WEBVTT 00:00:00.000 --> 00:00:02.720 Hey, Mike. Good afternoon. How you doing, man? 00:00:03.200 --> 00:00:04.820 Andres, I'm doing well, man. I've been watching 00:00:04.820 --> 00:00:07.440 some basketball without the March Madness. I 00:00:07.440 --> 00:00:10.380 can tell. What is that? Well, this is a Cisco 00:00:10.380 --> 00:00:13.220 official basketball that I've got here to represent, 00:00:13.220 --> 00:00:17.239 you know, March Madness and basketball that's 00:00:17.239 --> 00:00:20.199 going on right now. Got a couple teams left and 00:00:20.199 --> 00:00:23.120 it's been fun to watch. Make sure you get it 00:00:23.120 --> 00:00:26.160 signed by Chuck. Oh, geez. Great call. I'm so 00:00:26.160 --> 00:00:29.679 glad you said that. Nice, man. So yes, it's been 00:00:29.679 --> 00:00:31.859 a while, I guess, like a month and a half or 00:00:31.859 --> 00:00:35.020 so. And, and then I guess, you know, with this 00:00:35.020 --> 00:00:37.479 new episode that we have going today, it is, 00:00:37.479 --> 00:00:40.320 it is going to be interesting because it's going 00:00:40.320 --> 00:00:44.020 to be on, on identity, which is, and from my 00:00:44.020 --> 00:00:45.859 side, it's a lot of the conversations that we've 00:00:45.859 --> 00:00:48.859 been having with customers. I've been hearing 00:00:48.859 --> 00:00:51.600 this, this term that it's the identity is the 00:00:51.600 --> 00:00:55.500 new perimeter. And it is not like a fun term 00:00:55.500 --> 00:00:58.060 anymore or. I don't know if it became like a 00:00:58.060 --> 00:01:00.320 marketing thing at this point, but yeah, we'll 00:01:00.320 --> 00:01:03.320 be hearing about from customers about this. What 00:01:03.320 --> 00:01:05.939 have you heard about it? OK, so big thing for 00:01:05.939 --> 00:01:08.500 me, but I wasn't super shocked when I heard the 00:01:08.500 --> 00:01:12.980 following. But when I saw that identity is now 00:01:12.980 --> 00:01:15.200 the number one threat vector. So it used to be 00:01:15.200 --> 00:01:17.879 what email protect your email? Well, obviously, 00:01:17.920 --> 00:01:21.060 that's still super critical. But identity truly 00:01:21.060 --> 00:01:24.540 is statistically the number one most likely way. 00:01:24.799 --> 00:01:27.379 for an organization to get hacked right now. 00:01:27.900 --> 00:01:29.760 And I know today we're going to talk a little 00:01:29.760 --> 00:01:33.519 bit about identity and just how important that 00:01:33.519 --> 00:01:37.219 really is. Yeah, yeah. And some of like, we're 00:01:37.219 --> 00:01:39.480 going to make sure that we put some some of the 00:01:39.480 --> 00:01:41.560 findings and some of things that we've been looking 00:01:41.560 --> 00:01:46.200 into. Just to create the episode, we see a lot 00:01:46.200 --> 00:01:49.579 of articles created with some metrics, some information, 00:01:50.060 --> 00:01:52.719 some studies that have happened in the backend. 00:01:53.659 --> 00:01:56.760 And then I guess the main thing is this thing 00:01:56.760 --> 00:02:00.060 like the old network perimeter is gone and now 00:02:00.060 --> 00:02:05.000 the identity is the control plane. So that is 00:02:05.000 --> 00:02:06.819 resonating with a lot of people out there and 00:02:06.819 --> 00:02:10.699 that is something that we hear from many customers. 00:02:11.240 --> 00:02:14.430 We also hear... Credential sessions and tokens 00:02:14.430 --> 00:02:17.590 and those are the things that the attackers want 00:02:17.590 --> 00:02:20.129 just to make sure that they have the option to 00:02:20.129 --> 00:02:24.129 unlock your apps data and even domain access. 00:02:24.969 --> 00:02:27.650 You know one of the terms that we keep hearing 00:02:27.650 --> 00:02:32.409 is IGA and for anybody listening in like you're 00:02:32.409 --> 00:02:35.750 going to hear about now that we've said it identity 00:02:35.750 --> 00:02:39.990 governance and administration. So that's become 00:02:39.990 --> 00:02:42.900 more critical than it ever has been and Identity 00:02:42.900 --> 00:02:46.080 governance and administration, just so everyone's 00:02:46.080 --> 00:02:48.560 on the same page here. It's not like a product, 00:02:48.620 --> 00:02:51.580 but that's really like a framework for how an 00:02:51.580 --> 00:02:55.379 organization is managing all the username, username, 00:02:55.599 --> 00:02:59.240 well, the user identities. And it's like the 00:02:59.240 --> 00:03:03.120 policy of those users and what they can access 00:03:03.120 --> 00:03:06.219 in terms of, Hey, this user group has access 00:03:06.219 --> 00:03:09.689 to these devices or these applications. but it's 00:03:09.689 --> 00:03:13.789 how an organization manages the identities and 00:03:13.789 --> 00:03:17.650 how you can be compliant with your organizational 00:03:17.650 --> 00:03:21.370 standards. So IG, Identity, Governance and Administration 00:03:21.370 --> 00:03:24.270 have a lot to say, but it has become really critical. 00:03:25.389 --> 00:03:27.750 I want to read into it. I was going to say that 00:03:27.750 --> 00:03:30.509 it sounds like another security person doing 00:03:30.509 --> 00:03:33.509 policies and creating procedures for a lot of 00:03:33.509 --> 00:03:37.069 the things that we help our customers with. So 00:03:37.069 --> 00:03:39.479 yeah, I'll make sure that I read on it, we'll 00:03:39.479 --> 00:03:41.340 make sure that we add it to the show notes just 00:03:41.340 --> 00:03:44.759 so you can see exactly what it means. And then 00:03:44.759 --> 00:03:48.439 we will get over that at some point. Mike, another 00:03:48.439 --> 00:03:52.300 thing, trusted network. So we hear this from 00:03:52.300 --> 00:03:56.400 many of the products that we talk to about here 00:03:56.400 --> 00:03:59.500 at Cisco. And then, you know, there's one thing 00:03:59.500 --> 00:04:02.080 that, you know, MFA, MFA is the thing, MFA is 00:04:02.080 --> 00:04:05.460 what you're supposed to have, but user is authenticated, 00:04:05.479 --> 00:04:11.139 then what? What do we do? Like, what's the next 00:04:11.139 --> 00:04:14.419 step? What do you think? This has become like, 00:04:14.479 --> 00:04:18.259 you know, security is always staying one step 00:04:18.259 --> 00:04:21.720 ahead or at least in line with the attackers. 00:04:22.100 --> 00:04:25.420 So in terms of a trusted network, it used to 00:04:25.420 --> 00:04:28.079 be, well, let's just make sure you are a trusted 00:04:28.079 --> 00:04:31.839 person on a trusted device. Great. Now we turn 00:04:31.839 --> 00:04:37.009 off our visibility. If you get hacked, after 00:04:37.009 --> 00:04:40.269 that point that your trust was given, that's 00:04:40.269 --> 00:04:42.730 a serious problem. No one's keeping an eye on 00:04:42.730 --> 00:04:45.089 what your device is doing or the traffic. So 00:04:45.089 --> 00:04:50.189 we get into this concept of like continuous verification, 00:04:50.870 --> 00:04:55.029 continuous identity verification, periodic checks 00:04:55.029 --> 00:04:58.029 to make sure that your originally trusted session 00:04:58.029 --> 00:05:01.410 was not compromised. So yeah, to your point, 00:05:01.970 --> 00:05:04.750 I mean, a trusted network is still important. 00:05:05.199 --> 00:05:08.639 But I think security teams need to make sure 00:05:08.639 --> 00:05:12.300 that they are continuously verifying the trust 00:05:12.300 --> 00:05:15.639 level even after you gain that initial access. 00:05:16.220 --> 00:05:19.500 Yeah, yeah. And that is one thing that we keep 00:05:19.500 --> 00:05:23.560 seeing on those documents that we base the whole 00:05:23.560 --> 00:05:29.170 episode on today. There is another term, another 00:05:29.170 --> 00:05:32.189 thing that I've heard also, and it's called phishing 00:05:32.189 --> 00:05:35.350 resistant MFA. And then I'm going to kind of 00:05:35.350 --> 00:05:36.949 read some of the things that we have here is 00:05:36.949 --> 00:05:40.029 based on device trust, policy -based access, 00:05:40.209 --> 00:05:43.430 instead on just relying on password strength 00:05:43.430 --> 00:05:47.350 alone. And I know we do talk about a product 00:05:47.350 --> 00:05:51.209 in a daily basis here at Cisco. And I don't know 00:05:51.209 --> 00:05:53.189 if you want to talk about it a little bit, Mike, 00:05:53.689 --> 00:05:57.209 if you've heard it. Yeah, I mean, of course you're 00:05:57.209 --> 00:06:00.490 referring to Cisco Duo. So Duo, you know, originally 00:06:00.490 --> 00:06:05.269 being an MFA product, it's so much more than 00:06:05.269 --> 00:06:08.930 MFA. You know, neither of us are here to sell 00:06:08.930 --> 00:06:11.709 Duo on the call, but just to use Duo as an example 00:06:11.709 --> 00:06:17.129 of how a security product should be keeping up 00:06:17.129 --> 00:06:22.389 with more advanced threats. If we think about 00:06:22.389 --> 00:06:27.339 evolving from Duo Duo's MFA capabilities to its 00:06:27.339 --> 00:06:30.899 capability to look at the device as well. So 00:06:30.899 --> 00:06:34.339 the health of the device, is this a device that's 00:06:34.339 --> 00:06:37.259 a corporate asset? And, you know, Duo can do 00:06:37.259 --> 00:06:40.220 that. Duo can say, look, I'm going to check your 00:06:40.220 --> 00:06:43.660 identity, but also the device you're on. Like, 00:06:43.800 --> 00:06:47.319 you know, part of this identity governance and 00:06:47.319 --> 00:06:50.420 administration is your identity, but also the 00:06:50.420 --> 00:06:52.519 device you're on. It's kind of like holistic. 00:06:54.469 --> 00:06:58.550 Passwordless is like a newish thing as well. 00:06:58.889 --> 00:07:04.810 So as attackers attack passwords, passwordless 00:07:04.810 --> 00:07:09.910 has become a great way to evolve with these attacks. 00:07:10.350 --> 00:07:14.370 So if you don't have a password, you can't really 00:07:14.370 --> 00:07:17.769 be vulnerable to a weak password in that case. 00:07:18.389 --> 00:07:20.370 So passwordless is, I'm sure we'll talk about 00:07:20.370 --> 00:07:23.660 more with. with using other alternative methods 00:07:23.660 --> 00:07:26.519 other than remembering your password is really 00:07:26.519 --> 00:07:30.500 important. And with any security solution, you 00:07:30.500 --> 00:07:33.560 got to keep up with the times. And if you think 00:07:33.560 --> 00:07:37.300 about even Cisco Duo, like back in the day, having 00:07:37.300 --> 00:07:42.420 MFA alone was great and would stop most identity 00:07:42.420 --> 00:07:45.980 -based attacks. But you want to take a touch 00:07:45.980 --> 00:07:49.100 on maybe what we call push fatigue, like MFA 00:07:49.100 --> 00:07:54.660 push fatigue. And that is some of the modern 00:07:54.660 --> 00:07:58.360 identity attacks. We started seeing, and this 00:07:58.360 --> 00:08:01.339 is when we started seeing here at Cisco as an 00:08:01.339 --> 00:08:05.439 employee, that we didn't have to just accept 00:08:05.439 --> 00:08:08.660 a push notification and that was it. We started 00:08:08.660 --> 00:08:12.560 seeing like a verified push with a code that 00:08:12.560 --> 00:08:16.300 we had to enter in the computer. And it just 00:08:16.300 --> 00:08:19.970 evolved into something else right now that it 00:08:19.970 --> 00:08:24.069 is not only verifying that push it is also verifying 00:08:24.069 --> 00:08:27.550 that like the passkey that you have in your computer 00:08:27.550 --> 00:08:30.610 like your fingerprint i guess windows does it 00:08:30.610 --> 00:08:32.809 with this thing called windows hello which is 00:08:32.809 --> 00:08:36.529 your face or biometric print as well but it is 00:08:36.529 --> 00:08:40.190 it is just the response from the security products 00:08:40.190 --> 00:08:43.629 on that alert fatigue like craziness that you 00:08:43.629 --> 00:08:45.789 know and and i'm seeing it the other day i started 00:08:45.789 --> 00:08:48.820 seeing like a bunch of my personal email bunch 00:08:48.820 --> 00:08:51.159 of hey somebody's trying to log into your account 00:08:51.159 --> 00:08:53.419 you want to accept it and then they have a number 00:08:53.419 --> 00:08:55.259 and you know i don't even know what the number 00:08:55.259 --> 00:08:58.220 they're seeing is the number that i that i have 00:08:58.220 --> 00:09:00.679 here so you know in my case what i've been doing 00:09:00.679 --> 00:09:04.220 for those and gosh i still get them for from 00:09:04.220 --> 00:09:07.799 time to time like at least one a day I just denied 00:09:07.799 --> 00:09:10.019 that the login, it just makes me feel a little 00:09:10.019 --> 00:09:12.179 better. You know, probably I have to probably 00:09:12.179 --> 00:09:15.759 change it again, but, but I'll feel like more 00:09:15.759 --> 00:09:19.220 secure just because I have that security piece 00:09:19.220 --> 00:09:22.860 in place. Yeah. When you get that message that's, 00:09:23.139 --> 00:09:25.700 Hey, someone's trying to log in. Is this you? 00:09:25.960 --> 00:09:29.539 And you're like, I'm not trying to log in. It's, 00:09:29.539 --> 00:09:32.539 it's scary, especially if it's your bank account 00:09:32.539 --> 00:09:36.029 or something like that. But it's also like. I 00:09:36.029 --> 00:09:38.509 get the feeling of, I am so glad I have the MFA 00:09:38.509 --> 00:09:42.090 on for this, you know? Yeah, I've been talking 00:09:42.090 --> 00:09:44.129 to my dad the other day. I was talking to him 00:09:44.129 --> 00:09:46.929 and I was like, hey, I'm getting hacked. And 00:09:46.929 --> 00:09:49.269 he's like, oh, we're like, let's go to a computer. 00:09:49.370 --> 00:09:50.929 Let's go fix it. Well, whatever, whatever you 00:09:50.929 --> 00:09:52.830 need to do. And I'm like, no, no, I'm fine. You 00:09:52.830 --> 00:09:55.909 know, it's they cannot access from from whatever 00:09:55.909 --> 00:09:59.929 they are. You know, the verify, you know, in 00:09:59.929 --> 00:10:03.309 our parents and their parents, those are the 00:10:03.309 --> 00:10:06.000 people most vulnerable as well. I mean, for one, 00:10:06.320 --> 00:10:10.159 if you just have basic MFA on there, that's susceptible, 00:10:10.220 --> 00:10:14.139 but they might not have MFA on at all. You know, 00:10:14.159 --> 00:10:16.019 they're used to, oh, I need to quickly change 00:10:16.019 --> 00:10:18.980 my passwords. My password got hacked. But, you 00:10:18.980 --> 00:10:21.299 know, when you've got that multi factor, that 00:10:21.299 --> 00:10:23.539 additional step, that's really key here. Hey, 00:10:23.580 --> 00:10:25.379 you know, have you heard of or have you looked 00:10:25.379 --> 00:10:29.559 into the blue low low energy Bluetooth push that 00:10:29.559 --> 00:10:33.179 Biro does now? I guess I think I've heard a little 00:10:33.179 --> 00:10:35.940 bit about it, but don't Be honest with you don't 00:10:35.940 --> 00:10:38.840 know much, but, but it looks like, like a really, 00:10:38.840 --> 00:10:40.899 really, really nice technology. You know, it 00:10:40.899 --> 00:10:43.940 just picks up that your device is close. I think 00:10:43.940 --> 00:10:47.220 is what it is. Right? Exactly. Yeah. So basically, 00:10:47.220 --> 00:10:52.080 you know, you log into a website, you know, your 00:10:52.080 --> 00:10:55.039 username and password is correct. The duo push 00:10:55.039 --> 00:10:58.759 essentially, you know, the presence of your phone, 00:10:58.919 --> 00:11:02.909 your, your, your multifactor device. physically 00:11:02.909 --> 00:11:05.590 close to the computer that made the request of 00:11:05.590 --> 00:11:08.370 the website is really what's happening there. 00:11:08.710 --> 00:11:12.590 So if you're an attacker, you're like, that's, 00:11:12.590 --> 00:11:15.649 it's immediately going to block that because 00:11:15.649 --> 00:11:18.610 they don't, unless they also have your phone 00:11:18.610 --> 00:11:21.110 right by the computer. I like solutions like 00:11:21.110 --> 00:11:25.649 that because it's very simple, like to the user, 00:11:25.970 --> 00:11:28.370 you know, so I don't even need to be involved 00:11:28.370 --> 00:11:34.019 with this. with this process if I'm being attacked. 00:11:34.279 --> 00:11:36.220 I mean, the attacker is on the other side of 00:11:36.220 --> 00:11:39.779 the world. I don't, you know, I'm not even, don't 00:11:39.779 --> 00:11:41.940 even have to mess with this. And then when I'm 00:11:41.940 --> 00:11:44.840 the real person going to the website, cool, it 00:11:44.840 --> 00:11:47.220 just seamlessly work. Just like my phone right 00:11:47.220 --> 00:11:51.399 here. Yeah, that's pretty cool. I kind of knew 00:11:51.399 --> 00:11:53.759 a little bit on a high level what it would do, 00:11:53.940 --> 00:11:55.559 but that's pretty cool. That's pretty cool that 00:11:55.559 --> 00:11:58.879 we can do that. Another, like, I want to like, 00:11:59.039 --> 00:12:01.460 I know we have like three bullet points on some 00:12:01.460 --> 00:12:04.220 modern identity attacks but I'll probably take 00:12:04.220 --> 00:12:08.340 one and just group them all like we see token 00:12:08.340 --> 00:12:11.179 theft and this is whenever an attacker makes 00:12:11.179 --> 00:12:16.139 your steals your token or your session And in 00:12:16.139 --> 00:12:18.419 this case, and I've been seeing this a lot in 00:12:18.419 --> 00:12:21.059 Instagram and TikTok and a bunch of other places 00:12:21.059 --> 00:12:24.159 that they may be able to bypass MFA entirely. 00:12:24.659 --> 00:12:27.700 So this is one of things to be aware of that 00:12:27.700 --> 00:12:31.039 it's happening. I think on the same wavelength, 00:12:31.259 --> 00:12:36.039 we also see the odd abuse. And this is just adversaries 00:12:36.039 --> 00:12:39.960 or they just legitimately use old workflows to 00:12:39.960 --> 00:12:44.590 just... get into applications and get consent 00:12:44.590 --> 00:12:48.549 from the user just to get some persistent access 00:12:48.549 --> 00:12:51.970 into whatever they're after. And then the other 00:12:51.970 --> 00:12:55.029 thing that is like very close to the same thing 00:12:55.029 --> 00:12:58.690 is the session hijacker and hijacking. And this 00:12:58.690 --> 00:13:01.649 is just, you know, attackers stealing those cookies 00:13:01.649 --> 00:13:04.889 and replay the tokens just to make sure that 00:13:04.889 --> 00:13:08.799 they are authenticated into your session. I know 00:13:08.799 --> 00:13:12.580 I've seen a little bit of things about that but 00:13:12.580 --> 00:13:16.419 that seems you know very complex from what the 00:13:16.419 --> 00:13:19.440 attackers are doing so from from the sense of 00:13:19.440 --> 00:13:22.860 defenders or practitioners this is one thing 00:13:22.860 --> 00:13:25.059 to keep in mind that there are some things that 00:13:25.059 --> 00:13:27.139 are happening in the world there are some ways 00:13:27.139 --> 00:13:29.299 that we're getting attacked and we just have 00:13:29.299 --> 00:13:32.879 to be you know smarter on how do we protect our 00:13:32.879 --> 00:13:36.879 assets I guess. These types of attacks like session 00:13:36.879 --> 00:13:40.659 hijack hijacking, you know, token theft, things 00:13:40.659 --> 00:13:45.759 like that. Those are things that a user should 00:13:45.759 --> 00:13:48.500 not have to be thinking about. And it's confusing. 00:13:48.559 --> 00:13:51.500 Like what, what does that mean? My, my token 00:13:51.500 --> 00:13:54.639 is being stolen. So anyone listening, regardless 00:13:54.639 --> 00:13:58.139 of whether you're using Duo or not, you need 00:13:58.139 --> 00:14:02.419 a security product that again, going back to 00:14:02.419 --> 00:14:06.740 our original point is able to continuously verify. 00:14:07.019 --> 00:14:09.779 Because if you do have something happen with 00:14:09.779 --> 00:14:14.360 like a session getting stolen, that attack can 00:14:14.360 --> 00:14:18.279 persist across multiple devices and multiple 00:14:18.279 --> 00:14:21.259 systems. It won't be checked because that trust 00:14:21.259 --> 00:14:26.379 was granted initially, then it got stolen, now 00:14:26.379 --> 00:14:29.759 it's being reused. But if we have continuous 00:14:29.759 --> 00:14:34.360 verification, we can kind of like recheck. that 00:14:34.360 --> 00:14:37.480 we detected with that session was stolen as being 00:14:37.480 --> 00:14:41.700 reused. So when you're looking at an identity 00:14:41.700 --> 00:14:45.279 security solution, make sure it's not just doing 00:14:45.279 --> 00:14:47.759 that initial access. That's a really, really 00:14:47.759 --> 00:14:50.460 good point, Mike. And then another thing that 00:14:50.460 --> 00:14:53.360 also happens just before we move into the next 00:14:53.360 --> 00:14:56.480 section is it's the privilege escalation. Like 00:14:56.480 --> 00:15:00.299 we see just attackers stealing identity, stealing 00:15:00.299 --> 00:15:03.679 user names, passwords, and They just try multiple 00:15:03.679 --> 00:15:06.720 things. They just go into those computers, see 00:15:06.720 --> 00:15:10.059 if they can gain any access to the domain. They 00:15:10.059 --> 00:15:13.559 can enumerate the actual users that are in the 00:15:13.559 --> 00:15:17.360 system. They can see maybe this user that it's 00:15:17.360 --> 00:15:19.620 called admin. Maybe it's an administrator or 00:15:19.620 --> 00:15:22.759 domain admin. Then they can start messing around 00:15:22.759 --> 00:15:27.029 with things. So that's very, very interesting. 00:15:27.169 --> 00:15:29.610 And of course, what you mentioned, like authorizing 00:15:29.610 --> 00:15:32.590 a user once doesn't mean that the user should 00:15:32.590 --> 00:15:36.090 be authorized to access everything, unless we 00:15:36.090 --> 00:15:39.490 do some sort of verifications every few hours 00:15:39.490 --> 00:15:41.799 or whenever we see like... I'm probably sitting 00:15:41.799 --> 00:15:44.580 here on my computer today, here in my house with 00:15:44.580 --> 00:15:46.659 the dogs, everything. And then I'm just going 00:15:46.659 --> 00:15:49.460 to go to the next Starbucks and go drink a coffee. 00:15:49.779 --> 00:15:52.320 I think there should be like, you know, I'm changing 00:15:52.320 --> 00:15:55.000 networks. I'm changing my IPs. I'm changing everything. 00:15:55.419 --> 00:15:58.240 So, you know, it's more than acceptable just 00:15:58.240 --> 00:16:00.980 to make sure that I get re -authenticated or 00:16:00.980 --> 00:16:03.360 some way of knowing that, you know, it's me and 00:16:03.360 --> 00:16:08.649 that Starbucks. Well, so first thing I think 00:16:08.649 --> 00:16:11.070 about is I love drinking coffee with you I probably 00:16:11.070 --> 00:16:13.090 had over a thousand coffees with you in person 00:16:13.090 --> 00:16:15.690 at different events So we do need to keep that 00:16:15.690 --> 00:16:18.090 in mind. We're always going to different places 00:16:18.090 --> 00:16:21.610 to have coffee Yes, absolutely. And I'll touch 00:16:21.610 --> 00:16:23.870 on you mentioned like the admin accounts like 00:16:23.870 --> 00:16:26.909 the attacker I mean if they get a hold of an 00:16:26.909 --> 00:16:29.769 admin account, that's outstanding for them. It's 00:16:29.769 --> 00:16:33.029 gonna have more access and You know, that's really 00:16:33.029 --> 00:16:36.730 what we mean by privileged access or privileged 00:16:36.730 --> 00:16:40.190 escalation. We're talking about getting access 00:16:40.190 --> 00:16:44.330 to one of these accounts that does have pretty 00:16:44.330 --> 00:16:47.570 broad reach and can get into the really important 00:16:47.570 --> 00:16:50.830 devices and applications on our network. That's 00:16:50.830 --> 00:16:52.990 going to mean more money for the attacker if 00:16:52.990 --> 00:16:56.049 I can get access to like your precious data. 00:16:56.269 --> 00:16:58.970 And I'll tell you this, going back to our previous 00:16:58.970 --> 00:17:03.029 episode, if you guys haven't listened to the 00:17:03.070 --> 00:17:05.970 episode one of season three on zero trust, all 00:17:05.970 --> 00:17:08.849 of this really ties in well with zero trust. 00:17:08.869 --> 00:17:12.269 Cause like your admin access, for example, you 00:17:12.269 --> 00:17:14.529 really want to limit the scope of what your user 00:17:14.529 --> 00:17:17.109 roles are doing ads. And again, admins should 00:17:17.109 --> 00:17:20.849 have access to the things and resources admins 00:17:20.849 --> 00:17:23.529 need to be an admin. That's going to be different 00:17:23.529 --> 00:17:27.170 from like your call center people or your contractors. 00:17:27.230 --> 00:17:30.549 So make sure that, uh, you know, zero trust being 00:17:30.549 --> 00:17:33.609 like a larger topic. But, you know, fundamental 00:17:33.609 --> 00:17:35.890 thing there is once you do verify that identity 00:17:35.890 --> 00:17:38.849 of that user, make sure you're only giving them 00:17:38.849 --> 00:17:42.230 access to the things that user should have access 00:17:42.230 --> 00:17:46.130 to and nothing more. Exactly. Exactly. Now, here's 00:17:46.130 --> 00:17:49.950 another maybe controversial section that we have 00:17:49.950 --> 00:17:52.630 here for everybody that is listening and watching 00:17:52.630 --> 00:17:55.630 this. Mike, and now give back to you on this 00:17:55.630 --> 00:17:57.450 one and just, you know, start with the question 00:17:57.450 --> 00:18:01.869 of where do you see most organizations fail when 00:18:02.490 --> 00:18:05.450 we're talking about securing their identity, 00:18:05.750 --> 00:18:09.990 securing how people are authenticated into the 00:18:09.990 --> 00:18:13.829 system and what do you see that happening? That's 00:18:13.829 --> 00:18:16.650 a good question because there are so many ways 00:18:16.650 --> 00:18:21.349 attackers steal identity. Okay, I'm not even 00:18:21.349 --> 00:18:23.190 going to say that it's because you don't have 00:18:23.190 --> 00:18:26.690 MFA because everyone should have MFA. And I'll 00:18:26.690 --> 00:18:29.329 tell you this, if you weren't aware of this, 00:18:29.990 --> 00:18:33.390 speaking to the audience, The attackers are assuming 00:18:33.390 --> 00:18:35.750 you do have MFA at this point. When we started 00:18:35.750 --> 00:18:38.990 the show three years ago, we were talking about, 00:18:39.450 --> 00:18:41.849 hey, get MFA in place. Make sure MFA is in place. 00:18:41.890 --> 00:18:45.589 At this point, they are assuming you have an 00:18:45.589 --> 00:18:48.970 MFA. And the attacks they are running are assuming 00:18:48.970 --> 00:18:51.029 that you have MFA in place, and they're looking 00:18:51.029 --> 00:18:54.750 for ways to bypass it. I would say, me personally, 00:18:55.369 --> 00:19:00.289 the push fatigue is a big one. Just push fatigue. 00:19:00.509 --> 00:19:02.130 And then another one I want to talk about is 00:19:02.130 --> 00:19:05.269 social engineered attacks related to identity, 00:19:05.609 --> 00:19:08.809 but push fatigue. I mean, it's, it's, it's great 00:19:08.809 --> 00:19:12.349 for an attacker who can say, Hey, look, you, 00:19:12.349 --> 00:19:15.369 you have MFA and I'm just going to create a bot 00:19:15.369 --> 00:19:18.630 that just tries to log into this application 00:19:18.630 --> 00:19:23.109 and sends you an MFA push to your phone every 00:19:23.109 --> 00:19:26.619 10 seconds. And a lot of these attacks. happen 00:19:26.619 --> 00:19:29.839 at nighttime. They happen at nighttime and when 00:19:29.839 --> 00:19:34.400 people are the most busy. And attackers know 00:19:34.400 --> 00:19:38.799 you are statistically more likely to go ahead 00:19:38.799 --> 00:19:42.500 and approve a push. Like, what is this that keeps 00:19:42.500 --> 00:19:45.380 happening? I need to deal with this later. I'm 00:19:45.380 --> 00:19:47.680 sitting down to dinner with more colleagues or 00:19:47.680 --> 00:19:50.680 my family. Those are the times that people are 00:19:50.680 --> 00:19:53.339 most likely to just approve it. and figure it 00:19:53.339 --> 00:19:55.980 out later, okay? It's not the right answer for 00:19:55.980 --> 00:19:58.619 a user to do that, but statistically they're 00:19:58.619 --> 00:20:01.099 more likely to do that. So these attackers know 00:20:01.099 --> 00:20:04.059 that. And the other thing is the social engineering. 00:20:04.200 --> 00:20:08.599 That's a big one. Like if I can call you and 00:20:08.599 --> 00:20:12.140 say, look, it's me, I'm the person you know and 00:20:12.140 --> 00:20:14.799 trust. And I can trick you into thinking I'm 00:20:14.799 --> 00:20:17.779 someone and say, you're about to get a push to 00:20:17.779 --> 00:20:21.099 your phone. It's coming from me. I need you to 00:20:21.099 --> 00:20:24.559 approve that. well some of the biggest attacks 00:20:24.559 --> 00:20:28.900 i have seen are that exactly so you literally 00:20:28.900 --> 00:20:30.980 get the person to go ahead and push it anyway 00:20:30.980 --> 00:20:34.799 yeah yeah you know now you talk about that i 00:20:34.799 --> 00:20:37.500 i was i was reading the other day and i was like 00:20:37.500 --> 00:20:41.960 looking at some stuff on on ransomware and and 00:20:41.960 --> 00:20:46.079 they they do have this thing that they get access 00:20:46.079 --> 00:20:48.440 into the system, they compromise an identity, 00:20:49.180 --> 00:20:51.740 and then they start doing recon, and then they 00:20:51.740 --> 00:20:54.380 get an admin account. For whatever reason, they're 00:20:54.380 --> 00:20:57.720 successful with that. Of course, they deploy 00:20:57.720 --> 00:21:00.400 ransomware, they start encrypting a bunch of 00:21:00.400 --> 00:21:02.259 files, and they start doing a bunch of things 00:21:02.259 --> 00:21:05.880 as well. But then, at the same time when that 00:21:05.880 --> 00:21:08.200 is happening and I know and this goes along with 00:21:08.200 --> 00:21:09.720 what you mentioned like you know people having 00:21:09.720 --> 00:21:11.880 dinner at night and maybe I get this thing and 00:21:11.880 --> 00:21:14.339 they're like you know let me just approve this 00:21:14.339 --> 00:21:16.420 thing probably you know some application that 00:21:16.420 --> 00:21:19.119 I have running on the backend and what happens 00:21:19.119 --> 00:21:23.579 is that the attackers are also pushing DDoS attacks 00:21:23.579 --> 00:21:26.920 just to make sure that the IT team or the security 00:21:26.920 --> 00:21:29.980 team is like freaking out about the DDoS attack 00:21:29.980 --> 00:21:33.960 while the encryption is happening. So it is a 00:21:33.960 --> 00:21:36.539 distraction. Like they're hiding their tracks. 00:21:36.680 --> 00:21:39.019 The classic thing of like, I need to sneak in. 00:21:39.240 --> 00:21:41.640 Let me make a disturbance over here. So you look 00:21:41.640 --> 00:21:44.880 over there and then I'll sneak in. Yeah. Yeah. 00:21:45.339 --> 00:21:49.099 That sounds pretty crazy. And that is something 00:21:49.099 --> 00:21:51.700 that is also happening a lot. I was reading just 00:21:51.700 --> 00:21:54.160 about it the other day. But yeah, interesting. 00:21:54.779 --> 00:21:59.470 Now, Mike, we went over Some of our organizations 00:21:59.470 --> 00:22:03.109 failed. I think we, you know, at the end of that 00:22:03.109 --> 00:22:06.289 section we said Just make sure you know you have 00:22:06.289 --> 00:22:09.049 your securities up you have you know you either 00:22:09.049 --> 00:22:12.789 if you use dual if you use Microsoft MFA or any 00:22:12.789 --> 00:22:15.509 other MFA product that you know you continuously 00:22:15.509 --> 00:22:19.569 trust or Continuously verify trust for the device 00:22:19.569 --> 00:22:23.630 and the user now what else what else can we do? 00:22:23.789 --> 00:22:25.849 What else can we do? You know going to the other 00:22:25.849 --> 00:22:29.509 section to start defending the identity like 00:22:29.509 --> 00:22:32.890 we talked about the issues we talked about how 00:22:32.890 --> 00:22:35.309 we're getting attacked, why companies are failing, 00:22:35.890 --> 00:22:39.630 but how companies can do can do this. Like how 00:22:39.630 --> 00:22:42.789 can they protect themselves? Yeah, the like now 00:22:42.789 --> 00:22:44.869 we're into the part of the conversation where 00:22:44.869 --> 00:22:47.990 it's like the action items. We've talked about 00:22:47.990 --> 00:22:52.029 how people get attacked, why, how difficult it 00:22:52.029 --> 00:22:56.009 is just to be a user trying to do your job and 00:22:56.009 --> 00:22:59.609 align with company policy, not push that. that 00:22:59.609 --> 00:23:03.170 accept when you're under an attack. In terms 00:23:03.170 --> 00:23:07.430 of action items for defending identity, obviously 00:23:07.430 --> 00:23:11.369 MFA in place. The first thing I would throw out 00:23:11.369 --> 00:23:14.910 there is, again, the reminder that the attackers 00:23:14.910 --> 00:23:17.170 assume you have MFA in place at this point. It 00:23:17.170 --> 00:23:21.210 is 2026. They know that all the big organizations 00:23:21.210 --> 00:23:23.509 of the world, most of the medium and ideally 00:23:23.509 --> 00:23:26.529 everyone, has MFA in place to protect your precious 00:23:26.529 --> 00:23:32.140 resources and your users. So don't be fooled 00:23:32.140 --> 00:23:36.380 into, well, I should just say, be aware when 00:23:36.380 --> 00:23:40.839 you are evaluating an MFA solution, regardless 00:23:40.839 --> 00:23:46.799 of vendor, and it says free MFA, okay? MFA is 00:23:46.799 --> 00:23:50.180 a baseline. Be aware of when you're evaluating 00:23:50.180 --> 00:23:54.400 a solution of if an attacker knows I have MFA, 00:23:54.650 --> 00:23:58.289 What are the additional security layers, identity 00:23:58.289 --> 00:24:02.769 specific, that are protecting me here? One of 00:24:02.769 --> 00:24:07.490 the simplest, again, like the resistant MFA, 00:24:07.710 --> 00:24:10.130 the phishing resistant MFA. So as you said earlier, 00:24:10.230 --> 00:24:13.309 a good example, Andres, is typing in a code on 00:24:13.309 --> 00:24:17.569 your phone. Like the attacker going to log into 00:24:17.569 --> 00:24:21.670 your company's OneDrive account, they stole your 00:24:21.670 --> 00:24:24.700 credentials. They're the final step, which is 00:24:24.700 --> 00:24:29.220 MFA. They are looking at a code that says 1596. 00:24:30.440 --> 00:24:34.660 And that code needs to be typed in on the user's 00:24:34.660 --> 00:24:37.339 phone. The user's phone, they're sitting down 00:24:37.339 --> 00:24:39.619 to dinner with their family. They don't know 00:24:39.619 --> 00:24:42.220 what that code is. So that attack never happened. 00:24:42.519 --> 00:24:46.019 But like those is an example. What is it beyond 00:24:46.019 --> 00:24:49.079 just having MFA that's in place? So I would say 00:24:49.079 --> 00:24:53.599 the first thing is evaluate. the beyond basic 00:24:53.599 --> 00:24:57.099 MFA considerations. Be aware of social engineering 00:24:57.099 --> 00:24:59.660 attacks. Like, do you have something in place, 00:24:59.799 --> 00:25:03.519 maybe like to prevent that? Biometrics is a big 00:25:03.519 --> 00:25:06.680 one here, Andres. Duo has a cool new integration 00:25:06.680 --> 00:25:09.140 with company. Have you heard of like the Duo 00:25:09.140 --> 00:25:13.200 persona integration, which is really pretty new? 00:25:14.119 --> 00:25:17.779 Yeah, I know. Yeah. So persona, for anyone listening 00:25:17.779 --> 00:25:21.079 in here, just just look at persona. P -E -R -S 00:25:21.079 --> 00:25:23.819 -O -N -A, just like it sounds. You'll see reports 00:25:23.819 --> 00:25:27.140 on like Forrest, they're in the Gartner Quadrant 00:25:27.140 --> 00:25:29.980 and all that. But this is a company leading the 00:25:29.980 --> 00:25:35.339 way in passwordless verification. So to defend 00:25:35.339 --> 00:25:38.579 myself as an action item, I'm thinking about 00:25:38.579 --> 00:25:42.900 use cases that commonly... are used to override 00:25:42.900 --> 00:25:45.839 and override basic MFA. As an example, there 00:25:45.839 --> 00:25:49.980 was a major company, everyone knows this one, 00:25:50.079 --> 00:25:54.380 it's in Vegas, that got hacked for a password 00:25:54.380 --> 00:25:58.119 reset that was protected by MFA, but the attacker 00:25:58.119 --> 00:26:00.640 called in, was able to convince the person working 00:26:00.640 --> 00:26:04.720 at the company that, I need a password reset, 00:26:04.880 --> 00:26:08.079 it really is me, I need to reset my password, 00:26:08.359 --> 00:26:13.039 they were able to bypass MFA. Persona is an integration 00:26:13.039 --> 00:26:16.440 with Cisco Duo that says, we're not going to 00:26:16.440 --> 00:26:19.799 involve passwords at all to reset your identity, 00:26:19.960 --> 00:26:24.460 to reset your access. And it's very nice. It's 00:26:24.460 --> 00:26:26.880 going to take an image of your face and ask you 00:26:26.880 --> 00:26:29.539 to turn left and right and verify that it truly 00:26:29.539 --> 00:26:32.779 is you. And it can compare that to a government 00:26:32.779 --> 00:26:35.319 -issued device to perform that password reset. 00:26:35.640 --> 00:26:38.240 So there's no password involved. Password attacks 00:26:38.240 --> 00:26:43.259 are gone. I'm able to reset my access, proving 00:26:43.259 --> 00:26:47.140 my identity without having to give anyone a password 00:26:47.140 --> 00:26:50.480 or re -enter a password. But things like that 00:26:50.480 --> 00:26:53.519 are the action items that customers should be 00:26:53.519 --> 00:26:56.240 thinking about when they are overcoming these 00:26:56.240 --> 00:26:58.799 ever -growing threats, a lot of them, again, 00:26:58.940 --> 00:27:02.259 being social engineering attacks. That's pretty 00:27:02.259 --> 00:27:04.839 cool. I was going to say, and this sounds probably 00:27:04.839 --> 00:27:07.960 like a, like a offline type of procedure. Whenever 00:27:07.960 --> 00:27:10.980 you get a call from a help desk, I was also reading 00:27:10.980 --> 00:27:13.819 this the other day that like an offline procedure, 00:27:14.019 --> 00:27:15.740 let's say, you know, somebody's calling you from 00:27:15.740 --> 00:27:18.980 the IT department or somebody's calling the IT 00:27:18.980 --> 00:27:21.420 department to reset that password. Like how do 00:27:21.420 --> 00:27:23.900 you make sure that the person that it's calling 00:27:23.900 --> 00:27:27.039 is the right person and how do you authenticate 00:27:27.039 --> 00:27:29.400 them offline? So this is really, really, really 00:27:29.400 --> 00:27:34.180 good. I like it. I think I saw it and that was 00:27:34.180 --> 00:27:37.259 pretty cool. I don't remember it was called Persona, 00:27:37.640 --> 00:27:40.039 but we'll make sure that we add it to the show 00:27:40.039 --> 00:27:44.759 notes as well. Because we always talk about the 00:27:44.759 --> 00:27:48.779 users have always been the weakest link in the 00:27:48.779 --> 00:27:51.460 security chain, not by their own fault. It's 00:27:51.460 --> 00:27:54.220 difficult to keep up with. Think of your example, 00:27:54.519 --> 00:27:57.470 training that person at the help desk. on the 00:27:57.470 --> 00:28:00.569 conditions in which they should authorize a reset. 00:28:00.789 --> 00:28:03.609 Like that can be a lot. And if you're under a 00:28:03.609 --> 00:28:05.849 social engineering attack, the person trying 00:28:05.849 --> 00:28:08.109 to get the reset is going to be putting serious 00:28:08.109 --> 00:28:11.009 pressure on you and talking about all the money 00:28:11.009 --> 00:28:14.049 that is being lost and how they're the CEO of 00:28:14.049 --> 00:28:17.250 the company and you could lose your job if you 00:28:17.250 --> 00:28:19.849 don't quickly reset this password. So there's 00:28:19.849 --> 00:28:24.849 a lot going on. So have been a way to safely 00:28:24.849 --> 00:28:30.210 and securely reset someone's identity quickly 00:28:30.210 --> 00:28:32.990 and without user friction, without violating 00:28:32.990 --> 00:28:38.069 any compliance is so critical. Yeah. That's pretty 00:28:38.069 --> 00:28:40.349 cool. And I know we have other things we have. 00:28:40.650 --> 00:28:43.470 You mentioned about the conditional access. There's 00:28:43.470 --> 00:28:48.769 also the identity behavior analytics for impossible 00:28:48.769 --> 00:28:53.940 travel, abnormal authentication. unusual token 00:28:53.940 --> 00:28:56.759 usage and just suspicious admin activity as another 00:28:56.759 --> 00:28:59.279 one we get to hear from from a lot of customers 00:28:59.279 --> 00:29:03.799 about privilege access controls and this is nothing 00:29:03.799 --> 00:29:06.460 more than flipping the firewall on people or 00:29:06.460 --> 00:29:09.279 in this case flipping the zero trust on people 00:29:09.279 --> 00:29:12.190 and it's just making sure that Provide the access 00:29:12.190 --> 00:29:14.450 that that person needs, you know, make sure that 00:29:14.450 --> 00:29:17.250 you isolate some of the administration workflows 00:29:17.250 --> 00:29:21.390 and of course require that stronger authentication 00:29:21.390 --> 00:29:24.150 for high risk actions. Like, you know, for those 00:29:24.150 --> 00:29:26.950 things that you mentioned, I think that is that 00:29:26.950 --> 00:29:29.589 is something that should be in everybody's mind 00:29:29.589 --> 00:29:33.609 today just to defend their identity. And what 00:29:33.609 --> 00:29:36.650 else can we add to that, Mike? I mean, I think 00:29:36.650 --> 00:29:41.829 just fundamentally attackers are have just changed 00:29:41.829 --> 00:29:44.029 the way they are doing their attacks. Like it 00:29:44.029 --> 00:29:47.809 used to be sophisticated attacks to sneak through 00:29:47.809 --> 00:29:51.029 a firewall. Like very difficult attacks. Now, 00:29:51.109 --> 00:29:54.730 I mean, why would an attacker need to do that 00:29:54.730 --> 00:29:59.410 if they can simply steal your identity and escalate 00:29:59.410 --> 00:30:02.470 their privilege? Like, again, if I can convince 00:30:02.470 --> 00:30:06.470 you to hit that MFA push, man, I just, I mean. 00:30:06.670 --> 00:30:09.430 i just i'm going yeah so somebody's calling you 00:30:09.430 --> 00:30:12.670 with a baby crying next to him and adding pressure 00:30:12.670 --> 00:30:16.849 to that like please unlock this i only have 15 00:30:16.849 --> 00:30:19.210 minutes i'm meeting with the ceo and i've got 00:30:19.210 --> 00:30:22.130 my baby here and i'm not that's some serious 00:30:22.130 --> 00:30:25.230 pressure i mean there's a lot of like these attacks 00:30:25.230 --> 00:30:29.089 have a lot of fear involved too and like pressure 00:30:29.089 --> 00:30:32.190 that humans are designed to feel you know like 00:30:32.319 --> 00:30:35.140 Fear I might lose my job if I don't do this fear 00:30:35.140 --> 00:30:37.539 that I might lose money fear that the person 00:30:37.539 --> 00:30:40.960 who is requesting my help might get harmed or 00:30:40.960 --> 00:30:43.700 They might lose their job. I don't reset this 00:30:43.700 --> 00:30:48.059 for them This is why the your opening point the 00:30:48.059 --> 00:30:51.700 identity is the new perimeter if you can get 00:30:51.700 --> 00:30:54.539 that privileged identity I mean, that's that's 00:30:54.539 --> 00:30:58.299 the crown jewel now. Yeah. Yeah, it's it's insane. 00:30:58.339 --> 00:31:02.039 It's insane been in We get amazed, but these 00:31:02.039 --> 00:31:04.880 are things that are happening. So Mike, just 00:31:04.880 --> 00:31:09.420 to wrap up, I guess, we talked about a lot of 00:31:09.420 --> 00:31:13.720 things. We talked about how the identity governance 00:31:13.720 --> 00:31:15.819 and administration, that's a pretty cool term 00:31:15.819 --> 00:31:18.640 that I want to start looking up. Some of the 00:31:18.640 --> 00:31:21.339 attacks that we see, some of our customers also 00:31:21.339 --> 00:31:24.240 receiving those and seeing those out in the wild. 00:31:24.559 --> 00:31:26.859 Things that companies are doing just... where 00:31:26.859 --> 00:31:29.759 they they're failing and and how we can you know 00:31:29.759 --> 00:31:33.000 companies can defend their identity and what 00:31:33.000 --> 00:31:35.559 what would you what would you add as you know 00:31:35.559 --> 00:31:37.579 probably your closing thoughts just making sure 00:31:37.579 --> 00:31:40.500 that we wrap this one up about identity my closing 00:31:40.500 --> 00:31:45.619 thoughts here would be please put on basic mfa 00:31:45.619 --> 00:31:49.599 if you've not at this point and if you have mfa 00:31:49.599 --> 00:31:56.029 in place look into hardening that mfa just Google 00:31:56.029 --> 00:32:00.089 phishing resistant MFA or like do a basic Google 00:32:00.089 --> 00:32:03.190 search if you're listening into this of most 00:32:03.190 --> 00:32:06.930 common ways people get hacked when MFA is already 00:32:06.930 --> 00:32:09.609 implemented. That's what your attackers are doing. 00:32:10.210 --> 00:32:12.710 It's again, we say this with security. It's not 00:32:12.710 --> 00:32:15.569 an if, it's a when that you're gonna get hacked. 00:32:16.490 --> 00:32:20.769 So be aware that identity really needs focus. 00:32:21.150 --> 00:32:24.420 That's a place customers need to invest. their 00:32:24.420 --> 00:32:28.839 time and their resources. Cause I mean, look 00:32:28.839 --> 00:32:32.000 at password lists. Just be aware that your customer, 00:32:32.559 --> 00:32:34.720 your attackers, again, they're expecting you 00:32:34.720 --> 00:32:37.200 to have them in that phase. So be ready for it. 00:32:37.200 --> 00:32:40.279 Talk to someone who is a trusted security person. 00:32:41.019 --> 00:32:43.859 Andres would be a good example myself or whoever 00:32:43.859 --> 00:32:50.019 it may be to figure out the updated threat landscape 00:32:50.019 --> 00:32:52.630 when it comes to identity. Maybe another Google 00:32:52.630 --> 00:32:55.710 search. Look into that identity governance and 00:32:55.710 --> 00:33:00.809 administration. Start looking at ways to make 00:33:00.809 --> 00:33:04.390 sure your user identities are safeguarded. Come 00:33:04.390 --> 00:33:07.009 up with your worst case scenario. Maybe it's 00:33:07.009 --> 00:33:08.509 that help desk tick or the someone getting up 00:33:08.509 --> 00:33:10.579 resetting their password. Make sure that these 00:33:10.579 --> 00:33:13.500 worst -case scenarios, like you have a way to 00:33:13.500 --> 00:33:16.039 protect yourself from them. Yeah, yeah, that's 00:33:16.039 --> 00:33:18.440 definitely right. I guess my closing thoughts 00:33:18.440 --> 00:33:21.460 on this one are going to be very similar. Just 00:33:21.460 --> 00:33:23.440 recommending customers out there just to make 00:33:23.440 --> 00:33:27.099 sure that they implement not only that MFAS you 00:33:27.099 --> 00:33:30.759 mentioned, Mike, and just keep continuing verifying 00:33:30.759 --> 00:33:34.640 the trust of the devices, of the users. One thing 00:33:34.640 --> 00:33:38.049 that that resonates a lot with me is that whenever 00:33:38.049 --> 00:33:41.150 a credential is stolen, and an attacker goes 00:33:41.150 --> 00:33:43.829 into your system, logs in, you're not going to 00:33:43.829 --> 00:33:47.349 get any alerts. That person is already in there. 00:33:47.670 --> 00:33:49.750 That's it. It's just a regular process, something 00:33:49.750 --> 00:33:52.609 that was supposed to happen. Of course, stealing 00:33:52.609 --> 00:33:55.349 of the credentials is not, but that attacker 00:33:55.349 --> 00:33:57.950 has your username, your password, and your credentials, 00:33:58.069 --> 00:34:01.190 and it's already in. How do you know? What a 00:34:01.190 --> 00:34:03.210 powerful statement that is, and something to 00:34:03.210 --> 00:34:06.329 think about. Like someone with your username 00:34:06.329 --> 00:34:09.070 and password, I mean, your organization would 00:34:09.070 --> 00:34:11.909 essentially have no idea theoretically unless 00:34:11.909 --> 00:34:14.809 you put safeguards like this. Exactly. It's a 00:34:14.809 --> 00:34:20.070 regular event. Yeah, just that's a good way to 00:34:20.070 --> 00:34:23.469 think about that. That's not even an event, an 00:34:23.469 --> 00:34:26.190 alert that would generate without proper controls 00:34:26.190 --> 00:34:30.340 in place. Exactly. Well, this was Really awesome, 00:34:30.500 --> 00:34:33.340 Mike. I hope everybody that, you know, everyone 00:34:33.340 --> 00:34:36.019 that it's going to listen the episode, watch 00:34:36.019 --> 00:34:38.800 the episode. Hopefully it resonates with them. 00:34:39.659 --> 00:34:43.400 I am not sure if we're, what do we have on the 00:34:43.400 --> 00:34:47.139 pipeline for the next episode that we're. Real 00:34:47.139 --> 00:34:51.300 quick right here. And this is probably, and we're 00:34:51.300 --> 00:34:54.380 thinking about, I'm looking at it. It's. It's 00:34:54.380 --> 00:34:57.880 an episode three. Yes. It's on probably ransomware. 00:34:58.079 --> 00:35:00.860 Like ransomware. Oh my gosh. Yeah. This would 00:35:00.860 --> 00:35:03.599 be, this is going to be a good conversation here. 00:35:03.699 --> 00:35:07.679 Oh, you want to tell everybody about the new 00:35:07.679 --> 00:35:13.820 domain? Oh yes. So yeah, we, we, we have security 00:35:13.820 --> 00:35:17.659 in 45 .com. There's already a website built for 00:35:17.659 --> 00:35:20.820 it. It is pretty cool. One of the nice things 00:35:20.820 --> 00:35:24.010 about what happens with the website is that Every 00:35:24.010 --> 00:35:28.969 episode gets like the player. So people don't 00:35:28.969 --> 00:35:30.849 have to go to Apple if they don't want to go 00:35:30.849 --> 00:35:33.750 to Apple Podcasts and downloaders, Spotify or 00:35:33.750 --> 00:35:36.190 whatever the case is. So we're going to be in 00:35:36.190 --> 00:35:38.510 a lot of places. We see a website, the website 00:35:38.510 --> 00:35:41.650 has a player and the show notes are a little 00:35:41.650 --> 00:35:44.769 bit expanded with the help of AI. So it looks 00:35:44.769 --> 00:35:46.929 pretty cool. If you have the opportunity, go 00:35:46.929 --> 00:35:51.269 check it out. securityin45 .com. I love that 00:35:51.269 --> 00:35:53.570 you got, I know people consume the show in different 00:35:53.570 --> 00:35:56.849 ways, like watching it through YouTube, but I 00:35:56.849 --> 00:35:59.570 think a lot of people are, I mean, obviously 00:35:59.570 --> 00:36:03.030 using like the podcast format of it, just while 00:36:03.030 --> 00:36:04.570 you're on a walk through the neighborhood or 00:36:04.570 --> 00:36:07.309 at the gym or just to listen in. So all of those 00:36:07.309 --> 00:36:09.329 links, I love that you put them all from the 00:36:09.329 --> 00:36:13.849 single website, securityin45 .com. Well done. 00:36:14.610 --> 00:36:19.289 Damn, no. to do that man so this was fun i guess 00:36:19.289 --> 00:36:22.150 we'll see you again during the weekend and for 00:36:22.150 --> 00:36:24.429 the next episode man thank you thank you so much