Eric Pinto of SOCSoter: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity
An Interview With Jason Remillard
Insist your IT or Managed Service Provider enable a network security monitoring system that includes managed detection and response for both physical and cloud networks. The monitoring system should be able to watch all activity on the networks and report anomalies and known threats to a security operations center (SOC) for review. Trying to do this in-house may work for large companies with big IT budgets, but most small and mid-sized companies will need to find a third-party service to help with this. It is a 24 hour a day job!
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Eric Pinto. He has spent the bulk of his career cultivating comprehensive IT solutions and working to better understand the security and compliance needs of small to mid-size business clients. Engagement with both end customers and service providers has allowed Eric to become well versed in managing the relationship between vendors, customers, and the Managed Service Provider (MSP) channel. Now with SOCSoter, he continues this effort today; helping managed service providers navigate an evolving threat landscape with a platform designed to tackle increasing compliance and security demands.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up in Dallas, Texas. Two parents, two kids and everything but the white picket fence. For these purposes, you might as well imagine the fence was there as well. It was the blueprint suburban southern home; I attended private school where I played football and soccer. After graduation, I studied communications at Boston College. My time in the northeast was invaluable, BC truly had a global campus. I was able to escape the small-town lens and began to view the world at scale. I continue to participate in BC alumni events whenever possible.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I sort of stumbled into cybersecurity. Early in my career, I worked on the data transfer and connectivity side of the house. It was your basic entry level position, but I always wanted to know more and hated having to grab someone else to help move a project forward. I began to immerse myself into the technologies we were providing and quickly morphed into more of an SME or sales engineer role. Cybersecurity demands were just starting to impact small business and we brought them into our portfolio. I found it all pretty interesting and was able to see it as a path forward.
Can you share the most interesting story that happened to you since you began this fascinating career?
Changes and advancement in technology is certainly interesting. What I have found most intriguing about cybersecurity has been what the technology uncovers about the people involved. It begs the question: What drives us? I am also constantly amazed, in many ways, at how predictable we (humans) can be. Spear phishing attacks that weaponize our incessant need to post relevant personal information on social media, compromised pen drives purposefully left behind (as bait) in the conference room only to be inserted into otherwise secure devices, or open Wi-Fi networks accessed and used to connect to banking sites. I continue to find humans to be the most fascinating part of my career. I think its also why I enjoy what I do so much. I get to provide more secure pathways to information and educate the business community.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
From early on, I remember going to work with my dad. At the time he managed an IT team. I was enamored with the massive cabinets, raised flooring, and cold temperatures that accompanied data centers in the 80’s. Everything was this cool pale blue color and made weird noises. For a kid growing up in the suburbs, this was everything for me. I was immediately hooked on tech.
Are you working on any exciting new projects now? How do you think that will help people?
We have a couple of really exciting developments at the moment. We have one that is extremely relevant to the current state of things and the future of the IT landscape.
In August, we released a cloud monitoring tool, enabling service providers to monitor and assess threats to remote workstations. The world was already becoming increasingly remote in terms of work, but COVID obviously accelerated this for many.
Because the pandemic hit so hard and fast, many service providers were just not ready to protect all of those remote work devices. Most people simply weren’t ready for the change!
This is where our Managed Cloud SIEM comes in to play.
For those who aren’t familiar with the term “SIEM”, I can explain — because it will help! “SIEM” is an acronym for Security Information and Event Management. A traditional SIEM works on a physical network, often in the form of a device, that collects, alerts and reports on web activity logs. The key work is “physical” networks. In other words, activity taking place outside of the office network — in the cloud — isn’t covered.
In this vacuum, we created the Managed Cloud SIEM. It gives the visibility, security alerts and reports service providers need to protect their clients!
Now that it is out and our partners are putting it to use, we are expanding the platform to monitor all kinds of cloud applications that service providers offer their clients. The first API release we did was Microsoft 365, which is pretty common in the workplace. We have added several more APIs since and more are on the way. It’s been fun!
What advice would you give to your colleagues to help them to thrive and not “burn out”?
I think one of the best things you can do to avoid burnout is to let experts be experts. If you aren’t good at something, find someone who is better at it than you and let them do it! Of course, I am referring mostly to highly specific, specialized knowledge, but you can spend hours, days or weeks trying to do something that an expert can do in a much shorter time. Why do that to yourself? Just to save a few bucks? It doesn’t make sense.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
I think there is a lot to be excited about!
For one thing, there is a ton of opportunity in the industry. Particularly with the pandemic, we have seen a field-leveling effect. It is an industry where smaller players can really make moves, if they have a product to back it up. The cybersecurity industry is growing quickly as people develop new ways to solve security problems and there is a place at the table for a lot of different solutions to co-exist and benefit each other.
Second, for our Managed Service Provider “channel”, there is tremendous growth at the reseller level. Many companies find it far more cost-effective to farm out their IT services to a third party rather than have an in-house IT person. This is fueling a need for MSPs on a major scale. As MSPs continue to pop up and grow, we are seeing ever more opportunities to partner with these new players. It’s very cool!
Third, the explosion of cloud-based services is really interesting. Even before the pandemic threw gasoline on the “digital transformation” fire, cloud services were expanding quickly. Now, with the “new normal” of remote teams being a rule, rather than an exception, the cloud is even more important.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
Well, in light of the recent news, I think that people are really starting to understand that everyone is susceptible to criminal cyberattacks and there are lots of different motivations for bad actors. Most are after money and personal data, but some are out to create chaos and uncertainty.
A lot of small business owners see this kind of thing and they think that it won’t happen to them because they are low visibility and low value compared with huge corporations. However, these small companies tend to be the way in for a hacker trying to get into a corporate network. I mean, they go after the little guy that supplies the large company with a part or service and then they use that access to get access to the bigger guy. It is happening more and more.
There is also the increased use of sophisticated phishing scams. For example, hackers may create a fake Microsoft update that looks EXACTLY like the real thing, but the update link is infected with malware. Even the operation looks legit, but now there is malware on the system. The bad actors are always one step ahead so we have to stay on top of things.
Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
This is something our SOC (Security Operations Center) handles all day, every single day! From catching a vulnerability before it can be exploited to detecting and preventing important data from leaving a network, we are stopping breaches every day. There are has been a huge increase in COVID-related attempts since March and these come in the form of phishing attempts, malware attacks and, of course, ransomware. Our job is to detect and protect before these threats become a problem.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
The full complement of Managed Detection and Response (MDR) including Endpoint Detection and Response (EDR) and Network Detection and Response (NDR). Throw in good vulnerability management and make sure the whole thing is managed by a Security Operations Center (SOC) all day, every day, 24/7. These are the tools that we sell and they are the same ones we use to protect our own networks.
As for what they do, I will try to keep it simple. The detection and response components of a security platform scan the network and device activity. The components are constantly updated with rules that represent things like known security threats (like Wannacry or Zerologon) and potentially malicious activity (like someone logging in to an application from an unusual location). When one of the components identifies activity that matches a rule, it sends an alert to the SOC. A security analyst checks the alert and assesses its risk potential. We then notify the customer if we feel the risk should be addressed.
Of course, every network should have a firewall and anti-virus. However, they also need a system that monitors all of the activity that makes it through these initial defenses — which is a lot! This way you are able to watch for known threats and suspicious behavior that might indicate a problem.
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
Honestly, I don’t think any company can suffice with just OTC software.
Generally, it is not feasible, or even recommended, for most small companies to handle their own security in-house. There are too many moving parts and too many vulnerabilities in a network. Your pre-packaged firewalls, antivirus and anti-malware software does help, but it only helps up to about 20% of the time. What about the other 80-plus percent?
Basically, everything the average Joe thinks about the protection his business gets from just having AV software is 90% wrong. You have to have a team watching your networks all of the time.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
It can be really hard to detect. Especially with the increasing prevalence of hackers installing malware and then just sitting back and watching the system. They don’t change anything, but they poke around, looking for things of value and then they act when the user least expects it.
However, there are things you can watch for. For example, if you notice your system is suddenly running really slow, that can be a sign that extra operations are occurring in the background of the system.
Another sign is mysterious files appearing in your folders. Sometimes they can be an executable file from an update…or they can LOOK like one. Checking these out, doing a quick Google search for it can sometimes tell you something.
Then there are the mysterious downloads. When you see file downloads that you know you didn’t do, that can be a sign. Especially when there are a lot close together. While this can sometimes mean the hackers got what they are after, it can let you know there is a problem. If you catch it early enough, you might be able to mitigate some of the damage.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Companies really need to be doing things before the problem even presents itself because if they are breached, the damage is done. However, it is a good idea to have an incident response plan and, in the event of a breach, executing that plan. They need to make sure that the problem doesn’t get any worse. There is a whole list of remediation steps that need to be taken after a breach like turning down systems, restricting access to certain people, and the like.
How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general?
Obviously, we are held to the same rules as everyone else as they apply to us. Most of these regulations are internet consumer protections.
That said, we actually deal with a lot of service providers who have clients (or the service providers themselves) who need to comply with these regulations. Our services include the monitoring, logging and reporting that these regulations require so we have established ourselves as “subject matter experts” when it comes to compliance!
What are the most common data security and cybersecurity mistakes you have seen companies make?
They don’t think they are a target!
I think we already brought up one of the biggest problems out there. Many companies just don’t take their cyber risk seriously. They set up an “out of the box” antivirus and call it “good”. The problem is that it simply ISN’T “good” enough!
Small businesses need to acknowledge and assess their risk. If they don’t they are making a grave cybersecurity mistake.
One of the primary challenges our MSP partners face is convincing their small business clients that the investment in a comprehensive cybersecurity platform is necessary and relevant to them. Unfortunately, many companies only see the need AFTER they have been hit with a cyberattack, and by then, it is often too late. The statistics on the impact cyberattacks have on the lifespan of a small business is startling!
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
The future has a lot of unknowns/uncertainty. There are so many scams to “help” us deal with the problem. People want to be guided to some comfort. We see over 200,000 similar scams daily and its constantly growing.
Other than what we have already mentioned, I think that the “errors” you are referring to are largely related to trying to continue with the status quo, even though everything is different. We can’t keep trying to address the new, expanded risk landscape with the same tools and methods we were using before.
To refer back to an earlier part of the conversation, the scramble to use physical network security to protect remote, cloud-based systems simply doesn’t work. We have to adapt. If we don’t, we are making a critical mistake.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
You know, so much of security is knowing how to see a potential threat and taking basic precautions. Most of the things I am going to list are kind of common sense-type actions that any organization can take with little cost or interruption to their current business process.
- Security awareness training. Teach your staff how to watch for phishing emails or malicious websites. Simply questioning someone who calls “from IT” if they are requesting access to a system or asking someone to click a link. So many big problems start at very humble access points like these. Much can be avoided by training your staff appropriately!
- Enable simple security protocols. As I mentioned before, simple things like assigning staff a password keeper that includes a unique password generator and requiring them to use different passwords for all of their accounts can make a huge difference. If a hacker manages to compromise one password, it won’t work anywhere else. This, along with Multifactor Authentication and security awareness training can really strengthen your defense!
This could also include other things mentioned earlier like having a properly-configured firewall, anti-virus and anti-malware in place. Having a detailed incident response plan never hurts, either!
3. Know what you have and why you have it. How many people have programs and applications on their devices and have no idea what they do? I can tell you, it’s a lot!
It isn’t necessarily mandatory for an end user to know how every little program on their laptop works, but they should have some idea if it belongs there or not. The person managing your IT should definitely know this. Many times, malware installs itself on your system by looking like something else. If a new application appears somewhere in your system, the people managing your account should know what it is there for.
This also applies to data. Knowing what kinds of data your system holds helps you understand your risk. Understanding what about your data might be of value to a malicious actor can really assist in protecting it. Are you holding sensitive patient information? What about financial account data? Credit card numbers? It is all important.
4. Get a vulnerability assessment. Have a cybersecurity professional come in and assess your network the way a hacker would. Find those vulnerabilities and protect them. For some organizations a penetration test may be necessary (and even mandatory, in some cases) to really explore those vulnerabilities on a more granular level. If you don’t know how you are vulnerable, you can’t protect yourself properly. Think of Smaug’s missing scale in the Hobbit!
5. Insist your IT or Managed Service Provider enable a network security monitoring system that includes managed detection and response for both physical and cloud networks. The monitoring system should be able to watch all activity on the networks and report anomalies and known threats to a security operations center (SOC) for review. Trying to do this in-house may work for large companies with big IT budgets, but most small and mid-sized companies will need to find a third-party service to help with this. It is a 24 hour a day job!
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)
Well, on the cybersecurity theme, I will give you something that is fast, effective and ANYONE can do it! Have different passwords for every online account you have! If you can’t keep them straight, use an encrypted password keeper to manage them and then enable multifactor authentication on that! It is truly amazing how this small change in your habits can benefit your personal and professional security! Just do it!
How can our readers further follow your work online?
Well, of course the work I do can be followed via www.socsoter.com, not to mention SOCSoter has Facebook, LinkedIn and Twitter accounts. I regularly appear on in-person and online panels and social media is a great way to find out when and where those are happening.
This was very inspiring and informative. Thank you so much for the time you spent with this interview!
About the Interviewer: Jason Remillard is the CEO of Data443 Risk Mitigation, Inc. (Publicly Traded as Symbol: ATDS). Data443 is a leading Data Privacy and Security company with over 40,000 customers worldwide.
Formerly of Deutsche Bank, TD Bank, RBC Bank, IBM, Dell/Quest Software, TUCOWS and others, Jason has been in information and data security for over 30 years with customers in virtually every country in the world.
Trusted to deliver — All Things Data Security — he is leading the charge in bringing data privacy as affordable, deployable and realistic solutions that every business owner can take advantage of.
