Episode 201 - Securing Remote Workers in the Age of Teleworking with DNS, DHCP and IP address management
Without Trust Society stagnates economies decline and. File my security media believes through security trust between individuals, organizations and government can be maintained. To this is August, security will great podcast. Welcome to the service. Kirti weekly podcast recording in Sydney and joined by Matt Hannah the by boxes, managing director in Australia, new, Zealand and regional director for the South Pacific and also desperate chick siles engineering manager for Straight Zealand invite blocks as well. Thank you for joining US having Chris. Five blocks We've interviewed before we got back to episode. One five three where we covered daynuss espionage couldn't cite correctly back then, either is actually DNS being odd was the the trick that we had where we talked about the mind. Nine asssistant daynuss infrastructure any action, and we had had the pleasure of Cricket Lubes either from the sites, visiting Australia at the Time Matt and Jessica. Vega delve into securing that remote with bullets that we've all been forced into. During twenty twenty, the Covid nineteen and the challenges that come with that I think we'll start off with you met in terms of what you're observing. I the last quarter of the last few months, as the will, but obviously in this region, the workforce has been shifted to that remote environment. And really did test a lot of enterprise business continuity planning, and it's not so much the disaster recovery. Business Continuity, isn't it? Yeah? I think you're absolutely right there. Khorasan against could be on the show again and. Thanks to having. We do live in interesting times I. think that not just for those in the workforce. But flies faster. We've got children or people who are studying with certainly a having some system strength upon networks upon workspace work environment, which are which are causing great flocks. I think for everybody is putting Tommy rising good point? Business Continuity Planning is is Britain's bus, but the size skyline. We really kind of impacting now. We see the kind of upswing from zoo from. From old variety of video conferencing solutions to really WANNA draw as a as a continuation workforce been quite staggering, but I think that you know one of the things that biggest concern is around his timeless securing you people and Your Business and your intellectual property. While we run the rush to do that, you know, we got some real concerns over enterprise vpn. And how that really has hunt through this covid nonsense? You mentioned the unintended consequences for mode access deployments scale and speed, which is really had an extension increase in focus cuts targeted tax by by by bad axes. We waited. You'll from from your plan. What were you observing in terms of? Not Justice Kyle bills That's because they go together. When you're trying to not just the business as usual, but your adapting the business a little businesses, Bain directly impacted in the having to adapt while sales manager of workforce, challenging to disguise, because it's not an that scale down as well as Skylab. So. What were your observations they? You know absolutely challenging time that as I said the the impact on the business had to be considered I as well as government regulations coming to say up Kennewick from Heim Umass, quick from high, and has taken some enterprise some time to actually achieve that. Yeah I. Look I. Think from point if you. A paramedic security paramount right so in the rushed upscale, and to get to a guess businesses normal scenario, depending upon what businesses we have, and there's been some tragic consequences off of Covid, nineteen and the lack of ability to touch on a main, just obviously recently, a big news Austin, being being virgin, and the Lucy of that in the hotel, industry and and other areas, but specifically I guess for the industries that way touch. The spade rapidness to get people connected a has to some extent, been the detriment all of the security of the organization. And the concern things that we're seeing the conversation we're having is. while that's very important connects hateful. We've seen a massive increases January. For example of sixteen thousand new New Koran related to my answer to registered as an example from them sort of same two thousand two hundred images suspicious, another ninety, three of those being used to serve Melwood. So you know you might say okay. I I M securing my company by providing VPN security skill set with education, but with byod. Multiple devices people are getting in and out of that secure networks a how you really ensuring that you are maintaining the intellectual property security of Your Business and the perimeter around this borderless world. We now live it. A great example would be you know. While we're seeing the impact upon retailers, and then driving I silence to consumers rashy seeing the same thing happening in document markets of an example police discounts on facebook account hacking, which is perverse in the extreme, but. market changes and shifts are affecting everybody so I think that you know one of the key things we need to think about here. Is that you know? While VPN is important. DNS Is the one thing that is really important. and ubiquitous that hackers have really kind of try to take hold-alls. Standards Trusted. And every network device for example which you'd pay sixty three, which is the Protocol Dennis runs on is by default, allowed everywhere, and this is a problem. This is a problem that isn't necessarily being solved that we weren't even necessary safety as your listeners and increased. We've discussed before. Monarch say two hundred hundred sixty dies, says you know this activity reminds dormant inside networks before we say? These things happening. You might good point there as well not only correct at companies might well already be compromised during that detection period now which can take a significant period of time associated with business continuity, planning how much or how many within the plans would be considering the uptight all the tax, and will most response from the sort of the black community to take advantage this, and they will increase that attack, so the the attack vectors, and also the threat landscape, also suddenly China's dive into Jasper at that point in terms of in your role as the engineering role what? Key Abilities met touches on obviously the importance of DNS. From an enterprise perspective, where would they have under ability? Be Sitting in. And what did I do to mitigate that? Yeah, thanks, Chris I think I'll go back to what what Matt has actually said prior on. That is as you live in this new. World where people are working remotely there is obviously a high chance. We've seen it. Absence by are not rising uptaken. phishing attempts and malware and bad actors. Jumping on the bandwagon with this covid nineteen thirteen right? And so as they infected in bring back into the enterprise on. We still contend. That DNS is a very important early indicator of looking at the levels infection, perhaps in particular organization, and so if you can bring that under control. If you can monitor that and use that as early warning system I think that will give it will essentially by time organizations to respond quicker and therefore contain threats that way. When you say that early indicator, maybe just explain the importance of Daynuss in the architecture and where? What. What should the posture have been with? Bill is even after the took effect. Yes I think maybe even. Five to five to eight years ago, you know the concept of filtering will looking at DNS as early warning system to look at. You know malware infections. Wasn't very common. Right 'em these days. However, we're actually getting customers coming to US asking how they can actually. enable. On queries responses just so that can actually analyze the traffic patterns, and so forth right, and so that's actually bringing to light the importance of DNS because it is a ubiquitous fundamental piece of technology a pretty much little. If any, I can think of devices out there. can survive without using DNS look ups. Right, so let's be the first point of. Chip Mao aware on will use that as a means to get out to see to service, commodity ulcers right so. Analyzing the Dina's response inquiries. Are critically important. Enterprise Network today, the potential compromise manipulation of the DNA would stop to impact those time responsive Yeah, yeah, you know way I. Mean we have a protocol blocks one threat defense. It's essentially a cloud managed. Security says. What it does is it brings cutting edge? Dina security onto market and not say cutting edge because and I get. There are many possible vendors out there that also claimed thing, but I think the devil's in the details, and if you must have the absolute vests. Security Service I think that you know we offer compelling product out. The in in the reason is because of the amount of threaten diligence, and that we supply to that the debt that we keep analyzing the streets as well as the machine learning algorithms in a I that underpins. On incentives, we do things like detecting domain generation algorithms will DJ's foss flux on Dina's based data, exfiltration and more recently What I think is particularly dangerous. Is something called alike demands? And these are the main, said that look identical to the real domains that attack is target, and so am as they send these through for example through a phishing email. is very very difficult for humans. I should tell it apart. And that's why we believe you actually need to employ machine learning to take. On Nash this Ad Justice saying I think that's an eraser very good point the in no way shape or fold his there one Tennessee. To solving. What is an incredibly complex and evolving? Threat Environment is, it is occurring I. Mean we all know that it just takes the bad actors to access something wants. To Be Successful. We have to game all the time I. Think the fact that DNA as a threat vector has really come about because of the amazing job. The industry has done. And we. Partner with a large number of all psyche security vendors because. Five years to really those fundamental change that happened and the intended consequence of. What he's a very individual protective. Varma Movado far wold intrusion prevention endpoint security next fall might really hard for the bad actors to get what they wanted. Whatever it might be and has realized that DNS was an easier way to get the problem, because obviously you know via DNS. They get to know who you are way. You are what your operating system is. What location you using would act. Like rat what? You're using so. That's wants to become the number one. A tactic says so. It really needs to be taught of your entire. I guess your security strategy, but it's a great one at this point time to be thinking about a not allowing VPN to be a false sense of security without putting achy fauna points on its as. Zada this is a fundamental of. It's pretty much how the Internet functions. All of this relates back to Jessica mentioned the blocks one threat defense. This is part of a management service. The DVD I seven assists Danish. They had to say pay an IP address management. Is that within blocks one or vase? So the separate Stan Line, because obviously these are the sort of the the network services that do night to be managed, kept an eye on, and and the other question would be. What are the alerts that come with? This as well is sitting in in the Sauk or at some sort of a network tool network management tool. Yeah, good question, Chris Censor firstly walks one is actually a platform. That Info Block wrote on several years ago now and we started from scratch with the intention riding it as a cloud native platform, so think about really light weight containers micro services that sort of thing you know, unlimited scale ability in the back in as part of that one platform with the first thing you know one of the first products that we rolled out as the threat park, which what we spoke about earlier is really a security says rider enables that deep dive in inspection around DNS queries and responses. You also mentioned that fundamentally it it goes hand in hand with this d I. Caught up his DNS, the TV, I P address management. That's also leaving rollout as containerized. Application virtual machine if you like, that can be rolled out. Very Agile in agile manner, cloud managed centrally. Scale and it's meant to protect in situations perfectly like this right where you have a lot of remote workers or maybe for distributed enterprise of have thousands, branches, or hundreds of thousands of branches, and these things will essentially collect a lot of that fundamental stuff. You know like it addressing dish down by the ACP. But it also collects analytics in around the DNS. Squeeze sulfonate protects it that way. So I would say that those are the core fundamental wouldn't technologies that enable us to provide the context as well as the blocking detection mechanisms, all ought to that. Chrissy also asked earlier about whether or not how this actually hooking to a security operation center on any thoughts right so this system obviously has long as API back in access to it, and we can proactively send alerts once we see something detect something. To any plethora of security stacks, new vendors and products out there, so I think currently today we would actually integrate with about eighty plus integrations. Vendor ungracious out there? So so this is this. This would be detecting network breaches, or would it be something deep? That might be. so the question he would be. What's the correlation to to it atop of a tight at tackle compromise that you wouldn't be saying it. Yet early indicators are they showing to the what type of attack? So it's actually a good segue into understanding how the attacks actually work. Initially Right A. Victim would essentially click on a link and it would do a look up onto. Potentially download something bad right. These days were seen instances particularly recently with this whole corona virus situation where. Bad actors with hosts, bad files on Google drive on some public domain, and so forth and they. Would you know that victim download that and that's what's called initial a dropper. Okay and once they run that it would actually then do another look up onto the commodity control site sitting elsewhere right, and then they would download You know further instructions on how to execute actions on Jacobs. The key note though that DNS is an integral part of this whole float. but it's also out of band. Right we are not in a Paler. Path right so. If. You think about it. If the first thing the victim does is do Adidas, look up for a dropper, right or even come out of control site and if you can block that. Peak Halo Happen. Right so that's that's one thing to recognize into very very good benefit onto the scale building early warning -tection system. Very early in that Sabat Q. China's that. It right that Reagan in a wine. Absolutely it breaks who? Goes out for C. Two sites that disappears. How does this and we bring that back on in terms of your role as regional? Director but also the managing director for countrywide. What type of opportunities are there? For that digital transformation because I think the the crisis. Gets everyone. Not just in the private everyone to reset and think about what's important. It would definitely P that it's accelerating that digital transformation are some of the opportunities because security often, should always be an eye, blah. But if you have good security. That that Brag Lash to go faster during your digital transformation. How you guys would say this. The role that you plans. Yeah, I mean I think it's it's. It's an interesting time. I think that we have to. Plan for the worst. Of Hope for the best and I think that you know whether we're seeing. Everything from how people are interacting with each other a digital means all the way down to how people consuming content, the massive upswing in east for consumers as well. We're seeing a real shift in change not. GOING TO BE ABELA for speeding up with the added digital transformation will that we've been living squad a long time. I mean if you lost couple of decades, I think you know my view on this is the you know. We built networks in a very different manner. In A and when we accelerate today's organizations, we now in every organization is being built today have to incorporate things like SASS multi cloud for jd, IOT SDN and similar concepts. To conserve both internal Bros outside jackass was difficult to do if you take into account, the results for network, fundamentals. it's not just intelligence. Reliability is about how you secured is networks so digital enterprises needs to be thinking about the security architecture differently because I mentioned before. You know we've had these very defined ways of which we've gone about how we have secured company Environments and Paradigm Shifts that we're looking at the. taught integrated networks that secured data center that's dissolving. That's going away because these concepts like multi, cloud and SAS. The changing the way the way revised copies, enterprises, and that perimeter the existed as we now talking about today's disappeared first I used soda. Voss has to do is Jasper's mentioned. Venus two terms when a device plugs into that network, the very first thing it does. Is that DNS Query Jasper mentioned and he says across any of those concepts like SAS. Multi cloud five, GNC, etc, etc, and before I city before it even authenticates DNS before the deepen an application fired up this DNS, and across all of those from concepts right and so. You know as I mentioned before. That's fundamental that knowing who they all say using all pregnancies in their own etc, etc.. And this context gives hackers the ability to access. Environments and we need to. We're trying to look at here. From the digital transformation. Success is context needs to provide that security so whether it's WHATSAPP social online purchasing that all centers around the contextual context connectivity that he's DNS without dns. Nothing can happen in the digital world hackers. I've taken hold of that as we've spoken about and it's. All the concepts respect dialogue linked, and they understand trusted I. mentioned you D fifty three before. Get through that again. This is the problem I think that without placing too heavily the I think we've we've in a unique position that we've solved. How do we secure yourself against something that is terribly trustees. How do we focused on de-westernising weaponising? Something that is trusted has been weaponized by those bad actors. Bothers Nation States by those Kitty scriptures I mean you know. We're beyond the Diet now and particularly. We're seeing this now. Where we approach networking like we did lost twenty or thirty years the transit years. Concepts like saw. Are Really important in how you take those solid lies and bring them together. To provide a common response to really accelerate that digital transformation journey. As is pointed at it's. It's foundational networking really at the end of the die. It's dealing with the the very first. Lia- and the most critical lack that bridge, or that part of the attack process than you've got to have new kid and I. Just wanted to add I. Don't know if it's a digital transformation June of withdraw. But I think certainly look, but you're just as early as yesterday by hosting a roundtable event for some CIO's nothing to a twelve of them, a dozen that showed up right and one thing brought me. Right was on every single one of them. We're thinking about the future right and what it holds, and what it brings undoubtedly in the last couple of weeks or months on there being reacting really quickly to this, you know this. Situation around remote worth right, but what's on your mind with? How is it going to change in next three months six months or twelve months only beyond right, intensive their architecture. Right so this situation. This global crisis I think has given them a reason to pause to rethink about new architecture. Going that's going to go in the future because this is not going to change anytime soon. I think the world has mentally tanks, and therefore it gives them time to think about the the digital transformation initiatives had a Had it become more secure on, and we still go back to the fact that you're DNS is fundamental, and it does not discriminate against any device. Works Against Iot. Mobiles laptops etc, and so I think it's it's a very useful. Point to shoot SPEC. I think also. That the thing is that the companies that are going to succeed out on these other ones that able to pivot quickly and take advantage of the market opportunities. It didn't exist before an exemplar, US company soaking record interesting model provides software Ed. For the health industry which we know is decimated, asked to covid nineteen. They should pivoted themselves to a position where before you can have a class of site twenty five people to creating virtual classrooms of two three four times that amount and adjusting go to market model to make those changes so. While we, drilling to the digital transformation elements that define security that define. Intellectual Property Control and There are some significant opportunities here as well for those companies are able to pivot the business and take advantage of the situation as well. Is that the business continuity tuning into the the new business normal in having to adapt that. Security Easel as fundamental regardless of what the digital planning. To be is happening. Security has to be there at the Pool Front, and it has to be his on as well as as being critical for the audience perspective at delays them with further rating on where this touches a role in my will be a role for some listening. There is a white paper available. Securing Ra might work in the eye of. In which walks through the autumns that we've discussed today. point to episode one five three, also in terms of at previous to be invited locks looking at the criticality. Obtain S, but in also it is one of those obvious ones that can get missed. We'd do often more cyber attacks, Saba. Threats This is really the fundamental of networking, and this is where it's really happening, so thank you very much for that James. Died would be joined by Matt. Hannah the invite boxes, managing director I dead and regional director for the South Pacific and Jessica Cheek, silence. Engineering Manager Australia New Zealand Jim Thanks for joining us on the security weekly podcast crater sex having again now. Listen is looking for. Authors I can't write and bullishness will be aware we will have background noises now that we can't control. loveliest heavy sitting out there with the goods chipping in the background.