus, you know, what they're saying kind of a surface level. So building rapport, gathering information, and then planning what to do next. And I I've certainly worked in organizations where, there was no what happens next. And, you know, a lot of opportunities were lost as a result of that. So it's always a case of, okay, let's have a plan. When we when we talking next? Yeah. We'll we'll introduce you. We'll understand your problems. We'll suggest solutions. We'll talk about technologies or whatever. Send you the information. What's next? Let's have that follow-up call to work out. Is it gonna be helpful? If not, that's fine. You know, perhaps we didn't understand the initial problem, as well as we monitor. So, you know, let's let's see. Let's find out about that, but always have that plan in mind. Just looking on it. We're coming up to the top of the hour. Just looking to see if there's any other, questions. I think we've covered them all, which is awesome. I think, you know, one of the questions about what you do with when customers are reluctant to discuss their problems. I think, really, you've got to build up that rapport. I think if you're if you can talk to them about the organizations that you're representing, so softwalls as well as your own organization, how that works with customers. Give examples of what you've done, problems that you've solved. You know, for example, a number of people, the number of organizations that are being protected, all those kind of things, it gives credibility. And I think credibility is something that's really important in building trust. So it's you know, you've gotta have a fairly reasonable understanding of what technologies provide, but also, what are we doing? How are we helping? Who who are we helping? What are we doing for customers? You know, we've got, say, somewhere 300,000 endpoint customers, that trust us, that believe in us, which is which is, you know, a good way of increasing that credibility. So it's things like that. And some of these sometimes these things are slow to mature. You know, it's not something where you're gonna have that first meeting and you'll get a sale. It's something where sometimes it takes months to understand exactly where the customer is and, you know, provide them the best the best solution. Okay. I think yeah. If third party vendor, we can provide a response. Absolutely. You know, example with Microsoft, but we can do it with many other vendors as well. Yeah. I think we're probably there. Does MDR use for the client? Absolutely. Yep. We can detect what's going on. We can take information not only from Sophos, but also from a home currently, something like 60 odd other solutions, other vendors. We've just acquired Tejas, who can integrate with 350 vendors. So we have the ability to consume information from lots of different places. It's not just a softbox environment. We can do it from the cloud. We can do it from other types of applications, a whole network devices, a massive range of products. That gives us information, gives us visibility to know what's going on, but also allows us to respond to those problems. So, we absolutely can do that even if they're not using a soft or solution. Cool. Well, I think we've run out of time. So thank you very much for the questions. Really good to have so much in there. So yeah. Yeah. Hopefully, it's been useful. As I say, if you go to the docs tab, you can download the presentation. Yep. We'll let you know when the two zero one is available. Have a great rest of your day. Hope it's been useful, and hope to speak to you again soon. Thank you.