Cloud 9 Advisers - News #cybersecurity

Redefining Connectivity in the Digital Age

Fri, 07 Feb 2025 13:17:45 -0500

How SDWAN and SASE Fuel the Age of AI and Digital Strategy

Advanced Networking: The Foundational Requirement for the AI Era

The convergence of network optimization and cloud security transforms connectivity from a simple utility into the core strategic asset that enables mobility, IoT, and AI-driven growth.

Updated!

The modern network acts as an intelligent traffic control layer, prioritizing real-time AI data while securing every access point.

Advanced Networking: The Foundational Requirement for the AI Era

The modern B2B technology landscape is defined by two relentless forces: the shift of critical applications to the cloud, and the universal need for advanced, real-time data analysis. As customer needs evolve, driven by demands for instant communication, ubiquitous mobility, and sophisticated analytics, network architecture is no longer a back-office utility—it is the ultimate strategic enabler.

Advanced solutions like cloud infrastructure, sophisticated cybersecurity defense, and transformative Customer Experience (CX) platforms are reshaping how network management operates. Without a high-performing, flexible, and secure network foundation, these initiatives cannot deliver their promised value. In fact, a brittle, legacy network architecture quickly becomes the single biggest bottleneck that cripples digital transformation.

This realization is driving the rapid adoption and evolution of Software-Defined Wide Area Networking (SDWAN) and the mandatory shift to Secure Access Service Edge (SASE). These are the twin pillars of advanced connectivity, transforming the network from a cost center into a true competitive asset.

The AI Gold Rush and the Network Bottleneck

The excitement surrounding Artificial Intelligence (AI) and Machine Learning (ML) is palpable. From large language models (LLMs) used for generative tasks to predictive analytics driving operational efficiencies, every business is exploring how to harness this power. This technological pursuit can be described as the AI Gold Rush, and the fuel for this rush is data.

However, the reality of deploying and scaling AI is harsh: AI models are voracious consumers and producers of data.

Training Data Load: Training new models requires moving massive, multi-petabyte datasets, often between enterprise locations, cloud storage, and specialized compute clusters. These sustained, heavy data streams place an immense strain on conventional wide area networks.
Real-Time Inference: When models are deployed for real-time use (e.g., fraud detection, robotic process automation, or instant translation), the network must handle constant, bidirectional streams of inference data. This traffic demands extremely low latency, as milliseconds of delay can render the AI's result useless or too late for the human decision-maker.
Edge AI and IoT: The proliferation of IoT devices and edge computing—essential for modern industrial operations or retail analytics—means AI is often deployed outside the data center. The network must aggregate data from thousands of endpoints, securely transport it for analysis, and then deliver inference back to the edge with near-zero delay.

Legacy networks, designed primarily for static user-to-data-center traffic, are simply not equipped to handle the sheer volume, velocity, and priority requirements of these diverse AI data loads.

SDWAN’s AI Role: From Bandwidth to Intelligent Transport

This is where the evolution of SDWAN becomes critical. SDWAN is moving beyond simply pooling bandwidth; it is now integrating AI and Machine Learning to enable a level of control that manual configuration could never achieve.

The network must become self-aware and adaptive:

Adaptive Routing: Integrated ML capabilities allow the SDWAN solution to constantly monitor the quality of every available link (fiber, broadband, 5G, satellite) in real-time. If it detects a spike in jitter or packet loss on one link, it doesn't just failover; it instantly and preemptively steers critical traffic—like that associated with a remote AI inference operation or a vital cloud application—to a healthier path, often without any human intervention or network interruption.
Application-Tailored Performance: Clients are prioritizing application-tailored performance over generalized capacity. A network built for the AI era must be intelligent enough to identify a large, non-urgent data backup (which can handle some latency) versus a sensitive UCaaS voice packet or a critical AI data stream. It uses its prioritization, optimization, and acceleration capabilities to allocate resources based on the business criticality of the application, ensuring that the most valuable traffic always wins.
Convergence of Network, Mobility, and IoT: SDWAN facilitates the convergence of these three domains into a cohesive transport solution. By providing flexible, policy-driven connectivity, it ensures that real-time data transmission from mobile devices, manufacturing sensors, and cloud services flows efficiently. This integration is essential for providing the seamless, user-friendly experience modern businesses demand.

SDWAN is no longer about getting more data through the pipe; it’s about making the pipe smarter, turning it into a dynamic data delivery system that is a prerequisite for successful AI adoption.

SASE and Security: Unifying the New Perimeter

A conversation about advanced networking, especially one related to enabling AI and mobility, is fundamentally incomplete without addressing cybersecurity. As the network shifts to the cloud, the perimeter dissolves, and the risk surface expands exponentially. This is the driving force behind the mandatory shift to SASE (Secure Access Service Edge).

SASE and CASB (Cloud Access Security Broker) frameworks are transforming organizational security approaches by replacing fragmented, appliance-based security with a unified, cloud-native platform. This is the only way to manage the complexity and scale of modern threats.

The integration of network optimization (SDWAN) and security convergence (SASE) delivers profound advantages:

Zero Trust Enforcement: A true SASE architecture embeds Zero Trust Network Access (ZTNA). Instead of relying on the physical IP address of a location—which is obsolete in the mobile world—access policy is tied to the user's identity and the real-time posture of their device. This is crucial for protecting the sensitive data fueling AI, ensuring that only verified identities can access the massive data lakes required for model training and deployment.
The Single Pane of Glass: SASE integrates multiple security functions (Firewall-as-a-Service, Secure Web Gateway, CASB) into a single software stack delivered from the cloud. This unified management platform greatly reduces the complexity, operational overhead, and security gaps inherent in multi-vendor, disparate solutions. Monitoring and managing security risks through a single interface provides unparalleled visibility and consistency across all endpoints and cloud resources.
Pervasive, Low-Latency Security: Because SASE is delivered via a global network of PoPs (Points of Presence), security inspection happens close to the user, eliminating the need to "backhaul" traffic. This ensures that the security layer does not introduce performance-crippling latency, preserving the speed and efficiency required by AI and real-time cloud applications.

In the advanced network, security is not an afterthought; it is an inseparable, integrated function of connectivity.

Understanding the Client Imperative

The reality is that these advanced solutions are not a plug-and-play, one-size-fits-all commodity. They require a rigorous, third-party assessment to ensure they align with the unique needs and growth objectives of each business.

Designing effective networking solutions in the age of AI and SASE requires:

Thorough Needs Assessment: Moving past simple link capacity metrics to understanding application requirements, data flow patterns (where the AI and IoT data is being generated and consumed), and specific security mandates (compliance, PII, etc.).
Strategic Alignment: Ensuring that networking capabilities are not just meeting technical requirements but are directly enabling broader business objectives, such as a major cloud migration, the implementation of a new AI strategy, or the expansion of a mobile sales force.
Vendor Neutrality: The market is saturated with vendors, each claiming a unique flavor of SDWAN or SASE. A trusted adviser is required to cut through the marketing noise, evaluate the true integration of the underlying technology, and shortlist providers that offer a genuinely unified, high-performing solution.

The digital age demands constant vigilance and architectural foresight. The successful organizations are those that view their network not as an expenditure, but as the core platform for innovation.

At Cloud 9 Advisers, we have a deep understanding of the challenges and opportunities at the intersection of AI, security, and connectivity. We are committed to providing our clients with the vendor-neutral insights and strategic solutions they need to navigate this complexity, achieve their business goals, and stay competitive in a rapidly evolving digital environment.

KITS: Keep IT Simple.

SD-WAN

See our other articles about SDWAN and SASE:

The Engine that Drives AI

The 'Real' SDWAN Test:

Never Trust and Always Verify

Google: an alternative

Mon, 17 Jun 2024 16:13:10 -0500

Google Raises Concern's about Microsoft Security: New Whitepaper shows

The Department of Homeland Security’s Cyber Safety Review Board (CSRB) found that repeated security breaches against the federal government were due to a cascade of security failures at Microsoft, as well as a corporate culture that deprioritized cybersecurity.
Google proposes a safer alternative.

View and download Google's whitepaper

Following several high-profile cybersecurity incidents, Microsoft faces scrutiny. Google's new white paper, "A More Secure Alternative," highlights its own security practices while referencing a Department of Homeland Security's Cyber Safety Review Board (CSRB) report that identified security failures and poor cybersecurity culture and focus within Microsoft. This report may influence customer decisions: Google or Microsoft?

Scathing report from DHS

Microsoft's security vulnerabilities reached a critical point recently, exposing U.S. and U.K. government customers in a series of high-profile attacks. Notably, a 2023 incident by Storm-0558 compromised sensitive government accounts across 22 organizations, impacting over 500 individuals and tens of thousands of emails. This breach triggered a scathing report from the Department of Homeland Security's Cyber Safety Review Board (CSRB). The report exposed a chain reaction of security failures and a corporate culture that downplayed both enterprise security investments and rigorous risk management.

Further amplifying concerns, a separate high-profile incident involved state-backed cyber actors known as Midnight Blizzard. This group successfully compromised Microsoft corporate email accounts, enabling them to steal email exchanges between Federal Civilian Executive Branch (FCEB) agencies and Microsoft. This critical breach prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue Emergency Directive ED 24-02.

What is the real target?

It's pretty obvious now that government agencies are a prime target for cyberattacks due to their sensitive data and many other factors. Most agencies heavily rely on Microsoft products. In a 2022 Google survey, 84% of all Washington, D.C. metro area employees use Microsoft products. Furthermore a broader survey from Omdia found 85% of all federal government employees use Microsoft.

Google Workspace has sizable market share in the business, education, and healthcare sectors - largely due to its ease of use, simple and intuitive interface, comprehensive billing, and most importantly advanced cybersecurity protections built-in.

Does that mean bad actors are targeting customers of Microsoft or going after specific targets of interest? That remains to be seen but likely a little of both. If the target is interesting enough it doesn't matter what platform or systems are used.

Another important question might be: if the tables were turned, Google happened to have higher market share in government, would the "scathing report" be about them? Of course Google doesn't think so.

Things to consider

No one is suggesting you haul off and switch you entire business or government agency from Microsoft to Google (oh, wait... no, that is exactly what Google is hoping for!) but, it might be a good opportunity for a deeper inspection and even a thorough evaluation/comparison of the two. At the least to see what the other has to offer. At least the whitepaper is compelling enough for customers to probe for more.

Considering such a decision is so big and impactful for everyone involved, consider outside help. A technology adviser or IT consultant can guide you through the process and introduce you to the right experts and partners.

Not all is lost

Google is certainly an option, and a pretty good one at that. Microsoft has made announcements addressing some of the concerns outlined in the report. They are making efforts to change the behavior and culture within Microsoft ranks. A recent Dark Reading article reports that at least a portion of executive compensation will be tied to meeting security goals.

Get Started Now

About Cloud 9

Our advice always has been and remains: get the right partner in place. Having the right Microsoft or Google partner will have profound impact on your experience with either platform. Consider Cloud 9 your partner finder! That's all we do - connect our clients with the right partners, vendors, suppliers and service providers for Cybersecurity, Communications, Connectivity, and Cloud.

Key security Concepts, 1

Mon, 13 May 2024 05:42:00 -0500

Confidentiality. Integrity. Availability.

A cybersecurity framework is a set of practices, policies, and procedures that help an organization to create an effective security program. Key concepts for Cybersecurity is starting with a framework. There are plenty of pre-built frameworks available to guide you based on your industry, like NIST, PCI, HIPAA, ISO and more. But before you go there, and maybe before you even pick one, you should start with the Three Rules or Three. The first set starts with Confidentiality, Availability, and Integrity. This is the fine balancing act for Cybersecurity, also known as the “bedrock principle for Cybersecurity.” There’s no such thing as perfect security, you can’t spend all resources on all three areas - so focusing on your specific business needs, and identifying which of these are most important to your business and the separate business units helps properly align Cybersecurity solutions with business outcomes.

If your an accounting firm integrity of data might be most important to you. If your an e-commerce company, then availability is critical. If you're in healthcare, confidentiality may be paramount. Start with the overall needs of the business as a whole, then drill down to the specific needs of each department or business unit. Striking the balance is also important from department to department.

Get Started Now

How to truly go Passwordless

Fri, 26 Apr 2024 17:08:43 -0500

Go beyond the Passwordless hype

Replace dreaded passwords with an intelligent authentication system that learns how people work and keeps them more secure.

Enterprises need better security.

We all know human error is still the largest security "threat". Fortunately, awareness and training are starting to chip away at the problem. However, at the root of some 81% of data breaches, compromised identity and credentials are the biggest attack vector in the modern enterprise. $16B was spent on Identity and Access Management (IAM) solutions in 2020 yet the problem is only getting worse. Existing solutions are simply not sufficient. Enterprises need better security.

Are you and your users tired of being bombed with MFA requests?

Reach out to your Cloud 9 solutions specialist for an introduction to one of our newest, exclusive cybersecurity providers. They combine the strongest identity proofing, presence, biometrics, and behavioral markers in one continuous engine to deliver the most comprehensive passwordless solution on the planet (a little poetic license, but we’re pretty sure that is Tru).

Patented AI technology provides the strongest end-to-end identity verification authentication and continuous risk management for human and machine identities. In combination with your current or a new Security Awareness Training program it will help companies eliminate the most significant causes of data breaches - social engineering attacks, human errors, and misuse.

Passwordless - eliminate passwords as a means of authentication and enable clever and usable biometrics for authentication instead–without new hardware and systems

Continuous Adaptive Trust / Continuous Authentication (CAT) - Extend passwordless access beyond just point-in-time authentication, provide identity device and environmental risk assessment at multiple points in time during user sessions. Using patented ML and AI based learning systems that fuse biometrics, behavioral, device, and environmental signals to determine true identity continuously, in a globally compliant manner.

Converged - merge the digital and physical world by enabling trusted physical access to buildings, server rooms, restricted physical areas, and all integrated with Passwordless and CAT solutions.

COMPLETE

Cover all work scenarios with support for Windows, Mac, Linux, and servers; web and native mobile apps; and passwordless VDI and network access (VPN, wireless)

CONTINUOUS

Go beyond point-in-time initial authentication and extend security within the working session, continuously learning and assessing behavioral risk

CONNECTED

Easy to deploy into any environment with rich, standards-based, pre-built integrations

COORDINATED

Enjoy workflow and policy-driven self-service identity proofing, onboarding, and account recovery

CONVERGED

Unify physical and digital security into the same solution, allowing for greater flexibility in workplace design and management

Get Started Now

Cloud 9

Cloud 9 Advisers exists to help organizations make smart IT decisions quickly and confidently. We work with leadership and understaffed IT teams who are embarking on projects outside their wheelhouse and help to rationalize IT spend. We are objective, impartial, and unbiased technology sourcing experts with vendor-neutral engineering teams that focus on four critical segments: Cybersecurity, Communications, Connectivity, and Cloud. We do not sell solutions, we work with you to identify and research solutions. We are not another vendor, we are your partner helping you evaluate and compare vendors; so you can solve problems and achieve business outcomes, fast.

Gone Phishin'

Mon, 04 Dec 2023 11:53:38 -0500

SATs plus Phishing Simulation, A No-Brainer

Arm yourself with knowledge and enhance your organization's cyber resilience. Any Security Awareness Training (SAT) program worth it's salt should have phishing simulation built in. Uncover the power of testing your team's resilience against the ever-evolving threat of phishing attacks.

Strengthening Cyber Defenses

In the ever-evolving landscape of cybersecurity, where human error remains the leading cause of incidents, the significance of robust Security Awareness Training (SAT) cannot be overstated. A recent study by IBM revealed that a staggering 95% of cybersecurity breaches stem from human error, emphasizing the critical need for proactive measures. In our previous exploration of SAT, we delved into the pivotal role it plays in mitigating these errors. Now, let's journey further into the realm of cyber resilience and focus on a key augmentation to SAT – the indispensable Phishing Simulation.

The Power of Security Awareness Training:

Security Awareness Training (SAT) acts as a shield against the inadvertent actions and decisions that can lead to security breaches. It equips your staff with the knowledge to navigate the intricate web of scams, tactics, and evolving security threats. This empowerment, in turn, aids in fostering a security-conscious culture within the organization, reducing the exposure to potential risks.

Enter Phishing Simulation:

While SAT lays the groundwork for understanding security principles, the integration of phishing simulation takes your cybersecurity strategy to the next level. It serves as the litmus test for your employees' comprehension of security threats, specifically their ability to identify and thwart phishing attempts.

Putting Knowledge to the Test:

Phishing simulation operates on the premise of realism. By deploying lifelike phishing scenarios, organizations can gauge the reactions of their employees in real-time. Do they recognize the subtle signs of a phishing email, or do they inadvertently open the door to potential threats? The simulation provides invaluable insights into the efficacy of your SAT program and identifies areas that may require additional attention.

Creating a Cyber-Resilient Workforce:

The true value of phishing simulation lies in its ability to fortify your workforce against the ever-persistent threat of phishing attacks. It goes beyond theoretical knowledge, allowing employees to apply their learning in a practical setting. As they face simulated phishing attempts, the training becomes a dynamic experience, honing their instincts and enhancing their ability to make informed decisions.

Strategic Benefits of Phishing Simulation:

Measuring Security Awareness: Phishing simulation becomes a litmus test for your employees' security awareness. Identify those who may be more susceptible to falling victim to a phishing attack, enabling a targeted and effective SAT program.
Enhancing Phishing Identification Skills: Practical exposure to realistic phishing emails sharpens your team's ability to discern the telltale signs of a scam. This, in turn, empowers them to avoid clicking on malicious links or opening potentially harmful attachments.
Fostering a Culture of Security: Beyond individual training, phishing simulation contributes to creating a broader culture of security within your organization. When employees witness the organization's commitment to rigorous testing, they are more likely to embrace and adhere to security precautions.
Reducing the Risk of Data Breaches By reducing the number of employees susceptible to phishing attacks, organizations can significantly lower the risk of data breaches. This proactive approach safeguards against financial losses, reputational damage, and potential regulatory fines.

In the intricate dance between cybersecurity and human behavior, the synergy between SAT and phishing simulation emerges as a formidable defense. Together, they empower your workforce to navigate the digital landscape with confidence and resilience. As we continue to unravel the layers of cyber resilience, the integration of these two components stands as a testament to the proactive measures organizations can take to secure their digital future.

Cloud 9 Advisers

Let us help you find the right SAT and Phishing simulation solutions and providers. Our only job in this world is to help organizations buy "cool" and important stuff: i.e. cybersecurity.

The new SATs

Fri, 03 Nov 2023 15:20:08 -0500

Have you taken your SATs?

A well orchestrated Security Awareness Training (SAT) program for every single person in your company is perhaps the single most important cybersecurity tool, feature, element, solution, or service one could implement.

Knowledge is power

Human error is the number one reason for cybersecurity incidents. Security Awareness Training (SAT) is critically important for your staff and the integrity of your business - arguably more so than perhaps any other single cybersecurity solution or service. It helps to protect your organization from cyberattacks, breaches, data loss, and "silly" mistakes.

By training your staff on the latest security threats and best practices, you can help them to make more informed decisions about their behavior both online and while using company IT resources, reducing risk and exposure.

6 Reasons why

Human error is a major security risk: Studies have shown that a significant number of security breaches and data incidents occur due to human error. Employees may unknowingly fall victim to phishing attacks, click on malicious links, use weak passwords, or mishandle sensitive data. SAT helps educate and train staff members to recognize and avoid these common pitfalls, reducing the risk of security incidents caused by human error.
Protection against social engineering attacks: Social engineering attacks, such as phishing or impersonation, rely on manipulating individuals to gain unauthorized access or sensitive information. SAT teaches employees to identify and respond appropriately to these tactics, enhancing their ability to detect and report suspicious activities. By raising awareness of social engineering techniques, SAT helps create a more vigilant and security-conscious workforce.
Compliance with regulations and standards: Many industries are subject to specific regulations and standards regarding data protection and privacy, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA). Security awareness training ensures that employees understand these requirements and their role in maintaining compliance. Failure to comply with these regulations can result in severe penalties and reputational damage.
Reinforcing security policies and procedures: SAT serves as a platform to communicate and reinforce security policies, procedures, and best practices within an organization. It helps employees understand the importance of adhering to security guidelines and provides them with practical knowledge on how to handle sensitive data, use secure communication channels, and protect their devices. Regular training sessions help keep security at the forefront of employees' minds and foster a culture of security within the organization.
Mitigating insider threats: While most employees are trustworthy, insider threats can still occur. Security awareness training educates staff about the potential risks associated with insider threats, such as unauthorized data access or data theft. By raising awareness, organizations can encourage employees to report suspicious activities and create a sense of accountability within the workforce.
Reducing the impact of cyberattacks: In the event of a cyberattack, well-trained employees can significantly reduce the impact and help mitigate the damage. SAT equips staff with the knowledge and skills to respond effectively, report incidents promptly, and follow incident response protocols. Their ability to recognize and respond to security incidents promptly can help contain threats and minimize the potential harm to the organization.

Overall, Security Awareness Training is an important investment for any organization that wants to protect its data, resources, and IT assets from cyberattacks. By training your staff on the latest security threats and best practices, you can help to reduce the risk of security incidents and protect your organization's reputation and bottom line.

Cloud 9 Advisers can help

There are many problems faced when buying IT services and solutions. Two big ones are the pace of change and too many choices. Cloud 9 solves decision paralysis with our IT decision-making platform. You get an expert, one-on-one, that will guide you through the entire process. We'll help you identify and research proper solutions then evaluate and compare the multitude of security awareness training solutions available today.

Get Started Now

Remediation vs. Response

Thu, 26 Oct 2023 08:50:16 -0500

What about the "big R", Remediation?

There's a pretty big difference

We wanted to expand a little more on a previous article about EDR, XDR, and MDR. As many of you already know, the “r” is for response: Endpoint Detection and Response. Extended Detection and Response. Managed Detection and Response. But, for some reason there seems to be little confusion on what response actually means and what it does.

As with many things these days there are plenty of opinions. And like other things along that train of thought, they all stink. Except this one, of course!

There is an important and distinct difference between response and remediation:

Response is “a reaction to something”. Response in cybersecurity is focused on containing and mitigating the immediate threat. While we’re thumbing through the dictionary, mitigation is “the action of reducing the severity, seriousness, or painfulness of something”

Remediation, or to remedy on the other hand is, simply put, “to set right”. So to remediate a security incident is to fix it.

Pretty big difference.

Response and remediation are both important parts of any cybersecurity strategy and incident response (IR) plan. However, as shown, there is a key difference between the two. It is important to be able to quickly detect and then respond to an incident. But we would like to highlught that not all _DRs are created equal, and you should never assume that the solution or service you have in place automatically includes remediation. Having a plan in place for remediating security incidents quickly and effectively is also critical and in most cases, not necessarily included.

In the context of EDR, XDR, and MDR, both response and remediation are important capabilities. EDR, XDR, and MDR solutions can all help organizations to respond to security incidents quickly and effectively. However, remediation is typically more of a manual process that involves fixing the underlying vulnerability and other problems that caused the incident in the first place.

Some EDR, XDR, and MDR solutions may provide automated remediation capabilities for certain types of threats. For example, an EDR solution might be able to automatically remove malware from an infected endpoint. However, for more complex vulnerabilities, remediation may need to be performed manually.

Remediation can be performed by either the organization itself or by the security solution provider. It often depends not only on the solution/software, but also on the service selected and service provider you get it from.

EDR solutions typically provide tools to help organizations remediate threats on their own. Most out-of-the-box solutions won’t remedy a security threat.
XDR solutions can automate some remediation tasks, such as quarantining infected endpoints or blocking malicious traffic.
MDR providers typically provide full remediation services, including removing malware, patching vulnerabilities, and restoring data from backups.

It is important to note that the specific capabilities of EDR, XDR, and MDR solutions vary widely. When choosing a solution, it is important to consider the specific needs of your organization and to ensure that the solution you choose provides the necessary response and/or remediation capabilities.

Which organization is responsible for remediation (either you or the service provider( will depend on the specific solution, or rather service, in place. For example, some EDR solutions provide the option to have the security solution provider perform remediation on behalf of the organization.

Here are some examples of how remediation might be used in each of the three solutions:

EDR: An EDR solution might be used to remediate a malware infection by removing the malware from the infected endpoint.
XDR: An XDR solution might be used to remediate a ransomware attack by automating the process of restoring data from backups and isolating the infected endpoints from the network.
MDR: An MDR provider might be used to remediate a data breach by investigating the incident, identifying the affected systems, and taking steps to prevent the breach from happening again.

Overall, remediation is an important part of any cybersecurity strategy, and it is important to have a plan in place for remediating security incidents quickly and effectively. EDR, XDR, and MDR can all help organizations to detect and respond and get organizations on the right path to remediate threats and incidents effectively. But understand that most solutions are not a complete remediation plan or strategy.

Again, response is to react, mitigate is to reduce, remediate is to fix.

Security Readiness

You've done a great job so far, put all the right pieces in place, and now you need to be able to prove it. Or, you think your nicely buttoned up, but wouldn't mind a second pair of eyes.

Our comprehensive, customized Cybersecurity Readiness Report will give you 50 to 150 pages of dos, don'ts, best practices, and the latest strategies and innovations on your security preparedness. You'll get confirmation on some things, plenty of food for thought, and maybe even uncover some gaps you weren't aware of.

Schedule your Report

Cloud 9 Advisers

As a leading technology advisory firm with a security-first focus, Cloud 9 stands ready to help you unravel the complex web of noise and "FUD" you'll hear out in the cybersecurity marketplace. Cybersecurity should never be only about the latest products and solutions or the fear uncertainty, and doubt (FUB) often found in the marketplace. Cybersecurity isn't an IT problem, it is a business problem

Get Started Now

EDR, XDR, and MDR

Tue, 17 Oct 2023 17:49:19 -0500

EDR, XDR, and MDR: What are they and why are they important?

As one piece to a larger cybersecurity puzzle (strategy, plan, and ultimately, framework), EDR, XDR, and MDR are all cybersecurity solutions that help organizations detect and respond to threats. However, they have different features and capabilities.

Importance of EDR, XDR, and MDR

EDR, XDR, and MDR are all important cybersecurity solutions, but the best solution for an organization will depend on its specific needs and budget.

Organizations with limited resources may want to consider EDR. EDR solutions can be effective at detecting and responding to threats, and they are typically more affordable than XDR and MDR solutions.

Organizations with more complex needs may want to consider XDR or MDR. XDR solutions can provide a more complete view of threats and can automate threat detection and response. MDR solutions can provide organizations with 24/7 monitoring and threat response, which can be helpful for organizations with limited security resources.

What are they?

EDR (Endpoint Detection and Response) is a software solution that collects and analyzes endpoint data to detect and respond to threats. EDR solutions typically collect data from endpoints such as Windows Event Logs, Sysmon logs, and file system changes. They use this data to identify suspicious activity, such as malware infections, unauthorized access, and data exfiltration. EDR solutions can also be used to block threats and remediate incidents.

XDR (Extended Detection and Response) is a more comprehensive approach to EDR that collects data from a wider range of sources, including endpoints, networks, cloud, and user behavior. This allows XDR solutions to provide a more complete view of threats and to respond more effectively. XDR solutions typically integrate with other security tools, such as SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response), to automate threat detection and response.

MDR (Managed Detection and Response) is a service that provides organizations with 24/7 monitoring and threat response for their endpoints. MDR providers typically use EDR or XDR solutions to collect and analyze endpoint data. They then use this data to identify and respond to threats on behalf of their customers. MDR providers can also provide additional services, such as threat hunting, incident response, and compliance reporting.

In summary, the key differences between EDR, XDR, and MDR are:

Scope: EDR focuses on endpoints, while XDR collects data from a wider range of sources. MDR is a service that provides 24/7 monitoring and threat response for endpoints and other key components of the network.
Capabilities: EDR can detect and respond to threats, but XDR has more comprehensive capabilities, such as threat hunting and incident response. MDR providers can also provide additional services, such as threat hunting and compliance reporting.
Pricing: EDR solutions are typically priced per endpoint, while XDR and MDR solutions are typically priced per organization.

The best solution for an organization will depend on its specific needs and budget. Organizations with limited resources may want to consider EDR. Organizations with more complex needs may want to consider XDR or MDR.

Here is a table that summarizes the key differences between EDR, XDR, and MDR

Feature	EDR	XDR	MDR
Scope	Endpoints	Endpoints, networks, cloud, user behavior	Endpoints
Capabilities	Detect and respond to threats	Detect, respond, and hunt for threats	Detect, respond, hunt for threats, and provide 24/7 monitoring
Pricing	Per endpoint	Per organization	Per organization

Why should every company have either one, two, or all three solutions in place?

No matter what size or industry, every company should have well-thought-out cybersecurity solutions in place to protect against threats. Back in "the old days" the name of the cybersecurity game was prevention (only) - if you had a strong perimeter, then you're good! That thought process has shifted rather dramatically, because we know they'll get it regardless. Today, to protect yourself, you must first be able to detect those threats first in order to respond. EDR, XDR, and MDR can all help companies to detect and respond to threats effectively.

EDR is a great foundation for any cybersecurity strategy. Many will argue that EDR should be the first step. It can help to detect and respond to threats on endpoints, which are often the first target of attackers - especially considering so many remote/hybrid staff with access to company data.

XDR can provide a more complete view of threats and can automate threat detection and response. This can be helpful for companies with complex IT environments.

MDR can provide companies with 24/7 monitoring and threat response, which can be helpful for companies with limited security resources.

A typical company should have one, two, or all three of these solutions in place depending on its specific needs and budget. For example, a small company with limited resources may only need EDR. A large company with a complex IT environment may want to have all three solutions in place.

Company type	Best solution
Small company with limited resources	EDR
Medium-sized company with moderate resources	EDR and/or XDR
Large company with complex IT environment	EDR + XDR and/or MDR

It is important to note that this is just a general guide. The best way to determine which solution is right for your company is to consult with a vendor-neutral, unbiased cybersecurity expert.

Remember: if your company can only afford one cybersecurity solution, make it EDR

Readiness Report

Schedule a security interview with one of our experts, then in a few days, we'll generate a custom, 50 to 100 page Cybersecurity Readiness Report you can use as a playbook for your security strategy.

You can even use the report as ammunition for your case to get your security budget passed.

Book now

Security Experts

About Cloud 9

Cloud 9 Advisers, LLC was formed as a client-facing, business-to-business agency/firm in 2017 with the goal of forever changing the way businesses buy AI, cybersecurity, contact center, and other important IT-related services and solutions: faster, better, less formal, and with the high-quality due diligence and integrity that all companies expect.

Technology Sourcing Experts

SD-WAN and SASE

Thu, 15 Jun 2023 09:40:58 -0500

SDWAN & SASE: The Essential Guide to Converging Connectivity and Cloud Security

Beyond Buzzwords: What SDWAN and SASE Really Mean for the Modern Enterprise Network

Cloud-first operations demand a new network model. Understanding the roles of Software-Defined Wide Area Networking (SDWAN) and Secure Access Service Edge (SASE) is the first step toward building a truly resilient and secure edge.

SASE and SDWAN represent the necessary convergence of security (the perimeter) and networking (the pathway) in the age of cloud and hybrid work.

Beyond Buzzwords: What SDWAN and SASE Really Mean for the Modern Enterprise Network

For many IT leaders, the networking and security landscape over the past few years has felt like an endless alphabet soup. Two acronyms, in particular, have dominated strategic conversations: SDWAN and SASE.

Both are frequently discussed in the context of modernization, cloud migration, and supporting the hybrid workforce. This has led to widespread confusion, with many vendors incorrectly presenting them as competing solutions, or worse, claiming that one automatically includes the other without proper implementation.

At Cloud 9 Advisers, we act as pragmatic, expert advisers to help you cut through this noise. Simply put: SDWAN optimizes the network; SASE secures the edge. They are not competing technologies, but essential components that, when unified correctly, form the foundation of a modern, secure, and resilient network.

Understanding their individual roles is the first step to making the right strategic investment.

Part 1: Demystifying SDWAN (Software-Defined Wide Area Network)

SDWAN is fundamentally a revolutionary approach to Wide Area Networking (WAN). Traditionally, WANs relied on complex hardware—specific routers, expensive leased lines (like MPLS), and manual configurations—to connect separate locations.

SDWAN separates the control plane (the intelligence of the network) from the data plane (the physical connections). By shifting control to software, it gains two critical advantages: intelligence and flexibility.

The SDWAN appliance at each location becomes application-aware, meaning it knows the difference between a voice packet, an email, or a large file download. This intelligence is then used to optimize traffic flow in real time across any combination of underlying links (fiber, broadband, 4G/5G, etc.).

The Pragmatic Benefits of SDWAN

While SDWAN was originally designed to connect multiple locations effectively, it offers distinct and significant benefits even for companies with a single location:

Audience	Primary Problem Solved	Core SDWAN Benefit
Single Location	Internet instability, QoS issues for real-time apps, reliance on expensive single circuits.	Reliability & Efficiency: It aggregates multiple, low-cost internet links into a unified connection. It uses that power to ensure mission-critical applications (like UCaaS or a cloud ERP system) always have the bandwidth they need, while less critical traffic is given lower priority. It provides a more robust, stable connection than any single circuit ever could.
Multiple Locations	High cost of traditional WAN (MPLS), complex management, and traffic backhauling for security.	Virtual Network & Cost Reduction: This is the original design intent. It creates a seamless, virtual network that spans multiple physical locations, making management centralized and simple. Critically, it allows companies to swap expensive MPLS with low-cost broadband, reducing ongoing network costs while improving agility and allowing for dynamic, automated routing around outages or congestion.

SDWAN’s value is in resilience and performance. It is the key to providing the high-quality, low-latency connectivity required for the sensitive, real-time applications we discussed in our last article on Call Survivability.

Part 2: Demystifying SASE (Secure Access Service Edge)

If SDWAN is the intelligent highway, then SASE (Secure Access Service Edge) is the integrated, cloud-native security perimeter applied to that highway's entrance and exit ramps.

SASE is an architectural framework, not a single product. It was introduced to address the reality that the traditional network perimeter—the firewall in your server room—is obsolete. Users now access corporate data from home, coffee shops, and client sites using personal devices, reaching applications hosted in multiple clouds.

The goal of SASE is simple: Secure and reliable access to corporate resources from any location, without sacrificing user experience or performance.

A comprehensive, robust SASE solution is built upon the convergence of several key security and networking components, all delivered via a single, cloud-based platform. If a vendor is missing even one of these components, they are selling a partial, non-SASE solution.

The Five Essential Components of a True SASE Platform

A good SASE solution brings together the following technologies into a unified stack:

Secure Web Gateway (SWG): Provides secure, cloud-based internet access. It acts as the first line of defense, blocking malicious websites, filtering URLs, and applying advanced malware detection before traffic even reaches the user’s device or the corporate network.
Cloud Access Security Broker (CASB): The CASB provides critical visibility and control over cloud applications (SaaS). It monitors user activity within apps like Microsoft 365, Salesforce, and Dropbox, enforces security policies, and prevents data leakage by encrypting sensitive data both in transit and at rest.
Firewall-as-a-Service (FWaaS): This replaces the traditional physical, on-premise firewall. FWaaS is a cloud-native security layer that controls access to corporate resources and blocks unauthorized traffic, applying consistent security policies to users regardless of their location.
Zero Trust Network Access (ZTNA): This is the modern replacement for traditional VPNs. ZTNA is critical because it never grants blanket access to the entire network. Instead, it operates on a principle of "never trust, always verify," granting users access only to the specific applications they need, only after identity verification, and only from a compliant device. This hides corporate resources from the public internet entirely.
Identity and Access Management (IAM): An integral part of the Zero Trust model. IAM provides the centralized control over user identities, authentication (often multi-factor, or MFA), and authorization. It is the engine that validates who a user is and what they are allowed to access, enforcing policy consistently across the entire SASE stack.

And finally, the often-misunderstood component:

Software-Defined Wide Area Networking (SDWAN): A true SASE architecture includes SDWAN functionality. The networking side of SASE is responsible for optimizing the transport layer—selecting the best path for traffic based on business requirements and dynamically routing it across various links (broadband, 5G, private connections). It ensures the high-performance delivery of traffic to and from the secure SASE cloud edge.

SDWAN + SASE: The Convergence Strategy

The modern B2B enterprise is defined by dispersed data, dispersed users, and dispersed applications. The only way to manage this complexity effectively is through convergence.

The strategic relationship can be summarized simply:

SDWAN is the foundation of high-performance connectivity. It delivers the path optimization, quality of service (QoS), and resilience (call survivability) that your business demands.
SASE is the strategic security framework. It delivers the identity-centric access control (ZTNA), threat prevention (SWG, FWaaS), and data protection (CASB) that your business requires, regardless of where the user is located.

By consolidating these functions into a unified, cloud-based platform—the core tenet of SASE—businesses gain:

Simplified Management: Moving from managing six different boxes (router, firewall, VPN concentrator, web filter, etc.) to managing one policy stack in the cloud.
Consistent Security: Every user, no matter where they are or how they connect, gets the exact same security inspection and policy enforcement.
Cost Efficiency: Reducing hardware footprints and maintenance costs, leveraging lower-cost internet links, and consolidating vendor contracts.
Agility: The network scales instantly to accommodate mergers, acquisitions, or sudden shifts to remote work, without needing to deploy physical hardware.

Simplifying the Strategic Choice

The choice between SDWAN and SASE is a false one; the correct answer is a converged solution.

However, the vendor landscape is complex, with providers offering partial solutions that may excel at the "SDWAN" part but provide poor, bolt-on security, or vice versa. The strategic challenge is identifying the partner that can deliver a truly unified SASE platform—one where the networking and security components are built to work together seamlessly, eliminating gaps and preserving performance.

Don’t get stuck in the alphabet soup of acronyms. Focus on the required outcomes: resilient performance and secure access from anywhere.

At Cloud 9 Advisers, we help technology leaders sift through the noise, evaluate the true integration level of SASE vendors, and select the platform that meets the specific demands of their single or multi-location business model.

KITS: Keep IT Simple.

Learn more about SASE

Learn more about SDWAN

See our other articles about SDWAN and SASE:

Redefining Connectivity in the Digital Age

The 'Real' SDWAN Test:

Never Trust and Always Verify

Get Started Now

Under Constant Attack

Wed, 21 Jul 2021 14:59:22 -0500

Constant attacks require constant Security

We’re in an environment where our systems are constantly under attack. They're under attack from all sorts of diverse players who are trying to take advantage of the private proprietary information that is available.

Companies are really focused on compliance ensuring that they are protecting their business value from these types of attacks. Every executive has an obligation to ensure that they are compliant with security.

What are most companies doing for security?

Most companies only have basic firewall protection, your basic intrusion prevention (not necessarily intrusion detection), generally just hardware-based. A few others may do just a little more; they may conduct regular scans of their environment. This is really no different than your home having a basic lock and maybe a deadbolt. There is no alarm system like you might have in a home to see and be alerted when intrusions are happening. Being alerted of intrusion is critical in business so that more immediate actions can be taken. Often enough, attacks can be sly and stealthy. Recent studies show that malicious code is embedded on business systems for more than 250 days before it is ever used to promote an actual attack. The reason being so that attackers know their code is also well planted in several layers of business backups as well as active systems.

How have today’s complex attacks changed systems and the approach to security?

The attacks are becoming more sophisticated, automated, and voluminous, so we no longer have the time nor capability to react in a manual way. We actually have to have machine learning and other artificial intelligence technologies to adapt and scan the environment much more rapidly looking for these constant intrusions malicious code, and breeches. These technologies work in tandem with professional cybersecurity teams and Security Operations Centers (SOCs) to constantly manage, monitor, and alert. The trick with alerts is dramatically reducing false positives. Too many alerts are just as futile as too few.

How much does a cyber attack cost?

Recent US cyber crime studies show an average measurement of damage from a breach: a 46 day long average resolution at an average of $21k per day, plus regulatory fines, and major customer fallout. These attacks can be highly damaging to any business. Cyber insurance can only go so far and cover so much. Claims can also be denied for a host of often confusing reasons, leaving the business to fit the bill. These newer types of cyber insurance policies have many requirements and stipulations, and with a sense of irony, those requirements are very much cybersecurity technology many of which are security technology related.

About Cloud 9

Cloud 9 Advisers is a client-only, client-focused agency and consulting group offering vendor selection and management services to help you solve IT and general technology problems fast. We'll walk you through the identification, research, evaluation, and comparison process, provide board-ready documentation and due diligence, and provide oversight of solution implementation on any of our 250+ vendors, carriers, and service providers.

Our teams of vendor-neutral security focused engineers will help you slice through the marketing fluff and industry jargon so you know what you're buying. We'll help you make smart IT investments quickly and confidently. Reach out to us today!

Get Started Now