Dell Technologies | Navigating the Road to Cyber Resiliency: Episode 2
[Music] begin Journey navigating the road to cyber resiliency welcome to episode two of navigating the road to cyber resiliency brought to you by Dell Technologies and their Partners at broadcom and presented by the cube my name is Dave valante and if you watched our first episode you know that we're delving into how to best protect your company and your critical data by developing the right right strategies for your cyber resiliency via secure backups and recovery and cyber vaults plus overall security education and awareness for all your employees we have some great experts with us today who're going to walk us through how to improve your overall security posture and your cyber resiliency So today we're going to hear from Aron Krishna Mory who's the global strategy lead for resiliency and security with Dell technology Services would expert security and cyber resiliency insights for you from his Hands-On customer work with Dell Services Now Keith Bradley is the vice president of it and security at nature Fresh Farms they're a fantastic Dell customer they've got this incredible iot and Edge Story they've got this Computing infrastructure and they suffered a really scary ransomware attack and Keith will walk us through how they recovered and then hardened their defenses and then finally Michael amb bruso systems engineer worldwide technology wwt Dell's partner of the year in 2022 shares some excellent insights into how to assess risk set expectations and deliver better outcomes for your cyber resiliency so without further Ado let's Dive Right [Music] In [Music] wow organizations face a lot of obstacles when they're trying to get to cyber resilient multicloud data protection yeah but it's a smooth ride if you're on the journey with d you're funny oh are there any chips left sure here you go [Music] yum perhaps you've been hacked or you just feeling exposed for many customers it's a bit overwhelming to try and figure out how to secure your entire state or even where to start Well we'd like to help we're here with Aron krishnna Mory who has a wide range of experience across all aspects of it management generally and security specifically Aron good to see you great to see you thank you for having me so you're very welcome so give us a quick overview of of Dell services and specifically the cyber security piece and your role happy to do it Dave uh super excited uh Dell's doing a lot in the security space we've been doing a lot for many decades uh what we're doing now is bringing together uh some key services that will help our customers really tackle this big challenge in cyber security uh we all know that Ransom ER is rising many of our customers are struggling and we see that across all segments small business medium business Commercial and even Enterprises some customers may have a sock and dedicated teams other customers do not have it but in general this is a widespread Challenge and uh it's really causing a lot of grief for our customers we know it I mean the stats are you know very probably more than half the companies don't even have a sock and so you know Dell what I like is end to end right small all the way up to large and we could spend a lot of time talking about the challenges that organizations face and I think that's been well covered but what we really want to do is share a framework we have we have a slide actually that you and I were looking at earlier Alex if you would bring that up and I want to understand sort of how you frame the conversation you know what you've learned over the years sure so look uh cyber security is really a risk mitigation conversation right um and what we've learned over many years of our experience working with our customers and really solving real problems for them uh there's there's this is one of the blueprints that's emerged for us and how we engage and talk to to customers uh there's three critical things in the blueprint that will help our customers not only prepare which is pre- breach uh what do they have to do and also help them think through God forbid something happen how do I recover my this is kind of the Cyber resilience conversation which is how do I understand both scenarios and be ready for it so the middle of this is this this this slide is where everybody has all the the the tools right we all know that but but start at the top here this is where what's interesting to me is you guys go in you do a portfolio assessment essentially and evaluate the risk is that correct that is correct so one of the most important things in cyber security is it is not just the ceso and their team that need to be worried about it uh the top layer is what we think of business layer risk layer we want the business units the it teams the application teams the risk teams the security teams collectively working together together and understanding what does risk exposure look for this company and it widely varies between different companies because they are in different stages of maturity and they have different priorities so we need to understand that risk appetite and exposure first and then understand and build that strategy right how are we now going to tackle it where should we start and what does next steps look like can you bring that slide back up because I want to talk about the bottom layer now as well so this is where you get into the the architecture explain what you've got going on down here yeah this is an interesting one so so this is your layer technology architecture um and the another way of looking at it is if you looked at some recent zero trust mandates the the NIS DOD model reference architecture for zero trust also talks about this as different pillars uh with the remote Workforce that we have today and the remote Target destinations that workers are going which is multi Cloud you now have a very diverse distributed Workforce accessing very diverse distributed applications whether it's private public SAS multiple forms so how do you now connect these different pieces together is where some of the new technologies are evolving and one of the interesting challenges is in the in the old model you had one data center one firewall you knew who was coming in once they came in you kind of understood what they were doing but in the distributed model you have to build security posture along the way right if I'm a user with a laptop and I'm coming in what applications do I access where do they sit how do I Traverse the network and how do I protect every piece of it so what you're looking there is the technology snack and we want to make sure that every piece of that is protected okay so this is like I said overwhelming for a lot of customers so we've got another graphic that I want to bring up because where do you start I simplif y if you could bring up slide two Alex simplify for the audience like where do I where do I start like I say either been hacked or I'm afraid I'm going to get hacked I come to Dell what do you tell me so um when you look at it from a customer Journey our first priority is understanding what exposures currently customers have today and we want to make sure we want to solve for that right so uh great example we had one customer that had multiple domains multiple websites that forgotten about it so when we do our attack surface management assessment we uncovered that these assets were out there exposed for the bad guys to operate on so let's understand the open vulnerabilities you have and make sure that we address it and while we are doing that let's also take a protection point of view right let's protect what you have God forbid the hackers came in we are protecting the data so can we double click on that second pillar here you know that's something that we talk about often on the the cube and that is the adjacency of data protection to cyber security our our audience has heard that a lot how are firms thinking about this adjacency how do you think about it so the one of the critical aspects of data protection is the recovery component right are we protecting the right assets do we understand what does a recovery scenario for a particular business process look like so when we talk to customers they have hundreds of applications they have some business process that has to come up God forbid they had a Cyber attack so understanding the priority of the applications protecting the right data isolating them and then having the ability to bring them back in an organized manner is super critical so you can now prioritize those resources for the most critical applications and from a protection standpoint we also extend beyond data protection which is where things like zero trust come in so and we'll talk about that but so you you're essentially connecting the architecture to the business process so there's a lot of dependencies there's multiple databases there's maybe multiple tools that you've got to got to deal with we always focus on the tools but there's a lot of other things going on in in the business what about that third pillar if you could bring that slide back up that idea of becoming more anticipatory versus being purely reactive what are the what are the keys there you've got this manag proactively let's double click on that so um we when you follow the journey and you have now protected your assets you've closed some of the exposures you put the right controls in place uh well you have to understand that every customer environment is dynamic users are going to come in devices are going to come in applications are going to come in and the threat actors are constantly acting every second of the day so you have to manage your security proactively you have to make sure that you're doing active threat management you're understanding through you're bringing in a lot of threat intelligence and and Dell for example we have a sock that spans 75 countries we have a lot of different threat sources we are able to bring that intelligence and understand if you're being hacked if you're being hacked we know what the connective points are so we can help you detect and respond very quickly you know one of the things that you know you see these Frameworks like the NIS framework which is which is great uh but it's a lot and I think organizations have trouble or operationalizing that is that something that you you hear as a frustration and how can Dell help them actually bring this to reality yeah so great question Dave um the the Frameworks are an evolution of what the industry has collectively understood over many decades so they are phenomenal guidelines for customers so n for example has five functions and if you balanced your Investments across the five functions your security posture is going to get better nist also has controls understanding those different controls and how do they work so with our services we take a pragmatic approach we have the Frameworks as a reference point guiding principle but we also look for common cyber hygiene when we work with customers there are some lwh hanging fruits you can attack and immediately increase your cyber security posture and then worry about the broader framework alignment and Regulatory and other alignments how does all this fit into every talks about zero trust zero trust is is everybody's on the path to zero trust but it's very challenging cesos tell us it's it's going to take 3 to 5 years which is kind of depressing because they got a lot of other stuff to do what's your take on zero trust how does this all fit in so first of all zero trust is not a New Concept it's been around a lot uh it's getting a lot of pressed now because the cyber attacks are continuing to grow and we need to find a really solid architectural Foundation that's what zero trust gives so when you look at many Security Programs customers are running today it's dependent on understanding of a few good behaviors but mostly customers are looking their needle in a haast stack is there a bad behavior going on what zero trust does it it shifts the Paradigm right let's focus a lot more on the good principles good behaviors do we understand our users what devices do they use what applications do they have and put the right Technologies to make sure that we are we are enforcing those good behaviors and it reduces the burden on catching bad behaviors right so that's the fundamental concept but there's lot of vendors with a lot of technologies that all have some aspect of zero trust in it what we are particularly proud in Dell is we are kind of bringing them all together uh so our customers have a better understanding of the road map and the other thing is we find lot of our customers at Brownfield environments so essentially where we are helping those customers is how do we how do we take those existing Investments and convert them into a zero trust type policy in architecture yeah so you mentioned needle and hyack sometimes it's like a needle and a needle um when people ask me why Dell I'll often say that the companies obviously got great Services capabilities but I want to learn more about the ecosystem particularly as it relates to security so we have a third slide that I wanted to pull out of the deck because it really does talk to this big theme today in security is how do I reduce the number of tools I have and there are a number of worldclass companies that uh can help you do that can help you consolidate and there's some listed here talk about your ecosystem strategy yeah that's another great question um one like you said there it's a highly fragmented industry because each vendor has solved for a particularly difficult problem but the burden is on our customers to put it all together the other interesting thing about technology security Technologies is they're not working on their own so for example uh when you detect a threat you want to cross reference that to open vulnerabilities you want to potentially cross reference that to your penetration testing and how the controls are behaving so what Dell is doing is we are working with the industry leaders and Dell is becoming the mssp the systems integrator and we are not just working at the level of putting Services together but we are working at the engineering level how do I now have secure API based aut how do we bring these Technologies for customers we want to onboard these Technologies really quickly and how do they all work together so we are playing a very pivotal role in bringing these leaders together and collectively we feel that we're going to have better better message for our customers and Sol it making it easier in a very complex World Aron thanks so much for spending some time and coming into our studio thank you Dave appreciate it all right keep it right there for more content on navigating the road to cyber resiliency this is episode [Music] too you really can't take a wrong turn on this road it's very H what's the word modern that's it modern [Music] when you think of farming what immediately comes to mind are the many challenges that farmers face planting fertilizing and harvesting drought irrigation and flooding pests parasites and pesticides but cyber security backup and recovery for farming not top of mind no one expects to be hacked but in fact everyone should should expect it even small to medium businesses and unfortunately even Farms current stats show that a business is hacked every 11 seconds by 2030 it's estimated that an attack will occur every 2 seconds so yes even Farms have to pay special attention to cyber security tune in for a short subject documentary presented by Dell Technologies nature Fresh Farms navigating the road to cyber resiliency a special presentation from the cube I'm really looking forward to seeing that mini do it's going to be available at the cube. net right after this episode we're back with Keith Bradley who's the VP of it at nature Fresh Farm earlier this year we had Keith on the cube and we took you inside the ransomware attack at nature fresh we're pleased to have Keith back to help the good guys get more prepared Keith always a pleasure to see you Dave is always great to see you too my tomatoes are almost almost there you know but not quite as beautiful as the ones behind you okay let's review let's review for the audience you got attacked what were the initial signs or alerts that made you realize that you were under attack uh the first set of alerts that came in were fairly easy to see um we got alerts that a couple servers came down a couple switches went offline and when I first seen the alerts I actually thought we lost one of our core switches it it just felt like that to be so I basically hopped in and ran to the office and to evaluate and see what was going on I figured it be a quick switch out the switch put a new one in place program it and this that and the other thing and when I got into the office I started to look and I'm like nope everything's running and then I tried to log in my computer and it didn't work and then I walked by one of uh the other Tech computers and I could see that dreaded ransomware screen up on the computer and I'm like oh that's not good and as they started to happen it continued to happen and uh I just ran and I just pulled the plug on the internet and stopped the feed and and started to evaluate where we were I bet your heart rate ticked up a bit H how did the attackers initially gain access I think it was through an open port wasn't it take us through what happened yeah so what happened is we had a vendor set up a a computer and they needed access to program it so they needed to gain a port access to remote into it to control the computer and program it up um I had been on site in actually Delta Ohio or other facility for them to do this and I opened up the Port Port was opened on Wednesday uh by the looks of the evaluation they got in on Friday and by Saturday they were ex executing their attack on our Network okay so was there anything else that you discovered I think you brought in an outside consultant in terms of like so they get into the port and then what happened did they start traversing horizontally can you give us any more detail up to the point at which you got that Ransom notice um so yeah they started traversing the network horizontally they kind of went all over they spread out they gathered more credentials from the system um and at some point in time they gathered an administrator credential that got them further and then they kind of had the keys to the kingdom at that point in time once that happened they traversed not only the Ohio network but they also went through our VPN connection to the Canadian office to the Mexico office to the to the uh Laro office and kind of took over everything um once that happened we there was no stopping them okay so you get a ransom note and you didn't you didn't pay the Ransom take us through that discussion you know why didn't you pay did you ever think about paying what was that like um when it first happened we really didn't know what to do we didn't know how to look at it and what to do and that's when we started Gathering our Consultants both from our cyber insurance that we had and even Dell technologies that came on site to to help uh see things well they didn't come on site but they did things remotely for us to help us gather what do we do next um there was a lot of conversations that the investigation firm had with the hackers to try to gain insight into what they got and to see what they got um but we decided that it wasn't in the best interest to to pursue it and that was suggested by not only insurance but most cyber attackers to just don't pay it it's not worth it and we were blessed enough to say that we were able to recover all the data that we were missing so we didn't really need to pay them to get anything back we just had to rebuild our entire infrastructure from the ground up and start going so how did you manage to regain control in other words how did you recover how long did that take um so the initial recovery to get us back to bare minimum was so the attack started about 6:00 AM 7 AM uh so 6:00 AM Saturday morning we lost basically everything in its entirety by about noon 1:00 on Saturday we were able to pick and ship product out of our distribution centers Again by our backup and recovery software we had nothing more than that we just had bare minimum to run and see where things are um then we started to actually evaluate okay where is damage what do we cover how do we recover what is the next steps and at that point in time we'd engaged with Dell to say hey what do we need to do this and how do we do these steps so it was a double dip so they ex expedit our deployment of carbon block so our carbon black was being in the middle of being deployed now we just deployed it everywhere found out what was the hash for the attack and the other symptoms they were seeing and we just blocked it entirely out then we continued to just kind of rebuild things and we continued to rebuild every moment of every second and it basically took us till about Monday Tuesday of the next week to to get back to a point where for the most part the end users didn't know it even happened um the longest part for my team was rebuilding probably about 300 laptops from scratch and some of them doing remotely so it was a busy time wow okay so all this was uh a catalyst as we talked about in in May to restart your journey to cyber resilience what else have you changed as a result of this attack so we not only changed how we look at things but how we do things we now make sure that the vendors are much more compliant with our cyber security policy we are much more adamant about what's open on our firewalls and how things are um we re-evaluate and even though our backup solution worked to recover for us we found that that six to seven hour window wasn't fast enough for us for recovery so we actually went out and rebuilt our entire backup policy and how we back things up and how we' recover then we Institute what we call a cyber vault which is basically a virtually air gaap solution that not only protects your data but analyzes the data to see if there's any hackers laying in weight in the data that is going into this fault so we really really started to look at how do we back things up every day and actively saying we don't want to do this we don't want to change the way we do it and this is how we are going to secure a network so you compressed your if I understand it your recovery time objective uh if if I got that right did you change the RPO or or were you comfortable with the amount of data that you were able to get back um we actually did increase it we uh made sure we were backing up every single thing now so every every single thing that we did was totally backed up and recovered now there were a few servers that we were kind of using but not needing to have recovered that we just rebuilt because we didn't do it but now we cover everything from a simple users text file to an AI algorithm that we have on one of our servers and your cyber recovery your cyber vault is is you said virtual so you are you thinking about an offsite air gap is that something that's in the future um it's possible right now again the the power protect ad manager that we're using right now that's ni thing we like is we can keep expanding it to what we need um The Next Step I think that we would do is we would have an air gap to one of our other locations so we would actually air gap to two different locations probably before going on the cloud more because we have such a diverse area I kind of like to say that we've built our own on Prem Cloud to make things work what would you tell somebody who let's say was in the position you were prior to the attack they they see this discussion they maybe see you you know your Deltech World interview what would you tell them to what advice would you give them I I would say to them is whatever you think you're doing today it's never going to be enough so you have to look at both sides of the coin how do I protect my network and yet how do I recover when it happens because there is no if it's always a matter of when like one of the things that I love from the intro was you know Ransom attack happens all the time and by 2030 it's going to be every two seconds So eventually one of those two seconds is going to catch up to you so be prepared on both sides protect your network from the attack and be prepared to recover from the attack yeah the statistics and the probability are not in your favor Keith you've always been a great friend of the cube and I know you've been loyal Dell customer that sounds like they they were there for you and your your time of need and you're repaying that with your with your your customer loyalty so really appreciate you coming back on and telling your story yeah I always appreciate tell and it's a it's a good sh story to share as I I feel like people don't want to talk about it they don't want to acknowledge that it's happened and if we work together it's gonna make it feel better for everybody fantastic all right keep it right there we're gonna have more content on navigating the road to cyber resiliency this is episode [Music] two cyber recovery immutability isolation intelligence zero trust just face it you'll never beat me at the Cyber resiliency game pretty sure that was a tie you [Music] wish we're back navigating the road to cyber resiliency this is episode two and Michael amb bruso is here with Worldwide technology Michael is a systems engineer with WT deeply understands data protection Dr cyber recovery architecture and much more Michael thanks the rest of it see good to be here so what's your role well first of all a little bit about wwt and what's your role there so um we're a large privately held value added reseller um across the market we were Dell's uh partner of the year last year and really we like to engage with um our oams and our customers to obviously facilitate add value and bring our expertise to Bear to help customers deploy the best data protection solutions that we can and and large is an understatement I think it's known that you guys are like 17 billion you know company I mean yeah very substantial player in the and and really working to double every five years and just very focused on growing the business it's it's a insane objective I love it um so simplification is a big theme in Tech generally but specifically in in cyber security when you work with customers you know what are you hearing where do you help them start how do you help them get started and how do you set expectations so that they're not trying to get too far out over their skis well that's the important thing is setting good expectations right I mean the first thing we need to do is is look at what applications need to be protected get a firm understanding of of what needs to be protected where the customers crown jewels help them understand what their rpos and RTO need to look like to ensure that they're going to be able to recover the data appropriately and then um develop a plan to execute on that and understand what those timelines need to look like so that when we do get into deployment nobody's surprised okay so so you start with sort of is it it's a discussion is it an assessment and what's the starting point definitely um start out with a discussion because you always want to have a conversation but then we can perform assessment we do app rationalization studies help understand the dependencies um obviously if you're you know protecting a large application you want to make sure all little pieces parts that go in there um are protected together things of that nature and then you know make sure you're engaging the right stakeholders as well in those early discussions okay so you've been at this for a while um I'm interested in the lessons learned from two perspectives one is from the many many years of experience you've had and then the the second is postco because pre-co people talked about zero trust but they really weren't serious about it it was kind of a buzzword now everybody's on the path and I think they're realizing wow this is going to take a while um all this h hbd work remote work and I know people are coming back to the office but still a lot of people working working uh remotely so there's sort of Lessons Learned you know pre and post and maybe you can share those with us Lessons Learned pre I think the the biggest thing again is that especially in large organizations this needs to be a top down scenario um if you try and work it from the bottom up it becomes very difficult because the first thing you do is walk in and tell everybody that what they're doing is not sufficient when it's a topd down perspective um you have to make sure that you engage both the security and the information teams and generally at the SE Suite so it's a c CTO CIO and the ceso all have to be on board to make sure that that's going to work in a coordinated fashion um and then the other big overall lesson learned um is don't try to boil the ocean from day one because that's going to result in a project nobody's going to be able to swallow postco really um what we're encountering is that there's a much greater awareness in organizations on the need to manage that data and protect it so what we're seeing is um you know more awareness of security out to the edge and the fact that data is not just always going to be sitting in the middle of that big data center in some centralized location also we're really seeing postco a lot of customers have moved a lot of solutions to cloud-based and incorporating the Cloud solution and understanding how to protect the data that's in the cloud as well as the data that's sitting inside the four wall so that's interesting is it relates to stakeholders as cloud like now become the first line of Def defense for a lot of companies and and yet in you know cloud is code so you get application developers that are actually being asked to secure yeah you know the infrastru that's not their well that's T Dev it doesn't need to be backed up no no no right so you know say so so in terms of the stakeholders how do you you know connect you got the infrastructure you got apps you got business processes are you bringing in line of business people is it the app Dev heads how do you deal with that that of think is is eventually what needs to be happening but again at the beginning of the day the SE Suite has to have a full understanding and then push that down from the top this is where we're going in order to save the business because you have to remember when we're talking about cyber resiliency these are existential threats to customers businesses you may not be there tomorrow you know this isn't oh we're down for two weeks because hurricane this is oh all of our data has been encrypted oh all of our data has been exfiltrated and that is you know it's a threat to the business that everybody has to be on board and and often to that point it often comes down from the board because they have the fiduciary obligation to ensure that the business is going to be there they're very much aware of these threats and the board and the CEO come to the teams and say this is what we need to do to make sure we're here tomorrow how much education do you have to do at the SE Suite level because I mean there used to be this mentality of oh you failed you're fired and I I think that's gone away has it and how much education less now which is great great and in fact at wwt we're really starting to lean into tabletop exercises for that it's really nice we're developing a script that essentially puts you in the room when a Cyber attack occurs and walks you through a typical response so that you kind of get a day in the life and we found that when we do these kinds of tabletop exercises especially with folks in the sea Suite that walk out with a much better understanding of um the potential downsides of doing nothing and of what mitigation would look like so it's like the empathy exercise you put the SE Suite in the SE Ops shoes yeah and and oh by the way what do you do when your chief operations officer is up backpacking in Maine when the Cyber attack occurs R yeah well and how do you permeate that so you got you got top down and then you I guess that trickles up you know and then you got the middle out meaning you've got all these let's face it bad use of behavior is going to beat good security every time time so how do you create that security culture is that part of what what you see organizations doing do you work that into this doesn't quite fit into the data protection Valu I mean the good news is is that you know from a data protection side I think for the last 23 years or so um everybody's kind of understood that you have to have your backups so if we can get the information technology and security organizations on board the end user behavior of protecting the data is generally already there which is very helpful do you think people I mean do they typically they must underestimate the scope of the problem and what it's going to take in terms of human capital and budget Etc right and that's it's really important to start setting those expectations early understand what the budgeting looks like and more importantly what the timeline looks like because if you underestimate the amount of time you're going to need to spend to do app rationalization and understand what you need to protect you know the whole timeline goes down like a bunch of dominoes so you know getting those expect set up front and that's something that we do a lot of with our customers at ww and those out of scope expectations that may be in the executives mind and you know what's it gonna take for me to solve this problem right right you know how much give a number and scary scary boil the ocean conversations and what we tend to do in those cases is really start small say what do you need to rebuild your shop Mr customer start with putting that in a safe location tertiary copy offline and then expand to what's the data that the business will be going tomorrow if you lose it and then move on from there so it's generally a kind of a better best good better best approach so as Watchers of the Seri know know a major Focus has been the adjacency between data protection and cyber resiliency so we've been asking all of our guest where does data protection fit into that Mosaic of cyber security well if you look at it and and we've been doing it this way for a little while from the the pillars of the the nist Cyber resiliency model um obviously we're recovery right we're the guys that you go to to get that data back and um you know that's that's the key feature functionality where we play in and one of the biggest changes there is now we're going from a a small scale recovery anticipation to a large scale recovery anticipation we got to get the whole business back as fast as possible um but we also fit into some of those other pillars right um anticipate one of the key things about backup is it touches every bit of data in the organization and if you can start to do analytics against that backup dat you can understand things like blast radius and infection time a lot faster um so we definitely see a lot of our OEM developing capabilities around that that we're then um evangelizing to our customers and then on the back end of that whole nist cyber security model um of being agile and learning to respond and kind of you know skate to where the puck is going um you know the bad guys are not sitting still they're learning they're developing constantly this is a constantly changing throughout landscape and if you're not you know every time going through and analyzing you know where could we make this better what's changed um that final pillar is I think really important to make sure that the data protection teams are engaged in you know so I do a lot of these types of interviews and people will often say you know look at the niss framework and begin to implement that and and that's Obviously good advice and there are other Frameworks as well but but customers sometimes have a trouble operationalizing it actually you know driv driving it through the business so that it can be continuously improved do you find that as a challenge and how do you address that um it's definitely a challenge because I mean organizations don't like to go they like to go okay this is in the done pile we're through check we have a disaster recovery plan we have a cyber recovery plan and when you come back in and tell them yeah and you have to test it that costs money and you have to then sit back and well how is the threat landscape changed and how do we need to change it there's always going to be resistance to that because it cost money and it gets things out of the done pile and back into into the two pile and nobody wants to do that so yeah um working with customers to help them understand that that needs to be done and modeling good behavior when we first met we were using this sort of football analogy you got two teams that are you pretty equal yeah and you're not GNA get a first down on every play you're not GNA not punt right right and they're gonna you use an analogy about watching film what was that they they're going to watch they're watch your highlight reels from your previous games and understand you know what are you doing and that's the thing the bad guys are looking at all the stuff that we look at they're they're evolving their strategies and solutions you have to stay ahead of that you have to keep working and understanding and getting educated um and that is that is really really huge because again you know hurricanes are not out there looking for soft targets right the disaster recovery and cyber recovery are related but very very different in that respect that you you know you're dealing with an active opponent who's evolving who's changing who's looking at your highlight reels who's you know studying your plays and sometimes it goes all the way up to state level actors you know I mean as the time of recording this we've got a lot of Health Systems in Conneticut that are just have no information technology right now this is a scary scary landscape and we're not just spreading fud so taking that metaphor and sort of applying it that's why I like the the sports metaphor because you know a coach will come up with some new whatever with like the West Coast offense when it first came out and then you know the defense had to respond to that you see it now with AI I feel like when you work with a company like a large company like Dell they had a lot of AI still have a lot of AI but they maybe had AI access to AI that the adversaries didn't have now all of a sudden chat GPT comes out the adversaries have you know they start to the light bulb goes off do you think that that in the near term that all this AI Buzz helps the adversaries more than maybe the Defenders um uh it certainly makes it easier it lowers the barrier of Entry right because if you're really clever you can trick chat GP and telling you how to hack a system and you don't have to have a lot of technical knowledge to do that used to be you know you at least had to understand the technology really well now you can have this you know AI spit out of script that will help you to subvert as system and if you can subvert a system you can subvert multiple systems etc etc so that's that's really the scary thing for me right now is it lowers the barrier of entry and makes this significantly um easier to repeat and to deploy these attacks we kind of saw this with ransomware for a while where you know you could go on the dark web and you still can and get ransomware as a service you know Outsource your it's a business it's a volume business um and that's that's still my biggest concern is ransomware for service or ransomware for State actors because you know all they have to do is succeed once and that's that's why we tell our customers customers you know you have to operate under the basis it's not a matter of if you're going to get attacked it's a matter of when you're going to get attacked it's not a matter of if they're going to get through it's a matter of when they're going to get through because the good guys have to win every time and the bad guys only have to win once so what's the one thing that you would ask customers to to to to to not do Andor do um the one thing that I would ask them to do is to really take this seriously and make sure that at the very least you have a tertiary offline copy of the um information systems and things like that switch records DNS I don't want to get too technical but the stuff you need to rebuild your shop that's square one that's the important thing and the one thing that I would tell customers to not do is to not don't make the ostrich play don't stick your head in the sand and hope this thing passes You by because hope is not going to be a solution for this problem and that recovery is not so simple right you got multiple databases you got multiple tools you got it affects different business processes so you really got to think that through yeah planning planning planning Michael thanks so much no appr pleasure thank you great having you all right keep it right there I'll be right back to wrap up and share some news with you you're watching episode two of navigating the road to cyber [Music] resiliency [Music] you know I don't think I've ever been on a road that's so simple to navigate well why do you think I let you drive oh you're hilarious [Music] Emy okay today we learned about Dell's approach to Integrated Security and resiliency and what that means Arun laid out key steps to take to become more mature in risk assessment and reducing that expected loss reducing that risk and the importance of a connected partner ecosystem and then we got into the anatomy of a realworld Cyber attack how one seemingly benign activity opened the door for a malicious event but most importantly how that experience reshaped nature Fresh Farms outlook on their security posture their processes and their entire culture for the better immediately following this episode tune in right here on navigating the road to cyber resiliency on this website for a special short subject documentary on nature Fresh Farms their operation their unfortunate ransomware attack and how they were able to successfully recover with help from their Partners at Dell then finally we heard how Dell's Partners like worldwide technology as part of their critical connective ecosystem are helping guide customers along the right path assessing their risk setting the proper expectations for Success developing individual plans and working hand inand to deliver positive outcomes for better cyber resiliency that's it for today stay tuned for episode three which will be live in our paloalto studio later this year in December thanks for watching episode two of navigating the road to cyber resiliency made possible by Technologies in partnership with broadcom we'll see you next [Music] time
2023-09-03 16:50
