1
00:00:00,000 --> 00:00:06,360
Today on our Tech for Business podcast, Todd, our COO and CISO and Nate, our Director of

2
00:00:06,360 --> 00:00:08,400
Cybersecurity and V.C.

3
00:00:08,400 --> 00:00:15,760
So, are back again to answer our Cybersecurity Cores audience questions.

4
00:00:15,760 --> 00:00:20,080
And two questions I didn't put on the list, but were super important to someone in the

5
00:00:20,080 --> 00:00:28,760
audience was Nate, how do you keep your hair looking so good after a long day at the Tech

6
00:00:28,760 --> 00:00:29,760
Fair?

7
00:00:29,760 --> 00:00:30,760
Lots of hair gel.

8
00:00:30,760 --> 00:00:36,680
Lots of hair gel, lots of hair gel, lots of hair spray.

9
00:00:36,680 --> 00:00:38,800
Are you a hair spray guy or is it just gel?

10
00:00:38,800 --> 00:00:41,520
I don't know, just one of those pomades.

11
00:00:41,520 --> 00:00:47,880
Yeah, hop out of the shower, put it in your hair, go forward and don't really give it

12
00:00:47,880 --> 00:00:48,880
a second thought, right?

13
00:00:48,880 --> 00:00:49,880
I love it.

14
00:00:49,880 --> 00:00:53,680
I mean, these are the burning questions we need to like.

15
00:00:53,680 --> 00:00:58,760
And then Todd, they were asking, you know, we, I see that we're both rocking our little

16
00:00:58,760 --> 00:01:02,400
uniform from that day, these amazing little vests.

17
00:01:02,400 --> 00:01:08,360
And they asked, how come Todd looks the best out of all of us, out of 40 employees that

18
00:01:08,360 --> 00:01:12,520
were there, you were rocking the best?

19
00:01:12,520 --> 00:01:15,040
I don't know why that is not in my hair.

20
00:01:15,040 --> 00:01:18,560
That would not be anything I would, I could do with the Kirk Cousins things if anybody

21
00:01:18,560 --> 00:01:21,560
who's a Viking fan, my wife dresses me.

22
00:01:21,560 --> 00:01:22,560
She doesn't, but it sounds good.

23
00:01:22,560 --> 00:01:23,560
Yeah.

24
00:01:23,560 --> 00:01:25,560
Well, the marketing team kind of dressed you that day.

25
00:01:25,560 --> 00:01:30,680
They did, yeah, they did.

26
00:01:30,680 --> 00:01:34,760
Are vests kind of a go-to thing for you or was that just on that day?

27
00:01:34,760 --> 00:01:36,160
No, it was just that day.

28
00:01:36,160 --> 00:01:39,680
And I actually am wearing it today too for those that don't have video, but no, I actually

29
00:01:39,680 --> 00:01:42,560
don't really understand vests.

30
00:01:42,560 --> 00:01:46,360
It is, I don't, and here I am wearing it today, but I think they're weird in general just

31
00:01:46,360 --> 00:01:49,840
because from my perspective, I'm like, if you're cold, you usually put on a sweatshirt

32
00:01:49,840 --> 00:01:53,080
or something along that line and everybody even responds as well, it's when your core

33
00:01:53,080 --> 00:01:56,680
gets cold and I was like, does your core get cold, but not your arms?

34
00:01:56,680 --> 00:01:59,160
That doesn't happen to me.

35
00:01:59,160 --> 00:02:00,160
I'm totally with you.

36
00:02:00,160 --> 00:02:07,600
I usually hate vests, but when marketing goes and gets a North Face vests, they're pretty

37
00:02:07,600 --> 00:02:08,600
great.

38
00:02:08,600 --> 00:02:09,600
Yeah, we gotta wear them.

39
00:02:09,600 --> 00:02:10,600
And they look stylish.

40
00:02:10,600 --> 00:02:15,720
I hate the fluffy, poofy vests and these are the nice thin, sporty ones.

41
00:02:15,720 --> 00:02:20,640
Well, speaking of core, we're jumping into a cybersecurity course.

42
00:02:20,640 --> 00:02:24,960
Last week we talked MFA and passwords and we covered a little bit of policy.

43
00:02:24,960 --> 00:02:30,520
And this week we're talking a lot about Threat Locker because we had very specific questions,

44
00:02:30,520 --> 00:02:35,680
but also some end user training, some AI, lots of different things.

45
00:02:35,680 --> 00:02:40,200
So just to jump in, it feels like it's maybe going to be a little bit of a sales pitch

46
00:02:40,200 --> 00:02:41,400
for Threat Locker.

47
00:02:41,400 --> 00:02:48,120
So we can broaden it out if you want, but a lot of people asked about Threat Locker,

48
00:02:48,120 --> 00:02:55,120
how it's stacking up to Microsoft, PAM, how it's handling those custom coded softwares,

49
00:02:55,120 --> 00:03:00,840
and then how do we see Threat Locker and breach detection like Huntress, which I do not know

50
00:03:00,840 --> 00:03:04,600
what that is, but playing into your best practices.

51
00:03:04,600 --> 00:03:08,600
So kind of however you want to take that.

52
00:03:08,600 --> 00:03:09,960
Okay, I do want to know.

53
00:03:09,960 --> 00:03:10,960
Can I start real quick?

54
00:03:10,960 --> 00:03:11,960
Of course.

55
00:03:11,960 --> 00:03:12,960
Okay.

56
00:03:12,960 --> 00:03:18,160
It's been a little bit from our end since we had the security cores conversation, but

57
00:03:18,160 --> 00:03:19,360
just kind of refresher.

58
00:03:19,360 --> 00:03:23,640
There are a couple of things that we were requiring as the non-negotiables and just on a real

59
00:03:23,640 --> 00:03:29,480
brief if anybody missed those, their endpoint detection response, multi-factor authentication,

60
00:03:29,480 --> 00:03:33,680
cybersecurity awareness training and or phishing simulations.

61
00:03:33,680 --> 00:03:36,040
And then the last one was kind of doing audits.

62
00:03:36,040 --> 00:03:41,840
And so you kind of got to do those things and then to get into part two, if you're doing

63
00:03:41,840 --> 00:03:46,480
that thing, what's next, I'm going to kind of repeat what I said the last item was, is

64
00:03:46,480 --> 00:03:48,280
you kind of need to reassess.

65
00:03:48,280 --> 00:03:52,320
And we actually go out of our way to do that every single year.

66
00:03:52,320 --> 00:03:56,720
And if you've looked at what's been happening over the years, there's a good reason for

67
00:03:56,720 --> 00:03:57,720
it.

68
00:03:57,720 --> 00:04:01,920
Everything changes and a 12 month period in cybersecurity unfortunately is an extremely

69
00:04:01,920 --> 00:04:04,240
long time.

70
00:04:04,240 --> 00:04:09,240
So a good example of this is a couple of years ago ransomware attacks where we're just going

71
00:04:09,240 --> 00:04:10,240
to encrypt your data.

72
00:04:10,240 --> 00:04:11,720
We're going to send you a ransom note.

73
00:04:11,720 --> 00:04:13,120
That's the end of it.

74
00:04:13,120 --> 00:04:15,920
And people said, okay, well, one of the best ways to combat that is having really good

75
00:04:15,920 --> 00:04:16,920
backups.

76
00:04:16,920 --> 00:04:17,920
Well, great.

77
00:04:17,920 --> 00:04:20,880
They pivoted and said, well, I'm not only am I going to do that, I'm going to infiltrate

78
00:04:20,880 --> 00:04:23,080
your data, show you that I have it.

79
00:04:23,080 --> 00:04:26,240
So even if you can restore, I still got you.

80
00:04:26,240 --> 00:04:29,960
And those kinds of things are just constantly changing and updating.

81
00:04:29,960 --> 00:04:35,160
And we need to be making sure that we're doing what we can to protect ourselves, our customers,

82
00:04:35,160 --> 00:04:36,160
et cetera.

83
00:04:36,160 --> 00:04:40,080
So that reassessment to me is a very, very big deal is you just kind of have to reset

84
00:04:40,080 --> 00:04:42,480
and say, where are we today?

85
00:04:42,480 --> 00:04:44,320
What's happened in the world?

86
00:04:44,320 --> 00:04:48,680
Just a quick example of what we've actually seen changing here.

87
00:04:48,680 --> 00:04:54,320
And these are examples from just the past month is in the past, when we're talking about

88
00:04:54,320 --> 00:05:01,760
Office 365 and Azure and the entire Microsoft ecosystem there is what we've seen is there's

89
00:05:01,760 --> 00:05:02,960
also been a transition.

90
00:05:02,960 --> 00:05:09,400
So while phishing attacks and that's the stuff will never stop, what we've seen a little

91
00:05:09,400 --> 00:05:15,520
bit is rather than a lot of the spam and that kind of activity or trying to encrypt the

92
00:05:15,520 --> 00:05:19,960
actual on-premise infrastructures as more and more people move to the cloud.

93
00:05:19,960 --> 00:05:24,960
In the last month, we've seen a lot more resource hijacking essentially in Azure.

94
00:05:24,960 --> 00:05:29,240
And so what this means is that your credit card is already associated with your Microsoft

95
00:05:29,240 --> 00:05:30,240
account.

96
00:05:30,240 --> 00:05:36,480
And so if someone can get in with admin permissions and go in and spin up new virtual disks, virtual

97
00:05:36,480 --> 00:05:41,720
servers in your Azure environment, it's on your credit card, right?

98
00:05:41,720 --> 00:05:46,360
And so they didn't have to pay anything to go set up a spam relay, something to further

99
00:05:46,360 --> 00:05:48,200
their phishing attacks.

100
00:05:48,200 --> 00:05:52,760
And then it all comes from your tenant, which makes it under risk of Microsoft trying to

101
00:05:52,760 --> 00:05:57,160
suspend your account there because you're doing malicious activity.

102
00:05:57,160 --> 00:06:01,560
And so we've actually seen quite a few of those in the last month or so in different

103
00:06:01,560 --> 00:06:02,560
flavors.

104
00:06:02,560 --> 00:06:06,920
So I won't go too deep into that, but getting back to the need of regularly tuning your

105
00:06:06,920 --> 00:06:10,520
audits to address the modern threats.

106
00:06:10,520 --> 00:06:14,960
Yeah, the one thing that I would kind of tally off of that is saying, again, what's next?

107
00:06:14,960 --> 00:06:19,120
I was reading an article somewhat recently and I can find it and we can post it in our

108
00:06:19,120 --> 00:06:20,120
notes too.

109
00:06:20,120 --> 00:06:24,320
But one of the articles I was reading recently was talking about how your insurance organization

110
00:06:24,320 --> 00:06:26,040
is becoming your new auditor.

111
00:06:26,040 --> 00:06:27,840
And it does make sense, right?

112
00:06:27,840 --> 00:06:33,800
I mean, most regulated organizations, the reasons why they have audits is because they're typically

113
00:06:33,800 --> 00:06:35,160
insured by somebody else.

114
00:06:35,160 --> 00:06:38,280
So banking, you're looking at FDIC, et cetera.

115
00:06:38,280 --> 00:06:41,760
And this is not different when it comes to cybersecurity insurance.

116
00:06:41,760 --> 00:06:44,120
And when they get their information, what are they doing?

117
00:06:44,120 --> 00:06:47,280
They're looking to what already exists and they're saying, well, why would I reinvent

118
00:06:47,280 --> 00:06:48,280
the wheel?

119
00:06:48,280 --> 00:06:51,680
But they see kind of like us to a large degree.

120
00:06:51,680 --> 00:06:53,760
They see what's changing in the industry.

121
00:06:53,760 --> 00:06:55,680
They see what's being exploited.

122
00:06:55,680 --> 00:06:59,160
They get all that information and their whole job is to mitigate risk.

123
00:06:59,160 --> 00:07:03,520
And so when they're coming to you and saying, hey, I think you need to do, you know, two

124
00:07:03,520 --> 00:07:04,920
years ago was multifactor.

125
00:07:04,920 --> 00:07:07,040
And then we're saying, OK, well, now it's EDR.

126
00:07:07,040 --> 00:07:10,640
The next big one, Ariel already touched to us already.

127
00:07:10,640 --> 00:07:12,200
It's going to be a privilege access management.

128
00:07:12,200 --> 00:07:13,560
So I'll tip the hand a little bit.

129
00:07:13,560 --> 00:07:16,800
But the word that's coming from is they're saying, what's going on in the industry?

130
00:07:16,800 --> 00:07:17,800
What do we need to do?

131
00:07:17,800 --> 00:07:22,120
I did throw CIT into this bucket as well, because as an organization, we work with

132
00:07:22,120 --> 00:07:26,360
a cross industry, health care, finance, education, you name it, we do it.

133
00:07:26,360 --> 00:07:28,160
And so we see everything.

134
00:07:28,160 --> 00:07:29,920
And you can quickly pick up trends.

135
00:07:29,920 --> 00:07:31,960
This is the way people are getting exploited.

136
00:07:31,960 --> 00:07:34,280
Here's the weaknesses and defenses.

137
00:07:34,280 --> 00:07:37,040
Here's why this organization got attacked and that one didn't.

138
00:07:37,040 --> 00:07:40,720
So when we're coming up with recommendations and whatnot, that's what's driving it.

139
00:07:40,720 --> 00:07:45,720
That's partly what we see, but we're also looking and working quite frankly in lockstep

140
00:07:45,720 --> 00:07:50,720
with the insurance organizations to make sure that customers, companies are getting what

141
00:07:50,720 --> 00:07:53,920
they need to help mitigate the risks that are being presented.

142
00:07:53,920 --> 00:07:57,640
Again, how it changed from a year ago to now.

143
00:07:57,640 --> 00:07:59,600
And then just one last tally on that.

144
00:07:59,600 --> 00:08:05,240
And then we can actually chat about some of those tools and stuff is the as we're working

145
00:08:05,240 --> 00:08:06,680
with those insurance organizations.

146
00:08:06,680 --> 00:08:14,360
The other thing is that when we see a few insurance questionnaires start to adapt new

147
00:08:14,360 --> 00:08:18,600
language, those are early indicators of where the rest of the industry is going to go.

148
00:08:18,600 --> 00:08:24,200
And so that's where we tend to take those early indicators and help start communicating

149
00:08:24,200 --> 00:08:25,200
that to the customer.

150
00:08:25,200 --> 00:08:29,280
So that way, when the insurance renewals do come out, you're already prepared for them.

151
00:08:29,280 --> 00:08:33,760
And I'm going to throw one more thing on there because my favorite catchphrase is one more

152
00:08:33,760 --> 00:08:40,200
thing is that there are some insurance organizations that do lag behind and some organizations say,

153
00:08:40,200 --> 00:08:41,320
well, I'm not being forced to.

154
00:08:41,320 --> 00:08:43,080
So I'm going to push that off.

155
00:08:43,080 --> 00:08:48,320
I would remind you when you hear things like this coming up, or at least sit highly recommend,

156
00:08:48,320 --> 00:08:51,080
you do kind of pay attention to what's happening in the industry.

157
00:08:51,080 --> 00:08:56,080
While you're not necessarily forced to do it, it again was designed to reduce the risk

158
00:08:56,080 --> 00:08:57,080
to your organization.

159
00:08:57,080 --> 00:08:58,720
It's not because somebody made you.

160
00:08:58,720 --> 00:09:03,800
It's because we're trying to basically eliminate or minimize the likelihood of a bad day.

161
00:09:03,800 --> 00:09:10,600
So you kind of answered my last question, which was if you added something to this core,

162
00:09:10,600 --> 00:09:13,200
it would be this PAM solution.

163
00:09:13,200 --> 00:09:18,840
And again, to avoid too much of a sales pitch, but how does Threat Locker kind of stack

164
00:09:18,840 --> 00:09:24,320
up to other ones or is kind of dealing or fits into best practices?

165
00:09:24,320 --> 00:09:29,800
Yeah, so I can kind of take one step back just to build the foundation and then we'll

166
00:09:29,800 --> 00:09:33,600
come into Threat Locker or any of the other solutions out there.

167
00:09:33,600 --> 00:09:39,920
So privilege access management is essentially limiting administrative access to different

168
00:09:39,920 --> 00:09:43,680
software or anything like that until you absolutely need it.

169
00:09:43,680 --> 00:09:48,640
Same thing of applications don't need to necessarily run unless you've given them approval to run

170
00:09:48,640 --> 00:09:53,120
and then you can contain the behavior of them into what's intended.

171
00:09:53,120 --> 00:09:59,840
So for example, we want to be able to run PowerShell for checking the name of a computer,

172
00:09:59,840 --> 00:10:00,840
right?

173
00:10:00,840 --> 00:10:01,840
There's nothing malicious about that.

174
00:10:01,840 --> 00:10:06,280
Now we don't want PowerShell to go call into the internet and download new scripts.

175
00:10:06,280 --> 00:10:10,280
And if we do want it to go out to the internet, can we contain it to the areas where we know

176
00:10:10,280 --> 00:10:13,780
we need it to connect to essentially, right?

177
00:10:13,780 --> 00:10:19,960
So that's the premise of an application white listing privilege access management tool.

178
00:10:19,960 --> 00:10:21,520
There's a lot of different flavors out there.

179
00:10:21,520 --> 00:10:24,080
Some free, some that are licensed.

180
00:10:24,080 --> 00:10:29,520
And so the two most common ones that I'm going to kind of touch about here is going to be

181
00:10:29,520 --> 00:10:38,640
something like App Locker, which Microsoft is now switching it to WDAC, I believe.

182
00:10:38,640 --> 00:10:42,560
Don't ask me the acronym because I just live in acronyms.

183
00:10:42,560 --> 00:10:45,800
But it's essentially the App Locker component of Windows.

184
00:10:45,800 --> 00:10:51,320
And so what App Locker just for the rest of the podcast here today, I'm just going to

185
00:10:51,320 --> 00:10:52,400
keep saying App Locker.

186
00:10:52,400 --> 00:10:54,520
That's Microsoft's free solution.

187
00:10:54,520 --> 00:10:58,960
So in App Locker, the premise of that is you have to go to each device, run a PowerShell

188
00:10:58,960 --> 00:11:04,720
script, inventory all the software on the environment, and then go back to the server,

189
00:11:04,720 --> 00:11:09,020
the system, and build the policies surrounding that.

190
00:11:09,020 --> 00:11:15,560
And so then if there's new changes in software, let's say there's various updates or something

191
00:11:15,560 --> 00:11:20,840
like that, you have to go re-approve those, modify your policies, that kind of stuff.

192
00:11:20,840 --> 00:11:28,200
So while it's free on the licensing, what you do is you pay for it on the labor side.

193
00:11:28,200 --> 00:11:33,840
And so for small businesses where they don't have IT resources to be able to dedicate that

194
00:11:33,840 --> 00:11:42,040
time, that labor cost can greatly exceed the value that they would want to put into play

195
00:11:42,040 --> 00:11:43,360
there.

196
00:11:43,360 --> 00:11:48,640
Where the Threat Locker comes into play is it's doing the same application wait listing

197
00:11:48,640 --> 00:11:54,920
that App Locker can do, but what it does do is that it automatically inventories the software

198
00:11:54,920 --> 00:11:59,200
and system drivers and everything like that when it's first installed.

199
00:11:59,200 --> 00:12:02,520
And it goes into what they call a learning period for a bit.

200
00:12:02,520 --> 00:12:06,880
And so when it's sitting in a learning period, it's dynamically building all those policies

201
00:12:06,880 --> 00:12:10,840
for you, which is the labor intensive component.

202
00:12:10,840 --> 00:12:17,880
And then the other thing is that App Locker doesn't have a audit log, essentially, of

203
00:12:17,880 --> 00:12:20,240
all the software that's trying to run on these systems.

204
00:12:20,240 --> 00:12:24,360
You'd have to go either to those different desperate systems and try and figure that

205
00:12:24,360 --> 00:12:26,080
out if something was blocked.

206
00:12:26,080 --> 00:12:31,120
Threat Locker, you can go into a single pane of glass for all systems and figure out what's

207
00:12:31,120 --> 00:12:35,040
going to be blocked if I start securing these devices, essentially, right?

208
00:12:35,040 --> 00:12:39,360
So you can quickly tune the policies if needed to ensure that you're not going to cripple

209
00:12:39,360 --> 00:12:43,120
your environment once you actually secure them into a better state.

210
00:12:43,120 --> 00:12:47,480
The other quick component or difference between the solutions is going to be App Locker doesn't

211
00:12:47,480 --> 00:12:50,600
do anything for local admin privileges.

212
00:12:50,600 --> 00:12:56,960
So that's a whole different skew that Microsoft knows how to price out and nickel and dime

213
00:12:56,960 --> 00:12:57,960
us all.

214
00:12:57,960 --> 00:12:59,800
That's where it's built into Threat Locker.

215
00:12:59,800 --> 00:13:05,120
If this piece of software, to be able to install it, let's say it's AutoCAD, right?

216
00:13:05,120 --> 00:13:09,880
We know that AutoCAD always requires local admin to be able to run and do updates.

217
00:13:09,880 --> 00:13:15,280
You can give it just that admin access for that one application, but everything else

218
00:13:15,280 --> 00:13:18,280
that the user does doesn't have admin.

219
00:13:18,280 --> 00:13:21,760
And so you can greatly protect the core resources of that system.

220
00:13:21,760 --> 00:13:25,280
That's the biggest general overview between the two.

221
00:13:25,280 --> 00:13:30,400
I'm super passionate about it, and I am very, very familiar with these.

222
00:13:30,400 --> 00:13:32,640
So I'm not going to go into too much depth.

223
00:13:32,640 --> 00:13:33,640
More depth.

224
00:13:33,640 --> 00:13:38,080
Yeah, for, again, for the general audience, we're not trying to sell Threat Locker per

225
00:13:38,080 --> 00:13:40,560
say, but it is a very powerful tool.

226
00:13:40,560 --> 00:13:44,080
There's a good reason organization like CIT would use something like Threat Locker, and

227
00:13:44,080 --> 00:13:48,520
one of the biggest benefits for us as an organization is you do get a lot of bang for the buck, which

228
00:13:48,520 --> 00:13:54,400
is what Nate was highlighting very heavily on the monetization part of Microsoft.

229
00:13:54,400 --> 00:13:58,040
But there are other pieces that we get that we are able to leverage to.

230
00:13:58,040 --> 00:14:02,520
So as we work with a lot of organizations and having tool sets that allow us to deal

231
00:14:02,520 --> 00:14:08,080
with multi-tenanted companies, meaning we can look at multiple people and manage at

232
00:14:08,080 --> 00:14:11,040
large scale, if you will, in a method that works well.

233
00:14:11,040 --> 00:14:12,400
That works well for us.

234
00:14:12,400 --> 00:14:15,920
That isn't something that every company can go out and do.

235
00:14:15,920 --> 00:14:21,400
But some of the benefits that we get is we can deploy policies, as Nate was mentioning

236
00:14:21,400 --> 00:14:26,560
globally, or we can get very specific to specific companies or even specific applications.

237
00:14:26,560 --> 00:14:31,200
Where that gets beneficial is for an organization like us, if we're working with the banks,

238
00:14:31,200 --> 00:14:38,400
we can say, we know this particular core banking app runs this weird obscure batch file because

239
00:14:38,400 --> 00:14:39,400
it happens.

240
00:14:39,400 --> 00:14:43,200
In case anybody doesn't remember what a batch file is, it's pretty old technology.

241
00:14:43,200 --> 00:14:46,720
Almost nothing does it anymore, but the core banking app in this particular instance does.

242
00:14:46,720 --> 00:14:48,320
You wouldn't normally expect that.

243
00:14:48,320 --> 00:14:52,040
If it were happening, it would typically look like something that's malicious.

244
00:14:52,040 --> 00:14:56,160
So the fact that we've gone through this, we've experienced it, we've known it, we can just

245
00:14:56,160 --> 00:14:59,400
automatically apply that, hey, you're a bank, we know this is a possibility, we're just

246
00:14:59,400 --> 00:15:01,480
going to go ahead and white list it and push it through.

247
00:15:01,480 --> 00:15:04,760
So there are a lot of benefits for those kinds of things that are out there as well.

248
00:15:04,760 --> 00:15:07,000
That doesn't mean there aren't other good tools.

249
00:15:07,000 --> 00:15:10,200
As Nate mentioned, there are great tools out there.

250
00:15:10,200 --> 00:15:14,000
And a little housekeeping on the acronym we dropped, Kelsey founded Forrest.

251
00:15:14,000 --> 00:15:19,280
It's Windows Defender Application Control, which is an absolute mouthful, but at least

252
00:15:19,280 --> 00:15:27,720
in this particular instance, Microsoft's stable defender, which is surprising.

253
00:15:27,720 --> 00:15:31,480
It was funny that you mentioned that bank because that was the exact scenario that I

254
00:15:31,480 --> 00:15:36,400
was thinking of of saying, these actually do solve business problems as well.

255
00:15:36,400 --> 00:15:42,080
It's not just security trying to push more security, especially in your regulated industries.

256
00:15:42,080 --> 00:15:48,040
So in the bank that I had in mind, I don't know if it's the same one that Todd had, but

257
00:15:48,040 --> 00:15:54,080
we helped a bank that had about 300 users and everyone had local admin to their systems.

258
00:15:54,080 --> 00:15:58,880
And for those that are sitting in a bank right now, maybe listening to this, you go, why

259
00:15:58,880 --> 00:16:01,080
would you ever do that?

260
00:16:01,080 --> 00:16:06,360
The problem is that their core banking application required local admin to be able to run properly.

261
00:16:06,360 --> 00:16:10,760
Well, now you have your auditors coming to you saying, you can't do that.

262
00:16:10,760 --> 00:16:15,840
Well, now you're at a pickle saying, well, I still need to be able to run my bank, but

263
00:16:15,840 --> 00:16:17,840
my auditor says I can't do that.

264
00:16:17,840 --> 00:16:22,320
So that's where the solution at least fell in the middle of that and said, we can remove

265
00:16:22,320 --> 00:16:28,680
local admin, let the tool do the elevation of that one core banking application.

266
00:16:28,680 --> 00:16:34,560
And now they meet both the business needs and the regulation, the regulatory needs.

267
00:16:34,560 --> 00:16:40,560
So I'm going to go off on a little bit of a tangent and kind of zoom out a little bit

268
00:16:40,560 --> 00:16:46,120
because you mentioned these PAM solutions and there's paid and then there are free and

269
00:16:46,120 --> 00:16:47,320
different things you can do.

270
00:16:47,320 --> 00:16:51,880
So when you are going through these audits, I know the answer is going to be it depends.

271
00:16:51,880 --> 00:16:56,040
But is it better just to jump right into it depends?

272
00:16:56,040 --> 00:16:57,040
It depends.

273
00:16:57,040 --> 00:17:00,800
Sorry, I was just asking the actual question.

274
00:17:00,800 --> 00:17:07,200
Is it better to just jump right into the paid version or not?

275
00:17:07,200 --> 00:17:14,000
When you're talking about needing to get cybersecurity insurance and meet your audits,

276
00:17:14,000 --> 00:17:15,000
it depends.

277
00:17:15,000 --> 00:17:16,000
Next question.

278
00:17:16,000 --> 00:17:22,800
Yeah, the biggest thing I'd just say is assess how much time you want to spend tuning it

279
00:17:22,800 --> 00:17:28,920
is and implementing it because if you that's like the number one thing that I hear concerns

280
00:17:28,920 --> 00:17:33,760
about is everyone I've asked in the past, do you use AppLocker?

281
00:17:33,760 --> 00:17:37,440
No, or they say yes.

282
00:17:37,440 --> 00:17:38,440
And how is it?

283
00:17:38,440 --> 00:17:42,400
It's a pain in the side because it's a lot of work.

284
00:17:42,400 --> 00:17:47,440
And so it's just one of those things where if your business says we can't afford the

285
00:17:47,440 --> 00:17:52,640
licensing of a solution to do the labor for us, but you're okay spending that labor, maybe

286
00:17:52,640 --> 00:17:58,600
you have a cheap labor outsourced labor, whatever it is that you can make up for that.

287
00:17:58,600 --> 00:18:04,600
And do that, but just be aware that you're trading out saying, do I want this person

288
00:18:04,600 --> 00:18:10,120
focused on application approvals and tuning a system or do I want them focused on maybe

289
00:18:10,120 --> 00:18:15,040
a different business project that can drive the business a little more forward?

290
00:18:15,040 --> 00:18:16,040
Right?

291
00:18:16,040 --> 00:18:22,440
I tend to say let the tools do the grunt work and let your people use their minds to improve

292
00:18:22,440 --> 00:18:23,440
the business.

293
00:18:23,440 --> 00:18:24,440
Yeah, I agree.

294
00:18:24,440 --> 00:18:29,160
I mean, the phrasing I've always used is automate what you can and then use your people for

295
00:18:29,160 --> 00:18:31,000
the highly strategic work.

296
00:18:31,000 --> 00:18:34,920
There's things that your technical individuals should be doing that are driving you forward

297
00:18:34,920 --> 00:18:41,120
that are making the difference in the world, not day to day fixing antivirus things.

298
00:18:41,120 --> 00:18:42,240
Those things can be automated.

299
00:18:42,240 --> 00:18:45,360
You don't need to spend a lot of time patching your systems anymore.

300
00:18:45,360 --> 00:18:50,520
Again, in my opinion, and this will be a little bit of a pro-CIT thing, but there are organizations

301
00:18:50,520 --> 00:18:52,520
out there that we've seen that we've done that.

302
00:18:52,520 --> 00:18:53,680
We can help you with that.

303
00:18:53,680 --> 00:18:55,520
We can eliminate the friction.

304
00:18:55,520 --> 00:18:59,680
That's why we use tools like this to get you going down that path.

305
00:18:59,680 --> 00:19:07,200
I want to back up real briefly again because I really want to emphasize the privilege access

306
00:19:07,200 --> 00:19:08,280
management.

307
00:19:08,280 --> 00:19:09,520
It is a really big deal.

308
00:19:09,520 --> 00:19:12,360
It used to be something that was so difficult as Nate said.

309
00:19:12,360 --> 00:19:15,040
When you're looking at 300 people, you're going, how do I get there from here?

310
00:19:15,040 --> 00:19:16,040
Tools like this exist.

311
00:19:16,040 --> 00:19:18,720
They are there to help you through the process.

312
00:19:18,720 --> 00:19:22,840
Then when you get into the ring fencing piece as well or the application white listing, this

313
00:19:22,840 --> 00:19:26,480
is stuff that it used to be like that's incredibly difficult.

314
00:19:26,480 --> 00:19:28,680
It's extremely hard to get there from here.

315
00:19:28,680 --> 00:19:32,120
Your maturity needs to be very high to get that next piece in place.

316
00:19:32,120 --> 00:19:35,160
That was true two years ago.

317
00:19:35,160 --> 00:19:36,160
It's not anymore.

318
00:19:36,160 --> 00:19:39,160
Again, you've got to constantly reevaluate.

319
00:19:39,160 --> 00:19:40,160
Where am I at?

320
00:19:40,160 --> 00:19:41,160
What's the next step?

321
00:19:41,160 --> 00:19:42,160
The world's changed.

322
00:19:42,160 --> 00:19:43,520
I need to address this.

323
00:19:43,520 --> 00:19:44,520
Those two are by far.

324
00:19:44,520 --> 00:19:45,520
It's not even close.

325
00:19:45,520 --> 00:19:48,960
They're way up there as things that need to be addressed much sooner than they used to

326
00:19:48,960 --> 00:19:49,960
be.

327
00:19:49,960 --> 00:19:54,240
Ariel said she's going to throw a little tangent in there and I'll do this one really, really

328
00:19:54,240 --> 00:19:57,840
quickly, but I'm going to contain it as much as I can.

329
00:19:57,840 --> 00:20:01,120
It is another one of the tenants that you need to start thinking about as you start

330
00:20:01,120 --> 00:20:03,400
looking at your infrastructure on the long-term scene.

331
00:20:03,400 --> 00:20:04,400
Where am I going from here?

332
00:20:04,400 --> 00:20:06,880
I'll throw out the phrase zero trust.

333
00:20:06,880 --> 00:20:09,880
This is one of the ways that you start the ball rolling down the hill is how do I get

334
00:20:09,880 --> 00:20:10,880
on that train?

335
00:20:10,880 --> 00:20:12,680
How do I get going on it, et cetera?

336
00:20:12,680 --> 00:20:16,240
These are things that you need to have in the back of your head as well.

337
00:20:16,240 --> 00:20:20,840
Unfortunately, zero trust isn't a single product tool, whatever you buy, you implement,

338
00:20:20,840 --> 00:20:24,560
you have it, but there is a path forward and this is one of those things that can help

339
00:20:24,560 --> 00:20:26,240
along that path.

340
00:20:26,240 --> 00:20:28,240
Sorry.

341
00:20:28,240 --> 00:20:33,960
One last thing of why I wanted to talk about why a application way listing privilege access

342
00:20:33,960 --> 00:20:41,520
management tool is going to be the next cybersecurity core is that we are seeing more and more

343
00:20:41,520 --> 00:20:47,240
of these regulations adopt language into knowing the application sprawl within your environments

344
00:20:47,240 --> 00:20:53,280
and who's using them because we've seen the federal government, everyone saying supply

345
00:20:53,280 --> 00:20:56,920
chain risk is a massive threat to today.

346
00:20:56,920 --> 00:20:57,920
We see that.

347
00:20:57,920 --> 00:21:02,560
For example, those that remember things like log for J, the move a hack, anything like

348
00:21:02,560 --> 00:21:10,080
that, vendors compromise or they push malicious after, then it becomes compromised in your

349
00:21:10,080 --> 00:21:11,080
environments.

350
00:21:11,080 --> 00:21:16,160
That's where these tools come into play to kind of again, isolate that from just being

351
00:21:16,160 --> 00:21:20,520
automatically updated if something has changed or unsigned by a developer.

352
00:21:20,520 --> 00:21:26,120
And then also, especially things like the banks and healthcare and everything like that

353
00:21:26,120 --> 00:21:32,360
is do you know all the software in your environment because if there is ever, especially like

354
00:21:32,360 --> 00:21:40,440
the governmental, small local government, CMMC, contractors, anything like that is you need

355
00:21:40,440 --> 00:21:45,840
to know where is the software running, who's running it, maybe the country of origin of

356
00:21:45,840 --> 00:21:47,680
some of the software as well.

357
00:21:47,680 --> 00:21:52,200
So if you're running something like seven zip and there's a lot of IT people just squirming

358
00:21:52,200 --> 00:21:55,120
right now, did you know that's a Russian company?

359
00:21:55,120 --> 00:22:01,360
So those are the types of things that the DoD and everything is going to be looking for.

360
00:22:01,360 --> 00:22:02,360
Yeah.

361
00:22:02,360 --> 00:22:03,760
And again, here we go.

362
00:22:03,760 --> 00:22:07,520
I love tangents, but I won't go into this too much because I think we probably are running

363
00:22:07,520 --> 00:22:12,240
out of time, but I do agree with what Nate's bringing up here in regards to awareness of

364
00:22:12,240 --> 00:22:13,240
your tools.

365
00:22:13,240 --> 00:22:17,160
Again, when we're talking about doing assessments, one of the course to that is do you know what

366
00:22:17,160 --> 00:22:18,160
you have?

367
00:22:18,160 --> 00:22:19,960
You can't protect it if you don't know what you got.

368
00:22:19,960 --> 00:22:23,120
And so we're starting to see this bit of an uptick in SaaS management.

369
00:22:23,120 --> 00:22:27,120
I was actually at a conference a couple of weeks ago and they threw out a statistic that

370
00:22:27,120 --> 00:22:32,880
said that an average company of 100 employee has no less than 150 SaaS tools.

371
00:22:32,880 --> 00:22:35,480
In case anybody doesn't know what that is, it's software as a service.

372
00:22:35,480 --> 00:22:41,360
There will also be your sales force, your office, you name it, anything that's cloud-based.

373
00:22:41,360 --> 00:22:43,720
And I was like, 150, that's a lot.

374
00:22:43,720 --> 00:22:48,960
But then you start going through your catalog of things and you're going, wow, my teams

375
00:22:48,960 --> 00:22:53,160
are Zoom, my this, that, it adds up extremely quickly.

376
00:22:53,160 --> 00:22:55,920
And to Nate's point, if you don't know what it is, you don't know who's using it, you

377
00:22:55,920 --> 00:22:58,800
don't have the ability to detect that, you're going to be in a bad spot.

378
00:22:58,800 --> 00:23:00,760
So there are tools for those kinds of things too.

379
00:23:00,760 --> 00:23:04,000
I would say that one's starting to be a little bit more of an emerging thing because not

380
00:23:04,000 --> 00:23:06,800
everybody is cloud-based yet.

381
00:23:06,800 --> 00:23:11,200
But you can look at something that the example they used at this conference was just setting

382
00:23:11,200 --> 00:23:16,200
up a meeting today and assuming it's Zoom, you're probably typically using about seven

383
00:23:16,200 --> 00:23:18,720
SaaS tools to make that meeting happen.

384
00:23:18,720 --> 00:23:21,960
And it's kind of mind-blowing as you start to think about that and go, yeah, right, that's

385
00:23:21,960 --> 00:23:23,200
certainly possible.

386
00:23:23,200 --> 00:23:24,640
My sales team could be doing this.

387
00:23:24,640 --> 00:23:26,440
My marketing team could be doing this.

388
00:23:26,440 --> 00:23:28,080
Who knows?

389
00:23:28,080 --> 00:23:32,240
Even in teams, you want to send a GIF off to someone that's using a third-party provider

390
00:23:32,240 --> 00:23:34,600
called Giffy to send that GIF, right?

391
00:23:34,600 --> 00:23:38,480
So you start seeing all those start compiling on top of each other.

392
00:23:38,480 --> 00:23:39,480
Yeah, wow.

393
00:23:39,480 --> 00:23:40,480
Yeah, right.

394
00:23:40,480 --> 00:23:41,480
Those two kind of add up.

395
00:23:41,480 --> 00:23:46,280
I was trying to calculate in my head what I even knew of, but gosh.

396
00:23:46,280 --> 00:23:48,520
I could tell you because we monitor it.

397
00:23:48,520 --> 00:23:51,360
Oh my God.

398
00:23:51,360 --> 00:23:53,960
I feel like Todd gave me the number at one point.

399
00:23:53,960 --> 00:23:59,080
And oh man, that is a lot here at CAT.

400
00:23:59,080 --> 00:24:06,760
But we might have to do the next core cybersecurity core podcast because I would love to sort

401
00:24:06,760 --> 00:24:10,880
of move on to this next question, which affects everyone.

402
00:24:10,880 --> 00:24:17,440
And I just love this question so much because I feel the frustration as I read it because

403
00:24:17,440 --> 00:24:19,800
it's end user training.

404
00:24:19,800 --> 00:24:30,280
And how do you get these end users to actually learn and not just click through?

405
00:24:30,280 --> 00:24:33,200
It doesn't matter what industry you're in.

406
00:24:33,200 --> 00:24:37,360
You are doing some level of end user training, I hope.

407
00:24:37,360 --> 00:24:39,760
And how do you really get it to stick?

408
00:24:39,760 --> 00:24:40,760
I'll take the first one.

409
00:24:40,760 --> 00:24:42,960
I mean, I think there's a couple of things that you do.

410
00:24:42,960 --> 00:24:47,800
The easy low-hanging fruit answers are you find tools that are engaging.

411
00:24:47,800 --> 00:24:53,280
So as an example, at CIT, we use NOBA4 as our main training tool set, and they've got

412
00:24:53,280 --> 00:24:57,520
a component of their training that's called the inside man.

413
00:24:57,520 --> 00:25:01,240
And what these are is for all intents and purposes, it's a dramatization that's basically

414
00:25:01,240 --> 00:25:05,040
like a TV show, but it's in a small little snippet that's easy to consume.

415
00:25:05,040 --> 00:25:06,520
It doesn't take an enormous amount of time.

416
00:25:06,520 --> 00:25:10,640
You're looking at like a three to five minute investment, but they are very interesting.

417
00:25:10,640 --> 00:25:14,000
So that is something that we found to be extremely successful for us.

418
00:25:14,000 --> 00:25:19,320
And it runs the gamut on issues and threats that are out there.

419
00:25:19,320 --> 00:25:22,640
We also do a fair amount of in-person training.

420
00:25:22,640 --> 00:25:26,640
And to me, I use, probably with no surprise, I use a fair amount of humor to try and make

421
00:25:26,640 --> 00:25:29,840
sure that people are awake and try to catch them and see what's going on.

422
00:25:29,840 --> 00:25:35,240
But part two for me is I try to relate the concerns to their personal lives, unless about

423
00:25:35,240 --> 00:25:37,760
it being a company-related thing.

424
00:25:37,760 --> 00:25:41,920
And the reason being is, well, the company is taking care of its things.

425
00:25:41,920 --> 00:25:44,760
It's got all these tools and solutions in place.

426
00:25:44,760 --> 00:25:50,000
A great example is I've heard companies or employees at companies go, why do my taxes

427
00:25:50,000 --> 00:25:51,000
on my company computer?

428
00:25:51,000 --> 00:25:52,000
Because I know it's secure.

429
00:25:52,000 --> 00:25:54,120
You shouldn't do that.

430
00:25:54,120 --> 00:25:58,880
So the conversations really go back to how do I make this hit home for you specifically

431
00:25:58,880 --> 00:26:02,320
when you're at home and you don't have that extra layer of protection?

432
00:26:02,320 --> 00:26:07,160
And if I can make that connection for you, you're going to do the same behaviors at home

433
00:26:07,160 --> 00:26:09,080
that you're doing at work in vice versa.

434
00:26:09,080 --> 00:26:14,520
Yeah, yeah, my main one was make it fun.

435
00:26:14,520 --> 00:26:17,960
The security training in the past has been so dry and long.

436
00:26:17,960 --> 00:26:24,040
It's sit down for 45 minutes and you do it once a year and it's just brutal.

437
00:26:24,040 --> 00:26:31,080
So here at CIT, this is more of the phishing test rather than the full-on training.

438
00:26:31,080 --> 00:26:33,000
We test weekly.

439
00:26:33,000 --> 00:26:39,200
And so there's regular cadences to the actual training and trying to detect those phishing

440
00:26:39,200 --> 00:26:42,920
threats and it's successful.

441
00:26:42,920 --> 00:26:48,280
So we did our monthly, sorry, I think it was quarterly monthly and then all the way down

442
00:26:48,280 --> 00:26:52,360
to weekly and maybe we should flip to daily at this point.

443
00:26:52,360 --> 00:27:00,760
But when we did each significant drop of increase in frequency, we saw a significant decrease

444
00:27:00,760 --> 00:27:04,160
in the number of people that were actually falling for the phishing test because that

445
00:27:04,160 --> 00:27:08,960
regular cadence makes it more fresh in their mind and everything like that.

446
00:27:08,960 --> 00:27:13,940
Same thing is rather than your annual 45-minute training, break it into monthly five-minute

447
00:27:13,940 --> 00:27:14,940
bites, right?

448
00:27:14,940 --> 00:27:19,680
You actually get more training throughout the year, but it doesn't feel as bad and it's

449
00:27:19,680 --> 00:27:22,080
less impactful.

450
00:27:22,080 --> 00:27:29,080
The other thing that I'd say is when a user does click on phishing, like a phishing email,

451
00:27:29,080 --> 00:27:34,240
what we do is we have a couple of things to where it will actually pop up a page that

452
00:27:34,240 --> 00:27:38,840
says, yes, you failed for a phishing test, but it can show the flags of what to look

453
00:27:38,840 --> 00:27:43,640
for on the next email and why that one was malicious.

454
00:27:43,640 --> 00:27:46,000
And so those are the really important things there.

455
00:27:46,000 --> 00:27:52,920
And yeah, I'd say that just regular training and coaching them through why something was

456
00:27:52,920 --> 00:27:53,920
bad.

457
00:27:53,920 --> 00:27:56,960
Yeah, coaching is a good word to use rather than just...

458
00:27:56,960 --> 00:27:57,960
Parading.

459
00:27:57,960 --> 00:27:59,560
Yeah, yeah.

460
00:27:59,560 --> 00:28:00,560
Yes.

461
00:28:00,560 --> 00:28:07,400
Now, if you fail like four of them in a week or two weeks or whatever it is, because that's

462
00:28:07,400 --> 00:28:11,440
the other thing, if you fail, we put you in a little more of a regular cadence, like short

463
00:28:11,440 --> 00:28:15,880
term with very easy ones and then it pops you back into the normal group.

464
00:28:15,880 --> 00:28:21,120
Now, if you fail multiple times in the easy one, we're going to have a quick chat to again

465
00:28:21,120 --> 00:28:23,920
coach you through that and figure out what happened.

466
00:28:23,920 --> 00:28:24,920
Yes.

467
00:28:24,920 --> 00:28:30,680
Yeah, and Kelsey mentioned, though before, has those leaderboards now that we can see

468
00:28:30,680 --> 00:28:32,760
sort of the departments.

469
00:28:32,760 --> 00:28:33,760
Yeah.

470
00:28:33,760 --> 00:28:34,760
Yeah.

471
00:28:34,760 --> 00:28:37,800
And it's kind of all of these are different approaches.

472
00:28:37,800 --> 00:28:41,840
So it's a little bit of a shotgun because something's going to stick.

473
00:28:41,840 --> 00:28:43,440
Everybody's motivated by something different.

474
00:28:43,440 --> 00:28:48,760
So if you have a lot of different approaches, you're going to motivate and connect with

475
00:28:48,760 --> 00:28:49,920
more people.

476
00:28:49,920 --> 00:28:50,920
Yeah.

477
00:28:50,920 --> 00:28:54,880
One thing I'll throw on here for our leadership too, so I know we do have some leaders that

478
00:28:54,880 --> 00:28:56,680
pay attention to the podcast.

479
00:28:56,680 --> 00:28:58,840
Don't get frustrated if you don't get early adoption.

480
00:28:58,840 --> 00:29:02,120
It's one of the big concerns we usually get when we talk about this is how we're going

481
00:29:02,120 --> 00:29:03,720
to start rolling it out.

482
00:29:03,720 --> 00:29:06,160
We're not doing this to be punitive.

483
00:29:06,160 --> 00:29:08,240
So just hang in there.

484
00:29:08,240 --> 00:29:10,880
Most people will overcome that relatively quickly.

485
00:29:10,880 --> 00:29:14,680
But where I was going with this in particular is there are statistics out there that show

486
00:29:14,680 --> 00:29:19,000
the whole seven times seven ways is the way that you communicate a lot of things to individuals.

487
00:29:19,000 --> 00:29:22,780
By the time that you're absolutely exhausted communicating it, it's when people are starting

488
00:29:22,780 --> 00:29:23,780
to hear it.

489
00:29:23,780 --> 00:29:25,080
Again, hang in there.

490
00:29:25,080 --> 00:29:27,560
It does take time, but you will get the traction.

491
00:29:27,560 --> 00:29:30,320
You will get going where you need to go.

492
00:29:30,320 --> 00:29:31,320
Yeah.

493
00:29:31,320 --> 00:29:35,120
There's always those stragglers, but they will come along.

494
00:29:35,120 --> 00:29:36,120
They will come along.

495
00:29:36,120 --> 00:29:38,760
Yeah, for sure.

496
00:29:38,760 --> 00:29:43,560
So continuing this end user training, they asked a little bit.

497
00:29:43,560 --> 00:29:49,160
The next question is about AI and how AI is going to be incorporated into specifically

498
00:29:49,160 --> 00:29:55,520
what we know before in the phishing training and what we could see down the road for that.

499
00:29:55,520 --> 00:29:56,520
Yeah.

500
00:29:56,520 --> 00:30:03,960
We have it enabled here at CIT and it's brutal sometimes because the way that it works is

501
00:30:03,960 --> 00:30:13,360
that rather than just sending pre-canned templates that we say the services team should always

502
00:30:13,360 --> 00:30:14,640
receive this type of stuff.

503
00:30:14,640 --> 00:30:17,960
The marketing team should always receive this type of stuff.

504
00:30:17,960 --> 00:30:27,400
What it'll do is says it looks like Arial just created or just did some training on fraud.

505
00:30:27,400 --> 00:30:28,400
Right?

506
00:30:28,400 --> 00:30:33,240
So maybe that's something that I want to test just to validate that or maybe it's something

507
00:30:33,240 --> 00:30:39,080
that where she hasn't done her fraud training in a year.

508
00:30:39,080 --> 00:30:42,640
Maybe we should go test her with something related to fraud.

509
00:30:42,640 --> 00:30:48,080
And then also it'll say, well, it looks like Arial has regularly passed one that looks

510
00:30:48,080 --> 00:30:49,240
like it's coming from HR.

511
00:30:49,240 --> 00:30:53,520
I don't need to test that one anymore because we already know that she has that.

512
00:30:53,520 --> 00:30:55,120
But you know what marketing loves?

513
00:30:55,120 --> 00:30:56,360
Gift cards.

514
00:30:56,360 --> 00:30:59,720
Let's send her a card once and see if she fails.

515
00:30:59,720 --> 00:31:00,720
Starbucks cards.

516
00:31:00,720 --> 00:31:01,720
Starbucks cards.

517
00:31:01,720 --> 00:31:02,720
Oh, boy.

518
00:31:02,720 --> 00:31:08,080
Actually, I have a Starbucks gift card in my pocket at the moment.

519
00:31:08,080 --> 00:31:16,680
But yes, let's tune it to the individual needs of that person and try and unfortunately

520
00:31:16,680 --> 00:31:18,480
be a little bit brutal.

521
00:31:18,480 --> 00:31:26,160
But what it does is it expands the scope of their training.

522
00:31:26,160 --> 00:31:29,040
You're not just trying to do the same thing over and over and over again.

523
00:31:29,040 --> 00:31:33,360
So yeah, I mean, I think the benefits you'll see as this continues to happen is you're

524
00:31:33,360 --> 00:31:38,280
going to get better testing, more accurate, more timely, et cetera, et cetera.

525
00:31:38,280 --> 00:31:41,680
So as things change, one of the things that we've historically done a really nice job

526
00:31:41,680 --> 00:31:44,600
of trying to do is hit things that make sense.

527
00:31:44,600 --> 00:31:45,840
So we're going into a holiday.

528
00:31:45,840 --> 00:31:50,320
So you're going to see a bunch of fishing campaigns around Amazon and FedEx deliveries

529
00:31:50,320 --> 00:31:52,400
and your credit card didn't go through.

530
00:31:52,400 --> 00:31:53,920
That's just going to be something you see.

531
00:31:53,920 --> 00:31:58,680
So having simulations that mimic that a little bit ahead of that curve does make sense.

532
00:31:58,680 --> 00:32:02,560
And AI is only going to help with those types of things.

533
00:32:02,560 --> 00:32:06,480
I know that these get posted on YouTube as well.

534
00:32:06,480 --> 00:32:11,080
I realize I totally flashed the numbers on the screen, so I am going to redeem this.

535
00:32:11,080 --> 00:32:14,600
So anyone looking at this on YouTube, it's already claimed.

536
00:32:14,600 --> 00:32:16,080
Don't even try.

537
00:32:16,080 --> 00:32:17,080
Don't even try.

538
00:32:17,080 --> 00:32:24,480
Oh man, I was going to say that the AI, it probably gives you a better idea as to what

539
00:32:24,480 --> 00:32:26,360
your company might be struggling with too.

540
00:32:26,360 --> 00:32:33,800
Are we struggling as a whole team with HR emails versus internal versus external and

541
00:32:33,800 --> 00:32:37,920
comes back to that focused training?

542
00:32:37,920 --> 00:32:39,720
What do we actually need?

543
00:32:39,720 --> 00:32:42,000
What should we actually be training our people on?

544
00:32:42,000 --> 00:32:44,760
So we're not spending 45 minutes on everything.

545
00:32:44,760 --> 00:32:49,680
So we talked about a lot from last week to this week.

546
00:32:49,680 --> 00:32:52,320
We covered our cyber security cores.

547
00:32:52,320 --> 00:32:54,440
We covered some new cores that are coming up.

548
00:32:54,440 --> 00:32:55,440
Is there anything?

549
00:32:55,440 --> 00:32:59,360
I think I kind of end here and I'll open it up to anything else you want to add.

550
00:32:59,360 --> 00:33:00,760
Are there any new technologies?

551
00:33:00,760 --> 00:33:07,400
I know we talked about PAM, anything other than that, that people should be taking into

552
00:33:07,400 --> 00:33:13,200
consideration or are overlooking or maybe you see coming down the road, like in 2024,

553
00:33:13,200 --> 00:33:15,640
what we're really going to be focusing on.

554
00:33:15,640 --> 00:33:18,560
And then I'll open it up to any other last words.

555
00:33:18,560 --> 00:33:21,600
I guess the answer for me is, yeah, there's always going to be things.

556
00:33:21,600 --> 00:33:23,760
And this unfortunately does fall into the end.

557
00:33:23,760 --> 00:33:29,360
It depends category because it's not as, I'm sorry, but it's not as easy as this is the

558
00:33:29,360 --> 00:33:30,360
tool for you.

559
00:33:30,360 --> 00:33:32,200
It is in some cases, right?

560
00:33:32,200 --> 00:33:35,480
When we made the shift to EDR, the answer was this is the tool.

561
00:33:35,480 --> 00:33:36,480
Pay attention.

562
00:33:36,480 --> 00:33:38,480
Hey, hey, hey, the world is not ending.

563
00:33:38,480 --> 00:33:41,320
The sky is not falling, but you should do this.

564
00:33:41,320 --> 00:33:46,640
The rest of the stuff as we kind of expand out the cores into the next ring, things get

565
00:33:46,640 --> 00:33:49,840
a little more complicated because everybody's in a little bit of different positions.

566
00:33:49,840 --> 00:33:54,640
So for example, I was talking to an organization that had gone through a GLBA report, and I

567
00:33:54,640 --> 00:33:58,480
would Graham Leach, Bailey, whatever, it doesn't really matter.

568
00:33:58,480 --> 00:34:01,600
And the person that had done that had come back and they made their point, this is what

569
00:34:01,600 --> 00:34:03,760
you need to do and you need to do it as soon as possible.

570
00:34:03,760 --> 00:34:08,960
And then they came to us for some assistance and my response is, that's a good solution,

571
00:34:08,960 --> 00:34:12,000
but I'll tell you from my perspective, I would not do that.

572
00:34:12,000 --> 00:34:13,800
Here's what I would do and here's why.

573
00:34:13,800 --> 00:34:16,880
And so my answer was, yes, it is a good solution.

574
00:34:16,880 --> 00:34:18,960
It just doesn't meet your immediate needs.

575
00:34:18,960 --> 00:34:21,160
And your immediate needs are X, Y, and Z.

576
00:34:21,160 --> 00:34:23,360
And everybody is different.

577
00:34:23,360 --> 00:34:25,560
Everybody is in a different place.

578
00:34:25,560 --> 00:34:30,200
Now that being said, things that I think are coming that are extremely interesting that

579
00:34:30,200 --> 00:34:34,800
I think are going to be, you need to pay attention to this is going to be a game changer, is

580
00:34:34,800 --> 00:34:38,480
it's going to be passwordless, pass keys, that kind of stuff is what's going to be the

581
00:34:38,480 --> 00:34:40,800
next big push that is going to come.

582
00:34:40,800 --> 00:34:42,560
I mean, there are a lot of things out there too.

583
00:34:42,560 --> 00:34:47,400
I mean, we've talked about tools, the acronym of SASE, which allows you to protect your

584
00:34:47,400 --> 00:34:50,160
SAS tools and whatnot, those are extremely important.

585
00:34:50,160 --> 00:34:52,080
But again, not everybody's there.

586
00:34:52,080 --> 00:34:53,520
Not everybody's moved to the cloud.

587
00:34:53,520 --> 00:34:55,560
Not everybody's got the budget for it.

588
00:34:55,560 --> 00:34:56,760
It's complicated.

589
00:34:56,760 --> 00:34:57,760
It depends.

590
00:34:57,760 --> 00:35:01,760
But things that are coming down the pipe would include stuff like key passes, pass keys,

591
00:35:01,760 --> 00:35:02,760
that kind of stuff.

592
00:35:02,760 --> 00:35:04,280
Sorry, I plugged the password manager.

593
00:35:04,280 --> 00:35:06,280
Sorry, my bad.

594
00:35:06,280 --> 00:35:14,200
Yeah, for me, I think one of the initial things that I totally agree with Todd on all of that

595
00:35:14,200 --> 00:35:20,680
is going to be managing your devices, your workstations in the cloud as well.

596
00:35:20,680 --> 00:35:24,920
And the reason why is that we see more and more organizations adopt things like mobile

597
00:35:24,920 --> 00:35:30,760
device management or MDM solutions for their mobile devices, cell phones, tablets, that

598
00:35:30,760 --> 00:35:33,720
type of stuff.

599
00:35:33,720 --> 00:35:39,480
Microsoft, if you're a Microsoft fan, is pushing that direction as well to be able to have

600
00:35:39,480 --> 00:35:44,320
your devices managed in there rather than on-premise active directory.

601
00:35:44,320 --> 00:35:48,400
One of the big reasons why that is, is, number one, Microsoft wants people to continue moving

602
00:35:48,400 --> 00:35:53,880
to the cloud, especially if you're a small business.

603
00:35:53,880 --> 00:35:58,640
I'm not going to say it's relatively easy, but it is one of those things where smaller

604
00:35:58,640 --> 00:36:05,160
businesses can adapt to that far quicker than someone like a large enterprise.

605
00:36:05,160 --> 00:36:13,400
And so if you are having your devices managed via the cloud or like Intune or Endpoint Manager,

606
00:36:13,400 --> 00:36:17,800
essentially what the benefit you get out of that is that your devices, they have some

607
00:36:17,800 --> 00:36:23,960
great configuration policies, which basically eliminates the need to do all your group policies

608
00:36:23,960 --> 00:36:27,440
to be able to quickly secure your devices.

609
00:36:27,440 --> 00:36:32,720
And then because COVID has kind of shifted the way that people fundamentally work and

610
00:36:32,720 --> 00:36:37,600
we have far more remote employees these days, if your device isn't connected to the home

611
00:36:37,600 --> 00:36:43,600
internet or the business network via VPN or whatever it is, they're not receiving those

612
00:36:43,600 --> 00:36:46,240
security policies that you're trying to push out.

613
00:36:46,240 --> 00:36:51,280
And so that's where having it directly up to the cloud, it's always going to check in,

614
00:36:51,280 --> 00:36:55,080
pull the policies, and then that's where you can get even further into the whole zero

615
00:36:55,080 --> 00:36:58,520
trust that we talk about all the time.

616
00:36:58,520 --> 00:37:05,800
So for example, this isn't my next item necessarily, but all of your wireless, you can move to

617
00:37:05,800 --> 00:37:11,360
certificate based off authentication, remove the need for passwords all the time, for any

618
00:37:11,360 --> 00:37:16,480
connection to the internet, and you're only allowing trusted devices to access your internet

619
00:37:16,480 --> 00:37:17,480
as well.

620
00:37:17,480 --> 00:37:22,280
Kind of going to Todd's point of password list, because for IT admins, what's the number

621
00:37:22,280 --> 00:37:23,880
one cause of lockouts?

622
00:37:23,880 --> 00:37:26,760
It's some type of mobile device where someone changed their password and the wireless is

623
00:37:26,760 --> 00:37:28,760
spamming the network.

624
00:37:28,760 --> 00:37:29,760
Or VPN.

625
00:37:29,760 --> 00:37:32,160
Or VPN, one of the two.

626
00:37:32,160 --> 00:37:39,840
So it essentially eliminates those needs and greatly reduces the admin overhead for lockouts

627
00:37:39,840 --> 00:37:42,240
and stuff.

628
00:37:42,240 --> 00:37:47,240
But it's such a fundamental component to the next steps and evolutions of where your security

629
00:37:47,240 --> 00:37:48,640
maturity is going to go.

630
00:37:48,640 --> 00:37:53,400
And then I'll put a selfish plug in just for identity and access management.

631
00:37:53,400 --> 00:37:57,760
This is one where it's super, super core to my heart and super passionate.

632
00:37:57,760 --> 00:38:03,280
I think we have to have a whole podcast just about this, but essentially, yeah, essentially

633
00:38:03,280 --> 00:38:06,760
identity and access management is far more than just multi-factor.

634
00:38:06,760 --> 00:38:10,400
A lot of people don't understand that.

635
00:38:10,400 --> 00:38:11,840
It's your user directory.

636
00:38:11,840 --> 00:38:13,280
It's how the multi-factor works.

637
00:38:13,280 --> 00:38:16,400
It's the behavioral analysis of the logins.

638
00:38:16,400 --> 00:38:18,360
It's tying all these devices together.

639
00:38:18,360 --> 00:38:26,000
It's the automation, granting access to applications and when they have access to applications

640
00:38:26,000 --> 00:38:30,600
for many small businesses, you give someone access to the network and they have free reign

641
00:38:30,600 --> 00:38:32,120
over everything.

642
00:38:32,120 --> 00:38:35,400
This eliminates all that and says, what do they have access?

643
00:38:35,400 --> 00:38:41,920
And if they move positions, can you automatically revoke access to certain tools that maybe

644
00:38:41,920 --> 00:38:43,600
that position doesn't need?

645
00:38:43,600 --> 00:38:46,080
So that's far more mature.

646
00:38:46,080 --> 00:38:50,040
But I would love for people to start moving that direction because we do see more mature

647
00:38:50,040 --> 00:38:52,160
organizations adopting this all the time.

648
00:38:52,160 --> 00:38:53,160
Yeah.

649
00:38:53,160 --> 00:38:57,080
I mean, both of those items were very deep tenants of Zero Trust as well.

650
00:38:57,080 --> 00:38:58,080
So they do make sense.

651
00:38:58,080 --> 00:38:59,640
They are on the horizon.

652
00:38:59,640 --> 00:39:00,960
We will see more of them.

653
00:39:00,960 --> 00:39:04,880
For what it's worth, we saw a news report that came out of from Cisco that talks about

654
00:39:04,880 --> 00:39:06,720
organizations moving towards Zero Trust.

655
00:39:06,720 --> 00:39:08,240
The numbers I thought were excessively high.

656
00:39:08,240 --> 00:39:13,440
It's not even close to that, but orgs are moving in that direction and these are tenants

657
00:39:13,440 --> 00:39:14,440
that make up with it.

658
00:39:14,440 --> 00:39:15,440
So I mean, excellent points.

659
00:39:15,440 --> 00:39:18,960
The nice thing about the mobile device management tool, especially if you're in the Microsoft

660
00:39:18,960 --> 00:39:23,720
ecosystem is there are some, the organization efficiencies that you get out of going down

661
00:39:23,720 --> 00:39:25,600
that path in the future as well too.

662
00:39:25,600 --> 00:39:29,280
So they've got Autopilot is one of the tools that you can start to get into, which helps

663
00:39:29,280 --> 00:39:31,560
you with the deployment of your devices and so forth as well.

664
00:39:31,560 --> 00:39:36,800
So lots of good security reasons, but there's also great business reasons to go pursue those

665
00:39:36,800 --> 00:39:37,800
kinds of things as well.

666
00:39:37,800 --> 00:39:42,000
I feel like I'm over here just writing down a bunch of podcast ideas that are going to

667
00:39:42,000 --> 00:39:44,440
be filling our next year.

668
00:39:44,440 --> 00:39:45,440
That's cool, man.

669
00:39:45,440 --> 00:39:49,440
Yeah, there's a lot of stuff, a lot of stuff coming down.

670
00:39:49,440 --> 00:39:54,640
And I want to take a moment and thank all of the tech fair attendees who sent in questions.

671
00:39:54,640 --> 00:39:58,320
I really appreciate it and it got this amazing conversation.

672
00:39:58,320 --> 00:40:02,520
If you enjoyed this podcast, please like and subscribe.

673
00:40:02,520 --> 00:40:08,160
Or if you have a question, please reach out to us at info at cit-net.com or head out to

674
00:40:08,160 --> 00:40:12,160
our website, cit-net.com slash podcast.

675
00:40:12,160 --> 00:40:16,160
Thank you to Adam Neick for joining us today and we'll be back next week with an all new

676
00:40:16,160 --> 00:40:45,160
episode.