Episode Transcript
[00:00:10] Speaker A: The 2020 Partners Dialogue sits at the edge of possibility, where security meets technological ambition. Anchored by Orcus and powered by cross sector collaboration. This forum is focused on one question.
How do nations stop consuming innovation and start co creating strategic dominance?
The 2020 partners even took place in Australia in Adelaide and Canberra. But stay with me, I'm bringing you all of the insights. I'm Carissa Breen and this is KB on the go. Let's get into it.
Joining me now is Paul Madison, Australia and New Zealand country manager at Strata Technologies. And today we're discussing exposure to hidden foreign interference and beyond. So Paul, thanks for joining me and welcome.
[00:01:02] Speaker B: Thank you. It's great to be here and looking forward to the conversation.
[00:01:05] Speaker A: KB so the way that you guys are sort of doing it stri is very fascinating, very interesting and I, I get excited about companies that are on a mission and they're, they're getting some really good outcomes. So talk to me about what's the main mission? Tell me what's going on in your mind.
[00:01:20] Speaker B: Look, Strider is a company that was founded six years ago in response to this sort of new and rapidly evolving geopolitical era. We find ourselves in where western nations are confronting competitors from authoritarian states like the prc, Russia and Iran who are leveraging their sort of instruments of national power to drive a global campaigns to identify and transfer disruptive technologies back into their innovation ecosystems to be applied for their geoeconomic and often military advantage. We at Strider Technologies are committed to protecting the ideals and the innovation of western societies. And so we are continuing committed to helping our clients in the private sector, in universities and in governments better see these state sponsored risks that are present across their enterprises. And we do that through the application of generative AI to identify large data sets globally in the open source. So publicly available data that we curate at speed to surface these risk indicators, decision quality actionable risk indicators for our clients so that they're better informed around the risk to their people, to their innovation, to their supply chains and ultimately to their brands and their recurring revenue. And while doing this we're helping a whole of nation sort of surge in our western democracies to better understand and mitigate state's forest of risk.
[00:03:11] Speaker A: Yeah, you raise a good point around like geopolitics. Right. So is there anything, and I know you can't go into certain specifics on certain questions, but how do you sort of see the state at the moment in terms of geopolitics? That's coming up a lot in my interviews, but also you seeing it A lot online now that's rising, et cetera. So how does that sort of help fold into the work that you're doing day to day?
[00:03:32] Speaker B: We can see and hear and read from governments, from heads of intelligence agencies, from politicians, from think tanks, universities. We can see the documented evidence of state driven campaigns to for example pre position code in critical digital infrastructure to identify and developing a disruptive IP that can then be applied to their, as I said, geoeconomic advantage while disadvantaging the potential for companies to grow and scale higher and prosper in our own nations. You know, in the United States it's conservatively estimated that IP theft runs annually at half a trillion dollars. The director of the domestic intelligence agency earlier this year for the first time put a finger on IP theft from state sponsored entities in Australia at conservatively $12.5 billion. And so this is a real issue. And companies C suites, they clearly want to protect, they want to understand how this risk surfaces, how it manifests and how they can better anticipate where it will appear and how to mitigate it. I mean at the end of the day we all need to continue to trade, to cooperate, to collaborate, to build for the greater global good alongside all nations, including those who we identify as authoritarian states.
But at the same time we need to have our eyes wide open. We need to see that this is a highly competitive global moment where clearly there are authoritarian states who have made it public policy to undermine the stability, the confidence and the gearing around what we have for so long described as the international rules based order that Post World War II US led world were underpinned by these core values around freedom, the independence of a free press, an active civil society, freedom of personal choice, all of these are under attack and it's profoundly sort of manifesting in terms of economic security now. And so Strider is at the forefront as a global company providing unprecedented access at scale to decision quality open source documentation around people, around talent recruitment, IP theft around supply chain compromise, screening for hiring in terms of insider threat.
This is what we are being able to provide our clients in the open source at a scale and at a speed that traditional intelligence agencies within government are not geared to do.
[00:06:36] Speaker A: Yeah, okay, so this is interesting now going back to your comment around open source intelligence or OSIN as most people would know it as well.
Some people get confused though and whilst there are companies out there that are scraping social media or open social media accounts etc to create intelligence which is helpful especially if you're hiring someone etc executive, you want to know what their views are and all that sort of stuff. What do you think sort of separates real sort of state sponsored and threat intelligence though? Because I sometimes I think people misconstrue the two and maybe don't understand that there is a bit of a difference.
[00:07:13] Speaker B: Yeah, some companies will focus on social media scraping or even sort of curating huge data sets of media reporting or think tank analysis or financial data coming out of stock markets and companies.
There's also deep sort of exquisite data sets that are generated by companies, by universities, by governments at all levels in states like China, Russia, Iran, DPRK, and indeed around the world that contain documents that, whether they're a patent record or whether it's some sort of registry data or whether it's a publicly posted sort of shareholders report these sorts of data sets at scale. And when I say scale, Strider has collected over 20 billion documents since the company stood up. And our intelligence specialists, alongside our data solutions engineers, will collect another 20 plus million documents a day from these types of data sets. Open source intelligence companies like ours are able to specifically surface state sponsored risk signals.
So when I say state sponsored risk, which is what our focus is, I'm talking about state driven policy programs aimed at driving global scaled activities to, as I said before, identify disruptive ip, identify the humans who are the great minds innovating and creating and driving this ip, whether it's from fundamental research, right through that discovery and translation investment, and to sort of scaled manufacture that entire innovation cycle driven by government policy to disrupt that cycle, to find the right people, assess them often to recruit them. We've seen countless examples of this. For instance, he was the head of the School of Chemistry at Harvard. Charles Lieber was running a talent recruitment program for the prc. He was arrested, incarcerated in the United States. He was being paid about 50,000 US a month to do this on behalf of the PRC government. And earlier this year he served his time, he was freed from prison in the US and turned up very shortly thereafter, I think as an emeritus professor at a university in China.
So that's just sort of one example how this activity occurs. And Strider is a company that actually is able to surface documents showing how this particular risk manifests.
[00:10:15] Speaker A: Yeah, that's fascinating though, isn't it? And I think that would you say there's been, as a general consensus, there's a trend upwards now of more this, this sort of stuff happening than before. And sometimes it's hard as well to get a specific answer because like, well before we didn't have as much Intelligence as we do now. So maybe it's the same. But what do you, what do you sort of think? Because obviously you mentioned before like 21 billion records and documents, et cetera, that you're managing and you're overseeing. Do you think that this is getting worse, this problem or I know it's not an easy one to answer, but like do you have any insight on that or hypothesis?
[00:10:51] Speaker B: We know that China, Russia, Iran are extremely active. That's not news.
Governments have been aware of this. Intelligence agencies obviously are tracking. But what has changed is the amount of data that's publicly available.
I understand that in the past three years as much data has been created worldwide than had been up to that point three years ago. In other words, the amount of publicly available data is increasing exponentially and it's being driven by the advent of AI high performance compute. And the AI piece is really important.
So the ability to use AI to search the global data set, if I can put it that way, and collect and then curate that data, to sift through it at the speed of AI and surface actionable risk insights at incredible speed, is what allows our clients to track in near real time their exposure. That's what's game changing here. It's not a question of whether the threat landscape is accelerating or the volume is getting greater.
What's really important here is that companies like ours are making a difference. We're helping big global hyperscalers as well as smaller supply chain participants in disruptive or critical technologies across the whole gambit, whether it's defense and aerospace, pharma, critical minerals, agriculture, financials and universities and governments, we're helping them all better assess, measure and see the threat landscape as it's reflected through our open source collection and then to better prepare and respond.
So in a sense, Strider is an engine for driving this whole of nation requirement that's building across western democracies to strengthen our resilience, to bring all of our instruments of national power together aligned in such a way that we are strengthening our deterrence ability here in Australia as a medium power alongside our allies to have an impact on the decision calculus in capitals such as Beijing, Moscow and Tehran. That's the power I think of a company like Strider.
[00:13:30] Speaker A: And so I'm sure if you can answer this question, but I'm curious to understand. So once you're presenting sort of this open source collection to people, companies, are they sort of surprised to be like, oh okay, well there's a lot going on here, or wow, that's quite in depth in terms of the fidelity that you're providing, in terms of the information.
[00:13:50] Speaker B: Surprise is, is one way to describe it. We'll talk to a lot of universities at companies and we'll talk to their chief security officers or the chief risk officers, or in a university, we're talking to their foreign interference or risk integrity compliance folks, research security folks. They all know that there's exposure, they all know that they are probably being surveilled or there have been some concrete indicators of state sponsored activity in the margins or perhaps even inside their lanes. But what I would say to you is that we quickly move from anecdotal thinking to evidence based decision quality insights at scale. And so when they see, for instance I mentioned Charles, Professor Lieber.
So here in Australia, when a university sees the degree to which one of their academics has been engaged with entities across China, Russia and Iran, and sometimes academics are active across all three, not necessarily for malign reasons.
Academics need to collaborate globally, they need to find research funding sources, they need to publish and they need to bring revenue and brand increasing recognition for the universities and they're incentivized to do that. And so it's not a surprise to see academics engaged in this way. But often for universities there is a bit of a jaw dropping moment when they see the evidence based exposure to risk that their people have been involved in over many, many years. What this allows our universities to do actually is to then sit with that individual and ensure that they are aware that because of their knowledge, their global recognition as an expert in particular technological fields, whether it's quantum or AI example, et cetera, then that they're better prepared to recognize the signs of perhaps being approached by a foreign entity.
[00:16:14] Speaker A: And then what do you sort of think moving forward now? So like you said, you know, obviously it's not about understanding the threat landscape a lot like you're seeing a problem and you're solving it pretty quickly. But what do you, is there anything that you can sort of like when you think about next year and the year beyond, what do you think is going to happen in this space? I'm just really curious to understand like where it's going to go perhaps.
[00:16:36] Speaker B: I think it's going to continue to evolve. And our collection methodologies are use of AI to curate the information to surface risk. That's all going to continue to evolve and I think we're going to continue to improve or expand not just the data sets, but the speed and the efficiency at which we are providing these insights for clients. I think this is an example of an industry led transformation in technology driving an equal transformation in the intelligence cycle. I think that governments will increasingly embrace partnership with companies like ours to drive the open source component of the intelligence cycle. And one of the advantages of surfacing decision quality intelligence through the open source is that it's not classified. That allows this kind of intelligence to be shared transparently, rapidly, with C suites, with university councils, with government departments, in a way that the traditional intelligence community, which is more focused on the curation of classified data, cannot. We're driving greater speed, greater agility, greater awareness of the global state sponsored risk challenge. And at the end of the day, we're building resilience, we're bringing strength and like I said earlier, we're helping nations strengthen deterrence. And so that's where I see this going. I see this AI powered data collection and curation and exposure of this risk challenge, driving greater resilience and strength and awareness and decision quality insights for our clients in a way that will help them better protect their people, their innovation, their ip, to assure their supply chains are trustworthy and to sustain their trust based relationships with funders, including governments. I just see this is all a very positive, forward moving development here in the West.
[00:19:02] Speaker A: Joining me back on the show is Jeff Lindholm, Chief Revenue Officer at Lookout Inc. And today we're discussing the increasing impact from mobile endpoint weaponization for credential theft. So Jeff, welcome back.
[00:19:15] Speaker C: Thank you very much. Good to be here and hello to everybody out there. Listen to the podcast.
[00:19:20] Speaker A: Okay, so around a year ago, Jeff, you and I spoke and you, I mean, look, you brought up some really interesting pieces of information, interesting stats as well. But now obviously we're a year on and I'm curious to see what comes up this year for you, what you're sort of seeing out there in the market. So on that note, you've said the biggest enabler of cyber breaches today is credential theft. So talk me through it, what's going on?
[00:19:44] Speaker C: Yeah, so if you think about there's multiple areas of breaches that CISOs and security organizations tend to worry about because they generally are very negatively impactful to the enterprise. And there's been a ton of them in the news recently, even in Asia and Europe. One of them for sure that's front and center on everybody's mind is ransomware. Another one people worry about. And it's more sensitive, I guess, depending on which industry you're in. But intellectual property theft is another one. So clearly if you're more R and D, Oriented and you have intellectual property, you know, if somebody steals that, your whole business is really compromised. So that's a bad type of breach. And then there's a tremendous amount of organizations that have some degree of responsibility in terms of security compliance. And so compliance failure is another one that people try to pay attention to and avoid. And a lot of that is around protecting people's privacy basically is, is the main thing and also making sure that you have robust security practices in there. So there are other ones. Those are kind of the three big breach types that people focus on again, ransomware, intellectual property theft and maintaining compliance.
And in what we found is that in the vast majority of cases, or at least, you know, 60% of the time, all of those bad things initiate with credential theft. They can happen other ways. Of course, you can have insider threat where nothing was stolen. You just have a bad actor inside the organization. And there's plenty of examples of that too. But the majority of the time it is credential theft that is sort of the gateway or what I call the weaponization of getting into the data, getting access to the data, moving laterally and finding ways to, to abuse, abuse that in case of ransomware, you know, they take your data, they encrypt it and then they hold you hostage to pay them for, for that. Intellectually, intellectual property theft is pretty self evident.
[00:21:46] Speaker A: So Jeff, if 60% of most impactful breaches start with stolen credentials, what do you believe the industry is still getting wrong?
[00:21:52] Speaker C: Then there's a few areas that are sort of responsible for that increase and the performance of credential theft. One is certainly that the attackers are getting a lot more sophisticated in their techniques to, to do that. Credential theft and AI is obviously the AI is a topic on everybody's mind, but the bad guys are definitely leveraging AI to, to fool people into sharing their credentials. And so the ways they're doing that are getting much more believable, much more realistic. And it's just getting harder and harder for the individual to know is this a legitimate request for credentials or is this a non legitimate request, request for credentials? And so that's probably one of the things that's driving the acceleration of this. And then I think there's, and we'll get into the mobility or the mobile endpoint sort of participation in all this as a growing element to that. But making, making sure you've got full coverage of credential theft protection across all varieties of endpoints is another one that people need I think, to pay attention to.
[00:22:56] Speaker A: Yeah. And would you just say, because things are spiraling out of control nowadays more than what we've ever seen, and I know everyone sort of says that each year, but what are your thoughts then on how, like, how people are sort of handling this day to day?
[00:23:10] Speaker C: Well, security organizations are typically well structured, well organized. They have incident response teams that are well prepared and armed to deal with security incidents.
Oftentimes they have both a reactive and a proactive component to that. So they're trying to get ahead of it while also trying to respond to things.
They have forensics capability, so if there is a breach, they can do a good job of kind of understanding how they got there, how that happened. I do think that there's probably, and maybe will always be, there's just a tension of the available resources and what they're dealing with, and that kind of ebbs and flows. But generally speaking, SecOps teams are really, really busy, and they're just getting busier because the attacks are getting more frequent. They're getting more sophisticated and sinister and harder to detect. And it's just a battle. But maintaining currency with sort of the attack vectors and the strategies that the bad guys are using, I think is really important, but also challenging to do because people are busy just dealing with the. The activity of the day.
[00:24:20] Speaker A: Yeah, absolutely. And then, so now I know that we spoke a lot about endpoint protection around, like, mobile devices, and this is part that. And this is a lot of what you guys do. Right. So I'm really keen to get into this because.
And I know we sort of touched on it last year, Jeff, because how many people are on their phone? People traveling all the time, they're on their phone. If you look at. I think I even mentioned this last year, the report that you get every week, how often, how many hours a day you're on the phone, it's quite a lot. It probably can exceed being on your laptop in some days as well. Well, so I want to talk through this a little bit more. We did touch on it last year, but now a year later, what's sort of going on in that space? It does seem to me, even on the podcast, I don't hear much about mobile devices or cell phone devices, like, at all.
So when I had the opportunity to speak to you guys, I was like, hey, this is a really big thing, considering we're literally glued to our phone. It goes with us everywhere. So paint a little bit of a picture about the space at the Mint and how you see it again with.
[00:25:22] Speaker C: The backdrop of what we're really trying to in general focus on here is protecting people from this credential theft because it's from there that all these sort of horrible things happen. And I think as, as time's gone on, we've seen the endpoint is typically the weapon or the weaponization platform that people use to, to steal. These credentials and endpoints come in various flavors. There's Windows endpoints and macOS endpoints, but there's also the mobile endpoints and the operating Systems. There are iOS and Android and people have done a lot of investment, a lot of development work and routine development to make sure that the sort of the Windows endpoints are very protected and very robust in terms of being the weapon for these credential thefts. But what's sort of silently been happening in the background here over the past few years is that it's really the mobile endpoint that is becoming increasingly popular as the sort of weapon of choice for credential theft. And I think there's a number of reasons for that. Certainly AI sophistication applied to these attack techniques span all manner of endpoints. But I think the mobile endpoint is particularly target rich because there's a much, there's much more of the human factor, or the human foilability, if that's a word that can be taken advantage of by the bad guys. We're on our phone.
Your mobile device is the device that you're on 24, 7. It's the device that you're on when you're not working, it's the device you're on out, out in the evenings. And so you just. The time span where that's a vulnerable endpoint is really, really long.
It also finds the users in situations that are not pure work situations where people might be more on guard against an attempted credential theft. And there's other things too, just human nature. When we're with, we have our mobile endpoints, we tend to be feel the need to be much more urgently responsive and immediately responsive. And the screens are smaller so it's hard to discern between what's a legitimate URL or source of engagement versus your laptop or your desktop machine. And so they're just inherently. The human factor starts to introduce that they're just inherently more vulnerable because of the way humans interact with a mobile device versus a non mobile device. And then there's also applications that operate on these mobile devices that are kind of unique to them, such as messaging applications like SMS or WhatsApp or your message platform of choice that's Really a mobile endpoint application and that's. And those applications have really been the target of some of the most sophisticated AI based attacks where those message exploitation techniques are just becoming really, really believable really. So people are really, really much more susceptible.
And now it's not just the messaging platforms, but it's things like AI creating video content that's fake or QR code readers that are fake or they're fake QR codes that need to be detected. They're not legitimate QR codes you think they are, but they're actually malicious. And so the sort of the span of utility of the mobile device, all the different applications you use it for, the fact that a human is much more human when they're using their mobile device because they're using it in all environments of work and non work and just the fact that we have this sort of need to be immediately responsive on our mobile device and it's a small screen, all of that sort of conspires to make them really target rich for exploitation. And so I think that's why, you know, we've seen now the mobile endpoints becoming a pretty significant source of these credential thefts, approaching 50% at this point. And I don't have the data to say one way or the other, but just as someone has been in the business for a while, I feel like that's it's growing a lot faster or it's taking share of that credential theft technique from the Windows environment much more to the mobile endpoint environment. And I think that's important for people to understand who are trying to manage the overall security of the enterprise and protect that enterprise from credential theft because the gateway to that may be different than what you actually think it is.
[00:30:01] Speaker A: So then can I just ask Jeff. Everything you're saying makes sense, right? So then it just.
Maybe it's me, I mean I'm in media so I'm seeing what's happening out there across the globe now. But is it that this just gets relegated? I think you asked you this question last year but this doesn't seem like the endpoint at the mobile and devices doesn't seem to be something.
It's not like people don't care about it. It just feels like as if we're going to worry about the network and then the perimeter, we're going to worry about laptops and but like mobile is something that is huge in terms of surface area, in terms of actual time being spent on the device, but doesn't feel as if or doesn't sound as if it's high on the priority list at the moment.
[00:30:42] Speaker C: Yeah, I think there's some truth to that and I think that's evolving to a better place. I certainly in my travels over the last year or more I'm definitely sensing an uptick in awareness, an uptick of an understanding that it is a an important threat vector that needs more attention.
A couple reasons why it's sort of lagged the kind of that Windows edr, Windows Endpoint focus and investment.
I think one is that in the case of mobile endpoint security slash management, the interconnections between security organizations and the teams responsible for the mobility platform, the devices, the digital experience of the employees in the past they were kind of very discreet domains I would say. And in a lot of cases, and this is sort of looking in the past, I sense there wasn't a lot of engagement between those teams.
If there was, might have ended up providing a better level of security than sort of not collaborating in that space. Now I've seen in the last year and a half much more collaboration, much more seeing security, much more proactive, understanding that endpoint environment and understanding the risks that endpoint environment was bringing to to bear. So as a best practice that collaboration between the mobility endpoint management people, the people responsible for the actual mobile endpoint environment and security, the more collaboration there's probably the better in terms of that outcome. And as I said, I do see that sort of naturally happening, I think probably as a result of the realization that the mobile endpoints are this increasing important surface area to protect.
But I also think the other challenge that we've seen or the thing that's kind of slowed that realization or epiphany that these things are a big security threat vector is there's a lot of misconception out there, I think, about how secure mobile endpoints are natively how they are to be secured. So for instance, some people believe that they're mobile device management platform, their MDM which is usually a system that's operated by the mobility teams, that inherently protects the enterprise from mobile born threats. And that's actually not true. It's a misconception. The MDM is essentially the enforcement point.
It does a lot of mobile management things, but from a security perspective it's kind of the enforcement point. But if you don't have the ability to detect things and have visibility on what rules are being broken that need to be enforced, then having an enforcement point without that insight is useless. And that's kind of what this mobile threat detection capability brings, it kind of completes the circle there. But again, some people just think that having that MDM is just sufficient for security. And I think that's a bad impression to have Some people believe that the mobile endpoint operating systems themselves are inherently secure.
And while they may be relatively secure in terms of vetting applications like the Apple Store or Google Play, they certainly do that. They make sure that apps are in those, the apps that are in those environments won't have malware on them. But that has nothing to do with the social media human factor attacks where people are using AI to spoof messaging applications, et cetera, or doing vishing that has nothing to do with the application. That's a native and net new threat vector for the mobile devices that the, that the operating systems have no role in. And you need an MTD platform to be able to detect those things and protect against those things. And then I think the third one is that there's this kind of passive reliance philosophy on just assuming that your Windows EDR threat detection and incident response platform is just easily extensible to protect the enterprise from these mobile endpoint threats. And it does take a fair amount of focus and specialization and innovation in terms of that mobile endpoint security that is typically not native and not the strong suit of sort of the Windows EDR players. So again, I think there's a, and there's more, but there's, there's a bunch of misconceptions that are giving people, I think a false sense of security.
But that needs to change.
And then as I start said at the beginning, I think there's this relationship that needs to be fostered and is starting to be fostered. I see it out in the, in the feel a lot is this much more collaboration, integration of purpose between the mobility IT teams and the security and SecOps teams within the enterprise.
[00:35:51] Speaker A: And do you think the situation that we're in now with the oversight, do you think it's one of these things that's just sort of randomly crept up on us? Because like Even the last 15 years of my career I've either had another device from the company that I worked at or even like earlier on, which isn't that long ago. Like if you look at 15 years, I guess it's long in the tech world, but we didn't really even have our work emails like on our phone really. So I mean this is what, going back 2010 maybe and even a couple of years beyond that, I mean maybe 2013, 14, we started to see a Little bit more. You get your work emails on your phone, but before that it sort of didn't. So do you think it's just something that has grown adjacent to our everyday working situation? But then people have sort of, it's just surprised us and we're like, okay, well now this is a problem. The service area is huge. People are using it a lot more, even more so than our laptops. We got to do something about it.
[00:36:48] Speaker C: It's crept up on us because it has evolved. If I look back a couple, three years ago, or maybe in before the explosion of messaging and social media, the primary domain of focus from a mobile endpoint security perspective was to just do the hard work to make sure that the apps that you were using on your phone didn't contain malware. Right. And so people relied on lookout because we actually vet 300 million mobile apps for malware, believe it or not. 300 million. It's hard to believe there's that many mobile apps out there, but there is.
But also, you know, certainly, you know, Google does that vetting for the Play Store, Apple does it for the App Store. Apple App Store.
So I think there's been a lot of good work to do a reasonable job of assuring that the applications that you're loading on your device are not full of malware. It does happen and it still happens. But I think that's something that's going to kind of had a lot of focus and work done on it. So application malware was kind of the what people were focused on a few years back then. There's also surveillanceware, which is people loading software into devices to watch what you're doing.
That has different degrees of impact depending on the kind of organization you're talking about. Right? If it's a strategic national security person with a device, you don't want surveillance ware, whereas smaller enterprise, probably they're not going to be targeted for that. But I think the real thing that's kind of exploded on the scene is this whole social media and messaging adoption by all employees of all companies. In most cases, whether that's a BYOD device or a company provided managed device, they're still very exposed to these rapidly emerging and enhanced AI based attacks for leveraging social media and the human factor. And that I think is that I think has blasted on the scene in the last 24 months in a major way. And I don't think people necessarily predicted that and are necessarily prepared for that today.
[00:39:01] Speaker A: And so Jeff, what do you think sort of moving forward, how do people sort of Prepare for that today and tomorrow and the next sort of year given, given your tenure in the space, but also like you're out in the field talking to customers every day about this sort of stuff, right?
[00:39:14] Speaker C: Yeah. I think first there's the recognition that if you're with me on this, on the notion that it's really the credential theft that is the kind of the smoking gun on data exfiltration, lateral movement which results in all of the various big horrible breaches that happen.
I believe that if you believe that, then it's like where is that credential theft happening? And I would. And I believe that given that the mobile endpoint is, has become the sort of the weapon of choice to accomplish that on the part of the bad actors, there just needs to be a recognition that the mobile endpoints are becoming equally vulnerable to any other kind of endpoint. So once you come to that conclusion, then I think it's like, well, what am I doing in terms of my understanding and my management and my protection for the enterprise from these mobile endpoint specifically threats? And some people may be very much ahead of the game and have a fully deployed MTD system and they have telemetry on their mobile environment, they have an integrated MDM and their, and their security teams are able to ingest mobile endpoint specific telemetry and threat intelligence into their siem. So they can, you know, their incident response organization is completely across all manner of endpoint attack techniques and data. That's sort of what good looks like. But the question is where is the any enterprise on that continuum? And I feel like there's a lot of them that are sort of in a underdeveloped state to be properly protected from these mobile endpoint based attacks. So it's I would say just like think through what does your security environment, technology playbook, incident response, adoption, forensics, are they really prepared equally well from the onslaught of these mobile endpoint based attacks as they are with the conventional kind of laptop, desktop kind of attacks. And I think in a lot of cases they just haven't gotten to that level of sophistication and completeness to be protected across that entire spectrum of endpoint.
So that's obviously that's where Lookout plays. We're very specific and focused security company that, you know, builds systems to gain telemetry from those mobile endpoints, detects mobile specific endpoint types, styles of attacks to get that credential theft accomplished. And then we've done a ton of integration work to make it easier for customers to adopt these practices through.
Most of the MDM solutions out there were integrated with. Most of the SIEM platforms were integrated with. So we can provide telemetry, visibility, threat intelligence into the siem and then we have a very smooth interaction with all of the major MDM players too. So it's operationalizing it. It's also making sure you've got the depth of the technology for detection and action and remediation, specific and uniquely specific to the mobile endpoint environment.
[00:42:41] Speaker A: And there you have it. This is KB on the go.
Stay tuned for more.
