Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Okay, welcome to the Cybersecurity Happy Hour podcast.
0:04
My name is Christy, I'm your host, and this is episode 42.
0:10
We are going to be speaking to have two fantastic guests, Alexander Rogan,
0:16
Christian Rogan of the Platinum High-Intensity Technology, and the third of
0:21
the podcast is Defenders of the Cyberverse.
0:24
We're going to get some insights from these great men.
0:30
Okay, so Alexander, do you want to introduce yourself? Just tell us about yourself
0:34
and your background and your achievements. Oh, wow. Okay. It's going to be short and sweet then, isn't it? So I'm Alexander Rogan.
0:43
I'm the CEO, and with Christian, I'm the co-founder of Platinum High Integrity Technologies.
0:50
We are a cybersecurity company, and we're bringing a particularly interesting
0:57
cybersecurity solution to the market.
1:01
It's a technology that Christian actually introduced me to a good few number of years ago.
1:08
Yes. And it's one that I became really enamored with. It's very powerful.
1:15
I got involved six or seven years ago as a reseller of the tech and then a few
1:22
years ago I was able to sit down and negotiate with the original architect of
1:28
the security technology, and persuade him that it would be a good idea for him to sell the tech and let
1:34
Kristi and I bring it to a much bigger market.
1:39
So there you go. That's me. Okay, awesome. Thank you. Thank you for that. And Christian?
1:46
Yeah, I've been in cybersecurity for, well, since 2000.
1:50
I started off with PwC, a small outfit called Be Trusted, which engaged with
1:56
PKI at that time, and X509 certificates, if anyone even remembers those.
2:01
Moved over to Message Labs a couple of years later, which was a startup in the
2:06
email hygiene in the cloud space, and had a very successful seven years there
2:10
where that business was ultimately sold to Symantec for nearly a billion dollars.
2:14
Moved into a number of other security companies, did some consultancy in the
2:17
middle, worked for Alcatel-Lucent, worked for CSC, Trend Micro,
2:22
and ended up coming across this incredible technology from a small company called Abartis.
2:27
So I joined that little startup, which wasn't terribly sophisticated from the
2:32
commercial perspective. So it didn't succeed like many companies. companies
2:36
and alexander and i were able then to acquire the
2:39
technology in june 2022 take it
2:43
back into our labs improve upon it and then in
2:46
the last six months or so we are taking this solution this
2:49
unique solution to market okay great great to hear that now you you know that
2:55
uh in our in our industry that malware is a constant and evolving threat and
3:02
what i mean by that is We seem to be playing whack-a-mole,
3:06
where we have sealed a point and something else pops up.
3:10
Now, how does your solution adapt to these new and emerging threats?
3:17
Because we know that there are various techniques some of these cyber criminals are using,
3:22
and some countries also kind of have research labs to implement these changes
3:29
as soon as, let's say, opening has been blocked.
3:32
Yeah, we call them zero days, and there's a big and valuable industry in selling
3:37
marketing and selling the zero days for exploits of vulnerabilities in corporate
3:43
and government systems. The surprising answer is we don't adapt our technology at all because we recognize
3:49
malware for what it is, and that is it's a binary.
3:52
Now, when you are trying to introduce any form of malware after the breach onto
3:57
a system, we simply intercept it at that juncture and prevent the payload from
4:02
being delivered to the host. And we do that at ring zero, whereby you can't obfuscate what the code is.
4:09
So we enable, we make the system, the operating system immutable by sitting
4:13
inside the kernel becoming intrinsic to that operating system.
4:17
This gives us a multitude of benefits, which we probably won't even have time to go into here today.
4:22
But simply put, we apply our code. It's a ring zero kernel level filter driver.
4:27
It doesn't require any updates and it absolutely stops with complete certainty
4:32
any new binaries being introduced to the persistent storage of the device.
4:36
That means you cannot write to disk without being permissioned onto the system.
4:41
And we have a whole policy engine, security policy engine, which allows you
4:45
to approve supply chain that you trust to make necessary changes through the
4:52
lifecycle of the applications that are running on your system.
4:55
So it is not simply something which will block the utility of the computer.
5:00
In fact, it absolutely allows the utility of the computer with full flexibility,
5:04
but will absolutely deny any manner of threat, whatever the attack surface is.
5:09
Is so we're talking about protection against usb even
5:12
infrared a malware broker sitting on
5:15
the computer and trying to type the malware into the machine itself because
5:19
they've got physical access they'll be absolutely prohibited from doing that
5:21
so to break it down yeah the
5:24
the way that the kernel level filter driver works is it
5:27
brings zero as i said and it intercepts all the input output traffic
5:30
and it will make a deterministic decision as to
5:33
whether that is a recognized binary that's been permissioned or
5:36
a new one or one that is trying to change a pre-existing binary
5:39
or indeed remove a binary because one of the attacks is to remove security control
5:44
from a system one of course is to change it to adapt it to make it vulnerable
5:48
and the third one would be to introduce a whole new set of code to obviously
5:52
attack the system all three types are absolutely prohibited okay.
5:58
Well, you said, I don't want to use that word, big claim. You said it does not require updates.
6:03
As we're aware, other vendors, if you do not update signatures,
6:08
then you are particularly vulnerable. This is quite a novel thing to hear.
6:14
Christy, our technology, it's not reliant upon heuristics, behavioral analysis.
6:21
It's not reliant upon whitelisting. As Christian said, it's a deterministic
6:29
filter driver that embeds itself into the operating system.
6:34
So it actually becomes a part of the computer. It lives right in the heart of
6:40
the computer, right in ring zero. Our competitor vendors are sat in the application layer.
6:48
They're in a different part of the computer system. system. And Abarthis is
6:53
looking for binaries, code, trying to get onto the computer system without permission.
7:02
And that's deterministic, it makes that decision, and it stops unwanted binaries
7:09
in less than a millionth of a second.
7:12
Okay. So, and it stops the bad guys getting onto the computer system before they have a chance.
7:21
So we hit them at their most vulnerable place and that's just when they're about
7:26
to try and deploy the malware, they're trying to get the payload onto the computer and Abarthis says no.
7:34
Okay, awesome. Now, there are different ways of obviously deploying.
7:39
Malware coming onto our system, one of the USB clicking malicious links and
7:45
redirects to websites, etc, etc. So what you're saying is whatever the avenue of input, I want us to stop it on its tracks.
7:56
Yeah, because the guy who architected this, the guy who wrote this,
8:02
was obviously a really clever guy.
8:04
You know, I mean, we talk about people with brains the size of a planet.
8:08
I mean, I do think that this chat was one of those.
8:12
And his genius was understanding how malware works in its most simplistic form.
8:20
And he came up with a solution based on that.
8:23
And this solution is the polar opposite of everything else that's out there.
8:29
It's an incredibly elegant solution to a really ugly problem.
8:35
It's a very small piece of code, less than 100 kilobytes, and it sits in ring zero,
8:43
and it looks at the malware as the malware tries to arrive and be delivered
8:50
onto the computer system. And as Christian rightly said, malware is an unwanted binary.
8:56
It's a piece of code. Yes. And one of the zeros.
8:59
That's all it is. and if you can
9:02
stop it from being delivered if you
9:05
can stop that payload from arriving on the computer system you
9:09
can stop that malware doing what the
9:11
bad guys are trying to do and it doesn't matter whether they're
9:15
trying to deliver it by infrared and whether it's that you know a watering hole
9:19
attack on a website or whether it's a usb stick as the ingress point a bartis
9:26
doesn't care it doesn't matter what it it doesn't even need to know that what
9:32
it's saying is unwanted code.
9:35
So it breaks it down into something really simple and because of that it can react or it can act,
9:43
incredibly quickly so one of
9:46
the points i like to make is compare it's stopping malware being delivered onto
9:52
a computer system within less than a millionth of a second and compare that
9:58
to the the average time it takes now to actually find and clear malware from an operating system,
10:06
which I think according to IBM is over 100 days.
10:10
Yes. Sometimes in some instances, some of them is very hard to do.
10:16
Just have to, you know, we wipe the system or I think if I remember clearly.
10:24
There was an attack in one of the oil companies a
10:27
few years ago and they had to purchase a
10:31
new hardware and cost them a lot of money
10:34
absolutely 100 million dollars that was a ramco with
10:37
shimoon yeah yes a rampart yes
10:39
so uh and i really they had
10:42
to because of the scale of the attack they had to uh
10:45
give oil oil gas uh for free
10:49
for a period of time so obviously i'm not
10:51
sure what the long-term cost was now but if
10:55
if they are supposed to have this piece of software
10:58
it would have reduced that landscape drastically now
11:02
you've kind of walked us through the fundamentals
11:06
of and functionalities of
11:09
the advantage software and you also talked about
11:11
how they enhance cyber security
11:15
and also now you've also mentioned about being
11:19
a solution for zero day exploits and
11:22
any on no malware okay which is which is great to hear i'm just going to go
11:29
in again now and again this this piece of software just 100 kilobytes resides
11:34
in being a zero a question i want to ask is now obviously we are aware that.
11:42
Malicious codes and the binary can be recognized.
11:46
Are there any false positives here? No.
11:50
No, we don't suffer from false positives or false negatives.
11:54
So it's one of the great benefits of the technology because it recognizes and
11:58
it's an actual event. And if it stops a binary, we record it in our logs.
12:01
That goes to our SIEM, which we call Central Management Console.
12:05
That's a SIS log that's ported off the agent that sits on each of the endpoints,
12:08
goes to the SIEM, our SIEM, and that records for posterity the event that's
12:14
actually happened but because it's a deterministic decision on a binary that's
12:18
tried to write to disk there are no false positives. So we're pretty good as a hunter-killer for pre-existing malware as well when
12:24
it tries to morph on the device. So if you have an already infected device before we're installed,
12:31
there are instances where we have actually discovered pre-existing ransomware
12:36
because it's tried to morph. It's tried to call out to its command and control on the Internet,
12:40
get a new profile to evade signature.
12:42
Signature because very often ransomware is discovered
12:46
you know by other security vendors signatured and
12:49
then the signatures are rolled out to pre-existing security vendors
12:53
so that they can adapt their solution to meet the to meet the emerging threat
12:58
we see it when it tries to morph and therefore we capture where it was on originally
13:02
on the disk and therefore we can do a targeted removal but the beauty of our
13:06
system is there are no false negatives and no false positives And also an extremely limited number of logs.
13:13
The logs are low because we are stopping the attack before it follows through.
13:19
Okay. And that's really important when you think of the cost downstream to all
13:23
the logging that every other security vendor has to go through.
13:27
So if you think about the target attack a few years ago where they had deployed
13:31
FireEye, FireEye said, yes, we identified there was a threat and it was in the
13:36
lines of code that we reported to you. Well, unfortunately for Target, the actual threat was hidden in amongst a million
13:44
lines of other false positives. So they couldn't distinguish the wheat from the chaff, so to speak.
13:50
So the logging aspect to me is one of my favorite aspects of our technology
13:54
because of the sheer cost reduction.
13:56
So the ROI for our technology compared to almost, well, every other actually
14:02
security solution that's out there is dramatic. Absolutely dramatic.
14:07
And that comes back through having that surety of
14:10
no false positives and obviously the vastly reduced log
14:13
set i just wanted to point out
14:16
because of some of the listeners will be saying well it's all very well
14:19
protecting against persistent threat and binaries that write to the disk but
14:23
what about the tools that apt groups such as vault typhoon use they co-opt powershell
14:29
they're using vb script they're using some of these other approved solutions
14:33
that the administrators use Well, one, without technology,
14:37
a BARTIS administrator has a higher level of privilege than a normal sysadmin.
14:42
So where you would normally be god of the box and you can do anything you wish
14:46
with the system, with a BARTIS deployed, you have to be an BARTIS approved administrator,
14:53
to allow the unlocking of the operating system by the sysadmin.
14:57
So the sysadmin is no longer in control of the estate. state.
15:01
So we actually stop the insider threat as well as the external threat.
15:08
What do you think organisations would be comfortable handing over the keys of
15:13
the kingdom to a third party?
15:17
In many instances for small to medium businesses, they do that already without sourcing to cloud.
15:23
So that paradigm shift has already occurred.
15:26
But you're quite right, many governments, many large companies.
15:30
As we've mentioned Aramco, very much will not allow third parties
15:33
to come in and and enforce control changing
15:37
control so we are quite able with our solution to give
15:40
them one a managed service or oversight of that
15:43
managed service or they can own and operate the solution themselves
15:46
with minimal minimal training it's a
15:49
very very simple solution to deploy using conventional tools
15:52
yeah obviously we use ip as syslogs
15:55
come from our endpoints protected endpoints to
15:59
a sim our sim or indeed they can have their own pane of
16:02
glass that they may have already invested in such as the
16:04
arc site or splunk or you know or any of
16:07
those so we play nice with all the other security solutions
16:10
in the stack we do not because we're only
16:13
at ring zero go ahead alexander yeah but christy just
16:16
you know the point about handing over the
16:19
the security i mean what what we're
16:22
doing here is actually enhancing the security so the
16:26
way that we will build ourselves in with
16:29
with the clients is that you won't have a
16:32
single point of failure so one person can't switch
16:36
it off so you've almost got like the missile silo analogy where two guys have
16:40
got to turn the keys simultaneously is that depending upon the size of the estate
16:44
and you know the locations you could have you could have somebody who doesn't
16:50
even know the other person on another other continent at a time,
16:54
you know, at a predefined time, two people working together.
16:59
Turning that key so you can make any amendments or
17:02
changes you need to do and then turn and then locking it
17:05
locking it again and you make it almost
17:09
impossible i mean you can never say never and you can never say impossible
17:11
but you know almost never almost impossible for the bad guys to co-opt somebody
17:17
yes so you can't you can't force somebody because there's somebody else on another
17:22
continent that has to be involved so you prevent the collusion yeah you prevent
17:28
collusion and if If somebody is having a bad day,
17:31
as it happens, well, tough.
17:33
That person having a bad day can't do the damage because they need to have somebody
17:37
on the other side of the world and they don't know who that person is.
17:40
Yes. So what we're doing is adding a higher level of privilege and a much,
17:45
much greater solution to these organizations.
17:48
Okay. I just wanted to finish the point on the APT group, Vault Typhoon as well,
17:53
because they are known for using the low and slow approach and using the administrator's
17:57
own tools against them, such as PowerShell, BB Script, C Script and so on.
18:01
And they have a very, very modest persistency on the device,
18:04
which is extremely hard to find. So this is what Christopher Wray, the FBI director in the States,
18:11
has called an existential and generational threat to critical national infrastructure,
18:15
particularly in federal government in the States. Because the vault typhoon apt group has
18:20
been in their system since 20 before 2021 i think i think they're saying to
18:26
their knowledge about five years so what you have there is a threat actor that
18:31
has now actually permeated the operational technology space within those large utilities those those,
18:39
water providers energy providers nuclear power stations and so on and so forth.
18:44
Simply because they're able to use your own administrative tools against you
18:47
once they've exploited the vulnerability on the system if you deploy the bartis in that scenario,
18:53
we are able by virtue of our complete control over the binaries to prohibit
18:58
the use even by system administrators of their own tool sets never mind the
19:04
operational technology where you've We've deployed tens of thousands of programmable
19:09
logic controls across a power station, for example.
19:12
But they still have the same operating system. They still have the same ability
19:15
to be vulnerable because these tools exist.
19:19
We can absolutely turn those tools off across our entire estate,
19:24
allow only the highest level of privilege, which would be a BARTIS approved
19:28
operator to utilize those tools.
19:31
For everyone else, it could be completely turned off, negating the risk.
19:35
Now, because we can do that after instantiation with the security policy that
19:40
we deploy, the deployment model is using the conventional tools.
19:44
The minute we're instantiated, it requires a restart because we do exist in the kernel.
19:49
We become part of the intrinsic to the operating system because that's how it
19:54
works. You have to do a restart. But once the restart is done, that means you can then invoke the policy,
19:59
which would say I'm going to turn off all of those administrator tools.
20:03
And that would prevent any attack group
20:06
that's in there that utilizing the administrator tool
20:10
set would prohibit them from acting and the moment that small that modest persistent
20:15
threat that's sitting there which allows them to invoke the tools tries to invoke
20:21
the tools is prohibited but it immediately becomes visible to us so we capture
20:25
that event in the log it's a true event It's not a false positive. It's absolute.
20:29
We can then identify where the bad actor, the APT group, such as bulk typhoon
20:35
are across the network and then enable a targeted removal of their activity.
20:41
Presence and that may be the
20:44
most innocuous looking bit of code you might not think it
20:47
was malicious but of course the bad actor knows it's
20:50
malicious because that's what they're using to deny availability at
20:54
such juncture they perhaps want to mount an attack in conjunction with an invasion
20:59
of taiwan for example because vault typhoon is a chinese group so this is how
21:05
we can can enable and secure operational technology as well as IT uniquely.
21:11
The Abantis technology has been around. We forgot to mention this, Alexander.
21:15
We were commissioned by the Swiss military in 2004 and deployed in 2005 into
21:21
Armour Suisse in the Swiss Alps on behalf of the Swiss military.
21:27
And that means that it was written for very, very much earlier versions of Windows.
21:32
So we, in fact, have in our library, our software library, the ability to go
21:36
back to NT4 and to protect the endpoints all the way to the present day,
21:41
which is completely and utterly unique in our industry.
21:44
I was just going to ask you that about the legacy systems because we've talked
21:48
about critical systems and we are aware that some of the causes of the vulnerabilities
21:54
in those infrastructure is legacy systems that.
22:00
No longer house essentially they're unsupported christy exactly
22:03
yeah systems yeah yes now so whatever
22:07
vulnerabilities that exist remain to this day but with
22:09
our solution you don't even need to patch until you are good and ready so let's
22:14
say you've deployed cisco and then you now know there's a vulnerability within
22:19
the webex aspect of the cisco architecture and you have an issue now because
22:24
do I deploy their fix to fix the vulnerability?
22:28
Do I wait and test that fix in pre-production to ensure that that itself is
22:34
not being compromised, such as SolarWinds, where its supply chain was compromised?
22:38
What do I do? The IT professional, security professional has a conundrum.
22:43
Do I trust Microsoft to allow them to push out KBs across my estate, or do I wait and test?
22:50
In the meantime, I remain vulnerable, especially if that
22:53
vulnerability is being exploited in the wild yeah now with
22:56
our solution you can because the vulnerability cannot be
22:59
exploited because we will not allow a change to the pre-existing binary because
23:03
there's no change allowed the vulnerability is not exposed
23:06
so the only reason that you would need to
23:09
update your patch effectively is
23:13
through regulatory means because the the regulator
23:16
has asked demanded that you have to update your systems within
23:19
two weeks of a patch becoming available otherwise you
23:23
could do that at a you know twice yearly event
23:26
you could consolidate all your updates and you could roll them out
23:29
consistently and all at once across the
23:32
state negating a lot of expensive out of band patching and emergency patching
23:37
that goes away with our technology that means that the vulnerability even though
23:42
it exists cannot be exploited while we're while we're doing the protection so
23:46
another very powerful usp for our technology.
23:50
Just to reiterate, it will sit on everything from the current flavour of the
23:57
Windows operating systems all the way back to NT4. And that was the original question.
24:02
So it looks after all of the legacy estate, all of it.
24:07
So where you've got organisations, we've got the National Health Service,
24:13
we've got the police forces. That up until very recently running XP or Windows 7 or Windows 8,
24:22
Abarthis will sit on those, and it will provide the same level of surety and
24:26
security as it does for Windows 11 or Server 12 or anywhere else it sits on
24:33
in the modern stack, in the modern architecture.
24:35
And this is just something I'd like to add.
24:38
This means that if you are running Abarthis on your legacy equipment,
24:44
equipment on your older IT, you will update that IT when you are ready, not because you're being strong-armed
24:52
by a vendor saying, you've got to throw that machine away because we can't look after it anymore.
24:59
There might be years of life left in that machine.
25:02
It might be doing a really simple application, but you don't need to upgrade
25:07
it to Windows 10 or 11 at that expense.
25:11
Good examples of that are MRI scanners and X-ray machines, medical devices,
25:16
in broadcast satellite communications.
25:19
All of those use legacy OS because it can't be changed.
25:24
That's too costly and some of the vendors have gone out of business, etc.
25:29
I want to come into this more personally because I conduct audits for compliance purposes.
25:38
And one of the in the uk
25:41
i'm a cyber central assessor and you
25:44
are one of the standard questions we ask
25:47
is let's ask is has your software been
25:51
updated with the latest patches for the
25:54
vendor patch during 14 days now i'm looking
25:57
at this that if they say no but claim
26:00
that we have a barter installed that manages
26:03
all our operating systems going back to xp i'm not show you the current standard
26:09
will allow us to pass them because as far as the current is 27001 external other
26:16
standards as well is that do you have watch operating system it is windows 22 h2.
26:24
That is fine if and you have xp it's an automatic fail do you so if they if
26:30
these clients say say we have Windows,
26:33
let's say Windows XP, for example, and we have our bodies as software that is
26:40
providing that control.
26:42
Are you telling me that might they might pass the certification on auditor and
26:46
assessor might pass them? Well, Christie, Christie, Microsoft on Microsoft are not issuing patches for XP anymore.
26:53
They don't know that we know that. Yeah, exactly. Yeah. So yes,
26:56
so this is a way this is a way that you could tick that box and
26:59
say it's now protected that's the question is
27:02
protected because microsoft are not
27:05
issuing patches refuse to unless and
27:09
unless in certain situations where like the
27:12
national health or perhaps the
27:15
the police forces are being forced to
27:19
pay a huge amount of
27:22
money every month as an extended license
27:25
yes for a support that
27:28
is actually no support so this
27:31
this goes back to return on return on investment there was
27:34
a dreadful story that came out a few months ago where the
27:39
national health paid microsoft or its reseller eight million pounds extended
27:46
licenses licenses for a month yeah yeah just a staggering amount of money and
27:53
that was so that they could run machines that were not actually being patched or supported.
28:00
I suppose if you look at the return on investment, £8 million compared to...
28:06
We would look after, Christy, I would look after the entire national health
28:10
for less than £8 million, just out of the fact that we would really like to
28:14
look after the national health. Yes. Yes. OK. The amount of money that is being burned is absolutely horrendous.
28:23
So the return on investment would be massive and immediate.
28:27
Media but the the point the point is
28:30
is if if you don't have to
28:33
upgrade you know because you don't want to
28:36
and in addition you're actually
28:39
you're buying security yes whereas at the moment if you're paying for an extended
28:43
license or not you've got no security yeah and all you all you have to do is
28:49
look at the number of patches and the number of uh critical vulnerabilities
28:53
that that are being applied against even the modern,
28:57
not legacy, but even the modern architecture.
29:02
Congress are saying it's not fit for purpose. Now, it's not my place to sort
29:07
of say whether Microsoft are or are they not,
29:11
but if you see the reports that are coming out by organizations or politicians
29:17
who have got some sway with Microsoft, Very,
29:21
very recently, just after this, this, the vault typhoon attack,
29:27
when they suddenly realized that, you know, the problem that got the critical infrastructure,
29:30
the CISA attack, where another APT group got into the US body that was there
29:38
to advise and protect other US bodies. I mean, the irony is enormous.
29:43
People are getting upset with it now. As you can see, as Christian said, a lot of the companies, the SMEs and the
29:50
micro-organizations do not have the in-house support and expertise in-house.
29:56
Which is why we have a managed security service. Yes, yes.
30:00
Which is supported by, yeah, so our technology is supported by an international patent.
30:07
We're filing new patents because we've actually improved the security since
30:11
we bought it. And now we have the ability to stop the living off the land binaries,
30:15
which I was talking about earlier. That is the PowerShells, the VB scripts, the C scripts that the bad guys are using against you.
30:23
We also came up with a solution to the SMB1 problem, the server message block
30:28
problem one, which is an incredible vulnerability that allows and has to be
30:34
used for legacy to talk to the more modern architecture.
30:38
If you don't have SMB1, then you can't operate remotely your operational technology estate.
30:45
So that means that SMB1 is switched on across your modern IT estate.
30:51
And this is what's keeping the SOC analysts up at night, causing them massive
30:55
amount of stress, simply because they're having to monitor all the transaction
31:00
flows through SMB1 because it's highly vulnerable to man-in-the-middle attacks
31:04
because there is no encryption. The devices cannot be more encrypted so this
31:09
is as a threat vector so we can actually turn off that smb1
31:13
conduit once we're deployed on an estate this means
31:16
that the SOC analysts now kind of get their work life balance
31:20
back because they're no longer under huge amount
31:24
of pressure we hear anecdotally some of the
31:26
events i've been to in the last few months that 52 percent
31:29
of SOC analysts are on some form of prozac you
31:33
know taking medication to handle their
31:36
stress levels fully 65 percent of them want
31:38
to get out of the business or one of the presentations i
31:41
saw a guy put up a picture of three old men and said these are actually 22 year
31:45
olds and i got a big laugh from the audience because of the stress these these
31:49
poor sock analysts are under with our technology deployed that goes away and
31:53
we can reduce the number of staff required i mean we They had a Middle Eastern,
31:58
a very large Middle Eastern customer that we're working with right now who have
32:04
two data centers in the education sector. And they did their numbers at the outset to how many folks would they need to
32:11
run a SOC. OK, we'll go with 50 in each.
32:14
And they suddenly realized being in a rather totalitarian type of regime where
32:19
if you get things wrong, the potential repercussions are much broader than getting fired.
32:24
The stress that these individuals are under the sock analysts are under was
32:28
so great that fully half of them were off sick at any one time due to due to
32:32
stress yes so now to to deploy so they now have 240 people across two data centers to do the same task.
32:40
Because of the stress levels yeah that's a
32:43
shame yeah it is because i mean i
32:46
hear personally of people actually leaving that sector of
32:49
the industry due to stress and burnouts as
32:52
well yeah but you deploy our
32:55
technology the white noise goes away you get
32:58
to see the an actual event the attempt as it comes in
33:01
the attempt is immediately prevented as alizana said and
33:04
less than a millionth of a second but you've recorded it you you
33:07
know that it happened and it's it
33:10
makes um it makes life so much
33:13
simpler we reduce the complexity you can
33:16
imagine when a security event happens and you've got maybe
33:19
if you're a large corporate you may have upwards of 25
33:22
different vendor security vendors in your stack and
33:25
they're all reporting on the same security incident as it
33:29
goes lateral across the network yes you're looking
33:32
at thousands upon thousands of lines of logs
33:35
that increase exponentially at the
33:37
point when there's something suspected to be wrong so solar winds would typically
33:43
collate and gather and aggregate all of those logs and we've seen from a report
33:47
from 2012 some years ago now what actually happens during a security event to
33:52
all of those devices that are are now communicating to the SOC and the NOP.
33:56
And the absolute snowball that you get of logs, it goes up, I think,
34:02
thousandfold from steady state to a thousandfold.
34:05
And then do you know if it's a credible threat or is it a false positive?
34:10
So these are substantial issues for the modern day SOC providers.
34:15
And now what they need to do is to add a SOAR to the mix because the SIM's not
34:20
doing enough. And if you haven't got a SOAR, then the SOAR is now also unable
34:25
to do the tasks that are now required because of the sheer number of logs.
34:29
So now we're talking about, or competitors are talking about, adding AI to the mix.
34:34
And now we're adding more complexity. Exactly. Now, you mentioned SMB version 1 and the Security Operating Center.
34:43
Of what came to mind as well, as companies that frequently do vulnerability scans and,
34:51
also pen testing as well, the SMB version one will come up as a criticality,
34:57
I think of all the CVS, several above.
35:01
And what's came to mind now, since you mentioned the SOC, I wondered if your
35:05
solution can also address some of the findings we get from running these scans as well,
35:13
because I think some of our clients want to do a vulnerability scan,
35:17
of which they don't do it frequently, and some of these categorizations of high security comes up.
35:26
People start cleaning out their hair. I just wondered if this would be something
35:31
that, as I mentioned before, small media companies can implement early before any kind of compliance,
35:39
either PCI DSS or CYBEN, SHO, ISO, all this.
35:44
I'm just thinking how this will help them as well, if this is in place, probably.
35:49
So what we do when we introduce ourselves to a new customer,
35:53
We go onto their site and we put our code onto some subset of their devices,
35:59
usually from different departments, so we can look at the software assets that are actually running.
36:05
So we then compile a list and we run the logs that we've gathered in learn mode.
36:10
So we're not making any change. We're benign on the endpoint.
36:14
We're not making any deterministic decision. We're just sitting there recording
36:17
what's actually on the endpoint. Point yeah and that's a that's akin to
36:22
a soft software asset management piece of our of our
36:25
um of our investigation our discovery phase we pass
36:28
that through some algorithms ai algorithms back
36:31
at our research facility and machine learning and we we then produce a report
36:36
we go back to the client the customer and say this is what we discovered on
36:40
these endpoints is this true and correct did you know that you had any desk
36:44
running on this machine did you know that you had because you You didn't tell us you had,
36:48
you know, a particular security vendor because something had been left behind
36:53
and was now sitting on the system, had never been removed,
36:57
is now unpatched and highly vulnerable.
36:59
And it could be you're talking to a bank and they have no idea that these software
37:03
assets are actually still sitting there. So we are able to discover all types of code that tries to update itself or runs.
37:11
And in that way we can then help advise
37:14
the client the customer what they need to do
37:17
to clean up their system what they and and
37:20
then create a security policy for them that reflects their
37:23
risk appetite now this is a really important piece because
37:26
i imagine some listeners will be thinking well this is a highly restrictive
37:30
system this couldn't be deployed in a dynamic environment it's too inflexible
37:34
well that that would be wrong because we can create security policies that meet
37:39
meet the exact risk appetite down to an individual machine or 10,000 machines.
37:44
We can create a policy and give it to our customers and say,
37:47
deploy this and this will meet your absolute risk appetite.
37:52
Tailored for you dependent on the
37:55
on the on the applications you actually want
37:57
running because very often we'll go to a university and we'll
38:01
find a game server that shouldn't be in there because people
38:04
are messing around playing at night and this is usually sometimes in the it
38:07
teams as well they're uh they're consuming valuable resources and not realizing
38:11
they're introducing risk to their environment they're not necessarily malicious
38:15
they're just bored late at night they want to play games so they think well
38:19
i'll deploy a game server or we find cryptocurrency mining.
38:23
That's incredibly energy intensive and costly for a university who can't afford
38:28
to support that kind of scenario.
38:31
So we are able to find all these sorts of things on first deployment in learn mode.
38:36
And then, as I said, once we've gone through discovery phase with the customer,
38:40
we can then tailor a security policy that fits their absolute risk appetite
38:45
and what should be running, what is permissioned on those systems.
38:49
And that's incredibly powerful Because when you do your audit,
38:52
you can say with true conviction, this is what we have running.
38:56
These are the assets. There's nothing else on here. And we can prove that through
39:00
the logs. And that then brings in the cyber insurer.
39:04
How do I get my estate insured against threat?
39:08
Threat and the things that we're finding talking to insurers
39:11
now is that they're more concerned about the insider threat
39:14
almost than they are the external threat because if
39:17
you've got an individual who's got cis administrator rights having a bad day
39:21
going through a divorce or had a row with his boss yes he could introduce elements
39:25
of risk to that organization or they could leave something behind before when
39:29
they get fired something terribly nasty and and this is the uninsurable This
39:34
is where the real challenge comes in.
39:37
So, Alexander, talking about that high level of privilege and control where
39:40
you need to have proper collusion across several staff members to introduce new risks.
39:47
Is a lot lot harder than dealing with the single uh you
39:50
know than managing you know the threat of a single sysadmin who's you've now
39:56
got oversight and control over what actually they're doing yeah yeah um okay
40:04
now most most organizations they will have group policy,
40:09
and also the applications are managed by Intune.
40:14
So if I'm coming from the client point of view, because they're going to come up with these answers.
40:19
Okay, we have this already. How come your pieces of software found this and
40:24
the ones we're paying for already didn't actually give us this,
40:28
found this rogue software and we thought we had controls already through group policy, et cetera.
40:35
How would you answer that? We've had those conversations and they are pretty tough.
40:40
The processes work differently, Christine. And you've got to ask yourself the
40:49
question, if you are using any of the vendors that are out and you're hacked.
40:55
Yes. Yep. Ask yourself the question, does what I have on my machine work?
41:02
Well, if you've been hacked, the answer is no. know
41:05
why is your vendor telling you it's not a question of if you're going to get
41:11
breached it's when you're going to get breached why are they telling you that
41:16
the other question is why are you accepting that they're selling something that
41:21
they know doesn't actually stop the product.
41:24
And i think yeah i think they they again they
41:28
they i think they'll stand that
41:31
the the client is ignorant of the threats that's why
41:34
so you get these test persons come
41:37
to them say okay this provides this solution
41:40
and because obviously they don't
41:43
have the knowledge behind that it's okay then that works for us and then they
41:46
implement it and that generally it doesn't work and then in six months time
41:51
they'll come along with something else yeah and then they'll come along with
41:54
something else and then they'll come along with something else and this is you
41:59
know this is uh i I think it's called tool sprawl.
42:02
This is where the tools are being sold to the client who's looking to buy some
42:08
surety and security are getting more and more complex, more and more expensive,
42:14
and there are more and more of them. There's something like 75 different sets of tools, security tools,
42:22
used to protect an average business now.
42:26
Certainly, enterprise is more than that. I mean, we know banks have got up to
42:30
100 different levels of security products in their stack, and they still cannot stop the zero day. Yeah.
42:40
Yeah so the tools that are out there at the moment don't work and that's the
42:44
fact we think the situation is going to get rapidly worse because of the advent of general genitive ai,
42:52
and being able to string together multiple exploits and use them in a single attack by,
42:59
gai will absolutely introduce weaponized software into large institutions very
43:06
very rapidly now out and we're seeing some i think there's some researchers
43:10
in israel that have proven and they've strung together two or three of these
43:13
now and proven that they just sail through all the defenses.
43:18
So so so it's this capability is
43:22
obviously going to be utilized by nation state and we'll
43:25
eventually of course travel down to the the ransomware
43:28
type gangs because very often there's what's the
43:32
guy who's working nation state during the week is
43:35
then out for himself particularly from russia at
43:38
weekends to monetize his skills and so
43:40
they'll be taking those skills and capabilities and deploying them for
43:43
ransomware which is obviously financial gain as opposed to nation state which
43:46
might be to deny availability and christian the solution industry is coming
43:52
up with at the moment is oh don't worry about the ai generated threat we will
43:59
have the ai generated security.
44:04
Look we're seeing this coming in now
44:06
yeah so yeah the sock didn't what
44:09
you see him in the sock didn't work so they
44:12
introduced the saw yeah so what is not working so now they're introducing the
44:17
ai to support the sword to support the sock it's almost like that oh you know
44:23
the the man has swallowed a fly and you know the whole you know it's it's just
44:28
how it's how it's unraveling It's crazy.
44:31
It's they descended into a rabbit war and not a rabbit hole, as I like to say.
44:36
And what we're seeing then with the advent of utilizing AI for this,
44:41
that is really, really cost prohibitive because it uses an enormous amount of
44:45
energy to run an AI is usually energy consumption consumptive.
44:50
So your costs are going to go up again. Now, with our solution,
44:55
we actually reduce the energy required on the endpoint because not only do we
45:00
stop malicious binaries or new binaries coming on,
45:03
but across data center, we've proven that deploying a BARTIS across 2000 servers,
45:09
for example, reduces the energy consumption by roughly seven and a half percent.
45:12
And that report was done by Lockheed Martin back in 2015.
45:17
So we can also reduce the energy consumption as well as simply improving the security start.
45:23
And we can bring for C-suite some surety back to the change control process
45:28
so that they know that they're not going to be in the car park at four o'clock
45:32
in the morning talking to reporters, a gaggle of reporters because they've just lost a load of valuable IP or customer data.
45:39
You know has happened has happened many many times
45:42
over the last few years so if you think about
45:45
the cost implications of running a pr team the disaster recovery
45:48
the business marketing planning everything that goes
45:51
with that the backups that the you know all the huge costs associated with maintaining
45:57
and testing all of that it's just the cost implications are utterly utterly
46:03
immense and this this we believe this is out of control and we also think that the The spend,
46:09
the corporate spend by the security vendors is at now roughly 80 to 100 billion
46:15
a year in marketing to keep this mess afloat is utterly ridiculous.
46:21
So energy consumption has gone up massively. The complexity has gone up.
46:26
Yeah. One of the major banks that we've talked to, their biggest risk,
46:30
as they see it, is vendor management. Management if they've got 75 vendors looking after
46:35
a global bank imagine how many meetings
46:38
that goes down to
46:41
because you've got to have a quarterly meeting with your vendor you've got
46:43
to have patches from them day in day out emergency
46:46
patches regular patches new features that you might want to deploy you've got
46:51
to have that relationship with them that's a space in the car park that's an
46:54
additional coffee machine that's more office space meeting space just for all
47:00
the security vendors and and of course that moves into the to the knock as well
47:03
not just the sock not because they're all they're all linked,
47:07
So the cost implications moving forward, if this carries on the path it's going
47:12
and you don't do the prevention, not cure, as we are maintaining you need to
47:16
do, the reactive approach requires a victim.
47:20
Somebody gets clobbered and then they come out with a fix and then you've got to roll it out.
47:24
And then you've got to hope that that fix doesn't contain something malicious
47:27
because the bad guys have got into the security vendors because that's who they're targeting.
47:31
And then so you fix as well doesn't affect
47:34
on the application of the system and now
47:38
take now take a vendor like us whose code never changes yeah
47:42
you check some it you deploy it you never touch it
47:44
therefore it can't be made vulnerable and
47:48
our solution is also hardened as well so it's self-protecting because
47:51
you can't get hacking tools onto the machine that we
47:54
sit on you can't remove us you can't affect us so we.
47:57
Are secured and pardoned as well okay now um
48:01
you've mentioned christian you mentioned costs and
48:04
with every business they look at
48:07
their budgets so i just want
48:10
to look at how would you okay let
48:14
me put this in there how how we show is that about
48:17
the software remains cost effective formalization especially
48:20
in light of budget constraints and resource limitations because
48:24
as you know vendors tend to sell the
48:28
products let's say let's i want
48:30
this just general 100 pounds per user okay now
48:34
for the first two years it will stay 100 pounds but unfortunately year three
48:39
it goes up to 150 200 pounds how would you manage how can you stay within how
48:45
can this be cost effective for the clients in the long term well our business
48:51
model the model is built around that Christy.
48:53
Yes, so we because we've got this.
48:58
Principles and simple principle of stopping malware we don't have to keep coming
49:06
back and sell something else you know we we're not going down into that rabbit warren reference,
49:12
that rabbit hole yeah the the the other way of doing it the the way that our
49:19
peers are are providing security protection with the industry at the moment
49:23
it is just to get bigger and bigger and bigger and whether they like it or not
49:28
they're adding as they add more complexity.
49:31
They're adding a greater attack surface yes and
49:34
obviously they're coming back for more money well with
49:38
the bartis you don't have to do that you deploy
49:41
it it stops malware as i said right
49:44
back at the beginning at its most vulnerable point so
49:47
it's proactive every other model that
49:50
you've described every other situation you've described is
49:53
a reactive solution which is
49:57
no solution at all as christian said it requires
50:00
a victim yeah and in some
50:03
cases it's not one victim but it's tens
50:06
of thousands look at not pettier a few
50:10
years ago so it was a russian attack on accounting
50:13
systems in ukraine got into
50:16
odessa port within within no
50:19
time and i'm talking less than seconds odessa port was
50:22
being hit in the black sea almost identical
50:27
time cabris had a biscuit factory
50:30
in tasmania get knocked over by
50:33
the same malware and cabris
50:37
obviously spend an an awful lot of money in their security yes yeah
50:42
and this this unknown sliced through
50:45
absolutely everything the more and the
50:48
cyber security vendors will say we'll find the problem we'll issue the fix we'll
50:53
get the patch out and you know everybody's going to be happy not petty it cost.
50:58
The world 10 billion dollars in damages so they killed companies they killed
51:04
tnt i believe didn't they and And Merv nearly went to the word.
51:07
Be careful what you say. It didn't kill you tough.
51:10
It cost them a lot, a lot of money. It did huge, well, $10 billion worth of harm.
51:17
Many companies fall over. Many companies don't come back from these cyber attacks.
51:23
So the question is not just, you know, are you going to be protecting my budget
51:31
in two years, or are you going to come back in two years and put the price up?
51:35
It's like, are those businesses going to be there in two years?
51:38
The amount of attacks is growing exponentially.
51:44
Faster than the money can be spent to secure against it
51:47
i mean the damage that's being done to the
51:50
to the world economy is greater now than the chinese gdp you know there's like
51:55
loads of loads of stacks out there that you can draw on that just just tell
51:59
you how how big and how scary this problem is at the moment and we we we just
52:06
don't think the current methodology is good enough, okay and what we do for our managed service customers christie
52:12
is we'll we'll sign a contract with them for three or five years and
52:15
then they can fix their costs and without technology they know what their security
52:19
budget is going to be with every other solution that's out there it's an unknown
52:23
and it's escalating and the the board is absolutely fed up with having to come
52:28
up with more and more money having been told this will solve the issue and this issue is never solved.
52:34
I'll give you an example christy one of our one of our larger clients who are
52:40
in the education sector. I sat down with them and I said what I thought the biggest problem was to them.
52:49
And the first was I reckoned that their costs were out of control and that they
52:54
were buying more and more from the vendors.
52:59
The hackers, the bad actors outside of the education sector are a given.
53:06
Yeah and and it's almost as though you
53:09
know that they're part of the part of society whether it's
53:13
good or bad but the the fact that they
53:16
were having to spend and that their spend was out
53:18
of control made that as great
53:21
a problem as it was from their beloved students who
53:24
loved nothing better than trying to hack the school systems as
53:28
well yes so inside the threat
53:31
yes so so but but when you've got the insider threat and you're not stopping
53:36
it and when you're adding more and more systems to your cyber security defenses
53:41
and you're not stopping it yeah the fact that your costs are going out of control
53:45
gets more than a little bit upsetting yes of course.
53:52
These organizations are not saying no they're writing
53:55
your checks they're paying the money and they're still getting breached
53:58
it's not right it's not fair no it's not it's not it but your thing is that
54:03
they have to do something they have to show sort of due diligence they have
54:08
to show that they've been proactive in attempting to stop these threats because
54:13
if they do nothing then and obviously becomes negligent.
54:16
So if one piece of solution doesn't work, then they have to find somewhere because,
54:23
again, in some of these organisations, schools, even though schools are universal
54:27
charities, you have shareholders, they have to answer to different stakeholders.
54:31
So they have to appear to be doing something.
54:34
Okay, I'm going to ask you the final question. Looking ahead,
54:39
what are your plans for further development and improvement of cyber security solution?
54:44
And now you say that at the moment it is, I don't want to use the word static.
54:49
But surely there is room for improvements in the future.
54:53
I totally agree with you. I mean, we just filed for a number of new patents
54:58
for the next generation of Abarthis.
55:02
And we're actually spending an awful lot on research and development.
55:06
So we are a dynamic business, very much not static.
55:13
So yes we are investing in the
55:16
future now we're putting a lot of a lot
55:18
of money into the development of our ai you know regardless
55:22
of what i say about how our competitors work you
55:26
know we we're very much interested in making sure that we've got decent ai that's
55:30
working for us that is consuming a fair amount of time resource and money we're
55:36
also looking at areas where Abartis traditionally hasn't sat,
55:44
file protection as an example. So that's not been something that Abartis has been particularly.
55:51
Relevant for, but, you know, that's now changing.
55:55
So, you know, I don't want to say a great deal about what we're doing because
55:59
a lot of it we are protecting our IP at the moment.
56:03
But, yes, we're sort of confident that we've got more solutions in the pipeline.
56:09
Also, you know, talking of that, we are working on a Bartis for the cellular market.
56:17
So we will have a Bartis for Android. Oh, that's awesome.
56:21
One of the clients that we're talking to were about building a Play Store so
56:27
we can look at the apps that are coming into the Play Store and make sure there
56:31
are no back doors in there, there's no spyware or malware.
56:35
And then we can provide a custodian for those apps and making sure that nothing
56:43
can be added to it or changed whilst it's in the client's Play Store.
56:47
Door and then when it's deployed onto the
56:50
cell phone well the cell phone's protected by a bartis and
56:54
you know we we stop anything bad happening there
56:57
so that that's actually part and parcel of what we're doing at
57:00
the moment okay would that be a package deals because
57:02
our organization issues and advisor laptops yeah
57:06
the client talking about so
57:09
it's it's a major a telecom provider okay so they
57:13
will they will be able to bring that out to you
57:17
know the millions of clients that they've got undoubtedly they will
57:20
you know they'll be selling telephones to to their
57:23
clients through their you know their network of shops
57:26
or their online facilities um they'll just
57:28
start selling telephones with a bar to spit it okay well
57:32
that would be good and the other aspect is we've spoken
57:34
mostly about we've spoken mostly about microsoft
57:38
but obviously if we're going to to do android that's based on unix linux originally
57:41
so we have the capability to provide security for linux right now so that's
57:47
something that we develop for some larger customers for specific versions that
57:51
they're running but we can compile our code to be effective in linux as well currently.
57:56
The other aspect that we're looking to is to be embedded
57:59
in iot so we're actually built into the
58:02
operating systems of the internet of things because if
58:06
you can imagine you've got millions upon millions of devices being
58:09
deployed which are essentially done but they're connected through ip
58:12
they are major conduit for ddos attacks by
58:15
the bad actors again and we can absolutely prevent them
58:19
being repurposed by malicious actors so there's a big playhouse there a great
58:24
example of that is that urban myth about you know 10 million toothbrushes being
58:28
co-opted to be part of the uh huge ddos recently so it was you know it was an
58:35
urban myth but a bartist would have stopped doctor. It's like you've got some sort of this.
58:41
So you could you could deploy a Bartis onto your toothbrush and make sure that
58:44
the bad guys don't attack it. So we're also involved in developing for smart cities as well,
58:50
for smart meters, for going on to, you know, building security so that somebody can't hack a building.
58:57
So to speak, as we saw in one of the early diehards, we'd have to prevent anybody
59:02
getting in and doing that kind of malicious attack where you could perhaps turn
59:06
the heating up or off in inclement weather.
59:08
And also you wouldn't want somebody else to be in a bad act to be able to attack a.
59:15
City's infrastructure regarding traffic lights and or other stuff which could
59:19
potentially cause horrendous accidents so smart cities is a big thing for us as well,
59:25
you mentioned data centers you
59:28
mentioned so what about the embedded environmental controls within
59:31
the data centers well we have a huge story
59:34
with the data center because the the amount of water and cooling
59:37
that's required is reduced we can extend the life
59:40
cycle of the spinning discs because the platter the surface temperature
59:43
of the platter drops by eight degrees c so if
59:46
you don't want to sweat your assets and use the benefit of our
59:49
code you can extend the life cycle of those of
59:52
those machines and so the benefits are just kind
59:55
of weird and wonderful because you don't you wouldn't think putting a small
59:58
amount of code onto an operating system would have such a dramatic
1:00:01
and positive effect but it absolutely does we get
1:00:04
accused of pushing snake oil I might add at this.
1:00:07
Point when we start talking about energy savings and but
1:00:11
it's just a knock-on effect of reducing complexity and
1:00:15
introducing simplicity into a model okay awesome
1:00:18
now thank you for that thanks Alex and
1:00:21
Christian where can listeners find out more
1:00:24
information about yourselves about your company do they can
1:00:27
visit the website platinum hyphen hit.com
1:00:31
or do a do a google search for uh
1:00:34
abartis which is the the name of the
1:00:37
product or platinum high integrity technologies and
1:00:41
then you know there's the opportunities to uh get in
1:00:44
contact us through there and then we're
1:00:47
also on social media so for business a lot
1:00:51
of business actually comes to us through linkedin so we're
1:00:54
all there people people can find us just looking looking for
1:00:57
us by name okay thank you so much for
1:01:00
your time alexander and christian and
1:01:03
we hope that this episode has provided valuable
1:01:06
insights and practical knowledge that you can apply in your own life or work
1:01:11
it's not just about passive listening and taking action thank you once again
1:01:15
for listening have a great day thank you thanks very much christy it's been
1:01:20
a pleasure to be here thank you christy thank you you're welcome,
1:01:25
Fuck.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More