Transcript
So welcome, happy Wednesday, everybody. My name is Francisco Castro and I'm a learning experience manager here at LionGuard. All that means is that I manage our education resources to make sure that you're all leveraging LionGuard as best as you can. And with me today, I have Matt Miller, our VP of product, and Wendy Lamar, our director of product management. I'll let them introduce themselves in just a second. But if today's Q&A webinar looks a little different than it has in the past, that is because it is a little bit different. We normally structure these sections to be a little bit more technically oriented for any questions or issues that you might be running into. But today we have the pleasure and honor to have members of our product team to talk a little bit about LionGuard, LionGuard the product, where we're at and where we will be headed. And more than anything, it's just a chance for you to just have some face time with us. We love our partners. We're fans of our partners and our product is dictated by the needs that you all have and the needs that you all have expressed to us. And so far, there's just so many exciting things happening with LionGuard and with the future of LionGuard. And we're just excited to dig in. So I'll let Matt and Wendy introduce themselves briefly. I'll explain a little bit about what the session will look like, and then I'll hand it back over to them. So Wendy, tell us who you are. Sure. Sure. Hi, Wendy Lamar, Director of Product Management. Very nice to be here with all of you today. I'm looking forward to hearing all of your questions and getting you guys some answers. Thank you. Send it over to Matt. All right. Yeah, I am Matt Miller, VP of Product. I've been with LionGuard for about five years now, just over five. So been here since pretty, pretty early days out of the company. Before that, I was with an MSP at Austin, Texas for about 11 years. So I've come out of that space and learned a lot while I was doing that, but I've applied here at LionGuard. I'm excited to share some details of product roadmap with y'all, and also just talk a little bit more about where we're going as a product. I think that's the plan, but back to you, Francisco. I'll take that. And they won't say this right here, right now, but I'll say these are absolutely some of the smartest people I've ever met. So you're in good hands, and yeah, let's get down to it. So like Matt mentioned, he's going to just present a little bit of our product roadmap and some details that I know you all will be really excited to get some insight into. In the meantime, I encourage you to go ahead and submit questions via the Q&A feature. Now, you're welcome to use the chat to share comments, reactions. But as far as questions, we'd love it if you could submit those questions to our Q&A feature. It should be right at the bottom on your Zoom toolbar. Excuse me. And that'll just help us track the questions that come in. Otherwise, use the chat. You're good. Feel free to, again, submit those questions as we, excuse me, as we are having our initial presentation. We may answer those in stride. But if not, be assured that we will answer all of your questions by the end of the presentation. And that's really it, y'all. Like I said, this is really just an opportunity to get some face time with our product team. And we're really, really happy to have them. All right. All right. I guess that's to me. Then, Francisco, I'll jump in. Yeah. So presentation's probably too charitable of a word. So I'm going to do two things today. First, I'm going to share a little one-slide version of some things we have coming up on the roadmap. So the kind of next two quarters is what we're planning to share. So we're really looking kind of back into Q2 of what we have been working on there and have been delivering, and then forward into Q3, which is where we are today. So we have some exciting kind of specific concrete things to share. And then part two, I'm going to talk a little bit more about configuration change detection response, CCDR. Some of y'all may have noticed that we've recently relaunched our website, and then we're out there in the field talking a lot about this concept, which is where LionGuard's really going in the future. So this concept of the ability to have a sort of total command of system configurations and knowing when they change as an important part of any good security program, and further to that of cyber insurance, kind of insurability questions, which is a huge concern in the market right now. So I'm going to jump into that, and yeah, please be submitting the questions. Francisco, can I grab the screen share from you? Okay. So this is the first thing I wanted to share. So kind of our Q2, Q3 look at the roadmap. So some of this stuff has already come out. Some of it is still to come, but I think we have some exciting things here. So first and foremost is GDAP support for our Microsoft Cloud inspectors. I already saw one question in the Q&A about some of the blocking and tackling left to do on that, but that was certainly a big theme for us in Q2, and then even going into the current quarter in Q3 of just making sure that we are ready and making that transition to Microsoft's new authentication method as smooth as we can, and making sure we also take advantage of the improved security posture from that. So that's a big thing that we've been working on. We are also putting a large amount of additional focus on additional metrics, alerts, report templates in the app. So we acknowledge, we know that there is quite a bit of work to do, especially as a new LionGuard user, right? So coming in and getting all your inspectors set up, but then also understanding how to make use of that data, how to sort of activate it and make it useful for you. So we're putting a lot of work into having more templates that are just already available in the app to serve key, kind of key use cases, to be able to do user audits and other things like that that are very valuable, kind of day one with LionGuard, that'll also be valuable if you've been using LionGuard for years. So that's another thing. And then finally, in Q2, one of the big things we were working on the inspector side was a refactor of our Windows Server Inspector. So the Windows Server Inspector was one of our oldest inspectors, one of the really original ones. And we have since released the Windows Workstation Inspector. So a big part of this work on the Windows Server Inspector was sort of bringing those two things together, modernizing the Windows Server Inspector to bring more data to it, to make it more performant, and also just under the hood for those interested, to bring it up to sort of a new level of technology. So eliminating some of the PowerShell scripting and other things that underpin that and going into more of just a pure C-sharp framework, so just sort of a more secure and performant way of doing things overall. That is also going to pave the way for our updated sort of agent deployment methodology. So we have always sort of from day one taken the stance of deploying a single agent into a particular network and using that to remotely inspect all the other Windows servers on that network and also to inspect things like the firewall, et cetera, on that network. We are evolving that. That's come about for a few reasons, not the least of which is sort of the work from home movement. We can now expect most machines to be off of the local network most of the time. We've also introduced the Windows Workstation Inspector itself. So we have gone from inspecting a relatively small set of Windows servers to inspecting all of the Windows machines on the network, including the user endpoints. So additional sort of surface area to cover there. And then also we got a lot of feedback from partners around the way that in that old mode of remote inspection, so under the mode where you would deploy one agent and inspect many Windows servers on a given network, the need for the remote PowerShell capability and some other things that from a security kind of surface area perspective weren't necessarily that everyone's preferred way of doing things. So this change to the Windows Server Inspector also is going to pave the way for us being able to do a simpler deployment model for our agent, where we simply deploy the LionGuard agent to all Windows machines, and then all the inspections on the sort of local operating system can just run from that local agent. So there are a little bit additional, a little bit more of an agent deployment motion, but a greatly simplified architecture and improved security profile in the end. So I'm going to take a breath there. That's Q2. Francisco, do we have any questions we want to stop and grab now, or do you want to stack that at the end? What do you think? I would say some of the questions have to do with Q2, some with Q3. Let's go ahead and run all the way through Q3, and then we can start answering some questions. Sounds like a plan. All right. So then coming up in Q3, we're looking at a few more things. So one of the biggest things we've been working on in the background for a while now that we expect to start delivering in Q3 is a pretty dramatically revamped query architecture. So that sort of is a technical word that sounds very under the hood, but some of the concrete outcomes that we're planning to drive with this are the ability to bring full tables like you might see in the data from an individual inspector. So if you, for example, if you go into the Microsoft 365 inspector and you click into the users table, you don't have the ability to take a table like that and put it into our reports feature. You have to run everything through the metrics query engine. This sort of new way of handling queries and tabular data is going to break that limitation. So you'll have the ability to, when you're building custom reports, bring in tables like users and other elements that kind of have each record on their own row, which is a pretty significant improvement when you're trying to build a report for a user audit, for a firewall policy audit, for lots of different things where you sort of want to be able to bring tables into reports. And then from there, you can kind of run those processes, you can schedule them via email, you can do all of the things that you do with reports. That's going to be a significant unlock there. This also paves the way for some other very important kind of very central improvements to the platform. So that's going to also be the foundation for some exciting things that we have planned around more kind of graphical visual dashboards in the application. So again, sort of following that theme I mentioned earlier of how are we activating the data? How do we go from, okay, we have a lot of data in the LionGuard platform to how do we make it easy and obvious for what to do with it? This new query engine is also going to be the foundation of some of those more visual dashboard-y things that we're planning to bring to the app. And then finally, it's also going to simplify the process of creating metrics. So as probably most of you know, if you're interested enough to be on one of our regular webinars, you probably know quite a bit about LionGuard. Writing a metric is still a fairly complex thing. You have to learn the kind of James Path query language and a few other things. This new query methodology is going to make that much more graphical. So people will be, you will be able to create metrics in more of a UI-driven experience. And then it'll also just kind of, it's really ultimately going to lead to us being able to make metrics with other languages besides James Path. Most notably, likely, it'll be B-SQL. So much more sort of accessible ways to create metrics. So streamlined report creation and support for tabular data is how we frame that on the roadmap, but there's quite a bit there. It's a foundational improvement to the platform that'll be delivered over time. Some other exciting things. We are rolling out a new inspector, SonicWall Capture Client Inspector, and that's one that we've heard from some of our MSP customers who are running more, kind of more sophisticated security programs. That was an important one to them and it represents a general desire on our part to get back to creating new inspectors. We created a lot of new inspectors in the early days. We have focused in the last year more on stability and kind of improving those core inspectors, representing a little bit of a shift to wanting to deliver more new inspectors. So we'll be bringing that out. And then also kind of along that same theme, we are going to be releasing a new inspector for Mac OS. So bringing sort of parity. Francisco is excited. Many folks at LionGuard are excited and I hope you're excited as well. But sort of following on from bringing the Windows Workstation Inspector to market and sort of getting that coverage on Windows Workstations, we want to bring that parity to the Mac world because we know that it's a necessary and growing thing for MSPs, perhaps not to specialize in Macs. Perhaps they're not 100% of your customer base, but you are certainly being asked to maintain some Macs and we see a lot of value in bringing those configuration details all into one place. And we want that place to be LionGuard. So that may be delivered before they slide out a little bit, speaking candidly, but it's actively under development. And we are also fielding beta customers to use the first version of it. So if you are a Mac specialist shop who may be interested in giving us some feedback on that, reaching out to Wendy and myself would be great because we are actively seeking those. And then finally, user permission and access group enhancements. This is another thing really driven by customer feedback. So this is about the creation of LionGuard users and scoping their permissions when they log into the app. So the ability to create groups of environments, apply those groups to users as kind of as permission sets in sort of in a more unified way that, for example, if you want to give a group of technicians access to just like a regionalized, let's say, subset of your end customers, the ability to define a group in one place and apply that that group to multiple users in LionGuard, making that much simpler is another big thing on the roadmap. So those are the major highlights that I wanted to cover. And I think I'll now kind of pivot into some of the Q&A. So not a whole lot going on these next two. OK. No, obviously not. Our product and engineering teams are doing so many awesome updates and feature improvements, and we're really excited for these. So I see a couple of questions roll in. Let's go ahead and see if we can get some answers to those. So David is asking about any idea when polling will increase beyond three times a day. David, I'm assuming you might be referring to the number of inspections that we can do within a day. He's also asking about some some improvements to the Microsoft GDAP cloud inspector transition and some metrics that we've had to temporarily put on hold for those. Yeah. Yep. So to the first part of that question, and Wendy, I'm going to defer to you on the second part, because I think you probably know better than I do, honestly. But as far as the polling increase, so it's unlikely that we're going to lower the or to increase the frequency of running the whole inspection. Right. Because that can be a fairly heavyweight process. Right. We don't want to crush a vendor's API by trying to run a full inspector that pulls a lot of data out every 15 minutes. What we are actively investigating, though, is how do we get key data points to more of a real time or near time stance? So sort of so for the key elements that maybe would indicate a security incident. Right. If there's a if there's a change to key security settings to to privileged user groups, how do we deliver those alerts more more quickly and more sort of a monitoring fashion? I don't have a specific timeline to share for you on that, but I can say that that is something we are actively investigating and that is on our roadmap. So we are looking to go there in the future. And Wendy, could you jump in on the GDAP question? Sure, sure. So there's so with the the GDAP metrics and information that has gone away with our implementation of the new security model, there are kind of two things going on here. So we are actively working on getting the data that we can access from Microsoft with the new permission set. So there is some of that data and work that is underway to get to resolution. There is another set of data that right now, just the new method, the new authentication methodology just does not currently have the security permissions for us to be able to even get to that data. But we are monitoring. And as soon as Microsoft makes that information available, we have plans to update and bring some of that data back. Awesome, looking good. Great, so go ahead and move on to another question. We have a question by Jason asking about any updates to the IP, the network IP inspector, perhaps looking at something like vulnerability, passive vulnerability scan information. So I can speak to in regards to the network IP inspector. Yeah, that's another thing that we are actively investigating. And we're also exploring some partnerships with other other vendors that might be able to help us deliver that sort of more real time scan more quickly. So none of a concrete timeline to share. We do ultimately have that ambition of being able to have baseline data or better baseline data, I should say, about sort of every asset on the network. Right. That is something that we are exploring as far as delivering the unified set of assets. Right. Show me everything that's on the network. Give me some basic details about it. And then use the LionGuard inspectors to get that sort of deeper data for systems where we want to do inspections. So that sort of is the thought process on the network IP inspector. And actually, I'm realizing that I think I may be answering the wrong question. Actually, I was answering this based on the sort of network scanner, network discovery inspector, forgetting for a moment that we have the network IP. And so the network IP inspector, for some people who may not be familiar, it is one that we built. It was built in the very early days of LionGuard to inspect a public IP address and sort of return details about it, what sort of ISP's IP block is a part of things like that. We don't have any current plans to revisit that inspector. The larger theme of passive vulnerability scan details, that is something that we're still investigating. So I think I have to give kind of a soft answer on that. Yes, we are still interested in solving for that theme. I don't have a timeline to share on it. And then looking at Robinson's question, this seems like a very specific question that I'm not sure I fully understand, but we absolutely want to make sure you get an answer. So I think we should follow up on that one offline and just make sure that Robinson gets to a good place. Yeah, we'll definitely follow up with you, Robinson, just to get you some support on that side. Just hang tight. All right. And then so the last question here, user permissions and access groups would like to see users restricted to an environment, also to not see access management module in admin. OK. I'm trying to I may not fully understand the question there, Wendy, do you have an interpretation of that or Thomas, do you want to follow up in the chat? I'll try to take a swing at it here. So users restricted to an environment to also not see. So basically to hide what I'm interpreting that question to me is to hide the access management part of the admin menu. So I kind of hide from the UI features that that user doesn't have access to and shouldn't even see. I think that that's a totally reasonable piece of feedback and we can take that into account when we're building that basically hide management features from users who are not LionGuard administrators. So if I misinterpreted the question, bring it in, but it looks like that's a yes. Awesome. We also have a question about our data and our different integrations, specifically when using one of our data integrations like Bright Gauge, Matt, you spoke about potentially getting that more tabular data in our reports feature. I think the question is more or less looking to see if that would have any kind of impact on those data integrations that we have, such as Power BI or Bright Gauge. Is there anything you can speak to on that? Yeah, so that those tabular entities, right, they will be accessible by our API. So the answer is it absolutely those absolutely can be projected out into the integrations in the Bright Gauge case specifically, they're pulling data from our API. So we'll need to work with Bright Gauge to have them sort of build up the V2 of that integration to leverage the new capabilities. I can't speak to their roadmap, but that capability will exist. And we would certainly like to work with with them to deliver those sort of more advanced outcomes in Bright Gauge. Perfect, good question, you're going to love this one from Robbie, is there a plan to be able to run custom inspections like via PowerShell or API commands? Yeah, short answer is yes, this is something that is on our kind of next 12 month of road, 12 months of roadmap, we're exploring the kind of precise way to do this, to implement it. But yeah, we do plan to open it up to where you don't have to wait for LionGuard to build an inspector in order to get data about a particular product into LionGuard. So broadly speaking, yes, we are committed to solving that. And we plan to solve it in the next year, whether that is sort of opening it up so that that the MSPs can build it, or if we're going to work more closely with other vendors to get them to put data in some of those details remain to be worked out. But I think the most likely incarnation of that will be something like allowing our MSP partners to construct a data print and upload it to our API and where they can where it can be kind of consumed and put on the timeline, make metrics, kind of all those things. That's the implementation that we're we're most sort of aggressively playing with on our side. Perfect. Fair enough. Well, these are really, really awesome questions, y'all. Thank you so much. Keep them coming. Matt, do you still want to share some more about CCVR and where LionGuard fits out there? Yeah, I'll just I just want to spend a couple of minutes on I won't take too much time. But yeah, so so for anyone who wasn't aware, we are we're sort of in the process of coining this term, creating this category, configuration, change detection and response. If you haven't checked out our new website, please check it out. There's a lot of a lot of good things there. But we really are moving towards and a lot of the things on the roadmap that we just talked about are really oriented towards this. So that's why I wanted to sort of bring it up here towards this concept of of really focusing on are your configure are your systems configured the way that they should according to either to your standards and according to sort of known good security practices? And then can we track that with sort of. Comprehensively, automatically, so bringing that data in as LionGuard already does and then leveraging change detections and other LionGuard features to have a comprehensive program around managing and detecting that change. So that that sort of is where we're going with the CCDR concept and one specific sort of lens to put on that that we talked about at Exchange Secure. If anyone happened to be at that show recently, we talked about it there, but that we'll be talking about a lot more is really around cyber insurability for MSPs. So that's a that's a big theme. Whenever I talk to MSPs one on one, whenever I whenever we do a survey of what sort of is top of mind for MSPs, the sort of the sort of existential business questions around, am I going to be able to be to remain viable in the case of a cyber event? And a key part of that is having robust cyber insurance that comes with a lot of sort of technological assurances you are in, for example, if you happen to have a security incident and you have cyber insurance, you will typically need to prove that you had all of the boxes checked that you attested to on the original application form. Do you have MFA turned on for all users? You have appropriate virus and spam filtering in place. And so one thing that we are focusing on at LionGuard is making that process easier from both an initial sort of application perspective and then sort of on an ongoing tracking change detection substantiation basis. So this is a big theme for us. It's going to be one of the first incarnations of those dashboards that I mentioned, sort of a dashboard to make that process simpler and easier to grasp. So I just wanted to share that with this team and also just sort of generally socialize that idea of CCDR. Check out our website and please give us any any feedback that you have on that. We are we would certainly love to hear it. That's all I got, Francisco. Also, I have more questions. Well, thank you so much, Matt, for giving us that overarching roadmap and as well as sort of chatting with us a little bit more about CCDR, this roadmap that Matt has just presented and we've answered on is CCDR in LionGuard, right? So through these various iterations, any features coming down the line, that is that is how we are achieving that configuration change detection and response, which you can do today at LionGuard, too. So, yeah, absolutely. We still have a little bit more time. Y'all, if you have any more questions, please go ahead and submit them. Otherwise, we're just going to hang out here for a little bit longer. If we answer your questions, feel free to drop off. No one's forcing you. But yeah, we'll definitely stick around for more questions. Seems like Robbie is asking about any plans for additional additional manufacturers for warranty info, maybe Cisco. So I can't say we have a concrete strategy or plan around Cisco. We are looking at warranty capability in general, looking at HP has now has a warranty API that is not totally open to other vendors, but we're looking at strategies for how we can leverage that. Cisco don't have concrete roadmap plans around, but I mean, directionally still delivering more warranty data as it's available is certainly something that we will do. But I can't I can't say a timeline for Cisco. Any more questions, y'all, we'll hang out for a little bit longer, make sure we answer any any other lingering thoughts, questions, comments. But I'm not sure if you're seeing Robbie's question here about LionGuard focusing on some of these enterprise systems. You might be muted. Yeah, I'm just seeing the new questions coming in, and I think my favorite is about pizza topping so far, but I'll start with the Q&A questions. Is there a plan to custom change section for additional. So, Mohammed, I'm not sure that I fully understand that question. I'm going to I'm going to circle back to that one. So, Robbie, is there a desire by LionGuard to focus on enterprise systems, SANS and load balancers, et cetera? Yeah, I definitely I would see us going there. I think that when we open up the ability to kind of upload your own data to define your own inspector, that will open up that possibility for folks who want to build those. I think as we we will likely start to take on some more of the enterprise things, I would anticipate more towards the end of 2024. Don't hold me to that sort of just speculating about where we're going. So the answer to your question, though, is yes, I anticipate that in the long run, LionGuard will certainly capture data from those systems. Jason, to your question, is there an issue with the Continuum RMM inspector? Yeah, I think it's fair to say that we there is a bit of a struggle with the Continuum API as we're making the transition into the new ConnectWise RMM world. So we are in touch with ConnectWise trying to understand our best options for transitioning to their new API. Meanwhile, the Continuum API does seem to be perhaps degrading a bit. So we're doing our best to keep that one running. But we will certainly announce plans to move that to ConnectWise RMM's new API when we have a concrete plan on that. vSphere inspector going out of beta. I don't have a specific timeline for that. That one has been a challenge to build in all candidates. I don't have a I think that I think the most honest answer I can get to that was no, we don't currently have a plan to take the vSphere inspector out of beta. Let's see. You know, status detail, call in point retry count threshold exceeded. Jason, I mean, on that one, that sounds like a specific inspector error message. I think best thing to do would be do a support chat and just give us some more details. Things like which inspector, you know, which specific launch points in our instance, if we can go take a look at it, we can we can certainly troubleshoot that. David, so certain metrics that we currently monitor with another 12,000,000,000,000,000 certain metrics that we currently monitor with another tool set like mailbox permission changes. Yes. So this is this is a sort of a near and dear challenge to our hearts. The ability to reliably return things like mail forwarding rules, mailbox permissions, things like that. We are for the moment still pursuing the strategy of getting data from Microsoft's graph API. So there are sort of other PowerShell driven ways, sort of other APIs outside of the graph universe that we can leverage our our work. We have and we have done a non-trivial amount of testing if we can make that work. And the short answer on a lot of that is it just doesn't work reliably and introduces a lot more complexity to our inspectors, to our product, and honestly, just sort of threatens the overall reliability thereof. So we're trying not to pin our inspectors overall functionality to things outside of the best supported graph API. As Microsoft brings more data into that API, we will absolutely bring that in. And that really is where that stands. But yeah, we are firmly committed to bring in as much valuable data about the Microsoft cloud world as we can, because that is certainly one of a set of core concerns for our inspector team. And then any plans to allow the Hadoop integration to work like the ITG integration? So ability to map fields, et cetera. So Hadoop is so first of all, we love our Hadoop integration and we love their product. But the Hadoop team actually built that integration. So they're pulling data from us. So I think it might be a worthy thing to surface that to the Hadoop team. And we'd certainly be happy to talk more with them about what are some common feature requests for the MyRHadoop integration? And what, if anything, can we do on our API side to make that easier and facilitate a better experience there? I mean, we are absolutely open to continuing to improve that integration. Mohamed, I'm seeing some more detail on your question regarding change detections. That makes a lot more sense. Thank you. This is a perfect case to chat about it with one of our partner success engineers. It sounds like maybe we can just tweak the specific 365 MFA metric that you're looking at so that you can get the correct condition and or output that you're looking for. So I strongly recommend that you chat with one of our partner success engineers. And they can help you hone in on that metric specifically in the way that you're looking. Yeah, agreed. And the way I'm reading the question, Mohamed, I think that the way to pursue that would probably be by less of a change detection and more of sort of a conditional rule, right? So you can do either. So defining the metric that you want and then defining a threshold. So basically, that's one method where you can, instead of just getting alerted to any change to the value, you can zero it into more specific changes. That's probably the best way to do it. But working with our support team to help you write the right metric is absolutely the right thing, like Francisco said. Yeah, good question, though. Definitely perfect use case for that. All right, folks, we've covered a lot of really fantastic ground. I think the hardest question at this point, I don't want to leave Tyler's question unanswered. Favorite piece of topping for me, I just like a good slice of tomato and some good fresh basil. Just give me the classic stuff, all right? I don't want to play too much with my pizza. OK, that's me. Sausage mushroom over here. I'm pretty basic. Oh, gee. Yeah, I'll go with mushrooms as well. All right, I like it. OK, all right. We got that out of the way. Awesome, y'all. Well, we've definitely covered a lot of ground. And just thank you again, Matt and Wendy, for just making time out of your calendars and chatting with partners. Like I said from the very beginning, we are fans of our partners. And so getting the chance to interact with y'all is really special for us. We hold this webinar every month. So I'll go ahead and link our webinar resources page right here. So I definitely encourage you to, if you haven't already, check out our webinar resources page and sign up for our webinars. Right now, we are running our Q&A series once a month and our monthly feature update webinars once a month as well. Make sure you get those in your calendar so you're not missing anything. We'll also have this recording up on that very same page. Excuse me, if you want to review anything that we've covered today, just give me about a day or so and we'll have that available for you. Cool. Any parting words, Wendy or Matt? Thank you for being Lion Guard partners. Thank you for taking the time out of your day to be here with us. Yeah, we really appreciate it. Thank you.
