Cyberattacks are more prevalent than ever for small to midsize businesses (SMBs), but small teams, limited budget, and a lack of affordable and simple solutions prevent SMBs from building robust security programs to defend themselves.
Blumira’s open XDR + SIEM platform makes advanced detection and response easy and effective, enabling SMBs to automate security tasks, meet compliance requirements, and protect against ransomware and breaches.
SourceForge recently caught up with Matthew Warner, CTO and Co-Founder of Blumira, to discuss how Blumira solves the cybersecurity problems that SMBs often face.
CTO and Co-Founder of Blumira
What are the most common cyberattacks that small to midsize businesses (SMBs) face?
SMBs aren’t facing a lot of different threats than what larger enterprises are seeing. What we’re seeing is those attacks getting commoditized and then leveraged by ransomware operators to be really successful. It’s a continuation of what we’ve seen over the last three to four years: the maturity and growth of these ransomware operators changing over time. Larger attacks, like the supply chain attack by the Lazarus group in North Korea, are impacting SMB just as much as the enterprise.
How has the cybersecurity landscape changed over the past few years?
SMBs have to be even more capable than they were five or ten years ago. The pattern that’s developing is an inevitability that somebody’s going to drop ransomware in the environment. It might not be immediate; an attacker might broker and sell that access into your environment, but it will happen.
Not only does ransomware become more of a problem in the SMB space, but it’s also become more rapid. A year or two ago, when ransomware hit, you had three or four days to properly remove them from your environment before you got fully ransomed. Now it’s about 24 to 48 hours. Ransomware operators go as fast as they can, because they know that people are watching more than they used to be.
What prevents SMBs from becoming more secure?
It’s basically impossible for SMBs to have enough staff to monitor their entire environment. The most successful organizations are dedicated to continuous growth and maturity of their burgeoning security program, which is to say: Are you implementing MFA? Do you know what’s exposed to the internet? Is there an old SonicWall sitting around somewhere? Do you know what the patch level is of your FortiGate VPN? Those are the areas where SMBs get hit the most. If you can start to be more mature about asset management and the logs you’re pulling out of those assets, you can resolve a lot of those potential threats.
The problem is that there aren’t a lot of security products that are built for SMBs. Our customers have usually tried to make the ELK stack work for them, or they’re coming from a legacy SIEM like IBM QRadar, which have their own challenges and make a ton of noise. But most importantly, SMBs have small teams with limited time, and so they haven’t had the time to make their SIEMs fully operational because there’s never enough time in the day.
The glorious idea of defense in depth hasn’t gone away; if you can have visibility across your cloud and across different levels of your environment in a way that’s most efficient for you, you can get to where you need to. But SMBs are limited by the need for detection engineering. There’s just never enough time for anyone to do that kind of work. There needs to be more products in the security space that make that easier.
What should companies do if they’ve been breached?
The most important thing post breach is always that you’ve validated that an attacker has left your environment. In a past life when I was doing offensive security and pentesting, I would always enter a conversation by recommending that customers get an audit of their environments and see what the state of it is.
What we found is that you can do a lot to reduce the threat level of that environment by just looking and gleaning information from logs. In a perfect world, you would take that breach, go back and say, where did it start? Where does it come from? How did it happen? And what are the things that we need to do to improve this? It could just be patching an Exchange server or VPN. There may be some easy wins there.
What usually brings people to Blumira?
A lot of SIEMs are really complex and you get into limitations and costs associated with that volume, and people are looking for something that can generate detections for them without them having to do more.
The goal of Blumira is make it as easy as possible for IT and security teams in the SMB space, so there’s no complex limitations in place and there’s no need to do detection engineering. Customers can just get information associated with the information they’re sending. If you’re sending firewall data, you automatically get detections for that. If you’re sending Windows data you automatically get detections for that.
What we often see is SMBs just trying to figure out how they’re going to grow their security maturity. They also tend to have compliance requirements that they need to adhere to. Blumira will move them in that direction without adding more friction into their tech stack.
How has Blumira expanded into the XDR space?
We’ve developed our own agent which allows our customers to have an endpoint-based view that’s also combined with their cloud data, their firewall data, and any other data in their environment. With that data, they can answer questions like, Where’s that user at the endpoint? What’s happening on the endpoint? Where’s that user in the cloud? How is that network being utilized by those endpoints?
We built our XDR so it’s not overly complex and hard to use. It’s intended for users to get all of the benefits from XDR without all that additional effort. It’s too hard for SMBs in the current environment to be successful with the majority of tooling that’s been built, because they’re not built for them. They’re often built for engineers that can dedicate a lot of time and energy into getting to know a product inside and out. Blumira is for people that need to spend two to four hours a week at most on the platform and still get value from it.
How can companies get started with Blumira?
We offer a free version of our SIEM product, which is very easy to get up and running. We don’t have any limits on the amount of users or data, and you can connect up to three cloud applications, including Microsoft 365, Duo Security, Webroot, SentinelOne, Google Workspace, Cisco Umbrella, and Mimecast.
You can get started with your Free SIEM account by clicking here.
About Blumira
Blumira’s open XDR platform makes advanced detection and response easy and effective for small and medium-sized businesses, accelerating ransomware and breach prevention. Time-strapped IT teams can do more with one solution that combines SIEM, endpoint visibility and automated response.
Related Categories