We recently had the pleasure of sitting down with one of our clients, Andrew Platts, Managing Director of Jireh Solutions. Andrew shared with us his thoughts on working with BlackFog, the MSP market and technology and security. What follows is a transcript of the interview.
Tell us about Jireh Solutions
We specialize in helping organizations minimize the disruption caused by inefficient IT equipment and systems. From developing IT strategies and supplying and installing great value hardware, to preventative maintenance and remote support for PCs and Macs, our expert team is dedicated to helping customers run their businesses smoothly. Founded in 2006, Jireh Solutions has been providing managed services for customers in the UK and further afield since 2015.
How did you hear about BlackFog?
From a Danish company we work with. At the time they were working with BlackFog and they made the introduction.
What did you think was interesting about BlackFog?
When it came along I was thinking we have Antivirus and anti-malware solutions, so what’s next? What happens when something gets through those tools (because we know it will). I knew we needed something that approached security in a different way and it was important that it worked with our existing solutions.
Were you familiar with anti data exfiltration technology?
No, never really thought about it before being introduced to BlackFog. But when ransomware trends started to shift beyond encryption to extortion we started to consider where the data was going. This is something we think about a lot more now that we have visibility.
Why did you decide to try it?
We looked at a number of endpoint security / privacy products and BlackFog seemed to be a good fit. We wanted to evaluate it for our own internal use and for our customer’s, so we tested it for 6 months.
What were your first impressions?
Initially when we first started using the product, we noticed the ad blocking benefits. Ads are annoying and can slow down the user experience on a mobile device, but they can also be malicious. In time we noticed more complex benefits from the solution. For example, when we logged into the centralized console to manage our customers devices, we could see red flags such as high volumes of traffic to suspicious countries from a particular device. BlackFog was identifying the movement of data to unexpected destinations that other cybersecurity tools weren’t detecting. We noticed unauthorized data trying to go to Eastern Europe, the Middle East, Far East and Africa.
How did you roll BlackFog out to your customers?
Because this was a new product in a new category, we needed to spend some time with our customers to ensure they were comfortable with the product. It was important to us that they had a good understanding of what we were trying to deliver and how they would benefit from this technology. It was also reassuring to them that all of the personal data was kept on the device and not in the cloud.
We used the training mode feature of the product during deployment and that also helped to reassure our customers. In training mode we weren’t blocking anything that would impact their systems but they still had visibility into the unwanted activities in their network, this made the value of the product really easy to demonstrate.
During the roll out BlackFog found some incidents that needed to be dealt with immediately, so we had the urgency to switch it on for those customers. BlackFog isn’t just passively running in the background it’s proactively discovering anomalies. It’s also worth pointing out that during this roll our process we really valued having the BlackFog technical team around to help us understand the analytics and alerts in the console.
How was your experience with our technical team?
We had such a positive experience with the BlackFog technical team so deciding to on-board the product was an easy decision. We really appreciate it when vendors engage with us and listen. Not all of them do! We like to work with vendors who care about their partners, it makes such a big difference to us and our customers.
Can you tell us about the IT challenges your customers face?
A lot of our customers have compliance needs, especially those in the financial services sector. They care about quality, security, reliability and compliance, with many of them being Cyber Essentials certified (a UK government program that helps companies secure themselves from cyberattacks). These companies have made a commitment to deploy the tools necessary to prevent cyberattacks. We always include BlackFog, and whilst it’s more than is required to be compliant, our customers appreciate that we are looking to the future and adding extra layers, going the extra mile to secure them.
In your opinion how important is data security?
Good security is vital for businesses of all sizes and in every industry. We hear a lot about cyber insurance and in many cases companies advocate it over good security, but insurance is only effective after the horse has bolted and the damage has been done. Do both, but prioritize security, prevention is better than cure.
The threat landscape is changing too, it used to be that backups were enough to help you recover from a ransomware attack for example. Now, it’s double and even triple extortion that companies need to be afraid of. Protecting the data on the device is the key, otherwise it is inevitable it will become public post attack.
Is ransomware something your customers worry about?
Yes, it is definitely a concern, but some customers are more informed than others. Many of our customers are cloud focussed and buy into SaaS solutions which leaves them with limited infrastructure to manage. Ransomware and the lateral movement of attack payloads is dramatically reduced, but not eliminated with a cloud based infrastructure.
Prior to using BlackFog, were any customers impacted by cyberattacks?
I’m pleased to say that this has never happened with any of our fully managed customers. However, prior to coming to Jireh Solutions, where they get the benefit of BlackFog in our protective toolset, many had experienced cyber incidents and is certainly one of the reasons why they came to us for help.
And what about data breaches?
Yes we’ve had customers come to us post breach who needed our help.
How did Covid-19 and the sudden onset of remote working impact your customers?
For us, the perimeter of the network is the user’s device, not the firewall in the office. Our managed customers transitioned to remote working seamlessly because of this. Those who weren’t fully managed struggled to secure their endpoints and remote teams.
Do you use BlackFog on your own company devices?
Yes, we believe in using what we sell, our customers want to know what tools we use, and that the solutions we recommend are tried and tested.
How important is BlackFog in your security stack?
The more myself and the team work with BlackFog the more we love it. It’s a really important part of the way we protect ourselves and our customers. Every Managed Service Provider (MSP) provides Firewalls and Antivirus software, but what happens when something inevitably bypasses them, and it will!
At Jireh we prefer a multi-vendor, multi layered approach. Working with a single vendor can lead to security gaps. Running two Antivirus products for example is not going to be effective. We really wanted a solution that looked at the problem in a new way, watching the outbound traffic and being aware of the data leaving the devices was a unique approach that no other product covered.
BlackFog was really validated when one our suppliers wanted to us to try Cisco Umbrella, a URL filter. We ran the product for 6 weeks with over 1,000,000 requests. When we reviewed the results only 6 requests were flagged. The Cisco Partner had never seen anything like this before and couldn’t figure out why the malicious traffic wasn’t present (because BlackFog had already stopped it). It’s important to note that we were running BlackFog and one other tool at the time and all 6 flagged requests were actually false positives.
How important was privacy in your decision to add BlackFog to your security solution?
Different people have different ideas about privacy, for example some young people would happily give away their personal details for free Wi-Fi, but we liked the idea of keeping all of the data on the device. One of our customers was using serviced offices with Wi-Fi access points and when we installed BlackFog we noticed that data was going to China for no apparent reason. When you start to see this sort of activity you realize how important it is. BlackFog gives us and our customers great confidence.
Does having BlackFog help you differentiate from other MSPs?
Yes. As a business there are a number of things that make us different. Firstly, we don’t tie our customers to contracts, they stay because they like what we do. That keeps us focused on doing a great job. Secondly, we have never advertised. All our business comes from referrals, so we need to do a good job to get customers and keep them. Having a suite of products that enables us to secure and protect our customers is critical and BlackFog is an important part of that.
How do you think your customers benefit from BlackFog?
Peace of mind, better security overall and eliminating the noise associated with online advertising.
Has BlackFog enabled your company to work more efficiently?
I think it removes the noise, and we are stopping problems before they happen. Prevention is always better than cure and BlackFog helps us focus on preventing things from going wrong. Our customers pay us for reliability and security. If we do our job well, they don’t need to call us, BlackFog helps make that happen. Why fight fires if you don’t have to? A preventative approach means we can plan our business more effectively.
Most of the devices under management are fine most of the time. This helps us recognize exceptions that we need to action immediately. If for example a PC is running the same setup as everyone else and we are seeing suspicious traffic and unusual processes, we can deal with it straight away – sometimes even needing to wipe the machine and reinstall. The worrying behaviour is there (being blocked by BlackFog) but none of our other tools are spotting the problem! Because we know about it right away we can take immediate action. In the console we focus on ransomware, cryptojacking and malware as the primary statistics.
What are some features or functionality that you really like?
Little things, like install mode and I like the way it clears cookies from a privacy standpoint. I don’t sweat about accepting or customizing cookie settings and this helps productivity. It also means that those who ignore the privacy settings aren’t vulnerable because BlackFog is wiping the cookies. It also removes the noise from websites when your browsing, which means a lot on a mobile device.
How easy is the console to manage?
Understanding the data has taken some time. If BlackFog can add some AI to the data it would be helpful. (Note from BlackFog, our Threat Hunting module includes crowd sourced data to eliminate false positives).
Overall how happy are you with BlackFog?
Very happy and yes, we’d recommend it to friends, MSPs, etc. on all accounts.
What advice would you give to other MSPs considering Anti Data Exfiltration Technology?
Getting your security stack right is not a one-time process, but one to keep evaluating. Multi-layered and multi-vendor is the approach I’d advocate, ensuring that the different tools don’t “fight” with each other. Then thinking – so what happens if something gets through this product or that solution – what then? To my mind all MSPs need to be thinking about Anti Data Exfiltration Technology as a part of their stack.