Softcat plc (SCT) Earnings Call Transcript & Summary

Welcome, everyone. I think we're going to wait a couple of minutes just to ensure everyone is joining. And obviously, some people might be a bit later to say I was going to wait a couple minutes before we start. It's still got a couple of people joining What you guys say? Should we get started or do you want to wait another minute or so

Give them a minute if you want to.

Yes, I don't mind we can't give a complete still got cut a few people joining. So kind to, obviously, house many people before we start. So we've still got time. So if we give it anything else, I think people still joining so I think we probably kick off now. Are you guys ready?

Yes.

Well, good morning, everyone, and thank you for joining. Welcome to today's webinar in Securing your Cloud prevention versus detection. Before we begin, we'll be running through 4 topics in today's session.If you guys are going to ask any questions at all during the webinar, please feel free to use the Q&A tool, which you can find in the Zoom navigation menu. These questions will then be answered at the end if we have time, but don't worry, If we run out of time, they will be shared via e-mail after the webinar. Please note a recording of the webinar and a copy of the slides will be shared with you after and the on-demand version of the webinar will be on our Softcat website. So feel free to ask anyone about that. If you'd like to discuss any of the content in further detail, please speak to your Softcat account manager or falling that e-mail marketing at softcat.com and someone will be able to support you. Today, we are joined by 3 speakers. We have got Paul Jacobs, the incident response team leader at Sophos, Alexander Hagglund, a cybersecurity expert from Sophos and our very own at Ryan McDonough in Networking and security consultant from ovarian Softcat. Before the speakers provide a more in-depth introduction to themselves, we are going to start today's session in a more interactive light. So if you would like to answer the poll that should be appearing on your screen any second now. Let me just get that sent out to you guys. Perfect. I should have launched. So if you guys want to give a bit more of instruction my people are answering that, feel free. So we've got Paul Alex and Ryan to introduce themselves a bit more fairly.

Good morning. I'm Paul Jacobs. I'm one of the team lead for the U.K. Rapid Response and Sophos and my roll basically involves dealing with network reaches, brand scenario incidents. And me and my team, we -- When the major Incident happened occurred on the client, we get deployed to help investigate what's happened to neutralize that and help get contained on basically try to get that company back up and running as quickly as possible. So that's what I think to do so until every single day. So if you encountered me during the day ,it's probably not your best day. So this is quite a nice change really that I'm speaking to people that I'm not actually involved in active brands and where it's at.

All right. My name is Alexander Hagglund. I actually work for the Nordic region here at Sophos, and I'm a sales engineer, so I deal with architect installations and anything in regards to our security solutions basically. I've been in security for like 20 years now. So it's been a long ride. I know my way around security. And I'm based out of Sweden, actually. So that's where I'm coming from.

So no moaning about the cold weather in the U.K. today because its colder where you are.

Yes, it's pretty cold. It's double digits. So

A little better enough then. Perfect. And Ryan, if you can introduce yourself?

Yes. Thank you, Charlton. Good morning, everyone. My name is Ryan McDonough, Networking and Security specialists at Softcat been in the business for 4 years and responsible for a guide of our trading accounts responsible for the derisking essentially of vendor and technology choice for our own customers. And I guess in webinar speaking on behalf of my own customers and experience within the market.

Perfect. So we're very lucky to have these guys on today. So thank you for giving up your time to participate in this today. And we've still got a couple of people answering, but we've got about 75%. So I think we can get this shared out Patrick, can everyone see that?

Yes.

Lovely. Okay. So obviously, very, very large amount is focusing compliance and visibility with obviously kind of a broad spread between lack of resource and car migration, but then also second biggest is some data breaches. And do you guys expect this as well? How -- what are your kind of interpretation of this?

Yes, I can definitely talk to that. I think it was -- I'd be very surprised if visibility and compliance was one of the biggest challenges, I think, visibility as much as I hate to say, you can't protect what you can't see. And visibility is one of those things that even within our assessment services, if you don't consider cloud in your kind of day-to-day operations, if we have -- the assessment services that we do with our customers, the first question that we do ask is what's your inventory of hardware and software assets and it's exactly the same when you consider cloud. I think it's important that you find a solution that can show you that bigger picture, that 1,000-foot view of what you actually have before you can begin to consider how you secure and make those assets compliant. And I think having a posture management tool within the cloud, someone like Sophos Cloud Optix really helps with that. And from 10 minutes of deploying cloud optix, you get the instant picture of what you have across multiple clouds and what those assets actually look like? And I think I most customers that [ we are ] 7.22 decided, but if you're a Sophos Intercept X customer for server and you do get an element of cloud optix in with that license. So it's something that you can start to have a play around whether you haven't already seen that.

Perfect. Thanks so much, Ryan. It's actually really interesting. I guess, obviously, in-house gives greater visibility, but it's sort of difficult to have that weakening the cloud. So thank you. So maybe just close that down. And I guess we'll move on to some of the content. So I believe we're handing over to Ryan now. So what's your #1 powered security challenges that you're seeing in your customer base, obviously, being from Softcat?

It is Alex, I believe you will start on the top.

Was that my bits? All right. Okay. Okay. Yes. So

I'm sorry, guys. I'm getting the order on to take away, is the #1 kind of cloud change that you are seeing...

So what we're seeing is mostly configuration issues basically, but also adding on to what Ryan talked about with disability and visibility is a huge part of -- if you don't know what you have, just like Ryan said, you don't want to know what configured, you don't know what's secure. So gaining that part of the cloud solution is really key when it comes to securing what you have there in all your assets. And when we see that there's a really small percentage of that -- of these issues are actually the fault of the cloud provider is actually the customer that is responsible for all these configuration issues in most cases. And that's because of the shared responsibility model, basically. So you need to know what you're doing. And having a cloud posture solution is really key there as well. But also having protections in place in order to protect what is -- what matters the most, basically. So even though you have everything set up in the cloud, you have your serverless applications you have your databases, you have your S2 buckets, what have you. You need to have something in place in order to protect those but also to have that easily accessible service for your customers or for your users. And there's a lot of solutions that can help with that, for example, if you have -- I've had talks with both ABS consultants and ASH WARE consultants telling me that we do recommend having a third-party firewall, for example, because, a, you gain better visibility and b, you gain better security because at the end of the day, the firewall that you have in ABS or ASH WARE, they're just firewalls. They don't add that additional protection layer that you usually need for your applications that you host in the cloud. And also tying that into the protection modules that we can provide in the threat intelligence as well that Paul is going to mention a lot about as well.

Thanks, [indiscernible] Yes. I mean [indiscernible] 10.7 , I tend to see things with the benefit high-inside because I'll get deployed after an attack, but Yes, some of the security challenges that I see is that sometimes the people don't understand that the cloud doesn't necessarily mitigate the risk. You're just widening the scope of riskology when you're bringing in a third party to help manage something like cloud devices. You really need to make sure that you've scoped out who's responsible for what. And it still needs to be part of a very comprehensive security strategy. Now spinning up cloud assets, it offers huge flexibility. But as Ryan mentioned earlier, how you maintain visibility of those devices, who's responsible for the patching and maintenance of those devices as well because in the cloud doesn't mean that they don't need that sort of same level of maintenance that on-premises starters. And it's often only after when disaster happens that the shortcomings of the support contracts sometimes identified if you like, out of our support with something at the cloud-based systems, if you're being managed by a third party, how you deal with that, especially when the disaster does happen, things need to happen in the last time. If you're trying to get some of these devices, the support they need from -- if that's not really into the contracts and service level agreements, then that's when you find it, and that's not really where you want to be or -- encountering those issues. And also as well, we mentioned about the flexibility. But have those cloud devices they have been gone through the same process that an on-premise device will be before they put into production, it's really, really easy to just spin up Device or a cloud-based environment. I mean that's the beauty, but that's where you use it. But you also need to have that sort of viewpoint that it is exactly the same. The level of security needs to be the same as you would have as an on-premise thing. And also the flexibility and scalability means that maintaining an accurate asset and risk register in relation to those devices can be quite difficult because the dynamic here, you can quickly spin device up. It doesn't necessarily scope for the same sort of procurement issues that you might have on-premise system. And the beauty of its simplicity and Scalable nature is that they can often be gone about devices get spun out, they are used and because they not necessarily added to the risk register or the asset management register, it's bought back -- it's not [indiscernible] 12.39 once it finish being used, it's left down the open and attacks them, don't care about whether if there's a device to give them a conduit into an environment, they will utilize it. I can't tell you the number of times that we investigate something. And then me and my team says the client right always chase the upstream lateral movement of the attack is coming from this device. And they will -- that's the device from a year ago, that should have been turned off. Well, it's not, it's active now, and this is what the attacker has been using. So yes, these are some of the points that I see I don't know if you've got anything more to add on that one, Ryan?

No, I think I definitely agree with what you're saying. And I definitely talk to the point of the ease of scale within cloud is probably a double-edged sword on the back end. And I think when you are considering cost as well of cloud, which I'm sure will definitely come into that. Yes, is it a spin up, but there's definitely a cost associated with spinning up of that? So having something in place which allows you to understand what assets are being used and where you can kind of scale cloud or down as well as it's definitely worth considering that as well?

Yes. So I guess, a big part of it is kind of finding that sweet spot, as you said, Ryan, it's kind of a double-edged sword. So kind of find that the happy mediate between the 2. Perfect. We're going to have yet another poll. So is your business under pressure to look at IT security budget? So if you guys could respond to this from phone and then we can have a bit of discussion about, obviously, what we see from this. Let me get About 10 more seconds just so people have a chance to respond properly. Perfect. Thank you so much, guys, for taking time to fill that one out. So let me just share the results from this. And obviously, this is obviously quite a big talking point for quite a lot of people on this today. that people are under pressure to review IT security budgets. I mean, from a sales perspective, do you guys usually come across this? Obviously, budget is a massive problem in this climate. Now in the kind of economy we face nowadays anyway, kind of as of response are you guys seeing this as a major problem?

Yes, yes, we do. I mean cloud is expensive. And if you don't have a good contract with, for example, Microsoft, what was what is called something service for contract. So then you're actually paying as a go, which can be very expensive. And just like Paul mentioned, it's spinning up and the flexibility and not knowing what you have there is it's going to be very expensive if you don't have it on the reps and you have a proper budget plan for it. And the trend we're seeing right now is that, at least in my region in Sweden, Norway, Denmark, we're actually seeing the trend that people are moving back from the cloud to in-housing their services instead. So having spinning up servers again that were -- had been obsolete previously. So that's a trend we're seeing because it's getting more and more expensive. And it's just -- now with the electricity, it's going a bit back again to moving back to the cloud. It's just going back and forth. But the trend we're seeing is it's starting to move back to in-housing services again. And at the beginning of the last decade, when cloud was beginning to emerge, and we were starting to do cloud computing, people were talking about the perimeter being dead and how you don't need firewalls anymore. And it's just -- everything is going to be in the cloud. But we realized pretty quickly that it's always going to be that the perimeter is always going to be a factor. We have just expanded it or extended it into the cloud, which means that you need to have a solid solution to be able to protect both ends basically. And that's what we're seeing right now and that you need to have something in both ends because we're moving back and we're also staying in the cloud with some service allocations. So it's -- yes, you need to have that budget in place to be able to cover both basically.

Yes, absolutely. I guess its a tug of war between the 2, obviously, having the best IT security possible, but then also being as economical as possible. Unfortunately, money doesn't grow on trees. So thank you guys. Thank you, Alex. So with cutbacks and hardship in the U.K. economy, what options are there to kind of reduce IT security costs.

Do you want me to fill this one first then?

Yes, absolutely. Of course, I am just jumping whenever you guys are ready if you any kind of thoughts bring into mind.

Yes. I mean this is quite a different one. The IT security isn't cheap. It's -- Ransomware Network breach is they're not stopping. And even though -- so there was a slight slowdown at the beginning of the Ukraine-Russia war, but then that's picked up again then realistically, all we saw was a slightly different targets being moved to different locations. It was not stopping there. If you look at the amount of money that some of these organized client groups are generating. It's hundreds of millions of pounds and dollars. That's quite a large amount of research and development that the attackers that the parties groups have. So they are putting their best against us. So it's something that is not cheap. And the attacks are targeting. This is not just the large organizations as well as small organizations, small medium across the board, everybody's been attacking all sectors we're seeing on all sectors, all sizes. So utilizing -- I mean if I start with some of the things that can help the possibly sort of free or lower cost I don't feel in the U.K., you have a Cyber Resilience center. You can sign up for the pre-membership, they can provide some of the advice and guidance that perhaps the smaller businesses don't have in-house expertise, that's [indiscernible] 19.19 government level was not for profit. I'm not going to answer everything, but they can help sort of keep aware of some of the issues that you might be sort of facing new vulnerabilities. So it's worth looking at those sort of aspects as well. On the other side of things, you try and utilize the economies of scale. If you're an organization that it's not proportionate for you to have your own in-house expertise, then look for a managed service that can often be a lot more cost effective perhaps utilizing tools such as shown and as well as sort of the free tools that shows quite a good tool for you put in your IP address and it tells you sort of what ports are open, some vulnerabilities so if you're not familiar or not comfortable with things like inmate scans. This is quite a good tool base level is free for that. You can just put the IP addresses in [indiscernible] 20.12 once a month, just to see what your level of exposures are like maybe at the level as well. Cyber Essentials is the best of base level that can give you some insurance grown as well if you get Cyber Essential insurance Is limited to what the insurance is, but it helps you get on that sort of security journey. It's worth considering as well because I saw the insurance cost up -- started to go up , the insurance companies are not going to be making a loss. They realize the cost of the network reach and ransomware, it's expensive to remediate. So they've just passed that cost down to the customer. So the insurance companies are providing even more CAn we had some to get that lower-cost insurance premiums. Again, as an sort of mentioned it before, but it's on the back Rryan and Alex be saying as well, understand what's in the environment is critical to minimizing those costs. You don't know what you got. You don't need to -- you don't know how to protect it. I will just go , anything to add on that?

Yes, definitely on my side. I think consolidation is a really big one. And probably since the start Softcat's been the longest standing theme. I speak about -- speak with end customers daily. And consolidation is definitely mentioned more than once. And Sophos really sits in a nice position where they have a portfolio of products that you can expand into. And as well as the volume discounts for buying more Sophos product is also a really big operational saving there. I am So thinking of costs beyond just the commercial savings. If you can streamline how many tools you manage through a single port or as few portals as that is impossible. And Sophos has a really nice vendor that allows you to do this. In the context of cloud optix, they have like a cost optimization module as well, and they will make it very, very clear team what cloud resources or assets are being used and what aren't. So you can easily scale down things that are both presenting a risk but also the cost to yourselves. And it always takes me back to an example with a well-known electric car producing company where they had the -- AWS account was essentially breached and used from malicious purposes. It was used to mine crypto currency? If they would have had a solution to understand what assets they had and what was being used, then it would have been a way of them saving that cost but also preventing those kind of things from happening. I think lastly the Paul, just to touch on your point on such cyber insurance. I'm sure, for those of you on the call, but do have cyber insurance, the requirements on the renewal prices every year seem to be going up. I speak to customers a lot, and they say that what once was a 2-page document, which was a tick box exercise for them to get a level of cyber insurance, it's often been cheaper for them to buy something like a 24/7 managed service because that's what cyber insurance companies are now asking for. It was cheaper to actually buy that service than it was to renew at a higher premium or not get insured at all. So there's always ways in which we can help with cost savings.

Perfect. So we have another poll now just to kind of get as much interaction as possible. So is your business based on skill shortage issues or IT-related resource pressure? So I was going to get this end out to everyone, yes, if you could just give us your honest opinions on this. I think this is very clear.

I just want to add to that, what Paul said as well about Shodan being a really good tool. It's something that I use as well. And for checking my servers and for checking my environment, it's -- for being a free tool, you can also pay for it. They have like drives I think it's like once a year where you can pay like $5 for a lifetime accounts or something like that pro version. So keep an eye out for that because Shodan is a really good tool if you want something that is semi free basically.

Thanks so much. So let me cut you off at the end there. I guess we'll share that this one is very, very clear in test of its results. Obviously yes, try high. So a lot of people are facing those skills or problems and obviously, resource pressure and Again, is this obviously, Alex, kind of from your responses is something that you are seeing?

Yes. I mean we're seeing this a lot as well. And especially if you add on to what Paul has been talking about as well and having that service in place that can help you in order to relieve some of that pressure from your IT resources and your IT managers and your IT team as a whole. But also having an easily available structure for your cloud environment. So for example, if you're using a lot of these servers and applications that are available in the cloud to you today and the services, but you're still having an on-premise solution, having a -- for example, an SD-WAN structure will be a really good way to cut down on the amount of main tenants that you need in order to maintain that structure and also easily create a network environment that is flexible, basically. And also tying that into a service, which can easily be done using a network integrator into, for example, an MDR solution, which Paul is going to be talking more about. So basically having every -- your whole security portfolio in one of the same place by integrating all your solutions in a single solution, basically. So that's what we are trying to help our customers and partners with when it comes to limiting the pressure on the IT-related resources.

Perfect ,thank you so much to Alex,. So moving on to, I think, I believe our third point. So what services could be utilized to support skill shortages and resource challenges. So what could really be utilized in the services space for this?

Surely i will fill this one. First, Alex ..

I think -- Yes, I think it's -- just jump in. And well, I could just cover on the back of what I just said. We do offer a really good center orchestration tool for what I just talked about. So getting everything connected into one in the same place using a single pane of glass console, just like Ryan talked about previous Skills , We all are going to having everything in one of the same console is really key because you don't want to move it back and forth between consoles. I've seen this a lot as well from customers complaining about having 5 different consoles for the solutions, not just security solutions, but everything, especially, for example, if you work in ASH WARE, you know that, that total of consoles a lot of different pains that you need to be keeping track of. So streamlining that and also streamlining your network topology into one on the same console could really alleviate that pressure from you as an IT administrator and IT manager. So I mean it's just a golden ticket into making your life easier.

Does anyone have any kind of follow-up thoughts or kind of feelings about what Alex said or in terms of just obviously what we could do to support with resource challenges.

Yes, is -- again, it's a different one. Having your own Sopho Security operations center, it is expensive, depending on the size of your organization. And the timings of tax, they're not on Monday morning at 9:00, the attackers will do that reconnaissance they would know what business you are and they will always come at night. So you have set that sort of 24/7 visibility and the staff need the experience to react and to know how to react they have spot things before they actually get out of hand and to neutralize that those for us. Now there is a shortage of skills in this area, a really big shortage. And things like sort of linkedin have changed the whole landscape here because now they advertise the salaries for these jobs so sort straightaway. A few years ago, you don't do -- for a job and you won't know what the salary was till the end of it, but now was posted. And all my staff are constantly bombard with that. So you sort have to make sure that we are in the market value for the staff. So we can have our retention. And that's another aspect that if you're managing your own self, you have to the HR aspect to it as well to keep the staff there, recruitment. It was just a small group of people. So having a managed service that covers that for you, takes a lot of the pain away from your sell because that you do need those experienced staff. They -- if -- the beauty of a managed service is you've got experience, trained staff that are dealing with these systems day in, day out. This isn't the first time they've seen that a little bit of escalation that could lead to a ransomware they dealt with this all the time, they can spot those. They know what's going to be the efficient method to react to that, how can we neutralize that, what's going to be the best way to keep business continuity going. Now generally, if you've got a stock for your business, they're probably not dealing with your [indiscernible] 30.07 every day. If they are, it's probably there's a serious problem on your organization having that sort of experience up on back monitoring the information up to date with all the latest threat in term as well. It is expensive but the actual, the cost of not having it and having to rebuild is generally sort of astronomical. And what I would say about so when you look at the service to the skill shortage is, be realistic what you can actually do in-house. If you've only got -- we've got a large state, we've only got a few people that are managing the IT aspect of it. Is it proportionate for them to be responsible for the IT security and responding to all those incidents that coming. And I think it was mentioned as well, having a single pane of glass that you can monitor environment, that's really useful. You've got to keep flitting between different dashboards to see what's going on, things will get missed. And as I mentioned, Eric, trying to utilize some of the [indiscernible] 31.15 some of that heavy lifting of yourself, by, you think things like Shodan and Cyber resilience center shadow server as well. There's a mailing list you can apply for -- it goes on. They can send you sort of details about your company, if things go up And even so have I've been pond. You put your domain in there, they send you a notification, you're utilizing those sort of things as well to try and have that sort of layers of security.

Anything else?

Yes. I guess, Paul, just to add to that, I think there's 3 core kind of pillars the way I see it and the conversations that have within customers boils down to finding training and then retaining your staff. And that's be largely based on the conversation of whether you do security operations fully in-house or whether you do you look to outsource to either manage or managed detection response service. And one of the kind of the ways that we view this with our customers, I think, is like a funnel kind of image, I think. There's a massive shortage across all industry for high-quality talent. And that only gets harder to achieve when you contextualize that to the world of IT and then into cyber and then into stock-related functions that you need to want back in -- that has experience for different level of support with Line 1, 2 and 3. You've then got to think about 24/7 operations. So you've got people working around the clock. All these had that are associated largely, we're just finding that kind of person or that team goes away massively if you outsource to [indiscernible] 32.49 a vendor-delivered service wrapper, which is a managed service from the vendor. All those headaches are kind of feeding on water and people goes away with a managed service and commercially, it's 99% of the time better off with a vendor, and it's often cheaper than what we will be paying someone's wages 24/7 or 8x5, never mind 24/7. So there's massive cost savings to consider them.

Absolutely. Perfect, Thank you Guy contributing into that. Probably one of our last poll now and around kind of MDR. And does MDR seem like a service that could resolve business challenges. So if you could all respond to the poll to I'm about to launch -- as it should be appearing now. So if you could just give us some responses in terms of your thoughts around MDR and if it can resolve business challenges. Lets just add 10 more seconds people to reply Perfect, Thankyou Guys got a very mixed bag here and some uncertainty as well, so around the fact that people may be a split between the 2. They're not sure whether MDR could resolve business challenges. Do you kind of get that kind of trepidation when people are looking into managed services guys?

Definitely sort of the -- Sorry, Paul. Definitely something that is very close to my heart in this sense. I think a portion to why people may be uncertainty as the is the acronym soup that we currently have in the market. There's lots of detection and response variations, whether that's EDR, MDR, NDR, there's lots of uncertainty in the market. And I won't point fingers at any governing body beginning [indiscernible] 34.55, but there's -- I think it's a very kind of convoluted space, and that's one of the, I guess, the biggest value add that we take to our customers is to help boil down what these markets and terms are in to what makes sense in business language. I think one of the reasons why customers maybe don't know whether they need it because we know what that is or what that service entails. And what makes it worse that every vendor those things differently. And I think because Gartner creates in terms, vendors align their marketing to that because that's largely the way the market points. So understanding how vendors differ and what the difference between an MDR and the team or something like that is really quite important. So I think if you're not fully up to speed with the kind of market, and I really don't blame you if you or not, then that's where specialists like what Softcat have and can definitely help with those conversations. Sorry, Paul, I appreciate case because come similar things.

Because we cover similar things. I think some of the feedback I've had with our clients when we've sort of spoken about a post-incident dissection is they knew they probably should have had an MDR service before they've had the major attack that tripled the business continuity. It was like how can we show the value for money. There's lots of other products they can buy, and there's an intrinsic value there's metrics they can show, but it's very difficult for them to have said beforehand. Well, we're going to stop a major incidence happening after at the ransomware incident, it's very easy because the Board of Directors are very much on board then because they've seen the impact that such an attack has had. But yes, we probably just talk [indiscernible] 36.46 because the service is doing a good thing then it's reducing the number of serious incidents it is trying to sort of show at that senior level why it's value for money.

Yes, definitely. And also just to add on to what Ryan and Paul is saying, a true story from a presale perspective is actually that I was working with a customer last month, and they were in the process of -- I think it was ISO 27,000 or 27,001 or something like that.

Yes, 27,001.

Yes, Exactly and they're working on that compliance. And I think one of the criteria for having that certification is actually having a service in the back of that and the service. I think that one. So they were actually -- they have a stock personnel today. So they have someone working with an EDR solution around 85 so not around the clock. And they saw the value in buying MDR as freeing him up in order to work on the certification and also work on other projects within the company. So that is also an aspect when it comes to contracting a service like MDR that you need to take into consideration that you're actually freeing up other personnel to work more effectively in other projects within the company. So I think there's a lot of things that you need to take into consideration when looking at an MDR solution and not just the security partners, there are other aspects as well.

Obviously, we're going to have a bit session around MDR now. Let me just see over to the next slide. So which offering provides the best protection of customers utilizing the cloud. Obviously, we've got the scene versus NDR discussion, which is quite a hot topic in security at the moment. So what were your thoughts and feelings about this guys in terms of this kind of debate between the 2?

Happy to go first on this one. I think when we consider MDR now veruss Seam , I think before you look to what is managed sort of manage section response element to it, the like-for-like we've seen, in my opinion, is XDR and XDR is if you're not familiar, is the evolution of endpoint detection response. With Sofphos latest kind of upgrade and the introduction of MDR into their portfolio in the same way the take log-in kind of data and telemetry from multiple security tools. XDR now does that sort of gives you both detection and an element of response to the endpoint, all sort of things like firewalls to your public cloud instances, multiple security tools that you've already invested into, this open ecosystem XDR and that's a Softphos does really, really well is that they don't care ultimately what firewalls are using. It doesn't have to be a Sofphos product. They will give a detection and response layer to that. So it's now making -- or it's now definitely challenging to what was 2 separate markets as the Seam market and the kind of detection and response to the XDR market? And I see that now as to kind of train on where in a parallel track that are kind of emerging. So we see this now when we go into opportunities with our own customers that traditionally we've positioned a seam vendor, and we may be competing against XDR vendor or someone like Sophos, whereas we never come up against that before. So it's definitely one to keep an eye on. And seam is quite -- in my opinion, it's becoming more of an old school way of doing things, but there's definitely a use case for seam. And it points towards those customers that do have the and how soccer, the ability to interpret the output from a seam -- if you don't, than kind of an XDR or a managed detection response solution definitely points towards the requirements which you'll likely have. One way that I like to help customers visualize this as well is that does the thing called the -- Soft Triad, which again is created by Gartner. If you're not familiar with this, it's definitely something that's worth it or of Google because it will help all of the detection and response elements into one picture. It's essentially a triangle, which has EDR at the top. It covers seam on one side and then covers network detection response with taken endpoints, network and seam, actually are kind of glues all those 3 things together. So it's definitely something that our customers have been talking a lot about a really nice way to visualize the current state of this market. In terms of benefits, I think time to exploitations a really big one. We always say time is of the essence. If a cyber attack happens, you need to remediate that as fast as you possibly can. MDR will have direct integrations with the actual tools, which you have. And again, it's fully agnostic if you get the right MDR solution. So it will start to piece data and telemetry together from maybe a Cisco firewall or from a cloud security solution that you do have because you're looking at a direct integration as opposed to a third-party integration like what Seam solution has, you'll get that information from the actual source. And if that's managed then that's the quickest way of getting both time to value out of solution in itself, but also that could get time to response. So definitely something that you should consider. Paul, I know you feel quite strongly on this as well.

Yes. I think many of the things I would say would just echo what you're saying at MDR service, it incorporates actual human element to skilled people that are trying to monitor and to react as know how to react. We -- at seam, they're a tool, but sometimes they can just be a bit too much to manage. And I have seen plenty of things that are untrue. There's so much data being choped in them, but then no real context behind it, the alerts, it does require that trained person in to use the seam effectively. As we're sort of seeing costs, some packages are based on the natural amount of data that's being ingested. I think once licenses are based on daily gigabit data that are adjusted into that. Well, that can sometimes affect the amount of data that you're going to check in to your team. And you have to say, if you put too much data in there and on tune, it's -- the staff don't really know what they're looking at, it's just a overload. And the other aspect is well raise -- they live off the land as well. So they will utilized tools that are already in the environment. So it's not always just got antivirus that's finally sort it all out. The antivirus is there to give you a warning, that's given you a bit of time to view. what we tend to see in the attackers. They actually have a certain behavior that might use the IP scanners you rate the network and they might use if you're using any desk, they might install their own incidents there. And that's where you need that human element to investigate and see actually in wrong there. I'm going to investigate further. And again, there seems a lot of it, I think event logs being ingested. We -- if you've got an endpoint detection response aspect, so much of the investigation realize on being able to see what is running in memory, what are the processes that are actually active on that. And that may not be forwarded because of the event logs, that's why you need that endpoint response and the team looking at that. So they can then kill those processes, see where it's existing on other devices as well. Because the attack is that they adapt. So they're a human element. They're not yes, there are some attacks that are just automated. The general attacks that caused the main business crippling incidents, the ones that investigate, these are actually human attackers. They are in the environment that they can write that hasn't worked. What am I going to try next. And they keep trying until they get kicked out. So again, so back to that human element, we've got to -- these have you got to have that human element to be able to react and contain and neutralize those trends.

Perfect. And i just want to jump in because I know we are a bit stuck for time. So thank you guys for that great discussion and all your points. So really, really helpful and so helpful to everyone on this call. I know we had a Q&A section booked. But obviously, as we are a bit track time, we'll probably have to send those out after the webinar. So please don't worry if questions have been submitted that will be sent out to post-webinar. And there were some benefits of procuring softphos through AWS, which I wanted to go into. But again, this will all be shared after the webinar. So please feel free to take a look at that. And the Sophos have also kindly given everyone access to [indiscernible] at all. I guess it's a network health check kind of to tool isn't it, Paul?

Public cloud assessment.

Yes, that's the assessment. So I will get the deck sent out to everyone so Everyone can access that and access the link to that. So please utilize that. We also have a webinar tomorrow about securing your hybrid data center with checkpoints if everyone would like to sign on for that. If you have time, please feel free. But I just want to say thank you for everyone for joining today and that is it for today. Thank you, everyone, for joining. And I'm sure you will join me in thanking our speakers for their time and the time they put into this. If you'd like to register for any of our other upcoming webinars, you can find them in the registration link in the Events section of the Softcat website or you can contact your Softcat account manager, and I can give you one more information and support around this. We also have our self-assessment tool available on our website where you can find and received tailored support to understand how you can make progress in securing your cloud. As we said earlier, if you have any more questions about the above all the contents of this webinar, please get in contact with your account manager or e-mail [email protected]. But we all hope you have a great day, and thank you for joining us. Thank you for listening.

Thank you all.

Thank you very much.

Thank you.