Transcript
So thank you for joining us here on best practices to secure your documentation and passwords. I'm joined here today by Adam Steinhoff, who's product manager here at SAS Alerts, and Jordan Hart, who is a project manager over at Hoodoo. I'm Amy. I'm with SAS Alerts. I'll be on chat answering any questions. We are recording this, so if you have to step away, if something comes up and you've got to jump, if you love it and you want to share it with all your friends and family, we'll get the recording out to you. So no worries if you miss anything. And we will be trying to do Q&A as we go, as it makes sense to, so go ahead and pop any questions into the webinar chat or into the Q&A, and we'll answer them as we go. And also, there should be time towards the end for any additional questions that we don't get to throughout. Jumping in here on the agenda, we are going to kick off a little bit, talk a bit about cloud adoption and security trends, effective cybersecurity strategies, talk about some steps to secure your documentation platform, and then some additional steps to secure your customers' cloud applications. And then, like I said, we will wrap everything up with some Q&A. So with that, I am going to pause and kick things over to Adam. All right, thanks, Amy, for the introduction. And thanks, everybody, for joining us today. Today, we're going to roll right into it. I have to admit, I don't love to have a webinar be an hour just because we said it was an hour on the calendar. So we're going to take as little or as much time as we need up until that hour, but I hope to give you back some time if there is not a pile of questions at the end. So we'll get rolling. So there is a trend right now where we are seeing a tremendous amount of digital transformation happening, moving from local devices into the cloud world. And we're seeing more and more applications, more accounts, more sensitive information and passwords moving up to the cloud, which basically means there's an increased security risk related to cloud applications and the data they store. So we've seen 82% of breaches in 2023 involved data stored in the cloud. And there has been a 300% increase in SaaS attacks since March 1 of last year. And we are seeing, like I mentioned, that shift in cybersecurity priorities happening from that local device-centric world to now this cloud and account and identity-centric world. And so SaaS Alerts exists to help you protect your clients, help you protect your bottom line, add to your top line with that transition that is occurring. So one of the other things that we're seeing more and more often now is a focus on supply chain attacks. So rather than the attackers going directly after a specific entity or an organization, which they still are doing, we're seeing the really good and the smart ones going after folks like the MSPs. And so by compromising your world, they're effectively compromising all of your clients. Hopefully, that's not new information to you all. But we are seeing that happen more and more. So with anything in business, it always comes down to tech processes and people. And the same thing is the case for cybersecurity for your organization and for your clients' organizations. And so with this approach, what we're seeing is efficient MSPs consolidating and putting many things into one place. And this allows for easier access to the information. It streamlines your security approach. And by having these larger, unfortunately, attack surfaces, it means that you really do need to monitor the user activity that's occurring inside those applications in the SaaS world. So as you start to consolidate the IT operations, you're consolidating assets and configurations and confidential information, passwords, login details, SOPs. The secret sauce behind you guys' organizations are all going into these documentation platforms. And so securing those documentation and client passwords is a very critical issue for MSPs. When you are recommending or when we are recommending protecting anything, it's always in a multilayered approach. So I know there are ways to do this inside Hoodoo, Jordan. How would you guys recommend securing Hoodoo specifically and maybe more general just SaaS applications as well based on your experience? Yeah, absolutely. It comes down to a couple of different things. If we're talking about data security, it would be implementing kind of those standard procedures like SSO as well as 2FA. A lot of products also will give you kind of additional measures, things like idle user timeouts and IP access control. So ensuring that you have those all implemented, if they're available to you, they should be in this D&H with most products, I would assume. They definitely are within Hoodoo. And then in terms of password security, it would just be essentially ensuring that the product that you're using really handles that security correctly. So using appropriate encryption types like military grade encryption for your passwords or confidential information, AES 256-bit encryption is pretty standard across the board for most passwords. Ensuring that that information is encrypted in transit and at rest, that you can securely share that information, all good practices that most products should now have. So I'm going to put you on the spot here. I probably should have asked the question first because I've always been told you don't ask the question that you don't know the answer to. I'm going to break that rule. Hoodoo has MFA support, I notice. Is there a certain license level you have to be at to get MFA? There is not, no. It comes standard for every environment. So you guys are not doing the paywall to MFA world then in the SSO and yeah, OK. We are not. No, there is no SSO tax within Hoodoo. That is great. I'm glad that was the right answer because I teed it up for you to give me the right answer and that would have gone a whole nother way had it not been. Would have made it a little bit more awkward, yeah. It would have, it would have, yeah. All right, well, I'm sure there's partners that we have that may be just SaaS Alerts partners that have not seen Hoodoo. I assume you'd be willing to give us a quick show if I give you sharing control here? Yeah, absolutely. So as I kind of get this share ready, hey, everybody. As Amy mentioned, I'm Jordan Hart with Hoodoo. I'm the product manager over here. You know, Adam touched on a lot of great points and a pretty crazy statistic, that 300% increase in cybersecurity attacks since March. It's not that surprising though with everybody kind of switching over to SaaS products and everything being on the internet now. But yeah, quickly showing off kind of the product and how you can take that consolidated approach. I'll try and touch on some security measures that come standard within Hoodoo, as well as some best practices with securing your environment. So showing off Hoodoo, this is kind of the main product that you'll, or the main dashboard that you'll be greeted with when you first log into Hoodoo. It provides a really good overview of all of the information that's stored within your Hoodoo environment. Really the easiest way to go ahead and show off Hoodoo though is hopping into an individual client or company location. So I'll hop into my Atlas company here, but we do, we are managing multiple different clients and companies within this environment. And they're all standardized to have that same structure, hopefully making it very easy for your techs to know where to find information. Clicking into this company though, I have my Atlas company Inc here, and we first have this homepage. Again, this serves as a dashboard for this particular client, whereas that previous dashboard would be across every environment or client within Hoodoo. And it'll allow you to see any basic details with a interactive map for locations. And then it's got some pretty neat things like our magic dash, which is a completely customizable dashboard via the API to pull information from various other sources, like embedding a diagram from Lucidchart, draw.io, Visio diagrams. You can embed dashboards like breakage dashboards. So you have all of that information in a single place. And then we've got some additional widgets, again, just to continue with that monitoring of this particular client. On this left-hand sidebar, we have at the top, all of the core tools within Hoodoo, things like our knowledge base for storing documents and how-to guides for your technicians, processes, so you can organize any of those standardized operating procedures in a step-by-step format. So it's really easy for your technicians to accomplish their tasks. And they have all of those instructions right in front of them. And then our passwords. Passwords within Hoodoo are encrypted both at rest and in transit with AES 256-bit GCM encryption. And they allow you to store username, password with one of my favorite features, the easy read with the NATO phonetic alphabet, and those OTPs. So you can share this between your technicians very easy. There's no more passing that phone around. Passwords do all come with share options as well. These are zero-knowledge encrypted. So you can share this information externally based on a certain timeframe. We do have a bunch of other core tools as well that I won't touch much on in this demo, but things like photo management for a centralized location of all of your client photos. Networks is our IPAM solution. So you can manage, assign, and track any of those IPs for devices and locations directly within your Hoodoo environment. We have our rack feature for visualizing any of your client racks within their locations. And then we have those expirations and website tracking as well, just to make sure none of their domains or those client domains are expiring on you. Down at the bottom of this sidebar are going to be what we call asset layouts. Asset layouts are completely customizable. So you can change the name, the icon, how they're organized within your environments, as well as which asset layouts are showing up on this left-hand sidebar. If I click into one of these asset layouts, like my desktops, we'll have a list of all of the desktops that are being stored for this Atlas company. And clicking into a desktop will actually have specific details on this particular one. Things can be manually input or imported, like this top card here. This acts as supplemental information for this particular desktop, probably the information that is not being pulled from your PSA or RMM. Down below, we do have that information that's getting pulled in from, in this case, Ninja One on this desktop. So we have it in that consolidated location. If we were to integrate with multiple products, say this maybe was a person, we could pull in 365 information, PSA information, RMM information, have it all on this one screen. So that your technicians have an easy place to locate and find that information and assist with service requests. On top of all that, we do have a relationship system within Hoodoo to make navigating between all of this information super easy. In this case, we could relate this desktop to a particular application that's installed on it. The backup system, the primary contact or any how-to articles that may be helpful. We can link it to processes. So, and quickly see what processes have been completed and what may have some steps still to complete for this particular desktop. We can relate any relevant passwords. So we could quickly copy and paste any of those usernames, passwords, or OTPs and quickly use them. Add photos, which again, will also be stored in your centralized photo gallery. Add files or any comments related to this desktop. And then on top of that, we do have the activity feed. This would be available for any of the core tools as well as asset layouts, so that you can monitor what's been happening to this and potentially revert to previous changes if you need to. Jumping into this admin section is really where customization of Hoodoo comes in. Hoodoo is a very customizable product for MSPs and IT departments because there's so many different types of MSPs and so many different ways that IT departments are working nowadays. It requires a lot of customization. You can go ahead and build those asset layouts either starting from scratch or you can use a prebuilt template. These are primarily focused around the main categories that MSPs will be monitoring and managing. But again, you can start those from scratch. And even if you do start from a template, they are fully customizable. So you can choose to document whatever information you'd like. Again, all of these asset layouts are standardized across all of your clients stored within Hoodoo. So every time you hop into a client interface, it's exactly the same for your technicians, although you can hide certain things since you may not be documenting the same things for every single client. Touching on those security practices, we do have a dedicated tab for that where you can set up that 2FA or SSO with any SAML 2.0 provider. And again, no SSO tax within Hoodoo it does come direct default with every license self-hosted or hosted. You have the ability to set up IP access control so you can dictate who can actually access this environment and from where. You can also disable that for the portal members if you'd like. That way your external users don't have to be added. And then you do have idle user timeouts, making sure that your technical support idle user timeouts, making sure that your technicians aren't leaving your Hoodoo environment open on their desktops. Password generators to make sure you are dictating how long passwords should be when you're generating new ones within Hoodoo. And lastly, I'll touch on those integrations. Pulling all of that data into a single location ensures that you are able to secure a single location instead of spread across multiple products. You have a single point to really base all of your security efforts on. We have integrations with most leading PSA and RMM tools as well as various other productivity integrations like 365, backup products. We do have an open AI integration as that's becoming much more popular within the space. And you are able to alert on almost anything within Hoodoo. That's kind of my transition over to SaaS alerts, but the default alerts within Hoodoo allow you to monitor any expirations that you have, whether that's a single expiration or the expiration list. You can track when a client website goes down, when passwords are shared or revealed, and then pretty much any other record that is updated, created, deleted within your Hoodoo environment. So you can manage all of that and keep visibility of it. Hey, Jordan, those alerts that come through for here, what style are they? Yeah, so you can set up- Email, whatever. Yeah, great question. So you can set up them in a bunch of different ways. By default, they'll send to an email, but you can also set up webhook alerts to send to pretty much any messaging platform. We have guides on sending them to Slack, Microsoft Teams, Discord, but really anything that allows webhook alerts, you can go ahead and set that up. Yeah, that does pretty much cover the kind of gist of Hoodoo. So I'll pass it off to Adam to kind of talk about SaaS alerts and show off the integration that their team has built between the two products, enhancing that security. I'll take a look at chat and Q&A though, and try to answer as many questions as I can. I see that little red number going up, so. It looks like your team has been doing a good job answering them, so I think you'll be fine. Perfect, that's what we like to hear. Make my job easy. All right, you want to throw Sharon back my way, perfect. Let's go here. All right, so good kind of transition from the alerting side of the house. You know, I think that, you know, like we mentioned earlier, the Hoodoo app right now, if you populate it, is really a treasure trove of data. And it's great for efficiency sake for not only running your MSP, but also for supply chain type attacks and being able to get data. Obviously turning on all of the security settings that Jordan mentioned are definitely recommended, but having another set of eyes never hurts. So what I want to talk about next is, I'll give you a quick kind of rundown of what SAS Alerts does, and then I will hop into the product and show you. So our product is built into a few major modules. The first one is our manage. That is the actual product that is monitoring all of the SAS applications, pulling in the data. Our reporting module does just that. You know, it will provide you threat reports or risky behavior reports, MFA statuses, license information, I think. I may have just lied, but hopefully I didn't lie. Maybe somebody from my team will chat me on that. But it's a very robust reporting engine. Folks will use it for prospecting, as well as for actually protecting and reporting on their existing clients. We have the respond module, which is our robotic remediation expert. So you can start to do if-then rules, for instance. It says, you know, if this happens, and then this happens within this amount of time with this additional parameter, then it can actually auto-lock the account, expire all session tokens, reset passwords. It can do a lot of things. And the beauty of that is you are not waiting on a human to look at those indicators of compromise and then take action. We will take action immediately upon seeing those indicators of compromise. Fortify is our policy engine for M365, and a little bit of Intune now as well. We will let you, we will present to you your security score, and we can allow you to increase that with just a couple of clicks across all of your, all your tenants and all your organizations. And then with Unify module, what we are doing is pretty unique there in that we are correlating data from your RMM tools back to the actual activity that's happening inside the SaaS applications. And with a reasonable certainty, we're telling you that, yes, this activity not only occurred from Adam's account, but also from Adam's known device. And then App Wizard is one of our newer modules. It was released, I think, early this year. Actually, it was late last year, I think. That is a technology that allows us to connect to any SaaS application that has a viable API. And then finally, the other thing that's important to mention is you can protect your own tenant and your MSP tools for free, which is pretty cool. So let me flip over here to another tab and I will show you what SaaS Alerts looks like. So for our existing partners, this is probably going to be a little boring until I get to the other parts, but for folks that are not existing SaaS Alerts partners, I think this will be a pretty helpful, quick run through. So as I mentioned before, our product is built into modules. Right now, we are looking at the Manage module. And from within here, we're going to show you this pretty map because what SOC or NOC center exists that doesn't have a map with little colors on it? I think it's required by all leadership teams to have one of those. So the way that we organize things is we have organizations. And so these would be your clients. And from within the organization, you can go in and add any new application that you would like to have monitored. From there, you can set up whitelisting like IP addresses that you're expecting to see them from or specific countries. Then once those applications are connected without an agent, we don't deploy agents by the way, everything that we do is agentless, we will begin to pull in data. And so this is an example. I did a quick search on our platform from July 9th to July 10th, looking for who do only. And so this will give you a pretty good understanding of the type of data that we are pulling in for who do today. And it will continue to improve as Jordan and I work together. I have a constant communication with him. By the way, great product manager to work with. Thank you, Jordan. Very responsive and he's getting the things that we need into the product way quicker than I would expect for him to do so. As of right now, we have a few events. So this is an example here of somebody authenticating successfully. And so from here, we have the organization that did it, the product that we're seeing it from, date and time, the user that we see performing that activity, the IP address and location data, as well as some additional information on whether we know that that IP address is a threat or not. And then some information on what actually occurred and then our level of priority that we think. Logging in is not that exciting, so it's a low. And here we also see a password viewed. So anybody that views a password is going to have an alert generated here. Something to note, we categorize things as low, medium and critical. Low alerts are gonna stay in our platform for most cases, unless you configure something very special. Medium and criticals will actually either email or create a ticket in all of the major PSAs. Here is an alert where a user has been updated. So maybe somebody has changed some permissions on a user. Might be something you'd be interested in seeing. Here is a password that's been updated. We also have a data export. That's got all the things in it and could be potentially serious. So those are the events that we have today. And then the other understanding that we have is around the outside approved location. So what I did is I went and I took off the white list for the United States. And then I performed activity from within the US. And you'll see that those events that originally were just IAM authentication success low are now IAM authentication success outside approved location critical. So if you see a user that has been doing things forever and then all of a sudden you see, wait a minute, I see a login from outside approved location and then they viewed a password and then they exported data. That's all of a sudden very fishy to me. And I would wanna know, is Adam on vacation right now and just didn't tell me or is this something that I genuinely need to take a look at and take action on? And as you can see, we have created tickets in the PSA for that. So in addition to that, we've got our respond module. So our respond module is the robotic SOC, our indicator of compromise automation engine. And let me get authenticated into this section here real quickly. And then I'll kind of show you how that looks. Give me a moment. There we go. All right, let's see a, let's see brute force probably exists. All right, here's an example. So within our platform, we have a bunch of these templates for respond that you can utilize. In this particular one, we have, this one's locked to Microsoft. We also support G Suite by the way. And then you can choose which organizations or accounts this applies to or all for instance. And then the conditions here are what get really, really powerful. This is what you would consider to be an indicator of compromise. So in here we're saying, okay, let's see if an authentication failure happens 30 times in a row and then a success. And it happens within one hour. Well, if somebody has been beating around with the wrong password for that long and then actually succeeds, that could be something interesting. Or if we've seen multiple authentication failures happen and then an authentication success, they're both doing similar things, but we grabbed it with an or rule here. You also have the ability to do extra things. Like maybe you can say the, the, where am I? So you could say, for instance, Unify has determined that this is an unknown unmanaged device. So now this gets a little more powerful. So we've had a ton of authentication failures and then a success, but based on the Unify algorithm, we are saying that it's not from a known computer that's inside the managed RMM. So now all of a sudden, this is way more impressive and much more of an indicator of compromise. And then the actions that can be taken. So block a sign in, force the user to change a password, expire account logins, all of these things can definitely happen, or you can just choose to alert only. So you can kind of build your own custom alerts from within our platform as well. All right. Fortify, and I have to admit, I am not the product manager for Fortify. So I probably will not do this module justice, but I will be happy to show you and hopefully you can put two and two together based on my limited experience in this particular module. So from within here, it's going to show us the different organizations that we have and the current secure score for that particular organization, as well as the current licensing that we see. And then we also have the ability to look at the actions that are available to apply to all of your organizations or that one organization that I've selected. And so for instance, if I apply this particular anti-phishing policy, it's actually going to show me that it's going to improve my score by 20%. And I can click this and I can deploy it against all organizations, or I can pick a single organization. And we will monitor this and actually throw it back out at you in the event that there is a drift situation where something changes. So we've got the ability to fortify or protect before the situation happens to make it harder to get in. We have the SaaS Alerts Manage that's actually watching and creating alerts in your PSA. And then we have the Respond Engine that is actively immediately shutting things down without humans involved to be able to take action way faster than a standard SOC would that is human-based. And then you can take and analyze and see what happened. We also have the Reporting Engine that will allow you to ensure compliance or just proof of what you're doing for your clients. And then I guess finally, and I didn't mention it, but we just also released something called SaaS Alerts Manage or Managed. And that is, if you don't want to really even configure this yourself and just want to have us do that for you, we will absolutely set it up. We will keep it up to shape. We will implement new rules based on IOCs that we've been seeing, and we will help you respond to the events that we are seeing happening. Not a SOC, but a Managed SaaS Alerts. So that is the product as far as SaaS Alerts goes. And here are some of our integration partners. Most of the big boys that you see out there in our industry, we do cover Microsoft as well as Google. I think that is a differentiator for SaaS Alerts that not only do we support Microsoft, but Google not only in the monitoring, but in the Respond Automation Engine as well. And then again, all of these MSP tools that you see here are no charge for you. We do allow you to monitor your own internal stack to protect your own house. That might be the quickest webinar I think I have ever done. I guess now we can open it up for questions. Thanks guys. And I mean, it was good length. I think it was a good amount of time. I think it was okay. So Kenneth asked if there, and I don't know who this to direct this to, so I'm gonna direct it to both of you. Are there any integrations with Fortinet products on the roadmap? Go ahead. In terms of who do we do have that as a feature request, we don't have an official integration right now with them. Although you are able to set that up via the API, I do believe I'd have to look into kind of their API capabilities, but should be able to via the API. And then yes, I would do believe it is on the roadmap. I don't have a timeframe unfortunately, but any upvotes on those feature requests always help to push things along. And pretty much the same story on our side. Today we do not have an integration directly with Fortinet, but we do accept requests and more thumbs up in our community is what drives us to move towards completing those faster. And then we've got a couple of questions around managed SaaS alerts from Mike and Ashton wanting to know about pricing, how much that pricing is. Adam, do you have that? Do you want me to jump in on that? I'd love for you to do that. As a product manager, I like to stay as far away from pricing as possible. I can hop in on that, but I'm in marketing, not in sales. So don't quote me on it. But it's my understanding that it's 75 cents per user per month, and that's over and above what you're paying for the SaaS alerts platforms. If you're existing customer and you're paying, you know, whatever you're paying per month, if you were to add on managed SaaS alerts, it would be an additional 75 cents. I see Michael here and I'm assuming this is for us, but it could be you guys. And I think the answer probably for both of us is you can absolutely schedule a one-on-one demo. Yeah. The contact information here on that next, actually, you know what, no reason to just look at the word Q&A, right? So there's some contact information. You stopped sharing, Adam. Oh gosh, darn it. Yeah. Give me a moment. Yeah, but you can go to the respective website. Adam will get that back up. No, I got it here. Good thing I didn't show you anything amazing while I was bumbling that miserably. So yeah, so we have on here, you know, for free trial, so you can get your hands on the products, but we also have some folks on both sides, I'm sure, who can walk you through a personalized demo before you hop into that trial, so you know what to expect. Could we find as much value from these services as an in-house service? Could we find as much value from these services as an in-house IT department compared to MSPs with multiple clients? I'm assuming, Kenneth, you are not an MSP, and if that's the case, SAS Alerts is channel only, so you would definitely need to speak to an MSP to get access to our product. On the who do side of things, yeah, absolutely. So we have a lot of different departments as well as MSPs and honestly, various other companies as well. Hudi is really a product just to organize that information into a single consolidated location. There's the ability to, instead of managing different client interfaces, you could call those whatever you'd like. So if you want to separate it by department or by school district, building, customizable, you could separate it by kangaroos if you'd like. So most of the integrations that we do have kind of pre-built within Hudi are more tailored towards the MSPs, but there are some IT department ones as well. And then we do have a very robust API that allows you to connect to just about anything as long as you have some scripting capabilities there. And actually, Chip answered this here as well just for everybody. SAS Alerts does, we do have MSP partners who would cater to co-managed instances with large enterprises. So in the event that you do want access to SAS Alerts, you could reach out to us on our sales world as well and we can match you with the perfect partner. All right, for both Hudi and SAS Alerts, do you offer dedicated onboarding support, Jordan? Yeah, absolutely. So we do have an onboarding program. It's mainly tailored towards the technicians, although there is a little bit of an admin section for setting up your environment and configuring things like security and integrations. I believe it's up to three weeks, typically about two calls to get your technicians up to speed. If you reach out for that one-on-one demo and you'd like additional onboarding support, just let your demoer know and they can help get that set up for you. And on our side, we do actually an onboarding, very white-gloved onboarding process. And then if after that onboarding process, you want additional hands, that's where our Managed SAS Alerts comes into play. All right, I just realized I may have done a disservice a little bit in our demo, or my demo. I showed you really only Hudu. As far as events go, I probably should have showed you Microsoft and all the RMMs and things like that. I was really, really focused on Hudu. But I promise you, Microsoft, Google, Salesforce, Dropbox, all of those icons that were on our page, we do, in fact, monitor and are very deep into those products. I did get a private message from someone asking about the fact that my screen had more icons than your screen has. And honestly, that's because I'm me and I'm cool. As a product manager, I see stuff that you guys don't see. And I probably should be careful demoing things. But if you're an existing SAS Alerts partner and you saw an icon on my screen and you're like, hey, what's that, you could reach out to your account manager. And they can give you access. That actually includes Hudu. Right now, Hudu we have marked as a beta, just to kind of get our feet under us as we start monitoring it and making sure that we've dotted all the I's and crossed all the T's. So if you are a SAS Alerts partner already and you're a Hudu partner, reach out to your account manager and they can get you access to the little button that gives you the magic. So you're welcome, Mike. Thanks, Mike. Yep, and thanks. In all honesty, if I'm being real. Yeah, go ahead, Alex. If I'm being real, before we started this presentation, I'm like, I don't know why, but I'm like really nervous about this one. And I've done a bunch of these. So thank you, Mike. It was probably Jordan carrying the show, Amy. I appreciate that. Definitely, Amy. I appreciate that since I was off camera most of the time. So with that, I'm gonna make a last call for any questions, comments, and otherwise we'll wrap this up. I will try and get this recording out to everyone tomorrow. At some point, we'll share it on our social platforms as well. We'll make sure Hudu gets a copy of it. So you'll get it. You'll have access to it through multiple channels. And can't thank you enough for taking time out of your very busy day to join us today. Thank you all. All right, bye guys. Thanks everybody.