Privacy Policy

Tom McVey DTX 2019 Interview

Tom McVey DTX 2019 Interview

DAVID TERRAR [00:00:13] Hi, this is David Terrar reporting for Bloor TV, we are at the DTX Europe show, which used to be known as IP expo. And today I’ve got with me Tom McVey. So, Tom, could you introduce what you do for LogRhythm and what LogRhythm does?


TOM MCVEY [00:00:29] Yeah. Thank you, David. Really great to be here. So, yeah, my name is Tom McVey I’m an enterprise sales engineer at LogRhythm. So I help customers, new prospects basically architect, a next generation sim solution essentially to help them detect and respond to threats quickly.


DAVID TERRAR [00:00:48] Right now, not everyone on the show, on the audience is gonna understand what a sim solution is. It may not be experts in cybersecurity. So tell us a bit about what you mean.


TOM MCVEY [00:00:57] Yeah so, sim our security information event management is essentially a platform that can take logs or data from pretty much every part of your I.T. network and essentially make sense of that. So taking all that data together, providing a single pane of glass, a single area to help protect and respond to threats. So it’s kind of combining all those other elements together.


DAVID TERRAR [00:01:21] So tell us a bit about what makes LogRhythm different.


TOM MCVEY [00:01:24] Yes. So logarithm is a next gen sim so that differentiates from kind of a legacy sim for a few reasons. One is that we have the ability to respond to threats. So essentially similar things. You may have the ability to detect. For example, I’ve got ransomware there’s an alarm that will fire there but at that point. You then don’t have any more ability to actually respond to counted that threat. Whereas at LogRhythm you do have a full respond capability in the product. So directly within the product, you can actually kill that process or take that device off the network. Anything such as that. So that’s one of the reasons we differentiate ourselves.


DAVID TERRAR [00:02:09] Is there anything in particular that you’re announcing at the show this time around?


TOM MCVEY [00:02:13] So we’ve just made a announcement very recently on our new and unlimited data plan, which is very exciting for us, first in the sim marketplace. So hopefully it’s going to be quite disruptive. So it’s it’s very good for our customers. It essentially will allow them to take on as many log sources and pieces of data as they want because of that they’re not going to have any more gaps in their visibility. So it is a simple pricing model it allows people to expand at whatever rate they choose to do so. So it’s quite exciting for us.


DAVID TERRAR [00:02:49] Where did Log Rhythm start? How long has the company been going? wheres the Origin Country wise?


TOM MCVEY [00:02:54] Of Course, we were founded in 2003. So we’ve been going for quite a while. Based off Colorado, Boulder. Lovely place, actually, been there a couple of times. And yeah, we’ve essentially just done sim for our entire life. So a lot of the companies that offer them do a lot of other things as well, whereas LogRhythm is wholly focussed on providing the sim. So in that way it’s a bit of a different differentiator as well because all of our efforts and investments go back into just our sim technology. Yeah, it’s been going for a fair bit.


DAVID TERRAR [00:03:32] If that’s where you start, you’re obviously experts in that field. Tell me what kind of customers do you deal with? give me kind of a range. Like the smallest kind of customer and some of the bigger customers.


TOM MCVEY [00:03:44] Absolutely. LogRhythm is very scalable. So one of our smallest customers numbers, maybe 25 users very small. They still got the use cases and the ability to scale to LogRhythm. Whereas largest customers could have tens and tens of thousands of users. We have some very large customers in the US and in the UK.


DAVID TERRAR [00:04:03] Any brand names you’re allowed to mention?


TOM MCVEY [00:04:05] Well, so Mayo Clinic is our largest in the US, so very big. A healthcare customer, in terms of like industries though defence. Health care, retail, any kind of commercial finance legal is really a wide spectrum of organisations. I’d say pretty much almost every industry. Personally, myself, I deal with CNI all the critical national infrastructure. So that’s things like power plants, airports, infrastructure, utilities. Really important stuff. Yeah. Yeah, exactly.


DAVID TERRAR [00:04:43] Now I was at the security show of another vendor I wont mention recently, and they were focussing a lot on the process and the mechanics of how one organisation deals with a threat once it’s happened do you have any tools or things that you do to help organisations and how they actually manage the process once it’s happened to them?


TOM MCVEY [00:05:04] Exactly. And as I mentioned before, that is one of our differentiators it doesn’t just stop at LogRhythm, when we detect the threat. We can help you respond to that. So some of the key parts of our SOAR capability, so SOAR, anyone that doesn’t know it stands for security, orchestration, automation and response. It’s kind of a wide ranging topic of lots of different capabilities, but for us that includes case management. So the ability to build a case ticket almost on an event and then add the information that you need to work on. That’s you have it all in one place. So it depends on the whole the whole kind of process from start to finish of what happened. Exactly. So you can set you the history of who’s added notes in and collaborate with others inside that is also playbooks, which is another really important function to help respond to a threat. So that’s like a list of essentially the processes you have to complete. There’s a list of tasks that helps structure the workflow. So if you’re not sure what the next step is, you’ve got that right in front of you because it’s all have crisis management. And being led out obviously makes it much. Exactly. You know, it’s but we very much like the checklist manifesto. You really should have a structured workflow for these kind of things. But on top of all of that, I think smart response is our number one response capability that essentially allows us to automatically respond immediately to a threat. So if we see something like ransomware being detected and a lot an alarm is triggered to tell us you’ve got ransomware LogRhythm can use their intelligence automatically to quarantine that device instantly without an analyst having to actually do that. You can also limit it so if you don’t want that to be automatic, you can just have it available at your fingertips as soon as you choose to disable that account or device. You just hit the button and it instantly happens. You don’t have to jump on to a different platform or move on to a different interface. It’s all in the same same place.


DAVID TERRAR [00:07:05] What do you think of the show today? Has it been good for you? Has it been interesting?


TOM MCVEY [00:07:09] It’s amazing, really. There’s so many interesting stands. Some great conversations that we’ve had. I just did a speech as well, which had some great feedback. Was really interesting to speak with people from loads of different areas.


DAVID TERRAR [00:07:22] What was your topic? What were you talking about?


TOM MCVEY [00:07:23] Yes so my topic was differentiating next gen sim from more legacy sims and we talked a lot about SOAR and some of the key features present in a next gen sim such as LogRhythm and how they are useful to help essentially lower the time it takes to detect and respond to threats. And that’s basically what LogRhythm is here on earth for is responding and detecting threats more and more quickly as we develop.


DAVID TERRAR [00:07:50] Well, Tom, it’s been great talking to you. Thank you very much for telling us your story. I’m going to be interviewing more people here at the DTX, so check back soon. And there’ll be more Bloor TV programs just like this one.