0:00

Okay, welcome to the Cybersecurity Happy Hour podcast.

0:04

My name is Christy, I'm your host, and this is episode 42.

0:10

We are going to be speaking to have two fantastic guests, Alexander Rogan,

0:16

Christian Rogan of the Platinum High-Intensity Technology, and the third of

0:21

the podcast is Defenders of the Cyberverse.

0:24

We're going to get some insights from these great men.

0:30

Okay, so Alexander, do you want to introduce yourself? Just tell us about yourself

0:34

and your background and your achievements. Oh, wow. Okay. It's going to be short and sweet then, isn't it? So I'm Alexander Rogan.

0:43

I'm the CEO, and with Christian, I'm the co-founder of Platinum High Integrity Technologies.

0:50

We are a cybersecurity company, and we're bringing a particularly interesting

0:57

cybersecurity solution to the market.

1:01

It's a technology that Christian actually introduced me to a good few number of years ago.

1:08

Yes. And it's one that I became really enamored with. It's very powerful.

1:15

I got involved six or seven years ago as a reseller of the tech and then a few

1:22

years ago I was able to sit down and negotiate with the original architect of

1:28

the security technology, and persuade him that it would be a good idea for him to sell the tech and let

1:34

Kristi and I bring it to a much bigger market.

1:39

So there you go. That's me. Okay, awesome. Thank you. Thank you for that. And Christian?

1:46

Yeah, I've been in cybersecurity for, well, since 2000.

1:50

I started off with PwC, a small outfit called Be Trusted, which engaged with

1:56

PKI at that time, and X509 certificates, if anyone even remembers those.

2:01

Moved over to Message Labs a couple of years later, which was a startup in the

2:06

email hygiene in the cloud space, and had a very successful seven years there

2:10

where that business was ultimately sold to Symantec for nearly a billion dollars.

2:14

Moved into a number of other security companies, did some consultancy in the

2:17

middle, worked for Alcatel-Lucent, worked for CSC, Trend Micro,

2:22

and ended up coming across this incredible technology from a small company called Abartis.

2:27

So I joined that little startup, which wasn't terribly sophisticated from the

2:32

commercial perspective. So it didn't succeed like many companies. companies

2:36

and alexander and i were able then to acquire the

2:39

technology in june 2022 take it

2:43

back into our labs improve upon it and then in

2:46

the last six months or so we are taking this solution this

2:49

unique solution to market okay great great to hear that now you you know that

2:55

uh in our in our industry that malware is a constant and evolving threat and

3:02

what i mean by that is We seem to be playing whack-a-mole,

3:06

where we have sealed a point and something else pops up.

3:10

Now, how does your solution adapt to these new and emerging threats?

3:17

Because we know that there are various techniques some of these cyber criminals are using,

3:22

and some countries also kind of have research labs to implement these changes

3:29

as soon as, let's say, opening has been blocked.

3:32

Yeah, we call them zero days, and there's a big and valuable industry in selling

3:37

marketing and selling the zero days for exploits of vulnerabilities in corporate

3:43

and government systems. The surprising answer is we don't adapt our technology at all because we recognize

3:49

malware for what it is, and that is it's a binary.

3:52

Now, when you are trying to introduce any form of malware after the breach onto

3:57

a system, we simply intercept it at that juncture and prevent the payload from

4:02

being delivered to the host. And we do that at ring zero, whereby you can't obfuscate what the code is.

4:09

So we enable, we make the system, the operating system immutable by sitting

4:13

inside the kernel becoming intrinsic to that operating system.

4:17

This gives us a multitude of benefits, which we probably won't even have time to go into here today.

4:22

But simply put, we apply our code. It's a ring zero kernel level filter driver.

4:27

It doesn't require any updates and it absolutely stops with complete certainty

4:32

any new binaries being introduced to the persistent storage of the device.

4:36

That means you cannot write to disk without being permissioned onto the system.

4:41

And we have a whole policy engine, security policy engine, which allows you

4:45

to approve supply chain that you trust to make necessary changes through the

4:52

lifecycle of the applications that are running on your system.

4:55

So it is not simply something which will block the utility of the computer.

5:00

In fact, it absolutely allows the utility of the computer with full flexibility,

5:04

but will absolutely deny any manner of threat, whatever the attack surface is.

5:09

Is so we're talking about protection against usb even

5:12

infrared a malware broker sitting on

5:15

the computer and trying to type the malware into the machine itself because

5:19

they've got physical access they'll be absolutely prohibited from doing that

5:21

so to break it down yeah the

5:24

the way that the kernel level filter driver works is it

5:27

brings zero as i said and it intercepts all the input output traffic

5:30

and it will make a deterministic decision as to

5:33

whether that is a recognized binary that's been permissioned or

5:36

a new one or one that is trying to change a pre-existing binary

5:39

or indeed remove a binary because one of the attacks is to remove security control

5:44

from a system one of course is to change it to adapt it to make it vulnerable

5:48

and the third one would be to introduce a whole new set of code to obviously

5:52

attack the system all three types are absolutely prohibited okay.

5:58

Well, you said, I don't want to use that word, big claim. You said it does not require updates.

6:03

As we're aware, other vendors, if you do not update signatures,

6:08

then you are particularly vulnerable. This is quite a novel thing to hear.

6:14

Christy, our technology, it's not reliant upon heuristics, behavioral analysis.

6:21

It's not reliant upon whitelisting. As Christian said, it's a deterministic

6:29

filter driver that embeds itself into the operating system.

6:34

So it actually becomes a part of the computer. It lives right in the heart of

6:40

the computer, right in ring zero. Our competitor vendors are sat in the application layer.

6:48

They're in a different part of the computer system. system. And Abarthis is

6:53

looking for binaries, code, trying to get onto the computer system without permission.

7:02

And that's deterministic, it makes that decision, and it stops unwanted binaries

7:09

in less than a millionth of a second.

7:12

Okay. So, and it stops the bad guys getting onto the computer system before they have a chance.

7:21

So we hit them at their most vulnerable place and that's just when they're about

7:26

to try and deploy the malware, they're trying to get the payload onto the computer and Abarthis says no.

7:34

Okay, awesome. Now, there are different ways of obviously deploying.

7:39

Malware coming onto our system, one of the USB clicking malicious links and

7:45

redirects to websites, etc, etc. So what you're saying is whatever the avenue of input, I want us to stop it on its tracks.

7:56

Yeah, because the guy who architected this, the guy who wrote this,

8:02

was obviously a really clever guy.

8:04

You know, I mean, we talk about people with brains the size of a planet.

8:08

I mean, I do think that this chat was one of those.

8:12

And his genius was understanding how malware works in its most simplistic form.

8:20

And he came up with a solution based on that.

8:23

And this solution is the polar opposite of everything else that's out there.

8:29

It's an incredibly elegant solution to a really ugly problem.

8:35

It's a very small piece of code, less than 100 kilobytes, and it sits in ring zero,

8:43

and it looks at the malware as the malware tries to arrive and be delivered

8:50

onto the computer system. And as Christian rightly said, malware is an unwanted binary.

8:56

It's a piece of code. Yes. And one of the zeros.

8:59

That's all it is. and if you can

9:02

stop it from being delivered if you

9:05

can stop that payload from arriving on the computer system you

9:09

can stop that malware doing what the

9:11

bad guys are trying to do and it doesn't matter whether they're

9:15

trying to deliver it by infrared and whether it's that you know a watering hole

9:19

attack on a website or whether it's a usb stick as the ingress point a bartis

9:26

doesn't care it doesn't matter what it it doesn't even need to know that what

9:32

it's saying is unwanted code.

9:35

So it breaks it down into something really simple and because of that it can react or it can act,

9:43

incredibly quickly so one of

9:46

the points i like to make is compare it's stopping malware being delivered onto

9:52

a computer system within less than a millionth of a second and compare that

9:58

to the the average time it takes now to actually find and clear malware from an operating system,

10:06

which I think according to IBM is over 100 days.

10:10

Yes. Sometimes in some instances, some of them is very hard to do.

10:16

Just have to, you know, we wipe the system or I think if I remember clearly.

10:24

There was an attack in one of the oil companies a

10:27

few years ago and they had to purchase a

10:31

new hardware and cost them a lot of money

10:34

absolutely 100 million dollars that was a ramco with

10:37

shimoon yeah yes a rampart yes

10:39

so uh and i really they had

10:42

to because of the scale of the attack they had to uh

10:45

give oil oil gas uh for free

10:49

for a period of time so obviously i'm not

10:51

sure what the long-term cost was now but if

10:55

if they are supposed to have this piece of software

10:58

it would have reduced that landscape drastically now

11:02

you've kind of walked us through the fundamentals

11:06

of and functionalities of

11:09

the advantage software and you also talked about

11:11

how they enhance cyber security

11:15

and also now you've also mentioned about being

11:19

a solution for zero day exploits and

11:22

any on no malware okay which is which is great to hear i'm just going to go

11:29

in again now and again this this piece of software just 100 kilobytes resides

11:34

in being a zero a question i want to ask is now obviously we are aware that.

11:42

Malicious codes and the binary can be recognized.

11:46

Are there any false positives here? No.

11:50

No, we don't suffer from false positives or false negatives.

11:54

So it's one of the great benefits of the technology because it recognizes and

11:58

it's an actual event. And if it stops a binary, we record it in our logs.

12:01

That goes to our SIEM, which we call Central Management Console.

12:05

That's a SIS log that's ported off the agent that sits on each of the endpoints,

12:08

goes to the SIEM, our SIEM, and that records for posterity the event that's

12:14

actually happened but because it's a deterministic decision on a binary that's

12:18

tried to write to disk there are no false positives. So we're pretty good as a hunter-killer for pre-existing malware as well when

12:24

it tries to morph on the device. So if you have an already infected device before we're installed,

12:31

there are instances where we have actually discovered pre-existing ransomware

12:36

because it's tried to morph. It's tried to call out to its command and control on the Internet,

12:40

get a new profile to evade signature.

12:42

Signature because very often ransomware is discovered

12:46

you know by other security vendors signatured and

12:49

then the signatures are rolled out to pre-existing security vendors

12:53

so that they can adapt their solution to meet the to meet the emerging threat

12:58

we see it when it tries to morph and therefore we capture where it was on originally

13:02

on the disk and therefore we can do a targeted removal but the beauty of our

13:06

system is there are no false negatives and no false positives And also an extremely limited number of logs.

13:13

The logs are low because we are stopping the attack before it follows through.

13:19

Okay. And that's really important when you think of the cost downstream to all

13:23

the logging that every other security vendor has to go through.

13:27

So if you think about the target attack a few years ago where they had deployed

13:31

FireEye, FireEye said, yes, we identified there was a threat and it was in the

13:36

lines of code that we reported to you. Well, unfortunately for Target, the actual threat was hidden in amongst a million

13:44

lines of other false positives. So they couldn't distinguish the wheat from the chaff, so to speak.

13:50

So the logging aspect to me is one of my favorite aspects of our technology

13:54

because of the sheer cost reduction.

13:56

So the ROI for our technology compared to almost, well, every other actually

14:02

security solution that's out there is dramatic. Absolutely dramatic.

14:07

And that comes back through having that surety of

14:10

no false positives and obviously the vastly reduced log

14:13

set i just wanted to point out

14:16

because of some of the listeners will be saying well it's all very well

14:19

protecting against persistent threat and binaries that write to the disk but

14:23

what about the tools that apt groups such as vault typhoon use they co-opt powershell

14:29

they're using vb script they're using some of these other approved solutions

14:33

that the administrators use Well, one, without technology,

14:37

a BARTIS administrator has a higher level of privilege than a normal sysadmin.

14:42

So where you would normally be god of the box and you can do anything you wish

14:46

with the system, with a BARTIS deployed, you have to be an BARTIS approved administrator,

14:53

to allow the unlocking of the operating system by the sysadmin.

14:57

So the sysadmin is no longer in control of the estate. state.

15:01

So we actually stop the insider threat as well as the external threat.

15:08

What do you think organisations would be comfortable handing over the keys of

15:13

the kingdom to a third party?

15:17

In many instances for small to medium businesses, they do that already without sourcing to cloud.

15:23

So that paradigm shift has already occurred.

15:26

But you're quite right, many governments, many large companies.

15:30

As we've mentioned Aramco, very much will not allow third parties

15:33

to come in and and enforce control changing

15:37

control so we are quite able with our solution to give

15:40

them one a managed service or oversight of that

15:43

managed service or they can own and operate the solution themselves

15:46

with minimal minimal training it's a

15:49

very very simple solution to deploy using conventional tools

15:52

yeah obviously we use ip as syslogs

15:55

come from our endpoints protected endpoints to

15:59

a sim our sim or indeed they can have their own pane of

16:02

glass that they may have already invested in such as the

16:04

arc site or splunk or you know or any of

16:07

those so we play nice with all the other security solutions

16:10

in the stack we do not because we're only

16:13

at ring zero go ahead alexander yeah but christy just

16:16

you know the point about handing over the

16:19

the security i mean what what we're

16:22

doing here is actually enhancing the security so the

16:26

way that we will build ourselves in with

16:29

with the clients is that you won't have a

16:32

single point of failure so one person can't switch

16:36

it off so you've almost got like the missile silo analogy where two guys have

16:40

got to turn the keys simultaneously is that depending upon the size of the estate

16:44

and you know the locations you could have you could have somebody who doesn't

16:50

even know the other person on another other continent at a time,

16:54

you know, at a predefined time, two people working together.

16:59

Turning that key so you can make any amendments or

17:02

changes you need to do and then turn and then locking it

17:05

locking it again and you make it almost

17:09

impossible i mean you can never say never and you can never say impossible

17:11

but you know almost never almost impossible for the bad guys to co-opt somebody

17:17

yes so you can't you can't force somebody because there's somebody else on another

17:22

continent that has to be involved so you prevent the collusion yeah you prevent

17:28

collusion and if If somebody is having a bad day,

17:31

as it happens, well, tough.

17:33

That person having a bad day can't do the damage because they need to have somebody

17:37

on the other side of the world and they don't know who that person is.

17:40

Yes. So what we're doing is adding a higher level of privilege and a much,

17:45

much greater solution to these organizations.

17:48

Okay. I just wanted to finish the point on the APT group, Vault Typhoon as well,

17:53

because they are known for using the low and slow approach and using the administrator's

17:57

own tools against them, such as PowerShell, BB Script, C Script and so on.

18:01

And they have a very, very modest persistency on the device,

18:04

which is extremely hard to find. So this is what Christopher Wray, the FBI director in the States,

18:11

has called an existential and generational threat to critical national infrastructure,

18:15

particularly in federal government in the States. Because the vault typhoon apt group has

18:20

been in their system since 20 before 2021 i think i think they're saying to

18:26

their knowledge about five years so what you have there is a threat actor that

18:31

has now actually permeated the operational technology space within those large utilities those those,

18:39

water providers energy providers nuclear power stations and so on and so forth.

18:44

Simply because they're able to use your own administrative tools against you

18:47

once they've exploited the vulnerability on the system if you deploy the bartis in that scenario,

18:53

we are able by virtue of our complete control over the binaries to prohibit

18:58

the use even by system administrators of their own tool sets never mind the

19:04

operational technology where you've We've deployed tens of thousands of programmable

19:09

logic controls across a power station, for example.

19:12

But they still have the same operating system. They still have the same ability

19:15

to be vulnerable because these tools exist.

19:19

We can absolutely turn those tools off across our entire estate,

19:24

allow only the highest level of privilege, which would be a BARTIS approved

19:28

operator to utilize those tools.

19:31

For everyone else, it could be completely turned off, negating the risk.

19:35

Now, because we can do that after instantiation with the security policy that

19:40

we deploy, the deployment model is using the conventional tools.

19:44

The minute we're instantiated, it requires a restart because we do exist in the kernel.

19:49

We become part of the intrinsic to the operating system because that's how it

19:54

works. You have to do a restart. But once the restart is done, that means you can then invoke the policy,

19:59

which would say I'm going to turn off all of those administrator tools.

20:03

And that would prevent any attack group

20:06

that's in there that utilizing the administrator tool

20:10

set would prohibit them from acting and the moment that small that modest persistent

20:15

threat that's sitting there which allows them to invoke the tools tries to invoke

20:21

the tools is prohibited but it immediately becomes visible to us so we capture

20:25

that event in the log it's a true event It's not a false positive. It's absolute.

20:29

We can then identify where the bad actor, the APT group, such as bulk typhoon

20:35

are across the network and then enable a targeted removal of their activity.

20:41

Presence and that may be the

20:44

most innocuous looking bit of code you might not think it

20:47

was malicious but of course the bad actor knows it's

20:50

malicious because that's what they're using to deny availability at

20:54

such juncture they perhaps want to mount an attack in conjunction with an invasion

20:59

of taiwan for example because vault typhoon is a chinese group so this is how

21:05

we can can enable and secure operational technology as well as IT uniquely.

21:11

The Abantis technology has been around. We forgot to mention this, Alexander.

21:15

We were commissioned by the Swiss military in 2004 and deployed in 2005 into

21:21

Armour Suisse in the Swiss Alps on behalf of the Swiss military.

21:27

And that means that it was written for very, very much earlier versions of Windows.

21:32

So we, in fact, have in our library, our software library, the ability to go

21:36

back to NT4 and to protect the endpoints all the way to the present day,

21:41

which is completely and utterly unique in our industry.

21:44

I was just going to ask you that about the legacy systems because we've talked

21:48

about critical systems and we are aware that some of the causes of the vulnerabilities

21:54

in those infrastructure is legacy systems that.

22:00

No longer house essentially they're unsupported christy exactly

22:03

yeah systems yeah yes now so whatever

22:07

vulnerabilities that exist remain to this day but with

22:09

our solution you don't even need to patch until you are good and ready so let's

22:14

say you've deployed cisco and then you now know there's a vulnerability within

22:19

the webex aspect of the cisco architecture and you have an issue now because

22:24

do I deploy their fix to fix the vulnerability?

22:28

Do I wait and test that fix in pre-production to ensure that that itself is

22:34

not being compromised, such as SolarWinds, where its supply chain was compromised?

22:38

What do I do? The IT professional, security professional has a conundrum.

22:43

Do I trust Microsoft to allow them to push out KBs across my estate, or do I wait and test?

22:50

In the meantime, I remain vulnerable, especially if that

22:53

vulnerability is being exploited in the wild yeah now with

22:56

our solution you can because the vulnerability cannot be

22:59

exploited because we will not allow a change to the pre-existing binary because

23:03

there's no change allowed the vulnerability is not exposed

23:06

so the only reason that you would need to

23:09

update your patch effectively is

23:13

through regulatory means because the the regulator

23:16

has asked demanded that you have to update your systems within

23:19

two weeks of a patch becoming available otherwise you

23:23

could do that at a you know twice yearly event

23:26

you could consolidate all your updates and you could roll them out

23:29

consistently and all at once across the

23:32

state negating a lot of expensive out of band patching and emergency patching

23:37

that goes away with our technology that means that the vulnerability even though

23:42

it exists cannot be exploited while we're while we're doing the protection so

23:46

another very powerful usp for our technology.

23:50

Just to reiterate, it will sit on everything from the current flavour of the

23:57

Windows operating systems all the way back to NT4. And that was the original question.

24:02

So it looks after all of the legacy estate, all of it.

24:07

So where you've got organisations, we've got the National Health Service,

24:13

we've got the police forces. That up until very recently running XP or Windows 7 or Windows 8,

24:22

Abarthis will sit on those, and it will provide the same level of surety and

24:26

security as it does for Windows 11 or Server 12 or anywhere else it sits on

24:33

in the modern stack, in the modern architecture.

24:35

And this is just something I'd like to add.

24:38

This means that if you are running Abarthis on your legacy equipment,

24:44

equipment on your older IT, you will update that IT when you are ready, not because you're being strong-armed

24:52

by a vendor saying, you've got to throw that machine away because we can't look after it anymore.

24:59

There might be years of life left in that machine.

25:02

It might be doing a really simple application, but you don't need to upgrade

25:07

it to Windows 10 or 11 at that expense.

25:11

Good examples of that are MRI scanners and X-ray machines, medical devices,

25:16

in broadcast satellite communications.

25:19

All of those use legacy OS because it can't be changed.

25:24

That's too costly and some of the vendors have gone out of business, etc.

25:29

I want to come into this more personally because I conduct audits for compliance purposes.

25:38

And one of the in the uk

25:41

i'm a cyber central assessor and you

25:44

are one of the standard questions we ask

25:47

is let's ask is has your software been

25:51

updated with the latest patches for the

25:54

vendor patch during 14 days now i'm looking

25:57

at this that if they say no but claim

26:00

that we have a barter installed that manages

26:03

all our operating systems going back to xp i'm not show you the current standard

26:09

will allow us to pass them because as far as the current is 27001 external other

26:16

standards as well is that do you have watch operating system it is windows 22 h2.

26:24

That is fine if and you have xp it's an automatic fail do you so if they if

26:30

these clients say say we have Windows,

26:33

let's say Windows XP, for example, and we have our bodies as software that is

26:40

providing that control.

26:42

Are you telling me that might they might pass the certification on auditor and

26:46

assessor might pass them? Well, Christie, Christie, Microsoft on Microsoft are not issuing patches for XP anymore.

26:53

They don't know that we know that. Yeah, exactly. Yeah. So yes,

26:56

so this is a way this is a way that you could tick that box and

26:59

say it's now protected that's the question is

27:02

protected because microsoft are not

27:05

issuing patches refuse to unless and

27:09

unless in certain situations where like the

27:12

national health or perhaps the

27:15

the police forces are being forced to

27:19

pay a huge amount of

27:22

money every month as an extended license

27:25

yes for a support that

27:28

is actually no support so this

27:31

this goes back to return on return on investment there was

27:34

a dreadful story that came out a few months ago where the

27:39

national health paid microsoft or its reseller eight million pounds extended

27:46

licenses licenses for a month yeah yeah just a staggering amount of money and

27:53

that was so that they could run machines that were not actually being patched or supported.

28:00

I suppose if you look at the return on investment, £8 million compared to...

28:06

We would look after, Christy, I would look after the entire national health

28:10

for less than £8 million, just out of the fact that we would really like to

28:14

look after the national health. Yes. Yes. OK. The amount of money that is being burned is absolutely horrendous.

28:23

So the return on investment would be massive and immediate.

28:27

Media but the the point the point is

28:30

is if if you don't have to

28:33

upgrade you know because you don't want to

28:36

and in addition you're actually

28:39

you're buying security yes whereas at the moment if you're paying for an extended

28:43

license or not you've got no security yeah and all you all you have to do is

28:49

look at the number of patches and the number of uh critical vulnerabilities

28:53

that that are being applied against even the modern,

28:57

not legacy, but even the modern architecture.

29:02

Congress are saying it's not fit for purpose. Now, it's not my place to sort

29:07

of say whether Microsoft are or are they not,

29:11

but if you see the reports that are coming out by organizations or politicians

29:17

who have got some sway with Microsoft, Very,

29:21

very recently, just after this, this, the vault typhoon attack,

29:27

when they suddenly realized that, you know, the problem that got the critical infrastructure,

29:30

the CISA attack, where another APT group got into the US body that was there

29:38

to advise and protect other US bodies. I mean, the irony is enormous.

29:43

People are getting upset with it now. As you can see, as Christian said, a lot of the companies, the SMEs and the

29:50

micro-organizations do not have the in-house support and expertise in-house.

29:56

Which is why we have a managed security service. Yes, yes.

30:00

Which is supported by, yeah, so our technology is supported by an international patent.

30:07

We're filing new patents because we've actually improved the security since

30:11

we bought it. And now we have the ability to stop the living off the land binaries,

30:15

which I was talking about earlier. That is the PowerShells, the VB scripts, the C scripts that the bad guys are using against you.

30:23

We also came up with a solution to the SMB1 problem, the server message block

30:28

problem one, which is an incredible vulnerability that allows and has to be

30:34

used for legacy to talk to the more modern architecture.

30:38

If you don't have SMB1, then you can't operate remotely your operational technology estate.

30:45

So that means that SMB1 is switched on across your modern IT estate.

30:51

And this is what's keeping the SOC analysts up at night, causing them massive

30:55

amount of stress, simply because they're having to monitor all the transaction

31:00

flows through SMB1 because it's highly vulnerable to man-in-the-middle attacks

31:04

because there is no encryption. The devices cannot be more encrypted so this

31:09

is as a threat vector so we can actually turn off that smb1

31:13

conduit once we're deployed on an estate this means

31:16

that the SOC analysts now kind of get their work life balance

31:20

back because they're no longer under huge amount

31:24

of pressure we hear anecdotally some of the

31:26

events i've been to in the last few months that 52 percent

31:29

of SOC analysts are on some form of prozac you

31:33

know taking medication to handle their

31:36

stress levels fully 65 percent of them want

31:38

to get out of the business or one of the presentations i

31:41

saw a guy put up a picture of three old men and said these are actually 22 year

31:45

olds and i got a big laugh from the audience because of the stress these these

31:49

poor sock analysts are under with our technology deployed that goes away and

31:53

we can reduce the number of staff required i mean we They had a Middle Eastern,

31:58

a very large Middle Eastern customer that we're working with right now who have

32:04

two data centers in the education sector. And they did their numbers at the outset to how many folks would they need to

32:11

run a SOC. OK, we'll go with 50 in each.

32:14

And they suddenly realized being in a rather totalitarian type of regime where

32:19

if you get things wrong, the potential repercussions are much broader than getting fired.

32:24

The stress that these individuals are under the sock analysts are under was

32:28

so great that fully half of them were off sick at any one time due to due to

32:32

stress yes so now to to deploy so they now have 240 people across two data centers to do the same task.

32:40

Because of the stress levels yeah that's a

32:43

shame yeah it is because i mean i

32:46

hear personally of people actually leaving that sector of

32:49

the industry due to stress and burnouts as

32:52

well yeah but you deploy our

32:55

technology the white noise goes away you get

32:58

to see the an actual event the attempt as it comes in

33:01

the attempt is immediately prevented as alizana said and

33:04

less than a millionth of a second but you've recorded it you you

33:07

know that it happened and it's it

33:10

makes um it makes life so much

33:13

simpler we reduce the complexity you can

33:16

imagine when a security event happens and you've got maybe

33:19

if you're a large corporate you may have upwards of 25

33:22

different vendor security vendors in your stack and

33:25

they're all reporting on the same security incident as it

33:29

goes lateral across the network yes you're looking

33:32

at thousands upon thousands of lines of logs

33:35

that increase exponentially at the

33:37

point when there's something suspected to be wrong so solar winds would typically

33:43

collate and gather and aggregate all of those logs and we've seen from a report

33:47

from 2012 some years ago now what actually happens during a security event to

33:52

all of those devices that are are now communicating to the SOC and the NOP.

33:56

And the absolute snowball that you get of logs, it goes up, I think,

34:02

thousandfold from steady state to a thousandfold.

34:05

And then do you know if it's a credible threat or is it a false positive?

34:10

So these are substantial issues for the modern day SOC providers.

34:15

And now what they need to do is to add a SOAR to the mix because the SIM's not

34:20

doing enough. And if you haven't got a SOAR, then the SOAR is now also unable

34:25

to do the tasks that are now required because of the sheer number of logs.

34:29

So now we're talking about, or competitors are talking about, adding AI to the mix.

34:34

And now we're adding more complexity. Exactly. Now, you mentioned SMB version 1 and the Security Operating Center.

34:43

Of what came to mind as well, as companies that frequently do vulnerability scans and,

34:51

also pen testing as well, the SMB version one will come up as a criticality,

34:57

I think of all the CVS, several above.

35:01

And what's came to mind now, since you mentioned the SOC, I wondered if your

35:05

solution can also address some of the findings we get from running these scans as well,

35:13

because I think some of our clients want to do a vulnerability scan,

35:17

of which they don't do it frequently, and some of these categorizations of high security comes up.

35:26

People start cleaning out their hair. I just wondered if this would be something

35:31

that, as I mentioned before, small media companies can implement early before any kind of compliance,

35:39

either PCI DSS or CYBEN, SHO, ISO, all this.

35:44

I'm just thinking how this will help them as well, if this is in place, probably.

35:49

So what we do when we introduce ourselves to a new customer,

35:53

We go onto their site and we put our code onto some subset of their devices,

35:59

usually from different departments, so we can look at the software assets that are actually running.

36:05

So we then compile a list and we run the logs that we've gathered in learn mode.

36:10

So we're not making any change. We're benign on the endpoint.

36:14

We're not making any deterministic decision. We're just sitting there recording

36:17

what's actually on the endpoint. Point yeah and that's a that's akin to

36:22

a soft software asset management piece of our of our

36:25

um of our investigation our discovery phase we pass

36:28

that through some algorithms ai algorithms back

36:31

at our research facility and machine learning and we we then produce a report

36:36

we go back to the client the customer and say this is what we discovered on

36:40

these endpoints is this true and correct did you know that you had any desk

36:44

running on this machine did you know that you had because you You didn't tell us you had,

36:48

you know, a particular security vendor because something had been left behind

36:53

and was now sitting on the system, had never been removed,

36:57

is now unpatched and highly vulnerable.

36:59

And it could be you're talking to a bank and they have no idea that these software

37:03

assets are actually still sitting there. So we are able to discover all types of code that tries to update itself or runs.

37:11

And in that way we can then help advise

37:14

the client the customer what they need to do

37:17

to clean up their system what they and and

37:20

then create a security policy for them that reflects their

37:23

risk appetite now this is a really important piece because

37:26

i imagine some listeners will be thinking well this is a highly restrictive

37:30

system this couldn't be deployed in a dynamic environment it's too inflexible

37:34

well that that would be wrong because we can create security policies that meet

37:39

meet the exact risk appetite down to an individual machine or 10,000 machines.

37:44

We can create a policy and give it to our customers and say,

37:47

deploy this and this will meet your absolute risk appetite.

37:52

Tailored for you dependent on the

37:55

on the on the applications you actually want

37:57

running because very often we'll go to a university and we'll

38:01

find a game server that shouldn't be in there because people

38:04

are messing around playing at night and this is usually sometimes in the it

38:07

teams as well they're uh they're consuming valuable resources and not realizing

38:11

they're introducing risk to their environment they're not necessarily malicious

38:15

they're just bored late at night they want to play games so they think well

38:19

i'll deploy a game server or we find cryptocurrency mining.

38:23

That's incredibly energy intensive and costly for a university who can't afford

38:28

to support that kind of scenario.

38:31

So we are able to find all these sorts of things on first deployment in learn mode.

38:36

And then, as I said, once we've gone through discovery phase with the customer,

38:40

we can then tailor a security policy that fits their absolute risk appetite

38:45

and what should be running, what is permissioned on those systems.

38:49

And that's incredibly powerful Because when you do your audit,

38:52

you can say with true conviction, this is what we have running.

38:56

These are the assets. There's nothing else on here. And we can prove that through

39:00

the logs. And that then brings in the cyber insurer.

39:04

How do I get my estate insured against threat?

39:08

Threat and the things that we're finding talking to insurers

39:11

now is that they're more concerned about the insider threat

39:14

almost than they are the external threat because if

39:17

you've got an individual who's got cis administrator rights having a bad day

39:21

going through a divorce or had a row with his boss yes he could introduce elements

39:25

of risk to that organization or they could leave something behind before when

39:29

they get fired something terribly nasty and and this is the uninsurable This

39:34

is where the real challenge comes in.

39:37

So, Alexander, talking about that high level of privilege and control where

39:40

you need to have proper collusion across several staff members to introduce new risks.

39:47

Is a lot lot harder than dealing with the single uh you

39:50

know than managing you know the threat of a single sysadmin who's you've now

39:56

got oversight and control over what actually they're doing yeah yeah um okay

40:04

now most most organizations they will have group policy,

40:09

and also the applications are managed by Intune.

40:14

So if I'm coming from the client point of view, because they're going to come up with these answers.

40:19

Okay, we have this already. How come your pieces of software found this and

40:24

the ones we're paying for already didn't actually give us this,

40:28

found this rogue software and we thought we had controls already through group policy, et cetera.

40:35

How would you answer that? We've had those conversations and they are pretty tough.

40:40

The processes work differently, Christine. And you've got to ask yourself the

40:49

question, if you are using any of the vendors that are out and you're hacked.

40:55

Yes. Yep. Ask yourself the question, does what I have on my machine work?

41:02

Well, if you've been hacked, the answer is no. know

41:05

why is your vendor telling you it's not a question of if you're going to get

41:11

breached it's when you're going to get breached why are they telling you that

41:16

the other question is why are you accepting that they're selling something that

41:21

they know doesn't actually stop the product.

41:24

And i think yeah i think they they again they

41:28

they i think they'll stand that

41:31

the the client is ignorant of the threats that's why

41:34

so you get these test persons come

41:37

to them say okay this provides this solution

41:40

and because obviously they don't

41:43

have the knowledge behind that it's okay then that works for us and then they

41:46

implement it and that generally it doesn't work and then in six months time

41:51

they'll come along with something else yeah and then they'll come along with

41:54

something else and then they'll come along with something else and this is you

41:59

know this is uh i I think it's called tool sprawl.

42:02

This is where the tools are being sold to the client who's looking to buy some

42:08

surety and security are getting more and more complex, more and more expensive,

42:14

and there are more and more of them. There's something like 75 different sets of tools, security tools,

42:22

used to protect an average business now.

42:26

Certainly, enterprise is more than that. I mean, we know banks have got up to

42:30

100 different levels of security products in their stack, and they still cannot stop the zero day. Yeah.

42:40

Yeah so the tools that are out there at the moment don't work and that's the

42:44

fact we think the situation is going to get rapidly worse because of the advent of general genitive ai,

42:52

and being able to string together multiple exploits and use them in a single attack by,

42:59

gai will absolutely introduce weaponized software into large institutions very

43:06

very rapidly now out and we're seeing some i think there's some researchers

43:10

in israel that have proven and they've strung together two or three of these

43:13

now and proven that they just sail through all the defenses.

43:18

So so so it's this capability is

43:22

obviously going to be utilized by nation state and we'll

43:25

eventually of course travel down to the the ransomware

43:28

type gangs because very often there's what's the

43:32

guy who's working nation state during the week is

43:35

then out for himself particularly from russia at

43:38

weekends to monetize his skills and so

43:40

they'll be taking those skills and capabilities and deploying them for

43:43

ransomware which is obviously financial gain as opposed to nation state which

43:46

might be to deny availability and christian the solution industry is coming

43:52

up with at the moment is oh don't worry about the ai generated threat we will

43:59

have the ai generated security.

44:04

Look we're seeing this coming in now

44:06

yeah so yeah the sock didn't what

44:09

you see him in the sock didn't work so they

44:12

introduced the saw yeah so what is not working so now they're introducing the

44:17

ai to support the sword to support the sock it's almost like that oh you know

44:23

the the man has swallowed a fly and you know the whole you know it's it's just

44:28

how it's how it's unraveling It's crazy.

44:31

It's they descended into a rabbit war and not a rabbit hole, as I like to say.

44:36

And what we're seeing then with the advent of utilizing AI for this,

44:41

that is really, really cost prohibitive because it uses an enormous amount of

44:45

energy to run an AI is usually energy consumption consumptive.

44:50

So your costs are going to go up again. Now, with our solution,

44:55

we actually reduce the energy required on the endpoint because not only do we

45:00

stop malicious binaries or new binaries coming on,

45:03

but across data center, we've proven that deploying a BARTIS across 2000 servers,

45:09

for example, reduces the energy consumption by roughly seven and a half percent.

45:12

And that report was done by Lockheed Martin back in 2015.

45:17

So we can also reduce the energy consumption as well as simply improving the security start.

45:23

And we can bring for C-suite some surety back to the change control process

45:28

so that they know that they're not going to be in the car park at four o'clock

45:32

in the morning talking to reporters, a gaggle of reporters because they've just lost a load of valuable IP or customer data.

45:39

You know has happened has happened many many times

45:42

over the last few years so if you think about

45:45

the cost implications of running a pr team the disaster recovery

45:48

the business marketing planning everything that goes

45:51

with that the backups that the you know all the huge costs associated with maintaining

45:57

and testing all of that it's just the cost implications are utterly utterly

46:03

immense and this this we believe this is out of control and we also think that the The spend,

46:09

the corporate spend by the security vendors is at now roughly 80 to 100 billion

46:15

a year in marketing to keep this mess afloat is utterly ridiculous.

46:21

So energy consumption has gone up massively. The complexity has gone up.

46:26

Yeah. One of the major banks that we've talked to, their biggest risk,

46:30

as they see it, is vendor management. Management if they've got 75 vendors looking after

46:35

a global bank imagine how many meetings

46:38

that goes down to

46:41

because you've got to have a quarterly meeting with your vendor you've got

46:43

to have patches from them day in day out emergency

46:46

patches regular patches new features that you might want to deploy you've got

46:51

to have that relationship with them that's a space in the car park that's an

46:54

additional coffee machine that's more office space meeting space just for all

47:00

the security vendors and and of course that moves into the to the knock as well

47:03

not just the sock not because they're all they're all linked,

47:07

So the cost implications moving forward, if this carries on the path it's going

47:12

and you don't do the prevention, not cure, as we are maintaining you need to

47:16

do, the reactive approach requires a victim.

47:20

Somebody gets clobbered and then they come out with a fix and then you've got to roll it out.

47:24

And then you've got to hope that that fix doesn't contain something malicious

47:27

because the bad guys have got into the security vendors because that's who they're targeting.

47:31

And then so you fix as well doesn't affect

47:34

on the application of the system and now

47:38

take now take a vendor like us whose code never changes yeah

47:42

you check some it you deploy it you never touch it

47:44

therefore it can't be made vulnerable and

47:48

our solution is also hardened as well so it's self-protecting because

47:51

you can't get hacking tools onto the machine that we

47:54

sit on you can't remove us you can't affect us so we.

47:57

Are secured and pardoned as well okay now um

48:01

you've mentioned christian you mentioned costs and

48:04

with every business they look at

48:07

their budgets so i just want

48:10

to look at how would you okay let

48:14

me put this in there how how we show is that about

48:17

the software remains cost effective formalization especially

48:20

in light of budget constraints and resource limitations because

48:24

as you know vendors tend to sell the

48:28

products let's say let's i want

48:30

this just general 100 pounds per user okay now

48:34

for the first two years it will stay 100 pounds but unfortunately year three

48:39

it goes up to 150 200 pounds how would you manage how can you stay within how

48:45

can this be cost effective for the clients in the long term well our business

48:51

model the model is built around that Christy.

48:53

Yes, so we because we've got this.

48:58

Principles and simple principle of stopping malware we don't have to keep coming

49:06

back and sell something else you know we we're not going down into that rabbit warren reference,

49:12

that rabbit hole yeah the the the other way of doing it the the way that our

49:19

peers are are providing security protection with the industry at the moment

49:23

it is just to get bigger and bigger and bigger and whether they like it or not

49:28

they're adding as they add more complexity.

49:31

They're adding a greater attack surface yes and

49:34

obviously they're coming back for more money well with

49:38

the bartis you don't have to do that you deploy

49:41

it it stops malware as i said right

49:44

back at the beginning at its most vulnerable point so

49:47

it's proactive every other model that

49:50

you've described every other situation you've described is

49:53

a reactive solution which is

49:57

no solution at all as christian said it requires

50:00

a victim yeah and in some

50:03

cases it's not one victim but it's tens

50:06

of thousands look at not pettier a few

50:10

years ago so it was a russian attack on accounting

50:13

systems in ukraine got into

50:16

odessa port within within no

50:19

time and i'm talking less than seconds odessa port was

50:22

being hit in the black sea almost identical

50:27

time cabris had a biscuit factory

50:30

in tasmania get knocked over by

50:33

the same malware and cabris

50:37

obviously spend an an awful lot of money in their security yes yeah

50:42

and this this unknown sliced through

50:45

absolutely everything the more and the

50:48

cyber security vendors will say we'll find the problem we'll issue the fix we'll

50:53

get the patch out and you know everybody's going to be happy not petty it cost.

50:58

The world 10 billion dollars in damages so they killed companies they killed

51:04

tnt i believe didn't they and And Merv nearly went to the word.

51:07

Be careful what you say. It didn't kill you tough.

51:10

It cost them a lot, a lot of money. It did huge, well, $10 billion worth of harm.

51:17

Many companies fall over. Many companies don't come back from these cyber attacks.

51:23

So the question is not just, you know, are you going to be protecting my budget

51:31

in two years, or are you going to come back in two years and put the price up?

51:35

It's like, are those businesses going to be there in two years?

51:38

The amount of attacks is growing exponentially.

51:44

Faster than the money can be spent to secure against it

51:47

i mean the damage that's being done to the

51:50

to the world economy is greater now than the chinese gdp you know there's like

51:55

loads of loads of stacks out there that you can draw on that just just tell

51:59

you how how big and how scary this problem is at the moment and we we we just

52:06

don't think the current methodology is good enough, okay and what we do for our managed service customers christie

52:12

is we'll we'll sign a contract with them for three or five years and

52:15

then they can fix their costs and without technology they know what their security

52:19

budget is going to be with every other solution that's out there it's an unknown

52:23

and it's escalating and the the board is absolutely fed up with having to come

52:28

up with more and more money having been told this will solve the issue and this issue is never solved.

52:34

I'll give you an example christy one of our one of our larger clients who are

52:40

in the education sector. I sat down with them and I said what I thought the biggest problem was to them.

52:49

And the first was I reckoned that their costs were out of control and that they

52:54

were buying more and more from the vendors.

52:59

The hackers, the bad actors outside of the education sector are a given.

53:06

Yeah and and it's almost as though you

53:09

know that they're part of the part of society whether it's

53:13

good or bad but the the fact that they

53:16

were having to spend and that their spend was out

53:18

of control made that as great

53:21

a problem as it was from their beloved students who

53:24

loved nothing better than trying to hack the school systems as

53:28

well yes so inside the threat

53:31

yes so so but but when you've got the insider threat and you're not stopping

53:36

it and when you're adding more and more systems to your cyber security defenses

53:41

and you're not stopping it yeah the fact that your costs are going out of control

53:45

gets more than a little bit upsetting yes of course.

53:52

These organizations are not saying no they're writing

53:55

your checks they're paying the money and they're still getting breached

53:58

it's not right it's not fair no it's not it's not it but your thing is that

54:03

they have to do something they have to show sort of due diligence they have

54:08

to show that they've been proactive in attempting to stop these threats because

54:13

if they do nothing then and obviously becomes negligent.

54:16

So if one piece of solution doesn't work, then they have to find somewhere because,

54:23

again, in some of these organisations, schools, even though schools are universal

54:27

charities, you have shareholders, they have to answer to different stakeholders.

54:31

So they have to appear to be doing something.

54:34

Okay, I'm going to ask you the final question. Looking ahead,

54:39

what are your plans for further development and improvement of cyber security solution?

54:44

And now you say that at the moment it is, I don't want to use the word static.

54:49

But surely there is room for improvements in the future.

54:53

I totally agree with you. I mean, we just filed for a number of new patents

54:58

for the next generation of Abarthis.

55:02

And we're actually spending an awful lot on research and development.

55:06

So we are a dynamic business, very much not static.

55:13

So yes we are investing in the

55:16

future now we're putting a lot of a lot

55:18

of money into the development of our ai you know regardless

55:22

of what i say about how our competitors work you

55:26

know we we're very much interested in making sure that we've got decent ai that's

55:30

working for us that is consuming a fair amount of time resource and money we're

55:36

also looking at areas where Abartis traditionally hasn't sat,

55:44

file protection as an example. So that's not been something that Abartis has been particularly.

55:51

Relevant for, but, you know, that's now changing.

55:55

So, you know, I don't want to say a great deal about what we're doing because

55:59

a lot of it we are protecting our IP at the moment.

56:03

But, yes, we're sort of confident that we've got more solutions in the pipeline.

56:09

Also, you know, talking of that, we are working on a Bartis for the cellular market.

56:17

So we will have a Bartis for Android. Oh, that's awesome.

56:21

One of the clients that we're talking to were about building a Play Store so

56:27

we can look at the apps that are coming into the Play Store and make sure there

56:31

are no back doors in there, there's no spyware or malware.

56:35

And then we can provide a custodian for those apps and making sure that nothing

56:43

can be added to it or changed whilst it's in the client's Play Store.

56:47

Door and then when it's deployed onto the

56:50

cell phone well the cell phone's protected by a bartis and

56:54

you know we we stop anything bad happening there

56:57

so that that's actually part and parcel of what we're doing at

57:00

the moment okay would that be a package deals because

57:02

our organization issues and advisor laptops yeah

57:06

the client talking about so

57:09

it's it's a major a telecom provider okay so they

57:13

will they will be able to bring that out to you

57:17

know the millions of clients that they've got undoubtedly they will

57:20

you know they'll be selling telephones to to their

57:23

clients through their you know their network of shops

57:26

or their online facilities um they'll just

57:28

start selling telephones with a bar to spit it okay well

57:32

that would be good and the other aspect is we've spoken

57:34

mostly about we've spoken mostly about microsoft

57:38

but obviously if we're going to to do android that's based on unix linux originally

57:41

so we have the capability to provide security for linux right now so that's

57:47

something that we develop for some larger customers for specific versions that

57:51

they're running but we can compile our code to be effective in linux as well currently.

57:56

The other aspect that we're looking to is to be embedded

57:59

in iot so we're actually built into the

58:02

operating systems of the internet of things because if

58:06

you can imagine you've got millions upon millions of devices being

58:09

deployed which are essentially done but they're connected through ip

58:12

they are major conduit for ddos attacks by

58:15

the bad actors again and we can absolutely prevent them

58:19

being repurposed by malicious actors so there's a big playhouse there a great

58:24

example of that is that urban myth about you know 10 million toothbrushes being

58:28

co-opted to be part of the uh huge ddos recently so it was you know it was an

58:35

urban myth but a bartist would have stopped doctor. It's like you've got some sort of this.

58:41

So you could you could deploy a Bartis onto your toothbrush and make sure that

58:44

the bad guys don't attack it. So we're also involved in developing for smart cities as well,

58:50

for smart meters, for going on to, you know, building security so that somebody can't hack a building.

58:57

So to speak, as we saw in one of the early diehards, we'd have to prevent anybody

59:02

getting in and doing that kind of malicious attack where you could perhaps turn

59:06

the heating up or off in inclement weather.

59:08

And also you wouldn't want somebody else to be in a bad act to be able to attack a.

59:15

City's infrastructure regarding traffic lights and or other stuff which could

59:19

potentially cause horrendous accidents so smart cities is a big thing for us as well,

59:25

you mentioned data centers you

59:28

mentioned so what about the embedded environmental controls within

59:31

the data centers well we have a huge story

59:34

with the data center because the the amount of water and cooling

59:37

that's required is reduced we can extend the life

59:40

cycle of the spinning discs because the platter the surface temperature

59:43

of the platter drops by eight degrees c so if

59:46

you don't want to sweat your assets and use the benefit of our

59:49

code you can extend the life cycle of those of

59:52

those machines and so the benefits are just kind

59:55

of weird and wonderful because you don't you wouldn't think putting a small

59:58

amount of code onto an operating system would have such a dramatic

1:00:01

and positive effect but it absolutely does we get

1:00:04

accused of pushing snake oil I might add at this.

1:00:07

Point when we start talking about energy savings and but

1:00:11

it's just a knock-on effect of reducing complexity and

1:00:15

introducing simplicity into a model okay awesome

1:00:18

now thank you for that thanks Alex and

1:00:21

Christian where can listeners find out more

1:00:24

information about yourselves about your company do they can

1:00:27

visit the website platinum hyphen hit.com

1:00:31

or do a do a google search for uh

1:00:34

abartis which is the the name of the

1:00:37

product or platinum high integrity technologies and

1:00:41

then you know there's the opportunities to uh get in

1:00:44

contact us through there and then we're

1:00:47

also on social media so for business a lot

1:00:51

of business actually comes to us through linkedin so we're

1:00:54

all there people people can find us just looking looking for

1:00:57

us by name okay thank you so much for

1:01:00

your time alexander and christian and

1:01:03

we hope that this episode has provided valuable

1:01:06

insights and practical knowledge that you can apply in your own life or work

1:01:11

it's not just about passive listening and taking action thank you once again

1:01:15

for listening have a great day thank you thanks very much christy it's been

1:01:20

a pleasure to be here thank you christy thank you you're welcome,

1:01:25

Fuck.