¶ Welcome to Cables to Clouds News
Hello and welcome back to another episode of the Cables to Clouds Fortnightly News . I'll be your host this week , tim . With me , as usual , is Chris , the other guy . We go back and forth . I don't know if you noticed , so it's my turn . I , chris , the other guy . We go back and forth . I don't know if you noticed , so this is my turn .
I like being the other guy . Yeah , that's the other guy . So , um , okay , so let's just uh jump right into the news . We got some good , uh , good ones this week , uh , and a decent number , so we'll
¶ Zscaler Acquires Red Canary MDR
just roll out into it . The first one comes to us from forester and , uh , it's called zscaler , snatches up red canary , the good , the bad and the . So Red Canary is an MDR , which I actually had to go look up what MDR meant . I know what some of the other DRs are , like N , like November DR , network Detection Response .
The MDR means Managed Detection and response . So Zscaler , the you know SASE SSE company , zero Trust , you know the Zero Trust model company has acquired Red Canary .
Red Canary is managed detection and response , which is a fancy way of saying outsourced security operations , basically like cybersecurity for hire , and they do a lot of platform integration , like you know , getting telemetry and threat detection and then actually mobilizing response against it via managed , like they have actual humans , but essentially that you're retaining to
do work . So this is kind of and the article points out kind of what I was thinking when I read about this , which is , first of all , it's a good Zscaler doesn't have anything like this right now .
Right , so it's a big hole in Zscalers and , you know , with the trend towards platformization , which is , which is to kind of try to for enterprises to are now trying to acquire single vendor products that cover the spread rather than having a bunch of multiple vendor solutions , from that perspective this kind of makes sense .
You know , you've got an MDR and you've got the SASE company and they both do literally nothing that the other one does , and you know . So they're filling functionality gaps between each other . However , it does go on to point out that , while they cover each other's gaps , they also do nothing really to complement each other .
If you take Zscaler , which is a SASE company , sse , zero , trust this is something that enterprises have been running for a long time and outsource security to the cloud or whatever and then you have this MDR , which is essentially a manned outsourced SOC and , yeah , there doesn't seem to be any good way to do integration between these two products .
So interesting acquisition from Zscaler . I know they're trying to platform themselves , basically give themselves a full suite of security offers , but yeah , so yeah , I don't know . What do you think about this one ?
Yeah , like you said , there's obviously a gap there in what Zscaler offers today that doesn't do anything like this . So there's definitely white space there for them , which is good .
But the idea here is , you know , they currently have an existing you know , saas offered type platform and this is another platform that has a lot of integrations built in for things like , you know , even some borderline competitors with C-Scaler , which makes this a bit interesting .
You know even some borderline competitors with C-Scaler , which makes this a bit interesting . You know they have integrations on the site today for things like Microsoft , crowdstrike , sentinelone , even the other major cloud providers as well . So yeah , it's .
I mean , we've kind of seen this in the past when company A acquires company B and they both offer platforms , integrating those platforms can be a very rocky road and a very difficult process .
Yeah , I wasn't going to you hit it , um , but uh , yeah , so that's uh , hopefully this doesn't turn out to be something like that Um , but it's um it , like you said , it's like it's a when you , when you hear about the acquisition and you're like , ok , well , now that I know what Red Canary does , that seems , you know , that doesn't compete with any of
Zscaler's existing product set , which is good . But at the same time , like you said , I don't understand how this meshes very much , unless they just , you know , kind of fold in Zscaler's kind of threat detection type or enforcement into the platform from Red Canary . But I don't know , I don't , I wouldn't necessarily see them just doing that .
I feel like it would have to be something much bigger than that . So I don't know , maybe , maybe soon this will get rebranded as a , you know , zero trust sock . As a service type thing , I don't know , we'll see what happens . All right . As a service type thing , I don't know , we'll see what happens , All right .
¶ AWS Network Firewall Multiple VPC Support
And next up we have a somewhat smaller of announcement . But we have an article here from the AWS blog , the AWS Networking blog , that the AWS Network Firewall has added support for multiple VPC endpoints .
So now AWS Network Firewall now supports enabling multiple VPC endpoints for a single firewall , and I know that might sound kind of basic , but the basic , the communication that we've seen from AWS employees about this is that it's basically a way to consume and use AWS Network Firewall without having to actually deploy and use something like AWS TGW .
I'd say , if you're an AWS Network Firewall customer , odds are you're also a TGW customer . I wouldn't see there's a ton of customers that need this today that don't already use TGW . But you know , there is the concept of things like island VPCs that aren't connected to the corporate network in some sense , right .
So this could be something just to alleviate those island ones that sit off to the side , or maybe just growing organizations that haven't yet got to the point where they need a transit gateway .
I think this , like we said , this is a small announcement , but I feel like this is probably kind of a bit of smoke to kind of lean towards where AWS may be going with network firewall . We've heard some rumblings in the market necessarily about how AWS is looking to make AWS network firewall more consumable for customers .
Most of the time what we see is it's very cost prohibitive for a lot of customers , and that seems to be kind of one of the major sticks in the mud , so to say .
But if this is a way to kind of let you get more out of less with a single firewall rather than having to deploy a network firewall in every single VPC , maybe this is the first step in that direction . I don't know , but that would be cool to see . What do you think , tim ?
I think island VPCs is the play . Yeah , because . So Gateway Load Balancer already you know they have Gateway Load Balancer . So Gateway Load Balancer already you know they have Gateway Load Balancer . It's already kind of normally deployed for AWS Firewall , for kind of this purpose . Using VPC endpoints instead makes it probably cheaper .
First of all , I think , like you said , one of the big things was to make a firewall , or needs a firewall , or has enough VPCs to need firewalling , probably already has some kind of cloud networking in place , except for the case of something like island VPCs or you know where they don't have a need for east west and they really only need to worry about
egress traffic , right . So so this seems like , honestly , this feels like a stepping stone on the way to something else .
Also , like you know , just doing VPC endpoints is okay and , like you said , it fills a niche that probably not a large percentage of customers have or need right now , but it does feel like it's a stepping stone towards another bigger you know , expansion of how network firewall is going to work in AWS , all right
¶ AWS Exits the Private 5G Market
. Next one is AWS is now bowing out of the 5G market . This article from Network World says AWS no longer offers private 5G seeds the fields to establish industry players and carriers and honestly , I'm amazed that it lasted as long as it did . You know it was always going to be .
Aws is very interested in owning the roads , as it were , because that helps it deliver the service right . So you know , like , look at a Kuiper , like the satellite constellation satellite that they've been deploying , right , what does that do ? It gives connectivity to a lot of places .
Anywhere you can put connectivity , you can deliver services right , and that's really what AWS is after . So this was originally , I think , another method by which AWS could deliver private connectivity for its services . The thing is that it never really I don't think it was ever really able to break into the telco market Like AWS obviously doesn't .
They're not a telco , they are kind of a telco provider , but they're not really a telco provider .
And so the technologies associated with telco , especially with like 5G , right , there's a very specific technologies and unless AWS wants to create them out of whole cloth , you know they're kind of bound by third party , and the article actually goes to point out that that was one of the biggest challenges that AWS had was third-party hardware and of course , also the
bands . Right , like 5G is not an infinite . You have to license the radio , essentially the radio waves , and all that for the 5G . So a lot of the established telco providers already have it .
So this does go on to point out which is what they probably should have all had done from the beginning , which is AWS will be partnering with Verizon , at&t , other 5G providers to provide the actual 5G service and essentially be a pass-through for their customers to do that . So I would say end of an era .
But it's not quite , it's not even that critical , you know what I mean . Like it's just to me it's something that makes sense and I always thought it was ambitious for them to go after 5G . But remember when 5G first launched what , three , four years ago now or something like that there was a . You know that was something that was supposed to be the case .
It was supposed to be kind of a wide , open new band to go after and everybody was going to , you know , had their chance . But anyway , but any anything to add here .
Yeah , um , kind of kind of , like you said , end of an era that we didn't even , uh know was was coming to an end or what it wasn't . We didn't even know if the era was existing , to be honest . But uh , um , yeah , but uh , um , yeah , like you said , is the way aws works , is , like you said , they like to own the roads .
So , to say , um , and the reason people consume those services when they own the roads is usually aws has has put on top of it enough value , um , in that ownership to make it , you know , consumable and , um , you know better for the , for their customers . It seems like in this case they couldn't get over that hump right . I wonder if it was more .
You know , there's kind of some details in this article leaning towards , you know , reliance on third-party hardware and things like that , which doesn't really sound like Amazon's typical approach . It seems like they'd want , like you said , they want to own everything . So maybe they just didn't see the reward there .
But also , telco is a very established market and has some nuance to it . So I almost wonder if some of the telco providers were just basically like nah , fuck you , and just kind of put their foot down , just frozen out Like and just kind of put their foot down Just frozen out ?
Yeah , exactly , but I mean , at the end of the day , I think this is probably the right way to go . Let let the you know dominant partners that do that for their end customers remain in that space .
And then you have this , this service you're talking about , which is the integrated private wireless , which basically just sounds like they have some kind of back-to-back pairing with those partners that offer the private 5G and 4G LTE services . So , overall , it seems like that's .
It does seem weird that there's probably going to be an intermediary now in between AWS being on-prem versus AWS in the cloud . So you know , like , if you're using something like what is the product set ? Now it's not Snowfall , I think that might be the full product set . Now , I can't remember , there's Snow something , aws Outposts and things like that .
So I think that I don't remember if they changed the name of it .
Yeah , I'm trying to think if they yeah , what is it now ?
Yeah , nonetheless Snow something Snow of it . But yeah , I'm trying to think , if they , yeah , what is it now ? Yeah , nonetheless snow something um snow family , we'll call it that . Um , but yeah , interesting , interesting stuff , all right , um , and last , no , not last one . Is this last one ?
This is the last one , okay , so last up , we have a , uh , an article from securitybriefcomau
¶ Checkpoint Acquires Veritai for Threat Management
. Yeah , we gotta say the au every time in Australia . It really annoys me . But just so you guys know securitybriefcomau that checkpoint has made a motion to acquire a company called . We don't know how exactly to pronounce this , so if we get it wrong we apologize , but I think it's Veritai . Tim said Veriti earlier . That would also work .
So I don't know which one this is , but I'm going to go with Veritai . Tim said Veriti earlier . That would also work . So I don't know which one this is , but I'm going to go with Veritai . But basically they're acquiring Veritai Cybersecurity to expand their offer for threat exposure and risk management .
So it sounds like Veritai is an automated multi-vendor platform for preemptive threat exposure and mitigation per the article , multi-vendor platform for preemptive threat exposure and mitigation per the article and this is something that's going to automatically integrate into their Infinity platform , which you know Checkpoint's Infinity platform , I think , is kind of this .
Again back to platformization , it's all over the place . This is kind of it seems like it incorporates their quantum line , which is their new AI-powered physical firewalls , their CloudGuard firewalls , which obviously run in the public cloud , and their Harmony service , which I believe is their SSE or SASE-type offering .
So it looks like this is yet another AI-powered platform which has . One thing that was called out here was they offer this thing called virtual patching , which Tim actually made me aware of this . I wasn't aware of what this was .
So virtual patching essentially is a way for , you know , threats could come in from a certain feed or from some type of platform they mentioned . They have integrations with CrowdStrike , tenable , rapid7 , etc .
So basically , information about a threat could come into this platform and you can enforce something called virtual patching where , instead of actually going and patching the systems that are made vulnerable by the CVE , of actually going and patching the systems that are made vulnerable by the CVE , um , you could automatically enforce a security rule or a firewall rule
that essentially blocks traffic . That would relate to that CVE , right ? Um so , um , that seems to be something that is offered here . Um so , yeah , interesting stuff . Um , I don't know exactly what this will mean for Checkpoint .
It seems like it'll just be another kind of ingestion point for threat information , threat detection , and they will have to kind of essentially put that enforcement into the Infinity platform in some capacity . Anything to add to ?
Not a lot . So basically Veritai or whatever ends up being the aggregation platform , and then they were always integrating with some kind of enforcement model right On the back end .
They were integrating with the threat detection feeds , you know , wiz or the ones that you mentioned private , set , untenable and then they had to essentially talk to the enforcement layer to actually do something with that . Quote unquote virtual patching , and virtual patching , I mean , it's such a marketing term , isn't it ?
This idea of virtual patching where we're literally , I mean , don't be wrong .
It's a firewall rule . That's what it is . It's a firewall rule .
Right At the end of the day we're saying , oh well , we've detected that this host or whatever this device is vulnerable to a certain type of attack , and then we translate that into a firewall rule that makes the CVE unexploitable in some fashion . Right , until you can .
Actually it's not a replacement for actually patching the thing , right , but it's supposed to buy you time , essentially Make it unexploitable so you can wait to patch if you need to patch .
But yeah , so from an acquisition perspective , this makes sense for Checkpoint , since I'm sure you know essentially okay , well , now I , as the Checkpoint enforcement layer , gain the ability to do this virtual patching , because now I have this new capability .
And then maybe I'm curious to see , because it said multi-vendor , I'm curious to see after the acquisition , does it remain multi-vendor or does checkpoint just like close shop on the other vendors , or what's going to happen ? Yeah , I agree , probably not . Checkpoint's not big enough to throw its weight around like that , I think .
But anyway , yeah , so that's interesting . I love the marketing term virtual patching , but other than that , that's it All
¶ North Korean IT Workers' Sophisticated Infiltration Techniques
right . So Chris said that was the last story , but actually we do have one more , not only did I say that you agreed with me ?
I didn't agree with you .
I just didn't say anything because I didn't want to be an asshole and be like Chris .
You're fucking wrong again , look if you're watching on YouTube , watch . When I say it's the last article and go back and check Tim's face . He goes .
I was like , yep , last one , even mouth last one it's yeah , whatever , whatever , all right , so this one actually , I don't have the . We didn't add the link to the hold on . Let me open it up . Okay , sorry , it's from cybersecuritynewscom .
So North Korean IT workers leverage legitimate software and network behaviors to bypass EDR , which is a weird title for what this actually is . You know , isn't that strange ? So let's talk about what the actual attack the EDR is in this case . So who was it that broke this up ?
There was an operation federal law , us federal law enforcement agencies raided a suspected laptop farm used to facilitate fraudulent employment and schemes where North Korean nationals posed as legitimate American workers to gain remote access to Western companies .
Used to facilitate fraudulent employment and schemes where North Korean nationals , posed as legitimate American workers to gain remote access to Western companies .
So they would essentially like forge their credentials and actually go get a job at an American company , get a company issued laptop for this new remote worker and then connect it to this you know , essentially this laptop farm , and then these nationals would exploit the fact that , hey , I've got a backdoor into you know this company , you know this , this company .
And all I can think of as I'm thinking about this is the key and peace , the , the , the key and peel skillet , where they're like , where they , where they're playing in the bank , heist . And he's like no , I got a better idea .
We're going to go in and we're going to , we're going to walk in and every week we're going to come out with some money and 30 , 40 years later , 40 years later , we walk out , happened . He's like that's a job , um , anyway , but no , this is legit .
So these , uh , these back doors , uh , I say back doors , I mean they're freaking remote access vpns for employees , right , this is ridiculous , uh , but they were , they're being used like these , these , these , these nationals were pretending to be american workers and getting back door , you know , via company issued laptop into the backdoor and the VPN .
And then , and then you know , at that point you just hope that either they , you know , didn't have a role within the organization that could access anything sensitive , or that you know that you had good zero trust capabilities inside your network to stop lateral movement . So this is really just crazy , this story . It's , I don't know .
The system's crown jewel was its Zoom client automation module , which manipulated video conferencing sessions to establish remote desktop access , automatically launched Zoom meetings , joined sessions and approved remote control prompts through simulated keyboard inputs , transferring legitimate collab platform into a remote administration tool . So yeah , this is nuts , like the .
The level of sophistication here amazing , I don't know what to say , just amazing . Anyway , what , uh ?
do you have anything to add to this one , chris , because I think this is just nuts yeah , uh , I mean , you pretty much covered it , but it's just this one's just like so funny , how , like I mean , maybe this is a prominent thing , but I've never seen this before where , like , they go to the point of actually , you know , getting employed by the company that
they want to steal from . And it's funny because you know we talked about this before we hit record but essentially , that means you're paying someone to steal your own data Because if they're an employee , they have to be cutting a paycheck to them . And albeit they are literally just a laptop that exists in some farm in Korea .
You know kind of they touch on these points about how they have these very simple scripts set up to maintain a persistent connection to the um corporate assets , um , while being located in Asia . Um , it's really like I don't know if it touched on it in here , but it's like that makes me like so many things are going through my head Like were they ?
Like under they ? Were they under the impression that the employee was going to be working out of Korea ? Because it seems like there's some very simple things in endpoint detection services that would pick up on some of this stuff .
I mean , it's very possible that this company was just not using a kind of modern stack in that capacity which is probably where they will be moving towards now which something that does posture checks and DLP and things like that .
But even , like you said , if they were using these kind of like sophisticated things to do like a remote access control prompt and do this all through zoom , like I don't even know if that would get picked up by something like dlp because , like it , yeah there's so many layers to this where things are going to get encrypted and like I don't I don't know
exactly how you would detect this or plan for a detection like this . Like this is like , like how do you , how do you like tell company a bc to to protect against something like this ? Like don't hire fake people .
Like I don't look , it's crazy , because they were going as far as capturing uh art packets and sending them over web sockets and stuff like this is , this is nuts . This is so sophisticated um , and I don't know how a dlp or an edr , you know , could have necessarily known to look for this .
Right , Very , very I mean to be honest , pretty cool , Pretty cool that they were able to do this .
Yeah , I got to say I'm actually mad respect actually for this type of cyber attack . That's impressive .
Yeah .
It's like the True social engineering .
It's like the Baxter eating the . What is it ? What is it from Anchormanorman ? He's like you ate an entire wheel of cheese that's impressive .
Yeah , oh man , okay . So yeah , with that , we'll go ahead and uh and close up shop here
¶ Closing Thoughts and Additional News
. I hope you uh all enjoyed this week's news . If you did , please leave us a comment . Share it with a friend .
That being said , do check the if you want more . Check the news doc , because there was actually quite a bit this week that we didn't get to cover .
There was actually a cool article in there about a project called MPIC , which is focused on preventing BGP attacks with their certificate validation Something that Tim and I did not have time to become experts on to talk about before this , but I thought it was super interesting and I will be looking at it after the show .
But yeah , definitely take a look , there's plenty in there for this week .
Yeah , there's more than usual articles , Some funny ones too . But yeah , take a look at the article . Sorry , the news , my God , I just lost it . News article and news articles , I guess . The document , the document , yes , Thank you , All right , and with that we'll go ahead and uh end it here and uh we'll see you next time .
