Secureworks is a U. S. headquartered publicly listed security company offering extended detection and response, XDR, systems, and services.
Majority-owned by Dell, its XDR is marketed under the Taegis product manufacturer. For mid-market consumers looking for more specialized security options at a reasonable price, the company introduced a” ManagedXDR Plus” offering this year.
In July 2024, Secureworks CEO Wendy Thomas visited Australia and stated that the XDR providing was appealing to mid-market users who may not have the resources to build a surveillance activities center but are concerned about the possibility of cyberattacks, particularly in light of numerous significant native breaches in the area.
Thomas added that more unpleasant government operations may be conducted in Australia and APAC in order to destroy or defame threat actors in collaboration with private-sector security providers. She added that technology customers should evaluate their reliance on technology systems as a result of the new CrowdStrike outage.
TR: What brings you to Australia and the APAC place?
Peter: Secureworks has been in Australia for more than a decade, so we have a very good, growing business around, it has grown about 50 % over the last two years. Because Secureworks is able to provide them with services in various languages 24/7, 365 days a month, we have some very large international customers below. So I’m here to join with those customers and to do some community-building.
We also spend a lot of time with international state organizations that are taking proactive steps to improve their security method and how they can help the world’s business and consumer communities as a whole. We all need to be ready for and make better defenses for the world of cyberattacks, whether it is nation-state action or cybercriminal activity.
TR: What is driving Secureworks ‘ business development in Australia?
Peter: Security is an exciting space where people see the headlines but finally think,” no person’s going to pin my business”. With the advent of ransomware in recent years, establishments are no longer safe places to go when you may assume no one would be able to break into. Hospitals, schools, smaller businesses — everyone today is a possible unscrupulous target of cyber criminals.
For that reason, you have to have a minimal amount of security in place. For most companies, it makes no sense to try to take that kind of security skills into the company. It’s not economical, and it’s not robust. No one person can manage it 24/7 themselves. You are not privy to the global risk environment.
The need for plain, straightforward, consistently priced, outcome-focused protection solutions has been the primary cause of our current growth here in Australia.
TR: What types of people are interested in this kind of supplying, in your opinion?
Peter: There’s definitely two information of clients in this marketplace that we serve. The first are quite large, global, international businesses who really need a companion to stable them around the sun. And those are usually huge, much customer relationships, which have grown as they’ve been advancing their safety position over many years. We continue to work with them and support them with developing AI changes.
Notice: American SMEs are reducing IT costs amid technology difficulty
Where we see robust growth is in the mid-market. True resources are present in these businesses. If malware cause their business to go down, it would mean substantial damage to their reputation, their revenue and their customers.
They are willing to put in a reasonable amount of money to prevent that. There is a lot of room for improvement in that area by demonstrating that Secureworks ‘ partnership is not as complicated as they might think. That decision for them is usually pretty straightforward. It’s a risk-versus-reward decision to make.
TR: Are you seeing any trends in cybersecurity product-buying behavior in the market?
Wendy: This is a pretty dynamic conversation right now. I am probably oversimplifying, but there are basically two camps.
There are those who just want the outcomes. They want to know you are monitoring their environment, and if something happens, you will contain it and take care of it. You have certain SLAs]Service Level Agreements ] or commitments to them, they spend a reasonable amount, and they sleep at night. We call those the “do it for me”, or maybe the “do it with me” type of security partnership. They do n’t care what the tools are. They’re not trying to read up on the latest technology, or the latest industry quadrant. They are not attempting to construct the Taj Mahal.
In the other camp are organisations that want to buy layered, different technology products. They are more,” I want to build my own gym. I want this bike and that treadmill, these weights, and I want to lose this much weight”. They want to participate in the “how,” so they are willing to spend more because that is what it does.
However, when that diversity is present, if you will, there is some incremental security value that almost almost makes those additional goods more advantageous.
TR: In the current cybersecurity environment, which strategy do you believe is best?
Wendy: There’s been a debate for the last nine months or so in security about whether those best-in-breed products should go to a platform approach. A platform that works with Secureworks allows users to use a variety of tools. Regardless of what the stack looks like, our Taegis offering, where” T” stands for technology and” aegis” stands for shield, reflects our intention to provide a shield over all of that. We do n’t force people to rip out those tools and replace them.
Larger companies, like Microsoft or Palo]Alto Networks ] are trying to do all of the things that those products do. But that puts you into a closed or a walled garden-type of ecosystem. Obviously, that gets more share of wallet, but that kind of defeats the purpose. It gives you simplicity, but it does defeat the purpose of that multi-layered defense, and not being locked in, and having interoperability and all of those things. And in terms of resilience, you’re now very much dependent on one provider.
The organization’s size and willingness to take part in an in-depth analysis of the security tooling available will contribute to that discussion, which will likely continue.
TR: Australia recently released its 2023-2030 Cyber Security Strategy, but they’ve also experienced a number of high-profile attacks. How do you assess their cybersecurity environment?
Wendy, I think it’s always brilliant and encouraging to see governments adopt long-term plans for cyber security. I think there’s a very important, absolutely necessary and unique role that the government plays in bringing together the sector, law enforcement, and diplomatic relationships, so that we can all work together. From where I sit, the 2030 strategy is fantastic and ambitious.
I recently spent time in London with the National Cyber Security Center and the National Crime Agency, two of Australia’s other parallel organizations. And what’s powerful about their interactions with the private sector is not just the bi-directional sharing of threat intelligence and tradecraft, but also the shift from being defensive to being offensive, like with CISA [Cybersecurity and Infrastructure Security Agency ] in the United States.
When you consider the significant disruption that occurred when businesses like Secureworks and the National Crime Agency collaborated in the LockBit takedown, seriously affecting the largest ransomware provider in the world. The impact is greatest when the economic model of cybercriminals is broken. That is when they’re not able to target your grandmother or your small business, and only government relationships, government entities can take on that type of task.
We’re delighted to see both an Australian strategy that helps people understand their role in helping others and preventing these cybercriminals ‘ economic models as well as this proactive enforcement that many of us initially believed was unattainable five years ago.
TR: AI is a big topic in cyber security. Are there any other AI-related threats from cyber criminals?
Wendy: We are seeing old techniques but with a better wrapper. We’re not talking about large-scale spending, though. They wo n’t use the best tools available to increase their yield, but they will instead use the best, shiny new item. Unfortunately, phishing emails have been a very lucrative approach, and AI has just made them better.
Although deepfake videos are still discernible with the naked eye, it has also been expanded to include voice calls or deepfake videos, which can be quite plausible. We’ve definitely seen those examples, but there have n’t been any more successful breaches from them so far. In a deepfake video that pretends to be an executive, these attacks are primarily intended to extort money from the vendor. There’s usually an urgency to it, and it seems believable enough. The victim then pays the actor the actor.
My team wants to use AI, but they’re releasing sensitive company data into those models, so I have to guard against that, according to the majority of companies right now. However, I also need to do more to alert my team to the increasing sophistication of these relatively inexpensive tools.
TR: What should Australian cybersecurity professionals concentrate on at the moment, in your opinion?
Wendy: The first thing I’m hearing when I talk to customers, certainly here and in Asia, is the impact of China. So far, the threat that is being discussed is not related to the cybercrime ecosystem known as ransomware. We’re talking about nation-state activity. More specifically, that activity involves obtaining intelligence and obtaining intellectual property. So we spend a lot of time with specific customers and specific industries in the area where that kind of activity might be targeted.
The other issue is with AI’s strength and peril. As with any new technology, there’s something that’s great about it, we use AI and machine learning and large language models in security to make us better, faster and stronger, to protect our customers.
There is also a risk associated with AI, where the use of AI can somewhat improve and enhance existing tradecraft. Large language models currently have the ability to make phishing emails look pretty good. Additionally, social media scraping allows for personalization, causing the language to resemble the business that criminals are representing or misrepresenting.
To be able to notice those with the naked eye, awareness has got to really ratchet up as individuals, whether that is as an employee protecting a company, or as individual consumers.
TR: CrowdStrike recently experienced a global outage, affecting millions of devices worldwide. Are there any negative effects on your business and your customers as a cyber security player?
Wendy: Yes, of course. These things tend to go through an arc where, at first, it’s just about “what’s going on”? and ‘ how do we recover from that?’ And we certainly spent a lot of time with our customers who use CrowdStrike endpoint technology to let them know that their machines were going down and then coming back up.
Then you come past the crisis, and people step back and say, “what does this mean”?
SEE: 4 CrowdStrike alternatives and competitors in 2024
I think there’s two aspects to that. One is specific to the way they’re executing security inside of the sensitive]Microsoft ] kernel, in a way that can take down the core system and not just an application. Do security companies want to use that approach when designing endpoint security? On that front, in my opinion, things will change. For example, there are open source options, there are protected operating system options.
I think the broader question that will be asked is, “how do I trust my providers”? ]and ] hold them accountable to certain standards of quality. And given the dependence on them, how do I prepare as a company, a hospital, a school, or an individual, for when one piece of this highly interconnected world goes down?
TR: Should businesses take action following the outage?
Wendy, I spoke with a customer yesterday, and they were running smoothly. They had a few machines that went down, and they recovered quickly. However, their partner who was in charge of selling their services abruptly quit. So, despite their best efforts and their recovery efforts, there were those who were there who were also affected.
Therefore, it’s about starting a conversation and becoming aware of risks, not just third-party risk but fourth-, fifth-, and sixth-party risk. And then what? What is your company’s backup plan in case something that keeps your company running goes down?
We help customers with that preparedness, regardless of what causes that outage, if you will, because that’s the conversation now, it is all about resilience.
TR: What legal counsel would you offer cybercriminals in Australia to defend their businesses?
Wendy: You may not have the fanciest technology, but the same things that we’ve known we should do for years can protect businesses from the vast majority of these attacks — things like complex passwords, or some way to authenticate with multi-factor authentication. Use your text, use your email, just create a little friction, because a little bit of friction goes a long way in making you an uneconomic target.
