Chris Castaldo
CISO, Crossbeam
Security Challenges
- Wanted a managed detection and response (MDR) capability directly from a vendor
- Needed high fidelity endpoint protection for Mac and Linux workstations/servers in addition to support for AWS cloud infrastructure and workloads
- Lack of visibility into what’s happening across all environments
Uptycs security results
- Uptycs provides managed detection and response (MDR) service to respond to Crossbeam’s alerts
- Its unified threat detection solution spans user workstations, physical and virtual servers, and cloud containers—all within a single UI and data model
- Uptycs delivers 100% visibility and enables queries about business risk
Crossbeam helps partners securely share business data
Crossbeam is a partner ecosystem platform that helps companies build more valuable partnerships through account mapping. Acting as an escrow service for data, Crossbeam enables companies to find overlapping customers and prospects with their partners, while keeping the rest of their data private and secure. It’s like LinkedIn for partnerships.
Companies can find and connect with others in their partner ecosystem with just a few clicks. If they’re not yet on the platform, Crossbeam rolls out the red carpet and gets them onboarded at no cost. Crossbeam securely integrates with participants’ existing systems to build lists of prospects, opportunities, and customers. It provides support for the most popular data sources, including leading CRMs, data warehouses, Google Sheets, and CSV files. No matter the source, companies have total control over which of their data enters Crossbeam.
Crossbeam’s powerful matching engine IDs overlap between a company’s data and that of its ecosystem partners. They can then build powerful reports and segment the data by partners, sales reps, or any other dimension. It can collaborate and communicate with partners to generate new leads, advance existing deals, and grow joint customers—all in the interest of driving revenue together.
Cybersecurity is part of Crossbeam’s value proposition
Chris Castaldo has been the company’s CISO for about two years, during which he has focused on building out all the components comprising a solid cybersecurity program. Castaldo makes cybersecurity part of the sales thought process with customers. He’s upfront about what tools Crossbeam uses to secure customers’ shared data on the platform. “That we’re very serious about cybersecurity is something we put forward to prospective customers. It’s part of our value proposition,” he says. “We show our network diagram, our AWS environment data flow diagram, and the tools we use to secure data within. We strive to make customers comfortable about what’s under the hood on Crossbeam’s systems.”
Meeting security and compliance needs across Mac, Linux, and AWS
SOC 2 is the main mandate, but ISO 27001 is also important. “Certain questions pertain to what protections we use across our on-premises and cloud environment,” says Castaldo.
Chris Castaldo
CISO
The extensibility of the osquery-based Uptycs agent is important to him. “What I see a lot of my peers doing is deploying one agent for their user environment and a separate product and agent for their cloud estate—AWS, Castaldo counts on Uptycs to provide extended visibility. Crossbeam stores data indefinitely on AWS S3 and then archives it in S3 Glacier buckets. This lets them go back in time to search for previously unknown issues like the Log4j vulnerability.
“Since knowledge of that was made public, it was important to be able to go back in time and ask if it was in our environment,” he says. “You need granular data to answer, ‘Is the library used or not?’ Without Uptycs, I couldn’t have had an easy way to be certain all development environments on local laptops weren’t exposed, because Log4j was in everything. Fortunately, we weren’t affected, but it was Uptycs’s ‘flight data recorder’ capability that gave us thedefinitive answer we needed.”
Uptycs turns XDR into MDR
Castaldo relies on Uptycs to provide MDR capability. “My team is lean. We rely on Uptycs’ threat teams to manage, monitor and respond accordingly to our alerts and detections. That’s a huge value.”
Castaldo finds more value in getting a managed service directly from a product vendor than in hiring a managed security solution provider. “I find MSSPs have to get up to speed on too many products, whereas an MDR provider only has to know their own and has internal access. They can go straight to their engineering team if they have a question about a new detection. This gives them a leg up in solving our issues. Plus, Uptycs deploys new features every few weeks, and its internal team can keep up with them.”
Chris Castaldo
CISO
One tool across environments saves time and money
Castaldo’s 10-year NSA work experience instilled in him a practical outlook on cyber threats. “My view is to root cybersecurity in reality and look at what attackers are actually doing. A good way to do that is to reference the Verizon Data Breach Investigations Report (DBIR). I develop our threat model based on the possibilities of being attacked and knowing why someone would go after us.”
Once he understands the real tactics, techniques, and procedures (TTPs), in addition to the ‘whys’ of data breachesover the last few years, Castaldo has a good catalog for threat detection. He then looks for solutions that solve or mitigate those threats. “There’s no 100%, but if we can reduce the risk by some percentage, then that’s worthfocusing on,” he says.
Uptycs fits his security scheme as a sandwich layer. “I have phishing protection, but if an attacker gets through email security, I have an opportunity to either catch or block them on my endpoints,” says Castaldo. “If their goal is getting to data, I have another tool that wraps around that. Uptycs and that tool overlap in some areas, giving us really good visibility into who and what is touching data.”
Uptycs also fits Crossbeam’s cloud strategy. “We have standard development, staging, and production infrastructure setup in AWS, with all containerized workloads using EKS,” explains Castaldo. “The last time I looked at the other XDR providers, like CrowdStrike, SentinelOne, and Cybereason, they didn’t have a focus on containers. With Uptycs, we can use the same tool on user workstations and cloud containers, saving us time and money.”
Uptycs answers the tough questions
His security team functions better now that Uptycs provides so much visibility. “I can answer high-level business questions now, like, ‘Are we reducing risk? Are we protected in certain areas from basic threats, ransomware, that kind of stuff? At a minimum, could we detect it? In a best-case scenario, could we at least block it?’”
Castaldo again cites the Log4j example. “You need granular data to answer, ‘Is the library there or not?’ Now, I could go on GitLab and look at the SBOM to see if we’re using the library or not. Without Uptycs, I wouldn’t have an easy way to be certain all the development environments on the local laptops aren’t exposed, because Log4j was in everything. Uptycs lets us make more informed risk-based decisions, like whether a system with a vulnerability is exposed to the internet or not without having to boil the ocean.”
Since engaging Uptycs for MDR, Castaldo reports huge cost savings. “If we didn’t have Uptycs MDR capability, I’d either have to hire a security engineer or find an MSSP to manage XDR on our behalf.” And Castaldo says he’d need to buy separate cloud and endpoint solutions—and probably a cloud security posture management (CSPM) tool, too. Coverage, visibility, high fidelity data, and managed detection and response from Uptycs—it’s all essential to Crossbeam’s cybersecurity assurance.