Episode Transcript
[00:00:00] Speaker A: Foreign welcome to KV on the Go. Over the course of the week, I'm coming to you with the updates from the ORCUS Advanced Technology Dialogue in collaboration with 2020 partners. Our first event kicked off at Pier 1 in sunny Sydney, before traveling over to the capital of Australia, Canberra, where the Australian Strategic Policy Institute, more commonly known as, hosted us in their offices. Stay tuned for the inside track from some of the up and coming technology companies as well as some you already know. KBIMedia brings you all of the highlights, but for now to set the scene, you'll first be hearing from founding partner Greg Sim, who will share a little bit more about 2020 partners and what their vision is all Joining me now in person is founding partner from 2020 Partners, Greg Sim. So Greg, tell me more about 2020 Partners.
[00:01:09] Speaker B: Well, thanks, Carissa. Well, 2020 Partners is basically a private network of senior security operational people. It was founded, well, 2020 is a giveaway in the name, but the people that I was lucky enough to meet over many years being involved in cyber, some of them I got together with at the end of 19, June and 2020, and suggested that between us we knew a lot more people globally, global allies, obviously, very much Aukus focused, but other allies as well, other countries, and how we could maybe formulate it more, not formalize it. And there was a reason for that. We took on one or two different iterations of what the network could look like. But what we've ended up with is something very unique. And its uniqueness comes in the fact that the network is autonomous. It's no commercial connection to any individual or any entity. It's not even a known for profit. So basically, given that unique side to it, we're able to collect people that are very senior, former people, some very senior current people, because current people, generally current. What I mean is they're already in either government, federal government, law enforcement, even private sector. They either have ethics issues or they're not allowed to be part of any organization. So this organization is not an organization, it's just a network of people. So it gives them the ability to be part of the network without giving anybody any conflict. And what does that mean at the end? Well, what it means is that we have a collective power. And I always said from day one in starting this network is if we can harness a collective, these types of people and that seniority in a collective entity, then we can do things, we can move the needle. You know, any one individual doesn't matter who they are. It's very difficult to move things with this network, we can't.
[00:03:02] Speaker A: So when you say you want people to do things, what do you want people to do?
[00:03:06] Speaker B: Well, the balance of the network is very important. So we have a mixture of people that come from former intelligence backgrounds, current intelligence backgrounds, government entities, military, private sector, and those types of people. We've mixed between those operational people and also those practitioners. So we have a lot of CISOs, CSOs, CIOs, and actually, one of our objectives going forward, in my opinion, will be to attract some global CEOs, because with the dynamics of the world, as we all know, and the extreme polarization that pretty much most countries have, it's more important that everything from geopolitics to cyber and digital, it's all mixed together now. Everything is digital, digital is cyber. So our ability to bring these people together as a collective and to discuss things. And we, as you know, Carissa, we don't do events for the sake of them. We're not an event company. But it's a great way to bring these people together who normally might not be able to discuss things. They can discuss things under a policy level most times, but being able to meet their old friends, new friends, let's say, and talk about issues that are really relevant to our allies and our allied countries is very, very important.
[00:04:30] Speaker A: So a couple of other things as well. Greg, why do you believe this network is needed from your perspective?
[00:04:36] Speaker B: Because nothing like it really exists. There's pockets of it. You know, you go to, say, Washington, there's always little pockets of networks for different things. Nothing's really done what we've done on more of a global allied scale, you know, meaning that, you know, even under Aukus, I mean, of course, we're very much Aukus focused, but we have our colleagues in Singapore and Japan, in France, in Germany, and about to be in Spain. So I think when you can take different attributes of how people see security, and not just operational people, but people, for instance, in geopolitics, then we think that we've got a far better grasp on how to move the needle than pretty much any entity. Because as I said, most entities are really locally focused. You'll have them in Australia, of course, there's entities that can do that. But we're able to kind of call it raising the bar. We really raise the bar on things by the type of people that we have.
[00:05:34] Speaker A: And that's interesting because that leads me to my next question. There are these pockets of these things that exist. However, I think in my experience of talking to people in the industry, would be these, these groups, these other entities that exist. And this is me generally speaking, is that they say, but what's their affinity to the space? And I think by from what I can gather, 2020 Partner Network has a very extensive cadre, high calibre, strong pedigree of people, which I think is the difference. Would you agree with that?
[00:06:04] Speaker B: Yeah, I totally agree. It's really about the caliber of people. Because you know, if you think about when you have the type of people that we've got, and you know quite a few of them now, Carissa, if you can harness that brain power alone and that experience, I mean, it's incredible, you can start to think the application of that could be utilized. I mean, if you, if you could capture what we have in the network and say an AI engine can imagine the type of output that you could probably achieve from it would be quite, I mean, it would be incredible. And of course, the other thing I've not mentioned is it's also important when you create a network like this that there's a balance. We can't have too many of one and not enough of the other. And our technology partners, and we call them partners, are very, very important. They're great supporters of the network. And of course we have our own policy within the network that the technologies that become our partners are those that already that come from within the network. So they're already known to the network or the senior people in the network because a lot of the senior people are advisors on different companies and they see things.
And the second one is that they're already operational within one or more of our allied infrastructures. So that gives a high level of validation. And I like to use the words validation by association because when you have a cadre of people that we have and you have the type of brain power and these technologies, it really is a big validation for everybody that's self validating. And I kind of like to say that we're trying to level the playing field. So anyone that comes into one of our gatherings, whether It's a drinks, etc. Or event, we want to make sure everyone's on a level playing field. There's nobody higher than anybody else, for instance. And even with the technologies, as you know, we have a no sell rule. And that's important, very important. Because when you have the practitioners especially or those that consume technology, there's just, there's an awful lot of technology around. There's an awful lot of, of snake oil in a lot of these technologies. So for them, everybody's tired of being sold to. Everybody's trying to sell something, but they don't want to miss out on anything. They want to know if there's something there that can really help my organization or my government entity or whether it's intelligence, whether it's defensive, offensive. They want to know, especially because it comes from within our network. So it has that high level of validation. We're not discounting anything. We're not discounting innovation. Of course, I've always come from an innovative background, but I think that innovation to us needs to reach a certain level before we are going to say these. And so we do keep that balance for them and our technology, Our technology partners, they enjoy it because they get to be associated in these environments and are able to talk about their subject matter, their expertise, their threat intelligence. And so we're being asked a lot actually by governments, law enforcement entities to actually help them and bring together nothing to do with sell them, but being able to come and do briefings for them, for instance. So we'll take some technologies that they specifically would like more information around an issue, you know, whether it's, you know, identity mobility is always a big one, you know, big data transfer, or we've just got such a great reach in to find these great technologies.
[00:09:43] Speaker A: Joining me now in person is Anthony Reynolds, Vice President, Federal and National Security at Bridgeworks. And today we're discussing getting mission data to the warfighter, or cio. So, Anthony, thanks for joining and welcome.
[00:09:56] Speaker C: Well, thank you for having me.
[00:09:57] Speaker A: Okay, so you say I'm going to call you Tony now, now that we've done the formal side of things, you say get mission data or data to the warfighter, which is a metaphor for the cio. That's my take of what when you say that. But talk me through this.
How do you sort of see this? Because I know you obviously are veterans and maybe that's why you use the term warfighter. Curious what's going on in your mind?
[00:10:26] Speaker C: Well, that's a striking metaphor, but actually one born out of a real life experience.
So I attended an event called technet, which is Indo Pacific Command event, which is held yearly in Honolulu. And I was in the audience of a panel comprised of the U.S. department of the Navy. A question that was asked is why is it critical and not flexible to move data to the warfighter within the theater of operations? And the answer resonated very well with me and of course it was a joy to hear because the answer given was from Jane Overslaugh Rathbun, who is Currently the CIO of the US Department of the Navy. Her answer, and I paraphrase, was if we can move data at the lowest level of latency to the warfighter, it will make the difference between winning and losing the war. And went further and illustrated that potentially could save lives. Now how do we then apply that to the civilian environment, the non kinetic soft power environment? Well, when I speak to CIOs they do see it as a kind of war because doing more for less these days they have finite resources. It's kind of every day's a battle to juggle really and manage that plate spinning. So the benefits for them in moving data faster is that it frees up time. So what they tell me actually very often is that that time saved frees them up to run concurrent projects and get other stuff done, as it were. Surprisingly, they don't talk about cost reduction much. The time seems to be a valuable commodity to them. There are examples where some of our clients have monetized that time saves. An example with CVS Pharmacy, the largest pharmacy retail chain in the United States. And they were able to put a number on it for us, which was something nice we could include in the use case. But more often than not it is time. So that was really the metaphor.
[00:12:32] Speaker A: So people are more focused on their time rather than cost in reducing their cost produce.
[00:12:37] Speaker C: Generally speaking, that's what I'm hearing and that's been the experience and I think it is because of resources, less resources to do multiple projects within the enterprise, within the IT shop. Yes. So very valuable to be able to create more time.
[00:12:54] Speaker A: And would you say as well, because I mean even the conversations I'm having as well. Tony everyone. So we met. Oh, you know, I've got to reduce costs, I've got to do more with less. And are you still seeing that or do you think it depends on which company and client? Anything like that?
[00:13:07] Speaker C: It's a great question. I mean it's become nuanced. It is a huge cliche, you know, that, that the C suites at the board level are only talking about, you know, perennially talking about, you know, cost reduction and revenue growth. So where's the next big growth engine? They still talk about those things, but it's become very nuanced and that's because of the disruption of new technology as well. Going back to the metaphor in the military area, one advantage they see apart from getting that mission critical data to theater to the battle space is the fact that by it getting there faster, there is less of a timeline for bad Actors to cause disruption and denial even of their mission within the civilian area. I think it's more reputation. So if I ask a customer, yeah, I get that, it frees up more time. I get you, you get more stuff done. So that's a performance metric. But what other gains are important to you? Often it's reputation being seen within their industry as being forward leaning, embracing technology and not denying it and applying that technology and kind of like peacocking and showing off to their competitors in that vertical. And often a lot of industries are quite tribal. They will look to leadership and those that are innovating and follow, which of course is very good for vendors like us as well. So I would say reputation is another one of those gains.
[00:14:33] Speaker A: Okay, so I want to switch gears slightly and talk about your view on gains of faster data delivery. More like what does that mean to you? And then in a broader context, yeah.
[00:14:47] Speaker C: We'Re very focused on the customer.
So the way I my mindset is always why is it important to the customer? And we've already talked about reputation. Our customers like to be seen by their peers and by their customers especially as being in a leadership position, as being, say as I said, forward thinking visionaries. So that we've talked about that. But there's another important element and that is data integrity and security.
Now it's comforting for our end users to know that then we're moving that data that they don't have to unencrypt that data. So it means as the vendor, we're not requiring them to hand us the crypto keys and key material. That's a level, a very high level of assurance that we're not examining and seeing that data well, that's transferable to their customers in turn because the customers see that as respecting confidentiality. So in the military space it's about secrets and for example our signals intelligence customers. But in the non military environments it's about really respecting, in some cases patient confidentiality, medical records or indeed complying with say GDPR, for example, and getting on the right side of the regulator. So that's important. But also as well an element of cost in that when we move data, we don't cache and store the data. That represents a saving to our customers, but not a great saving to be fair because the cost of storage has dramatically been reduced. It's more that it's not unnecessary repository of data in a place that they can't control. So that non caching, non storage of the customer data is another level of assurance for them. So to summarize zero touch of the data, zero examination and zero storage of the data. And that kind of speaks quite nicely to what's trending right now and what's very topical within zero Trust architecture.
[00:16:47] Speaker A: So maybe if you could provide an example of a private enterprise, how does that sort of look? Because I'm curious then to know, and you said before, you don't cache it and you don't store it, but you said before around the transferring of it and how that's a little different. So walk me through as an example.
[00:17:06] Speaker D: Yes.
[00:17:07] Speaker C: So there are a few enemies of the wan, as it were. We caricature it as the three wicked witches of the wand, because it's kind of like rolls off the tongue, if you like. So they are latency, packet loss and ingress, egress. So congestion and all of these things slow up the data transfers. That's losing packets with a lot of writhing at the other end. And then all manner of reasons why there are the effects of latency. Our solution does not eliminate altogether latency, but it hugely mitigates them. And because the AI patented technology that we use is automated self tuning and self learning, the longer the timeline it has, the longer the distance it really is able to get smarter and look at new routes, you know, new tactics and techniques to get the data to the other side. So we do have actually lots of case studies where that has been benchmarked as an example of the business benefits which we've not really touched on.
[00:18:07] Speaker A: From your perspective, what do you think people don't get about what you guys do? Or what do they overlook, perhaps?
[00:18:12] Speaker C: Yeah, so in fact, that is a thing we see. So a lot of the markets see us as WAN optimization and broadly speaking, it's tenuous. But yes, we still are optimizing, but we're going far deeper than optimizing. We're actually changing the landscape. We're creating conditions where the data can be moved at ultra fast, unprecedented speeds and scale. And of course we've talked about the security aspects. They know their data is secure, it's safe, it's not being stored anywhere and it's not being examined. The military often refer to this as fire and forget. They don't want vendors to know what they're moving. One of the foundations of good intelligence is need to know, and we absolutely don't need to know as a vendor.
[00:19:03] Speaker A: So what would you say are some of the misconceptions though, that perhaps people still get wrong about when it comes to data? So I'll give you an example. So when I'm. When I'm talking to you, Tony, I'm thinking about like, data masking, for example. People still don't know what that is. So is there something that you said before? Yes, of course. People confuse you with like the. When in terms of optimizing that. But what would you say that people, in terms of the conversations you're having with your clients, that they're. They're still perhaps, I don't know, asking more questions around. What is it specifically? Because I'm noticing that you say we're not doing this, we're doing that. But is that still the common question that customers are asking you?
[00:19:44] Speaker C: Customers, in the main are clear. They're crystal clear what differentiates us from other providers. And there are a few in this space. In fact, I'd argue we're in league of our own. We did look at becoming part of the. A magic quadrant within the Gartner group, but it looked as though we'd be the only one in it. So we didn't see that as a necessary thing to do. So it would be a very lonely quadrant and a lonely space for us. So I think people understand what distinguishes our technology.
The real problem is they don't believe it. They don't believe our claims about just how quickly we can move that data and just how we can improve performance. And that probably explains why I don't recall we've ever got to a point where a customer has committed and we've got to the install without a proof of concept. So we have to. We generally, our model is we cut an evaluation license and then we encourage the customer to do various learns and move data in a sandbox. And then during that process, we give them a hand rail. We support them fully. That's one way we can convince them because we do have use cases and we have many customers. We have a bank, Envestec bank, who are a private banking organization who have reported to us they've seen 424% increase in total data transfer. But people are a little incredulous, if not cynical. So that's really the way that we prove that we can deliver. Another example would be McAfee that we boarded a while ago. And again, yeah, didn't really believe it. Not in a bad way. Just. Yeah, they thought actually not embellishing, but overstating. So they embarked upon their journey of evaluation and were quite astounded with the results. So I think we got them from something like 2 megabytes per second to 100 megabytes per second on a one gig circuit. And we were able to identify some other things that they should pay attention to as well during the sort of diagnostic period, the network diagnostic phase of that exercise. And they committed to us and we were very proud to have them as part of our asset and our portfolio because they're clearly a leader in the sort of cyber space. So again, I think no one was going to take that for granted. The other thing that's important to big enterprise and to the military and our customers are always almost certainly in one of those sectors is the issue of robustness and resilience. And it's source of pride from my side. We rarely have issues with availability of systems and our capability is within signals intelligence agencies within big pharma and medical and even academia. Doesn't happen. In fact, on the McAfee opportunity we were asked at the 11th hour to show our maintenance records. And it's not something vendors are normally too keen to do, but we were able to produce that willingly and very quickly because it was a tiny number which clearly helped to reassure them that we were a big bet and we are a mature company, but we're not the scale of some of our customers. We have OEM customers like IBM who've been licensing our products for over 10 years and continue to work with us. And so that's important from a business perspective and that it's a revenue stream, our licensing business. But we are really interested in acquiring new assets, new customers because we believe it really will deliver operational benefits and high performance for them, which they can then take that to customers as proof points that they are innovators and embracing game changing technology.
One of the quotes I paraphrase, but we have a verbatim quote from McAfee was that what they believe would take them a year to complete in terms of a data transfer project took them a week and a half. That really is quite a powerful testimonial. Also the engineer that led that project with us, our point of contact was a storage engineer with limited networking experience. And again he's on record to saying that it took him around 45 minutes to install. So it's a painless, seamless process as well. All those things are important because they do impact on requirements to manage those projects.
[00:24:10] Speaker A: Because that's an interesting point and that's the reason why before when I asked you that question around, like what is it that's still missing? Because you followed on with that by saying league of your own. Because obviously it can be a double edged sword when you're first and you're trying to do something different. It can also mean people don't quite understand it and they have some of the pushback. So that's why I was curious to know. Then I'm also curious to know, Tony, how quickly are you moving this data? So you're saying it took a year, that you could be compressed into one week? How fast is this stuff going here?
[00:24:37] Speaker C: We generally point customers to our benchmarks. So these are customers who've agreed to a use case and the example I gave you was 424% faster than their incumbent supplier. Our most recent wins in terms of transactions with customers have all come from our competitors who were unhappy with performance but never expected to be able to achieve the kind of numbers that we were achieving. But in our world, it's normally times faster. So we believe a mean average is around 10. But that can be dialed up north very quickly depending on the environment and depending on how many protocols or applications they're moving across that wide area network.
[00:25:23] Speaker A: So you mentioned the operative word, performance. So would you say everything that's happening in the world and everyone you know is doing releases in terms of. From a software development point of view, everything that needs to be. We need to get things out faster and faster. So performance, from what I'm hearing, what you're saying, a very key thing that customers are really interested in, not just nowadays, but just how the world is going. As, you know, as your customers and businesses out there, they need to be staying competitive. And that means by having performance. So would you say that's a key driver for some of your customers?
[00:25:54] Speaker C: Well, it is for some and not for others. It's really like taking a journey. You may not absolutely need to be there in a certain timeline. You may want to go the scenic route. So our customers have to have a requirement. They generally always have to have a requirement. Sometimes that requirement is acute or chronic and they're in a hurry. But generally they've. They have either a problem or a challenge. And the speed is usually a part of that. But there are other variables, other elements that I've touched on, such as is my data safe in the hands of an independent vendor that is not part of my organization, somebody that it's not entirely trusted because we don't have an existing relationship with them. And that's when we point them to our customers and our referenceable use cases and when we show them how secure those transfers are. And the fact that we do move their data fully encrypted does, as I mentioned earlier, gives them that very High level of assurance that we're not messing with their data. There is the issue of recovery as well. And that's something we play very strong on customers. Yes, performance. And when you talk about performance in the context of Bridgeworks and our port rocket and WAN rocket solutions, we are talking about speed and it depends on how important speed is to the organization. I would suggest that often they have other considerations such as the security and whether the data is safe. The other thing that we are hearing a lot now is the market is very congested, competitive and noisy around threat detect, threat protect of cyber attacks. And we don't pretend to be in that space. But what we can do is help with recovery because even if we can't salvage all of the data after an attack, that's when speed will become critical because it will be a force multiplier. We'll be able to perhaps move critical data through VPN to a dark place or a place where they want that data to sort. I've heard this referred to as, you know, cyber first responders, but I'm reliably told that actually we're more of immediate responders because first responders will take a certain amount of time to deploy and to arrive at scene. So that's something that we're hearing a lot. So I wouldn't say it's a binary thing around performance.
A lot of clients are just happy with their current speeds.
[00:28:25] Speaker A: So maybe used to close in terms of you said recovery because a couple of, I would say recently in terms of my interviews, business continuity is the main thing everyone's talking about. So okay, give you an example, what I mean by that. A warehouse, they just said they operate 24 by 7, they have a ransomware attack all of a sudden it's not just an eight hour window like a standard, you know, nine to five business, they're operating all the time. So them not having that continuity because they can't recover their data fast enough is a huge problem for a business like that.
[00:28:56] Speaker C: Yeah, that's exactly. That's where we play very strongly. We play strongly there and we play strongly with big data over long distances. Because I mentioned earlier, you know, we have that extra time for the AI and the paralyzation techniques to kick in. An example I'd probably give you, there would be around a bank customer that needed to be on the right side of regulations. So in this case it was GDPR and syncing across platforms using Oracle, Goldengate. And that's the example. We were able to get that 400% faster result. But Actually that was interesting, but really that was just ensuring the customer were not liable. So it was about regulatory risk in that particular case. And that's something people are talking a lot about right now because the fines can be eye watering large for those who find themselves unfortunately on the wrong side of compliance.
[00:29:52] Speaker A: And Tony, in terms of just really quickly closing comments, final thoughts, what would you like to leave our audience with today?
[00:29:58] Speaker C: In one sentence, I would say that if you don't believe the headline and you're cynical about the metrics that we are advertising, then accept an evaluation, enjoy a temporary license, find out for yourself. Because we don't dictate to customers, we take customers on a path of self discovery and we find that our strike rate is extremely high in excess of 70% of customers that go on that journey who evaluate either buy now or buy later.
[00:30:38] Speaker A: Joining me now in person is Malcolm Purcell, VP APAC at fivecast. And today we're discussing leveraging OSINT to address national security challenges. So Malcolm, thanks for joining and welcome.
[00:30:48] Speaker D: Thanks. Yeah, good to be here.
[00:30:50] Speaker A: Okay, so let's start perhaps there. What is your view on how OSINT can address and ultimately reduce national security challenges? How do you see it?
[00:30:58] Speaker D: Yeah, well, maybe sort of starting at the start in terms of what we actually sort of define OSINT as open source intelligence. It's really that process of collecting and analyzing publicly available information, usually to meet an intelligence requirement, some sort of intelligence mission. And at fivecast that's really what we specialise in, is we have a number of software tools that enable agencies to do that. And one of the big applications of course is in that national security domain. You know, OSINT has been around as a thing for years really. But what we're talking about I think today, and you know, a lot of the interest now is very much the digital age and particularly things like social media platforms where you have that, you know, that paradox of there's more information than ever before available to you at your fingertips, but finding the information you actually want is kind of harder than ever just because of the sheer volume. So I think it was actually mentioned the other day by one of the guest speakers that, you know, it's not looking for the needle in the haystack, it's you've got a, you've got a haystack full of needles, which is the one that you are, you want. And so that's where we coming to it. And particularly from a national security perspective, it's trying to find that, that thing that is actually of interest amongst the huge Amount of noise that's available to you digitally.
[00:32:16] Speaker A: Yeah, that's interesting. And I think because like you said, there's so many different X and LinkedIn and there's so many different platforms now to be able to aggregate all that information. So would you say that? And look, especially if I just focus on X or Twitter, the amount of information or disinformation or whatever's on there in terms of propaganda that you would probably read and consume. What are you worrying people at the moment in terms of national security? Because I mean there's a lot of very out there views on either side that we've seen because now people have our own voices. Back in the day you didn't have the platform to be able to leverage that. So now I think with that creates problems for people to perhaps push an agenda. Whether it's true or not is another story. But what are you sort of seeing from your perspective on this threat? If I were to zoom out to national security?
[00:33:08] Speaker D: Yeah, I think there's a couple of things there and like talking about something like X, obviously there's a huge volume that comes through there every day and it is sort of well known that there are many state actors on there as well who are either pushing an agenda or trying to craft a narrative. I think one of the challenges, well, there's a couple, but one of the challenges is some of the new generative AI technology that's helping create some of those narratives and making it easier than in the past to develop that messaging and develop it at scale and then push it out. And I guess, I think it allows a little bit of experimentation which perhaps in the past was still possible but would have taken longer and would have been more involved to do. Now with that technology you can, in the same way that for legitimate purposes people can use this, you can sort of fail fast, decide that that hasn't really worked, that hasn't hit a nerve, put something else out and see if that gets amplified throughout the, throughout that sort of network. So I think those technologies, obviously things like deepfakes are very interesting there where again that technology is getting better all the time. There's been some sort of quite notorious examples of that. I think back two years ago with, you know, that Russian invasion of Ukraine in 2022 and you know, fake video appeared of Zelensky ordering his soldiers to lay down their arms. Now it obviously didn't really work, it wasn't really picked up as intended, but those things are getting better, more sophisticated and the ability, particularly on social media is just that is the ability to amplify it in a way that's never been possible before and get that sort of information to a much wider audience quickly.
[00:34:49] Speaker A: Okay, so this is interesting because again, you raised like deepfake. So, I mean, a lot of the conversations I'm having with people is. There is a concern obviously around that. And now every day it's getting better. So it will be hard to discern. Is that really what Malcolm said or does that know what he said? Because it looked like you, it sounds like something you would say. You said something quite nuanced, so it does sound like you. So then how are you guys approaching that from an innocent perspective? Because it's like you've got all this information already, but then it's like now you even have to filter even more to say, well, if it's fabricated or not. How does that look in your eyes?
[00:35:20] Speaker D: Yeah, and it's hard, I think, because you're right, it is getting better all the time. I think there's a number of. It's a combination of. Between we would like to call technology and tradecraft, where the technology can take you so far. You can perhaps try and understand that account that's putting out that information. You know, what sort of connections does that account have? When was it created? You know, some indicators around, you know, that perhaps the likelihood of that account being a bot or a fake account that's been created for one purpose and one person only, and that's to essentially regurgitate that propaganda. So there's that that can help you from a technology standpoint. But really, a lot of it, I think, does still come down to, you know, good intelligence analysts looking at the information, making judgments and informed opinion, because they know the context. Well, you know, as a company, we are an OSINT company, but we're a technology company first and foremost. We don't provide services, so we're providing our technology to government agencies, to leading private sector organisations who need and are trying to use this information for good. The other thing I'd say, I think, Carissa, is there's a lot of commonality in terms of some of this stuff between the things that state actors might be trying to put out around MIS or disinformation. And the same technologies are being used and exploited for scams, online romance scams, the same sort of tools, technology ideas are being tested and adjusted in other fields and they can be adapted and used there as well.
[00:36:50] Speaker A: So there was a guy I interviewed a while ago and he spoke a lot around the Twitter bots and then how, obviously, and this was going back to the previous US election, how they were leveraged to drive information warfare with everything that's been happening in terms of, and I'm probably more concerned for the younger generation that they've just known technology. So perhaps what they read online or what comes from ChatGPT, what's getting pulled from large language models that exist out there on the Internet. And the example that I use is people that have a flat earth theory. So if you've got some people that are out there creating sites like ours in terms of media and putting this information out there, and you said, is the earth flat or is it round? You might have that. If it's that, it's flat, because there's people out there that believe that, as well as people that are on X that are pushing this agenda. So what are you sort of seeing then on that front? You mentioned it before, that obviously these state actors out there that are pushing specific agendas or anything like that, you can sort of share in terms of that insight because, I mean, a couple of other people I've spoken to in terms of the bots that they had millions and millions of these bots telling this story. And so when you're seeing millions and millions of accounts saying one thing, you start to then believe it, though it's reinforcing it.
[00:38:04] Speaker D: Yeah, and I think that's, that's, that's largely the point with some of those, I think I'd say as well. And not to defend sort of X or otherwise, but the more mainstream social media platforms do have, you know, typically content moderation teams. They actually have a fair bit of time and effort that they put in to that because, you know, it's a big business and it makes money and they need to particularly meta, who actually disable and ban, you know, I forgot the statistics. But it's thousands and thousands of accounts every single day that they are taking down de platforming because they've contravened those sort of guidelines. The problem is though, the world of social media in particular is very diverse and there are a number of platforms which are unashamedly, essentially unregulated and promote themselves as, look, you know, come here, we're all about 100% free speech, whatever you want, wherever you want. And they, they're so, they're putting out messages on those more fringe and niche platforms, to be fair. But, you know, some of them are growing and growing in popularity. The other thing I would say is there's also platforms which are very targeted towards a certain diaspora. So Some of the Chinese platforms like, like WeChat and Weibo, that they are primarily used by the Chinese diaspora. So for example, in the US Election, you know, articles, narratives can be placed on those platforms that feed straight into a certain demographic group in a way that perhaps other platforms don't. So it allows a level of targeting there as well.
[00:39:37] Speaker A: This is where I think it's going to get interesting. And I mean, I interviewed someone a couple of months ago, head of global research, and I was like, so what do we do? The short answer was nothing other than trying to manually look at content to then say, well, it looks fake. But then again, the thing that probably maybe concerns me is do people have, do they have enough attention span to really dissect that? Because like you said before, you've got analysts that this is their job, this is their profession, they have that ability, the average person, that they don't. So do you think it's going to get into this if you just focus on social media? Do you think it's going to get to a point where, I don't know, it feels like delusional in a sense of. Is it like we're going to feel like you have to look at everything to assess whether it's fake or real and even if something's real, you're going to think it's fake? Like, does that feel exhausting then?
[00:40:23] Speaker D: Yeah, it is.
[00:40:24] Speaker C: Interesting.
[00:40:24] Speaker D: I mean, it's. I think in some ways the perspective is propaganda has been around for a very, very long time. If you think about it, what's changed is, yeah, that as you were saying, the pace, the ability for things to be, you know, put out there and then quickly amplified by others, that that type of thing has changed in the digital world.
I'm not sure if there's a sort of a solution. I think one of the solutions in some ways for you mentioned, I think before, some of the young people is they actually are very much, you know, digital natives. They're digitally savvy and they're much more aware of how perhaps some of that data can be manipulated or that the messages they're receiving are in some way manipulated. And again, this stuff doesn't necessarily need to be nefarious state actor stuff. This can just be advertising. So I think a lot of it is about educating people and making sure that they know that not everything you're seeing on X or on, you know, Facebook is, could be real. It could be a scam, it could be fake, it could be disinformation. I'm not sure there's a, a one button, kill that post or, or type thing that's available really to do that over time, maybe the technology will, will improve to get to that point. But it's a bit of an arms race I think, because the innovation is constantly there to get around some of those measures.
[00:41:41] Speaker A: And then I know we've sort of, we probably already touched on it, but in terms of sort of, is there any other emerging issues that you sort of identified as well alongside of what we've already discussed in terms of, you know, myths or disinformation that you're sort of seeing from your point of view?
[00:41:53] Speaker D: Oh look, there's, there's things that are chopping and changing all the time. I think some of the stuff around the use of, and we talked a bit more about sort of deep fakes, but just even the use of imagery online, a lot of our customers are very interested in, is the ability to detect symbols or phraseology online, which is used by specific groups. So some of the far right groups that use specific phraseology, which you or I, if we were just looking at that on a post, may not mean anything to us. We look at it and just say they're talking about a number of numbers. But if you actually understand the implications of what's being said, it's actually, you know, quite significantly far right extremist communication that's going on. So what's important is the ability to at scale be able to detect that, identify it and bring it to the attention of an analyst for something to do something about it. And whether that's, you know, in a law enforcement context or in a, in a sort of a broader government context. But you need to be able to find that information in the first place in order to be able to take action at it. So I think there's more and more work going on around that in terms of being able to detect quotes that might be made and understanding where that quote is coming from. Is it coming from a manifesto somewhere? Well, that might change your opinion on the post or the account that's posting it compared to just if you see it and you say, oh, in isolation, that doesn't really mean anything. So I think there's more and more work going on there.
[00:43:20] Speaker A: So I want to sort of slightly switch gears and I want you to walk me through perhaps the value of leveraging unclassified open source data alongside of classified data. What does this mean for people who are not familiar?
[00:43:33] Speaker D: Perhaps it's not necessarily new, but even I think the US DoD put out a report earlier, earlier this year actually talking about that, you know, particularly open source data is probably needs to be start to be considered the sort of the intelligence resource of first resort. And I think there's a number of reasons for that. One, some of the other intelligence disciplines, humint, sigint, some of those are becoming more difficult and expensive and frankly there's a huge amount of value within the open source domain. There's a bunch of statistics floating around, people talk about that, that 80% of that information is available in classified holdings, is available sort of in the open source market in one way or another. As we talked about at the start of this discussion. A lot of the real challenge though is okay, well we know it's out there, how do we get it at scale in an obfuscated secure way and bring that back so we can then make sense of it? Because just saying you're going to go and collect everything off the Internet, it's just not possible. So there's that challenge. But I think increasingly, and it's not just certainly national security, I think broader government agencies, public sector agencies, are realising that there is a treasure trove of information within the open source realm. And understanding how you can leverage that either for a security mission or a law enforcement requirement is really, really important. You know, the classic is, you know, some of the connections between individuals who may be claiming that they have no association and you're able to reach back through years and years of open source data and find maybe a photo or a communication between the two of them online and even from accounts that may have been long forgotten or deleted. And you can then find that connection, that nexus, that can maybe take you to the next stage of an investigation. So I think, you know, open source can do those things in a way that some of the other data sources perhaps can't. And so it certainly can be complementary to those.
[00:45:30] Speaker A: I'm aware that people use OSINT for when they're hiring in like executive senior roles. What I've been told is that some of the stuff that comes back is quite interesting and therefore they may forego hiring that specific person.
So from your perspective, and maybe this is, I've got a security background, so it's a little different and I'm in media, so it kind of feels like what I'm saying is counterintuitive. But are people just unaware of what they're putting out there and they think it can't be found and then perhaps leverage against them to not hire a job because maybe 20 years ago they thought the earth was Flat. And that went against the values of the company that were hiring that person. So what's with that? Are people just not thinking and just assuming that people aren't conducting this type of, this OSINT sort of reconnaissance on them?
[00:46:17] Speaker D: That's a really interesting question. I think part of it goes frankly Krista, to the pervasive nature of social media today, that it's sort of with us in our daily lives. It's with you when you're sitting in a taxi on the way to the airport and you're scrolling through LinkedIn and maybe creating a post. I mean it's impacted so many people and we spend, I don't know the statistics but a huge amount of time online now. It's quite easy to forget about that stuff or to not remember that you engage with someone here or perhaps you'd posted about something that you thought you hadn't. So I think there's that element to it. It's just the simply nature of so much of people's lives is lived online now that it has become a real treasure trove of information. So yeah, I think it's kind of hard to get away from in terms of the. You're sort of talking about there about sort of recruitment, I'd call it sort of more broader sort of those due diligence applications and we have customers and there are people interested in all sorts of things, people who might be involved in large M and A transactions, for example, in a bank and understanding, well, who is that counterparty that we're engaging with, you know, what are the potential risks? Who are the company directors there? So yeah, and obviously there's been some very high profile things in the media, but people who've been recruited, then it's come out later, you know, usually from a very smart investigative journalist who's gone and done some of that open source research and found out things that perhaps that have been regretted by the organisation in bringing that person on. So yeah, I think it's got some really interesting applications there.
[00:47:53] Speaker A: One of the things, and I'm not like leveraging in terms of the scale and the depth and breadth that you guys are doing, obviously, but sometimes when I'm in my job I'm curious and I go and look online and I find interesting things, whether it's looking at someone's Pinterest to see what type of pins they're pinning and I think it's like I have this little, you know, digital footprint on someone and that's just me doing it manually. So it's quite interesting if you guys can then do that at scale to see what comes back.
[00:48:17] Speaker D: Yeah, I think that's part of the real value of OSINT is exactly what you are trying to do, you know, individually is. But how do you scale that? If you're a law enforcement agency and you're looking at an organised crime group of hundreds of individuals, how do you scale that where you can, you can legitimately look at not just hundreds of individuals, but some of their associates, all their different accounts. When you start thinking about it, it becomes an enormous challenge. You could have a room of, you know, people hunched over laptops and you still probably wouldn't be able to do it all. The full time job, the amount of posts, the amount of volume communication. You do need some technologies that can help you make sense of that and make sense of the noise and get to the stuff that you're really focused on. That's honestly a continual challenge for us. As I mentioned before, the mainstream accounts are actually in some ways not necessarily the huge problem. It's some of these niche accounts and when we speak to some of our customers, often they're not even aware of. Do you even know that Carissa has another account on some of these platforms? And unless you know that and you're aware of it, you obviously can't do anything about it. So it's finding that information, discovering it in the first place, which is often the most important thing.
[00:49:30] Speaker A: So where do you think we go from here? So obviously now with everything that's happening, more things are online. You got AI Gen AI is now coming into the folder with deepfakes. It's going to get more complex, it's going to be harder to discern fake and real and fabricated. And what. How do you sort of see this sort of, you know, unfolding as we sort of traverse into this AI era now and this AI world that we've created. I mean, it's a double edged sword. But keen to hear some of your insights.
[00:49:59] Speaker D: Well, I was going to actually say that I think one of the guests here yesterday talked exactly about that, about that. You know, is it a threat or, or is it an opportunity? And I think at the moment you can certainly say it's both. I can say from the five Cast company perspective, we are starting to use some of the generative AI technology to assist with some of the work we're doing. So have an element that we call adjudicative factors. In part of our technology, which actually lets an analyst, without reading perhaps an entire post or a series of posts, it will actually provide a summary of what that post is saying and what it might mean. So it could look through and read and say, well look, this post is expressing views that are expressing hatred of the government.
They're talking about violence. One of the reasons they're saying this is because of X or Y. So it's the genai which is helping in some ways summarize and give against the level of criteria that the analysts have imported what those things are and whether they rise to a threshold that they could be concerned about. And the whole reason of that is just the ability to do that quickly. You know, you might have a thousand accounts you're looking at and using that technology you can narrow it down to a couple of dozen that require further investigation by an analyst and of course they can adjust that risk aperture themselves as an organization. So we are using some of that today and you know, in a sort of an early sense. So I think it is, yeah, the Gen AI can be an aid. It can be, it can be quite helpful there. And we've, some of the people we've put that in front of recently have actually said, yeah, this can help, this can help my team because we're overwhelmed with what we have to do today. This can help, you know, at least direct onto the highest priority issues. There's not saying that there's others that you don't want to get to, but at least if you can attend to the things which are most important first, that's probably the best use of your resources.
[00:51:56] Speaker A: So the last sort of question I'd like to close with today is you mentioned something around, you know, potential sort of hatred of the government which could be deemed as a national security threat. So how do you. Where's the equilibrium between people saying, well that was free speech though? Malcolm, I know there's a lot of this whole free speech and that's why X Twitter made a real resurgence, to go through this. It's the free speech. Like where is that line though between when someone's borderlining on a potential national security threat?
[00:52:26] Speaker D: Yeah, and I think it's a really important sort of distinction to make. I mean, as a company, I don't think it's our role, it's certainly not our role to be an arbiter of what is mis or disinformation. There are other agencies, government organisations who are perhaps better placed to make those calls rather than a sort of a privately held technology company. What I think is helpful though is the ability to at least understand where that information is. So analysts can then make that decision and look at it. Yeah, I think it's a challenge. Right. And particularly in a democratic society, it should be something that's debated and discussed because no one really owns the space and people should have a right to express themselves. I think the example I was using before around things like generative AI, that is some of this work we're doing for people who are going through processes, maybe it's a security clearance or being vetted for a certain role where there are certain, quite rightly expectations around someone's conduct or background that the organisation employing them wants to know. So there's some legitimate needs there, not just something that you're throwing a blanket over the broader population and saying, well, do they adhere to a certain narrative or a certain political point of view? But that's not something that we're involved in.
[00:53:45] Speaker A: Joining me now in person is Jeff Lindholm, Chief Revenue officer at Lookout Technologies. And today we're discussing the mobile edge, where the bad guys are focused. So, Jeff, thanks for joining and welcome.
[00:53:56] Speaker E: Thank you. Thank you for having me.
[00:53:58] Speaker A: Okay, so Jeff, over the last few days you have spoken in the sessions that we're at around the mobile edge, but from your perspective, you're talking from a bad guy. This is where they focus on. So tell me a little bit more, do you think that people forget about the edge?
[00:54:15] Speaker E: Well, so the edge has many components to it and we're very much focused on the mobile edge and kind of specifically the most prolific mobile devices, which are Android and iOS devices with your phones and your tablets and so forth. And I don't think that it was ever forgotten about. But in terms of an area of the network environment to be concerned about, the mobile edge is certainly a critical one. And it may be that it didn't. It's not necessarily front and center on security leaders radar is because when the Internet got built, you know, the infrastructure was already there. The, you know, the computers were there and so all that infrastructure became integrated into the mandate of security. So everything got hardened and locked down and that was all good. The, you know, and there were certainly cellular phones, but they were really voice devices. So they were kind of outside the domain of security because they really weren't gener generating any data and they weren't really connecting to the Internet or connecting to the enterprise. So there was probably about a good 10 year stint where mobile devices weren't really part, weren't part of the mobile or weren't part of the edge itself. And that happened very quickly in terms of the adoption of Mobile phones has exploded and all of a sudden organizations have this massive access environment that's connecting to the enterprise and really wasn't well foreseen by the security organizations as something to be integrated into that security process. I'm not saying that it's something that's forgotten about or it's not something that's on the minds of security people, but there I do see kind of variability in how seriously security organizations think about the mobile edge as something to in essence protect the enterprise from. Because when security for mobile devices began, it was really about putting security software on the phones to protect the consumer, the operator of the phone, making sure, trying to help me from getting hacked in my bank or whatever, my sort of personal life. But over the last few years what's really happened is the mobile devices have been weaponized as the way in to the enterprise to get access to data, to exfiltrate data that can turn into a whole bunch of horrible things, including ransomware, for example. And if you think about how important that is or how core that is from a bad guy strategy perspective, just think about when people try to fish you. Probably the last time on your laptop someone tried to fish you was some time ago. That's really not where they go now. But the last time I tried to get fished was like yesterday on my phone, right? So the bad guys have figured out that's the soft underbelly access place to get to get in there. And so kind of what happens is, you know, these, these phishing attempts they get, they basically try to fool you into giving up information. It can be your private information and bad things can happen there. But oftentimes it can be trying to get into the corporate data and environment. So you're presented with something that looks very legitimate as a, as a gateway or a portal into your enterprise. Could be an okta interface, could be any kind of, you know, authentication interface. And they have varying degrees of authenticness authenticity to them. Sometimes, you know, sometimes they really look like the real deal and sometimes people are busy and they're, sometimes you're on high alert, sometimes you're tired, sometimes you're not. So you can fall for it. But what happens is you go into this and you put in, you know, typical authentication information, username, password. But when you send that, it's going to bad guy. And then the bad guy can take that information and then communicate back to you and say, give me your two factor authentication token. So you go into your phone, you do that, you enter the number and they see that as well, and then they have a window, a short window, while that token is valid, to basically take all of those credentials and get into the enterprise. And so once they're in, then they can move about. For example, if it's an OKTA interface which aggregates all the apps now you can get into your workday HR platform, you can get into your SFDC ERP system. Whatever is on Okta you now have that bad guy now has access to. So it's, you know, as I say, it's just become the weapon of choice for the bad guys. And I think, you know, we call it mobile edr, mobile Endpoint Detection and Response. And I just think I would urge, you know, security professionals to consider that mobile edge as kind of the, the attack vector to du jour and to really think about whether they've hardened the environment in the endpoints themselves and in, in the security systems themselves to, to really protect themselves.
[00:59:13] Speaker A: So I have a couple of questions in terms of what you're like, just to follow that talk track a bit more. So you said how seriously security sort of divisions, you know, thinking about the mobile age, would you say? I mean, there's a couple of things that's going on my mind in terms of most people are on their phones all day, they're not sitting on a laptop. It's convenient. So I'm just curious that it does. From what you're saying, Jeff, it feels like perhaps that the mobile age has just been relegated. Why is that?
[00:59:39] Speaker E: Well, yeah, because when you think about when phones first started to explode in terms of their use again, they weren't really a big accessor to the, you know, the corporate infrastructure. They were phones. Right. Or they were, they, they weren't really seen as sort of integral to the, the enterprise environment. So it wasn't like it was relegated to somebody else. But in the early days, it wasn't the security people that administered those phones for, on behalf of the company, if they did, it was really, it was certainly part of the IT organization. But they weren't security people, they were really device management people. And so if your organization still has put the responsibility for managing those devices in the hands of those operational people, and it's not in the hands of the security people, I think that's a big vulnerability because the device management people, they're not thinking about security the way security people think about it, they're thinking about the operational aspect of the device itself. So I do see, you know, security organizations increasingly wanting to take kind of control of that part of the network. Infrastructure and harden it and lock it down. But there's still a lot of organizations that haven't sort of pulled that whole device management responsibility into the security organization in a very centralized way as part of the multi layer security architecture.
[01:01:02] Speaker A: So would you say from how you see the industry at the moment and the customers you're speaking to, it's sort of a problem that sort of crept up on people. Like you said before originally it was like, yeah, but didn't have the same functionality. And even if you were to zoom out and look at behavior of how people operate and most people sending things on their phone rather than a laptop because they're on the go, they're working from anywhere, they're in airports, it's just easier.
So because of that problem being sort of, you know, now, now it's here and it's crept up on people, what do you, what do you think happens now? What, what are you sort of seeing and how do people sort of overcome this problem?
[01:01:35] Speaker E: Well, first, the first thing I say is sort of recognizing that this is a threat vector that's become pretty ubiquitous and pretty popular bad guy. So it's kind of like anything. Right. Recognition is the first step. Right. And then I would urge people to think about, as they think about edr, which is a very well understood component of a security architecture. But in general terms it's really thought of as kind of the, the edge of the laptops, the edge of the hosts in the environment. And so the mobile part of that now has to be considered as a peer of those other kinds of edge elements that need to be paid attention to. And so, and there's, there are things you can do lookouts in this business, you can deploy software on the mobile devices that much better protects the enterprise from that credential theft and ultimately that data exfiltration. So we are, you know, somebody running the lookout app on the device is notified when there's a phishing attempt and that phishing attempt gets put into the SMS junk folder and then you can go look at it, but it's not in your main folder and you're notified of that. So there's a lot it does to sort of get the endpoint user to just stop it in its tracks. Don't even let it have the opportunity to propagate into, into the infrastructure. And then, you know, the other thing, I would say that a lot of security organizations are, you know, building out, you know, more and more advanced what we, there's a, there's a function called SIM which is a, you Know, a platform where security events are kind of held and, and then there's a, there's an area called soar, which is basically the automated response to that, to the threat that might be in there. And I think AI powered SIM and SOAR platforms are going to become increasingly popular and increasingly utilized. And what's great about this mobile technology and what Lookout's been doing is we have a tremendous amount of threat intelligence as well. And that threat intelligence is really, really critical signaling that would go into that SIEM environment, into that SOAR environment, so that it's really organically part of the overall security intelligence platform. And to just to give you an example, we monitor, we get telemetry from about a quarter billion mobile devices and we monitor about 350 million mobile apps for malware. So we can play a large part. Given that the mobile edge is increasingly a threat horizon and given that we have this intelligence that we can bring into the security operation, we can really integrate the mobile edge as part of a really secure platform and be integrated into the security process of the organization. Sort of on par with the other things you'd want to know about that are signaling into that same SIEM environment.
[01:04:34] Speaker A: So you said before mobile is becoming more like its peer in terms of laptops and things like that. So would you say that they're on equal footing now?
[01:04:43] Speaker E: No, I would say that from a threat perspective, the mobile device, I think far more dangerous, far more weaponized than the laptops are.
[01:04:53] Speaker A: I meant in terms of the companies taking it seriously. In terms of weight.
[01:04:58] Speaker E: Yeah, it depends. I mean, it's like anything. I think there are a number of organizations in the public and private sector that sort of get it, and they've already made the moves to have mobile edge security integrated as a core layer in the security platform. But there's also, you know, I'm surprised, in fact, that I, when I talk to a number of enterprises that they haven't really crossed that bridge and sort of it's that mobile device management and even sort of the security of it is still kind of in the hands of the mobile platform operations people and not the security people. So, you know, I think one of the things I like to do is just kind of evangelize this out there to, you know, members of the security organizations to say, you know, if that's the way you're doing it, you might want to rethink that. You might want to, you know, either partner with the people that are managing those devices more intently or even sort of bring that into your Core security architecture as a core layer of that infrastructure and integrated into the security process and processes that you have.
[01:06:06] Speaker A: So I'll try to focus now on Lookout in terms of, I'm curious to understand. So as you know, with how the world's going, the whole gig economy, people are hiring more contractors, which would probably mean it's a byod, they bring in their own phone. So is it just in terms of a process? I'm going to work at X Company, I have my own phone. The process would be a download the Lookout app, which then means that when I, if I were to roll off in terms of a contractor, it would just be, okay, I'm going to delete it now. Is that how I know that sounds very like. I've skimmed over a lot of steps that how easy it could be for people to do that because I'm sort of looking at from people all around the world now. So how it would be so hard to govern that.
[01:06:46] Speaker E: Yeah, that's a great question. And I think on the one hand, so it's super easy, like you can go on the Apple Store or Google Store and you can download the app. And you know, interestingly enough, when we first started the company, our customer target were the consumers, not the enterprises. And the value proposition was about protecting somebody like me on my phone from getting hacked so that it didn't get into my personal bank account or you know, that kind of thing. So it was, the value proposition was to me, the consumer, and that was all fine. But what's happened, and that was say 10 years ago. What's happened since then though is these mobile devices now have been, as I said before, like weaponized as a way to breach the enterprise. And so, and I don't mean to say that, you know, CISOs are heartless, but, you know, they're focused on protecting the enterprise. They're not that focused on protecting my personal bank account with my phone. So part of that has been that, that, that journey to the organizations, the enterprises, kind of having the employees put that software on the phone. And there's kind of three models. You know, in the very extreme model, which might be like say a, you know, defense organization, they may be so concerned about security that they'll issue you a phone and that phone will only be able to run specific applications and you won't be able to download Facebook or Twitter or anything like that. It's a completely locked down phone. But that's pretty, that's kind of a corner case. Most, most organizations aren't going to do that. So then it falls down into sort of two camps. One is a, one is a company provided device and usually, and the examples of companies that typically do that are like large financial organizations. And in that case they'll put the software on there, they'll put a mobile device management piece of software in there so they can quarantine that phone, for example, if they want to, from, from, from the soc, from the security operations center, they can quarantine an application on that phone if it's been deemed to have malware in it. So they can be very kind of proactive in that way. And then there's byod, which is what I have. This is my phone. You know, my carrier sends me the bill, I pay the bill. But the, so in some ways my company can't mandate that I put a piece of software on my phone. But I'm happy to do it for two reasons. One is it helps protect my company and it helps, still helps protect me, you know, from being attacked for my own personal asset. And it. And the other, I think the other thing, sometimes people get a bit nervous. Like, it's like Big Brother is putting this on my phone and he's going to like be able to see like what I'm doing on my phone. And that's not the case. I mean, we don't, we don't, we're not able to report like what websites you go to or, you know, or what SMSs you have on your phone. None of, all of that is obfuscated.
It's not even possible with the system. But you know, some, some people jump to the conclusion that it's, it's, it's going to be an intrusive thing and a privacy thing, but it's really not, it's, it's, it's much more helping me identify those phishing attacks, helping me identify those impersonation attacks within the organization.
And it's just sending kind of metadata to the organization so that they're getting a sense of the security profile of the employees in the company and then what devices have possibly been activated as a weapon against the enterprise.
[01:10:18] Speaker A: So going back to the telemetry side of things, you said quarter of a quarter of a billion devices that you guys are tracking. So people, sometimes they approach me and they say, oh, kb, I think I'm have malware on my phone. There's no way to really tell, right? Unless you're saying in terms of your technology because out of the telemetry that you're tracking, how many people would you say they've got malware on their phone. They don't know about it.
[01:10:38] Speaker E: I don't know what the number is, but it's probably a lot. And obviously, depending on how you know, if you're someone that likes to have a lot of apps on their phone, it's a lot higher than somebody that doesn't like to have a lot. I actually have people go, you got a lot of apps on your phone. Not. Not from a security sense. It's just like you have to go, like, to scroll through five screens to see all the icons of the apps, which they say would drive you crazy.
[01:11:01] Speaker A: So statistically, there's probably malware. So if you had, like a hundred apps, there's probably a high chance you have malware. Especially if it's some dodgy gain that was being advertised on Instagram and you download it, there's a high chance, but you'd never know that.
[01:11:14] Speaker E: Well, there are indicators that we actually. We actually measure. Right.
[01:11:18] Speaker A: So like saying just someone without the software.
[01:11:20] Speaker E: Oh, yeah, you're. I would. Chances are, if you've got, you know, 100 apps, you know, there's some malware in there somewhere for sure. And that's why we monitor these, you know, hundreds of millions of apps. Because we're constantly saying, is there malware in this app?
[01:11:32] Speaker A: So you're looking at apps.
[01:11:34] Speaker E: Yeah, we look at 350 million apps, and we look for malware in those apps, like, constantly.
[01:11:39] Speaker D: Right.
[01:11:40] Speaker E: So chances are, if we're looking at 350 million, we probably got your hundred covered.
[01:11:45] Speaker A: So just I'm curious. Okay, this is really interesting. So I'm curious to know, like, typically speaking and generally, is there any sort of apps that technically have more malware? Is it games? Is it the photos that you can, you know, Photoshop your face and your body? Is there anything more specific that stands out? Perhaps.
[01:12:03] Speaker E: You know, certainly things that have large populations of users are going to be attractive places for people to put malware into. So social media platforms is a good example. Gaming platforms can be a good example.
[01:12:17] Speaker A: So even Instagram and all of those.
[01:12:19] Speaker E: It'S not that the app themselves has malware in it, but those apps are used to do malicious things, and we can watch for that.
[01:12:27] Speaker B: Right.
[01:12:28] Speaker E: As well. But certainly a lot of apps have malware embedded in them as soon as you download them. Yeah. And they. And they. They look to you like they're doing what they're supposed to do, but there's processes working in the background that are doing. Doing bad things.
[01:12:40] Speaker A: And what would those things look like in terms Of I, there's me. I downloaded an app because I was curious. Now there's malware. What potentially could be the risk of that for, as an example, they could.
[01:12:51] Speaker E: Have software in there that you think you're just running this game, but what it's really doing is it's capturing all your clicks on your phone, like monitoring what you're doing on your phone and saving that and potentially sending that somewhere to somebody who wants to see exactly what you're doing so they can, they can target you.
[01:13:08] Speaker A: So, so what does, like iOS, Apple Store, what do they say? Can't, can't govern. It's too hard. What would be their response then to this?
[01:13:16] Speaker E: And the reason we have to build this software is because, I mean, there's certainly a lot of security that the, the operating system people are always putting, Every time you upgrade, they're adding, they're making it more, more secure. So there's no, there's no criticism of, of that. But, but those operating systems are somewhat, I mean, they don't really provide telemetry to the enterprise or the user. They, they may provide telemetry to them, but not, not to the enterprise. So, so that's why we built this ecosystem around the operating systems that look at all the applications that are running, look at how the phone's even behaving physically, and look, and look for malicious attacks like phishing. But we can even, you know, things like, hey, you've got one app open or two apps open, and your battery usage is really, really high. Like, that shouldn't be right. If all I've got, if all I have open is my mail app and my battery's draining really fast. That kind, well, faster than it should. Faster than, you know, if I have one app open, you would think your battery should be your battery, your power usage should be this. But in fact, it's that. And why would that be? Because these things in background from the malware are happening on your phone that are using power from the battery. So we can even set alarms. Like, you know, given what's, what's running and giving how fast the battery is being deleted, depleted, that's a signal.
[01:14:44] Speaker A: So, Jeff, in terms of any sort of closing comments or final thoughts, what would you like to leave our audience with today?
[01:14:49] Speaker E: Well, I go back to what I said. I'd say, you know, if you're in the security realm and you don't have your arms around, you know, the mobile edge as a place to build security for and around, you should start to think about it. Because as I said I think the mobile edge is probably the most popular and growing attack vector for bad guys more so than maybe any other edge device. So so it definitely needs to be paid attention to. If you're not I would urge you to do that and figure out how to protect yourself And I think as a result of all of that attack activity happening on the mobile devices one of the other values as I mentioned before is the telemetry and the threat intelligence we have and our customers consume that threat intelligence so they're not only getting the information from the users within their own private community but they're actually leveraging sort of all the global telemetry that we're getting and they can. And now with these sort of advanced platform systems the sort of new generation of sims we can feed that data in there to be integrated with the other data and give you a much more robust context as to what's happening.
[01:16:03] Speaker A: And there you have it. This is KB on the go. Stay tuned for more.
