Greg Irwin  0:18

We're gonna spend an hour in an interactive session discussing kind of real world experiences around SASE deployments. Normally SASE is part of an overall Zero Trust initiative. And it has a real deep, you know, integrations in terms of the policies that you set as an organization's the overall layout of your the type of organization working in in terms of the architecture and geographic distribution and the use cases. And I think there lots of different flavors of it. And that's why I think there's such interest in in the topic, the way this works in terms of a format is, the more interactive, the better. That's why we do it on just like a plain old Zoom, zoom video. If you're able to turn on your camera, please do it, it'll just make it that much more interesting. If you're putting in the time, you know, might as well might as well chat through it. Let's see a couple goals for today. First, I want to we're gonna learn from each other, which means this is not just going to be BWG and GDT. Talking, don't be surprised if I come to you and ask you a question or two or share or share a story that you may might have good stories or bad stories. They're, they're all interesting. And then to like, we have a lot of folks in similar seats here. And, again, beyond GDT and BWG. I'll encourage you to connect across this group, just go LinkedIn, if you want some help with an intro, you got it like we do. We do reference connections all the time, you know, hey, I'd like to talk to somebody who's tried Cisco's SASE deployment. And you know how it went, those kinds of connections. That's the type of thing that we do. And then the last thing is this chat window here on the right. Incredibly, it's incredibly effective in this kind of format. Because you're sitting back and you're listening, and you know, you have something on your mind. So it's a good way to have a sidebar conversation. It's okay, if it's not spot on with what we're talking about. But, you know, be be proactive with it. So reply to others. If you have a real view about what somebody is asking, jump in with it. If you have an anecdote to share and go for it, I promise more you lean in and more valuable this whole session will be. So actually, I'm going to ask everybody, let's get started. In the chat, please include one question or topic related to SASE and Zero Trust that you want to hear from your peers today. And it'll help us set up the agenda to make sure that this conversation is aligned to what you care about. So here, here's a good opportunity, please, please take it. While we're doing that, I want to take a moment and just introduce myself and our colleagues, our peers over at GDT to introduce the firm and introduce who's going to be helping lead the conversation. I'll go first. And I'm a moderator for a living here, kind of by surprise, I'm born and bred as a developer and Product Manager. But for the last 10 years, I've been moderating sessions. And I'm the founder of BWG, which is a large research from Robert you want to go next year, just give a little intro and maybe maybe a little intro here on GDT

Robert Davila  4:09

Sure. I'm Robert Davila. I'm Director security here at GDT. I, I've been in the industry probably 25 years, most roles and an engineering role. So everything from you know, sock work to network security to architecture work, I've kind of been a full scale involved in all of those aspects. GDT is a is an integrator and services provider. We've been in business now roughly around 23 years. A little bit over a billion dollars in revenue in terms of size. We have several conversations and as we're often involved in things like SaaS deployments, several security types of initiatives, everything from kind of governance risk and compliance work, to architecture to engineering. In services for for our clients. And beyond that we have a wealth of services around a networking, collab type of services data center. So, pretty nice to go.

Greg Irwin  5:16

This is probably for everyone. This is probably as far as we're gonna go into sales pitch here. So let me just make sure I got it. How much Day Zero strategy are you doing? How much day one implementation? Are you doing? How much day to support managed service? Do you do this in terms of where were the efforts? Like,

Robert Davila  5:32

I'm still, you know, we're heavily involved in all three. You know, we'll we'll come in as a trusted adviser in the beginning and really help organizations align the right OEM and partner in terms of service assay for their organization, to help them scope out, you know, what are those prereqs that they really want to look at as an organization, and then help them do that journey of really moving from, you know, an idea and a concept to a implemented solution for them. So we cover all those angles

Greg Irwin  6:02

for for the client. Excellent. Robert, thanks for CO hosting here. Hey, Brian, can I get you in here next quick intro? Sure.

Brian Engle  6:12

Brian Engle, I'm a, I guess, a longtime security practitioner and been in the services side of things now for probably the past six or seven years. In previous life, I've been a CISOs, in a couple of organizations, a little state called Texas was a statewide seaso, and a couple of other organizations. So in my very distant past, I was more technical. I started on the networking and telecommunication side of things work for internet service providers, before kind of making the jump to more specific in governance, risk and compliance. And I think I consider myself kind of like a risk geek, I really, really like looking at problems in the big picture. But I was trying to make sure that when we get really deep in technology that I try to relate things on a different plane, or represent the plight of the seaso. So today, I will I will take the conversation to the places of how does this relate to the cybersecurity program? How does it potentially help or introduce risk? Yeah, so I'll try to not just introduce platitudes or high level anecdotes, but really kind of challenge what, what is this going to do? How is it going to potentially strain existing cybersecurity capabilities? Or, you know, to the good benefit of a cybersecurity capability? How can SASE really help enable enable things, or help solve challenges along the way? So

Greg Irwin  7:48

that's the bent that I'm bringing today. Very good. Brian, we'll get you involved throughout Russell, please. Quick Intro. Hey, good afternoon,

Russell Moore  7:58

Russell Moore, I've been working in it for about 25 years, roughly half of my career, I worked in a healthcare system, it was a 500 bed hospital, we had about 10 other businesses that we supported rehab hospitals, retail, did a little bit of everything in that. But the last four to five years, I was heavily invested in cyber and specifically, at that point in time was when we were rolling out the all the requirements around HIPAA and having to become compliant with that. Around 2010, I transitioned over into consulting on the reseller side. On the consulting side, I've done delivery with technologies and security consulting around frameworks and PCI and, and several different facets. I think the thing that, you know, I like to think that I can bring to a conversation with people is, most of the time, I focus very tactically, you know, there's a problem, how are we going to solve it? And, you know, over the last, you know, five to 10 years, I've probably worked with, you know, close to 500 plus different clients. And a lot of them have a lot of similar problems. You know, it's especially around security and network security. And you know, how are we going to get our hands around traffic flowing into another organization? How are we going to secure it? How are we going to identify it, how we're going to manage this ability into it? So I can think I can bring some value there.

Greg Irwin  9:28

So Excellent. Well, this is gonna be a good conversation. I know there's a lot of interest, I kind of feel like Zero Trust has gone from kind of out of the education phase out of the pilot phase into the, you know, adoption phase. I've spoken with more companies in the past year about their deployments then I can imagine you can imagine so one. One more rule for the road for this session. Forbidden words to wear is it depends. We know everything depends, but we're gonna we're gonna avoid a you have to take a shot. If, if anyone says the words, it depends. So we're going to try and try and get to the chase, obviously, you know, it's all going to be relative to everyone's requirements and system. But that's what we want to get at. We want to hear those stories. So Robert, we set this up all about talking about a journey, or journeys around SaaS. So let's get specific. Don't share the name of a customer. But I want to hear about the customer. I want to hear about what SASE was the definition of you know, what was actually deployed? This is just that we just talking about a web proxy? Or is there more to it? How did it play into the Zero Trust architecture? And I want to ask them questions about the environment. Is it all an entirely Azure environment? Was it an on prem AWS environment? I want to I want to dig in. So please take us through one SASE deployment you've done here in the not too distant future. Not too distant past?

Robert Davila  11:08

Sure. First of all, great question, a great starting point. Um, I've got a few examples. But I think one that kind of hits a lot of elements was a deployment that was handled for an oil and gas organization, right. So they have quite a lot of compliancy challenges. They have requirements from state and federal government requirements as well. They had a very mixed environment, initially, in terms of, they were leveraging some technologies for things like DLP CASB, they had other elements in their environment and for edge security, other vendors for things like SDR, so very discontinuous in terms of solution that they were using, as they started down this journey. One of the things that was became apparent is when you started looking at SASE, one of the key aspects really from a pre qualification perspective, I'm one of things I like to have organizations really look at as it is I like to one understand and have a good understanding of really how their ad infrastructure is looking at. I think, for SASE, your primary focus is always going to be identity, in terms of, you know, do you have a mature program around? how users are assigned when groups are in? Do you have discontinuous ad infrastructure? Meaning do you have multiple forests that aren't communicating to each other? Or do you federate? What is your cloud infrastructure look like? Do you have? Again, from a cloud perspective? Do you have landing zones that you could consider for like, transit types of scenarios or for shared infrastructure that you would use to manage specific V PCs in there? Or are you doing containerization or SaaS platforms? And then ultimately, you know, what are your What are your sacred cows in your organization itself? In terms of, you know, what are your critical systems? How do they function today, the oil and gas, it was very interesting, because, because, because when we look at some of the applications that they would run, you know, there were portals and systems that were leveraged by engineers that would look at water quality, right, and, and different aspects and aspects of stuff that would fall more kind of in a SCADA infrastructure. So really having a good understanding of that traffic flow. And what that was, prior to really even starting the journey of SASE was, I think, was a key element for

Greg Irwin  13:41

them, so that I can in the traffic? How did your understanding of their traffic lead to your recommendation?

Robert Davila  13:51

Well, for example, yeah, there's a couple of different methodologies you see in SaaS D today, or as a SASE deployment from the vendors. And the two most common would be a routed topology where you see environments where they, you know, the users connect via VPN, and then that are via a VPN to the cloud firewall is applied on the front end in terms of filtering and capability. And then, in terms of communication back to your infrastructure, they will leverage things like a EBGP link. So they're doing a routed connection back into your infrastructure. That's that's one philosophy. The other one we see is very common is the proxy scenario, right? Where you've got a you may have some sort of form of, you know, encrypted traffic from your users going into their cloud, and then they leverage proxies that are deployed within your environment to really kind of give you that capability of connecting back to your infrastructure. There. There are pluses and minuses with both. It really having that understanding of traffic really helps you marry which technology or which strategy you probably want to leverage in terms of your infrastructure.

Greg Irwin  14:59

Would you describe this, this organization, were they a Cisco shop with a Apalla shop before net shop checkpoint shop or a just, you know, a dog's breakfast.

Robert Davila  15:11

So they were, they were both a palo and a Cisco shop, they had some acquisition in their history. So they had some conflicting technology in their environment. You know, on the endpoint side, they were leveraging CrowdStrike. And they brought that in, and that capability and from like, from an SDR perspective, they had some technology that is unique to oil and gas in their environment and their SCADA environments as well. And that was something that was there was a real, there was a need to have a deep understanding of that environment. And part of the reason was for them, you know, they provide reporting to federal agencies in terms of data, and if there's a loss of reporting, it's a fine for them. So so really understanding where those connections lie, how they did their reporting, how they built their, how that traffic traverser environment, I think was key. And for him for this for this vendor, to give you an example, as we came to a conclusion for them a proxy strategy in terms of in terms of SaaS, he was really the ideal solution for them, um, one because they didn't have a mature strategy around BGP, in terms of their routing today, and their environment there, they had various, you know, a call and read for us, but they had very critical super secure infrastructure areas where they wanted to create scenarios where maybe they wanted to provide access to specific engineers, but they wanted to minimize the amount of traffic that would traverse there. So in those scenarios, we could leverage proxies, the only specific engineers could could could leverage to get to that resource for them. And the other thing, it was least impactful in terms of transition from, you know, a non SASE state to having as as the fabric across your environment, and I think that was kind of the key element at the end of the day.

Greg Irwin  17:07

What vendor solution did you put in place?

Robert Davila  17:10

So So in this scenario, what was the scaler? And I think, you know, there was a, there was a couple of reasons, right? Being able to, to deploy those proxies, within that environment, the way that we did, I think, I think, create an ideal situation for them from a, you know, permissions model, and really, from a restriction perspective to in married well, with the technology they had in their environment today. Now they're there. And then they're also a very heavy acquisition environment. So typically, you know, and heavy acquisition environments, there's one thing you can do as a scalar, that I think that is can be compelling is a is a, you have a capability of really being able to stitch together networks that have conflicting IP space. And I tend to think of it as a temporary solution, right? So in a scenario where you know, you bring in a new account, you can leverage your proxy to both environments can talk to each other, while you kind of figure out your long term IP management strategy.

Greg Irwin  18:16

A couple of big headline questions, how long did it take? How much did it cost?

Robert Davila  18:23

Oh, great question. The length of time within that deployment from from deployment, to really maturity for them. I would say that was probably you're getting to the final level of maturity was probably about an eight month journey for them. You know, some of that is, is taking individual use cases, figuring out how they're applied in that scenario for them. And to give you an idea from, from technology perspective, you know, one of the challenges they had is they had a, they had a reporting engine that some of their finance teams would use. And by the way that they would do is they would leverage some traditional Cisco technology, and they had to, because the other end of that connection was Cisco, and there was a there was a there was a force for them to kind of go this route for that traffic, it was gonna stay and, and some of that was engineering solutions that allowed us to allow their users to leverage both. And this was, you know, right as, right as COVID was starting right there workforce of transitioning to home quite a bit, right. So these resources still needed to be able to be able to leverage this technology, be able to pull data, leveraging kind of Zscaler getting their infrastructure, and be able to send it across and have multiple streams of connectivity to both sides. Right. So there's some unique use cases from that perspective there.

Yeah. And give me give me some sense eight months. I get it. You're you're building policies around use cases. How big? How big is this organization? Is it 10,000 100,000? People?

This one was roughly 50,000 people and then location wise, you're looking at God, it would be an estimate somewhere around 25 locations, right, somewhere. That includes, you know, if you think about it oil facilities and remote areas and offices,

Greg Irwin  20:29

what would this cost? Give us a, you know, round rounded to the rounded to the nearest million?

Robert Davila  20:36

Oh, God cost? That's a great question. You know, when you think about? So that's a tough one. I'm not really sure at the end cost on that one. And there's a couple of people

Greg Irwin  20:49

that I'm asking, and for this group is, everyone here is thinking about SASE? Yeah. And I think it's, you know, help us just generally understand, what's, what does this normally cost? Yeah, right. So

Robert Davila  21:04

there's the typical licensing costs, right, and you're talking, you know, for an organization this size, depending on the feature sets that you're leveraging traffic and pieces. I mean, you're, you're talking probably in the low, you know, somewhere around like 1.5 million? I would, I would, I would guess, and that just kind of covers licensing feature sets, capabilities, that the thing, you've got a standard eight in terms of this journey, right? Is it there, there is technology that the solution will replace, right? So there is a cost savings from that perspective, there's an operating model change. So you know, in that particular journey, part of it, it wasn't just implementing it, it was really training their teams to maintain it long term. So so with that organization, I mean, we were sitting side by side, working with their teams, that were going to support it long term in terms of how do they you know, address issues that come in as policy written? How do they look at DLP? You know, how do they interpret the data that's coming out in terms of the logging capabilities. And I think, you know, one thing that's this become really valuable on the Taskey, side, whichever OEM because I think, you know, all of them have a version of it, I think, probably the most important feature set that you can buy, or you can look at is really that Experience Manager piece. And it's relatively new for most platforms. But it gives you visibility into the underlying architecture. So you can see things like, you know, hey, I've got a remote user somewhere who's complaining that he can't get to an internal application, I can look at, you know, utilization on his desktop, I can look at what his Wi Fi connections, like, what that journey for that traffic from his desktop to that application is. And then I can do comparative analysis for people that are in within, you know, various regions. So you can see how his access and say, Hey, it's your Wi Fi. Yeah, yeah. So you could potentially say it's a Wi Fi, that's a huge time saver from a staffing and cost perspective. So, so I think that there's a big value in that aspect. So even though, you know, SASE tends to be a, I think, a more expensive chunk, right than a lot of the traditional solutions that were out there today. But I think overall, there's there's there's significant cost savings around kind of operational efficiency, once you get it optimized and

Greg Irwin  23:29

deployed. Right. So I'm, I'm pretty good at asking questions, but it's more fun. When others ask questions, and we got a bunch of them here in the sidebar, I think everyone's kind of had a chance to look at him. XID a love a nice to see as a, but I love I love that question in terms of the long term, ongoing costs, it's so we we almost never cover this. And this is I know, based on my history, I know this is a big deal. So I'm going to ask that one. But then I'd like others to jump in, like anybody can just either raise your hand, or you can. Or you can just you know, unmute yourself and jump right in. All of it is good and fair. And, you know, I look forward to it. Like I said at the beginning, the more you lean into this session, the more valuable it's going to be. And don't worry about taking us down a rat hole. So let's take zetes question, Robert. All right. This oil and gas company spent a million and a half dollars over eight, eight, over eight months, deployed Zscaler. And now that it's in and experience manager was edX, I think they call it now that it's in what's the ongoing requirement to keep this functional and effective. So I think for most of the

Robert Davila  24:57

I know this in this example is the scope I think for most of the mature SASE platforms out there, I think that the trend team seems to be similar in that you save a little bit on staffing costs over time, right? Because you start to you basically have a native solution that covers a lot of buckets for you. I like to think of SASE deployments as a Zero Trust enabler. Right. I mean, I think it helps you along the journey. It I know, they, you know, the vendors will say, hey, Zero Trust brings ASEAN, but I think, I think the really the message there should be that it solves a lot of the challenges around a Zero Trust strategy. You know, it's not gonna get you 100% There by any means, right? You're never gonna get a Zero Trust cert. Right. But I think that it covers a lot of buckets, and, and helps you kind of think about what the next thing is that you need to look at. You know, it doesn't solve everything for an organization, right? You're, there are, you know, differentiations, in terms of capabilities around like DLP. Some of the Caz B integrations, there are, you know, there's always going to be challenges in implementation that people have to think about the, they probably haven't in the past, right? I mean, if you if your organization hasn't done things like SSL decrypt, right, I mean, that, like, that's a core tenet for SASE. And that journey alone, you know, you have to understand applications that you hit with your environment, you have to understand what what's out there that might be certain and might cause problems from a whitelisting perspective, you have to have a mature strategy around sites that you don't want to decrypt, right, which is kind of PII data for your employees or, or, you know, medical data, you want to stay away from that stuff. And then and then you have to address it from perspective of, you know, there are certain applications that that have a more mature program around decryption, right. So like, you know, M 365, for Microsoft, right, maybe I don't want to decrypt that data, unless I'm leveraging certain technologies and SASE versus others. You know, I'll leave that for for Microsoft to kind of handle because I know that they've got a pretty mature process. And I think they require certain pinning in their environments, Google tends to be the same way from that perspective. So you have to do the inspection via other means, if something you want to do so.

Greg Irwin  27:28

One, last one, I'm going to squeeze Chris's in and then Andrew, thanks for the hand. And thanks for the commentary on that scope here. I'd love to love to bring that up. But before we go there Chris's question, Robert, are they using cspm? And CASB? From Zscaler? Are they going into Microsoft, kind of what do they call it the m pas. You know, the, the native Policy Manager at within Microsoft, leveraging M casts and Microsoft, I'm gonna come over here to terus Russell, ought to take a first shot at this. And there's some meat on the bone in terms of the comparison between, you know, net scope versus, versus the scalar. And any, any experience, you've seen around Iboss.

Russell Moore  28:19

I agree with the comment, we've typically seen Iboss more in the K 12 space. And primarily on the swig side, not a not any exposure on ZTE, and a or a VPN replacement. As for like, between Z scalar and net scope, you know, there's they're extremely similar products, they basically work off of the same premise reverse proxy to a virtual box within your organization. If there is a differentiator between the two today, Z scalar, may be a bit more mature in that space. And they do have the experience manager components. So if you start having performance challenges, it is a tool to kind of help chase that down a bit. But probably the bigger challenge with moving from like a global protect to Z IA isn't necessarily the technology it is the planning and understand what we're doing. If you're not, if you're just using VPN today, and you're maybe restricting a couple networks, or you pretty much just given everybody blanket access through VPN, and you move to more of a zt and a model. There's a lot of organization that needs to go around applications mapped to identities so that when people log into the portal, they're presented with the necessary applications to do their job and then those applications after they're published. There needs to be a fair amount of testing to make sure that proper dependencies are met that it's not causing problems and workflow. The technology is typically not the problem It's the context in which is being deployed. A, you know, we are that a year ago, we did a project around ZTE and a project for a company. And one of the biggest challenges with us is they just weren't completely honest with us with what they wanted to do, they presented us with a very narrow set of success criteria for the project. And then as soon as we finished, they added a bunch of applications into the mix, that when they deployed, they didn't work. And then of course, it was the products fault, and it was the vendors fault for incorrectly deploying it. So what you know, come back to as is they didn't take into consideration any dependencies to those applications, that were going to be involved when they started trying to deploy them through a reverse proxy. So I think my advice would be is, you know, understand what it is you're wanting to do and how you're wanting to deploy CCNA. And then just give yourself plenty of time to do POC testing with a couple of different products,

Brian Engle  31:02

when you're embarking on the journey is to really consider the organization and how things might get stressed or strained beyond how things are divided up or where things occurred before. One of the places that this kind of goes to Zeds question earlier as well, where things kind of break down is after the the initial implementation and maybe after the consultants are gone, when there's any degree of addition change, new application, new business functionality, things of that nature, is being prepared to approach it outside of the traditional silos, or that the project team maybe has gone into an operational mode and you're no longer approaching things in that same proof of concept mode. But yeah, when you've got things that were traditionally network routing, before now it's functionality inside of software and application or it's been pushed out more towards the edge of the endpoint, I think it's just it's really deserves a really solid look at as you as you get to stages of the journey, considering how the team might need to be morphed or adjusted to be able to support going forward. I think that we you end up seeing kind of like reclamation projects to try to get SASE revived or resuscitated, at certain points, because of some of those more organizational structures more than the technology itself, or the understanding of the technology and other silos. Maybe you've maybe have looked at it within teams,

Greg Irwin  32:28

would you? Brian, if you were advising Jiang, is there any way to kind of shortcut a SASE project so that he doesn't have to kind of go through this stepping stone of a VPN replacement? Well, I mean,

Brian Engle  32:47

I think one of the things that I would really highly advise is to to establish sort of an onboarding process for an application or a business function that you can go through and make sure that there's there's a solid handoff of making sure that it works or functions shortcutting the replacement of it, I think, the biggest guidance that I ever would give is start small, achieve success with that, and then kind of emulate it versus, you know, the rip and replace, or being in a place where, you know, significant amounts of, of the business environment has been, you know, consulted because of a complete change, or

Greg Irwin  33:28

I love that. I mean, the one Yeah, the one silver lining in that going to SASE now is Jay's got some time to test this, maybe in a small, you know, a small department or a small division and kind of see how it fits with the environment. Let me come back here to Robert, cuz I think you probably have seen the most in terms of time strategies to execution. But I'd love anyone else who can share, you know, an anecdote on putting together an SSE strategy? Sure, first, great

Robert Davila  34:02

question. Because I think you know, and MSSP use cases a little unique, right? You've got multi-tenancy options, and you being a state agency, you have compliancy issues, you've got to require you out here to as well. And then when when we look at kind of those environments, the couple of things. I look at it from that perspective, we didn't tend to look at it from a perspective of what's your operational strategies today in terms of things like automation? What type of traffic is coming across this environment? Does this vendor need to be FedRAMP as an example, or not? What data do you consider has to be encrypted? What does not what's your strategy around data and rest? Right, so those are kind of the key functions and then integration with the platform you have today. I know you mentioned Viptela, and I mentioned Fortinet. You know what other technologies that are in there in play that look at kind of data and trends If you have a, you know, a proxy-based Caspi solution like Forcepoint or Proofpoint in your environment, right, those are things to also consider. And then long term, how is this stuff being managed today? Do your tenants have access to a management portal? Do they not? Or do you kind of run that all inherently breaks? I think it's if there's one of the things about the SSE component of SASE, is that when I look at the vendors out there today, they all kind of handle that multi-tenancy aspect a little different. So really understanding your dependencies on it, and what level of maturity you need, I think is key. I think, in your environment, when you talk about a SASE deployment in a in an MSSP. I think that the thing that I think that would keep me up at night, right, is, is operational efficiency, and having that visibility to really understand what's coming across, and being able to distinguish it within my multiple tenants. And really being able to embed it into my current workflows. So those are the things that I look for first and foremost, in terms of those environments. Because, you know, Powell is a great example. Right, Powell has the st. Wang component, they have the, you know, prisma access and prism, St. Lan, right, that inherently connect together, they have their multi-tenancy aspect of it. But it doesn't necessarily mean that they integrate well, with things like, you know, maybe you're using ServiceNow, whatever tools on the back end, right, maybe you have current integration, automation workflows, depending on what you're using for orchestration that can change things as well. Right? Because I think to me, MSSP it's about efficiency, I think is a key component of it.

Greg Irwin  36:54

Robert, I'm gonna thank you, I want to pick on a little bit more in terms of the strategy and, and, and the broad strategy. I think that's, that's fair.

Brian Engle  37:05

Right? Can I Can I jump in with just like two or three quick points on the strategy front? And then I'll kind of also Mike's dilemma of, you know, state agency as a provider as well. But I'll be

Greg Irwin  37:17

Brian doesn't want to get a heads-up. I want to get the cat involved. Governor. So we've got we've got about we've got a couple minutes here, I'm going to do is print around some of the other guys who are here. But Brian, Brian, you've got the you've got the floor.

Brian Engle  37:32

Yeah, I'll just I'll just summarize a couple of quick points. And we want to link up that sometime later. That's fine as well. Because I in that strategy is there's a myriad of I would just say features, right? But the functions are capable capabilities. And what ultimately do you need to accomplish with his use case, it's going to it's going to have a lot of various variations based upon different agencies different needs, as the as the provider is probably something that would relate to everybody though. And it's kind of going back to even just the core things that you're trying to accomplish in a cybersecurity program, the visibility, being able to still monitor and detect. So I think that all of those things have to be introduced in that strategy to make sure that any of those technologies, what are you using existing sim soar capabilities, any of those other types of functions, because in that visibility, your ability to respond to react or the implications into Incident Response Plans, containment strategies, all of those things, I think are factors, way more than we could probably dive into in these minutes. But I love where Mike was kind of going with that. And I love the thought of kind of breaking that down because those decisions are so multifaceted. And having a good thought of the strategy going in will will help paint some of those use cases that maybe you know, you later have repercussions or remorse for for some of the decisions that get made upfront.

Greg Irwin  38:48

Is it Is there one out one, one guiding principle that can help, you know, eliminate some of the degrees of decisioning.

Brian Engle  39:02

I mean, it a high level unravel as much as you can lay it out and know what you're trying to accomplish the name it as an objective, phrase it as an objective so that you can see are you meeting the objective? Because otherwise, it's just a feature? And are you just kind of checking through the boxes of what a technology can provide versus functionality? What am I trying to actually achieve with this? And does this help me do it? And there's just I guess the biggest thing in the unraveling is there's gonna be trade-offs because they're not going to be able to, to basically check every box. So can you prioritize? And as a provider that put Mike puts Mike in a tough spot, right, because the needs of the many, but how do you get to the place where somebody's special need might not get met because you have to get to the to the many.

Greg Irwin  39:43

Robert, there's too much for us to tackle here. Yeah, but it certainly it gives lots of opportunity for more discussion. Help us with a couple of closing thoughts, and we'll let everyone get back to their days. Sure, I think I think the key

Robert Davila  40:05

takeaways here is really when you're looking at Taskey. And regardless of vendor, and regarding the elements that you're looking to implement, think a lot about your current integrations and what technologies you have today. Often you see environments that have conflicting technologies, you might have one vendor doing one thing and another vendor doing another. And that can, can be problematic for organizations. It can work, but it can create kind of operational overhead for an environment. So, you know, I'm a big proponent of when you look at these vendors, look at them holistically in terms of what they offer today, and look at leveraging as much of their stack as possible. Whichever solution you end up going with, and then obviously, you know, make sure you work with a, you know, a qualified integrator to really help you partner through that experience so that you kind of cover

Greg Irwin  40:55

all your use cases. Yeah. Very good. Very good. Hey, thanks, guys. Great grip, great session. Remember our goals. I think we knocked number one out of the park in terms of learning from each other stories. Number two, use this group for some connecting with people who are going through similar things. You need help connecting just come back to us here at PW JD. Thanks. Thanks, everybody. are great speaking with you and look forward to follow up. Have a great day.