Axians Network S1 E4
[00:00:30] Hello and welcome to the Axians network for those of you who have tuned in, hoping to hear discussions about the chance of a mike sorry, this ATP we’re discussing today is Dupas Advanced Threat Prevention, and he was made to do that.
[00:00:43] Oh, Mike Berkovich. So cybersecurity specialist at Juniper Networks, 22 year career in Italian telecoms, 21 of those with a beard, as I understand it, more or less. And Mike, one of your many career highlights include selling the first generation of Internet security. I’m very tempted to ask you all about that. I think that would be a whole episode in itself. And more importantly, hey, you have a master’s degree in astrophysics. That’s what I paid for sandpaper. So astrophysics to cybersecurity, it seems like a natural transition. I have to say so. Thank you. Twenty two years. Welcome, Mike Russell. 22 years also in this industry, but with no beard. And so you guys could be the face, facial hair, the yin and yang of cybersecurity, that’s for sure. Russell Presell consult with Axians specialising in cybersecurity. But I think it’s fair to say that you’re considered by many as a subject matter expert in the field. So, again, thank you for your show. Right. So we’re going to be discussing Juniper’s advanced threat prevention today. And I think some context is needed. So on a weekly basis now, you can’t escape sort of seeing or reading about data breach here, hack. There is now new variants of older malware that are reappearing, has to be said. So worth getting a view from me base, I guess, into the current and emerging threat landscape. So, Mike, if you want to pick it up first.
[00:02:04] Sure. Absolutely. Thanks, David. I would say probably the single most single, most obvious trend over the over many years now has been what we call the industrialisation of malware. But what that really means is the evolution of threats, malware, viruses, bad actors, whatever you want to call them. The evolution has gone from typically a man in his in his home. There have been women who are who are famous hackers back in the day. Some men are women, but individuals, individuals who were doing this as a hobby. And it’s evolved from that state to a situation that we have today, which is the almost turning it into a profession, turning it into a big business, turning it into a huge financial opportunity. Now, some of that is actually directly related to organised crime. But most of it, in fact, we could say almost all of it has has gone into a business that’s there to capitalise on the financial opportunity.
[00:03:09] So it’s this industrialisation and growth of malware that that’s really defined our industry for the last five years, give or take, give or take.
[00:03:18] So, again, I set the scene.
[00:03:21] And so what we’re saying is there’s a massive opportunity for the bad guys when we I think we discussed before the trillions of dollars of the opportunity, let’s put it that way.
[00:03:30] And then you’ve got organisations currently sitting across the globe that don’t necessarily have the the security tools at the moment to to effectively see the malware, find it and do something about it. Probably more importantly, there’s an issue globally, again, with resourcing and in in the industry at large. And the lack of resources means that, you know, the tens of thousands of the party being created within these companies are just not being seen or not being acted upon properly. So we call that alert fatigue out like white noise. No, absolutely. And so GDPR advanced threat protection or prevention. Sorry. So GDPR says it is marketing adjudicative threat prevention. GDPR gives it departments the tools they need to find and eliminate malware from their networks more quickly. And so my GTP, is it hardware software or does that depend on the use case?
[00:04:30] So where we started off with GDPR as advancer prevention for us, the GTP solution is an appliance based solution with distributed software. So really that’s just a fancy way of saying it’s both a combination of hardware and software. The and what it does, what it’s fundamentally been built to do is to detect advance threats, analyse them, to identify exactly what type of threat they are and therefore what they’re likely to do. And then to mitigate or gain in just plain English, you could say remediate, fix, but to solve the problem that the threat caused. And it’s this combination of hardware and software that a customer would deploy that would give them this notion of advance threat prevention and protection.
[00:05:15] So who’s it for is a particular market segment that GDPR aiming at or is it for everybody since every customer of ours, every customer of Axians is.
[00:05:29] Is potentially liable to the effects of malware. Yeah, we think that it is a solution for every kind of customer. Now, different customers of different sizes will use it for different things, something that’s common nowadays. And again, one of the emerging trends of the last few years has been the move to cloud based email. So anybody that’s either already got Office 365 Gmail or any Cloud email type of anybody that’s considering moving to that environment, we all know that email and web tend to be the largest methods of getting infected by malware. So any customer that’s considering moving to these cloud based solutions like Cloud email, they need to make sure that they consider an option that covers them in the world of events, threats for that.
[00:06:12] And that’s what GTP can buy them. Now, whether you’re a large customer or small customer, that that’s a valid solution for you. However, more specific cases, some large customers, what we would call enterprise customers, they tend to deploy advanced threat solutions specifically because they want to protect their physical infrastructure, whether it’s the routers and switches in the network or whether it’s the end point devices, whether it’s folks on their phones. So they’ve got a more direct use for just the protection in-house. And then lastly, some companies who are really proactive, let’s call them almost like threat hunters or responders, those companies, they have what we call an incident response team. So something happens and you call them to start to diagnose and fix the problem. Jay is a great tool for those incident response organisations because it enables them to do the incident response to fix the problem faster.
[00:07:07] Just to be clear, GGP, we know this is not rip and replace. This is this is just sitting on top of the existing.
[00:07:17] Yeah, absolutely. And we might go into a little bit later.
[00:07:20] And certainly I know that Russell is going to want to talk a little bit about how it fits into the into the services stack of Axians. But GDPR has been built from the ground up to be let’s just call it multi vendor environment friendly. But really what it’s doing is it’s enhancing any of the security you’ve already built and it’s not meant to replace anything you might have.
[00:07:39] Yeah. And and Russell, we know malware is indiscriminate at best.
[00:07:45] Indeed, yes.
[00:07:47] You mentioned some of them, things like target analysis. The opposite problem for everyone else is we didn’t talk to any specific vertical. You know, it’s all about improving, augmenting the security posture, intelligence and insights of any given environment to effectively deal with malware in a more efficacious manner.
[00:08:02] Mike, you mentioned small organisations or small companies say small businesses or small and mid-sized businesses tend to like scalability.
[00:08:11] So JCP is scalable.
[00:08:15] So so I would say not only is GE to be scalable, but it’s let’s be specific on how you scale. And for some reason, you said they tend to like scalability. What we’ve been finding is they need the scalability. So you can scale in our in this example, I think you can scale in two ways. You can either scale by having more people or you can scale by the giving the people that you have tools and make them more efficient. So GTP provides both options and like everything else A.E does, it can also combine those options. So specifically around the notion of the more people since GTP is has been built to provide that extra layer of visibility and also that extra layer of of of ID almost thought or analysis. It’s like adding virtual people to a team. It’s adding those security experts that you may not have in your team or to augment the ones that you already do have in your team. So there’s that there’s that element of scalability, which is relevant for the SMB type of business that may not have the budget to hire as many security people as they’d like or anything. So you scale that way almost as virtual people. But then there’s also the make them smarter at what they do, make them faster, make them more efficient and what they do.
[00:09:32] So in this respect, what GDP is doing is it’s a tool that’s providing you that rapid analysis, rapid response, sorting the wheat from the chaff, almost, if you will, so that the few security experts you have, what they’re paying attention to really matters. And in this respect, it’s almost designed to get away from that whole alert fatigue, white noise issue that we were talking about earlier.
[00:09:55] If you’re going to raise an alert, make sure that it’s really, really relevant and that the machine has taken out most of the most of the pre thought, if you will, leaving you, the human expert, to think, wow, this is a tough problem, we’re going to be focussed. Yeah. So that’s how we would say you achieve scalability either through these virtual resources by deploying GDPR or through the real resources doing what they do faster and better.
[00:10:20] I suppose there’s another consideration here as well as if you’re if you’re a small business to outsource. So is there an advantage for customers to outsource a sort of a threat management solution like JCP to a company like Axians, for example?
[00:10:37] Sure. I mean, I think as with any outsourcing, there are obviously distinct advantages and disadvantages. I suppose the first wave look at GTP is a tool that stops increased malware in a more efficient manner, depending what that expertise is. Depends on whether you want to sort of take that solution in-house, whether potentially you want to outsource that. As Mike was rightly saying, I think a lot of it sort of improves the ergonomics of things, you know, allowing security practitioners or engineers to really focus on more innovation, if you like, sort of more of that esoteric, more advanced security. You know, we’re trying to really automate a large process of that more mundane, sort of low lying if you feel like security problems, if you like. So in that respect, yeah. Helps you improve. Certainly for those that maybe lacked the in-house expertise or the ability to be able to outsource or maybe where they need scale without the socioeconomics of managing and maintaining large distributed systems and certainly delivering these elements of the Cloud or maybe through nemesis people through an outsource, their method is certainly probably more viable option.
[00:11:37] Yeah. And of course, that’s where the systems integration work Axians has a sort of large part to play on, sorting out integration, the deployment, the support and things of it.
[00:11:46] Yes. I mean, GTP obviously supports a wide ecosystem of security vendors and technical alliances and obviously the Axians as a systems integrator, obviously well-placed to help fulfil that with the integration, deployment and support, there’s always a level of expertise that could be required to properly integrate any technology. And DR GDP is no different. Axians generally takes a consultative approach to these businesses to ensure the environment is fully primed.
[00:12:11] So Mike, no surprise then, JCP is just one of many security solutions on the market.
[00:12:18] So how does Juniper differentiate from some rival threat detection platforms? What’s what’s what’s special about Jayati Ghosh? Where to start? There’s a lot, but a very open question for you. Yeah, let me think.
[00:12:33] Well, I’ll tell you what, rather than read out in my head out loud, so to speak, a spec sheet, I’d say that there’s probably three yeah. Let’s let’s say three sort of main differentiators, or at least the ones that I’ll highlight.
[00:12:46] So the first differentiator is, is is in the what we call the architectural choice, but basically it’s how the thing is built. And GTP is using the newest, the newest technologies in its underlying engine, the newest technologies for detecting and analysing malware, a unique combination of of behavioural analysis, artificial intelligence and and and and and combined with the hardware and software that, as I said before, is unique to Juniper. So that’s the first differentiator it’s using. It’s using that new layer or a new level of technology.
[00:13:24] That’s what you’re doing. It’s how you’re doing in that respect.
[00:13:27] It’s how we’re doing it and how what we’re doing is newer than what some of our competitors are doing. So that’s the first differentiator.
[00:13:34] The second differentiator is, is what I alluded to before about this option to mix and match the hardware and software, that it’s the deployability options that we can give our customers that I think is unique to us as well. And I should say unique. That’s not fair, but I think is a leader in our industry that we can offer our customers any combination of hardware and software to deliver this threat detection threat prevention solution. I think, as I said before, it leads us in the industry. And then lastly, and this is the one that that that’s that’s harder to quantify. But what is the most tangible and I like to think about it is where we differentiate because of the practicality of our solution. And by that, what I mean is that we recognised a long time ago that no customer has a single vendor environment and realistically, no partner of ours be de Neci, a reseller, a distributor, whatever name on a given. No part. No, no company. That that that’s that works with us. Offers just us, offers just one vendor to their own customers. Partners have multi vendor portfolios, customers have got multi vendor environments. Rather than try to force the customers and the partners who sell to them down the road. It’s all. It’s all or nothing. It’s also nobody decision made a long time ago. Let’s be practical. Let’s work in the real world. Let’s let’s build a solution is going to completely interoperate in that kind of environment and even more so and interoperate. Let’s build a solution that enhances what everyone already has in place to begin with. Again, getting back to this notion of it’s not a rip and replace technology, it’s additive.
[00:15:14] And I think it lends itself to to, you know, partners like Axians and in your suite of service offerings to say, look, we can offer this and that’s a customers. But but if you want Juniper, you don’t have to make massive changes to your network. You don’t have to reinvest all over again. You could just add it to it.
[00:15:32] And that’s an important consideration, I think, because often we have this concept, the security lock in, I think particularly this open nature of communication in this day and age. And that’s also what people want.
[00:15:41] And the ability, as I said, to go to drop into any heterogeneous environments, what is obviously a key selling point within that particular interesting process as an integration partner with Axians, as you say, in the multi band The World, as I said, it’s important to be a vendor agnostic you like.
[00:15:56] So I guess you’re you’re doing something different. It’s very deplorable. It’s motive. And so I’m taking that GDPR can be deployed everywhere.
[00:16:08] In sure, even anywhere, in short, everywhere, anywhere, yeah, absolutely can be what you would do with it. We’d want to be a little bit more specific. I, I as a general representative would say you’re welcome to download it and give it a trial. But like any product, what looks simple, that simplicity is hiding a lot of sophistication in the background sophistication.
[00:16:32] I was just going to say this whole thing because you’ve got it’s like all shiny new things. That generally means some kind of investment that.
[00:16:39] So you’ve just brought it up. So I’m going to pick you up. And it hit him behind the scene. Yes. So there is something that I try before you buy. Is that what we’re talking about here? Yeah, exactly. So but again, let’s be careful.
[00:16:50] You can absolutely download and try be software free of charge. Not a problem, but to maximise what you get when you’re doing that, try and buy.
[00:17:00] We always recommend for customers to go through partners, partners like Axians, because you guys are the ones that have the actual systems integration expertise to take this tool and actually, you know, get the most out of it.
[00:17:13] Yeah, we fully concur with, you know, Axians of Sibley’s to ensure the best possible experience, the proof of concept or evaluation. You I would always recommend this is supported by an integration partner. You know, although GTP, like most technologies, has been streamlined for deployment, ease of use, you know, it’s not as simple as plug and play. This is where obviously the level of expertise comes in in terms of integration in a multi vendor environment.
[00:17:35] And it’s important, you know, as I said, to have something of that level to assist with that.
[00:17:40] OK, so we’ve talked about the who might want it and and why they might want it and how does it work.
[00:17:46] So before we talked about this combination of hardware and software that’s still exists. But let’s go into a different concept of of NJT. There’s this notion of the core and the collector. Now you can have a physical box or virtual ice box that has both the core and collector components built in. And broadly speaking, what you’re looking at is a core which is doing the analysis and the collector, which is sending information to the court.
[00:18:14] And as I understand it, you can have as many collectors with Jaideep as you want the prolific.
[00:18:21] Yeah, you can have as many as you want. And they’re also free of charge. And because again, the strength of the solution is the more data we can collect, the more data we could send to the analyser, the better the results are going to be, the more effective the whole entire solution is going to be. Equally, why you want a lot of collectors is this notion of being more efficient later on with when you mitigate, when you remediate, you want to be able to fix problems faster and ultimately you want to be able to fix problems automatically. It’s better to do that when you have a wide array, wide sensor base, if you will, but a wide array of collectors. And so that’s why the solution in how does it work? We split out the functionality. Like I said, if you’re a small business and you don’t necessarily have such a large network environment and have so many devices you might want to protect, you can combine the coin collector into one again, one solution, one box, one piece of software. But generally speaking, most of our customers, they split it out between having lots of collectors of all different types. And let me get back to on just a second and then and then the core, which is the analysis now, lots of collectors of all different types. This is really key. And this is one again, one of our differentiators that I alluded to before.
[00:19:32] GDP doesn’t really care what the collector is. It can be a juniper product like ours or AIX firewall. It can be our vendors, our competitors products. So we will take input from Cisco firewalls, Palo Alto firewalls.
[00:19:48] We will work with endpoint vendors to protect things like laptops and what have you. Like carbon black. We’ll work with industry solutions like Nacke and to create policy and enforce it, we don’t really care. The idea behind the solution is, as I said before, we want to collect as much as we can in an environment that’s far more practical and then send that information to the Corps to do the analysis.
[00:20:16] That’s why it tends to lend itself towards managed services, so it tends to lend itself towards systems integrators to put it into an existing environment or simply just be one of the core of a new deployments.
[00:20:29] If you if you’re building out a new site and you and you’re starting to think about, well, what are the security issues I’m going to be facing today with this new company or new business location, if you start from the malware perspective, you’d started building it this way.
[00:20:43] So you build it from the ground up.
[00:20:46] And Russell, talking of devices, which we just have, what indeed.
[00:20:50] Yes. So obviously things like the emergence of 5G, the Internet of Things, while offering unprecedented opportunity, is also ripe for exploitation.
[00:20:58] Just another attack service to to to protect against, if you like, as you mentioned, robots to do this sort of coverage. You know, and companies are going to be important in particular, things like telemetry and analytics to be able to obviously do that.
[00:21:09] You know, the more coverage we have, the more we can see, the more we can ultimately take actionable intelligence on that. So that’s particularly important.
[00:21:16] OK, so we’ve just heard how the collectors and how how malware is detected. So once been detected, what does do with it then?
[00:21:26] Because one of the concerns in countries about where data goes and whether it’s done in-house in the Cloud or whatever. So explain the Rubrik. You can talk about that in the simplest way.
[00:21:35] It fixes.
[00:21:36] It fixes.
[00:21:38] It means different things to different people. It certainly does. And sometimes fixing it means that you can you can click the magic button and say, make the problem go away. Or again, this is the power of trying to integrate with other vendors. We can also share that fix this information with third party vendor products.
[00:21:57] OK, so if you have an event, an offending device or if you’ve got a laptop that has malware and it’s part of a of a of a network block or subnet, as we say.
[00:22:08] Right. The GTP software can be used to find exactly what’s going on, fix it by not allowing that malware to propagate anywhere else. But then we can also send a signal out to I don’t know if it’s a Cisco environment or you guys use Cisco.
[00:22:26] I think you could tell other switches in the network, oh, stick this thing in an isolated VLAN until we can actually clean it up properly. So it’s this it’s this fixing it means different things to different people. But I mean, I’m curious. So I know you guys offer that as a service, don’t you? This this whatever you called malware mitigation or. But but it’s but it’s like an instant response type of thing where you can go in and use some tools like GDPR actually fix the customer’s outbreak.
[00:22:57] There’s also Skype.
[00:22:59] It sounds very similar what we’re talking about, Russell, because we’ve done work around Skytop and indeed so that we don’t necessarily like with all sandboxing technologies, like we’ve all sort of functionalities built a physical network function Pannovate virtual network function.
[00:23:13] We always need the ability to be location independent, if you like. There’s always that capability to deliver things in the Cloud if appropriate, where it was all, you know, all the ability to deliver things in-house on-premise because obviously you have issues with data sovereignty and privacy for certain organisations that obviously don’t want to bleed or leak information out into the wider world. And in those instances, often you need that inherent capability of on-premise and often those things can be got potentially because of security reasons. One of the nice things about security, intelligence and threat feeds is often that information is shared. It’s disseminated across various endpoints. You know, often a lot of security intelligence is very isolated by its very nature. Now is a much a way to move within the industry to share that intelligence, particularly across using a lot more collaboration across the security vendors in this market space to be able to share information and also create maybe a common language so we can, as you say, understand these other environments. And in most environments on tumultuous market environments are generally a mix of technologies, switching routine or security and the ability to take generic security intelligence, if you like, to be able to use that information, to be able to enforce things throughout the network. You know, traditional network is is obviously most of the important points at the boundary. The network, obviously, with the advent of things like the virtual world, you know, we’re having a lot more things, what we call the Lapapo threat propagation, which effectively this east west traffic movement. And as I said, the tools of certainly the current tools, if you like, will protections just aren’t sufficient for that purpose. So we need a more holistic approach. And obviously, by federating a lot of this intelligence and sharing that intelligence with the network directly to any touchpoint to the network, be that a switch or router, wireless access point. And really that’s what we’re looking for. We’re looking at more embedded security, more ingrained security, more pervasive security. And these are sort of trends that we’re seeing.
[00:25:01] It’s worth pointing out, because I’ve had this come across a few different times, that threat, intelligence sharing, something exactly the same thing as data show we’re not actually taking customers files and uploading them.
[00:25:16] And again, as you know, as you know, right, and for your benefit, David, I’d say when I say we do end five and one, two, five, six hashes, we’re not taking the raw data and sending it up to somebody, say, hey, check this out.
[00:25:31] I thought we’d have a piece of this.
[00:25:34] We talk about metadata as the metadata can be various behavioural aspects of whatever it is or even, as I said, ninety five or check some sort of things. So we’re looking at comparing the signatures effect, which, as you rightly say, signature in the interest of privacy and the like. It’s that you’re comparing what you call metadata or even 95 signatures or Shaw or whatever it might be to validate the use of that of the stuff that is known versus stuff that you need to make the distinction between the two. I suppose they’re also employing a lot of machine learning, traditional things. A lot of antivirus solutions were based on, you know, static signature based heuristics which which serve the purpose to a point. The majority of malware now is so adaptive. Obviously traditional methods or approaches to the ergonomics is just not there. This is why more automation is coming in. Security, which is much that’s a good thing that we can obviously determine characterise things in a much quicker fashion beyond what humans can. The unfortunate thing is all the bad guys out there are also using those for nefarious purposes. So almost the point whereby we’ve got a machine to machine, but which is interesting because obviously there’s a whole other representatives where we could talk about that.
[00:26:45] I’m not speaking about the arms race now.
[00:26:48] Now, I want to come back to the data sovereignty piece, because that’s something that you hear about a lot, particularly with certain government or financial organisations. Institutions might as well give you the final word on that in terms of how GDPR or what the GDPR approaches around data sovereignty.
[00:27:08] Well, so to begin with, data sovereignty is not as much of an issue as it was some years ago. I think I think we are finding more customers, less so governments and more but more customers and customers of government institutions that they’re a little bit more relaxed in general about the idea of, OK, I understand that, that these checksums are going to go up into up into the Cloud to help secure the overall environment. We’ve got ample evidence of how we don’t transmit actual data. So I think our customers are getting a little bit more comfortable with that. Then again, for the customers that aren’t as as as Russell mentioned before, you have this option that we call air gapping, which effectively saying take to download the feed of what’s bad so you can update yourself on a regular basis on here’s a here’s a website I shouldn’t be connecting to or here’s some latest threat that that I know I shouldn’t allow to propagate in the network. But then you don’t necessarily have to share in the feed back upstream. So it’s effectively sort of like a one way communication. And then there are some customers that will go around and want or demand that the data centres, the cloud services that would the cloud that this connects to is a European cloud or their cloud. And those options exist. But generally speaking. What most organisations have to face in reality is that while they can control their own data set, it becomes challenging for them when their own employees will move to cloud based services, whether it’s going to be Gmail and Office 365, whether it’s going to be the problem of shadow I.T., which we’ve all heard of. You know, somebody just decides to spin off an Amazon server for a couple of hours just to try something out. Yeah.
[00:28:56] And and so, again, you can have a data sovereignty, aspiration, if you will, opposing a policy, but you still will need a tool because there will always be exceptions. And again, people will provide you that.
[00:29:12] We will do this. We always run out of time.
[00:29:14] And so I’m going to summarise and it was quite bluntly so GDPR say any vendor, any Firewheel, any employee.
[00:29:24] Yes, but we inside of June, but we like to think of it more as the optimal tool to put into your kit bag on how to deal with threats.
[00:29:36] As I said, yeah, this is a problem that’s not going away. Obviously, solutions such as GDPR are essential to detect, manage and remediate modern cybersecurity threats in a multi vendor environment.
[00:29:46] So thank you, Mike and Russell. Thank you. I’m sure I’m sure we could have much more time. And thank you for watching. My name is David 18. This has been an Axians network production on Disruptive Live.
[00:30:01] So, Mike, you’re an astrophysicist, astrophysics, Higgs boson, what is it about, gosh, the risk that we have to the integrity of the space time continuum?