What Kevin McCallister From Home Alone Can Teach Us About XDR

[00:00:00] - [Speaker 0]
As you all know, I often talk to founders and business leaders who spend months building incredible products, but it's easy to forget how that one overlooked login or unsecured Wi Fi connection can bring everything crashing down. That's where NordLayer comes in. It's a business security platform built for the modern hybrid team. No hardware, no complicated rollout, just a simple toggle ready solution that lets you secure your entire network in minutes. And it does this by combining VPN, access control, and threat protection so your people can connect safely from any device and any network and anywhere.

[00:00:42] - [Speaker 0]
Whether you're five people or 500, you can scale it within a few clicks and sleep better knowing that your data is protected by the same team behind NordVPN. So if you've been putting off network security because it feels too technical or too expensive, don't wait any longer. Please visit nordlayer.com/tech talks daily and use the coupon code tech daily dash 28 for 28% off your plan. But now on with today's show.

[00:01:21] - [Speaker 1]
Have you ever listened to a security conversation recorded from a conference hall that's built into the side of a mountain? Well, today, I'm speaking to you from a little town called Alpbach in the Austrian Alps. We're tech summit twenty five with Barracuda. And just to set the scene, think steep green slopes, wooden chalets, and air so clean, it almost hums. So tech summit twenty five.

[00:01:50] - [Speaker 1]
What is it? It's Barracuda's deeply technical gathering. It's bringing together solution architects, product managers, and engineers all for hands on workshops, road map briefings, and practical sessions designed by specialists for specialists. But today, we're gonna have a bit of fun with it all. Because today, I'm joined by not one, but two guests from Barracuda XDR, and they live and breathe this work.

[00:02:16] - [Speaker 1]
We got Eric Russo, director of SOC Defense Security. He leads the blue team and endpoint specialists, the ones that deliver XDR for their customers. And then we've got Adam Khan. He's the VP of global security operations. He spent nearly three decades in security, building teams, processes, and services, all the things that keep businesses running.

[00:02:38] - [Speaker 1]
But together, they make complex ideas easy to grasp. And today, you're gonna hear why defense wins championships in security as much as they do in sport. And we'll also discuss how even a home alone analogy will explain XDR better than any white paper could, and why a single source of truth matters when attacks jump from VPNs to email endpoints in minutes. And, yes, we'll talk about ransomware, real incidents that their teams have stopped, and how AI and automation are changing the time it takes to act. But the big question is, are you ready to hear how integrated defense, clear visibility, and faster response can change your playbook in a fun and entertaining way?

[00:03:25] - [Speaker 1]
Well, you came to the right place. Enough from me. Let me beam your ears directly to the show floor here where you can sit down and enjoy a conversation with myself, Eric, and Adam Khan. Today on the podcast, I've got not one but two guests joining me here at the tech summit in Austria. So to begin with, Eric, can you tell everyone listening a little about who you are and what you do?

[00:03:50] - [Speaker 2]
Happy to. My name is Eric Russo. I am the director of SOC defensive security here for Barracuda XDR. A little bit about my background, I studied digital forensics in college and got a degree in information security. And then I started out working in the SOC, at Scout Cybersecurity as an analyst and have spent the eight years past eight years in security operations.

[00:04:11] - [Speaker 2]
And now I'm responsible for leading our blue team, which is comprised of our cybersecurity analysts, as well as our green team, which is our endpoint security engineers. And those groups help deliver the XDR service to our Barracuda customers.

[00:04:25] - [Speaker 1]
And I gotta tech you back there for a moment. Digital forensic? Is that law enforcement? That kind of thing? Is that what you were doing before?

[00:04:30] - [Speaker 2]
There's definitely some overlap there. It was just studies, but, no, it was very interesting and definitely helped prepare a lot for, for SOC.

[00:04:39] - [Speaker 1]
And you've also joined today by Adam, who's a podcast soccer guy, I believe, Adam. Tell everyone to see a little about who you are, what you do.

[00:04:46] - [Speaker 3]
My name is Adam Khan. I'm the VP of global security operations at Barracuda XDR. I've been in the security space for thirty years before it was actually security. You know, you everyone thought, like, systems administrator was the security guy back in the nineties. So I worked in tech space, working at a lot of the .com companies, Fortune 100, Fortune five hundreds.

[00:05:13] - [Speaker 3]
And then I actually have been working developing XDR as a product with at Scout Cybersecurity. And then now with Barracuda, I lead a team alongside with Eric and my other counterpart, which is on offensive security, Miriam Khalid as well, and we manage and protect our Barracuda customers that are on XDR around the globe.

[00:05:33] - [Speaker 1]
And I've gotta ask you, what's your secret? Because you do not look old enough to have been in cybersecurity don't for thirty years. What's your secret there?

[00:05:41] - [Speaker 3]
Know. I thank my parents for that. And I think, you know, having a positive mindset goes a long way, especially in the industry that's bombarded with negative news and and pressures. And I think thinking about the good fight that we're fighting and having that mindset always like, hey. We are doing the good work of, you know, protecting customers around the globe that are actually going through a lot of hardship, and and that keeps me continuously growing.

[00:06:09] - [Speaker 1]
And it's hard not to have a positive mindset here. I mean, from where we're sat, looking at the view behind me is just phenomenal. But for people listening, this is an audio podcast. How would you describe the tech summit for people who have not attended before? What makes it different?

[00:06:25] - [Speaker 3]
First, the the the setting is is just amazing. It's like a postcard. Yeah. Right? You have these brilliant mountains and and forests that are behind us, and and, you know, this this weather could not be even better.

[00:06:40] - [Speaker 3]
And then this venue itself is very unique. It's it's actually inside inside a mountain, right, underneath it, which is another unique setting. And then the fact that you Barracuda is able to bring a lot of great collective IQ and technical expertise from our customers onto this site alongside our technical team to be able to engage and, you know, collaborate and talk about features and things our customers find valuable, and at the same time, you know, have that connection and that bonding. And I think that partnership with our customers goes a long way. So I think it's a great venue to kind of there's not a lot of distractions outside of the beauty, which is great.

[00:07:26] - [Speaker 3]
But I think it's a great venue to get together, to listen to our customers, and get their feedback. And at the same time, you know, showcase what we're working on, what does the future look like. I think it's a great event overall. I this is my fourth one, I believe. And, yeah, I enjoy it every time I come.

[00:07:43] - [Speaker 1]
Awesome. And, Eric, have you been here before? How many how many summits have you attended?

[00:07:47] - [Speaker 3]
This is

[00:07:48] - [Speaker 2]
this is my first one. And every time I look outside, the view seems to make my jaw drop. So I will hopefully be coming back and making this a regular thing, but now this is such an amazing event

[00:07:58] - [Speaker 1]
so far. Awesome. And one of the things that stood out today was obviously your, your keynote where it used football or soccer depending on which side of the Atlantic people are listening. You used football as a metaphor for cybersecurity. So just walk me through that analogy for anyone that didn't see it and and why it resonates so much with today's threat landscape.

[00:08:20] - [Speaker 1]
I did send I tweeted out a picture of the football pick there of the formation. Was just brilliant what you did, but tell everyone this thing about that.

[00:08:28] - [Speaker 3]
Yeah. I think it's first of all, it's as being in cybersecurity, and we're always talking about the importance of protection. Right? And and for for me, I I like telling stories, you know, and and always explaining to a way that audience would understand in their interest or, you know, what their what things are happening. So I think it really resonated with me how defenses in football operate, how they actually neutralize an attack.

[00:09:01] - [Speaker 3]
Right? Like, you know, whether the opposing team has a really high powered offense and very well attackers who are really good at at certain positions. And it it drawn the comparison between what we're doing on the defensive side, right, in the cybersecurity community, how we're protecting our customers from all these types of attacks. So I kind of found that analogy to be very resonating to myself even though I'm not a I'll call it football. I wanna say I don't wanna say soccer, but

[00:09:34] - [Speaker 1]
I'm not

[00:09:34] - [Speaker 3]
a football fan, but I'm a huge fan of sports altogether. So and I've seen the same pattern regardless of what sport there is. Right? A defense there's a saying we have in The US. Defense wins championships while offense sells tickets.

[00:09:51] - [Speaker 3]
Right? So, yeah, so to get to the outcome and the goals, the defensive side of mindset is is what is getting you to the goals of the outcomes in this case, the protection that you need. So I think it really resonated with me, and that's why I kind of came up with that concept.

[00:10:09] - [Speaker 1]
Yeah. It's a great point. It wasn't just football. It was rugby, NHL, and any sport that you can imagine. Defense wins championships.

[00:10:16] - [Speaker 1]
So how does that overall idea how does that translate into to building a strong cyber defense strategy? How can you bring that to life?

[00:10:23] - [Speaker 3]
Yeah. Great question. So one of the things you think about I I put it in the sense that these attackers, you know, they're no longer script kiddies. They're they're they're really like a full formidable attack formation teams. Right?

[00:10:39] - [Speaker 3]
As as as I was mentioning, you have the front attackers such as, you know, social engineering or phishing attacks that are luring the users to interact and and and get susceptible to the initial attack. While in the back where you have different formations that are, you know, command and control, ransomware, and, you know, other malware that are waiting to deliver the final blow and and execute what their initial what their actual plan was from the beginning. So I think, you know, that was the offensive strategy that these attackers are using with their where their the parallel is. And, you know, from Barracuda's side, you know, it was the same thing. It was like understanding how your opponent operates and what strategic actions they're taking to do defensive evasions or to bypass your, you know, mitigations or or your monitoring that you have.

[00:11:42] - [Speaker 3]
Only then we as a cybersecurity company can learn from those tactics and adapt and plug those in to be able to protect, you know, customers as the security landscape continues to evolve and change. Right?

[00:11:55] - [Speaker 1]
Yeah. And, Eric, from your point of view with the digital forensics background, which I I do feel we need to get you back on the podcast for a whole episode on ONAL, but what's your viewpoint on that?

[00:12:06] - [Speaker 2]
To be clear, I do not do digital forensics. So set appropriate expectations. But my view on it is you you actually mentioned the word yourself in the question where we think of strategy. Right? Same for sport.

[00:12:18] - [Speaker 2]
Any team will go into a match with a given strategy in order to set themselves up for success. Cybersecurity really isn't much different when you think about that concept. If you're an organization and you wanna operate in a certain field or in a certain environment, you need to have a strategy on how you're gonna protect yourself, protect your assets, and protect your customers. And that's what we do, especially my team as a defensive security org, is take a look at kind of like Adam described, what are the attackers, the offensive folks, doing, and how are they executing their plays if we're gonna stick with the sport analogy, and how can we be prepared in order to defend against those types of strategies. So we look at things, in in multiple layers such as, endpoints and cloud and on premises servers and all of the different things that an organization would need to deploy in order to, deliver their business and operate.

[00:13:11] - [Speaker 2]
And let's think about all of them from a security standpoint, how we can defend them when an attacker inevitably targets them.

[00:13:18] - [Speaker 1]
And it's worth highlighting that attacks today are multilayered and incredibly fast moving. So why do you think an integrated defensive approach more is more effective than relying on those individual point solutions? And there are so many of those now as well.

[00:13:32] - [Speaker 2]
I think that well, us in XDR, we're big believers in a multilayered approach to cybersecurity, more of a platform approach. And, obviously, that's what or maybe not obviously. That's what Barracuda one is all about is taking a platform approach to your cybersecurity program. Because what, you know, we tend to find is that organizations, they they have the right mindset and they have the right goals of going out and, employing security products that'll defend against different types of scenarios. But it's really difficult to manage them when you have individual products here, individual products there.

[00:14:07] - [Speaker 2]
It creates a lot of overhead, and it also creates a lot of noise. So XDR, the kind of vision for it and and what we've done is how can we take all of those different systems that you use and maybe would need individual security products to protect, centralize all of that and have one single source of truth. That's what XDR is designed to be. We'll take your logs from your firewall. We'll take your logs from your endpoints.

[00:14:31] - [Speaker 2]
You name it, all the different technologies that your organization is using. We'll centralize all of that data in one place. Our SOC will be the ones who are responsible for looking at that and will be your source of truth from a cybersecurity perspective.

[00:14:43] - [Speaker 1]
And, Adam, for you there. I mean, they did a lot of talk of tool sprawl, etcetera, today. Any any big takeaways from you then?

[00:14:50] - [Speaker 3]
I think there was there was a stage where the industry was trying to figure out, okay. You know what? Which product we need to use? Which what are the right tool sets? And I think the education of of a lot of the customers has gotten really good.

[00:15:04] - [Speaker 3]
Right? They understand which are the top key players in, you know, every respective, whether it's cloud, endpoint, and all that all the spaces. The things that they're struggling with now that once this problem is solved is how do they have everything talking to each other? Because it is the sprawl. Right?

[00:15:27] - [Speaker 3]
Every system categorizes the same artifacts or or every software or product differently. Right? How do they how do do how do you make sure that everything stitches together? And XDR kind of when it was, you know, initially launched, that was the whole thing, bringing everything together in one visibility, in one dashboard, one platform to be able to aggregate an IP address meets an IP address regardless of what product you use. Right?

[00:16:00] - [Speaker 3]
You know, a hash is a hash. Like, there's no difference there as well. So I think providing the visibility across different datasets in one view without having to log into 15 different systems, seeing the threat there. The other big thing is actually correlating the data. Right?

[00:16:19] - [Speaker 3]
If something a connection happens on the firewall, then, you know, some other action is taken on the endpoint. These these two events tied to get each to each other. Now if you don't have these tools, you are logging into 15 different systems and then trying to figure out what it all means. And the problem just a lot bigger, and then you do have the right tools in place. But, you know, getting it consolidated into one point is is what is going to get you success and the outcomes that you want.

[00:16:53] - [Speaker 1]
And one of the things I try and do on this podcast is demystify technology, put it in a language that everyone understands. I don't wanna lose anyone here. So extended detection and response, big talking point here, especially in security right across the board. So how would you explain XDR in plain language to someone that's listening maybe outside the tech industry? They're not into cybersecurity.

[00:17:17] - [Speaker 1]
How would you define that? Because tech does love a good acronym. So

[00:17:21] - [Speaker 3]
Yeah. Yeah. That's a great question. So I will explain it like this. So this is I don't know if our audience is familiar with the with the movie Home Alone Yeah.

[00:17:35] - [Speaker 3]
But it's a great example. When Kevin McAllister, the the main character in in in the movie, was left behind by his parents accidentally when they went on vacation. His house was obviously attacked by these robbers. And his job think of Kevin McAllister as IT director or as, you know, CISO. His job was to protect that house.

[00:17:59] - [Speaker 3]
Right? And the first thing he did was figure out what are the different entry points these thieves who are gonna enter his house could get in. Right? And he put mitigations, like, I remember he put iron a hot iron at the front door or, you know, he put, like, a a paint can on the stairs and all this stuff. He first found out what he had, what are the entry points, and then put, like, concentric rings of protection all around this house.

[00:18:31] - [Speaker 3]
What he did was most important, the end. He actually had a camera and a video that he was watching. Where are they coming from? And that is XDR. Wow.

[00:18:42] - [Speaker 3]
Because if he didn't have that, he wouldn't know he needed to go run upstairs or go down into the basement. Right? So it is that that's the simplest way I could explain it. You know, like, that was to me, that resonated as a as a kid when I saw it. Yeah.

[00:18:57] - [Speaker 3]
And I think it's very simply explains, basically, it's a central view into your entire digital infrastructure. Right, and helps you, you know, act when things go wrong.

[00:19:07] - [Speaker 1]
That is a beautiful answer. And honestly, in three and a half thousand interviews, nobody has ever been able to demystify cybersecurity into football and home alone. But you've done it beautifully. It was absolutely brilliant. But what is it you think makes XDR stand out compared to, let's say, more traditional tools that are out there at the moment?

[00:19:26] - [Speaker 1]
And what makes XDR what excites you about XDR?

[00:19:29] - [Speaker 2]
Yeah. My answer won't be as fun as that, but, I'll take a try. So with XDR, I think something that stands out about it specifically well, I'll mention two things. One is just the volume of integrations. Most technologies and security tools, they'll have a handful of integrations for very niche purposes in order to solve some sort of problem or some sort of challenge that the people using it might experience.

[00:19:53] - [Speaker 2]
With XDR, we have an ever expanding list of integrations because we want as much visibility as we possibly can. Thinking back to Adam's example, if our SOC analysts are Kevin McAllister. Yeah. When they are trying to detect threats against an organization's IT environments, the best way or the way that they're going to have the most success is when they have the most visibility. If they can only see data from one server or one firewall, they're going to be limited in what they can do in terms of an investigation or analysis.

[00:20:23] - [Speaker 2]
But if suddenly we have integrations with their, single sign on applications or their cloud computing environments, you name it, the list goes on and on, the more visibility we have, the more likelihood we have of detecting threats before they become an issue because we have all the data. We can correlate it. We can incorporate our threat intelligence. So, yeah, from that perspective, I would say XDR and the and the sheer volume of integrations that we're trying to develop so that we have as much visibility as possible. That's one differentiator.

[00:20:51] - [Speaker 2]
And a second differentiator that I think, you know, we're proud of is our ATR or automated threat response capabilities that we've developed. Because where IT admins struggle with is, sure, they can receive an alert. They can read it, understand it, and then take action. But that takes time, and that takes resources to do. We're trying to take that burden off of our customers saying that we're gonna take the action for you in an automated fashion when we have a high degree of confidence that something might actually be a true positive or be a real threat.

[00:21:19] - [Speaker 2]
So we've built these automated threat response capabilities to do things like block IP addresses or lock out users or isolate endpoints when we have a really high degree of confidence that an attack might be unfolding so that we can eliminate the threat actor from the environment before it becomes an issue.

[00:21:35] - [Speaker 1]
And just to bring that to life, are you able to share an example of a real world incident? You have to name any names. An incident where XDR made the difference in stopping or limiting an attack just to bring it to life for any business leader, that might work inside their organization.

[00:21:50] - [Speaker 2]
Absolutely. We have, recently in the SOC, we've seen Akira ransomware, which is a very popular ransomware gang. They have been heavily targeting a new, firewall vulnerability, a SonicWall SSL VPN vulnerability. They've been using it to gain initial access to customer systems, and then ultimately following a few different taxic descent techniques, what they're trying to do is detonate a cure of ransomware. So we've seen this against or at least attempted against a few of our customers over the past couple of months where, unfortunately, they didn't have the patches in place for this SSL VPN vulnerability, which is difficult being something like a zero day, you have to move quickly.

[00:22:30] - [Speaker 2]
But nonetheless, fortunately, they had XDR in place. So we're able to detect things like suspicious login events on the firewall. And then as the attack unfolds further, we have, our endpoint security with those ATR capabilities, which once we see hacking tools and suspicious processes, all of those typical things that'll happen in an attack life cycle. Once those start happening, our star rules, as we call them, kick in to take that automated threat response action of isolating the endpoint. So we've seen a number of those cases lately with Akira ransomware exploiting an SSL VPN vulnerability.

[00:23:04] - [Speaker 2]
And fortunately, our SOC has been able to help with those, take a look at them, and then build upon them as well in terms of enhancing our capabilities based on what we're seeing.

[00:23:14] - [Speaker 3]
Right. And that I'll add that visibility across the board for these customers who did have all of the XDR product portfolio really helped because, you know, the attacks started from the VPN and then quickly moved to an email account. So we literally saw every step of that action, and we're mitigating across the board. So I think it's like like Eric said, these these attackers are just getting sophisticated. They're they're going after everything that's publicly faced asset, and they're they're just trying to, you know, get in every way possible.

[00:23:51] - [Speaker 3]
So I think, again, having XDR gives that visibility. The other thing I would like to add also when Eric said, you know, integrations is a big thing. SOAR is also allowing security teams to not just sit back and and tell you there's a problem, but actually do something about it. And the third biggest thing I would say is the ability for XDR systems to integrate and utilize machine learning and AI is another big advantage. Right?

[00:24:21] - [Speaker 3]
Where the traditional seams were, you know, not able to do that. So having XDR basically, you know, a component that could plug into any technology, right, is is a huge advantage across the board for for companies that are looking to improve their cyber posture.

[00:24:39] - [Speaker 1]
And I think you hit the keyword there, visibility. It's often called the foundation of cyber resilience, and there's so many different endpoints now in everything from networks, endpoints, cloud environments, and you can probably name several more as well. Anything else you can add on how XDR improves visibility across all those different endpoints? Because there is so many, isn't there?

[00:25:01] - [Speaker 3]
Yeah. Yeah. I taking visibility and actually changing it in the sense that providing more context. So adding components like threat intelligence. Right?

[00:25:15] - [Speaker 3]
Not just what happened, why would it happen, adding context to, oh, this user's account has data leakage on, you know, dark web because they use the same email password in their MyFitnessPal account. You know? I mean, yes, you're not supposed to do that, but unfortunately, people use their company accounts elsewhere as well. That's another topic. But still, the fact that you're able to find those informations and say the likelihood of this actually being real is true because you know what?

[00:25:47] - [Speaker 3]
This data is already dumped on the dark web. Adding intelligence as far as where like Eric mentioned in his presentation, getting the device ID for two different logins is a huge differentiator there as well. Adding context, like, you know, why a certain IP is malicious or certain hashes malicious. I think more and more visibility comes from not just the different security products you're adding, but also the threat intel piece is another big thing. And and a lot of our customers who who add XDR, they get threat intelligence, which is about one of the biggest in this industry, which is 12,000,000,000 IOCs altogether, as part of the package when they adopt for XDR.

[00:26:31] - [Speaker 1]
And if I was to ask you both to look into my virtual crystal ball, look ahead. Threats are obviously gonna keep evolving. How do you see XDR and integrated defenses adapting to ensure organizations remain resilient in the the years ahead? We're only sick well, a few months away from 2026. How do you see this evolving?

[00:26:50] - [Speaker 2]
Definitely. I think, Adam just alluded to it briefly, but with AI and how, you know, advanced it has gotten, we're able to incorporate that to automate a lot of the reactive work that a SOC team would traditionally do. So traditionally, a SOC would have a monitoring system such as a SIM in place, which would generate alarms, and then an analyst would investigate that alarm and follow a runbook and go through all of these steps manually. Right? Takes time.

[00:27:18] - [Speaker 2]
Now with AI and things like SOAR, which is security orchestration automation and response, we're able to automate a lot of these same steps that an analyst would do in their investigation, automate those runbooks so that it be can, be done by machines in a matter of seconds rather than by humans, which would take minutes, sometimes fifteen, twenty minutes. So there's a lot of time savings there. So if we can have AI and automation and technology do a lot of the reactive work that a SOC would traditionally do, The shift that I think we can see is that our SOC analysts and engineers will have more capacity for proactive security work. Like threat hunting is crucial, especially in a world where zero day vulnerabilities are very prevalent. We might not know about something, but if we can threat hunt for behaviors that could be indicative of a threat actor trying to exploit a vulnerability that we don't know about yet, we could stay one step ahead.

[00:28:09] - [Speaker 2]
So the shift that I see happening or where we wanna drive towards is using the technology and how far it's come with AI to, handle a lot of the reactive work that a SOC team is responsible for and letting our analysts and engineers focus on what their experts are doing, which is investigating, but more proactively, more threat hunting, those types of things.

[00:28:27] - [Speaker 1]
And, Adam, anyone that doom scrolls down their phone will see wave after wave of attack and breach. You're the optimist here in the room. What what excites you about the future? What how do you see this going?

[00:28:42] - [Speaker 3]
Yeah. I think I think first I think first of all, I think companies need to recognize this is there's there's a reality. I I need to definitely hope the audience understands that, you know, it's not the whole thing is it's not if you're getting attacked, it's when. Right? Every company is under threat.

[00:29:05] - [Speaker 3]
And with AI, it is going to exponentially increase, I would say, a hundredfold. Right? I don't think like, think about how we are operating ourselves in daily lives right now. If you look at the data, the Google searches that we used to do normally are coming down on a sharp, like a, you know, hockey stick going down, where searches on ChadGBT and all these LLMs is going up. Because it's it's such a new format and it's easy, instead of you having to go through fifteen, twenty different web pages to get to the answer, you're getting in a concise answer.

[00:29:40] - [Speaker 3]
That answer might not be 100% accurate, but I think neither was Google. Right? But what my point is here, attackers are no longer going to sit there writing scripts, writing programs, writing, you know, malware. They're go already using AI to design faster attacks across organizations. They're going to find out, information such as like, what is this company's financial status?

[00:30:10] - [Speaker 3]
Who's their CFO? Works in their financial accounting department? This is all reconnaissance. Mhmm. Before, you would have to go to, you know, 50 different web pages, get their LinkedIn, see their profile, find out their emails.

[00:30:28] - [Speaker 3]
The world is changing in front of our eyes faster than before. So that is a great positive thing as in said, we need to recognize it. But at the same time, once you recognize a problem, you need to arm yourself with the same type of knowledge to be able to defend yourself. That's exactly what Eric said. Right?

[00:30:48] - [Speaker 3]
Like, hey. We need to, as defenders, take advantage of these AI tools because they could get us to that outcome much faster and free us up to go do things that are, you know, like, threat hunting or being more predictive and proactive into finding out vulnerabilities beforehand. You know? So it's that almost like that shift it is that shift left approach. Let this intelligence of the smart systems do the day to day, call it mundane things, which are, you know, fighting against threats while you're actually taking care of a lot of the proactive measures that companies are dealing with as well.

[00:31:26] - [Speaker 1]
And finally, you've both flew, what, several thousand miles to be here. You got a long flight home. What are you gonna be thinking about on the way home, especially when you take into account all the keynotes, all the conversations, and everything that you've had? What are you gonna be taking away and thinking about on the way home?

[00:31:42] - [Speaker 3]
Oh, great question. I think every time I come to Tech Summit, it's the it's the partners and the people that I connect with and the relationships that I built. So every time I come here, it's like, you know, whenever I see a partner that I met last time, it's, you know, it's like, literally, you're giving each other a hug, and it's like it's it's it's you you develop long tenure relationships because, one, they trust us for protecting themselves and their, you know, companies. And, you know, these this is this is people's livelihood. At the end of the day, we're protecting companies.

[00:32:17] - [Speaker 3]
We're protecting someone's job. We're protecting someone's data. And I think that's I take that very seriously, and I and I think I cherish the relationships and and the learnings I get from both of my partners, the good feedback, the bad feedback, regardless of what it is. So that's every time I used to come back, I used to tell them all the stories, but I'm glad Eric is here this this year to to enjoy it with

[00:32:38] - [Speaker 1]
me. Yeah. There is so much warmth, and it feels much more personal, that kind of event. I was talking to someone earlier who was telling me about the moments of serendipity when you bump into somebody that you never would have met before, and he's ended up doing really well out of this. And it was a great story.

[00:32:52] - [Speaker 1]
But but, Eric, what about you there? What are gonna be thinking about on the way home?

[00:32:55] - [Speaker 2]
Yeah. I definitely agree with that. A lot of the connections that we've made with partners and even people that we've been working with for years, and I finally had the opportunity to meet them in person has been great. Second is the view. I don't think I will be thinking about much else but the view for a while.

[00:33:09] - [Speaker 2]
It's absolutely stunning. I wish everyone could see it. But third, I think I'll be thinking a lot about Barracuda 1. There's been a lot of excitement around this event over the last couple of days about Barracuda 1, and all the teams that are working on it are really proud of their work and really proud of where this is going. And it has a lot of potential to do a lot of good for a lot of customers who are trying to secure their environment.

[00:33:29] - [Speaker 2]
So I think I will definitely be giving a lot of thought to Barracuda one, especially how we on the XDR team can make it even better.

[00:33:35] - [Speaker 1]
So yeah. Well, I'll have links to both of your LinkedIn so people can find you nice and easy. But anyone wanting to find out more about Barracuda one, XDR, anything we talked about, is there any way you'd like to point them?

[00:33:46] - [Speaker 2]
Yeah. Absolutely. I think, the XDR team are starting to work on showcasing a lot of the cool stories that happened behind the scenes. So I would definitely direct everyone to the Barracuda blog. We have a a couple of series that we've started doing, like our SOC case files to showcase real world incidents that we work on and stories from the SOC.

[00:34:06] - [Speaker 2]
Those are always interesting, so definitely check out our SOC case files on the blog. We also are doing our, threat radar as well, which highlights some of the trends and things that the SOC is seeing. Those are really great insights for customers to know what are the things that we're tracking as security experts that they can keep an eye on themselves in terms of vulnerabilities or new things that are being targeted and all of that stuff. So we have a lot of good content that the SOC puts out on the Barracuda blog. So, yeah, give it a look, and, hopefully, you'll find something interesting.

[00:34:35] - [Speaker 2]
Awesome.

[00:34:35] - [Speaker 1]
Well, I'll add links to everything you mentioned there. And this is one of those episodes for me that had it all. We've got a killer view, and we've somehow managed to link cybersecurity with football and home alone. Just work to treat. So thank you so much for bringing it all to life in a language everyone can understand.

[00:34:49] - [Speaker 2]
Thank you. Yes.

[00:34:51] - [Speaker 1]
So the big question here is, what will you change in your security playbook after listening to Adam and Eric unpack XDR from a football formation to a movie set? Their message was refreshingly simple. Defense is a team sport. Tools can help, but outcomes improve when visibility is centralized. Alerts are correlated.

[00:35:14] - [Speaker 1]
Response actions fire at the moment that pattern lines up. And automate the routine stuff. Let the runbooks execute at machine speed and free your people up for threat hunting, testing backups, and pressure testing the weak links that an attacker will eventually touch. And I think our conversation today just shows how a single view across identity, email, and endpoint can keep a bad day from becoming front page news. And if you wanna see where these conversations are happening, please check my Instagram for views from the mountain village that we're at this week and also a few behind the scenes moments.

[00:35:54] - [Speaker 1]
And for deeper reading, please look at Barracuda's sock case file and threat radar on the Barracuda blog, and you'll be able to follow the kind of patterns that their teams are tracking. As you head back to your own environment, I'll leave you with a question. Which alert will you automate first? Which system will you connect to your next single source of truth? As always, tech blog writer at outlook.com.

[00:36:20] - [Speaker 1]
Remember, tech talks network dot com. We got a range of podcasts there all hosted by yours truly, and let me know what you think. And there's even an option to leave me an audio message. So leave me a message even if you've got nothing to say. I'll be back again tomorrow.

[00:36:35] - [Speaker 1]
I've always got something to say, so I'll speak with you all then.