Russian Cyberwar

So I actually found blue shift and PSIGEN when I was doing some research around ransomware and we wanted to have this podcast today because of the huge uptick in ransomware. From an adversary like Russia, and there's obviously threats that come from other adversaries as well. But there's the point is that There's a huge uptick right now. And. We went through a proof of concept with the blue shift X. DR technology. And we're very impressed and that vetted the solution.

Deployed at our our own environment, as well as our customers, because it's just such a powerful layer. Of detection. All at the network layer it can find lateral movement. And malware that may exist us on the network. Even if it was dormant and just became alive. Or if it's a new threat that came through either a phishing email or any other type of attack vector, but the point is that. If you have a unpatched system, if that was an exploit. And it came through.

The technology has what's called monitoring and blocking capability that integrate seamlessly with the security operation center or the SOC that. Is manned by cybersecurity experts, 24 7. That's looking at the data in real time. 24 7. To look for unusual activity and things like that before escalation can attack. And in the event that at three in the morning, when most people are sleeping the SOC detect something, they can block it then. And. When you get. To the office, they can then alert you.

And you can then. If there's any patches that need to apply or whatnot, then that can be done. But the point is it's a very powerful, proactive, Layer. In this defense against cyber war. That's what we wanted to go deeper into today. Yeah, so. hopefully that's a good overview so far. Yeah, that's a great. Oh, I was just going to say that's a great overview, Craig. And we really appreciate having you as a partner. And the fact that you guys are using our solution as well.

And you basically, we shipped you a cyber threat sensor. And basically I know that you guys are stalling within 10 minutes. And what basically that product does, is it. Does data packet level inspections and logging. So we inspect every packet. And moves in and out of your network. And then we applied multiple layers of layers, never security to it, including threat intelligence and intrusion detection and prevention, deception that were not. And a lot of other securities. Yeah, absolutely.

I think the big thing though, The game changer here that a lot of listeners. May or may not realize is that. They probably have a firewall. They probably have antivirus. But this is a very powerful, fairly new technology that they may or may not know exists and where it fits in their network. Topology.

And that's where I think that the proof of concept or POC methodology that we came up with together is very powerful because, listeners, if they work for a corporation or if they have a small business or even if they are at home and they're working. If they want to increase their cybersecurity. Maturity level. And get a new perspective and look through a different lens. This proof of concept. It's super powerful because it puts a sensor at the network layer.

And gives you visibility that you may not have had before. And like I was saying, you can see the, the sockets is analyzing these threats in real time, seeing the end user or the person. That is Manning doesn't have to be a cybersecurity expert. They leveraged the SOC team to do those efforts for them and on their behalf. As it's artificial intelligence and machine learning and algorithms, detect these anomalies, it blocks it.

Doesn't just tell you, Hey, look, you might have something suspicious. It actually blocks it and stops it. Yes. Until further investigation. And I think that's really the game changer there because there's a lot of stuff. That will detect, but there's not a lot of stuff that will actually stop dead in its tracks. And that's what I like most about it. I love the solution. I definitely don't think that, companies need to only have that.

Obviously they need to have other, training and other cyber security layers in place, but it's certainly a very powerful layer. And I think that as these ransomware. Attacks increase from adversaries. I think it's going to be an essential component. Of a company. And like I said, even. Worker working at home to protect themselves and protect the company that they work for. It's going to be a central in their cybersecurity stack.

Yup. Yup. And also Craig, we also paired a managed SIM, as you recall to the platform which collects logs from any device, whether it's in the cloud. The network, the server, the end point, you name it. And we upload these logs through the threat sensor there, and we can triangulate against it. So if we see something suspicious going on at the packet layer, we can go in and inspect the logs and. On a particular endpoint or server to do an investigation. Yeah, that's a good point.

A lot of people may not know what a SEM is. But basically it's a very powerful tool that aggregates those logs together just as Ted said. So a lot of the equipment or the network maybe you guys use Cisco firewall or Cisco SIS log. Services, but th these, all these appliances, they log everything, they log what's going in. What's going out. But a lot of people have really never looked at those logs.

Obviously cyber security experts have and do, but I would say that it's very rare that a, I would speculate when I say this, it's very rare that a business owner has ever seen raw log output from. Some type of network appliance, like a firewall or router. So what's powerful about the blue shift technology. The XDR. In particular, is that. It is that managed SIM and aggregator of all the logs from all your stuff, all your network equipment. And your stack.

And then picking it apart, making sense of it and having the sensor, Use it's artificial intelligence and algorithms, and then bring it up to the human level too. So if there's some suspicion there. A cybersecurity expert looks at it. And like Ted said, Maps it back.

But especially with this, that can really help. Not just the business, but national security in general.

Their digital x-ray machine or their MRI machine or whatever. Medical device may not work with the latest. And greatest. So it's really essential to have a layer of technology. Or layers, the XDR and the SOC watching. Things 24 7, because quite frankly, most companies, they don't have the. The manpower or the expertise to be doing those functions. So it's not only is it cheaper to outsource it? It's just mostly, oftentimes not efficient to bring that in house.

And like I said, it gives that visibility. So even if the client. does our proof of concept. They may think that they're clean and that there's nothing there. It's usually a very eyeopening experience. After 30 days. Of looking at all of the findings of what what comes up through this lens and. I like I said, I, yeah, I think that it's very powerful. I think it sheds light on. Maybe some people are almost too comfortable and think that their situation's better than it really is.

And I think that it provides the supporting evidence that, Hey look, yeah. There, there could be malware on your network. And unless you employ technologies like this and you start tracking it all. How else would, that's my take on it. Yeah. Yep. And I just wanted to add one more thing and Craig, and then our CTO. Always brings up during. It. Webinars and discussions is the dwell time. Is the impetus behind any attack that you ever heard about? Basically. Any ransom attack lately.

Just the news and the attackers are out there. And what does it get? It put a hole into your network. They are there for a long time being very quiet. And that is the dwell time. And this time between the initial compromise and the time that they are detected. And so I will, your compromise basically you'll either get ransomed or the hi, we'll let you know that some of your servers are being used in a specific away on an attack, but yeah, it's a dwell time there.

They may be in your network, just hiding. But, but yeah, that's uh, that's a good point. The other thing that I thought was interesting too, on one of the proof of concepts that we did looking at the report, is it. It will actually show. Data packets and traffic to other countries. So like maybe you're a small business and. Maybe your business is generally a local to wherever you are within a certain radius or something like that, but maybe your businesses.

And international, maybe you have no ties to China or something like that. So finding traffic, going to China, for example, if that's the what's found in the logs, that could be a problem, right?

I was like, maybe, if you just look at the colonial pipeline, That was just a small, a small little. Interruption, but it caused a lot of ham. Havoc. And. It just makes me, it just makes me wonder. You know what sort of. What are they going to do? What are they going to do next? And. And Craig and I were talking about this it, if you have the right. The cybersecurity. Practices in place then. That's It's A moot point.

So if you have something like blue shift, Watching and reacting and you have something like, keystroke encrypter. Or a file encrypter. Even if they do, if they have infilled. Infiltrated. Your system. They're they're not really going to be

But by having multiple layers, like XDR. 24 7 cybersecurity operation center. Encrypted data, multifactor data. Or multi-factor security and authentication at the data level. Proper training security awareness training. Which I've talked about many times. That's so important at the human level.

To make sure that you're aware of these latest threats to go through the penetration tests, to go through the assessments, the security risk assessments to know where you are, know where your gaps are, know where your vulnerabilities are. No, how to, how and where to focus. All of this is all part of a cybersecurity maturity model. And it's so important more now than it ever has been. And you mentioned the DIB or the defense industrial base. Largely is our consist of our supply chain.

I would just say, like I said before, assumed the worst, assume that the entire supply chain. I'm speculating of course, but assume that the entire supply chain. Has Russian malware in it. And that they're able to get at this stuff if we can. Cut the head off of it and put technology. And layers in place. We can not only stop it in real time, but then make sure that it doesn't get in there again. Yeah. I just, I thank you for bringing that up.

Craig about our charging plus and yet provides controls that allows us to lock down access to any sensitive files when we detect a potential threat or When the data leaves your end point and goes to the cloud or your. You email it to a trusted user. We protect those files with both encryption and multi-factor authentication. Which are both super powerful layers. To ensure that only the eyes that are supposed to be on it can stay on it. And nowadays I think those are yeah.

That was from guidance's initiative last year. Multi-factor authentication, Yep. Yep. Yup. What else? Aaron or Blake? What do you think what's your perspective? We definitely need secure ourselves. I. I I think the certainty, the unknown. As of right now, it seems like everybody's doing things in retaliation. Everybody's got to take measures. To secure themselves, especially with uncertainty.

And I'm not just doing this out of like fear monitoring, I think, now would be the time to reassess the security situation. Within your network and within your business. And it's not really incredibly expensive to do it's cheaper than having. A breach or a vulnerability happened.

Like I said, the security risk assessments, the pen test, all that stuff that you've probably never gone through. People did take this as a warning sign and EXACTLY. Yep. Yep. Which is alarming that they're not. Being serious. They think that they're. They feel that they, what they have in place, their antivirus, their firewalls is enough, but man, the hackers can get through. That's what, that's why I think the proof of concept methodology so powerful.

I think that when you prove it and you show them, look. Here's what your antivirus and your firewall mist. Here's how. If you go through a ransomware simulation, And we show how the threats can spread and how the files get locked up. And, if you don't go through those security risk assessments and those pen tests and those exercises in those drills. And I know it's not convenient and I know that it's not free. And I know all this stuff costs money, but this stuff. Interested to essential.

We brought up a great point, Craig, I think when you dropped off, I was going to interject, I think a lot of maybe a lot of customers think that an extra layer of protection and monitor. And managed stock 24, 7, 365 is expensive, but it's not, basically, as we have affordable solution, but I'm not going to go into the pricing because I'm gonna let you do that, but. I think they would be surprised. We've had. Partners that, we're quoting competitors and we came in at less than half the price.

Yeah. And that's a good point to underscore. People. Businesses consumers, they have this Belief that all of this stuff is so expensive. I just did a presentation for cybersecurity for North Carolina state university. For senior citizens because senior citizens are such high targets for cyber attacks. And a lot of the content and tips that I gave them and they were very happy with the presentation. A lot of them didn't cost any money. You know that multifactor authentication.

With websites that you frequent like Facebook or where, your bank. That doesn't cost any money. It's all about knowledge and configuration. But. Your data. And I don't know if you've ever seen that movie about Cambridge Analytica and how many data points that big data and companies like Facebook collect on people. That data is valuable. And it's profiling of people and hackers want it.

They want your data, they want your identity, and they want to leverage that for oftentimes criminal activity, extortion, ransomware. And there are things that a lot of things that can be done. To make people much more secure. I think once you hit a business level, though, obviously the stakes are higher right now. You've got probably employees that work for you. You've got. Payroll. And if you have what's called, No interruption at the business continuity layer.

Then now you've got a problem where. The bigger your company is the more of an impact that is. So if you got 10 people and nobody could work. For an hour, that's pretty painful at the salary level, but what if you got a hundred people? And nobody, now it's instead of hours, it's minutes, every minute is costing lots of money. So if you don't put in. These enhancements and you don't do the drills. You don't do the testing. Then it's just a matter of time.

And with the current landscape threat landscape happening right now. It's all real it's happening right now as we speak. And if you don't have the. The technology to detect and block this stuff. But you're good at get infected and it's going to be expensive. And the cleanup is so much more than what it would be to put in some of these inexpensive solutions. Yep. I agree. I agree. We have customers that, basically, they renew and they don't want. Us to leave them.

Liam. They believe with their solution. Right away. It's like that extra layer of protection. So we haven't. Then our customer basis growing with our partners. It's like you guys. Yeah that, that's what I was saying about the proof of concept. I think that's a very powerful way. To show a. A perspective buyer that might be. Skeptical. Supporting evidence and, A mountain of supporting evidence that look, Here's where you are now. Here's what you're doing. Here's your visibility.

And here's what you're missing. Here's how you fix it and it's not that expensive to fix it. And I think. It's also value the. At the end of the POC, we provide them with the POC report in our findings and stuff, which, I think it's. We fight, not just from there. Network, but also from the agents that we allow. You install it. And computers so we could get information there too. And,

It's just, they leave a computer open or a server open or something like that, god, there's just so many different ways they're getting through. Yeah. And I think that the thing to point out too, is that. The XDR solution specifically, is that the network layer. And I've RS is at the software layer on the end point. So there are different. Different technologies, different layers. That's why they're both needed the firewall. Obviously it's policing, what's going in and out of the network.

But the XDR appliance is looking at the traffic at the packet level. And analyzing that at the Sam level. The Mo the log aggregator. And then the humans, the cybersecurity experts at the SOC. Our analyzing that when it gets elevated from the algorithms. That needs further inspection, cancer screening, they use AI and machine learning to scan for markers. Because of the falling lift data. Because AI is really good at large amounts of volume and. Using algorithms.

And then when it escalates to a certain level or a threshold, that's when the humans or the doctors in this. Example, come in and inspect. So that's similar at the SOC level there. And then, moving on to the Sergeant plus with the encrypted data. Like when when I make recommendations to folks. In the cloud, if you're going to store data like for backup, for example, ransomware. The bad actors. They know that most people are really bad with backup.

They're really bad with making sure their data is backed up. And the company. Or the people don't want to go through the testing exercises to make sure that their data. Is usable and is able to be restored. Not only is it able to be restored, but how fast, how long does it take to restore it? Because, like I said before, if you're a large company, And you have an outage from ransomware or whatever the threat is.

Your recovery time, objective or RTO your time that it takes you to recover from infection. That's important too. So that now. How good is your backup defenses? How good is your restore? Do you have any kind of business continuity layers that can run the company while this is happening? Or is everybody just looking at each other? So these things, a lot of people, these are conversations and questions that. A lot of people don't.

Sit around the table and discuss until there's a huge red hot problem. Most people don't want to do things proactively, but these are powerful layers. That compliment each other and they're essential layers. And the more layers you put in place, the better. And the more systems you put in place and redundancies, the better. I like zero trust technology. It, I don't trust one vendor to backup my data. I back it up in multiple places. I use it leverage. Blue shift on our security.

But I think that's really the key here is layers more layers. And we, and what we have with our plant permits, Craig is we do intrusion detection and prevention, which means we, like you said, we expect every packet that goes in and out of your network. And we look for any kind of signatures of malware, ransomware, or any other kind of cyber threats. And. We also do threat intelligence, which means we block. Any device that tries to communicate with over.

500 million indicators of compromise and we load those indicators. I've compromise on our sensors every one hour. We also do deception with our platform. We try to trick those bad guys into 80 and our. Any pots. Both external to the network and internal to the network. And if anyone hits our booby traps, they get blocked immediately. So it's a very sophisticated. Lapse, whether we do yeah. Yeah, very powerful.

I think it's continuously advancing and every day, every hour, every minute it gets the algorithms get stronger and better. More data in. Better outputs. More advancements to the honeypots more advancements to the protections and the detections. Yeah. It's never a one and done, cyber security is always continuous effort. Yeah, exactly. We do have that network behavior risk monitoring, which we, when we do Aaron was moving to leading to.

With the algorithms that go in and weigh different types of traffic. Where the traffic is going and how is it happening and what exploit tents are happening and that working. We give you a risk score. To the customer. Yeah, which is what we gave in the reports. So they could see.

For agent-based robo detection analysis. Through our managed SIM platform. So it's you. It's a very powerful. Time for that. We have. Yeah. And it's multilayered too, which is what's what makes it so powerful. Yeah, I know. We had a POC and we provided a. A Walnut bowl T report to the customer. And I couldn't believe it. It was he printed it out. And I go, ah, you printed 700 pages and.

And get experts that are doing this day in and day out.

So definitely get started on that as soon as possible, especially with the current landscape.

Your vulnerabilities are through the roof and you absolutely have to have technology like this. At all the layers we described in place. Because you're at such a higher risk. And if an adversary. They know this and that's why attacks on hospitals and things like that. But this is what it becomes even more real, right? Because now you got people that can't get medical care or that are in the hospital that don't have any more care. And then people die.

There, there are people that have died because of ransomware attacks. And hospitals and, that's just really sad. That should not happen. Healthcare. Absolutely. Almost everything's at risk, but even healthcare I think is more so because of those reasons.

Put this on last minute, but I felt like it was like our responsibility and our duty to get this message out there as soon as possible, because. Before this,

Wow. And then Aaron, I also wanted to add one thing you asked about, there's, these hackers that will focus on one company and they are just there all day trying to figure out how to get in. Which is scary, yeah. It's really scary. If you think about it, most adversaries. Have Inexpensive or less expensive employment. Rates right. So I might get. More inexpensive workers, more bodies, more humans. To pound away at this stuff. So it's. It's just the masses that are just constantly hammering.

And most businesses don't have, like I said, the visibility. Or the capability or the defenses. To number one, see the risks, but also to stop and mitigate it. So they're neither. They should know that, Hey, there's someone that's been through. That's trying to get drew, And it's going to be matter of time. Yeah. And then once they're in. They're quiet. Yeah, that's right.