From Recovery To Resilience: Inside IGEL’s New Approach To Endpoint Security

[00:00:03] Hi, this is Across the Tech Pond, the regular technology podcast where we report from various technology conferences, big and small. Today we have a very special one actually, it's from Marvelous Miami at the Fontainebleau Resort on Miami Beach. And we're reporting on a special company called IGEL Technology. And we have the actual CEO with us today. It's going to be a good conversation I hope. And first of all, we're going to introduce ourselves, Neil.

[00:00:28] Neil Hughes. So my name's Neil Hughes. I run the Tech Talks Network, which is a network of technology podcasts. And I also write for CyberNews. Klaus Osterman, CEO of IGEL. My name's Anthony Savas. I write for IT Europa Tech Lead, and I'm the co-host of Across the Tech Pond. I'm going to take it from the top actually, and I want to get it right because I like to get the terms right. The significance, Klaus, of the IGEL Adaptive Secure Endpoint Platform. Taking it from the top, what exactly is it? How significant is it for the industry?

[00:00:57] I think it's a major breakthrough for the industry. It's a transformational technology from IGEL, where we're basically combining and enabling our customers to take IT and OT and manage it under the same umbrella.

[00:01:11] So IGEL starts with a mutable operating system, and then we build on top of that with our management system, our app portal. And then we integrate all of our 130 partners, whether it's VDI-DAS, browser partners, or it's SSE-SASE partners, or endpoint partners. So it's basically bringing whatever customers need into one model and delivering it in one unified setup to manage.

[00:01:39] And that helps the evolving ecosystem you have. I mean, it's a growing ecosystem, and a lot of that activity is built around this platform. Absolutely. And what we do is we do what I call deep integrations with our partners. So in this new platform, we have four layers. We start with device, persona, conditional access, and then based on that, you can then define contextual enforcement. So that's a unique thing.

[00:02:07] Excellent. Neil, you had a question. Yeah, I mean, we're recording this on the last day of now and next. A lot of people are going to be flying home thinking about everything that they've digested over the last few days. I'm curious, what are the three big takeaways you want people to think about, especially CIOs, security leaders, etc.? Yeah, I think that we want them to look at IGEL and say IGEL is a platform that they can use to totally drive a security transformation.

[00:02:33] A lot of customers are very concerned about ransomware attack and how to basically protect everything. So with IGEL, they can put a platform in place that's totally changing the monitor, detect, mitigate, remediate security model into one that's built in prevention, that things are not going to happen. There's a lot of things you don't have to put in place because you can't get to the operating system. It's a closed-down, immutable operating system.

[00:02:59] And on top of that, we say most of the studies we do, our customers save 65% on endpoint spending. So if you spend $10 million today after IGEL's in, you spend $3.5. It's pretty profound. And the third thing is really manageability across IT and now OT as well, across X86 and ARM.

[00:03:23] So two different chip architectures, two very different things to manage can now be managed under one umbrella. And one of the other key messages I got from your keynotes is you talked a lot about endpoint becoming part of the trust architecture. And for business leaders, less techie, what does that actually mean to those people? So if you look at it, it's like it all starts at the endpoint. And if you don't have the endpoints, you can't do anything in your company.

[00:03:52] So what we're seeing is a lot of companies are spending a lot of time on backup and recovery and so forth. But when it comes to the endpoint, there's no strategy. So if you get a ransomware attack, it'll take you six weeks to get 1,000 endpoints back in production. Like HIPAA 2.0 mandate says you've got to be back in production in 75 hours. And that's not going to happen if you have a lot of PCs. Our first recommendation is to put it all in IGEL.

[00:04:19] Our second recommendation is if you still have PCs that are not on IGEL operating system, is put IGEL next to Windows. And then on a bad day, you can simply hit F9. It's called IGEL 911 or in the UK, 999. And then you reboot to IGEL. So basically, you take a computer that's been compromised in the Windows environment, all of a sudden you recover it with IGEL in not 75 days, 75 seconds.

[00:04:48] And that's right across the entire estate. You're able to do that as well, right? Yeah. We've been to IGEL before. I will say this for one thing. There's always lots of announcements. And I'll ask Klaus what was so significant about this show. What was it for you that there was officially 23 different announcements covering that the platforms are talking about? What do the readers and viewers really need to know about here? So I think there's the core IGEL announcements, like the adaptive secure endpoint platform.

[00:05:16] There was our announcement around IGEL IT for OT. You had the announcement around contextual access that really relies on the device, persona, conditional access. And then there's all the partner announcements. So great partner announcement with Microsoft, with Onnisa, with Palo Alto, Netsk, Nerdio.

[00:05:41] So the list was pretty long of innovations we're driving with our partners where we're jointly developing a lot of new things. And viewers will hear the name Microsoft there. Why does a company like Microsoft bother with someone like IGEL? But I mean, obviously, just in case they don't actually know, they are a significant partner. But why are Microsoft doing this? Why are they doing blueprints with you? Yeah. So I think Microsoft's looking at how do they get Azure virtual desktop and Windows 365 adoption in the market.

[00:06:10] And they probably see IGEL as one of the best means to make that happen and for customers to quickly adopt this type of technology. So it's very powerful when you put the two together, both from a TCO standpoint, but also from how quickly can you roll this out. And there was, what, 23 announcements. That's exactly how many there were there. And the big one that stood out to me was the preventative security model. I mean, do you see this as a potential missing piece that finally makes zero trust accessible?

[00:06:40] Because over the last few years, possibly even longer, a lot of people think it's too complicated and don't know where to start. And is this the missing piece, do you think? So I think, I mean, if you look at the zero trust architecture model, it's really putting all the pieces together, right? And our job in making that into reality is starting at the end point. But more than that, it's really expanding. So zero trust architecture is not about one company doing something.

[00:07:07] It's about bringing a bunch of technology companies, different technologies together to deliver upon this architecture. And we spent a lot of years on working with the folks behind zero trust architecture, both on the IT side and the OT side. And this is not only going to make things different from a U.S. government standpoint. This is going to be rolled out to the 16 critical sectors running the country.

[00:07:37] I think this is a model that we are now seeing in European countries being adopted. They might have a different name, but it's the same, basically, seven pillar model. And so we see this having a global impact, not just on government, but literally you look at all the underpinnings of what runs a country. And I think a lot of people think of zero trust as more of a journey than a destination, continuously evolving and maturing.

[00:08:03] And with that in mind, does that automatically assume that there is something still missing there from it as well? No, I think the threat model is continuously evolving. And as such, if you have the right architecture and model in place, you can then quickly adapt and make changes to then basically defend against this ever-changing threat picture that you have out there.

[00:08:26] Why do you think the endpoint is still underestimated by IT shops, IT directors, in terms of the challenges that are still out there? Why do they underestimate the problem, but then probably underestimate the solutions that are out there? It's a good question, and it boggles my mind, right? Because companies spend so much time and energy and money on backing up data, making sure there's a recovery data center and all kind of things. And at the end of the day, majority of the attacks happens at the endpoint.

[00:08:56] And if the endpoints are not available, you can't compute. So you might have your data available, but if you can't get to it. So we're always saying, you know, you should actually start with the endpoints. And of course, there are all the other things in place, right? But I think us spending a lot of time on it, other companies spending time on it will increase the awareness around this. Yeah. So in a practical sense, after saying that, obviously, look at the endpoints to begin with. Are there a couple of tips you would give them?

[00:09:23] Obviously, you would say, take a look at IGEL and some of our partners. But in terms of the actual practical steps, what would you say after looking at the endpoints? Yeah. So, I mean, the key thing is, if you get compromised, how quickly can you get up in operation, right? And there's a lot of tools out there trying to fix Windows. And if you're running Windows, it might take you three weeks, four weeks, 10 weeks, three months to get back in operation. We've seen some pretty bad examples recently of very bad hacks, right?

[00:09:51] And what we're recommending is basically you should put your endpoint on an immutable operating system. And we believe the best one out there is IGEL. If you don't want to do that and you say, no, I want to continue running Windows operating system at the endpoint, we're like, OK, install IGEL next to Windows. And then you hit a button and then literally in 75 seconds, you're back in operation. So that's pretty powerful.

[00:10:18] And we hope more people look into this and act on it. And one of the things we try to do on here is bust a few myths and misconceptions. And there will be a lot of people watching, listening, and indeed vendors that say they already secure the endpoint. And this is probably a conversation you have a lot until you explain it and that penny drop moment happens. But tell me more about that to those people that think, hey, well, we've already got the endpoint secured. Yeah, so I think Windows is a great operating system. It's been around for 40 years.

[00:10:46] But it's an open operating system. So you can write to it. You can change it. That's what really makes it vulnerable to start with. So what customers do is they basically say, OK, things are going to go wrong. So we monitor. We detect. We then have a plan to mitigate and then remediate when stuff goes wrong, right?

[00:11:06] And we are saying if you don't have an open operating system, you have a locked down immutable operating system, you don't need to monitor and detect all these things because it ain't going to happen. So it's just a fundamental, very different view and position we have around how to secure. And that makes basically it's a much more simplistic model where it's much easier to defend.

[00:11:30] And when you're talking with these organizations and you're delivering that message, is there anything that surprises you about just how much they're getting wrong? Again, as we talk to CISOs and security organizations in big enterprises, it's basically they've been brought up on this security model. That's monitor, detect, mitigate, remediate, right? So it's a little bit like religion, right?

[00:11:56] It's like so you've got to change the fundamental belief of how to do security, right? And a prevention model is very different from the classic security model that 95% is running on. And I think a big word I hear again and again here is the word recovery. Is that a major part of the end user computing now, the word recovery? Absolutely. So I think you can talk about business continuity and disaster recovery.

[00:12:23] So what we're advocating is spend a lot of time on business continuity. Think about resilience. Think about how you put everything in place to not be compromised. And then there's if you're compromised, what do you do? And that's the disaster recovery. And that can typically be talking about cyber threats. And that's the main scare today. But I mean, we have a lot of customers who live with a fear of hurricanes, earthquakes.

[00:12:50] So we actually have customers who use IGEL in daily production, but they also have a disaster recovery plan if they're hit by a hurricane. And then it's like, well, I can't get to my endpoint, can't do this and that. So we have customers who run IGEL production, but then they use the UD pocket as the disaster recovery means. So if they can't get to their office, they need to get to their compute.

[00:13:17] You can stick that in your spouse's computer and then you get to your resources. So we're working with our customers on all scenarios, depending on where in the world, where in the U.S., where in Europe they are and so forth. And one thing I've just thought I've told that, who are your customers? Because we were talking the other night and I was surprised you work with a lot of governments around the world as well. Don't you? Almost like a Switzerland where you work with all governments. We work with all governments. We help shore up the infrastructure in as many countries as we can.

[00:13:46] It starts with the government. And then, as I say, the 16 critical sectors like financial services, transportation, utilities, you know, all of that is if you take out one of those, then a country can't operate. You can't get gasoline. If you can't get money. If you can't get food. So this is super important. And just look at what's going on in the world today, right?

[00:14:11] There's a lot of threats from foreign nations that can threat any country, right? So I think it's very, very important that not only enterprises but countries, they plan, like the U.S., they are saying here's how to do it with zero trust architecture. Not just for the government sector but for every single sector that helps run the country. Yeah, I think the critical infrastructure pace is a huge point at the moment. And, Tony, back to you.

[00:14:39] Just to convince the viewers why we're here, not because of the warm weather in Miami, I really want to push this point, Klaus. What are you doing which is so different? What are you proposing? You know, why are we here? Why are hundreds of partners and customers here? What is the unique selling point of IGEL? I think our point of view and where we start with the preventive security model is the differentiator.

[00:15:00] And the fact that we manage to, whether it's how do you deploy application, whether it's VDI, DAS, browser, containers, on the security side, identity, SSE, SASE, and then on the endpoints, whatever, it's x86 ARM. And you can basically unite across IT and OT. And we bring all this together. And we literally sit in the middle and make it all happen and enable our customers to switch from one to another.

[00:15:29] Or we have companies that operate three different network architectures around the world. But when your employees travel around, how do you then traverse between those things? So we are an enabler for a lot of this. And I don't think there's any company out there like IGEL that makes all this magic happen. Yeah. I mean, there'll still be cynics out there who say, look, you know, people have been doing this stuff for years. It's about endpoint control. I'm sure you're going to say something different. But just, you know, push the point forward. What makes you different from those?

[00:15:57] What will make you convince those people who are looking to spend their money now? I think once people put it into a POC, put it in production, they see how easily they can manage across this infrastructure. That really starts changing things, right? Then you give it to the users. So healthcare is an example. We work closely with Imprivata, with Epic, and, you know, all key elements in healthcare. And we make it easier to log in, faster to log in.

[00:16:27] And once a nurse or doctor have tried five-second login time versus a minute, you can't take that away from them. They don't care if it's ideal. Whatever enables that to happen, right? And that's the magic in us working closely with a company like Imprivata to make that happen. And you take similar, you go to process industry pharmaceutical, right? We have a partner called NIMI. It's an armband.

[00:16:51] So you're running around with gloves and masks, and you can't pull out a smart card or type in a password. So you just, by that armband, you authenticate it. So we've totally integrated that with all the other keys. So part of our job is not just to implement our technology, but understand what does healthcare need? What does government need? What does financial services need? What is pharmaceutical? What does transportation need? And then bring these partners together. And that's why we have 130.

[00:17:20] That's growing very fast, this system. Basically for us to cater to each market exactly what they need. And the value that the engines see might be fast login times, three buttons to push to get to what I need. And that's why we have what we call the IGEL Adaptive Secure Desktop. Because a lot of customers today, they have VDI or DAS. So they might be Citrix or Nisa or Microsoft, AVD or Windows 365, all three.

[00:17:50] They're implementing browser technology. So whether that's Ireland or Prisma from Palo Alto or something else, they might be utilizing Microsoft progressive web apps. So Teams now would run directly on the IGEL desktop. So that's three different things. And a lot of companies have been thinking in the past, oh, we'll do everything with VDI. Or we're going to move totally to browsers. The fact of the matter is most companies are living in a world where they do everything.

[00:18:18] So it's an end or, you know, it's really they want to do everything and we're the enabler of that. One of those specific use cases. You can generalize. You can be specific. That's the message. Hopefully they might be convinced. And then they might have like unique actions like application, like dictation apps. If you take contact centers, we have all the major contact center vendors, including vendors that do noise reduction,

[00:18:47] access reduction, headsets. So the headset's just going to work, right, if you're in a contact center. So we're basically integrating all of these things, making sure that it works fantastic. And one of the things we always try and do on this show is ensure everyone watching and listening takes something away. And whether that be a business leader or a tech leader, and I've looked to hone in on the role of the CISO. For CISOs that have either attended here or as a company or the event, what would you like that CISO listening to take away?

[00:19:16] So I think we're getting a lot of attention from CISOs today. And I think the number one thing is our business continuity and disaster recovery solution. Because they're all charged with, what do we do when we get hacked? How do we get back in operation as fast as possible? So word is spreading that IGEL might be the best medicine for that. So we actually get a lot of new customers that start with IGEL with business continuity and disaster recovery.

[00:19:46] Once you've experienced a ransomware attack and you move to IGEL, people start saying, well, why don't we just stay in IGEL? Why don't we go back to a different operating system? So that's the first array into many discussion, many CISOs. Then we start talking about our preventative security model, which is very different from what they learned. The monitor, detect, mitigate, remediate. So they're like, OK, so it's a whole different model.

[00:20:14] And, you know, I think we're getting a following now. We still have a lot of ground to cover and a lot of customers or prospects to convince. But CISOs are definitely starting to get what IGEL can do for them. Yeah. And I think last year there was a famous retail in the UK and also a famous car manufacturer. Over a billion dollars, I think, there was the cost of that because people couldn't recover. It was weeks of downtime there.

[00:20:40] And then we've now got the rise of global conflict and ransomware attacks, cyber attacks. Is this making the conversation easier when you approach CISOs? Absolutely. So we see it in health care in the US where it's rampant, the attacks and the compromise and the ransomware effect. So a lot of health care organizations are putting IGEL in place to prevent that. We have a very famous German automaker that's put their manufacturing floor on IGEL, potentially because they saw what happened to Toyota.

[00:21:09] And once it happened to Land Rover and Jaguar, they're probably happy that gone IGEL because they probably, people have tried to get in and compromise them as well. Right. So we have great examples in any industry of customers doing it and not getting compromised. We're coming to the end now. Any final take you want to give the viewers there in terms of what they've missed at now and next in Miami Beach? Anything, any other, anything you want to add?

[00:21:37] Yeah, I think we've had a tremendous three days here. Now the fourth day of not just IGEL technology, but with our strategic partners, what are we launching? What are we doing? And the event we have here is basically bringing customers, prospects, partners, resellers together and our technology partners. And so it's kind of a, you know, a community. It's not just about IGEL. It's about what can we do together.

[00:22:06] And what we're doing now is we're taking this four-day show, packaging it up, and the CTOs and I will be on the road in Europe from, we think we start in London May 28th. We'll be in Paris, Frankfurt, Amsterdam and Bern, Switzerland from end of May till mid-June. And then in the fall, we're going to go to Melbourne, Australia, and we're going to be four places in the US.

[00:22:35] So we're going to be in New York, we're going to be in Dallas, we're going to be in Chicago and in DC. And what's the thinking behind that road trip? It's basically taking the gospel, packaging it up. It's like this, if you come here, it's like a three-ring circus. We package it up and take a one-ring circus to the capitals around Europe and the US and APAC as well. And the idea is really for us to spread the message to more people.

[00:23:04] So there's a lot of travel restrictions today where people can't get approval for flying to the US. So this is our big launch event. And it's amazing we had people from all over the world come here. But we really just want to get this message out everywhere. So that's why we'll be in 10 places before the end of the year. Fantastic. That's the end of this latest edition of Across the Tech Pond. It just remains to say goodbye to the viewers. Klaus?

[00:23:32] Yeah, I just want to thank you guys for coming here and help putting our message out there. It's been an amazing three days here. And iGel keeps bringing great technology to the market. And we just want to get it to more and more customers out there. And I would just urge anyone watching to check out the dates of some of the events there on that road trip. Read more about it. Learn more about it. And see how it might be able to help you. But thank you. And it's goodbye from me, Anthony Savas, as well.

[00:24:01] Until next time, look out for the next Across Tech Pond. And obviously tap into this one as often as possible and spread the word. Because it's an informative company. And I think we've all got to learn off various partners, customers and vendors. So it's goodbye from me. Thank you.