Live from DattoCon!!
In this video, Emily Ann Fogarty, Roberto Sanchez, and Kelvin Tegalar discuss the intricacies of application security and threat intelligence at DattoCon. They delve into the challenges and advancements in security for MSPs, emphasizing the importance of vendor assessments and risk management. The conversation highlights the evolving landscape of cybersecurity, encouraging MSPs to adopt enterprise-level standards and prioritize security in their operations.<ul><li>The importance of understanding and managing supply chain vulnerabilities like Log4J and the role of cyber insurance in addressing these issues.</li><li>The significance of vendor security assessments and the need for MSPs to understand their vendors' application security practices, including the adoption of frameworks like BSIM.</li><li>The impact of mergers and acquisitions on cybersecurity, emphasizing the need for due diligence and the integration of acquired entities into existing security standards to mitigate risks.</li></ul>
Guests
Video Transcript
All right. Welcome everybody. We are live and we're actually live. Kelvin, you gotta come over everybody. I, I can't come any closer to you guys. So we are live at DattoCon. Um, excited to be with everybody. Just wanted to tell, um, you first we might be a little bit light on audio from time to time. We're all sharing a mic. And, uh, but needless to say, thrilled to all be together. Um, we've got a fantastic group joining us, as you can see here. Uh, MSP superhero too.
My, I think my left, maybe you're right. I can't tell at this point. Everything's backwards, but, uh, Kelvin Gel are in from, uh, the Netherlands. Welcome, Kelvin. How are you? Thank you. I'm Amazed that, that you actually pronounced my last name, right? You're the first person to ever do that on screen. Really? Yeah. No, I'm Serious. It's, you're the very first. I'm, I'm amazed. Well, this'll be like, you know, George Castanza on Steinfeld. I'm gonna end there. The show right now. Exactly.
I was gonna say, We have, you have Ice team, you have Kelvin Tea. Yeah. Know, that's the way I do It. Alright. Um, so, uh, I'm gonna get Berdo in here. Are you logged in Burdo? If not, no worries. We've got Emily Ann Fogerty, director of security from Data with us. Got group. We got people live. People live with us, which is awesome. Um, so hey Keith, great to see you. Um, we've got people coming in here. Hey, Tim. Okay, so lemme kind of set the stage here.
Um, I am gonna just kind of do this, I think off memory, although take, take a quick peek here. Okay. Alright. So what I really wanted to set, um, today to be about really around some of the events or the sessions that each of you are doing. I'm looking at Emily Ann. Um, she is gonna be talking about, uh, AppSec.
And we're gonna be talking a little bit about Log four J and kind of the ramifications around things that affect supply chain, um, and how it's gonna roll downstream to all of us, to vendors, to MSPs themselves, how cyber insurance is gonna get in the mix of this whole thing. Um, to my left, uh, who hopefully will be on stage with us shortly is Roberto Sanchez, goes by Alberto. He's the manager of threat intelligence, uh, for, uh, the team at Datto.
And, uh, of course we've got the awesome Calvin Tagard. Um, Alberto's gonna be talking a little bit about what he's seeing right now, um, specifically a threat actor that is leveraging Log four J. Um, and so we'll be talking a little about that. And then Kelvin's session, um, is really serendipitous, but he's gonna be talking about, you know, um, RMM tools that threat actors are using. So again, more supply chain and how they're accessing these tools, um, and software inventories.
And, you know, we're gonna be talking a little about SBOs Mm-Hmm. Um, they're gonna become more of a big deal. So, Emily, why don't you, uh, set the stage a little bit for us here in terms of intros. Welcome. Yeah. It's, uh, awesome to have you. Yeah, Thanks everybody. Um, great to be here. I'm Emily Ann Fogerty, director of Information Security at Datto.
I've been with Datto for a little over three years, and I encompass, uh, application security, vulnerability management, offensive security, security architecture, security engineering, threat intelligence, uh, just to name a few. So really excited to be here and, um Gotcha, gotcha. Sorry about the best feedback. Yeah. Great to have you with us. Uh, Roberto. Roberto, as they say. Go ahead. Yeah, absolutely. Uh, hello everyone. Uh, Roberto Sanchez. I go Buro.
I am the head of threat intelligence here at, uh, datto slash ca. Um, and I do all things, uh, monitoring threats, engaging with actors, and ensuring that our enterprise and ca slash data users are, uh, as protected as possible. What's Cool though is you're being a little humble buro. I know a little bit about, a little bit about your background. You've built threat programs from the ground up at, you know, anomaly. You started there, uh, early stage.
Maybe just kinda share, you know, this is not your first rodeo. Yeah, yeah, no, absolutely. Uh, it's actually, uh, very befitting that we're out here in DC where I spent, uh, um, a good bulk of my career. Uh, so I've been in this space an intelligence space for about two decades now. Uh, building intelligence program and al also, uh, operating on 'em. Uh, not often do we get the, uh, opportunity just to build something.
We actually have to, you know, drive the car as we, uh, as we're building it. Yeah. Um, so been all across, uh, uh, the globe, helping out, uh, different types of companies across various sectors, uh, build out of their intelligence programs, execute on them. And, you know, now I'm here in the, uh, the MSP space to, uh, hopefully, um, be able to take all of that experience, harness it, and, uh, better secure our, our businesses. Very cool. It's very well needed. Kelvin.
Hey, it's good to see you in person. Yeah. Really. It's really, uh, making a big trip over here. Yep. Um, so, uh, you've become, man, you're like a, like a celebrity here. People coming up to you, giving Them beer. Exactly. Get, get getting free bears. Actually, like actually when I arrived to the conference center center, there was this guy that just gave me like a cooler of beer. I wasn't really sure. I feel left out What's going on was like, yeah, I got this for you. I was so surprised.
It, it, it's so awesome. Really. Yeah. It's a lot of fun seeing everyone in real life for the first time. 'cause normally I'm always in Europe, so I'm the only doing the European events. And then once in a while I come stateside. But it seems like every time I come stateside, everyone else is doing something else. They're at, at a different conference or they're at doing something personal or that kind of stuff. So it's really good to have everyone here and just be able to see everyone again.
And of course, COVID is over, so it's finally Yeah. School again. Yeah. And, and I think everybody came to the event because they knew you were coming, So. I hope so. I hope so. Yeah. Alright, um, Wes, let me, uh, let you take it on over here Yeah. And have a little combo. We're gonna, we're gonna rapid succession, rapid fire here to Emily Ann. She's gotta leave us at the bottom of the hour for her session. So yeah, What's your session on? Why don't you tease that? Oh, Okay.
Building security from the ground up. But, uh, you know, with Lock four J and with all of the changes in, uh, the environment in the last, you know, eight to 10 months, we're gonna focus in real close on software security and building a secure software program. So really excited to have everybody join us.
And, you know, think about it from the lens of, you know, why that that vulnerability, which was such a severe vulnerability, was such a, an opener, an eyeopener for the industry in, in terms of a call to action is what I'd like to say. Yeah. Um, but it's also just the tip of the iceberg, right?
I think, you know, a lot of people say, well, you know, there, this is just the beginning, there's probably gonna be more log for JS and you know, this is just the new normal, but we can be better and we can be proactive, we can, you know, stay ahead of it and not make it so daunting. So that's what we're gonna try to do. That's awesome. Yeah. So my first question to you is, data's always been like, awesome leaders and like application security, really taking that seriously.
You guys have been very vocal in the community about your approach to it. Um, I don't know that all other vendors really are at that level of standard, um, but I think they're trying to get there. So I guess my question for you is, w do you think it's just the background of like the MSP space had never been under attack before and they didn't have to care about it? Or is there something else that's caused that like, big gap in, in care about application security?
Yeah, I mean, I think it's a great question. And, you know, to be fair, I think it's hard to gauge if, if companies are out there doing application security. I think, you know, for a datto to be really out there preaching it and, and saying like, this is what we're doing, you know, and this is where we're going. I think it's always been, um, helpful in terms of opening up the conversation.
But I think, you know, as I just discussed with Law four J and things of those types of, those types of events, right? They definitely draw attention. But we've been seeing these attacks, we've been seeing threat actors targeting MSPs since 20 18, 20 19, right? And it was actually back then that Ryan Weeks, our CISO said like, we have to be vigilant, we have to be proactive.
But then last year, but even before Log for J, the presidential executive order came out from President Biden where he started, you know, saying, we really need to think about software build materials. And everyone said, oh yeah, how do we do that? That seems like a really hard problem to solve. Well then fast forward, you know, six months later, lock RJ happens and we're like, oh my goodness, we actually need to care about this in a software bill materials.
It's gonna help us identify our inventory, it's gonna help us be responsive. Um, but the thing too that's happened just a few weeks after that was at the FTC in January of this year, came out and said they plan, they plan to use their full legal authority to take reasonable steps to pursue legal action against companies that are not taking it seriously. And they use Log four J as an example in that scenario, but ultimately they're, they're giving you an idea of where it's heading.
And so further down the road, when we see vulnerabilities like this, if there is legal action, um, it's because they're looking to see are people being diligent? Are they being responsible? Are they taking it seriously? Um, and cyber insurance is following suit, right? They're, they're already showing signs of that. In terms of looking at, um, are you having some of these basic security controls in place?
Uh, if you had a breach and there was an event where data was uh, compromised, was that vulnerability in your environment? You know, was it a critical vulnerability that's been there for more than 14 days? Unpatched, okay, well maybe if it was, we're not gonna, you know, cover that, that event, right? So there's a lot of factors that are sort of coming to a head. I would say that it's creating a bit of a forcing function.
Um, so it's definitely, you know, the times are changing very rapidly, I would say For sure. And Kelvin, that makes me think of just a off script question for you. So with FTC, as Kellyann was saying, FTC saying, Hey, look, we might finally get into enforcement on some of these things. You look at what the done with cyber essentials from your side of the pond. Are you seeing Europe doing it?
Are they leading in any of this as well in terms of like putting some teeth behind what good security looks like and holding companies accountable? Absolutely. Like if you look at stuff like GDPR already, it's, I mean, everyone says, yeah, this is a paper tiger.
But then if you look back at how many fines have already been done in, in with uh, GDPR and compliance issues, it's insane how fast, uh, that has evolved to something from, oh, we're not worried about it, it's just stuff we have to take care of on paper to, oh crap, we actually have to take care of this because otherwise we might get fined. And that, that is sort of the regulation around accelerating a lot. And it's not like in the US because you just mentioned the 14 days, uh, critical thing.
Yeah. For Europe, that would be like a too short window. They're more of always thinking in months, like, oh, three months for example, is, is reasonable to fix a critical issue. And I think that's where we're a little bit more behind in the, in, in some sense. But you see that regulation is really catching up and it, it's catching up fast.
It's, it's going so fast that I suspect that somewhere by next year, European MSPs will actually be a more regulated in industry or at least something that, that, that will show that, hey, um, you actually have the expertise to help your clients like this. Because I think that is an issue in our markets there. There's too many, um, MSPs that aren't sure on how they should approach security. And because of that, they don't.
And then you'll bump into these kind of issues like, like, well not log four J but the, uh, issues like, Hey, you're not using multifactor authentication on specific devices, or you're using the same password everywhere. That's just a shame. Yep. Makes sense. So one thing you said, Kelly and I wanna come back to you mentioned, I don't remember how you said it exactly, Emily Ann, sorry. One of these days, I'll get names, right. Um, thank you. Uh, It must look like a Kelly. I, I dunno.
Like Kelly. Yeah. One day I'll get it right. It's like itching my memory forever now. Um, so you mentioned like a lot of vendors can talk big game about like AppSec, we take it seriously, but it's sort of mysterious. Like, do you really, or do you not? Right. And how do I know as a buyer, like to what level do you truly take it? I can hear on a keynote stage or I can hear a breakout session of just a vendor X, y, Z talking about how much we do around this.
But the measurability is difficult and I think that's why you guys did bs Im mm-Hmm. Can you talk a little bit, and as far as I know, you're the only like pure channel vendor that's done BS I, right? So you could brag on yourself a little if you want on that, but can you talk just quickly what BS CEM is? Yes. And then how that's been beneficial for Datto and for your clients. Yeah, absolutely.
So I love this question because, um, beson, which is building security and maturity model is a maturity framework. Um, so it's sort of different than your other models that are out there like Sam and ISO and nist, where you can sort of follow the, the letter to the law, if you will, um, based on what the, the guidance says. But for Besson, it's actually a model that allows you to measure yourself against the industry that you're performing against.
So whether it's software security, whether it's other businesses, um, that you wanna compare yourself to, there's, uh, this data is refreshed annually. So every year there's assessments that are being done by a third party that allow you to compare yourselves and your security posture against the vendors in that pool of data. So roughly 122 vendors. Um, there are 122 activities across three levels of maturity.
And it allows you to look at, um, what you're doing today and think about yourselves from an initial starting point, right? Level one being, um, you have a policy about, you know, software security, and then level two would be you're enforcing that policy. And so that's something that's, you know, more, more mature, more established. And then level three activities are gonna be, you know, leading edge types of activities.
So what's nice about that is we were able to see two years ago that software bill materials was a leading edge activity. We, we already had our eyes on this as something as, uh, a practice and objective we were shooting for.
Um, but that third party validation, as I said, the third party, uh, assessment that comes in, they give you the evidence that you can use not only for yourselves internally to, to have the confidence that you're investing in the right areas, or you need to invest in certain areas, but also you can use that data to have those conversations with your customers to say, this is what we're doing and this is how we're doing it compared to the, the industry. Um, and it's unbiased.
It's, you know, like I said, a third party validation. And you can use that not only for your customers, but also to drive that investment in security internally to say, look, this is what we have to do. Not just 'cause we say we need to, but because everybody else is doing it. Um, so it really helps. We Can I just say something about that, you know, if MSP's listening right now, um, to what Emily Ann just said, not kellyann, Emily, um, It's all good. I deserve it.
But, um, I just want you to take note of it. How critical what she just said. The only company, now I know there's another one adopting, it'll be announced soon, but the only one adopting the BS Im, uh, methodology thus far. Please reach out to your vendors and ask them what they're doing around application security. Um, as John Strand said right after the July 2K incident, as Robert Chioffi likes to call it, how do you spot, you know, how do you evaluate a vendor?
Well, one, ask 'em about their AppSec program. And if they're not willing to eagerly talk about what they're doing, if they're not eagerly willing to talk about the kinds of third party assessments and pen testing and the regularity about it, he says, run for the hills. But I just want to start off by saying, you know, we've had Jim Manco on, we have access to the author of BS I and they wanna get involved and they want to help. Um, I just don't want us to be an industry of apathy.
So if you start making some noise and saying, what are you doing vendor on this? Um, we have resources, um, that are willing to help and get involved in this area. So, um, and it's going to eventually, as Emily and said, it's going to come one way or another. It, it, it's just a matter of time. So you're actually helping your vendor and the ecosystem by asking them these questions.
Um, so anyway, just my two thoughts on that And a quick question that came in, Leanne from, um, David, is, does the bs Im have like a report that clients can see, is it almost like a SOC two that there's some kind of output that you can look at? Yeah, Yeah. There is a report that they can generate for you.
In fact, um, we have a really great relationship with Synopsis, who's the, the primary, uh, proprietary owner of, um, and we often have them put together executive summaries of our product so we can share that information freely with our customers in a way that's digestible. It's not 120 page report that you get. Um, so we have those reports available and they will work with any of their clients to provide them. Um, the data actually is also freely available.
So right now we're in like the final stages of synopsis publishing their version 13 report. So every year, like I said, they publish that data. So this report will include the data from the four products that DTO assessed over the last 12 months. Um, and they will use that data to show what the trends are, what are, what's coming ahead and, and believe it or not, again, not to harp on software bill materials, but that's, again, one of the top three trends that they're predicting in this report.
So, um, you can look out for, that data should be published in the next few weeks. And, um, aside from that, you know, similar to what you asked, we, they can definitely provide those reports and we have 'em available as well. Nice. Awesome. Really good stuff. We just Curious, um, politics aside, do you think, um, do you think President Biden is, uh, pretty good looking at threat intel and, you know, analytical data to, you know, deliver that kind of executive Order?
You mean President Biden himself, or we'll just leave that alone, but I think we can all agree they've been, their team has been almost like omniscient on like, what's like happening. They've led on this. Yeah. Like even some of the executive orders around cryptocurrency and this stuff happening there, they've sort of are leading on the edge of, and there's been a number of things that they've produced.
And then almost just right on the tail of it, something happens, you're like, I know's A little time. It's a little, but it's, it's pretty amazing. I mean, that definitely makes you feel good that, um, some amount of our government leadership is definitely doing a good job. Yeah. On the cybersecurity side of like really trying to push the envelope. Um, Kelvin question for you, you're an MSP people respect. I know you don't like that, but you do.
Um, how do you personally, when you're talking to a new vendor, even when you've been working with for a while, give some advice to the people listening. How does Kelvin vet the security maturity of a vendor? Do you just ask 'em a bunch of questions? You have a questionnaire? Do you, what do you do? Well, there's, there's a lot of difference for that for MSPs themselves too, because it really depends on how operational material you are.
We are lucky enough to have grown, uh, at a pretty rapid base and also to have had, um, a partner in the company that was very, um, well, he was stuck on procedures and process. He just couldn't get rid of them. He was just like a one track line on them. And because of that, we got our ISO certification, ISO 27 0 1. So we sort of had this natural flow in the company of constantly being busy with compliance.
And because that of the piece of operational maturity, we also started, uh, doing that towards our vendors. We were showing them like, Hey, we're ISO compliant. We would like to see your ISO compliancy report. We would like to see your SOC reports. And instead of just accepting like, okay, hey, here's the report and we're done, we're storing that somewhere in archive.
No, we actually have had a security team go through them like, okay, hey, wait, the statement of applicability says they're not doing these things, but they are doing these things and we're worried about these things. So then we are able to sort of ask more direct questions like, how are you solving these problems? Because in the certification, you're not saying that you're doing any of them.
So I think the answer to your question is like, I, I like it when people say I'm a respected MSP, I don't like it when people call us the unicorn, Ms. P, it's, it's, we make enough mistakes ourselves. But I think it's, it's better to, um, say it depends on how operational mature you are. And if you're a solo shop or a small MSP, you need to ask the questions that are most important to you right now.
And eventually the more you grow and the more you grow in security, you'll also start asking better questions yourself towards your vendors. But do ask them for the reports, start reading the reports, even if most of the time it's very dry material. Sometimes they have like, uh, Emily Ann just said, um, the, uh, the executive, uh, management, uh, descriptions about it. Just read those and, and try to understand like, what are they actually saying here? Mm-Hmm.
Because some reports at some vendors are filled with fluff that you have spoke through before you get to the actual quarter of Things. And one of the things you said at the very beginning, I thought was really wise, is this the idea of like, if I'm a taco shop, then I'm gonna know good tacos when I taste them. Yeah. Right? And the same way, like if I know compliance, well, like you said, you've gone down that journey of ISO 27,001, you've been, you have some security maturity to you.
So that gives you the ability, I think, to assess and see fluff versus substance, right? Yeah. And so probably a good lesson for MSPs is the same thing, right? Like, if you've really gone down this security maturity journey, it's gonna help you yourself in assessing others. It's like a doctor talking to a doctor, right? Yeah. Just you can get a lot further, right? Don't you think? Yeah. Yeah, that's absolutely, that's good. So, um, okay. That, that's helpful. Um, so Emily, I'm back to you then.
What does it mean to be BIM assessed versus just doing some of those like activities? Is there a difference between the two? Yeah, so it's very black and white, right? So internal gap assessment, you're looking at your own maturity. You can use the framework, it's open, um, you can determine based on what they're asking for and the guidance, what you need to do in order to meet the standard of that activity. But ultimately, you know, you can get about 80% there, right?
And, and the reason that is, is because, again, the assessors that are coming in, they're looking at everybody's, you know, software security initiative. And so they're getting a theme and, and a sense for what good looks like in that activity. So they're gonna be the ultimate governing body that says, yes, we give you credit for this activity as having them compliant or performant in this, in the space.
Um, so the term assessed means like you have had an assessment by a third party who then has a report with your data. Um, but we do encourage, by the way, we do encourage internal assessments because no one knows you better than you know yourself, right? And, and it's good to go through that exercise, you know, and have a good understanding of what it is they're looking for. And then when it comes time to be interviewed and assessed, you're prepared, right?
And, and then through that, you're gonna learn. I mean, we've done four assessments so far, and we learn every time as we're going through it. You know, part of it is you get a different assessor that has a different style, they're asking for different information, um, and it's always a learning experience.
But yeah, there's, there's a clear difference between the internal gap assessment and then the, the external actual, I'm, I'm chuckling, so Sun Sunny's on here, and I think, you know, and anybody that's dealing with CMMC and 801 1, it's like, you know, so far, you know, up until now, 800, 1 71 Wes is activities telling the government, oh, sure. We've been doing all these just trust, self assessed, we are doing 'em all.
And now all of a sudden, gosh, we need so much more time to be CMS compliant. Right? They're getting the physical and they're not exactly passing. Yeah. Actually, Yeah, having actual assessments or audits is amazing. It's like the first time you're sitting with an auditor, you're starting to see the unknown unknowns. It's, it's, they, they come with this question, you're like, wow, I never thought about this. Yeah. It's, It's amazing.
I mean, we were, we were looking at some of the other frameworks as well, right? We looked at Sam, and one of the things that kind of also pushed us away from it was two things, actually. One, it wasn't updated very regularly. It was a little stale in terms of the latest information. And then two, it was very descriptive, right? So it was that you shall do X, Y, Z, right? And our company, historically, I think a lot of companies, they don't really love that.
Like they, they like to have a little bit of breathing room in terms of how they implement something, especially when you have different technology stacks, different, you know, STLC workflows makes it hard to say, you shall apply this control in this fashion across the entire enterprise. And so BM takes that into consideration and is very adaptable to, you know, the, the more prescriptive way of handling things.
Speaking of the water, I remember you, us telling a story about when you're at the bank and didn't, when auditor ask you something about patching and you're like, it, it, do you remember that story you told to a degree about how do you know? And anyway, just, it brought that story back to light where you were just like, you know, it's a new ciso kind of like taken aback Yeah. The question Yeah, for sure.
And, and it's to Kelvin's point, audits are good for you because sometimes Otter doesn't even ask the right question, but it makes you think about it Yeah. And really sort of defend exactly why. And I remember talking to my regulators all the time, and they would say, look, it's not my job to tell you what to do. It's my job to make sure you properly assess the risks of the activities you're engaged in, and making sure you're communicating those risks, right?
And to me, that was a fresh way of thinking to say, um, I'm glad they're not just forcing me to do X, Y, Z. They just wanna make sure that we're putting some healthy assessment into the activities. And I think that's the gap that a lot of organizations, they don't truly think through the risks of all the activities. They're, they're, they're like, take s sbo, for example. Right? If we've never really thought through how important that is.
I talked to my enterprise friends that have gone through when Log four J was going through, and they're like, Wes, we like, it's impossible for us to know where Log four J exists, not just in our company, but in our supply chain, right? Yeah. And so it just teaches you, whoa. Like, that's why it's so important to really truly build a risk aligned approach to security, right? Yeah, absolutely. I mean, the thing too is B never expects you to do every activity, right?
That would be like chasing a silver bullet that doesn't exist, because as I said, the data evolves every year. So if you're constantly trying to do everything, you're just kind of going an inch deep and a mile wide, right? You wanna look at the most risk reductive thing you should be doing for your business and do that well and continue to have that strategy of risk assessment on an annual basis. It's almost like you'll cri, you know, categorizing your assets.
Emily Ann, like, what's most critical? I can't have the same level of protection and detection across my entire enterprise. Yeah. And the same goes for your vendors, right? I mean, as an MSP, if you have, I don't know, just throwing us out there, like 25 vendors according To Fred, this today it was 17. Okay? I just want you to know, 17. Okay. We got 17 vendors you're working with.
It's probably overwhelming to say like, I'm going to call all of these vendors and ask 'em all these questions, right? Like, where is your data? Who has the access to your most critical data? Start there, right? Start with a risk-based prioritization of evaluating your vendors, and then like, apply those lessons learned On the chain. That, that's huge. I, yeah. I know you have a few minutes with it, Wes, but, but like, you know, Slagel's here, and like, I know he, I think he's around 40 mm-Hmm.
Plus, and you know that again here, this as MSPs, it's such great advice. Absolutely. Like, you've got to stratify who is most critical, right? What, and, and look at that. And if, if those top ones that you know, maybe, you know, again, quick, um, you know, uh, uh, businesses, uh, impact analysis on yourself, if DA is your number one supplier and Datto goes down again, what does it mean to your business and what do you do? What do you know and what don't, you know? Right? Yeah, exactly.
It's, it gets kind of insane if you think about how much f that MSPs have to put in all of these different vendors, especially when they're so spread out. Mm-Hmm. Especially when you're having 25, 17, whatever the number is, it's, there's risk everywhere. You really need to make sure that you negate that risk somehow. Yeah. Yeah. Exactly. At least manage it, right? Or manage it. Yeah. Yeah. For sure. Can I go off script for a minute? Of course. Okay.
So something's been buzzing in my head a little bit. You said that you were talking at the very beginning, Leanne, about FTC, you know, sort of putting the wheels in motion of like, Hey, look, we're gonna start taking this seriously, but how do they take it seriously?
Do you think they'll create a regulatory framework, or do you think they'll, like, what's the rubric for saying, this is a fineable offense, this is something like, how do they know what's good and bad, and how are they gonna force industry Yeah. For what's good and bad? What do you think? I know it's an opinion question. What do you think? I think it's, you know, to be honest, I think it's a challenge, right?
I mean, if you even look at the insurance industry and having to look at it through the lens of what they're gonna cover and what they're not gonna cover, right? The whole attribution side of things is very difficult in some cases. How do you attribute this to a nation state attack that they say they won't cover? Um, the same thing's gonna go for any of these large types of, you know, breaches.
I think there's a discouraging part too, where some of these breaches occur and there's like millions of records that are, you know, disclosed and it doesn't even make the news. So it's, it is, I think we're really early on in figuring out, you know, where you're gonna see the legal action and where you're not. But I think the message that they're sending is, you need to start taking this seriously.
It's not okay to just think that this is something that happens so often that we should stop caring about it. You know, I hate to refer to Covid as a similar thing, but it's still live and well, and we're just living with it now. But there's a little bit of numbness I think that people have, you know, over the last two years been accustomed to. And, and so I think that's the same type of thing with security.
We have all of these events that are occurring and they're increasing at a rapid pace, but people are getting a little bit numb to it. And I think, you know, these governing bodies are trying to say like, it's not okay to be numb anymore. You have to be proactive. Um, and I think we're gonna see a little bit of this, you know, one of the things that is in the news very recently is the, the legal, um, attack, again, not attack, but the legal action is being taken against the Uber ciso, right?
Mm-Hmm. And right. Um, that is in court actually this week. And, and this is our first example of, you know, negligence that, or perceived negligence, I should say. Um, and I think the outcome of that, of that court, um, hearing is going to tell us a lot about how future future events are handled. Yep. And personally speaking, I'd love to see the CEO accountable on that one too, given just how much the CEO is, at least from the data we have equally as negligent as the ciso.
It's a shame that only the CISO seems to be taking the, the heat on this one. But, um, just a little commentary on my point, but that's a great point. Yeah. And, um, it'll be interesting to see. I think you're right. I think you're seeing the signals in place that's saying it's about time, folks, it's about time. So I love that. Um, I know you gotta go, so maybe just maybe one last little piece of a question.
Um, talking about MSPs, putting yourselves back into their shoes for a minute, you know, do you think that it's like, how, how do you think they should gain visibility into, um, the inventories of their critical vendors and insights into what they're doing? Yeah. Like what advice would you give them? Yeah, I mean, I think, you know, back to what I was saying about first of all, prioritizing, right? You know, you need to know what data you have, who has access to your critical data.
And knowing right away, who do I need to have that, that phone number to call, you know, when things are going down. Um, but start having those questions, you know, in conversations with them dialogue saying, you know, what are you doing in application security? Are you thinking about an SBO m on your roadmap? What can we do to work together to not only receive this information, but I, that MSP needs to be able to consume it, right?
They need to be able to consume not just one, but however end number of vendors that they're working with, which I think is the piece that we're still really trying to work on, right? And, and actually CSUN has a working group. They have four working groups that they're using right now, um, for not only development of of SBOs, but the, the tooling, the delivery, the consumption of it.
Um, because this is a, a larger problem than just generating an esmo m frankly, it's okay, once you have it, what do you do with it? Right? How do you interpret it? How do you make sure it's relevant, right? Because those are constantly changing.
Um, so I think we're at a phase where we just need to have those conversations if you're an MSP, and then just stay in tight lockstep with your vendors and understand, okay, what can I expect from you when the next log for J or whatever the case might be, how can I, you know, make sure I'm aware of where you are in your investigation and where I am in mind.
Um, because the thing that was really pivotal in, in a lesson learned, I think from, from lock bridge j was the reason it was so challenging to assess it was because it was software that was in software that was in software, right? And it, that's the whole like, you know, hub and spoke type of, uh, thing. And, and I think, um, you know, these challenges are gonna continue to arise, and we're not gonna get to perfection overnight.
So if you just start to open up those conversations and get ahead of things, then you know, it'll be a better outcome. And I think, you know, we all have to be in this together. It was interesting what you said, and again, if you have to, whenever you have to shut, I got, I got a few wrap Okay. Moments here. Yeah. It was interesting. Alberto, do you, I just wanna ask you, um, because how do you consume an sbo? It's almost like, correct me if I'm wrong, it's almost like threat intel.
You could have the greatest threat intel, but if you can't ingest it and do something with it, it's a kind of analogous, here's an sbo. Great. Yeah. Yeah. I mean, it's The thing I always like one word, right? Action. Right. If you can't action something, then it's worthless. Right? Right. Um, you know, you mentioned a threat intelligence, right?
I, I can produce the best report, I can analyze the, a threat actor to death, but if you can't consume that information, right, if you can't actually implement it in your daily operations, then really I just put it into one of two buckets, right? I produce an interesting report, um, but it's not compelling enough to take action. Right? Right, right. Yeah, that's, that's really good stuff. Um, be selfish here, Wes, and talk about Right. A bo for a second. That's exactly right.
We're looking at a threat actor, but how can we actually look at what they're doing and actually do something with that as an Ms P mm-Hmm. So a little pre, uh, preamble, it's gonna be good, Mr. mc. Yeah. It's gonna be awesome. So Everyone should join, right? Boom. Right? Everyone should just come, everyone on the call right now. Get your tickets, write a boom. It's awesome. Thanks Kelvin. No problem. Get CIPP as well while we're at it. Well, okay.
So now this is just a moment we're gonna plug everything, Right? Okay. I think Kelvin's up for some questions. Yeah, exactly. I was actually, we almost completely excluded Buro from our entire conversation. Didn't give many times. So I figured you come from a huge threat intelligence background. Where do you think MMSB should start? What, what, what's, what's the best point of them to, to just start thinking about threat intelligence in general? Yeah, absolutely.
So, um, you know, in cyber, we're, we're used to establishing baselines, right? Yeah. In order to establish a baseline, identify anomalous activity around that, you know, you can find detect evil. So same, same as that concept with a threat intelligence group, right? It's, uh, we like to take an approach, um, called priority intelligence requirements, right?
What this really is telling you is ask yourself a number of questions of what do you need to know about the external threat landscape and the internal threat landscape in order to secure your business, right? Um, and if you want to translate it into kind of more a business context is what's your information, right? What do you actually need to know about the threat in order to secure your environment, right? Yeah. You, are you really worried about ransomware?
Are you really worried about macOS threats when you operate in a Windows environment? Right? Right. You really need to know what it is that you're trying to protect in order to collect information, in order to analyze the information and ultimately report it out and disseminate it so you can get it to, uh, make it where your security draw. Yeah, exactly. Exactly. That's, that's an amazing answer really.
'cause I was actually thinking about the internal part as well, like, what are your internal risks? And a lot of people are skipping over that, especially when you don't do any type of certification or compliance. A lot of people just like ignore that internal part and focus mostly on, Hey, what's our external risk? But there's so much more dangers on the inside, talking about dangers on the inside. Yeah, absolutely.
So, um, you know, threat intelligence as a field is really in its infancy, right? We don't have these, these frameworks, uh, that are provided by this, uh, regulatory body, right? Yeah. We, we just don't have that type of information, right? What we do have is a lot of mature threat models. Yeah. Right? So things of, you think of like the kill chain, right? Um, cyber kill chain, you know, start reconnaissance you, uh, exit out your environment, right?
Um, think about dining model, think about, uh, moderate attack framework. And so what I would recommend for, for businesses is, are you able to detect, um, a, an adversary within that lifecycle, right?
Hopefully, uh, to the left of the boom, once you're at the writer, the boom and threat intelligence speak, uh, you know, it's, it's game like, like your, your environment is completely compromised and you're bringing in this million dollar retainer of, uh, incident response team, and, you know, you kind of lost control at that point. And, um, yeah. So that's, that's what I would say, uh, for like the internal environment also.
So talking about, um, um, exactly that point, the, that the data CAA takeover has changed a lot for MSPs, but also for you guys internally, what do you think has changed about the threat landscape for CAA or for data? Like, like, has it been a complete shift? Because of course, now you're managing two RMMs, two tools that have complete control over millions of environments. So how are you guys handling that? Yeah, uh, good point. So, right, with any merger acquisition, right?
You're, you're broadening your, uh, tax workers, right? Yeah. Um, two big companies, we global presence. Uh, so now you start looking at, uh, the security of each individual product and portfolio, right? Uh, from a threat intelligence perspective is looking out externally. So previously I had this level of visibility, and now that I, uh, part of a larger enterprise, right? Now, I have to factor that into my collection systems, right?
So I might have been on an underground form looking for X, Y, Z, um, so now I have to expand that, right? Um, so I have to increase, uh, the data sources that I'm going to, right? Uh, we have two something, uh, like RMM, right? With two RMMs, right? So now I have access to an an X amount of web server logs that I have to, uh, chippers right on my side of the house, on the datto side of the house, pre-acquisition. Uh, we've conducted baselines, we've, uh, scoured, uh, the deep dark web.
We've put in, uh, different types of detection logic, uh, in order to detect evil. Uh, now when you bring on a separate enterprise learning their approach, right? What, what are they doing or what, what are they not doing, right? So, you know, one of the things is, is simple as, uh, threat intelligence, right? There's three different approaches you can take for threat intelligence, right?
You can have an in-house team, you can have a hybrid team, which consists of in-house and outsource, or you can have a completely outsourced team, right? So for battle side of the house, we had a hybrid approach, uh, primarily, uh, Kaseya side of the house, and more outsource, right? So how do you, how do you merge that together and create a more of a efficient coverage of the threat internally and externally, right?
That's, that's a really, really tough problem to solve when, you know, you also have to layer on the different political relationships you have to go through, right? So like threat intelligence, you're engaging, we're one of the only sections that you really engage across the entire enterprise, right? I'm engaging with all the way to the board, to the frontline employee, right? It is very unique. And on top of that, in my field, I get paid for educated opinions, right?
I, they want me to be in the room and be contrarian, right? Yeah. And how do you be contrarian in an environment where you have one culture and a different culture, and then try to, uh, identify different areas where you need to derive that information, right? And then you gotta approach it differently, right? And that's all before even getting to the intelligence that I have to analyze, right? It's, it's a, it's a weird, uh, weird environment sometimes to be in. Yeah.
I like that part where you said pre-acquisition. 'cause that's actually something I was wondering about too, like, how much extra threat modeling did you do when you heard you were going to acquire, say, like, like at the moment you heard like, what extra steps did you take to, to get more information? Because I think that, that at that moment, it would already have been quite stressful because you, you know, you're bringing in another bunch of unknown things. So how did you respond to that?
And I got a Question, can I, Was that absolutely with that question? And I think you'd mentioned this to me offline per pero, was it, were, were you like, okay, now it's announced to the world this is happening? Is that like threat actors starting to froth a little bit? Yeah, yeah, absolutely. So, um, you know, how do we approach it pre and post, uh, and then right now we're considered a transitional period, right? So, uh, back in April when it became public announcement, right?
Uh, threat actors like to grab on the, the latest themes, right? So one of the themes being a acquisition announcement, right? Uh, so two things come into play, right? Which actually favors the threat actor versus the defender, is that everyone is thirsty for information, right? Yep. Whether you're inside of the business or whether you're external to the business, everyone is thirsty to know what is going on, right?
So threat actors, uh, we put in detection logic in advance to look for different key terms that are potentially being, hitting our environment, right? Whether it be at, at the network level, whether it be an email security appliance, you know, we're looking for these things. And then externally, we're also monitoring things like social media. We're monitoring, uh, things on the underground, right? What are the actors, uh, talking about, right?
That could potentially give us that, that breadcrumb that we need, right? Uh, in order to better protect our environment. So taking all of that information and then developing a more robust, uh, threat profile, right? So we looked at Kaseya. So Kaseya acquired us. So we looked at Kaseya and we asked the question of who is targeting Kase currently? Who historically has targeted Kaseya? How had they, how have they entered their environment?
How have they potentially operated within their environment, or how could they operate in their environment, right? We're asking all of those questions, identifying the threat actors, decomposing the various, uh, behaviors, TTPs, so tactics, techniques, and procedures that are aligned to the moderate tech framework. We're decomposing that, creating mini profiles, and then we're running that against our internal security, um, controls, right?
So we're, we're validating that one, we have coverage for this, or if we don't have coverage for this, why don't we have coverage for this? Taking all of that information and assume as we're, we're past the, the legal hurdle, right? Where both companies can actually talk to each other, we're submitting that information to our counterparts and say, what can you tell us about this? Right? Yeah. Um, and then, you know, if, if they can answer the question right away, great.
If they can't, then, you know, that's where we actually start to accelerate our onboarding process of both teams, right? Or this is how we did it, let's explain it to you. Let's work this project collaboratively, right? And then let's, I, let's identify areas where, where there's gaps and where we need to close it, right? And, you know, um, that's kind of, kind of the, the approach that we took. Um, pretty, it sounds amazing. It's like, like that there's so many sources you take data from.
So a little bit of an off script question is like, how do you, uh, collate all the data and the sources that you have? Like, like, are there specific institutions you work with a lot? Or is the, is it like, um, for example, personally I'm Dutch, so I'm very familiar with the, the IVD that they're like personal friends of mine. Um, where do you get all your data from? Are there specific things like sources you think MSP should be monitoring too?
Yeah, so we, we collect what we call all source information, right? So we start at the publicly accessible information, right? So think about like news media. You think about security blogs, uh, you think of vendor blogs, uh, then you talk about social media, right? So the Twitters, the Reddits, um, and even, uh, going into the more of a closed forums, if you will.
So think of like instant message, uh, messaging system, uh, and particularly telegram where, uh, cybercrime actors have migrated to, uh, because they, they believe it to be more secure. Exactly. Um, and also operating in the, uh, the deep dark web, right? We operate where your bad guys operate, right? Um, so we're in Russian forums, resilient forums, and we're in, you know, American, uh, English language hacking forums. And then we're also, uh, coordinating with third party vendors, right?
So we have close relationships with third party threat intelligence vendors that, uh, we're built. Uh, those relationships were built over the years. Some are, are paid, um, providers, others just industry relationships. Yeah. We also, um, engage with different ISACs, right? We also have informal ISACs. So, um, what I like to, uh, the analogy I always like to take is, uh, when I was at, at p wc, right?
Um, I was their threat intelligence program, um, director and living in, in Northern Virginia area. I literally walked into Deloitte's office in Arlington, kicked on the door like, Hey guys, what's going on, Humar? Look, we operate on a same damn network. We, we operate in the same industry. Let everyone else let the business guys compete. We at the network level, we're friends. Like, a threat against you is a threat against us, right?
So we take that same approach with our com with our quote unquote competitors, right? So, uh, one relationship that we have really well right now is, uh, or enable, um, we engage, I engage with my counterpart, um, you know, as, as Evets come up, um, you know, we share information and we ensure that their enterprise is secure. Our enterprise is secure. That's so, yeah. That's awesome. Dave. Collaboration is Great. David mc, David McKibbon is phenomenal over At Enable.
He's done a great job and he and Ryan have forged a great friendship. So it's great that guys are doing that. Wes, I want to kind of tee you up a little bit 'cause we're probably down about 13, 14 minutes, but, um, because you guys have a lot of focus in m and a at Perch, can you really highlight that piece? Talk to Roberto about this, because MSPs themselves are being a lot of m and a going on with MSPs and they're customers.
I mean, we have a, again, if you're an M Ms P and not thinking about when your customer tells you that we're merging, we're selling, like, talk to us why that is such a critical time for, for the MSPs. Yeah. Well, Berta, you've hinted at some of that a lot already of like, you inherit the risk of the operations and deeds and misdeeds of that that you're acquiring. And oftentimes, no matter how diligent you might be in your process, you still end up missing things.
I didn't know they had a private Slack group that they're sharing a whole bunch of data that API stuff is coming in, has been sitting. Like there are just things that you sometimes have no idea about until you get involved in the business processes of that, that acquisition. And I think that a lot of times when we do acquisitions, we do them so fast, Andrew, that we're not actually spending enough time understanding going back to, um, the how you make money, right?
Discussion that we had at write a boom of like really understanding their operational business processes. Because you'll see, and I could share you story after story, probably many that would violate NDA, so I won't, but like of, of like, it's just natural. It happens all the time that like, we didn't know to ask that question. We didn't know that was in place. We didn't know that wasn't in place. We didn't know this data was coming from here to there. We just didn't know. Yeah.
And so it be, the more acquisitions you do, and especially for MSPs, and I'm talking to, I mean, I've had a bunch of walk up to me this week being like, Hey, we're looking for an MSP in this range. Do you know of any, and I'm so happy for them, but the, the fear should also go up of like, what are we, are we really understanding what these are doing? 'cause we're bringing them in and we're inheriting that risk as we bring them in.
And that's something that has to be really di in depth thought through. Nice. So Alberto, it's kinda like falling in love, right? You're so excited, but you forget to ask a few of those important questions, right? Yeah, yeah, absolutely. So there's like, uh, an acronym that we, we kind of use in the space is, uh, BYOA, right? You, uh, bring your own adversary, right? You're not only onboarding the new company, you're also onboarding their adversaries, right?
Like whoever's burrowed in their environment, guess what? Now they're in your environment. Right? Right, right. Yeah, very true. Very true. So what advice might you give like an MSP? Um, like, let's just, let's talk twofold. One, um, they're being acquired or they're the acquirer, right? Because again, it's, you guys have a world class team, and it's awesome to hear the, the kind of things that you do, you know, studying adversaries, doing em, you know, uh, emulation exercises, et cetera.
Right. But MSPs themselves typically, right? I don't know of one off the top of my head, Wes, that have threat intel teams and are doing adversary. Um, yeah. But is there a accepting Calvin? Of course, it's superhero. No, Kelvin just, He just, he just emulates himself. Yeah. Okay. Yeah. Okay. Yeah, he's his own adversary. Exactly. This is like Calvin inception. Yeah. Yeah.
But any, any, like, I know there's like no, like easy button, but are there things they could do what, you know, if you were an MSP getting, you know, acquiring, what, what might you do? Like say, Hey, look, we're gonna now a sudden on, like you said, onboard potentially another adversary, um, without that kind of budget that you guys have. Yeah, absolutely. So, uh, one of the things I always tell people is, you know, what's your crown jewel, right?
Um, you're buying this company or you're, you're getting bought out. What, why are you being bought, right? What, what is it, what is it that makes, makes your business unique, right? Uh, if a critical system went offline, would you know about it, right? And if you do know about it, or you know, if you don't know about it, right? Maybe you should start learning what that is, right? What, what is your mission critical system, right? What, and you make money, right? Operations, right?
And then being able to, as soon as you identify that right, then you can start identifying how can an adversary get into this particular system and pivot into your network, right? Those are very high level questions. You don't have to identify the a PT number, right? You don't have to just identify a bad guy would be able to get into here how mm-Hmm. The, that's good. And, and I have solid gold.
One thing I would even add to that as well that can be helpful is be tight with your standards as an MSP. If you have really tight standards on exactly how you operate and you incorporate that acquisition into your standards, you have less of a chance of missing something. I'll give you an example of this, right? Like, um, let's say as an as an MSP, um, we, we've got really good standards on, um, r like how we operate in the rm, right?
So I bring this new one in and they're using the same RMM we are using. Well, how quickly do we get all their SOPs and all of their clients on board and everything integrated into our way of doing things? It's not because we do it better than them, it's because we need to operate at the same standard level so we don't miss things. That's a critical piece. Or another example would be like API data, right? Like, where do you see data coming in and out?
Like even, um, I'll throw a shout out at, um, what John Hart's doing at SaaS leo, right? Getting visibility into those kinds of things. So you can bring the same standardizations in your cloud integrations into the same house, right? Like, that's why I think it's important as an MSP, if you're going through acquisitions, don't just let that newly acquired acquisition just do business the way they've always done business. That's too much risk that you inherit.
So bring them into your standardized, standardized process, and that'll take you a really long way, don't you think? Kelvin? Absolutely. 100%. Like we, we've, we've struggled with this in the past, um, and in the past, meaning like 10 years ago, uh, even when accepting clients, clients worth conforming to our standards. Bingo. So how the hell are you going to integrate a new MSP if you, you can't even get your clients to follow it. It, it just doesn't work that way.
So like I, I've always said the measure of a good MSP is by how many clients they fired, simply because that's the only way you can figure out if someone actually is serious about applying their own standards. It's the same towards, uh, acquisitions in, in, in other MSPs. You have to make sure that what you're bringing in just starts conforming to your standards immediately. There's no slack space there.
There's, there's no space to relax and say like, okay, we're going to do this very slowly and this year we're going to make them do this in our standard, and the next year we're going to make them do that. Because every month that you forget to do that is, is a month that you are having more and more risk in your entire environment. It's really good. Really good stuff. Really good stuff.
Wesley, what do you got for, uh, maybe for Kelvin there any, any interesting stuff there, but as we start to wind down the last few Minutes here? Yeah, for sure. I mean, I think there's a a billion things I could go ask.
Um, I guess where are you see, just to take a big zoom out, Kelvin, where are you seeing the areas of greatest progress in security, whether it's on the vendor relationship ecosystems, like our friends at Datto, um, or where are you seeing the biggest areas of need that we need to like, grow into and build maturity into? Well, that, that's a good one.
So the need is the easiest one actually, because you're seeing that all MSPs, and I'm even talking about my own here, have a pretty low operational maturity when it comes to security. We're always playing catch up when it's go. When you compare us to enterprises, if you look at an enterprise, they often have like all these very cool things available, and then you look at an SP and you compare them and you're like, wait a minute, why do, why aren't you ingesting that data somehow?
Why aren't you using the scene? Why, why don't you have a SOC available? It's, it's like for enterprises, stuff is already at the basic level, and for us that's like, oh no, that's highly advanced. That, that, that's the best stuff you can have. So I think we can really learn from that as MSPs, like, we're actually tiny little enterprises that are having a lot of smaller companies. Just imagine yourself as an MSP that you're the, the, the head office taking care of the IT for all of them.
And that gives you a completely different mindset on how you need to need to operate and also talk to what your clients. So the need is really, we need to look more at those kind of solutions at enterprise systems themselves because they're so much more ahead of us. I guess the biggest growth I'm seeing is, is both on the vendor side and, and on the MSP side, because if you walk around dataCon today, I think 70% of the stands over there are security focused.
If MSPs are asking questions, they're asking security questions, they're no longer asking like, how do I do the commodity stuff? How do I manage M 365? How do I fix a computer? And now they're asking, how do I fix this computer securely, how do I make sure that I am protecting my clients? So the questions they're asking are already getting much better than let's say five years ago.
It's, it's, it's, there's a very rapid evolution of MSBs starting to focus more on security, even though the solo shelves are doing it these days. Yeah, I love that. Yeah. Quick question, Kelvin, with what you just said, which is gold, I agree with it. Basically holding ourselves to a, an enterprise standard, right? And it's, it's cliche, it's easy to say, a lot harder to do.
Gary Pika, who is normally on the show list, talks about you gotta, I mean, this sounds expensive, so he talks about you gotta charge more. Have you seen your prices increase as a result of needing to do more for your clients? Uh, not as a result of needing to do more, more of a result of me wanting to get rich? No, no. Without jokes. Um, yeah, absolutely. We have increased prices because we want more security tooling.
I mean, we're one of the few MSPs that actually, well, you know, one of my security guys, we actually have an active security team in hubs, right? So that, that, that is something that we've had to directly charge the clients. We have to tell 'em like, yeah, we're going to help you with your security, but we, that security team costs extra and we have to get that back somehow so our prices are going up because of that.
And so far, none of the clients have ever complained about that because they have a feeling like, okay, you know, I'm, I'm in a good place with these guys. It's so, it's so great to hear that, you know, because again, I think so much of, you know, not wanting to charge more is way more in our own heads. Absolutely. Absolutely. It's in our, it's right. And I see Jason and Dustin down there, all the guys nodding it, it's our head trash. Yeah, right.
It's our belief, it's our either our self image that isn't upholding our ability to do it, or Go ahead. It's, it's, we recently had a big price increase. We, uh, increased our prices 15% this year. That's part of course the, the inflation that's going on everywhere and part just stuff up. We needed to increase our prices. We actually do a price increase yearly.
So what's very important for MSP to remember is if you don't increase your prices every year, you're giving your clients a two or 3% discount every year. And looking at it that way makes it make a bit more sense in your head. Like, I need to increase my prices, otherwise I'm giving discounts. So that sounds something for MSPs to just like sort of twist that No, a little and fewer differently. Really, really good. Really good stuff.
Um, hey, in closing, Jason, Dustin, all you guys come, come on up. Let's get you on camera. Um, you guys could do a quick toast out to the, uh, everyone here. We've lost, we've lost a, a bunch of people. We, we almost peaked around, uh, you know, a few hundred today, but, um, oh God. But no, come on, on camera guys. Um, it was so great to have you guys live. We had a bunch more, they had a leave already, but, um, so good to see, uh, Dustin Bowl editor, Alex Farling and, and, and Jason Slagel.
Um, thanks so much for showing up live guys. It's Great to have you. Absolutely. Kelvin, awesome. Alberto, Wes, everybody, um, on behalf of the cyber call, we'll look forward to seeing you next week, Wes. And I'll be actually live from MSSP alert back here in dc. We'll have to figure out with Joe Pan and Terry, how we're gonna do this. I think it's in the White House, Is it? Yeah. Okay, Awesome. Well Speak. So you already talked to Biden about his s bombs and everything. We're all good.
He's good. Okay, fantastic. Awesome. Alright, everybody have an awesome day. Take care.


