Automated Transcript
Jason: Hello, and welcome to this edition of Gamma Secure, where we help you understand the evolving threats and how a managed detection and response service helps you protect against that. My name is Jason Simper, I’m the Cyber Business Director here at Gamma Communications and today I’m joined by Sacha Rehmat.
Sacha: Jason, thanks very much for having me. So yeah, Sacha from Vectra AI. I lead our MSSP business for the UK&I, and really happy to be here and talk about a little bit more about what we do.
Jason: Thanks for that Sacha, and thanks for joining me today. So, we’re really bad in our industry. We talk about multiple different acronyms. We seem to make them up every time a new service comes out, but we understand that our customers do have a lack of visibility in their network and they’re looking at ways that they can increase security on that. We know that network detection and response is an emerging sector, and I know that Vectra AI is very strong in that market. Can you just tell me a little bit more about NDR and what it means to you at Vectra?
Sacha: Sure. So, really the goal of network detection and response products is to be able to kind of detect threats as they traverse a modern network. You know, by leveraging kind of a really deep understanding of kind of behavioural techniques because an attacker has to get from a surveillance point to be able to get to the end result. They have to go through a series of kind of movements and, or what we would call behaviours. And I think that being able to understand and detect that is becoming critically more important in that environment.
Jason: Does that not sort of fall into the world of EDR. What’s the difference between you know everyone’s talked about endpoint protection, stopping users coming in that way, almost the gateway? How does NDR then augment that and prove the proture security protection?
Sacha: So, I think that’s a great question. I think that, you know, what we’re doing in our space in network detection and response is absolutely complementary to what tools like… such as EDR, endpoint detection and response, and SIEM, you know… the reason I said about the modern network is that, you know, no longer is the network just the data centre, right? You know, we’ve got public cloud, we’ve got identity, we’ve got SaaS applications, you know, and actually even AI is becoming an attack vector. So, having an EDR capability, which requires an agent on a device, is absolutely essential. But that isn’t giving you the full picture. So I think, you know, to answer your question, you need to be able to have what Gartner would refer to as the ‘SOC triad.’ You need to have the SIEM, the EDR and network detection.
Jason: And now NDR. Excellent. And I noticed the way that you use AI in the name Vectra AI to give yourself that relevance in today’s market. We talk about the need for increased visibility. So this is where you talk about the ‘SOC triad’ and coming in. You’ve got the SOC scene collecting and managing the logs. You’ve obviously got the endpoint doing that protection and then yourselves. How are you getting that network visibility, and what is it you’re doing that’s different?
Sacha: So like I said, what we do is we see the complete traffic. You know, we have, you know, sensors across the network. We work harmoniously with EDR. We natively integrate into EDR and SIEM technologies. But, you know, what we do notice is that those sophisticated attackers, you know, are hiding amongst the noise. You know, the sheer number of alerts that organisations are facing at the moment are really difficult for the…
Jason: Exponentially, aren’t they?
Sacha: Exactly, and I think the SOC teams are struggling. So we always say this term that, you know, we’re really good at being able to find that ‘needle in the needle stack’ because there’s a lot of alerts, they all look bad, but how do you find really the ones that you need to act upon? And I think that what we’ve done and you know, we, everyone uses the term AI. We’ve been around for 13 years. We believe that we’ve really refined those models to be able to kind of understand what that bad thing is, and then we work to be with the other technologies to make sure we isolate that in a really kind of timely manner.
Jason: Excellent. And the ‘needle in the needle stack’, I like that. It’s a really good way of, you know, differentiating yourselves and how you can really pinpoint that point that might be an attack. So you mentioned the analyst there. Obviously, there’s no specific sector in a Gartner magic quadrant at the moment, but what are you, Vectra, hearing from those analysts about your service and how you differentiate yourselves compared to your competitors?
Sacha: Yeah. Again, a great question. And I think that, you know, when I joined Vectra four years ago, it was a lot of education with customers around, you know, what, why we really were justified in this space, and a lot of customers were going through that journey of implementing EDR, implementing SIEM, but as we’ve kind of progressed to today, we’re still seeing, you know, the attack, the number of attacks increase, the sophistication increase, and that’s because ultimately there is that visibility gap. So, you know, Gartner and other kind of analysts have really understood this and realised it. We’re seeing a lot more inbound, you know, kind of requests. You know, we as Vectra, you know, got customer choice, the only customer choice award, you know, in 2024, and what we’re seeing is, Gartner are looking to release the Gartner Magic Quadrant for NDR.
Jason: How soon is it?
Sacha: So, you know, they’re saying it’s coming out this summer.
Jason: Okay.
Sacha: Which again is just further credibility of, you know, why customers need to look at this technology in complement in, you know, in a complimentary fashion to the other technologies they’ve already implemented.
Jason: Yeah, the SOC triad that you mentioned earlier, and the SIEM, the EDR and NDR. Excellent. Okay, and I guess sort of the final part for me is just to talk about sort of overall MDR, manage detection and response, and how you fit into that? You see yourself as a core component part of that service?
Sacha: Absolutely. I think, you know, that’s why you know, great to be with you today right? You know, we are another security tool right? And enterprises really struggle to be able to make sure that they can effectively have the resources to manage all those security tools, so working with organisations such as yourself, who take capabilities such as NDR alongside EDR and SIEM, and other capabilities, and then manage that on behalf of customers, is what also the analysts are saying is absolutely needed, right? You know, a provider who has the capability, has the resources, the intelligent people in the SOC to be able to manage that on behalf of customers. So, we at Vectra have kind of developed this programme called Clarity. You know, we’re really focused on making sure that we work with kind of capable kind of partners such as yourself to be able to deliver that.
Jason: That’s where we fit in. Yeah. Excellent. Okay. Well, thank you for that. I mean you’re right. You know, we’re seeing our customers are buying a number of tools to give us, that give themselves that visibility and the ability to manage all those tools effectively, even with a SOC scene is becoming increasingly complex for them. Our overall MDR service means that we take away that true partnership value by offering the elements that they can’t do themselves. So, working with Vectra, working with Gamma Secure, delivering a true MDR partnership service, is what we believe is the way customers can get themselves that protection. So, every year we run GX. It’s our customer experience. It’s at the Queen Elizabeth Centre in London, and we invite 300 of our top customers to come along and understand the value of the Gamma Secure services we offer. And this year, we’ve invited Vectra to attend. Are you looking forward to it?
Sacha: Absolutely. We’re really privileged to be able to attend and work with you to kind of educate your customer base about how NDR from Vectra, as part of an embedded offer from Gamma MDR, really adds value and it ultimately improves their security resilience.
Jason: Well, great talking to you today, Sacha. Thank you very much for coming in. Until next time.
Sacha: Thank you very much for having me.
Jason: Thank you very much for joining us today. Look forward to seeing you on the next edition of Gamma Secure.
