Q&A: Guardian Digital CEO on open-source security
- by Brittany Day
Since the late '90s, Guardian Digital claims to have blazed a trial in open-source security and today counts Sony, the Chicago Stock Exchange and Piedmont Natural Gas among its marquee customers. Dave Wreski, Guardian Digital chief executive and creator of the open-source security website LinuxSecurity.com, answers the questions.
Q. Is Guardian Digital a software-only open-source security system or do you also sell appliances?
A. Both, actually. We focus on offering customised solutions.
That being said, since we started, the company has offered our services and software on a pre-configured device, if the client so chooses, as it matches their desired needs - bandwidth, users, etc.
Q. Explain why Guardian Digital's model is different to the single-purpose appliance, which commonly is referred to as unified threat management.
A. Well, first off, I would like to say that I might disagree with that definition a bit. I think it is safe to say that the term unified threat management, UTM, has been polarised a little. It can be defined as the general ability to configure and maintain multiple layers and applications from the same interface, not necessarily from just one particular appliance. It typically includes a fixed set of applications in a one-size-fits-all format. Sure, unifying this functionality in one appliance can be labeled UTM, but I do not think it is solely defined by this.
To directly answer your question, our model is more adaptable than that of a sole, UTM appliance vendor. In truth, we are a service company first, offering a complete array of solutions, from the platform, to the applications, to our managed services.
This can be leveraged in the form of outsourced hosting, a physical secure device or on a client's dedicated hardware. It depends on the organisation's requirements. We are not constricted by the fact that we just sell a box. There is more to it than that, and our customers appreciate the flexibility this provides.
Q. In general, how would you characterise the attitude of companies toward open-source and Linux-based security and how has this changed in recent years?
A: We knew from the very beginning that open source was a means to an end, since, in a way, it has been associated with an identity.
Since that was, and partially still is, the case, Guardian Digital has always marketed ourselves as a specific solution to a business problem; a solution that happens to come from open source. While our business model includes open source, what differentiates us is how it is implemented and those specific business problems we solve using it.
Initially, we drew mostly those who knew and were comfortable with open source, as many companies were hesitant. What has changed can best be explained as de-programming. Through the last 10 years, open source has had this moniker attached to it; that of some kind of out-lying fringe of the tech-world. This is inaccurate, but it still diluted its appeal early on, and open source has grown despite it. While this image is being erased, it will still take time.
Q. What is the single biggest mistake companies make in implementing an open-source security strategy?
A. Great question. The answer to this is really in two parts.
First, do not look to a company that is selling open source - look for a vendor that is providing a solution for security, through open source.
Open source should not be the selling point.
As it relates to security, the biggest mistake is repackaging a collection of different open source applications from different companies, and expecting them to 'just work' securely when you throw them in the same basket. That is an illusion. True security is a process that requires integrating and engineering all applications with a comprehensive policy that must be maintained. Open source can certainly provide this cohesiveness, but it must be developed intentionally to provide it. Having a basket-full of separate open source applications with a pretty interface just is not enough to combat the sophisticated attacks businesses must deal with.
Q. Does it make sense for a company to have an open-source security platform, even if it has not deployed open-source elsewhere?
A. Of course. Our solutions can integrate completely with any existing infrastructure quickly, the issue is not related to its effect on the great network. The criteria used involve is the solution the most robust security, for the most affordable total cost of ownership. We engineered EnGarde Secure Linux and its applications to be as manageable as possible, using a point-and-click interface, so the learning curve simply does not exist. Our customers come to us because we have the solution to their specific business problem - the fact that it is open source is seen as a benefit, knowing that typically no security or programming expertise is required.
Q. How many customers do you have and where are they mostly located?
A. Since our inception in early 1999, we have attracted over 500 clients in almost every international market. Most are located within the US and Canada, while we have clients in India, New Zealand, England, Kenya and Germany as well.
In addition, our EnGarde Secure Linux Community edition is a full-featured secure platform that is built entirely from open source, like all of Guardian Digital products, and contains many of the capabilities of our enterprise offerings, and is available completely free for download. We have recorded tens of thousands of downloads in recent months, and untold numbers of copies distributed throughout the Internet.
Q. Is there more acceptance of open-source security in Europe than in the US?
A. Absolutely. In the US, proprietary software companies were able to really garner a lot of leverage, especially in the large businesses, and that trickled on down, especially as Linux-based companies got their start in the last 10 years. Europe was not exposed to this nearly as much, and without this semi-forced standard, was more acceptable to other options. Now, Europe has realized that the cost-of-entry is much lower through the use of open source, and it is typically implemented to be more secure and transparent than their proprietary counterparts.
Prior to launching Guardian Digital, Dave Wreski was a senior architect for UPS Worldwide, where he managed the security architecture of the company's global data centres and the company's Internet systems security policy.
- Thinking Strategically about Email Security in 2021 and Beyond
- There’s a Lot to be Gained with Effective Email Security
- Behind the Shield: EnGarde Cloud Email Security Explained
- Open Source: A Powerful, Yet Underutilized Weapon against Phishing & Zero-Day Attacks
- Buyer's Guide: What to Prioritize in an Email Security Solution
- Buyer's Guide to Office 365 & Workspace Email Security
- EnGarde Cloud Email Security: The Logical Solution to Cyber Risk in Office 365
- Exchange Servers Are Vulnerable - Learn How To Secure Your Email Server Now
- Top Email Security Risks in 2021 - How To Set Your Business Up for Safety & Success
- Ransomware By The Numbers: How Big Is My Risk?
- SMB Ransomware Warnings & How To Prevent an Attack
- Apache SpamAssassin 3.4.6 Release Fixes Two Potentially Aggravating Bugs
- Top Tips and Advice for Staying Safe Online in a Work-from-Home World
- Demystifying Phishing Attacks: How to Protect Yourself Now
- Why Your Business Needs Better Email Security
- Why Ransomware is a Threat to Business
- How to Protect Sensitive Data & Maintain Client Trust in Financial Services Industry
- Why Office 365 Users Are Moving Away from Relying on Default Email Protection Alone
- What You Need to Know to Shield Your Business from Ransomware
- Why You Need DMARC to Secure Email against Spoofing Attacks & Sender Fraud
- Biden's Cybersecurity Efforts Highlight the Power of this Key Technology
- Shortcomings of Endpoint Security in Securing Business Email
- Open Source Utilization in Email Security Demystified
- Limitations of Microsoft 365 Email Security & How To Close These Dangerous Gaps
- DMARC Quarantine vs. Reject: Which Should You Implement to Secure Business Email against Sender Fraud?
- Think Like A Criminal: What You Need to Know About Social Engineering Attacks in 2021
- TLS Email Encryption Explained - How To Encrypt Email with TLS
- Effectively Securing Business Email Accounts: Are Employees the Weakest Link?
- Encryption: An Essential Yet Highly Controversial Component of Digital Security
- Business Email Security Redefined: Key Benefits of Securing Your Business Email with Guardian Digital
- 8 Business Email Security Best Practices
- Demystifying Email Encryption: Stop Sender Fraud
- Demystifying Tax Fraud: How to Avoid Falling Victim to Deceptive, Costly Scams This Tax Season
- Coronavirus Phishing Scams are On the Rise - Is Your Business Email at Risk of Infection?
- Dave Wreski: A Passionate Engineer Brings the Power of Open Source to Business Email Security
- FBI: Existing Cloud Email Protection Inadequate Against Phishing, Ransomware
- Email Risk is Universal: Securing Business Email in Every Industry Sector
- The Remote Worker's Guide to Safely Navigating Office 365
- Why Your Business Needs Superior Email Protection
- Defending Against COVID Email Spoofing Attacks with DMARC
- You’ve Got Mail: How To Tell If It’s Fraud
- Open-Source Security Is Opening Eyes
- Think Like A Criminal: How To Write A Phishing Email
- The Four Biggest Email Threats Your Business Faces Today
- Everything On DocuSign Phishing Attacks in 3 Minutes
- Understanding Payload-Less Email Attacks in Under 3 Minutes
- Demystifying Fileless Malware in Less than 3 Minutes
- Apache SpamAssassin Leads A Growing List of Open-Source Projects Taking Steps to Correct Instances of Racism and White Privilege
- Cyber Risk Is Greater than Ever in the Legal Industry
- Understanding Malicious URL Protection - And Why You Need It to Secure Your Email
- Email Security for SMBs Beyond COVID-19
- Email Risk Is BIG for SMBs - How To Protect Your Business Now
- Why Email Security Is More Important Than Ever in This 'New Reality'
- The Threat of CEO Fraud Extends Beyond the C-Suite
- Top Email Security Trends Putting Your Business at Risk of Attack
- Managed Services: A Key Element of Effective Email Security that Even Modern Solutions Lack
- How to maintain security when employees work remotely: Advice from Leading Security Experts
- FBI: The 2020 Presidential Election Is Under Attack by Email Scammers
- AT&T Security Researchers Identify a Correlation between Strong Cybersecurity and Business Success
- The Aftermath of a Cyberattack Pt. 1: Phishing Recovery Basics
- It Pays to be Prepared! Ransomware Preparedness & Recovery Basics
- Breaking Down Fileless Malware: Anatomy of an Attack
- Keep the Holidays Merry & Bright - Beware of These Sneaky Seasonal Phishing Scams
- Migrating Business Email: The Hidden Complexities You Need To Know
- SPF, DKIM & DMARC: Definition & How They Secure Email Against Sender Fraud?
- Your Current Approach to Email Security May Not Be Enough
- Ways to Prevent Email Account being compromised in a Breach
- Celebrating 20 Years of Revolutionizing Digital Security
- IBM Closes its $34 Billion Acquisition of Red Hat
- Interview with Security Expert and Author Ira Winkler
- What is Phishing Email? How to prevent Phishing email scams?
- Ways Our Business Email Exceed Your Expectations
- Spear Phishing Protection - Definition & How To Recognize Spear Phishing Email
- What is Whaling (Whaling Phishing)? & How to Prevent Whaling attacks?
- Business Email Compromise (BEC) - Definition & Prevention From BEC Attacks
- Wire Transfer Scams Involving Real Estate Transactions: How to Prevent Fraud with Effective Email Security
- Guardian Digital and Mautic: A Dynamic Open-Source Duo
- Email Malware - How to Recognize & Prevent Malware Email Attack
- An Open-Source Success Story: Apache SpamAssassin Celebrates 18 Years of Effectively Combating Spam Email
- What is Spam Email - Types & How to Prevent Spam Emails?
- 2020: A New Decade of Digital Threats - Is Your Business Email Secure?
- Linux: An OS Capable of Effectively Meeting the US Government’s Security Needs Heading into 2020
- Complete Guide on Email Security & Threats Faced by Organizations
- Email Virus - Complete Guide to Email Viruses Plus Best Practices
- What Are Zero-Day Attacks & How Can I Prevent Them?
- Guardian Digital Keeps its Customers Protected from Intel Design Flaw
- Security Spotlight: Open Source Email Security Solutions
- Top Six Advantages of Open Source Development/Products
- Python and Bash - Contenders for the most used scripting language
- Guardian Digital Outlines Top 4 Benefits of Choosing Cloud
- Unrivaled Protection Against Today’s Most Dangerous Threats
- Guard Your Email Accounts Against Today’s Most Dangerous Threats
- Security Highlights from Defcon 26
- Linux / Open Source FAQs: Common Myths / Misconceptions
- Email Security FAQs Answered by Guardian Digital
- Guardian Digital Mail Systems: Designed to be Secure Without Fail