Uncle Marv sits down with Anup Ghosh, CEO of ThreatMate, to explore the intricacies of attack surface management and the innovative solutions ThreatMate offers to enhance cybersecurity. The conversation delves into how ThreatMate's platform helps organizations bolster their security posture by identifying and managing security exposures, and how their partnership with SeedPod Cyber provides a unique approach to ransomware insurance.
Uncle Marv kicks off the episode by introducing Anup Ghosh and ThreatMate, a company focused on improving cybersecurity for IT networks. Anup shares insights into the company's approach to attack surface management, emphasizing the importance of viewing security through an adversarial lens. Unlike traditional vulnerability management tools, ThreatMate identifies "security exposures," which include insecure protocols and default passwords, offering a comprehensive view of potential threats.
The discussion highlights ThreatMate's capabilities in managing both external and internal network threats. Anup explains how their platform can inventory network devices, conduct continuous security audits, and perform authenticated scans for compliance. The conversation also touches on ThreatMate's integration with ConnectWise PSA and plans for further partnerships. Additionally, Anup introduces their AI-powered vulnerability management platform, which prioritizes significant risks to streamline the workload for managed service providers. The episode concludes with a look at ThreatMate's partnership with SeedPod Cyber, offering discounted ransomware insurance to clients.
Key Takeaways:
Sponsors and Partners:
The IT Business Podcast is powered by Netally
Check out all of our partners: https://www.itbusinesspodcast.com/sponsors/
=== Show Information
Website: https://www.itbusinesspodcast.com/
Host: Marvin Bee
Uncle Marv’s Amazon Store: https://amzn.to/3EiyKoZ
Become a monthly supporter: https://www.patreon.com/join/itbusinesspodcast?
One-Time Donation: https://www.buymeacoffee.com/unclemarv
=== Music:
Song: Upbeat & Fun Sports Rock Logo
Author: AlexanderRufire
License Code: 7X9F52DNML - Date: January 1st, 2024
[Uncle Marv]
Hello friends, Uncle Marv here with another episode of the IIT Business Podcast powered by NetAlly and this is the show where we try to help IT service providers, tech soloists and MSPs run their business better, smarter and faster. Today, we are continuing with another vendor profile for IT Nation's PitchIT and today we are going to be talking about attack surface management and the company is ThreatMate, a platform designed to help organizations improve their overall security posture and resilience against cyber threats and helping to explain this today is Anup Ghosh, the CEO of ThreatMate. So Anup, how are you?
Great, Uncle Marvin, thanks for having me on here. Thanks for coming on. Let me first ask, how's PitchIT going?
You guys are in the middle of it now.
[Anup Ghosh]
I love it. I love it. We had a really nice meetup at CompTIA ChannelCon last week in Atlanta.
A number of the PitchIT companies were there and I think in a certain sense, there's a fair amount of cohort camaraderie of, hey, we're in this together, we're on this journey of starting a business in this interesting space. So I love the camaraderie. We actually had a great time.
We had a blowout party in a suite that hotel security closed down the second night. So I consider that mission accomplished.
[Uncle Marv]
OK, very interesting there. You guys are kicking it with style. So that sounds good.
So at least you're having fun. Let's go ahead now and quickly circle back to the way I described your company. Did I describe it correctly?
Yeah, I think so. Yeah. OK.
Now, for most people at tax service management, we understand now that there's, you know, this cyber posture that we want to have. We want to have a good cyber score. We want to be able to look at things through the eyes of a hacker now.
So tell me, how is ThreatMate doing that?
[Anup Ghosh]
I think that's really well said. That's what we do. You know, a lot of firms will tell you about all the problems that they find with your software stack.
And when we talk about attack surfaces, we're talking about those of our clients, right? Our client networks that our partners manage. We take an adversarial view.
And one of the big differences between how we approach this and, say, a vulnerability management tool is vulnerability management tools look for specific software vulnerabilities or CVEs, as they're called in the industry. We do that, of course. But if you think about it, an adversary doesn't care if they get onto the network through a CVE exploit or if you just let them in.
Right. They don't care. They'll take any path.
The easier, the better. Right. So we call them security exposures because it's a broader term than vulnerability and vulnerability management.
So give me a good example. Right. If you are running Telnet or RDP and advertising that to the Internet, that's a bad idea.
Those are insecure protocols. You will get pwned. Right.
Another one that everyone knows, of course, the default passwords. Right. So if you have a default password on one of your services, say Telnet, yeah, you'll get pwned.
So we do tests for what some people call configuration vulnerabilities. We also monitor your Microsoft O365 or O365 Google Workspace, again, looking for those opportunities, like not having multi-factor authentication properly set up. So those are examples of what we call security exposures.
[Uncle Marv]
All right. So it looks like you've mentioned being able to look at our perimeter, being able to look at our SaaS applications and stuff. What about local networks and side-to-side type stuff?
Are you able to do that? And if so, is it going to be with an agent or device on-prem?
[Anup Ghosh]
Yeah, I feel like Merv, like we prepped and we really did it. But yeah, you got us, right? So those are all attack surfaces, right?
There's that external perimeter attack surface that everyone does and should do. There's your cloud apps. And you also mentioned the third-party SaaS apps that connect to that tenant.
Those are another attack surface. Then there's behind the firewall, right? So office networks, not everyone has one.
Many people do. But being able to find what servers might be back there. You know, recently I was talking to a guy at ChannelCon, he's like, I manage point-of-sale systems for my clients, you know, who are like fast food retailers.
Can you tell me about those attack surfaces? Yeah, absolutely. So we look behind the firewall, every device sitting on that network could be an IP camera, could be a point-of-sale system, could be a printer, conference phone, of course, endpoints and servers.
If it talks to the network, we will scan it.
[Uncle Marv]
All right. So that is a discussion that I've been having myself in my own company with those because some of the products, you know, there has to be an agent on a device. So, you know, either Windows, Mac for most of us.
But I've got some where they will scan and identify devices. So, you know, if people are running a flat network, you mentioned IP cameras, VoIP phones. If you're not doing VLANs and stuff, it might detect them and say, oh, yeah, here's a vulnerability there.
And a lot of, listen, a lot of us as MSPs, you know, may not go out and patch our phones. And stuff like that. So how do you guys address things like that?
[Anup Ghosh]
Yeah. And really, if you think about it, you know, what we do there, we serve two purposes. The first, you know, under looked but really should be highly valued is we can tell you what's on that network, right?
How hard is that, you know, for your partners who are reaching out to prospects, right? And they want to put together a cost proposal, right? How do they do that?
The way they do it today is they pick up the phone, they talk to that business owner, and they're like, hey, how many endpoints do you have? How many servers, right? How many switches?
We all know, you know, the answer is wrong. Whatever they tell you is usually wrong on the low side, right? So first of all, we'll tell you what devices are on the network.
We'll identify them. We'll infer their function, like, hey, that's a SQL database, right? So you should be aware.
It's not just a Windows server. It's also a SQL database, right? And then next is that security audit, right?
So first, it's kind of like asset inventory. Know what you have on your network. This is the number one thing in this CSF.
Know what's on your network. You can't measure what you can't manage, right? So what's on your network?
The second is, what's your security posture? And we do get that from a network scan. It's called an unauthenticated scan.
It's very lightweight. And as a result, we can do it continuously. You know, this isn't a once a year, once a quarter, once a month.
We do this every day. We'll scan your network. It's a very lightweight scan.
It'll also tell you if a new device enters your network, which you might be interested in, right? And then if you want an authenticated scan, we do have an agent that you can deploy. It's not required.
But we do have an agent. It runs on every platform. You know, and it will do authenticated scans of everything that's on that device, including configuration, software, files, all processes running in memory.
And that allows you to ask questions that are important when it comes to compliance, right? A lot of folks are now waking up to compliance is a great way to go, whether it's high level NIST CSF or CIS level compliance. You need a system that can collect that data for you and then point out where you've got challenges there.
And so we do that. You did ask, how do you manage vulnerabilities in some of these other non-standard or IoT devices? We do it through the network interface.
So we're not deploying an agent there. We'll find, like for example, if you've got a printer that's hosting a Telnet service, which believe it or not is not as rare as you might think. Same thing for IP cameras.
We'll tell you, it's like, hey, did you know you've got this Telnet service running on this IP camera? Either shut it down or block it from the firewall.
[Uncle Marv]
Right, all right. So you have answered a question I was getting ready to ask because you mentioned NIST and I was going to ask more specifically, do you guys do map to those protocols? NIST, CMMC, ISO, that sort of stuff.
[Anup Ghosh]
We partner with experts that do that. So we recognize there's some great firms out there that people are already using. ControlMap, ScalePad’s, one of our partners, Vanta is another.
And basically what those firms do is, they use our agent to get that data, to do those mappings to CMMC, HIPAA, PCI. We have in our own product, we have NIST CSF, but certainly some of these others do as well.
[Uncle Marv]
Okay, now what about other partner integrations that a lot of us MSPs would be interested? I mean, obviously, IT Nation and ConnectWise is looking to have you guys work with them, but what about some of the other products that we work with?
[Anup Ghosh]
Yeah, so we've got a pretty deep integration with ConnectWise PSA Manage. And that includes everything from ticketing to billing, synchronizing clients. And we're working our way through the list of other PSAs that people are using.
So I would say stay tuned for announcements coming out on that front. We also integrate with other third parties that provide information that's useful. So for example, we'd get back to the external attack surface.
Domains are becoming a real big area of concern. Have you properly secured your domain? But also can other people use your domain for mail, right?
And so some of the information we'll present like DMARC and SPF security, we get from third party sources. Same thing with dark web monitoring, because we know all the accounts of your users from your Microsoft tenant, we'll go ahead and do dark web monitoring for those accounts. Again, using third party services that we integrate to.
Same thing with the AD security. And what people will find is between the external attack surface management, the Microsoft and Google Workspace tenant monitoring, dark web monitoring, by the way, pen testing. So we include automated pen testing as a service in this.
We end up being able to consolidate a number of different products that other people are using. And the first thing that occurs to them is, oh, I've got a product for that. But after saying that for three times, the light bulb goes off and they say, okay, now I get it.
It's all right here. It's all right here, one interface. It's all part of security exposures.
I don't need to log into separate products and try and pull this all together. And we also build out mission plans that collates all this data, crunches it through an AI engine and a machine learning engine and says, if you have one thing to do today or this week for this client, this is it. This is your highest risk, right?
And you can't do that when everything's in a separate stovepipe. So by pulling them all together, doing the math behind where's your greatest risk exposure, being able to build out those plans to tell you this is what to do and how to do it. That's how we get there.
And that's, we think is pretty differentiated.
[Uncle Marv]
Okay. You mentioned a lot of different stuff, all in one platform, which sounds great. But of course, the big buzzword right now, or the big buzz phrase, AI, are you guys utilizing that in your platform?
And if not, will you be? We do.
[Anup Ghosh]
So we do a couple of things that we think is pretty differentiated. Most vulnerability management products give you a long list of vulnerabilities, because no surprise, when you start scanning a network, you'll find a lot of issues, right? That's not the problem.
Actually, I would say the problem is you find too many issues. If you're a managed service provider, every problem becomes a cost, right? Because you have to understand it, research it, figure out what to do with it, and then take that action.
That's all cost, right? Which then takes down from your profitability. By using AI, we actually do all that homework for you.
And we say, here's exactly what you need to do. And it's risk-based, because we use open source threat intelligence to tell you which ones of these vulnerabilities or exposures are being exploited. Those are the ones you focus on.
So we really narrow the focus down, or what do you need to do? We generate those solutions using AI, and then use machine learning. There's a really interesting property we take advantage of.
A single solution will collapse large numbers of vulnerabilities. So rather than having to look at every vulnerability and figure out what to do, we tell you, do this one thing, right? It's like, do this one trip.
And it's going to quash this class of vulnerabilities. Typically, hundreds of vulnerabilities quash with a single solution. And we think that's a property that we're able to do for our users.
It's an automation that saves them time.
[Uncle Marv]
Very nice, very nice. One last thing I want to ask you about, because I saw this on the website and I figured, oh, I need to ask. You guys have this little ransomware insurance program bundle.
But it sounds like you're not offering the insurance, but you're helping MSPs work with their clients to either get or renew their insurance or something to that effect. Can you talk about that a little bit?
[Anup Ghosh]
Yeah, so first of all, we partner with cyber insurance providers. And one of our best partners is also a PitchIT company, Seedpod Cyber. So when you talk to Doug and the guys at Seedpod, great firm.
So here's the deal. Almost all the MSPs that are waking up to their client saying, hey, I need cyber insurance because why do they care? Because their customers care, right?
Their customer is saying, hey, if you want to buy or if you want to sell to us, you need cyber insurance in addition to general liability. And then when they get the application from their insurance agent, it's long, right? And so who do they turn to?
They turn to a managed service provider. You need to do vulnerability management and patch management in order to get cyber insurance. And cyber insurers use ThreatMate’ s platform for that external attack surface management.
Also behind the firewall in the cloud tenant. So it's a great match of interest, right? Where the managed service provider comes in is they can get ahead and say, look, through Seedpod Cyber and ThreatMate, we can offer discounted, really heavily discounted cyber insurance through this partnership.
And the reason why is because what Seedpod Cyber is going to make sure is you've got the right tech stack, you're managing your clients and they use ThreatMate to say, oh yeah, you're in the green zone and all these clients. Anyone that's in that green zone, they can get heavily discounted cyber insurance. So we think it's a smart move for the market and for our partners to provide that as a service.
[Uncle Marv]
All right. Well, Anup, all this sounds fantastic. Something that listeners should go to the website and look at, and it's just as it sounds folks, ThreatMate, the word threat, the word mate.com.
So very simple, very easy there. So Anup, thank you very much for coming on the show. We look forward to seeing you in Orlando at IT Nation Connect.
However, I don't know if I'll be able to make whatever after party you guys have planned. If they- Poker, poker, Murph. The poker, okay.
Sounds good. Anup, good luck. And hopefully you'll be one of the final three there at IT Nation.
[Anup Ghosh]
Thanks a little Murph. I appreciate it.
[Uncle Marv]
All right. That's going to do it folks. Thank you for downloading and listening to this vendor profile.
We've got a few more coming, but of course you can always check them out. Head over to itbusinesspodcast.com. Select your pod catcher and you'll know when they come out.
That's going to do it. We'll see you next time. And until then, holla.