Events
News
Resources
Sponsor
Gallery
About
Advisory Board
2024 Calendar
2025 Calendar
TechTalk Daily
Back

Transcript: OpenText Managed Extended Detection & Response as a Part of Your Cyber Resilience

Date Created: Jul 30, 2024

Good afternoon everyone. Welcome to another Tech Talk virtual event. Very glad to have you here with us today. This is on our Featured on 24 platform. I'll go over a few housekeeping notes on that, but if you are unfamiliar with Tech Talks, I would like to tell you a little bit about what we do. We host events across the country both virtually and in in person. You bring the top solution providers around the globe right to your doorstep. Whether it be at a venue in your hometown like a steakhouse or sporting event, or with content that you can view right at your desktop or laptop through these virtual event series. 

Always working again with the top solution providers in the world who are here to tell you about the solutions that they offer. They're going to help you keep up with an ever changing world and leverage new technology solutions to make sure that you are most up to date with everything that is going on in the realm of technology. Today we have a private event for you, One of our best solution providers that we work with, Open Text. They offer every solution under the sun. Today they're here to talk about Open Text, manage extended detection and response as a part of your cyber resilience. We're very lucky to have Mark St. 

Pierre here to present for us on this specific topic. But before we get to Mark, I would like to go over a few again, housekeeping notes on this 124 platform. If you're having any audio issues, you can't hear me right now. Usually just refreshing your browser will help out with that. If that doesn't work, try clearing your history and your cache and then that will always take care of the problem. You can minimize or maximize any of the screens that you see right now by just hovering your mouse over it and you'll see a minimize and maximize screen. 

We also have AQ and a chat box. We'd love for you to ask questions for Mark and for the Open Text team at any point in in this conversation, in this presentation. If you have a question, just feel free to type it right in there and Mark will be sure to answer it when we get to the Q&A aspect after his presentation. Again, open text. One of our favorite sponsors to work with. They offer every solution there is. We were very happy to have be working with them last week. 

As you know, something happened in the IT world. I don't think we need to mention it. And they offer Microsoft support and you can purchase your Microsoft license through them. So we were very happy to have their support last week. That's not a topic that we're going to go into right now, but if you are interested in purchasing your Microsoft licenses from them and taking advantage of their world class support, that is much better than going straight to Microsoft. You can reach out directly to me and I can put you in contact with somebody over there. 

But today we're here to talk about open text, manage extended detection and response as a part of your cyber resilience, and Mark is going to be discussing that with us. Mark, thanks for joining us. How are you doing today? I'm doing well. Thank you and so Mark for. Yeah, you got a lot to share with the audience, so I'm just going to turn it right over to you all. Right. Sounds good. 

Thanks for that. I will today talk about our open text manage extended detection and response as part of your your cyber resilience and also kind of give you an overview of everything we do in cybersecurity in in open text. But for the topic of open text MXCR, we really want to talk to you how that will help you fortify your cyber defenses, essentially leaving you prepared, not scared against evolving threats. Some very recent as we all know. And we'll explore how Open Text MXCR can be leveraged thanks to its advanced workflows, behavioral analytics and threat intelligence to enhance that cyber resilience. 

For our customer, that really means, you know, a service that provides proactive detection when MXCRI helps identify threats much earlier in the kill chain, therefore minimizing exposure. We also use behavioral detections, which allows us to stay ahead of bad actors because we understand their latest tactics that allows us to do rapid investigation and remediation to help contain those threats, discover root cause and reduce downtime. We also help extend the visibility by quarreling data from endpoints, networks, cloud and other application data sources to eliminate the blind spots that you might have. And finally, we help with alert fatigue, which helps prioritize the actionable alerts. So your team is focused on things they can do and, and do quickly to, you know, counter potential threats coming in and essentially reduce the noise that our analysts are seeing, you know, throughout their day. 

So let's start diving into to open text and our MXDR. So in today's world, I think the only constant that we're all seeing is, is change, right? Everything is changing in IT and, and the world around us. So for example, these days there's a lot of talk about artificial intelligence, right? It's one of the hot topics today that everybody's discussing. And really what they're discussing is the disruption that AI will have on our businesses and our lives. But if you think from a cyber perspective, right, the most important thing around this is that information, data is the resource that is most valuable to organizations, right? 

That's what they possess. That's their, their oil, their gold. That's, that's what matters to them. And that data is essentially essential to any AI strategy. So if they're going down an AI path, they need to understand and make sure they have the right data. So securing that information is more important than ever. Information security is becoming more and more complex in the wake of increasing frequency, severity, and sophistications of threat vectors. Therefore, organizations must hone their cyber security capabilities, including around threat intelligence and risk management. That's why the only goal here is to improve continuously on our cyber resilience. 

Mackenzie recently published a report that states that damages from cyber attacks will amount to 10.5 trillion annually by 2025. So that's not too far away. And this is essentially understandable because as the digital economy grows, essentially digital crime grows with IT. As organizations rely and accumulate more information to become data-driven, they become the target of cyber criminals. So what is driving this $10.5 trillion? Well, there's mainly 3 factors out there. First, the proliferation of cyber attacks as large enterprises and small businesses expose themselves due to these IT initiatives like multi cloud strategies and acceleration of digital transformation, right? There's a lot of things going on in our organizations that essentially expose ourselves to these new threats. 

So with all these initiatives, all these IT initiatives, it's making it harder to have visibility into all the potential vulnerabilities. Increased pressure from regulation or cyber insurance where governments and industry requirements are placing added pressure on our security teams, on our Sisos to have better visibility, better protection strategies, better communication plans in case of an attack, and overall better compliance to align to published cybersecurity standards like NIST, for example. And finally, there's a talent, talent gap and resource shortage in the industry, right? We have all these IT challenges and IT leaders have to cope as well with the shortage of resources. 

So that means that an organization is more reliant nowadays on their trusted vendors to help them improve their cybersecurity posture. With all these challenging things, we need the right people by our sides, each contributing skills and expertise to our cyber resilience. In other words, as the landscape becomes increasingly complex and dynamic, it's no longer be feasible to have one person or one team or one organization possess all the necessary knowledge and capabilities that we need for cyber resilience. So this is where open text comes in. Cybersecurity has been or never been, so I should say, more top of mind of our customers, right? 

Fact is that 77% of industrial companies rank cybersecurity as a major priority for them. 88% of small business owners feel they are vulnerable to a cyber attack. If we take references like the Cyber Security Framework from the National Institute of Standard Technology, we're looking at all the dimensions around cyber. This includes identity data, voluntary detection, incident response, and even recovery. And that makes Open Text a trusted partner because we're able to help our customers essentially end to end with their cyber security. We solve for things like security at the cold level for application security, data protection and compliance, identity access management, threat detection and response, endpoint, network and e-mail protection, data backup and recovery services, and overall government risk and compliance consulting. 

Open Text has a full stack of security solutions are compatible and composable with other solutions out there in the market. We have a holistic way at looking at vulnerabilities and the risk they pose, and that's what leads to better end to end security or what we call security reimagined. So cybersecurity is not just about technology, it's also about people and processes. So we bring as open text all this technology to our customers, but we also bring them security services to help them. Again, end to end, bring all this together. So as this landscape becomes more complex and dynamic, like I said, it's no longer feasible for one person, one team or one organization to have all the knowledge and capabilities. 

So Open tech cybersecurity services are here to advise, guide and assist our customers in things like using the technology in risk and compliance, in digital forensics and sent respond when things do happen, and finally in Manage security Services. And that's where I'll introduce our open Text MXDR or Manage Extended Detection and Response. So what is open text Manage extended detection and response? It is, you know, a service as you would expect. It's where we, as open text, bring the technology, the people in the processes to help you monitor for threats to your environment, to your data, to your information, 24 by 7 by 365. We have our sock teams around the world that are essentially monitoring data from your environments collected from the endpoints from the network, from the cloud and other data sources to allow us to look for these threats, malware, potential breaches either from internal actors or external actors. 

We're able to cover essentially all your needs. I want to emphasize that open text also is, is a bit different, right? I think you've heard in what I've said to up to now is that I'm really focused on information and data. Open text is known as an information company and, and really that's the approach that we take to all this. So our sock teams are trained essentially to look at how they protect your information, not just monitor for alerts and kick things off to you guys when when things that you know do pop up, we really want to be here to partner with you. 

So one key element of our our SoC is that they're accessible to customers. To us, it's, it's about the relationship and the interaction you have with our security experts. So we offer our customers essentially Slack channels or, or chat channels so that you can interact with our L1L2 and L3 and threat hunters to ask questions, to get advice, to get guidance, to ensure that, you know, if things do happen and, and we do need to move into an instant response, We're all kind of on the same page. We all understand what's happening and we can quickly react and remediate any incidents that might, might happen. 

As I said, you have to bring obviously a whole stack of technologies. Often our customers have their own EDR technologies, their own advanced EV technologies, their firewall and so on. So what text will help you manage all that technology stack? But on top of that, we also bring a behavioral detection and, and now it takes to whoops, sorry about that, to, to the solution. So that means that we're able to understand that attacker behavior based off of maps like Miter attack framework, our own threat research to really understand the attacker behavior. That allows us also to essentially have a higher quality service because we're really looking for those actionable threats as opposed to indicators of compromise like IP addresses or or DNS's that are are known at a given moment in time to be potentially bad. 

We want to look for that behaviour where we see a chain of events that an attacker is trying to compromise a system or penetrate their network and really catch that early on in the kill chain. For our customers, we don't expect them to have all the technology stacked. So we bring to the equation our Sims and our agents and also have partnerships with Microsoft or Central One and other leading EDR vendors to really offer you a global solution. And I kind of want to re emphasize that XDR component, right. So our service really looks at data from the endpoints network and your cloud environments as well as other critical applications within your environment. 

So it's truly an MXDR solution. If you look at our service open text, I see is, is I guess perhaps not as well known as other vendors in the cyber security space, although we've been at it for for many decades through multiple acquisitions. Today with our various services and solutions, we secure 137,000,000 endpoints that it goes across threat detection and response. With some of our technologies like our endpoint response, we do data security across these 137,000,000 endpoints with solutions like our e-mail encryption powered by ZYX. And finally, our data protection also helps customers on these these 137,000,000 endpoints where solutions like cloud backup, for example, our next year service was evaluated by minor ingenuity back in 2022 in the oil rig test, we were among 16 vendors and and we kind of stood out from the other vendors not only because we caught all the tactics from the simulated attacker oil rig, but we also are the only vendor that has zero percent noise, right. 

So I'll come back to the point that I made earlier is that our service really looks at a collaboration with our customers, making sure that we applied these behavioral analytics and looking for TTPS tactic techniques and procedures that attackers use to really make sure that anything we bring to our customers are actionable insights and actionable alerts that they need to then further investigate or bring us in to do incident response and further investigate on their behalf. And finally, Open Text is one of the top vendors or MSSP vendors out there in the industry. Last year, we we were on the top 250 MSSP list from MSSP alert actually climbing year over year by 150 spots. 

So we continue to evolve our offerings and making sure that we can serve our customers to ensure that cyber resilience. We have a video for you on a life and the day of an analyst that kind of shows you essentially what analysis shows you examples of our dashboards and alerts and how we perform queries and investigations. Unfortunately, due to a technical difficulty, we're unable to show it right now, but we'll make sure that we send that out in a follow up e-mail sending you the link so you can view the video at your your convenience. It's a video that was recorded by one of our Tier 3 analysts, Paul Batson, and he essentially walks you through how he uses our our platform to investigate and monitor customer activity and really report on these actionable threats that he sees as an analyst. 

So we'll make sure to share that video here in a follow up e-mail. Before this session, I was talking to one of our client directors who essentially is interacting with customers like you on a day in, day out. And I asked her what are the top five kind of things they she sees in the market. And and Betsy, I think you're on right now. If you wouldn't mind kind of walking us through your top five features of our platform that you like to highlight to customers. Sure thing. Thanks for having me to start out. 

Number one with our SoC team and our customers, where we're really proud here at Open text of what we've built is the communication channels that we use with our customers. We do provide you with a dedicated Slack channel that will have an entire pot of sock analysts on the Slack channel for you. You can communicate with those folks anytime day or night that you need. We do give you a technical project manager that is your PM that you can chat with anytime you need to. They're very ingrained in your day-to-day activities. 

They will set up quarterly reviews with you and your team. They'll have ad hoc meetings if you need any sort of ad hoc reporting or different sorts of active boards built. Our team does all of that white glove service for you, and that's all included in your per endpoint price. Our SIM, we give you access to that as well, where you can go in and review the alerts in real time. We just don't allow you to close those out, but we do allow you to be able to see exactly what's going on in your environment at any given time, what machines are firing off, what alerts. 

We give you active boards with various types. Information anywhere from the types of alerts that are we're seeing come through your environment to the top 10 most active machines or the highest probability that there is an actual true, true positive in your environment sectioned out. And the active boards. We can even build active boards that show you who's trying to log into your network and from where, whether it be a successful login attempt or unsuccessful. And those are just a few of the active boards we have. And, and what I always try to tell our new customers when they come on board is over the first few weeks when you're getting comfortable with our service, take some notes on things that you would like to have at your fingertips. 

And then you always can go back to your technical project manager or your team of engineers that does the build for your your MDR and ask them to build you different types of views and boards and they will gladly help you with that and get get those built for you. The other really nice feature that we have is tailored rules of engagement. When we on board new customers, we have you fill out the old fashioned call tree. Of course for if there is an emergency outside of business hours and we need to contact someone in your environment, we have some folks that we can run down. 

But along with that goes the rules of engagement. So you can tweak and tailor those. Those will also be reviewed every three months on your quarterly business reviews with our sock team. But you determine if you want us to go in and kill a process or delete a file or isolate a machine and that in effect rolls out to the call tree. As to how often we might need to run you down. If you have a situation where you say, listen, I really want you guys to contact me before you you go in and isolate any machines, that is not a problem. 

You can say, you know, contact me first. My team will put those notes inside of your file. So my whole SoC team has those notes and if that type of situation arises, we will start with the call tree if it's outside of business hours. If it's during your normal business hours, we'll communicate with you via Slack. If we don't get a quick response, then we start down the call tree and my team will also provide you full root cause analysis as they investigate these alerts and true and actionable events arise in your environment. You will be provided with step by step what my sock team did to go in and mitigate that threat as well as a report detailing The Who, what, when, where, why of what went on in your environment. 

So with that said, my team is very commutative. They really enjoy being a part of your team and an extension of your current cyber security team. We take a lot of pride in that and we value the relationships that we build with our customers. Excellent. Thanks. Thanks, Betsy. Sure. I also did the exercise after speaking with you and I, I kind of also listed out my, my top five. My number one is obviously detecting threats earlier in the kill chain. 

I think we've proven that in the MITRE engineering evaluation. But also the way we approach the, you know, the kind of the detection capabilities that we add to a customer stack using TPP type of threat hunting and detection rules and analytics. I think is, is one that I like to highlight. We also by our approach essentially help minimize the time spent on false positives. I was reading last year a survey that you know, essentially sock teams or security teams out there spend the majority of their time, you know, essentially dealing with false positives. So for me it's, you know, it's quite, quite full essentially that our service helps reduce the amount of false positives that our customers need to to deal with them. 

And you know, aiming for that zero percent noise essentially is, is something that's really a goal of our service threat hunting. I think it's no longer feasible to just be able to react to alerts and, and issues. But we need to be proactive and looking for threats in our environment because unfortunately things do bypass our various controls. Things can't get past our EDR, things can't get past our firewall. So we need to be constantly out there looking for potential threats. And our MXDR service has our threat hunters go look at all the data coming from our, our customers and look for these advanced persistent threats that might be in the environment, looking for that lateral movement, making sure that you know, customers are, are safe by being proactive. 

I think you mentioned this one too, but for me, you know, when something does happen, there's a, even if it's just an alert that is kind of a positive. We, we need to make sure we understand why. And, and our analysts tend to go beyond just like I said, sending an alert to our customers, but really helping them understand the scope, the impact and if needed, the root cause of, of the issue so that things can be remediated, things can be improved and we can ensure that there's that lessons learned exercise as well. And finally, my, my last one is the relates to end to end security. So open text obviously has the RMXDR offering, but we also have many other services often tied to our service. 

I think that's EU sell often penetration testing, voluntary assessments, tabletop exercises, any others that that's. Simply, yeah, we do a lot of security assessments where we follow the NIST security framework for our customer base. And then we also do a lot of incident response retainers because here at Open Text, if you buy an incident response retainer, those hours that you purchase from us can be used for other things than an incident response because hopefully you don't have an incident and you can roll those hours into something like a penetration test or a security assessment or vulnerability scan. Absolutely. So Open Text is really here to to partner with you to help you understand where you stand with your cybersecurity. 

For example, using a security assessment, as Betsy mentioned, bringing you solutions like our MXDR to help you have visibility across your network, across RAM points, across your cloud environments to make sure that you can identify these hidden threats. And it has essentially help you be prepared, not scared in the case of an attack does happen. We want to be here to partner with you to keep you resilient and ready in case something does happen. So, Joe, at this point we can open up perhaps for for questions, see if our audience has any for us. Absolutely, Mark. Great presentation and thanks for joining us, Betsy. 

Audience, if you do have any questions, let's send them in right now. I know that we have some to get the ball rolling already from the audience, but we do have quite a bit of time here. Audience, if you would like to send in any others for Mark and Mark here just to get get us started, here's a question. What is the average time it takes to fully onboard customers? That's a good question, Betsy. You want to take that one? How long does it take for us to onboard a new customer on to the MXDR service? 

So generally we can onboard customers pretty quick. The way ours are onboarding works is it's very strategically done. We onboard your endpoints first, which will be, you know, your computers you're in, you're just your standard endpoints. And then in conjunction with that, my team of engineers will build the connectors needed to pull the logs from things like your firewalls or your O365 or if you have Nas logs, things like that. And then we, we roll those out in a phased approach. So what I always like to tell my customers is depending upon how extensive of your amount of data sources is in your environment, it can take up to seven to 10 days to get you fully up and running. 

If you have, you know, just endpoints and a couple of firewalls, we can usually do it within a couple of days. But for planning purposes, I like to tell our customers to allow seven to 10 days. That gives my team time to, to go in and tune your environment and see how things are functioning in there and, and really understand what's going on. They'll build some active boards, they'll work with you and your team to tweak those active boards. And then they'll have multiple training sessions for you if needed on how to maneuver through the stem and, and how to utilize our tools here at Open Text for for you know the best possible experience for you. 

Yeah, I'll add to that, Betsy. So it does take, you know, a few days to get somebody fully up and running. But once the order comes in, we have our program manager that's assigned to your account, reach out, make sure to schedule a kick off meeting, discuss with you those rules of engagements and, and provide you with the agents to start collecting that data. So we can start looking at your environment, looking for, for insight coming from your environment. But you, like you said, it might take seven to 10 days to get fully deployed, but it's kind of a rapid, you know, rapid start. 

We get started with a few things and then kind of roll it out to all your devices, all your networks, clouds and so on. And we do have the occasional time where a customer is in a hurry and needs the deployment done super fast and that's when we'll go all hands on deck. So if you're in a situation like that, you just let us know on the front end and and my team of engineers will get building immediately. Yep. Great. And what and what operating systems does your MXDR agent support? 

Yeah, our agent is available for a Linux, Mac and Windows. Like I said, we support your EDR. So if you already have an EDR from Microsoft or Sofos or Sento One, we can do that. If you're looking for a more advanced EDR, we're able to apply that too. We, we do provide managed EDR around Sento One and Microsoft, but our agent to look for those behaviours out there that I talked about, we'll run on all three types of environments. So Mac the next three windows. What are your pricing plans? 

That's a sales question, Betsy. Vary by endpoint. If you just have what we consider to be standard MDR, it's just your endpoints. So that's going to be less expensive per endpoint. And then what we do is we add a cost per data source after that. So it ends up driving your per endpoint costs up just a few cents a month for every endpoint or every additional data source that you add. Your local Rep can help you acquire that specific pricing, but it's very cost effective and very transparent so that you can sit down and and figure out what endpoints you need to cover and what the cost is going to be. 

You know using back of a napkin math very easily. Great. And is incident response included with the MXDR service? It is. So as part of your subscription whenever service you get an incident response retainer and for our customers, I think that's starting at 500 endpoints. You actually have some of those retainer hours that Betsy talked about actually included with your subscription? Awesome. Is your support available by phone, e-mail or chat? All of the above did it. There we go. 

Yes, I think our our customers really like the chat function. You can open a ticket on our portal, but many of our customers like that chat function because they can interact directly with our our SoC team. Awesome. Does Open Text still offer Sentinel one as an EDR? We do, yes. If you are a Sentinel One customer or or need Sentinel One, we can provide that. We have a partnership with them. Awesome. So that does it for what we have for questions. 

Now audience, if you do have any late breaking questions, send them in as soon as possible and we'll give the audience a few seconds to send in any questions that they may have to wrap this up. But until then, Mark, Betsy, thank you for joining us again. We are very happy with the services that we use from open text. We are especially happy last week when we could get in touch with somebody very easily on the support side of things. I think that that's really a lot of the times what separates Open Text from everybody else is the support. 

I know it's awesome and everybody that we work with that has worked with anybody, any of the solutions from Open Text usually raves about that. So just a testimonial from the tech talk side of things. But yeah, again, Mark, Betsy, thank you very much. Audience, if you have any questions that you didn't really think of today and you have them in the follow up, you can feel free to reach out to myself, joe@techtalksummits.com or anybody from the open text team. Mark or Betsy. We will be reaching out to everybody that attended this with some follow up. 

You will receive an e-mail that will have a link to the recording that Mark had spoken about earlier. Mark, what is that recording on again? That's essentially a day in the life of one of our analysts. So you'll get to see what they see on their side in terms of the dashboards and how they perform queries and how they managed alerts. So kind of get a behind the scenes view of of how things work here on our MXDR SoC. Awesome. And an audience if you do want to get in touch with anybody from open text, if you want to demo anything like that, you can feel free to drop that in the Q&A box right now. 

Again, Tech talks will be following up with you post events, so will open text. You can expect to hear from us very soon and we hope to speak to you in the follow up and get some calls scheduled so you can learn more about this solution. Mark, Betsy, thanks again. Hope you have a great rest of your day and thank you audience for joining us. We hope to see you at another virtual or in person tech talk again soon. Thank you so much for having us.