August 12, 2024:
Secureworks is a U.S. headquartered publicly listed cybersecurity firm offering extended detection and response, XDR, technology, and services.
Majority-owned by Dell, its XDR is marketed under the Taegis product brand. This year, the company launched a “ManagedXDR Plus” offering for mid-market customers seeking more tailored cybersecurity options at a reasonable price point.
Secureworks CEO Wendy Thomas, who visited Australia in July 2024, told TechRepublic that the XDR offering was appealing to mid-market customers in Australia who may not have the budget or capabilities to build their own security operations centre but are concerned about the possibility of cyber attacks — especially after a number of large local breaches in the region.
Thomas added that the future of cyber security in Australia and APAC could include more offensive operations from governments in cooperation with private-sector security providers to disrupt or take down threat actors. She also noted that the recent CrowdStrike outage should prompt technology customers to reconsider their resilience and reliance on technology systems.
Wendy: Secureworks has been in Australia for more than a decade, so we have a very good, growing business here; it has grown almost 50% over the last two years. We have some very big global customers here because Secureworks can serve them around the world in different languages 24/7, 365 days a year. So I’m here to meet with those customers and to do some community-building.
We also spend a lot of time with government entities around the world who are getting proactive [with their] cybersecurity strategy and how they can assist the broader business and consumer community. They are working on figuring out how to turn the tide in this world of cyberattacks — whether that is cyber criminal or nation-state activity — that we all need to guard against and prepare better defenses for.
Wendy: Security is an interesting space where people see the headlines but then think, “no one’s going to target my business.” With the emergence of ransomware over the last decade, it now means that no longer are institutions who you would think no one would target, safe. Hospitals, schools, small businesses — everyone now is a potential opportunistic target of cyber criminals.
For that reason, you have to have a minimum amount of defense in place. For most organisations, it makes no sense to try to bring that kind of security expertise into the business. It’s not economic, and it’s not scalable. No one person can run it 24/7 themselves. You don’t have that visibility into the threat landscape globally.
The demand for simple, straightforward, predictably priced, outcome-focused security solutions has been the main source of our recent growth here in Australia.
Wendy: There’s really two profiles of customers in this market that we serve. The first are very large, multinational, global operations who really need a partner to secure them around the sun. And those are typically long, long customer relationships, which have grown as they’ve been advancing their security posture over many years. We continue to have great relationships with them and help them with emerging technology trends like AI.
SEE: Australian SMEs are reducing IT costs amid tech complexity
Where we see strong growth is in the mid-market. These are businesses with real assets. Should ransomware cause their business to go down, it would mean meaningful damage to their reputation, their revenue and their customers.
They are willing to invest a reasonable amount to make sure that doesn’t happen. That’s where there’s a lot of opportunity to show people it is not as complex as they might think to hold a partner like Secureworks accountable to those security outcomes. That decision for them is usually pretty straightforward. It’s a risk-versus-reward decision to make.
Wendy: This is a pretty dynamic conversation right now. I am probably oversimplifying, but there are basically two camps.
There are those who just want the outcomes. They want to know you are monitoring their environment, and if something happens, you will contain it and take care of it. You have certain SLAs [Service Level Agreements] or commitments to them, they spend a reasonable amount, and they sleep at night. We call those the “do it for me,” or maybe the “do it with me” type of security partnership. They don’t care what the tools are. They’re not trying to read up on the latest technology, or the latest industry quadrant. They are not trying to build the Taj Mahal.
In the other camp are organisations that want to buy layered, different technology products. They are more, “I want to build my own gym. I want this bike and that treadmill, these weights, and I want to lose this much weight.” So, they want to engage in the “how,” and they are willing to spend more, because that does cost a little bit more.
But when you have that diversity, if you will, there is some incremental security value to kind of catching the edge with those additional products.
Wendy: There’s been a debate for the last nine months or so in security about whether those best-in-breed products should go to a platform approach. Secureworks has a platform that can interoperate with those who want a bunch of tools. Our Taegis offering — where “T” stands for technology and “aegis” stands for shield — reflects that we aim to provide a shield over all of that, regardless of what the stack looks like. We don’t make people rip out and replace those tools.
Larger companies, like Microsoft or Palo [Alto Networks] are trying to do all of the things that those products do. But that puts you into a closed or a walled garden-type of ecosystem. Obviously, that gets more share of wallet, but that kind of defeats the purpose. It gives you simplicity, but it does defeat the purpose of that multi-layered defense, and not being locked in, and having interoperability and all of those things. And in terms of resilience, you’re now very much dependent on one provider.
That debate will rage on and somewhat be a function of the size of the organisation and their willingness to engage in an in-depth study of the security tooling available.
Wendy: I think it’s always brilliant and encouraging to see governments put long-term strategies in place around cyber security. I think there’s a very important, absolutely necessary and unique role that the government plays in bringing together the sector, law enforcement, and diplomatic relationships, so that we can all work together. The 2030 strategy is ambitious and fantastic from where I am sitting.
I was recently in London and spent time with some of Australia’s parallel organisations there — the National Cyber Security Center and the National Crime Agency. And what’s powerful about their relationships with the private sector, like with CISA [Cybersecurity and Infrastructure Security Agency] in the U.S., is not just the bi-directional sharing of threat intelligence and tradecraft and such, but the move from being on the defensive to offensive.
When you look at the participation of companies like Secureworks with the National Crime Agency — and Australia was right in there too — in the takedown of LockBit, that seriously disrupted the largest ransomware operator in the globe. When you break the economic model of cyber criminals, that is where the impact is. That is when they’re not able to target your grandmother or your small business, and only government relationships, government entities can take on that type of task.
We’re thrilled to see both an Australian strategy that helps citizens understand their role in protecting all of us and not fueling the economic model of these cyber criminals, but also this proactive enforcement that, going back five years ago, a lot of us thought was not possible.
Wendy: We are seeing old techniques but with a better wrapper. We’re not talking about organisations that want to spend a lot of money. They’re not interested in the best shiny new object, but they will use tools that are accessible to increase their yield. Unfortunately, phishing emails have been a very lucrative approach, and AI has just made them better.
It has extended into deepfake videos or voice calls, which can be quite believable, though deepfake videos are still discernible by the naked eye. There have been fewer successful breaches from them so far, but we’ve definitely seen those examples. These attacks are mostly designed around extracting payment to a vendor, where you have a deepfake video impersonating an executive. There’s usually an urgency to it, and it seems believable enough. And then the victim sends a payment to that actor.
What most companies are saying right now is, “my team wants to use AI, but they’re putting sensitive company data out into those models, so I’ve got to protect against that. But I also need to do more to make my team aware of the growing sophistication using these very inexpensive tools.”
Wendy: The first thing I’m hearing when I talk to customers, certainly here and in Asia, is the impact of China. So the threat activity we are talking about there is not the ransomware cyber criminal ecosystem. We’re talking about nation-state activity. That activity is more about intelligence gathering and intellectual property harvesting. So that is a theme that we spend a lot of time on with certain customers and in certain industries here in the region where they could be a target of that type of activity.
The other thing is the power and peril of AI. As with any new technology, there’s something that’s great about it; we use AI and machine learning and large language models in security to make us better, faster and stronger, to protect our customers.
But there’s also a peril of AI, where the fairly modest use of AI can hone existing tradecraft and extend it a bit. Right now, what we see is large language models being able to make phishing emails look pretty great. And there is the ability to personalise those by scraping social media, so the language becomes just like the company that criminals are representing — or misrepresenting.
To be able to notice those with the naked eye, awareness has got to really ratchet up as individuals, whether that is as an employee protecting a company, or as individual consumers.
Wendy: Yes, of course. These things tend to go through an arc where, at first, it’s just about “what’s going on?” and ‘how do we recover from that?’ And we certainly did spend a lot of time with our customers who use CrowdStrike endpoint technology to reassure them we could see everything around the outage, that we could see their machines going down and then coming back up.
Then you come past the crisis, and people step back and say, “what does this mean?”
SEE: 4 CrowdStrike alternatives and competitors in 2024
I think there’s two aspects to that. One is specific to the way they’re executing security inside of the sensitive [Microsoft] kernel, in a way that can take down the core system and not just an application. Is that a model we as security companies want to continue to use to architect endpoint security? I think the answer is, things are going to change on that front. For example, there are open source options, there are protected operating system options.
I think the broader question that will be asked is, “how do I trust my providers?” [and] hold them accountable to certain standards of quality. And given the dependence on them, how do I prepare as a company, a hospital, a school, or an individual, for when one piece of this highly interconnected world goes down?
Wendy: I was talking to a customer yesterday and their business was fine. They had a few machines that went down, and they recovered quickly. But they had a partner who was at the front end of selling their services who went down. So, for all the best work that they did and their recovery time, there were those around them that were affected.
So it is about engendering a conversation and understanding those risks, not just third party risk, but fourth and fifth and sixth party risks. And then what? What is your backup plan as an organisation for when some piece of technology that supports you operating goes down?
We help customers with that preparedness, regardless of what causes that outage, if you will, because that’s the conversation now, it is all about resilience.
Wendy: You may not have the fanciest technology, but the same things that we’ve known we should do for years can protect businesses from the vast majority of these attacks — things like complex passwords, or some way to authenticate with multi-factor authentication. Use your text, use your email, just create a little friction, because a little bit of friction goes a long way in making you an uneconomic target.