 Tommy here from Lauren Systems and I'm joined by Jason. How you doing, Jason? I'm good. How about you? I, well, I'd be better if there was better marketing out there. Well, there is good marketing out there. There's companies doing it right. And normally I'm never here just to dump on a company. But I, we're just gonna have your, throw your take right on here and start with it. A little over a week ago, a certain vendor when poked about their claim of 100% security went all wonky us in a huge back and forth system. And a lot of screenshots had to be grabbed because kind of as expected when someone makes bold claims in security, like zero breach stops all the time, including unknowns. That's, I don't know. I'll leave links to all these things we're talking about, by the way. Yeah, it was, it was interesting. I believe the reporter that is in the article I linked there, she said she captured like 91 screenshots. Wow. Like there were 150 comments in the post and it was, it was pretty spicy. And this is a problem sometimes in our market. Security is a really tricky thing. I can say my door is locked at my house. Does that mean I'll never get breached? No. Can I buy two locks? It means I'll never get breached. No. It's just, it's a securing to your risk tolerance. It's a mitigation of someone just walking through my door. But I would never say in the most absolute terms, 100% secure, never get breached. That's just, don't say it to your clients either. Don't listen to it from vendors. Those vendors are stretching the truth. And I, this is, this is kind of a tricky because if I'm not mistaken, you also commented there was some security flaws found in the product itself. Not in the security product, right? So, but this is the company in question here is a giant umbrella that owns a lot of other companies. And one of their sister companies, which actually does RMM tools and tries to play in the MSP space. One of their tools recently had a bunch of vulnerabilities discovered in it. And some of the vulnerabilities are like cringe worthy. Like these are things that like you could come right out of like try hacking or something and like directly apply those skills without any actual huge knowledge. These were like run of the mill sequel injections. That's kind of a problem. And the company in question here is Komodo, or what do they call themselves? And I had notes, it's a sectigo and exactium, I think is the other one or excitium. How do you say that? I have no idea. So if you start digging in and I left some links down here, and this goes back over 10 years of kind of systemic bad behavior by Komodo. I believe that's why they started changing name products to try to separate. I mean, everything going back to do you remember the super fish scam? They were involved in that. Oh, really? Yep. Installing this is actually Travis Orvindy picked at them for installing VNC servers as part of a backdoor system. I got links to that. There's just, you know, let me pull some of these up. They're just wildly crazy to think all the things that they've been involved in. This is when they were called Komodo. This is the Komodo Internet Security installs and starts a VNC server by default. Hold on. I had not previously seen this. Yeah. It's crazy. So there's something, other bad behavior. Everyone loves Let's Encrypt, except for people who try to sue them for trademark trauma and lose. Oh, that's Komodo again. Komodo caught breaking new CEA standard one day after it went into effect. Is there a certificate authority? Which is just a big problem. Huge, right? Yeah. So basically, they're like the root of the trust anchors on the internet. And they really, really abused that privilege. Oh, don't worry. There's more. This is more recent. Oh, yeah. I saw that one. Yep. Yep. They have the most science certificates. This comes down to them not handling certificates bad. This leads up to, this is just a pattern of behavior we're trying to establish with the company here. I'm not here normally to, as I said, just bash on vendors, but I'm looking at pattern of behavior. How do we get here? Do they make one guy make one marketing mistake? I don't think so. I think we kind of have a, this is how they behave in, you know, in uncovering all of the nonsense that went around with the founder who's not the CEO anymore, but he's the founder. He also seems to engage in bad behavior outside of the company realm too. Definitely saw some pretty hot takes with some of the things he was doing there. It's like, I don't know if the new X thing, I don't know how to say either. If it's a direct descendant of Komodo internet security, or if it's a new product, right? It's not like that lineage isn't super clear there, but I found a press announcement, one of those buried news press releases they did that says basically excited. I'm going to call it that as I think that is formally Komodo security. So it appears to be a brand change, my guess because too many times when you, if you start searching Komodo, all the things I mentioned come up. Well, even though Wikipedia page has some things and but I mean, again, to the point, right? It's like, if you look at the Komodo page, there's, they seem to have like 40 different security products. So which one of the security products actually make up this new thing you're selling this new tool they're selling? I have no idea. Yeah. And I get that as a big company, you have a wide variety of products and things like that. And if you are built by acquisition, sometimes you have products that have teams that behave badly. So that can taint the rest of them. But this is something they have to consider. The optics of running a big company is like, look, you're involved in a lot of silly things here that doesn't give me any confidence that even if you started a new product from scratch with a new team, that it isn't tainted by everything in the entire history of the company. But I mean, I talk to vendors about this all the time, you know, if you watch a restaurant rescue or, you know, the Gordon Randy show or whatever it is, he tends to go into these restaurants and say that restaurants that have big menus tend to have bad food, right? Because, you know, you can't you can't make everything really well, right? So I'm very suspect of companies that have a million products. It's like either you've not focused your resources around one, you're playing the shotgun approach. And I beat on vendors in our space when they're trying to branch out into new like semi related areas. I'm like, no, make your core product better and then make another one. Yeah, they try to be the everything store. And I think this leads us to let's give people some tips on how to choose a vendor and vet them a little bit. And we can probably start with thinking about, are they trying to be the everything store, which is really, I don't, and this is a hard thing to get into. So it's not easy. But think about this. How do you figure out how they're funded? Because when they're funded by and you can dig into this a little, especially when you're making a lot of commitment as me or you would be with our business and how we are structuring things as we have so many endpoints and so many businesses that depend on us, we put a lot of faith in those companies. So I like to do a little due diligence and look at how they're funded. How does the CEO behave? It's one of the reasons, you know, I'll give a shout out to because I'm wearing a shirt today, Huntress. Kyle's been clear on his path, clear on how they do things transparent and above board. So kind of like that gives us confidence, not only that they have a good product, but that they're going in the right direction or not just trying to do, I'm gonna lower the price, get a land grab, build clients, sell it for a higher price and leave you guys holding the bill. Yeah. And my experience is when these companies tend to get owned by private equity or these giant venture capital firms, at some point or another, they make a pivot and the pivot becomes a land grab and then it becomes price raises and contracts and all that other stuff. I tend to use CrunchBase as a resource to figure out, you know, where the funding's coming from. Some of the venture capital people, especially in the MSP space, just they have a bad rap and a bad history. So I tend to avoid companies that are backed by them. Yeah, you can look around out there for some of those. Some of the other things too is don't go with companies that make absolute insecurity claims. Don't make them yourself, but companies that do that from a marketing standpoint, that feels kind of cringy first, but it feels like desperation too to sell a product. Yeah, I have a slightly different approach and different take on that. You know, if you've got a company that's offering you 100% security, 100% no breach or whatever the case is, ask them to put their money where their mouth is, ask them to ensure you for a million dollars in damages if there's a breach. And when they very, very, very quickly start to backpedal, you will learn how much they actually believe that claim. I think I like that one quite a bit. What are some other tips for trying to figure out if they're a good vendor and a good fit? Obviously, they didn't start the product yesterday. Honestly, this one needs taken with a little bit of a filter, but you can check Reddit, especially like slash r slash MSP, if you're an MSP. Every vendor has some amount of like griefing and gripes that go on there, but there are certain vendors that it's just a pattern of terrible. And if there's a pattern of terrible, then maybe that should be red flag. Yeah, it's hard to establish, but yes, reach out to your peers. This is, you know, you go to these vendor events like, I mean, you are going to be at Datacom, we are at some of the other events, and interacting with the vendors gives you a better feel for how they are, how they behave, because they also seem to hire people that behave in the same way. Don't let one impression jade you, but for the most part, there's a correlation between the people that seem to represent them and who hired them to represent the company. I mean, recognize when you're being sold, right? So it's like a couple of things that are absolutes. Your implementation will never look as good as the demo, just accept that. So, you know, part of my due diligence in process when I'm selecting a vendor is, I want them off the demo path, right? It's like, I will push and push and push until, you know, we start to dig into edge cases and things like that, that get them off of their script, and once they're off their script, you can usually tell how it's actually going to go. Yeah, ask the hard questions. Don't be afraid to, you know, see where they end, as I just was doing a product demo yesterday and I got them stumbling in the demo because I said, do you do this? Well, I said, no, I just, just give me yes or no. I'm not, this isn't making, I'm polite to them. I said, this isn't making or breaking, whether or not we continue this demo. I just need to know where you're at with this. Is it on your roadmap? Is this a feature you have now? You will have in some period of time. Get, like you said, you kind of, it's not the goals and trip them up, but it's to make sure, like you said, to figure out what the product can actually do because they'll always talk about their perceived use cases because they're going to be the things that it plays best with. I actually aim to trip them up. I do the same thing when I interview people, the questions tend to get harder until you can't answer one because I want to see how you handle not being able to answer one. Yeah. It's, so yeah, there's a certain amount of discomfort that, you know, you aim for in that. And again, you know, ask the community, right? The community, we are a community and we will tell you pretty frankly, usually whether or not something's good or not. You mentioned roadmaps, like seeing that they have a good roadmap and more importantly, that they're actually hitting items on the roadmap and they're not just constantly punting is huge too. Yeah, that's, that's a really good point too, because you can look at the track record a lot of companies and look at through their releases and see if there's been changes over time, you know, and I love companies that do a good job of making their blog posts on that public. So you can kind of go through iterations of it and go, Oh, cool. Here's a year ago, they posted this was what they were doing. Hey, look, here's a year later, there's a follow up blog post about how things are going, but reach out into forums and things that really ask questions of people who use the product and there's sometimes it's hard to get an opinion out of people when it's good. It's easy to get a pillow, people want it's bad, but Yeah, I often times when I'm doing that, I tend to avoid the vendor's own forum too, because I'm sus of anything that goes on in the vendor's own forum, right? Like, do they have people in there? Like only the only the most engaged, happiest customers tend to engage in those things or the very angriest customers. Like it's not, I don't think either case is representative of the experience you're likely to receive. Right. And there's places that do have a little bit better experience. Actually, MSP geek is a good one. So check out there. Is it discord or Slack right now? I kind of, they're pushing everyone to discord. Okay. Officially, it's discord now. So I mean, you can link MSP geek.org in the description. And yeah, you get some good people's opinions in there. They have some vendor groups and you can just ask some questions you'll find actually I've found it to be very helpful in there when you've got a question about product or something you're looking at. Cause you know, there's a lot of very active, quite a few, I don't know exactly how many members they have, but it's quite a few real MSPs in there dedicated to helping other MSPs. You'd be shocked at how much your peer groups can help lean on that. I mean, vendor shows can be a little hard to go to and all that or stuff we mentioned, but the easy low hanging fruit to bet the vendors is hitting Reddit, our MSP and MSP geek. I mean, and just seeing how the vendor engages the community, right? It used to be, you know, when I first started at this, there was really not a lot of community and you know, there was a Reddit, there was a couple of discords, but like the community, I feel like has grown and blossomed and seeing how the vendors engage the community is also very important because some of them just don't do it very well. No, they don't. And some vendors would love to tell you that Reddit is not a thing that matters. They are wrong. The smarter vendors are spending more time replying it. That's definitely something to think about. So we'll leave links to everything we talked about down below. Hopefully this gets you understanding of what not to do and what to look for like the red flag warnings of the company's claiming absolutes. We'll leave links to that, Komodo and Iterian and some of the shenanigans that they've been involved in, but use those takeaways to say, all right, the company I'm looking at for a product I want to use, I want to integrate into my stack, doesn't have any of this history and go from there and ask questions. Ping me or Jason? Follow Jason on LinkedIn. I'll link to that post. You can follow him. He occasionally has some spicy takes on other vendors that have behaved similarly. But it works, though. Like if I call it, I found there's been several vendors where it's just I constantly beat on them every time they do it and they eventually stop. I think that's actually the more important thing because our goal isn't just to have some laughs here. We're not doing it for the walls. We actually love when a vendor goes, okay, fine, we've decided we want to, they may never tell us an apology. That's fine, though. Cool if they did, but more likely they'll change your behavior. That's awesome. If they'll change behaviors, then here we are. Awesome. Everyone's better for it in the end. So we'll leave you with that. And thanks for joining us. Thank you. And thank you for making it all the way to the end of this video. If you've enjoyed the content, please give us a thumbs up. If you would like to see more content from this channel, hit the subscribe button and the bell icon. If you'd like to hire a short project, head over to laurancesystems.com and click the hires button right at the top. To help this channel out in other ways, there's a join button here for YouTube and a Patreon page where your support is greatly appreciated. For deals, discounts and offers, check out our affiliate links in the description of all of our videos, including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly. So check back frequently. And finally, our forums. Forums.LauranceSystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel. Thanks again for watching and look forward to hearing from you.