1
00:00:00,000 --> 00:00:07,080
Welcome to the quick 10 podcast brought to you by quick track, focusing on all things

2
00:00:07,080 --> 00:00:13,440
fed con and cyber defense from different perspectives and different personalities, all in 10 ish

3
00:00:13,440 --> 00:00:20,560
minutes. Here's your host, Derek White.

4
00:00:20,560 --> 00:00:27,000
Our guest today is Patrick Colantonio, Vice President at Nectar Labs. Patrick, how you

5
00:00:27,000 --> 00:00:34,560
doing? Doing pretty good, Derek. Glad to be on the flagship episode of this podcast.

6
00:00:34,560 --> 00:00:39,640
So it's pretty exciting. Well, thanks for joining. You know, for those

7
00:00:39,640 --> 00:00:43,200
that don't know, and there probably aren't many that do, but we go way back, I mean,

8
00:00:43,200 --> 00:00:50,120
I want to say 2017, probably when we first started talking with you and your team. And

9
00:00:50,120 --> 00:00:55,320
it's amazing in call it seven years, which sucks to say that out loud how quick that

10
00:00:55,320 --> 00:00:59,720
went, how things are a little bit different than they were specifically in our space,

11
00:00:59,720 --> 00:01:06,800
but cybersecurity and compliance world together. You talk a little bit about Nectar and where

12
00:01:06,800 --> 00:01:12,080
you guys are today, maybe from where you were, you know, five, six, seven years ago, and

13
00:01:12,080 --> 00:01:18,280
then we'll get into the topic right away. Yeah. Well, I mean, you know, back in 2017,

14
00:01:18,280 --> 00:01:24,720
when DoD was really serious the first time rolling out their CUI initiative seven years

15
00:01:24,720 --> 00:01:32,720
later, here we are. But in first and foremost, I mean, anything we're doing starts with a

16
00:01:32,720 --> 00:01:39,520
pun, right? So I really love the title we're going for here. I can't promise good puns

17
00:01:39,520 --> 00:01:44,440
in every title for this podcast, but this one was easy. You got to set the bar. You

18
00:01:44,440 --> 00:01:50,480
got to, I mean, any good pun is also worth forcing, right? So if the other episodes you

19
00:01:50,480 --> 00:01:57,560
force it, that's okay. It comes with the territory. But yeah, in terms of Nectar, I mean, where

20
00:01:57,560 --> 00:02:03,220
we are as a company, where the product has been has come a long way. But I mean, in terms

21
00:02:03,220 --> 00:02:09,420
of our core goals and focus of supporting small business, small business in the defense

22
00:02:09,420 --> 00:02:15,720
industrial base, trying to provide meaningful products that add value and also help them

23
00:02:15,720 --> 00:02:20,860
to adhere to compliance. You know, we've been doing that since day one, since we got our

24
00:02:20,860 --> 00:02:29,780
start in 2016 for the NIST 800171 initiative, trying to build a platform of products that

25
00:02:29,780 --> 00:02:35,060
we thought small businesses would be lacking or outside of regulation wouldn't typically

26
00:02:35,060 --> 00:02:42,540
go and get. Of course, mid and large and enterprise companies have either regulatory things to

27
00:02:42,540 --> 00:02:46,980
meet or just best cyber security. So they kind of already have those tools in place.

28
00:02:46,980 --> 00:02:52,760
So we wanted to come out with SIM or SIM, come out with inventory, come out with vulnerability

29
00:02:52,760 --> 00:02:58,380
scanning and yeah, we've been working together for a long time trying to thread the needle

30
00:02:58,380 --> 00:03:04,760
and provide products to small business. So it seems you don't have a SIM, like a SIM

31
00:03:04,760 --> 00:03:12,420
card or anything like that at Nectar Lab? Yeah. Yeah, it goes, I, what I try to, I try

32
00:03:12,420 --> 00:03:17,100
to go both ways with it just because some people, but at the end of the day, it's all

33
00:03:17,100 --> 00:03:25,220
logging, logging and aggregation. Yeah. It's all logging, right? So I mean,

34
00:03:25,220 --> 00:03:30,100
well if this was the quick 60 podcasts and we can go on for our terrible jokes for a

35
00:03:30,100 --> 00:03:37,060
lot longer, longer than that. So, no, no. So well, thanks for, thanks for spending some

36
00:03:37,060 --> 00:03:42,380
time here in, you know, again, we're not looking to spend a week talking about a topic here,

37
00:03:42,380 --> 00:03:48,060
but want to just roll through a couple of things with you, keep this very cordial. So

38
00:03:48,060 --> 00:03:53,380
first and foremost, there are people out there who probably aren't overly familiar with,

39
00:03:53,380 --> 00:03:58,020
you know, what the SIM is, what is it, what is it truthfully? Like, like what does it

40
00:03:58,020 --> 00:04:02,060
do? Why is it important before getting into some more of the details? So can you just

41
00:04:02,060 --> 00:04:07,980
give a very brief, brief definition of what it is and then we'll get into some more further

42
00:04:07,980 --> 00:04:14,700
details more specific to how Nectar does it. Yeah. I mean, a SIM from a big picture standpoint

43
00:04:14,700 --> 00:04:21,260
is going to provide insight into your environment, your organization by essentially it's going

44
00:04:21,260 --> 00:04:30,260
to be pulling in logs and log data and other insights from all of the different applications,

45
00:04:30,260 --> 00:04:35,900
all of the different endpoints, servers, cloud environment, whatever you're defining as your

46
00:04:35,900 --> 00:04:43,500
scope of your entirety of the organization, it's going to be pulling and presenting information

47
00:04:43,500 --> 00:04:49,700
to indicate potential areas of compromise, areas of inefficiency. It's really just going

48
00:04:49,700 --> 00:04:56,660
to be painting a broad picture of what is happening in my network today. And especially

49
00:04:56,660 --> 00:05:02,660
if in tandem with other tool sets, if they flag something, if you have an EDR or antivirus

50
00:05:02,660 --> 00:05:10,940
that has a preventative measure, SIM is really going to allow you to go back and rebuild

51
00:05:10,940 --> 00:05:17,140
what happened at that moment in time, either from a forensic standpoint or just to clue

52
00:05:17,140 --> 00:05:25,740
you into what's happening. Right on. And when it comes to the importance of that, so say

53
00:05:25,740 --> 00:05:36,060
it's 2024 now, right? So where were things in your opinion, three, four, five, six years

54
00:05:36,060 --> 00:05:42,220
ago, just as an industry as a whole, not maybe specific to just where Nectar Labs spent their

55
00:05:42,220 --> 00:05:47,460
time, but the importance of why do what you just said?

56
00:05:47,460 --> 00:05:54,460
Yeah. I mean, in terms of SIM and capability, I mean, the capability has increased tenfold

57
00:05:54,460 --> 00:06:01,980
over the past five to six years. I mean, just looking at the landscape in general of why

58
00:06:01,980 --> 00:06:08,660
SIM is important or why similar tools like SIM are important, I mean, prior to 2020,

59
00:06:08,660 --> 00:06:16,380
I mean, there's always been breaches and there's always been a lot of compromise at the consumer

60
00:06:16,380 --> 00:06:21,980
level with a lot of different broad consumer products. I mean, just look at the Marriott

61
00:06:21,980 --> 00:06:30,420
breach. But between now and the last, you know, since 2019, there's been at least a

62
00:06:30,420 --> 00:06:37,740
bajillion breaches at the federal and the agency level. I mean, one of the biggest things

63
00:06:37,740 --> 00:06:43,500
that you know where, because private industry is always going to lead the charge, you know,

64
00:06:43,500 --> 00:06:48,100
they're always going to be at the tip of the spear. And then when you have regulation come

65
00:06:48,100 --> 00:06:53,700
into play or especially when there's stuff coming out of the White House, regardless

66
00:06:53,700 --> 00:07:01,100
of the administration, I mean, there's been several executive orders about specifically

67
00:07:01,100 --> 00:07:09,300
that seem capabilities regarding aggregation of logs and reporting and incident response.

68
00:07:09,300 --> 00:07:14,060
There's been several executive orders. There's been agency level directives, which are just

69
00:07:14,060 --> 00:07:20,460
going to trickle down into private industry as mandates just because, I mean, to put it

70
00:07:20,460 --> 00:07:26,380
bluntly, the federal government's been embarrassed the past five years with multiple breaches

71
00:07:26,380 --> 00:07:32,700
of not just from the military, but also personnel. I mean, the OMB breach, you know, comes to

72
00:07:32,700 --> 00:07:42,660
mind. So where things are going from a capability standpoint before SIM was really just to kind

73
00:07:42,660 --> 00:07:48,980
of shoot a flare, raise a flag, let you know that something has transpired. But as we move

74
00:07:48,980 --> 00:07:55,100
forward, especially as traditional infrastructure moving down to the endpoint and protection

75
00:07:55,100 --> 00:08:00,300
of the endpoint has changed, especially with endpoint detection and response with EDR,

76
00:08:00,300 --> 00:08:07,580
you really see where EDR paired with SIM paired with especially getting seasoned with machine

77
00:08:07,580 --> 00:08:15,300
learning or especially AI reactive, protective and preventative measures. That's really going

78
00:08:15,300 --> 00:08:22,620
to be the future of how quickly can we thwart a breach as soon as there is a, you know,

79
00:08:22,620 --> 00:08:30,060
detected potentially malicious or even just an incident that can get quarantined and reviewed.

80
00:08:30,060 --> 00:08:34,980
Maybe it wasn't malicious, but it was definitely something that was out of the ordinary and

81
00:08:34,980 --> 00:08:40,620
anomaly. So that's really where SIM is moving in the future.

82
00:08:40,620 --> 00:08:46,780
That is a piece that I think a lot of people want to put into automation and try to lessen

83
00:08:46,780 --> 00:08:51,780
the burden on that. But, you know, how much reliance can you have on something that is

84
00:08:51,780 --> 00:08:56,180
machine learning or, you know, quote AI, it's still going to come down to the human element

85
00:08:56,180 --> 00:09:00,940
because the attacks aren't just, you know, sophisticated digital attacks. There's social

86
00:09:00,940 --> 00:09:06,140
engineering, there's different ways that breaches, as you said, they happen. Some of them are

87
00:09:06,140 --> 00:09:10,340
very embarrassing. I think we've seen some companies seem to spend more time on their

88
00:09:10,340 --> 00:09:15,780
breach response plan than they actually do on their incident response plan. Very impressive

89
00:09:15,780 --> 00:09:19,820
response to a breach, but maybe if they had shifted some of that effort towards this,

90
00:09:19,820 --> 00:09:25,860
the inter 171 CMMC realm that has changed quite a bit since we first started working

91
00:09:25,860 --> 00:09:31,860
together years ago. You know, it's a huge topic. There's a lot of small businesses,

92
00:09:31,860 --> 00:09:36,340
a lot of disadvantaged businesses in the supply chain of the Department of Defense and across

93
00:09:36,340 --> 00:09:43,180
the federal government contracting space. But you guys are tailored for this specific

94
00:09:43,180 --> 00:09:48,780
market so well, but where do you see the struggles from organizations that are looking to achieve

95
00:09:48,780 --> 00:09:50,500
these compliance requirements?

96
00:09:50,500 --> 00:09:56,900
Yeah, I mean, in terms of there's been a lot of different companies that we've worked

97
00:09:56,900 --> 00:10:06,460
with all different sizes. And the commonality across is really when it comes to resources

98
00:10:06,460 --> 00:10:13,020
that they have, whether it's from a monetary standpoint, financial, whether it's from a

99
00:10:13,020 --> 00:10:19,380
personnel standpoint, technical expertise, a lot of the scene vendors that are out there

100
00:10:19,380 --> 00:10:26,300
are definitely tailored towards mid market enterprise. So they're relying upon having

101
00:10:26,300 --> 00:10:33,660
dedicated personnel, dedicated time, and prior experience with a product like theirs in order

102
00:10:33,660 --> 00:10:41,060
to be successful. So when you're looking at not only just the financial cost of purchasing

103
00:10:41,060 --> 00:10:48,700
a product, there's additional man hour time and trial and error. And one of the biggest

104
00:10:48,700 --> 00:10:53,620
things with setting up a scene is having it work for your environment and having to tailor

105
00:10:53,620 --> 00:11:01,460
it. So how long is it going to be before that scene is operational and efficient. And what

106
00:11:01,460 --> 00:11:07,460
we see is more often than not, the seams aren't operational, and they're definitely far and

107
00:11:07,460 --> 00:11:12,260
away, you know, efficient from their setup. So what we try to do with with Nectar is have

108
00:11:12,260 --> 00:11:16,660
a lot of commonality of different vendors that we see in the space, different types

109
00:11:16,660 --> 00:11:23,660
of setups, and then also, of course, what needs to be configured for CMMC, where we

110
00:11:23,660 --> 00:11:29,100
have a lot of things built out of the box and ready to go on day one. Like we've had

111
00:11:29,100 --> 00:11:35,500
we had a client one time where we, we got them the product, we had the procurement,

112
00:11:35,500 --> 00:11:41,300
we shipped our one of our appliances to them to stand up. And I had actually gotten an

113
00:11:41,300 --> 00:11:48,620
email from someone in their purchasing department that was clearly a fish. And I reached out

114
00:11:48,620 --> 00:11:55,700
and I said, Hey, think, think something happened with one of your mailboxes. And they said,

115
00:11:55,700 --> 00:12:02,220
we know, we actually installed Nectar in the afternoon. And we were able to, you know,

116
00:12:02,220 --> 00:12:09,100
pull in our 365 logs and spot that hijacked mailbox on, you know, day one, and it had

117
00:12:09,100 --> 00:12:13,900
happened actually the morning of that of that same day. So they were able to go into Nectar

118
00:12:13,900 --> 00:12:20,140
and do a post op where with other seams, you know, that could have taken longer, or they

119
00:12:20,140 --> 00:12:25,620
might not have ever seen it. Because another issue with seams is just so much log data,

120
00:12:25,620 --> 00:12:31,100
potentially, if it's not set up correctly. And Nectar, Nectar does a lot of pre parsing

121
00:12:31,100 --> 00:12:37,500
to eliminate noise. So you know, that's one example, especially when it comes to this

122
00:12:37,500 --> 00:12:44,260
market, CMMC, a lot of small businesses, this is their first seam purchase. So they don't

123
00:12:44,260 --> 00:12:48,820
know how to evaluate, they don't know even how to really use it. And they definitely

124
00:12:48,820 --> 00:12:55,060
don't have one, you know, full time employee or one FTE person to dedicate to, hey, can

125
00:12:55,060 --> 00:13:02,260
you just babysit this one application? Forever? It's just not, it's not going to happen.

126
00:13:02,260 --> 00:13:08,700
Yeah, and that, I think that's a, that's a great final point there on that topic is,

127
00:13:08,700 --> 00:13:13,480
as it seems so easy to have something in checkboxes that you have, I know, sorry, I can't pass

128
00:13:13,480 --> 00:13:18,060
it up. But the, you know, having having it having something, having it plugged in and

129
00:13:18,060 --> 00:13:24,260
having it and saying I have it in your documentation does not mean that you're using it correctly.

130
00:13:24,260 --> 00:13:28,940
And I think from our perspective, too, that's where we see a lot of eye openers is, oh,

131
00:13:28,940 --> 00:13:33,900
yes. Okay, so now I see why that's important, specifically from the DOD's eyes or the government's

132
00:13:33,900 --> 00:13:39,340
eyes on, yeah, I should be able to have this monitored. And you mentioned scope, if scope

133
00:13:39,340 --> 00:13:43,900
changes, you know, think about how many things changed four years ago in the pandemic hit.

134
00:13:43,900 --> 00:13:47,980
And now we've got people working from home, we've got everyone went to cloud. Maybe that's

135
00:13:47,980 --> 00:13:52,920
one thing we didn't mention where it's just to spend such a shift, seismic shift of everyone

136
00:13:52,920 --> 00:13:59,100
moving from traditional on prem to cloud and not factoring in the massive surface area

137
00:13:59,100 --> 00:14:02,640
that they're introducing with that with that move.

138
00:14:02,640 --> 00:14:06,980
And now we see we're seeing moves of a different type people are consolidating offices and

139
00:14:06,980 --> 00:14:11,740
now they're opening new offices, they're shifting people and locations and migrating together.

140
00:14:11,740 --> 00:14:16,980
And yeah, it's it's, you know, but it is it's a great feeling to be able to know that you

141
00:14:16,980 --> 00:14:21,380
you can see things that are off. You can not not everything is serious, right? That's another

142
00:14:21,380 --> 00:14:25,700
big topic that not everything's a breach. Not every incident is a breach. All that kind

143
00:14:25,700 --> 00:14:30,740
of stuff is being able to have a grip on that. But assigning that responsibility and accountability

144
00:14:30,740 --> 00:14:35,300
is a is a huge deal because what good is identifying a breach if you don't know how to shut it

145
00:14:35,300 --> 00:14:41,420
off and and then learn from that. So well, OK, well, thank you. This was this was the

146
00:14:41,420 --> 00:14:46,420
whole intent of the quick 10 podcast is to try to get through topics like this. So thanks

147
00:14:46,420 --> 00:14:51,200
for thanks for joining us. Again, overall goal here is just to help businesses better

148
00:14:51,200 --> 00:14:56,180
understand the same implementation and you know what's important, what's what's what's

149
00:14:56,180 --> 00:15:00,660
going to change in the future. Changes are coming. You know, they will. They always will.

150
00:15:00,660 --> 00:15:05,020
So thanks for thanks for being a good sport and jumping on here. If people do want to

151
00:15:05,020 --> 00:15:12,060
learn more about Nectar Labs, where would you like them to go, Patrick? Yeah, I mean,

152
00:15:12,060 --> 00:15:19,660
our website is number one first good place to go. So Nectar Labs dot com. Any Q T E

153
00:15:19,660 --> 00:15:27,180
are L.A.B.S. dot com. And we do have monthly webinars where I review new features, do Q

154
00:15:27,180 --> 00:15:33,420
and A. We have a YouTube channel again at Nectar Labs. You can check that out. And then,

155
00:15:33,420 --> 00:15:39,860
of course, I'm always available via LinkedIn or email if you want to hit me up at Pat P.A.T.

156
00:15:39,860 --> 00:15:45,820
at Nectar Labs dot com. Awesome. Well, thank you for that. Probably need to do the disclaimer

157
00:15:45,820 --> 00:15:51,820
here that this was a conversation for education purposes and not legal advice by any means.

158
00:15:51,820 --> 00:15:58,740
So but please reach out to Nectar and you can always visit our website as well at W.W.

159
00:15:58,740 --> 00:16:05,080
dot quick track dot com. Quick is spelled C.U.I. C.K. Just like the title of the podcast.

160
00:16:05,080 --> 00:16:09,320
And we can help you there. So thanks again, Patrick, and for joining us and for future

161
00:16:09,320 --> 00:16:15,700
episodes of the quick track podcast, you can subscribe on Spotify, Apple podcasts, YouTube

162
00:16:15,700 --> 00:16:20,460
and then some other platforms as we continue on. So thank you again, Patrick. And we look

163
00:16:20,460 --> 00:16:46,300
forward to you being on as a guest next time. Thanks, Derek. Thanks for having me. See you.