Presidio - April 2021

Page 1










We talk to Dave Trader, Vice President and Field Chief Information Security Officer (CISO) of Presidio, a role we have seen evolve rapidly as cyber attacks have grown in number and severity


n the words of Gartner, “Many security teams have overinvested in a plethora of tools. As a result, they are also suffering from alert fatigue and multiple console complexity and facing the challenges in recruiting and retaining security operations analysts with the right set of skills and expertise to effectively use all those tools.” Facing this dilemma is the stock-in-trade of Presidio, through its full life cycle model of professional, managed, and support services including strategy, consulting, implementation and design – and above all security. The company has demonstrated its expertise in helping customers design, architect, build, migrate and manage their workloads by building close partnerships with all the major infrastructure and cloud providers - including Microsoft, Google, Palo Alto, Red Hat and IBM - and in February 2021 achieved Premier Partner status within the AWS partner network. In the last year Presidio has brought into its portfolio two companies that extend both its global reach and its full-stack capability. Coda adds software development and coding abilities the company didn't have before, while Dublin-based Arkphire brings access to wider global markets.


Dave Trader Vice President and Field Chief Information Security Officer (CISO)



Managing migration risk

However, alongside infrastructure delivery, Presidio has developed unique expertise around cloud, collaboration and crucially cybersecurity. The level of threat has rocketed this century as new ways of using, accessing, and storing data are adopted and vulnerabilities proliferate. “We are able not only to help companies transition and transfer their workloads to the cloud, but also we can effectively enable them to secure those workloads,” says Dave Trader, who has been Presidio's Cybersecurity Practice Lead since the beginning of 2019, and global Field CISO since January 2021. He is one of the industry's leading security experts with 20 years' experience, including eight years with 6

the Marines specializing in critical military security and communications, and most recently Chief Information Security Officer at GalaxE Solutions. He's also a graduate of the FBI CISO Academy, one of fewer than 200 since the program was inaugurated in 2015. Since early 2020 the market has seen a rush to migrate to the cloud. “We are trying to get applications closer to the user, which raises issues around latency and security concerns about the right way to achieve that as the workforce moves from office to home,” says Trader. “We have moved from 'cloud first' to 'cloud right'. We start with an evaluation so that we can advise as to whether cloud is really best for this client and if so in what configuration.”



Intrinsic Security and vSOC Security can't be an add-on anymore. Security baked into everything from code to the DevSecOps space right through to deployment at the edge is what Dave Trader calls intrinsic security. “AWS is a good example of that in the cloud space. We believe that security has to be in the process every step of the way as we test the environment and look for gaps and vulnerabilities that we can exploit.” His team rigorously looks for cracks in the clients' systems, then makes sure they are all sealed. Since his arrival Trader has made a point of highlighting certain key services. “I've really tried to double down on our virtual security operations center (vSOC) services and bring


LOCATION: NEW YORK Dave Trader holds numerous CyberSecurity certifications; including CISSP. He has received numerous endorsements from the Department of Homeland Security, FBI, and NSA and is a graduate of the FBI CISO Academy. A results-driven leader, MBA graduate, and senior-level IT Executive offering years of experience, Dave creates secure network environments for large, global enterprises as a Chief Information Security Officer. Dave has the ability to build an entire Cyber Security program from the ground up. He has created a template for a successful cybersecurity program and is constantly evaluating against that template. Dave has an extensive networking and technology background with broad security experience and success in applying cutting-edge approaches to incoming threats by joining the tactical military strategy he obtained in the United States Marine Corps to a practical enterprise application.

Never trust, always verify Okta as the core of Zero Trust Okta is the leading independent identity provider. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time.

Learn more

Watch about the partnership between Okta and Presidio

Okta: identity for the internet Okta’s vision is a world where everyone can safely use any technology: its promise, to protect the identities of all users, while asking “what more can we make possible?” Today IT leaders cite secure employee access as their primary focus, thanks largely to an explosion in remote working. “One of the scariest parts of the quick switch to remote work is the need to move quickly and securely,” says Brock Dooling, Partner Alliances Engineer at Okta, a trusted platform to secure every identity, from customers to workforce. More than 10,000 organizations trust Okta’s software and APIs to sign in, authorize, and manage users. Getting identity right is really important – but complicated. Clients can use Okta to enable their users to sign in with a username/password or with their social accounts like Google or Facebook using pre-built sign-in components from Okta. “After the user has signed in, you can retrieve their user profile, secure your APIs and application backends so that only authorized users and applications can call them. With Okta clients can use their existing stack to build sign in, protect their APIs and move on with their lives!” That message is not lost on Okta’s

partners. Recently the CTO of lifecycle managed services provider Presidio Dave Trader told us: “Okta has been a huge help in managing secure user authentication, while allowing developers to build identity controls into applications, website web services and devices.” Password access is notoriously vulnerable, so automation of user authentication is at the top of the developers’ agenda. Okta FastPass is already delivering passwordless login using default authentication implemented through biometric capabilities, rather than only by user-specific certifications. On March 4 2021 Okta acquired a complementary authorization platform. It will continue to support and expand Auth0, with a view to eventual integration. “Together, we will shape the future of identity on the internet,” promises Brock Dooling. “Okta and Auth0 address a broad set of identity use cases, and our identity platforms are robust and extensible enough to serve the world’s largest organizations and most innovative developers.”

Learn more





Basic CIS Controls 1. Inventory and Control of Hardware Assets 2. Inventory and Control of Software Assets 3. Continuous Vulnerability Management 4. Controlled Use of Administrative Privileges 5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers 6. Maintenance, Monitoring and Analysis of Audit Logs Foundational CIS Controls 7. Email and Web Browser Protections 8. Malware Defenses 9. Limitation and Control of Network Ports, Protocols and Services

10. Data Recovery Capabilities 11. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches 12. Boundary Defense 13. Data Protection 14. Controlled Access Based on the Need to Know 15. Wireless Access Control 16. Account Monitoring and Control Organizational CIS Controls 17. Implement a Security Awareness and Training Program 18. Application Software Security 19. Incident Response and Management 20. Penetration Tests and Red Team Exercises


those forward.” A vSOC, he explains, is an outsourced, comprehensive, round-theclock data monitoring solution that enables a company to identify threats as they arise. “We saw a gap in the market where we found companies building their own SOC. That can work for a while for companies but ends up enveloping their entire team as the vulnerabilities overwhelm them. They were looking for some help and we saw an opportunity to bring in our expertise and promote internal enterprise security teams so they can handle major events, while we are at hand to deal with the day-to-day events and protect their environment. We have been able to build a great practice around that.”

Traditionally, security events have been viewed through aggregating or logging programs like Palo Alto's Prisma, he explains. “When those logs and events come in they typically go to a security center dashboard or platform, but we now see clients getting overwhelmed with a host of lower level alerts. They'd never be able to hire enough analysts to cope with the onslaught of events. That's why our managed service component utilizes automation to the hilt to combat the problem of alert fatigue. We are doing that very successfully with the help of partners like Palo Alto and others, fighting automated attacks with our own machine learning defenses: our team here at Presidio has built a first class offering and a first class vSOC service.”



5-STAR MILITARY-GRADE CYBERSECURITY FOR ALL Rapid cyber incident response and early cyber threat detection. Contact your Presidio representative today. LEARN MORE


Another benefit for Presidio's vSOC is its portability. Clients can stay with platforms they have in place – automation enables the solution to run without the end user noticing any change. “Customers tell us they had no idea that level of automation was even possible and are really enjoying the insights and outputs they are getting through being able to leverage the automation we have baked in through APIs.” Covid opportunities and challenges In March 2020 Presidio saw a freeze on travel and has since worked mainly from home. “Generally, about 70% of people now work entirely from home,” says Trader. “That brings with it a lot of security concerns, for example shadow IT. We saw VPN licensing go through the roof. The home network may be insecure, and once it is connected to the office network, others using a shared device may be downloading malware through games or social media. Cybercriminals look for their chance, well aware of the wormholes that can open up this way.” The secure access service edge (SASE) is made front and center of his conversations

with clients. “Latency became a problem. We had engineering companies and architects that were spending six or seven hours downloading blueprints they were working on at home, rather than the secure networks they had in the office. That placed a focus on identity access management and real-time assessment of the end user at the end-point. That is why identity is so important: the perimeter has shifted!” Addressing the end-point required user and entity behavior analytics (UEBA), a process of gathering insight into the network events that users generate every day. It can pick up

“ I have seen companies where up to 50% of their network is scorched earth, irrecoverable” DAVE TRADER




the 'impossible traveler' where a user appears to interact with the same resource from two different locations but could not possibly have made that trip in that time. “We'd have to ask that user to add another layer of validation, and we are seeing companies adopt that, which is very encouraging,” says Trader. One of Presidio's main partners Cisco has a gold standard UEBA solution in DUO, which is scalable, easy and inexpensive to set up. “I see DUO becoming integrated with identity access planning at many enterprises and it is really working out well.” COVID-19 has proved that a dispersed workforce can work as well as a concentrated one, so this is likely to become a permanent change. However, in most cases people are working on systems that the company does not own or control so


“ We tackle alert fatigue very successfully with the help of partners like Palo Alto and others, fighting automated attacks with our own machine learning defenses: our team here at Presidio that has built a first class offering and a first class vSOC service” DAVE TRADER


what used to be called BYOD has morphed into MDM, or mobile device management. This enables IT departments to secure, monitor, and manage end-user mobile devices from smartphones, tablets, laptops, and even IoT devices. “Nevertheless, I'd say that 70% of companies are not doing validation on their employees' devices ahead of time, so these systems may not have antivirus and we are seeing compromised systems being allowed into enterprises,” cautions Trader. “Hacking organizations are aware of this and I have seen them purposefully seeking out these back doors to the enterprise networks. I have also seen an uptick since November 2020 of hacking organizations doubling down on ransomware in almost every vertical.” Prevention better than cure The problem is very serious: Trader is getting around four calls a week from



Discover Your Security Maturity Score Is your organization on the right path as you navigate today's cybersecurity landscape? Find out in just a few minutes by taking our Security Operaaons Maturity Assessment.



major companies under attack despite taking reasonable care. “We are helping companies recover and step through triage, getting them stabilized and moving them through into recovery. But I have also seen companies where up to 50% of their network is scorched earth, irrecoverable. A situation like that is an existential threat for a business. But I am trying to have more conversations on the proactive side so that firefighting is not needed. But even if you do everything I would prescribe as best practice it doesn't mean that a state-sponsored entity won't be able to breach your defenses with some kind of ransomware or other form of cyber-attack.” This may seem bleak, but Presidio and its partner ecosystem have the best minds in cybersecurity focused on staying ahead in this war. “In 2021,” he says, “ransomware will pick up, so our trusted advisor position will become even more relevant. Many more companies are hiring CISOs, and their conversations are going direct to the board. I have been doing presentations at the board level to give them a perspective on cyber threats and best practice solutions. My

“ I see monumental opportunities in what our security practice can accomplish in 2021” DAVE TRADER


message is that this mountain is not insurmountable. If you get the fundamentals right and follow best practice you can prevent the majority of the issues that are happening all around the world. We are continually

investing in additional capabilities to provide cybersecurity consulting, advisory services and vSOC/MDR+ services our customers are consuming”


Partnership, and cooperation In the war against cyber attackers, alliances become vital. “I rely heavily on what our partners bring to the table,” insists Dave Trader. “We work with tremendous partners, depending on their specific specialty. Palo Alto and Cisco are always our number one and two partners across the board. They do a great job full stack, and they have solutions around everything we have talked about today.” 18

Cisco is working on SecureX, an open, cloud-native platform that connects Cisco's integrated security portfolio with those of customers for a simpler, more consistent experience across endpoints, cloud, network, and applications. “SecureX will be the hub joining the spokes of all Cisco's security products and that is really working out well. We engage well with them because so many customers leverage the full portfolio of services they have.”


“I'd say that 70% of companies are not doing validation on their employees' devices ahead of time, so these systems may not have EDR and we are seeing compromised systems being allowed into enterprises” DAVE TRADER


INDUSTRY Technology security


Number of employees

For the rest, he is guided by his customer. “When we go into a customer's environment and ask them to lay out the controls they have in place to protect themselves, I am actively listening for over a dozen key areas.” Basically, he follows the NIST-CSF governance controls, and as he goes through those domains, customers tell him which solutions they prefer and have adopted. “I routinely find they have covered most of the best practice controls, but I introduce some partners they may not have considered.” He always starts with the data. “With the edge dissolving if you don't have a good handle on who is accessing your data, when, where and how, you can quickly lose your grip on it. Varonis is a good example because they really understand how the data is encrypted, how it lives and breathes and traverses the network.” If we start with the data, we know what we’re protecting. If we secure the data properly and absolutely, we have less risk when an intruder does get into the network. Varonis provides outstanding visibility to that data and helps us understand the level of security needed.



Data Security Platform The most powerful way to find, monitor, and protect sensitive data on premises and in the cloud

Data Protection

Privacy & Compliance

Threat Detection & Response

Get a free data risk assessment. GET STARTED

Trusted by thousands of the world's most secure organizations.


To address incident response issues, a partner he might suggest would be CyberDefenses. “I have done multiple engagements with this team. They bring rigor to the security response, bringing in forensics, knowing how to run triage then move on through stabilization to recovery. They can find out not only how the target was compromised but what was taken and what this event looks like from a governance risk and compliance perspective. Presidio works really well with CD throughout the incident performing remediation steps including professional services and additional consulting to recover the business operation.”

Many attacks get through because the alert was missed or not actioned. He has found Arctic Wolf a dependable ally for its (SIEM) offering. “From a concierge perspective my customers feel that Arctic Wolf has a handle on everything they do.” Though at first glance some of these services may seem to compete with Presidio's in-house portfolio, partners are essential in delivering successful outcomes.. “Where I can I always lead with Presidio's services, but there are situations where we need to bring in partners.” One problem facing the end user may be different dashboards that complicate authentication. To overcome this, he has found Okta a big help in managing




“ SecureX will be the hub joining the spokes of all Cisco's security products and that is really working out well” DAVE TRADER


secure user authentication, while allowing developers to build identity controls into applications, website web services and devices. “In practice I may have different options to suggest. I feel that IAM (Identity Access Management) is a cornerstone for so many broader security methodologies like Zero Trust, SASE, and others. Okta does a great job helping with IAM at every level from CASB through MFA. I have many larger enterprise companies that utilize Okta as their primary identity partner and they are incredibly happy with the versatility.” These partners and many others are bringing in new applications and services all the time, so here Presidio's strength is knowing exactly what is in development. This work will continue, he promises. “My team is going to continue to grow: we are hiring across the country and across the world and we are going to continue to be able to support our customers in every region. I see monumental opportunities in what our security practice can accomplish in 2021.”



PRESIDIO, INC. One Penn Plaza Suite 2832 New York, NY 10119

T 212.652.5700 |