1 00:00:00,000 --> 00:00:06,260 Talking about small businesses, I mean we we work with small businesses and the ultimate small business would be like a little mom and pop shop 2 00:00:06,680 --> 00:00:12,120 So if you had a little like boutique or something like that, what would you sell? 3 00:00:13,320 --> 00:00:17,600 You like a fishing store or a little art store? 4 00:00:18,600 --> 00:00:20,600 IT 5 00:00:23,040 --> 00:00:26,800 Well, it is kind of funny, I mean I feel like that probably it but I'm 6 00:00:26,800 --> 00:00:34,480 I'm a nerd so it would probably be something gaming related would be my alternative my wife is in 7 00:00:34,720 --> 00:00:39,000 The floral industry and she's always said that she would love to have a floral shop with me 8 00:00:39,000 --> 00:00:43,760 Which is not my interest so I would be more like flowers and gaming somehow 9 00:00:43,760 --> 00:00:48,280 We gotta have the guys have to have a place to go and find something interesting while the ladies are shopping. I 10 00:00:49,960 --> 00:00:54,200 Don't know. I I did always say that if I get burned out from cybersecurity 11 00:00:54,200 --> 00:00:59,360 I want to go work in a greenhouse, so I might be over there in the flower section 12 00:01:00,600 --> 00:01:02,440 so 13 00:01:02,440 --> 00:01:06,000 I'll be your I'll be your wife's first customer over there 14 00:01:06,560 --> 00:01:10,400 I was gonna say probably some type of like garden center 15 00:01:11,040 --> 00:01:13,040 was gonna be my answer, but 16 00:01:13,120 --> 00:01:15,120 I'm also a geek and so I 17 00:01:15,840 --> 00:01:20,400 Feel like I could possibly go try and buy up all the super old 18 00:01:20,400 --> 00:01:24,400 connections for like computers and just to 19 00:01:24,960 --> 00:01:33,160 Make it available where if you can't can't find something at you know target or something like that come here and I'll help support your 20 00:01:34,160 --> 00:01:40,680 Wildly old technology and that one very obscure cable that you've been looking for forever. I might have it 21 00:01:42,280 --> 00:01:45,280 Don't want to support old technology here at work, but 22 00:01:45,280 --> 00:01:52,280 It'd be fun just to try and find the most obscure connections and cables and cards and all that kind of stuff 23 00:01:52,400 --> 00:01:56,680 I'm sure we still got floppy disks in the office somewhere. We need to be able to read what's on them. I 24 00:01:58,800 --> 00:02:05,560 Smaller micro-center, but yeah fun fact. I used to work for a company that is still using micro-fiche, so 25 00:02:09,000 --> 00:02:11,000 How about you August 26 00:02:11,200 --> 00:02:13,200 for me it would be I 27 00:02:13,200 --> 00:02:16,800 I will take the sports advocate route and do a 28 00:02:17,440 --> 00:02:21,520 Trading card and collectibles and like memorabilia store 29 00:02:21,760 --> 00:02:28,960 We had one up where I went to college and I spent a pretty solid amount of time there me and the owner were on a 30 00:02:29,080 --> 00:02:31,080 first-name basis and I 31 00:02:32,880 --> 00:02:38,720 Even I guess I should have even worked there because I spent so much time there, but that would probably be it for me. I 32 00:02:38,720 --> 00:02:42,800 Know where everything is yeah pretty much 33 00:02:43,920 --> 00:02:45,920 What are you Kelsey? I 34 00:02:46,520 --> 00:02:50,880 Think I have to go so much stereotypical and say bookstore like a cute little bookstore 35 00:02:52,040 --> 00:02:58,320 Anybody's ever been in a wild rumpus in Minneapolis or Lyndon Hills technically neighborhood. It's in there's like 36 00:02:58,760 --> 00:03:03,760 Animals and cats walking around and I'm like yes not to bring it back to my crazy cat ladies self 37 00:03:03,760 --> 00:03:09,680 But yeah, 100% I'm like oh cozy reading nooks and the smell of books and then random furry animal 38 00:03:09,680 --> 00:03:12,520 That was like yep. I wasn't doing this. I'd be doing that 39 00:03:14,080 --> 00:03:16,080 That's a good one. I 40 00:03:16,880 --> 00:03:20,760 Came up with this question and I feel like a good answer. I I 41 00:03:21,720 --> 00:03:27,680 Like to go to like the candle shops just because I like to smell all the candles 42 00:03:27,680 --> 00:03:33,280 Um, so maybe something like that or I like so 43 00:03:33,840 --> 00:03:35,840 candles are like honey 44 00:03:36,400 --> 00:03:42,040 Yeah, like little interesting like food items, you know that you can't get anywhere else 45 00:03:42,040 --> 00:03:45,240 I think that would be fun to do mostly because that's the stuff I want to buy 46 00:03:45,560 --> 00:03:49,720 You know, I just I'll buy a well store and I want a candle. Yeah, 100% 47 00:03:51,320 --> 00:03:53,320 Yes 48 00:03:53,320 --> 00:03:58,600 Kelsey you like knit or crochet right you do one of them, right? That's a good 49 00:03:59,400 --> 00:04:06,920 Answer I was gonna say cuz that in still water there used to be a yarn shop and you would go there and just watch 50 00:04:07,080 --> 00:04:10,800 You know a bunch of the ladies just sitting around in a circle 51 00:04:11,600 --> 00:04:13,600 you know having their conversation and 52 00:04:14,160 --> 00:04:17,920 Creshing or knitting and that seemed like a lot of fun, right and so 53 00:04:18,800 --> 00:04:20,800 Yeah, I don't 54 00:04:20,800 --> 00:04:24,240 But that would be a nice cute little location, right? 55 00:04:24,960 --> 00:04:26,960 I'd still be 56 00:04:28,440 --> 00:04:34,840 Next to the candle shop and then across the street will have all of your shops and the women can not to be stereotypical 57 00:04:34,840 --> 00:04:37,680 Everybody can go both sides of the street y'all 58 00:04:40,160 --> 00:04:42,160 Yeah, I 59 00:04:42,280 --> 00:04:47,000 Love it. I love it. Well talking about small businesses. I mean that is 60 00:04:47,000 --> 00:04:52,760 The world that we service and today we're talking about protecting your small business 61 00:04:53,920 --> 00:04:56,720 Specifically with ham solutions. So today 62 00:04:57,920 --> 00:05:01,800 Kelsey and myself are joined by Todd our COO and CISO 63 00:05:02,000 --> 00:05:09,000 Nate our director of cybersecurity in August our soft technician and I'm gonna throw a challenge 64 00:05:09,800 --> 00:05:11,240 I 65 00:05:11,240 --> 00:05:14,640 Want like in 30 seconds so short 66 00:05:14,640 --> 00:05:16,640 What is a 67 00:05:17,400 --> 00:05:20,120 Pam solution and then we can go in deeper 68 00:05:26,040 --> 00:05:30,720 Zero chance neither Nate or I can do it in 30 seconds. I think it's gonna have to be August 69 00:05:32,520 --> 00:05:34,520 Me alright 70 00:05:35,360 --> 00:05:40,800 Pam standing for privileged access management basically locking down your environment from 71 00:05:42,080 --> 00:05:43,160 having 72 00:05:43,160 --> 00:05:45,160 local admin running on your device 73 00:05:45,840 --> 00:05:50,600 for all users so they can't run any programs as 74 00:05:51,440 --> 00:05:55,360 administrator or have those elevated rights to make changes to your 75 00:05:56,680 --> 00:05:58,680 computers such as 76 00:05:59,840 --> 00:06:01,840 Unblanking 77 00:06:01,760 --> 00:06:03,240 Like your 78 00:06:03,240 --> 00:06:08,880 Your registry editor or opening PowerShell or command prompt or stuff like that. So 79 00:06:08,880 --> 00:06:10,880 I 80 00:06:11,200 --> 00:06:13,200 Did it that's awesome 81 00:06:15,240 --> 00:06:17,200 And that's the end of the podcast thanks for coming 82 00:06:21,040 --> 00:06:23,040 Where's my outro music 83 00:06:25,720 --> 00:06:31,560 So if you had to expand on that because I know that Todd and Nate are both like itching to expand 84 00:06:31,560 --> 00:06:34,160 What would you sort of add to that? I? 85 00:06:34,160 --> 00:06:37,800 Guess one of the main things there is that 86 00:06:38,840 --> 00:06:40,840 Allowing 87 00:06:40,840 --> 00:06:46,240 End users to have full admin access to their systems is extremely dangerous 88 00:06:46,880 --> 00:06:49,160 You know and that's not me trying to 89 00:06:51,000 --> 00:06:56,080 Overplay the importance of a Pam and it's also you are talking to a security person 90 00:06:56,080 --> 00:07:00,040 Right and I is kind of one of those core foundational things 91 00:07:00,040 --> 00:07:05,280 But people don't always understand the true severity of it and so 92 00:07:05,800 --> 00:07:12,880 This is one of the things where it's goes far beyond just that the users could potentially make a change to 93 00:07:13,280 --> 00:07:19,040 their system right or install news software on that system as well, but 94 00:07:19,920 --> 00:07:25,280 We know that you know fishing attacks have been greatly on the rise over the years 95 00:07:25,280 --> 00:07:27,560 A lot of different metrics that you can look out there 96 00:07:27,560 --> 00:07:33,760 But you know we do see it continue to spike up especially during the shift to remote workforce 97 00:07:34,640 --> 00:07:37,440 But as this is happening 98 00:07:38,680 --> 00:07:45,400 There's core data and files on your system that manage credentials 99 00:07:45,800 --> 00:07:50,600 So your your devices they store passwords temporarily 100 00:07:50,920 --> 00:07:53,960 So that way they can either minimize the number of 101 00:07:53,960 --> 00:07:59,320 Minimize the number of passwords that someone has to type in to be able to log in but then also 102 00:08:00,320 --> 00:08:06,360 in terms of how do you log in offline right if you have no internet can you still get in there 103 00:08:06,680 --> 00:08:14,000 There's a tax and I'm not going to go into depth of them called like past the hash attacks where if someone had local admin 104 00:08:14,000 --> 00:08:16,360 They had someone potentially get into that device 105 00:08:16,360 --> 00:08:24,000 You can take those administrative credentials and then go log straight into the most privileged servers in the environment 106 00:08:24,960 --> 00:08:28,640 And so a normal user wouldn't typically intend to do that 107 00:08:29,240 --> 00:08:37,080 But it makes it extremely easy to bypass all other security controls in the environment just because they have local admin 108 00:08:39,440 --> 00:08:41,440 Yeah, I'll 109 00:08:41,440 --> 00:08:47,920 Back up a little bit. I we do love our acrimonial so we did Pam with thankfully August explain explained it 110 00:08:47,920 --> 00:08:50,600 I know we get into SMB to which is small and medium businesses 111 00:08:51,040 --> 00:08:53,560 But kind of backing up on the privileges is 112 00:08:54,080 --> 00:09:01,720 Most people probably feel what privilege access looks like in the form of the UAC control and I it's just an acrimon 113 00:09:01,720 --> 00:09:05,880 I could tell you couldn't tell you what it is access control, but I don't know what it is user access control 114 00:09:05,880 --> 00:09:07,240 I believe 115 00:09:07,240 --> 00:09:12,720 And what that is is like when you get a new software you're gonna install quick books or or the latest and greatest 116 00:09:12,720 --> 00:09:16,720 Turbo tax on your own home PC you go to install and it pops up and says hey 117 00:09:16,720 --> 00:09:17,840 Are you sure you want to do this? 118 00:09:17,840 --> 00:09:23,680 And of course everybody says yes without thinking about it that is the initial kind of control that Windows puts into it 119 00:09:24,520 --> 00:09:26,680 Unfortunately, the bad guys are incredibly clever and they go 120 00:09:26,680 --> 00:09:32,840 How can I abuse everything which gets into the stuff that Nate was talking about on the deep level of past the hash and other types of things? 121 00:09:32,840 --> 00:09:38,800 But essentially the reason why a lot of people tend to have administrative rights is because it's convenient 122 00:09:39,600 --> 00:09:43,000 I want to update my version of Adobe whatever the case may be 123 00:09:43,600 --> 00:09:49,680 Chrome is bugging me for an update whatever that may be those types of things are just hitting yes, please move on and stop bothering me 124 00:09:49,920 --> 00:09:51,920 It's very very convenient 125 00:09:51,920 --> 00:09:59,560 We have some very technical individuals on our team and it's no surprise that they all want to have the privileged access to do what they want 126 00:09:59,560 --> 00:10:05,520 They're smart enough not to click on the bad thing etc. That being said as Nate said we're super paranoid 127 00:10:05,520 --> 00:10:11,040 We're not okay with that you're gonna have to deal with some of some layer of friction just to slow you down enough 128 00:10:11,040 --> 00:10:13,840 So you don't click the thing and get us into trouble 129 00:10:15,080 --> 00:10:20,960 So on the deep level the reason you have privileges because it allows you to do everything right? 130 00:10:20,960 --> 00:10:29,400 It gets you the ability to do the install the bad side of it is it's exactly what August and Nate were saying is you can do a whole 131 00:10:29,400 --> 00:10:34,720 Bunch of stuff with admin you can edit the registry you can install additional things you didn't mean to do 132 00:10:35,040 --> 00:10:43,000 The level of abuse that can be had from having admin privileges as they call it the keys of the kingdom for a reason 133 00:10:44,800 --> 00:10:51,480 So I think we could dive deeper into like benefits and challenges but before we do that 134 00:10:52,800 --> 00:10:54,800 You know oftentimes I'll ask 135 00:10:54,800 --> 00:10:59,800 So does everybody need this and then the answer is always yes so I'm gonna pose it in 136 00:11:00,400 --> 00:11:06,200 Is there is there anyone like my little mom and pop shop that has like five employees? 137 00:11:06,200 --> 00:11:09,160 Is this still right for that or is there? 138 00:11:10,080 --> 00:11:15,600 Kind of a line where yes, you should have it or no, it's not maybe not right 139 00:11:16,040 --> 00:11:20,200 Who needs this? Well, we're insecure. So the answer is yes. Everybody needs it 140 00:11:22,360 --> 00:11:24,080 So 141 00:11:24,080 --> 00:11:30,680 The reason why there is a such a solution as privilege access management is because to be safe 142 00:11:30,680 --> 00:11:35,520 You really shouldn't use that admin privilege day in and day out and for the most part 143 00:11:35,520 --> 00:11:42,160 You really don't need that you don't need the keys to the kingdom to open up a word document or answer your email 144 00:11:42,160 --> 00:11:46,520 Whatever the case may be and so if you had the ability to say day in and day out 145 00:11:46,520 --> 00:11:49,720 I'm gonna use an account called Todd, but when I need to install software 146 00:11:49,720 --> 00:11:55,200 I'm gonna log in as Todd admin that would be ideal most people aren't willing to do that. That's inconvenient 147 00:11:56,160 --> 00:12:00,880 So the tool itself is a process of automating that transition for you 148 00:12:00,880 --> 00:12:06,240 So you can be logged in as Todd normal user and it says hey, are you sure you want to do this? 149 00:12:06,240 --> 00:12:11,120 This tool is intercepting that and saying I have the ability to make sure it's a secure transaction 150 00:12:11,800 --> 00:12:17,000 Without giving you full blown access to everything. So my answer is yes 151 00:12:17,000 --> 00:12:21,880 But I'll let the other two expand on that or disagree with me if that's the case that may be 152 00:12:24,080 --> 00:12:26,400 I would say also yes 153 00:12:26,920 --> 00:12:31,360 Kind of going off on Todd there since small and medium businesses are the most 154 00:12:31,960 --> 00:12:33,960 attacked surfaces for 155 00:12:35,720 --> 00:12:41,200 Businesses I would say that they would would be a higher risk than some of those enterprise levels 156 00:12:43,240 --> 00:12:45,240 So 157 00:12:45,240 --> 00:12:50,960 Yeah, what one expansion on that is the enterprise probably already has it. Yeah. Yeah, exactly 158 00:12:52,000 --> 00:12:54,000 my answer is it 159 00:12:54,320 --> 00:12:57,480 Depends and I'm gonna default more towards the yes 160 00:12:58,440 --> 00:13:03,920 There are some very slight things that I could see where you maybe decide not to and Todd already 161 00:13:04,200 --> 00:13:08,200 touched on a briefly is if you're willing to do the due diligence on 162 00:13:09,640 --> 00:13:14,200 Removing those and ensuring that you aren't running something malicious 163 00:13:14,200 --> 00:13:16,200 But it quickly 164 00:13:17,480 --> 00:13:20,440 Starts to fail when you start talking about the 165 00:13:21,440 --> 00:13:28,720 Long-term usability of that. So for example, maybe you are a very small organization and there's one person there 166 00:13:28,720 --> 00:13:34,480 That's allowed to do the permissions to be able to elevate or install new software 167 00:13:34,640 --> 00:13:40,360 What happens when they're on vacation? What happens when they're sick? What happens, you know in those instances? 168 00:13:40,600 --> 00:13:42,600 Does the business have to stop? 169 00:13:42,600 --> 00:13:46,840 to do something basic because at that point you're not a 170 00:13:48,080 --> 00:13:50,080 Proving new common 171 00:13:50,280 --> 00:13:52,280 item so for example, it could be a 172 00:13:52,960 --> 00:13:57,560 Google Chrome update. It could be a driver update. Maybe you're 173 00:13:58,120 --> 00:14:02,800 The the wireless is a little finicky. Maybe a USB driver needs to be updated 174 00:14:04,080 --> 00:14:10,080 Updating just the OS it to the latest and greatest security patches, right something basic like that 175 00:14:10,080 --> 00:14:15,520 As soon as you're gone from the office, it becomes extremely difficult and then it does start 176 00:14:16,120 --> 00:14:19,120 Prompting you fairly often if you're trying to do some of this basic stuff 177 00:14:20,000 --> 00:14:22,000 again, that's where Todd said that 178 00:14:22,240 --> 00:14:26,160 When you implement something like a PAM solution it can go 179 00:14:26,760 --> 00:14:29,320 pull from global policies and global 180 00:14:30,040 --> 00:14:33,960 items saying that I know that any time something is an 181 00:14:33,960 --> 00:14:40,840 8 signed by HP or Dell for those driver updates just automatically let it through you there is no extra prompt 182 00:14:41,240 --> 00:14:45,960 Anytime there is a Chrome update or a security update to the system allow those through 183 00:14:46,440 --> 00:14:47,640 without 184 00:14:47,640 --> 00:14:51,960 consistently inundating the end users for admin credentials so 185 00:14:52,800 --> 00:14:57,960 You can get through it without it. It's just more of a burden on the administrative side 186 00:14:57,960 --> 00:15:04,360 Yeah, definitely. So we've talked a little bit about what it is and who needs it 187 00:15:06,480 --> 00:15:14,640 These are we touched a little bit on the benefits and some on the challenges if you want to you know 188 00:15:15,800 --> 00:15:18,840 We've talked about NFA before and that that's such an easy 189 00:15:19,600 --> 00:15:20,800 cost-efficient 190 00:15:20,800 --> 00:15:22,800 Everyone needs to do that. Is there any 191 00:15:22,800 --> 00:15:27,480 Any challenges that people are going to face trying to implement this? 192 00:15:27,720 --> 00:15:33,080 What does that look like if a business says yes, let's do it. What do they do? I? 193 00:15:34,720 --> 00:15:36,720 Yeah, August I'd say 194 00:15:36,920 --> 00:15:40,000 You probably have the most experience actually helping implemented but 195 00:15:40,600 --> 00:15:44,840 Small and BDMI I'd say are pretty dang easy to get this implemented 196 00:15:45,400 --> 00:15:47,560 But I'll let you go into more depth there 197 00:15:47,560 --> 00:15:53,040 Yeah, it is kind of going off of what Nate was saying about usability and when your 198 00:15:53,840 --> 00:15:59,760 Admin is gone or out sick. It's when a user is trying to install something like even a SaaS solution 199 00:16:00,520 --> 00:16:01,680 and 200 00:16:01,680 --> 00:16:04,520 Just a basic install if they're out of office 201 00:16:06,160 --> 00:16:10,920 You can't get that installed and if you don't have an overarching MSP 202 00:16:10,920 --> 00:16:20,240 You know, I would say that it's a little bit of a challenge to be managing your IT. It can be very frustrating for a user to not be able to do their basic job. So 203 00:16:21,400 --> 00:16:23,960 I would say that could be a limitation of just 204 00:16:24,920 --> 00:16:27,920 Availability to the user to get their work done 205 00:16:29,720 --> 00:16:31,240 But I 206 00:16:31,240 --> 00:16:33,240 Would say that 207 00:16:33,240 --> 00:16:38,600 It's still pros and cons pros still outweigh the cons at that point, but yeah, I would say a hundred percent availability is the limitation 208 00:16:38,600 --> 00:16:40,600 Yeah 209 00:16:40,840 --> 00:16:43,960 Housekeeping sass is software as a service 210 00:16:45,800 --> 00:16:52,080 When it comes to SMB is I don't want everybody to just focus solely on mom and pops because those do exist and that to me 211 00:16:52,080 --> 00:16:57,560 There's they still mention rights. I mentioned my wife runs a flower shop. Could she use it? Absolutely 212 00:16:58,480 --> 00:17:05,200 But other places where you may see a little bit more friction as we do work with a fair number of banks that may be in that smaller category 213 00:17:05,200 --> 00:17:10,640 And then sometimes they outsource some of their tools to a larger organization or their core banking 214 00:17:10,640 --> 00:17:12,920 This is referred to and in some of those cases 215 00:17:12,920 --> 00:17:19,440 There are things that happen in the background of some of their systems that in the cybersecurity world you would consider to be malicious 216 00:17:19,920 --> 00:17:21,680 And for example 217 00:17:21,680 --> 00:17:25,880 One tool in particular when you launch it it tries to run this is a little bit older technology 218 00:17:25,880 --> 00:17:32,800 They call it a batch file and it triggers this this tool on the outside of the application to run if you will and that is typically not 219 00:17:32,800 --> 00:17:35,280 something you want to do in the cyber world and 220 00:17:36,000 --> 00:17:41,200 Fortunately, unfortunately, whatever in this particular instance that is normal behavior for that particular tool set 221 00:17:41,200 --> 00:17:45,360 So there is nuance in it if you just went in you install the PAM solution 222 00:17:45,360 --> 00:17:47,520 It may keep you from doing some of those kinds of things going 223 00:17:47,520 --> 00:17:51,200 Hey, that's not normal that that other thing shouldn't require that permission 224 00:17:51,720 --> 00:17:53,640 And you just need to work through it 225 00:17:53,640 --> 00:18:01,000 But the tools are designed in such a manner where they understand that modern work happens at a different pace and that the full 226 00:18:01,000 --> 00:18:05,320 Belong bring in a company to its knees is not all right. So there's usually kind of a 227 00:18:06,880 --> 00:18:10,800 Monitoring process if you will be formed doing a full implementation that you can kind of walk through 228 00:18:10,960 --> 00:18:16,080 And of course you can always rely on experts like August to help get you up to speed as fast as humanly possible 229 00:18:19,000 --> 00:18:22,120 Yeah, one of the things that I did one mention as well as 230 00:18:23,200 --> 00:18:29,000 Especially the small medium businesses that are in a regulated space Todd did mention this with the core banking 231 00:18:29,000 --> 00:18:31,000 But one of the main challenges that 232 00:18:31,720 --> 00:18:37,280 You see in these different industries is that the auditors the regulators they will say 233 00:18:37,800 --> 00:18:43,660 You are not allowed to give your users local admin, but then your critical core system 234 00:18:44,080 --> 00:18:48,160 Requires admin to be able to run effectively or maybe even start 235 00:18:49,160 --> 00:18:52,440 CIT we use to use an application for all of our remote access 236 00:18:53,200 --> 00:18:55,200 It required local admin 237 00:18:55,520 --> 00:18:57,520 but for our own 238 00:18:57,520 --> 00:19:04,720 Own compliance we can't do that right so there's a conflict there and that's where the tool comes in and can solve 239 00:19:04,720 --> 00:19:06,720 both of those issues 240 00:19:07,880 --> 00:19:11,360 That's where again we do that with the banks we do that with other 241 00:19:12,840 --> 00:19:16,180 Some of the manufacturing firms I know that sometimes they will have 242 00:19:16,900 --> 00:19:24,040 Software in order to allow the shop floor to run or do AutoCAD designs maybe to create the next 243 00:19:24,040 --> 00:19:31,960 Product there those ones typically require admin to be able to go modify some of the registry files when there's a new update 244 00:19:32,720 --> 00:19:36,420 again, that becomes an issue and so 245 00:19:37,480 --> 00:19:43,360 That's where again these these solutions are just a very nice middle layer to 246 00:19:43,360 --> 00:19:55,680 Solve the interaction between the user and the system without really getting in their way too much. Yeah 247 00:19:56,240 --> 00:19:58,240 So it's been a very 248 00:19:59,400 --> 00:20:01,400 kind of basic overview it 249 00:20:02,640 --> 00:20:04,640 Is there anything about 250 00:20:05,800 --> 00:20:07,800 These PAM solutions either 251 00:20:09,000 --> 00:20:11,000 Benefits or challenges or implementation 252 00:20:11,000 --> 00:20:15,600 That you want to dive a little bit 253 00:20:15,600 --> 00:20:19,120 I know we're kind of running out of time and we'll definitely come back to this in the future 254 00:20:19,360 --> 00:20:24,960 But is there anything that you want to add or cover as we kind of finish up here? 255 00:20:25,960 --> 00:20:28,160 I would say just implementation wise 256 00:20:28,160 --> 00:20:35,120 It's a pretty easy rollout for most organizations since like I think Todd was touching on it briefly of 257 00:20:35,120 --> 00:20:42,240 When the applications get rolled out into your environment that your PAM solution normally like 258 00:20:42,440 --> 00:20:48,480 Learns your environment at that point and then you can make edits within there look at what's being 259 00:20:48,880 --> 00:20:50,880 Denied what's being allowed and then also 260 00:20:51,680 --> 00:20:55,600 What applications are running that local admin? I think there's a podcast about 261 00:20:56,560 --> 00:21:04,320 Banks and what applications they're running as local admin and I I know that it's nice to make those edits to lock down your environment 262 00:21:04,320 --> 00:21:09,760 But give that one application local admin. I think as well as what Nate was touching on so 263 00:21:11,280 --> 00:21:13,280 Implementation is pretty easy 264 00:21:13,760 --> 00:21:18,960 Learning your environment is easy and then switching it on when when you're all said and done so 265 00:21:19,720 --> 00:21:25,160 Yeah, we don't get into it often but but the whole point of the podcast is really education, right? 266 00:21:25,160 --> 00:21:31,560 So when it comes to streamlining the implementation, there is a benefit of working with an organization like CIT 267 00:21:31,560 --> 00:21:36,560 As we're talking about tools like this August is giving you the guts of this is what it can do 268 00:21:36,560 --> 00:21:38,600 This is how it can do it and we've learned a lot about it 269 00:21:38,600 --> 00:21:42,800 The nice thing about teams like us is we work with a lot of banks 270 00:21:42,800 --> 00:21:47,840 So if we know what I was talking about earlier, whether it's a it's a batch file or something along those lines 271 00:21:47,880 --> 00:21:53,480 We can take that knowledge and apply it to all of the banks and we can create global policies if you will and we can say 272 00:21:53,720 --> 00:21:58,560 This is the standard best practice for a bank if you will that is incredibly 273 00:21:58,560 --> 00:22:02,240 Benefit and it will absolutely streamline the process of implementation 274 00:22:02,800 --> 00:22:06,800 And it'll get you in the best place as fast as possible as I mentioned a little bit earlier 275 00:22:07,600 --> 00:22:10,480 one other little challenge that I know comes up often is 276 00:22:11,120 --> 00:22:15,860 Because every organization is at their own journey their own level of maturity 277 00:22:16,480 --> 00:22:20,880 Sometimes it's not something you may have planned for and as such you just kind of got to go 278 00:22:20,880 --> 00:22:22,280 Okay, well, what does that look like? 279 00:22:22,280 --> 00:22:24,800 What is this costing look like and if you can't forward it today? 280 00:22:24,800 --> 00:22:29,400 Start thinking about how you budgeted into the next year because it is something that is important 281 00:22:29,720 --> 00:22:31,840 As I mentioned in that journey aspect 282 00:22:31,840 --> 00:22:37,480 There's a 1a1b that we talk about constantly and that's a EDR and MFA get those in place as fast as reasonably possible 283 00:22:37,480 --> 00:22:44,320 And then we start talking about what's next and this is one of those items that definitely falls in that category of what's next I 284 00:22:45,640 --> 00:22:47,640 Was gonna make a joke here because I 285 00:22:48,600 --> 00:22:53,280 So for those just listening to the audio Todd and I are wearing the same shirt here today 286 00:22:53,280 --> 00:22:56,160 but then I was just about to start talking about how 287 00:22:56,800 --> 00:23:02,520 At the same the shameless plug of we work with all these different organizations that are in similar spaces 288 00:23:03,280 --> 00:23:04,440 so 289 00:23:04,440 --> 00:23:10,680 That is one of the main benefits of if you're gonna look to work with you know, CIT for a solution like this 290 00:23:10,720 --> 00:23:14,800 So August had mentioned that typically these PAM solutions 291 00:23:14,800 --> 00:23:19,460 They'll go learn your environment not all of them do that and so that's 292 00:23:19,460 --> 00:23:26,380 Another differentiator is there are solutions out there that can accommodate this but it's a very manual on 293 00:23:27,260 --> 00:23:33,940 Inventoring all your systems finding out what software what drivers who would you know other applications are there? 294 00:23:34,060 --> 00:23:38,700 What devices is it running on and then you have to go manually build all these policies? 295 00:23:38,700 --> 00:23:42,380 That's why CIT found the solution that we did we use it internally 296 00:23:42,580 --> 00:23:46,660 We you know work with all these other organizations to also do that 297 00:23:47,260 --> 00:23:48,940 and then 298 00:23:48,940 --> 00:23:52,860 Like Todd mentioned is we have global policies. We have different 299 00:23:53,580 --> 00:24:01,500 subset of policies that you know, maybe only apply to your organization all the way down to you know a particular user on one workstation 300 00:24:02,500 --> 00:24:04,500 for those permissions, but 301 00:24:04,900 --> 00:24:12,820 That's the the benefit is if we ever see something like an HP update or something. That's just very basic 302 00:24:12,820 --> 00:24:15,340 It's everything checks out properly 303 00:24:15,340 --> 00:24:18,940 We can apply that at a global level potentially when 304 00:24:19,900 --> 00:24:25,140 Another customer requests it so then by the time you ever try and run that same piece of software 305 00:24:25,420 --> 00:24:30,540 It's just gonna allow it through there is no approval process or anything like that. So it's 306 00:24:31,180 --> 00:24:37,100 It's wildly efficient once you start taking a look at how this gets deployed in scale 307 00:24:38,100 --> 00:24:43,020 I feel like we went and we had quite a high overview and this is worth going into 308 00:24:43,020 --> 00:24:45,500 again in the future so 309 00:24:46,340 --> 00:24:48,260 if you 310 00:24:48,260 --> 00:24:51,740 Definitely check out our website watch our podcast for more information 311 00:24:52,100 --> 00:24:56,660 I'd like to thank Todd Nate and August for joining us today 312 00:24:56,660 --> 00:25:01,580 If you have questions about these PAM solutions, we want to talk to these people you want to learn more 313 00:25:01,860 --> 00:25:08,660 Please reach out to us at info at CIT-net.com or head out to our website at CIT-net.com 314 00:25:08,660 --> 00:25:14,220 CIT-net.com slash podcast and we'll be back next week with an all-new episode