In this episode of the IT Business Podcast, the focus is on ShadowHQ, a platform designed to enhance business continuity and incident response. The episode features an insightful interview with Nick Scozzaro, CEO and co-founder of ShadowHQ, who shares how the platform provides a centralized and secure environment for managing crises, particularly cyber threats. Listeners will gain insights into the importance of preparedness and the role of digital playbooks in effective incident response.
Nick Scozzaro discusses the inception and evolution of ShadowHQ, a platform initially built to address cyber threats but now also used for other scenarios like natural disasters. Drawing from his background in secure communications at BlackBerry, Nick emphasizes the need for a digitized approach to incident response. ShadowHQ offers a comprehensive solution by providing a secure environment for managing crises, collecting evidence, and supporting audits and lawsuits post-incident. The platform's unique feature is its ability to digitize and automate response playbooks, which are adaptable to various industries and scenarios.
The conversation also touches on the platform's capabilities and future developments. While ShadowHQ does not fully automate processes, it incorporates AI to identify gaps and suggest improvements. Nick highlights the importance of continuous readiness and the platform's compliance and insurance benefits. The episode concludes with a discussion on the proactive role organizations must play in maintaining and updating their incident response plans, and how ShadowHQ's roadmap is shaped by customer feedback.
Key Takeaways
Sponsors and Partners:
The IT Business Podcast is powered by Netally
Check out all of our partners: https://www.itbusinesspodcast.com/sponsors/
=== Show Information
Website: https://www.itbusinesspodcast.com/
Host: Marvin Bee
Uncle Marv’s Amazon Store: https://amzn.to/3EiyKoZ
Become a monthly supporter: https://www.patreon.com/join/itbusinesspodcast?
One-Time Donation: https://www.buymeacoffee.com/unclemarv
=== Music:
Song: Upbeat & Fun Sports Rock Logo
Author: AlexanderRufire
License Code: 7X9F52DNML - Date: January 1st, 2024
[Uncle Marv]
Hello friends, Uncle Marv here with another episode of the IT Business Podcast, powered by NetAlly, the show for managed service professionals, IT professionals, anybody that supports business. And my goal here is to help you run your business better, smarter, and faster. We are continuing through this very fast-paced summer with another vendor profile for IT Nation's Pitch It program.
And today we are going to look at ShadowHQ, a platform designed to help enhance business continuity and incident response by providing a centralized and secure environment for managing crises. And helping me understand ShadowHQ today is Nick Scozzaro, the CEO and co-founder. Nick, how are you?
Hey, good morning, Uncle Marv. Doing great. How are you?
I am doing pretty good. So I'm just going to start with the obvious. People are going to hear this after the CrowdStrike incident.
So let me ask, how busy have you been?
[Nick Scozzaro]
So it's been a busy summer, last couple of weeks for sure. IT outages are just a reminder of how it can impact business. So yeah, it's been busy, thanks.
[Uncle Marv]
All right. So ShadowHQ, I mean, we talked about it, you know, business continuity, incident response. And the first question I'm going to ask is, is this primarily aimed at cybersecurity?
And what kind of got you guys to put this together?
[Nick Scozzaro]
Yeah, great question. So it was built with the cyber threat in mind. And that's much different from a natural disaster or, you know, random outage.
During the cyber crisis, you have to think about your threat actors trying to imposter your team, trying to steal and drain your bank accounts. And we know that after the fact, there's going to be audits and lawsuits and that type of thing. So the collection of evidence, the protection of evidence becomes very important there.
So that if we build for that scenario, a lot of the other scenarios are easily managed. So like the natural disasters, and we're actually seeing our clients kind of pick up ShadowHQ and use them for other use cases other than cyber crisis.
[Uncle Marv]
Right, because that's what I was going to ask, because I'm down here in Florida. So, you know, hurricanes are our thing and something that we can actually plan for because we know they're coming, unlike some other disasters and incidents that you have to be ready for ahead of time.
[Nick Scozzaro]
Yeah, exactly. And we do notice that when there are alerts for hurricanes or suspected outages there, we do see tabletop exercises being increased, which is something that we do support and a good use case for MSSPs to provide services on. But Uncle Marv, you asked me a question about what got us into this.
So I, you know, to understand why we got here, you have to know that when I graduated, my background was software engineering. My first job was with BlackBerry or at the time Research in Motion. And I started right after 9-11.
So almost immediately in my career, I found myself supporting secure communications for G7 type deployments, military type deployments. So it seems like the entire 15 years that I was there, I was always working on high profile at BlackBerry, that is always working on high profile, secure communication, things that were in the headlines quite often. When I left BlackBerry, I started my own software company called MobiStream.
And, you know, regardless of digital transformation and software engineering that we were doing, secure communications continued to follow us. So we did major implementations for major governments of secure communication collaboration. Now, like everyone else, we were seeing the headlines about ransomware taking people out and hurting businesses and livelihoods.
And, you know, we just felt that we had the tools and the expertise to put together an out of band virtual bunker to allow people to respond from a position of strength. We noticed too many times that people were still relying on their binders that was built for, you know, a little bit past, you know, in a more digital modern age. I think we need to digitize this and not rely on our binders and the things that are in the binder, because every second counts in an outage.
[Uncle Marv]
So I was going to ask you about that, because it seems as though your platform, you know, tries to do a lot of this automation and going beyond the phone tree. And, you know, what are the what are the steps to do in this checklist and stuff? What is it that makes ShadowHQ unique in this perspective?
[Nick Scozzaro]
Yeah, so ShadowHQ is unique because it's an all in one cyber crisis platform. So right from the preparedness, so uploading and making sure that you have your response playbooks in there. We're not a SOAR.
Like we don't automatically go out and do some technical things, but there are a number of things that we can automate. But by starting with your response playbook, like contact your cybersecurity vendor, you know, disconnecting VPN or know who to call type of thing all can be uploaded when you're uploaded in there or have your plans. You can easily automate your response and the notifications of it.
And that makes it easy for you to run tabletop exercises. So once you run those tabletop exercises, you're achieving that, you know, high availability, high readiness and for eventually when it when it happens. So it becomes not just a platform for incident response, although it's a key use case, but it's also supports the business continuity, the executive team, the disaster recovery team.
I mean, let's face it, major ransomware attacks will get into the media. So what is your marketing or public relations team doing to get ahead of those headlines and operating? So, again, with a complete outage from ransomware, communications are compromised.
Threat actors like to leave them open so they can eavesdrop and take your element of surprise away. But your files are all encrypted. So you need more than just a binder.
[Uncle Marv]
Right now, you mentioned playbook and I was going to ask you about playbook and then, of course, the playbook manager. So let me ask the first question that a typical MSP might ask. Are these playbooks kind of like readymade checklist that, you know, you guys provide and we can build off of?
Or do we have to, you know, help create our own playbook?
[Nick Scozzaro]
So it's both. We are providing some support in or pre like we're building predefined playbooks. That's a little difficult because we, you know, we support manufacturing.
We support banking and health care and every industry that's out there has this problem. So we do have start with the basics. And we also have a partner ecosystem that can support and making sure that everyone has the appropriate plan in place.
But for an MSP, really, it's they invest in those plans or build those plans and resell it to all of their customers by being able to push these plans into their environments, their tenants.
[Uncle Marv]
All right. So typically, I'm assuming we would have multiple playbooks like there wouldn't be just one playbook, right?
[Nick Scozzaro]
Yeah, exactly. For every use case that's out there. So we see things like your typical attack.
You're from like a DDoS to ransomware phishing. We also starting to see health care. So patient medic over medication and patient falls and obviously natural disasters.
So we're starting to see a lot more use cases in there, again, focused on the cybersecurity low piece.
[Uncle Marv]
All right. And you mentioned that a playbook is more than a checklist and there's, you know, some automation, but no real stuff. So let's describe the playbook in a little more detail.
What exactly is it?
[Nick Scozzaro]
I guess. So. You're stopping me with the question because it's the playbooks, the playbook, it's the response.
So whatever your organization feels that these are the necessary steps or the people and the people to include to respond to a threat. So imagine if it's 2 a.m., you know, you've got some notice that something's not right. You investigate.
It's a ransomware attack. You complete outage. You have no access to your contacts or your documents.
And you're basically shutting your systems down to prevent the spread. So now what? What do you do?
So being able to access your response playbook will allow, you know, to take the chaos out, get the panic out and say, OK, follow these steps. So contact your security vendor, contact your internal teams, make sure you have these assets ready, try to identify the threat, you know, make sure you're calling your suppliers, issuing notices to employees not to be VPN in. So really, there's just an array of things that can be in this plan, and it's usually what keeps your business afloat or the lights on.
So it's hard to say, but there's definitely 80 percent of it is very generic.
[Uncle Marv]
OK, and then the playbook manager itself, that's kind of what the platform does is it it's a centralized place where does everybody in the organization go? So everybody knows that when something happens, they go to the playbook platform.
[Nick Scozzaro]
Yeah, it's usually your breach coach or your leaders that are running the response. I mean, it can be anybody and everybody. They are in a central place.
And when I talk to our business continuity friends, you know, to use their terms, they've said this is next gen, next level type of stuff, game changing. So really is taking whatever you would traditionally look for in a binder or in a PDF document, and it puts those elements into an actionable digital object. So when I say, hey, we're under ransomware, it's almost like a project or a workflow automation type of thing.
So it loads all of the tasks into your incident and you can now start assigning tasks and managing them through to completion. So that's the one aspect of automating and digitizing response playbooks. So today, a lot of MSPs are providing those PDFs, they're providing plans, they're selling that document.
So we just we allow you to put that into a central location and push it down to the or basically sell it to different clients by pushing it into their environment.
[Uncle Marv]
OK, now, in terms of the automation, is there any A.I. built into this so that the platform knows that if step one happens, automatically go to step two and roll that out?
[Nick Scozzaro]
Yeah. So just between you and I and the microphone, we are executing our A.I. roadmap and a lot of them will be suggestive. So being able to support our clients through a response without making any assumptions because every event is different and expect the unexpected.
So we're not comfortable at a place where we would say, you know, rely on A.I. to make this critical decision for you. But there will be very supportive things, reminders. If we see gaps, we'll be able to identify that these are gaps.
We'll be able to transform existing processes into a ShadowHQ one because ShadowHQ can remove seven to 10 steps from an existing playbook by automating things like call trees and mass notifications.
[Uncle Marv]
All right. So one of the things that I noticed when I was kind of looking through your stuff here is that ShadowHQ can help with compliance in terms of documentation.
[Nick Scozzaro]
Oh, yeah, exactly. So we're very friendly to the GRC ecosystem, so we are very complimentary. So in order to check, we check a lot of the boxes.
So being able to have your playbooks, not only your playbooks in there, but we also have that version control and that yearly certification. So certifying that someone has been here, reviewed these documents, and here's a report that we've certified these for our audit. Just having a lot of these resilience processes and tools in place gets you more SOC or sorry, more compliance and insurance ready.
So insurance companies love us. We, you know, the ultimate goal for us is to be able to orchestrate and manage from through an incident from a position of strength, which ultimately gets you back online up to three times faster. And that obviously mitigates the risk and the cost in the recovery.
So insurance usually have to cut the check and so we can minimize the impact.
[Uncle Marv]
All right. Now, let me kind of roll back and kind of ask this from the set it and forget it mentality, which a lot of MSPs get into this. This is not that because obviously it's got to be updated, maintained and that sort of thing.
But what actually besides MSPs having a set it and forget it mindset becomes a big challenge when going through an attack or an outage or something. And I'm just for some reason thinking about CrowdStrike because people were confused in that type of thing.
[Nick Scozzaro]
That's right. I don't know what you mean by this set it and forget it.
[Uncle Marv]
Well, a lot of a lot of techs will just simply say, I've got my checklist and I'm good. I don't have to worry about anything else. And then if you have a process that automates it, they're going to think, well, I don't have to worry about it.
I don't have to do anything. Sure. You know, ShadowHQ does it for me.
[Nick Scozzaro]
There's automation there, but we don't automate it. We don't remove those best practices. So most organizations that we deal with, they have ShadowHQ.
It's because they have good practices and that means that they are performing their readiness checklists. They are running through their playbooks. They're running tabletop exercises and they're taking the reports and showing all that that works.
I think the entire industry, all industries actually are challenged with the priority of readiness. Right. So I'm still kind of blown away how many organizations don't have a plan, which is why we're creating some plans for them.
So the set it and forget it mentality is something that has to change if an organization wants to be resilient and they want to be able to recover quicker from any type of an incident. I think one of the stats I read was like natural disasters now account for five percent of business disruptions, which mean 95 percent or something else. And majority of them are IT.
And as we saw a couple of weeks ago, even buying the best products and having the best plans in place shows that, you know, doesn't mean you're not vulnerable. All right.
[Uncle Marv]
All right. So last question, the platform seems to be end to end for now. But is there anything coming down the road, feature developments that ShadowHQ might be looking at?
[Nick Scozzaro]
Yeah, I mean, you can't ask an engineer that question because all I want to do is continue to build. But we have the we do have like an all in one cyber crisis response platform. And to be completely honest with you, our customers are driving our roadmap.
So we are always refining and iterating. And so our major features are, you know, the playbook manager, secure communications out of band communications, file storage, mass notifications and a whole bunch of workflow and pieces in there. So if there are things that our customers tell us or as the response practices evolve, our roadmap is active with our community.
So nothing major other than the AI enrichments. And that's all I'll say on this call. Maybe the next call I have a bigger update.
[Uncle Marv]
All right. So ShadowHQ and the link will be in the show notes. But if you're driving, it is ShadowHQ.io is the website. And if you are in a situation where you don't have anything like Nick mentioned, a lot of us don't. There is actually a disaster readiness checklist that you can download from the site, not only free of charge, you don't even have to put in your email address.
[Nick Scozzaro]
That's right. Yeah. Well, look, I want to be everyone's partner.
So I know the buying process is not often fun. I'm not a sales guy. I'll never be one.
But so I try to build a company that can sell to me, which is pretty hard. So.
[Uncle Marv]
All right, well, Nick, we appreciate that for sure, because we get a lot of vendor calls. But this is one where you probably don't have to worry about marketing. People are coming to you, I think.
[Nick Scozzaro]
Yeah, I mean, I'll never say that. Like I'll take I won't take anything for granted, but I love that how easy it was to get some of a lot of our customers so they understand the gap. And yeah, they it almost kind of people call me the founder, but I usually say the stumbler.
I stumbled into this because I was just kind of blown away how easy it is to prepare. And nobody, not a lot of people had like so ShadowHQ can kind of take eight tools that you might have and bring them together into one seamless, secure, out of band virtual bunker. And I would also say to your listeners that if you're at the regardless of what stage you're at with your security program, ShadowHQ can support the growth of it or an easy transition to existing mature ones.
So it's been a seamless rollout and we often do it in hours versus days or weeks. And we provide the free training and it's no cost to the MSPs as well.
[Uncle Marv]
All right. Well, Nick, thank you very much and appreciate that and the time. Look forward to seeing you in November at IT Nation.
And ladies and gentlemen, head over to ShadowHQ.io and check them out. ShadowHQ, a company that provides a secure environment for cybersecurity incident response. So make your things better and faster in the event of a crisis.
All right, Nick, that's it. We'll see you out there. OK, awesome.
Thank you, Marvin. Take care. All right, folks.
Head over to the website. Download this checklist and head over to ITBusinessPodcast.com and listen to some of the other vendor profiles for Pitch It. We've got a few more here throughout the summer.
We'll see you at IT Nation in November. And that's it. Until next time, Holla!