Actionable Threat Intelligence: ISIS, SuperBall, SuperFish, & your 8-ball

and I want in and the National techniques why am I here I am supposedly a hacker at least according to the ticker oh my my beautifully and i work 40 box where I have this I whatever of vice president period which means I still to whether I want to do not take into I got I know it's possible he's look at the conference later of it and in my history I used to have hair and do security from a very young age this is from my army days back of the idea in Israel where I had various different stupid roles i'm not i'm not really the type that works well in a rigid environment I don't know why so I ended

up getting passed around a lot of places but it's great exposure experience and the latest stuff that I did there when still do there is a rather red team on the Israeli Air Force Cyber Command start running living on wallet and I'm a parameter for pro long time I mean experience wise i'm now at a stage dog saying i have over 15 years experience this is horrible and and most of it was from the offensive side from the great inside so you're probably ask yourself doing here in the blue team room well most of the writing work is geared so that we can actually fix stuff on the losing side for a resume you're not doing that by

yourself all right before I do it by any chance you become a client and but in through my years of Terrence I've learned that in order to implement proper blue team processes you need to do things right and there's no magic silver gold and and that becomes really really apparent when you start talking about Freddy talents that you signed our thing and we thought we've got fruit cloud and big data and apt and ng whatever any word for their crimes you generation this concerning that so the latest thing at least as of last RSA is credit Alice you can buy threat intelligence a box or e or something that costs a lot of money it makes me

feel good because you spend on my own then you must buzzes thing and the thing it is you can't just buy credit balance and like everything else in the blue team you need to have proper structure in understanding of what is the context the context for any blue team work especially for friend intelligence is threat model okay a beretta model is one of the truly magical things that the needle will enable us as defenders to say I don't care about that right you know for me I don't hear about that these are the magic words that a defender that I see so at risk CEO needs to be able to say when faced with something that he doesn't really

care about right I am NOT Cisco all right I don't care about Cisco's friends I am NOT target I don't care about targets threats all right I have a different kind of business and you're the only that I have in your pocket Fred mom let's spend a few minutes talking about friend hold for removal to threaten thousands because otherwise we'll be like lost and how to cancel but how did you build up on front tells us if you've done the prophetic so a few schools of a threat modeling exist is this too too loud it's just no because I'm sitting under speak of the greater okay just making sure a three-week spools of thread modeling attacker

centric asset centric and in software center almost forgot that's your Forks and so three main schools will talk briefly about a personal attack eccentric is where you focus on your threats your actual credit actors and you search for that by identifying who's out there together alright that's evenly the questions that should ask your CEO coo that people will actually run the business don't ask the IT guys don't ask even not the sea so which is one of those technical seasons that only cares about building firewalls it's kind of bugging you with whoever it is giving idea and ask the people who actually run the business invasive as its problems what keeps you up at night right what

kind of credit you know this is how are you going to get in jail under what circumstance and from that I build on so I have those actors and that's how the effective on over software centric and this is these are probably the models that convert most amount of deacon came from rd or very software or technical centric practice and you'll probably remember words by dread and stride and all those fancy software threat oddly told their rate if you're a party there are almost useless if you're running a business and especially if you're trying to figure out a threat intelligence because some horror as much as we'd like to make very glamorous and this is this is everything

don't care up it's not right it's really not it's just softly and so let's put that aside and let already deal with that last one is necessary which is kind of the flipside of press Enter key for a following to start with the assets right and with the flip side questions to the CEO CEO CFO are how do we make money okay how am I campaign how are you getting paid learn all those God options coming in from all right what is it a business what is the business dude order organization to what what more need to protect and when I say assets again dawn don't open to that the fall of the IT guys going to tell you how we have those

assets in that are like routers and firewalls and servers horse agents like no these are not assets you know visitors these are technical supplements to support it stop that you do with an assets to make money with the business okay so don't confuse those two different things assets in a threat model is something that's less tangible right then I server or invaders so let's focus on the two and two three public schools that are is it we ask eccentric an attacker century and start working from there because that's that's where we need that or pretty doesn't really come into play in terms of showing value and helping you as a defender get better alright in minimize the risk minimize

the threat I saw the practical tools that I like using and that i know of our off dating and it's a little sister octave s for smaller businesses it's great threat modeling responding tools as well as beta if a ir factor analysis and information risk and i'm sure that there are others out there find one that you are comfortable with find one that your customers might be using all right and learn how to use that language learn how to use that threat modeling language and capabilities in order to map out what is it that you're actually defending and that bites always an interesting practice because a lot of companies don't have that and in the end

of the day you're like so what what do they have listening tools over here where I'm not actually effective so let's talk a little bit about the threat actors what how do i what might do with them in the threat model and because that's where I'm going to derive or target most of my threat intelligence is to identify how r by factors affecting me and how can i prepare it eventually so the tractors can be everything from you know crazy Russian hackers to Chinese hackers to internal threats of your CEO or the nerve or relative you have to identify it again talk to the people who actually love the business and identify who are those groups follow me the threat

communities or threat aphids if they're a little more specific or those communities are actors that you as a person who runs business on Sunday are afraid up right who has been known to attack as two approaches and when you do that you're going to start mapping out basic elements of those crackers right who are they weatherly our capabilities from technology perspective on accessibility perspective Buster motivation to the lab girls okay that's all going to the threat model the next thing that you want to start factoring in as I said are the assets so you map out your attackers potential threats now figure out the water pipe protection and again now they have create a model that

you can update on an ongoing basis that reflects how the business operates because obviously does living document all right the business does not standing on its ask keep changing but the products you invest in hardy you do have a days you have you bet on money and for a certain already know that's what they think whatever it is you do it keeps changing that's that's quite a business makes money so map those assets and the 74 assets not necessarily a server may be a tease and map the supporting elements around that's where the technology kicks in that's where the controls kick in all right so i might have an asset that stored inside of database that database

is protected by a firewall a navy this and that it might be protecting also by a process of validating input-output that might not be technology there might be some hopefully going hope this is wrong part of the transaction part of the process but a financial transaction my cupcake algae on that might be an old lady Sansa that's not an approved vendor it's not a life but handwritten list that's an awesome control we call that a mitigated control and risk language and you know I thought it works so I don't need your fancy ecology might have been mitigated control to reduce the risk of making transaction with better because I have Lucy she's been doing this for 30

years hope and I just send you money on one thing controlling other transactions so now that we haven't run off again happier threat actors communities you have your assets now al processes around the people that are molding process the two facets the control that have a mitigating risk assets have you again bilities that I'll use everything is fine that can start enriching that model with threat intelligence threat intelligence is basically the stuff that makes that threat model live from the non-asset help all right so he said we know how to how to keep the acid elements alive because we are running the business aren't we're inside you can know if an acid changes or even control

change threat intelligence comes in into play on the threat actor side to tell us more about how do they affect or potentially factor hassles so before we talk about threatening intelligence we need to talk about a collection right thread collection our intelligence collection how do I collect intelligence or data turning into your topics in what way notice one so asker's are person first of all just by saying no to some of the stuff we kind of clear out the way and threat intelligence or threat data is not in defines its not ashes of malware it's not IP addresses of URLs or whatever the [ __ ] the threat Intel vendors are talking and mask all right

you should be saying why isn't that already p you into my firewall your uploader AV whatever other patrol to I have why do i need to buy an extra fee of signatures and give it to my signature engine right that is not threaded cultures the second question is why is that relevant or how is that relevant to meet my business to my thread bottom okay so that is enough credit countries that's just signatures put that aside get someone else to with that and get it for free don't sorry members and let's talk about what do I collect so first of all again go back to the tripod look at your threat actors focus on them if your threat

actor is China and like the PLA well first we have a problem but that's what you should be focusing on in terms of understanding how do I reach my understanding of what they can do how they do it what's their accessibility who do they hire what's learning their tools and so on so forth is my friend actor is a competitor okay that's something different I start collecting intelligence on my competitor up to your business intelligence not all right how did they operate cops do they sell to who or your suppliers their partners whether they use in our to get attacks get ahead sort of accommodation right that's my thread etheridge we're about that install and so forth the second

element is industry all right i am not as funny access was hopefully in my industry but there are any other like me just a little different and we are all as an industry whatever that industry is probably experiencing some similarities in terms of boost afros right if i'm in the oil and gas industry probably you know there are a few companies and the oil gas industry that experience the same kind of threat actors going after it right green these could be one of them did you eat could be another one of them whoever it is we're experiencing similar attacks so look at history and say huh my competitor gallon hat or my partner whatever it is what

can I learn from that because I might be the next one ok so we're brought up a little bit as far as the spectrum goes up what were you look for and look for those and last but not least we're getting into m5 in lolcat they the more general Freddie columns right understanding that i have people in my organization of corporate people are usually became a security problem right and people get affected by the more general stuff if if there's a final four or chaos an NBA kind of big event going on a lot of the random casual threat actors that I've not before are going to go after a lot of people enhanced trying

to target fish or get them to click on the the fantasy sport people don't do sport that's football things yeah so there's an optician going around there there's you know big names on a bolt out scams obviously that can affect mine please alright because there are Americans and their up the pole in their old like I know I have my email in my opening out it has filter on it now it just goes to don't care and I'm sure that other other people do care and click on so that's it that's kind of general threading talk in terms of characteristic statutes be more in periodical again sports things and bigger Matt and debates and questions

and World News whatever matters that's bubbling you can usually get from those protocol vendors okay because they're much more generic and they don't necessarily apply to you as an industry or other business next question because every everything so far has been get they'd up get intelligence so this is how and first of all posing a lot of stuff you can get for free all right there are a lot of resources that came to can get very specific to be more industry that you can get for free ok I'm going to be able to talk about those incurred a lot of practices out there a lot of blogs popping out now by a lot of my friends and colleagues about posting

practices and really picked out that I'm greedy too to the practice itself I'm veteran a few lakes here in my bedroom posted posting links some pdfs some some links to websites that explain how to do that basically what you're looking at is the ability to zero down on a geography on language on an industry and get as much news there was much information from forums from blogs whatever it is for that specific area alright and that area had been covered more industry that area your thread actors and communities that's where you want to start getting data to turn it into into intelligence and look for pitfalls when you when you look for very specific threat accurate

stuff and that's where you easily have to involve humans as we call it in the intelligence community to human intelligence a lot of the data sources will require someone to log into a forward all right some of those forums are not just public searchable you have to be a member sometimes you have to be dead in order to be better than you have to be active in the whatever that for was doing okay and it gets very tricky to collect intelligence from those you can't just go like google hacking and give me everything from that far it's not going to work it's you know the deep with a daughter but whatever it is and you will need human actors getting

involved in club without intelligence again depending on your friend tells of practice we didn't want to do that in-house or again find someone who specializes after you've identified these are the threat actors specializes in those threat actors and have that human capabilities that speak Chinese Russian in Portuguese whatever it is that can actually interact and get intelligence into this form so again feel free to check out the link i promise personal our there unless I'm booked on website and destroyed it and remember that you will get a lot of unstructured data again we're not talking hashes and I gather signora you're talking about freeform data and you can have keywords you can have I canvases to have whatever

so start looking at tools that are good with processing free form data Splunk is your best friend in those cases some I phone hacking to this little keywords and poorly ate up between different sources and before you again from you buy into some threads into a platform try to try to see if you can do by yourself easier cheaper and usually more effective because it's for you all right it's not for everyone it's for you and finally we're getting to thread intelligence so it's kind of almost 20 minutes talking about for getting different elements we're getting here so turning that data that you've collected all right into intelligence is by itself a practice all right the process of

turning data to intelligence is basically putting context around it and it's more projects right that's word of all 15 minutes of threat modeling and thread actors and assets coming to play all right data that is does not fit your context irrelevant or at least not immediately relevant for you it's not going to Freddy tolerance and so let's see how others define actual print comes so this profile research and we provision so that's how they define out of the Freddie called perry made from data which is just data all right you have to decide what do we use with that how is that don't use it and provided data that that or analysis of data again that's

that's where I'm going to the content to say or beta means ABC but again it's usually in the generic context about served for you if you find it useful great you don't screw it and the top of the period is basically providing contextual data to your environment and that's what we will this is a real credit or practice where you can say this is relevant for me alright and that's where it becomes accessible because generic kind of low caste and then devise and the Euro focus on block out a contribution it's not targeting me I can start everyone and that one is the one that would try to get you and that leads us to a problem because this is

the Dodger threat intelligence at least according to surveys which are biased or live or where our research content is like how are you subtract out 60 forcing using for intelligence missing those jimmy kimmel street interviews yeah so time like that politically they taught us and they afforded to make all I think the Hillary businesses like oh really so services again taken with a pinch of salt and we're not seeing huge adoption and the reason is that we're not really getting to that top of the pyramid where it becomes actionable and I can say I actually uses I managed to reduce my rest from point A to point B using threat intelligence how many times have

you here to see so Laura Freddie tell customers say that on the TI vendor apparently not so much and this is why I became angry and gravity and from the trans and came up with this talk so mostly almost all my [ __ ] started with this is what do people do the better okay I'll tell so we know what we know what we want and what we don't want and let's focus on what can we do with that all right so how do I use that threading tool which is still kind of fuzzy in terms of the data that I collected X relevant for my context based on my thread actors and asses how they turn it

into something actionable alright so as a classic like Mildred from Persia we divided into three parts pretty empty reactive at home bored so preempted I know sheets govern okay it's not burning yet but I know something's gonna burn and this is like the holy grail for intelligence this is the incoming it's not hitting us yet but I know it's gonna hit us all right and I know where I know where it's going to hurt now we're talking fun okay and the characteristics of that Freddy tell is that it has a very very well-defined start late like it's honey it's going to hit in 10 days three days whatever it is and if Arizona find anything alright because it's a

similar attack it's not like a tsunami of attacks that are just endless it's again very specific it's usually very very contextual to me as a defender and tomorrow you need a good general examples of things that I know I need to protect fun are things like I mentioned before again big media advance right I know that because if our essays coming up in what is now february's oh my god i'm sending a lot of my executives to one legal patients access to war again black that is a good time I'm sending tons of executives to black cap and so I know I'm gonna get a lot of fishing before that with all the party invites okay and

I'm now I'm going to get a lot of connections friend connections on and requests on linkedin because everyone like candy cart pierre de Provence you throw this group roads and eventually they dykin linkedin so as an attacker right and again this is one and two I'm been there this is a classic time to craft a very very specific skirmishing cap for everyone went to black so yeah I have a designated time I know that stuff's going to have it I think start putting up walls the walls could be things their executive you're going to base it's not openly fauna games it's your first black out that from whatever it is here's what to expect here's what

to look up all right you can start to that it can end with Perry's mr. executive your new phone use that in Vegas all right into the special phone don't bring your iPhone it connects you to work it can do whatever you do visually it's just a little more secure it's it's fine for that one time event as long as you keep fulfilling your basic needs or five mile for and so again it's taking actions to three and a half like that the second category is reactive who should have it now you have to deal with it right good examples I'm drawing it all dating guess what's going to happen all right come on spring it out superfood shell-shocked

Hartley oldest pasta are reacting threat intelligence now you need to deal with it all right characteristics very well find start date it happened like pink cloud let's go three days ago people start patching block chip it's not like long and long tail of someone steal scanning for heart bleeds someone's still looking for shell shock and on the internet people are a lot of my good friends are still scanning and looking for cash who's not asked who released a new product we can all build that is not patched and it happened crazy people don't care about security and so again thats that's the second kind of threat talk and its characteristics that we need to look at

in pay attention and be back door threat model the last one is the on board all right it's your beautiful kind of generic or more general thread communities that are just always out of it always honor to get you looking for the next opportunity the hackers all right economist it Isis is a new example all right they're not going away anytime soon unless optics really bowl left just like that's how I am so these are the kind of ongoing threats that I think some of the twees should have gravity see your face talk to you later I barracks on you know I have years of experience so the other growing phrase that just need to monitor on constant

basis and tune what you know about them as far as again ecology star using common attack vectors accessibility again Isis is a great example they're looking at a recruiting pretty big thing on social media forums their ability headaches because of the english-speaking individuals so you know what what the threat is gotta look know where they're going to approach your communities so you can start tuning how you deal with that homewood basis which leads us to the actionable part so how do I get all these nicely categorized elements threat intelligence and all those you speedin oh my god this is what happen what are we doing that now all right I know where we want to be

like this that's like silent partner and and some solutions make it look like it's going to be like this and this is probably the only solution that actually delivers all right I know that I have a customer okay it's worse and but you really want to turn it into something that or from a natural ability perspective you want to create some some form of alert an alert that's going to say something very specific all right in terms of an action what do I do now all right and who do I tell it to do is it that horrible happen is it HR is it legal right is it marketing do I need to change something and alert is not

necessarily all right some similar that pops up and says close that working partner right if I get part of it I threaten toddler to be a little more involved in should have a little more information in it and so first of all from another perspective we want to get the distance how far is this event from me all right this isn't being time 10 minutes 15 minutes to hours five days a year it can be physical distance all right people are marching down the street I've dealt with foreign intelligence that translated to they are crossing the bridge and I would like across the bridge sitting in the NOC and going [ __ ] and that's Fred

intelligence that can actually translate something physical distance would be logical one all right there five walks away on the intertubes all right someone crank one of those tubes and divergence on whatever somewhere else right so first of all distance you wanting to find that in your alert and your threaded collar if the second one is what go to the TTP's all right tools techniques costs procedures what are they going to use or water diffusing against us all right is it low orbit I cannon from from a novice guys is it APD from ambient is it you know sequel injection of some sort or a very very or like an all-day that yeah we're going to

drop the OD it's important to understand again what's the context how should I react to enter the rations are going to be completely different right between all those different examples that should be exciting part of your Freddie Taylor and last but not least and that's the better it gets really tricky you get to that question you know you're between something right as a response to the alert alright I'm going to take a nap how is that action going to affect my attacker okay we're getting to like world war two enigma ethical questions one way to win that Freddy telligence down that's a real that's when you know you have Fred intel on your hands when you go if

I stop this attack they're going to go that I know something about and yes when you get that point give yourself like two awesome points and and start thinking about help you carry on that game on the long run and take some casualties on the short run you know show that you can go on the neck server it's like week and not responding but I'll give you a couple of those kind of pawns but if you're not going to get my news okay and still not get out a path that I knew this was coming all right and I parted the forward you don't have to shut down to the identities doing it for 10 minutes or day whatever I can

take it as a business so that one really definitely that the last test the last element of a TI alert is what is the effect from an actionable perspective online Katherine couple of examples on what youtube or on the actionability of it threatening to alert one i follow this pre-emptive in certain spots and this is a good example that I've actually experienced on the old health building and Freddie full capacity with one of our top part of my customers really going to have to wrap up something and God would want where we were able to say we've got an ekat coming in 16 minutes all right we know what's the target out of thousands of

online assets that we have and for that customer online assets or gases like we're very public happy out there and show that your Prime strong I'm gonna hide and I'm still standing and out of thousands of all my assets we knew civically water to government be targeted GPZ we had a chance to see the tool and quickly review the source code seem like oh that's day this is not this is how it's going to look like I can actually stick mature this okay and it's gonna be like a big deal or whatever it is and I knew how many participants estimated are going to be involved in that attack and that's the case it was the vetoes and I

had 16 minutes to prepare it worked what do you do you start I are right now you start inserting response before the incident and have everyone that's going to be involved in that incident response respond to it and seeing how well do they do and go through the different layers of different parts of that map practice it learn one point in fix up this one wasn't ready this one was already they didn't know about this solution procedure although and get to a point work when they attack actually happens you just sit back and you go go through the same town as you just practiced all right so it's right on before the web blog is one of the great

examples of how do you actually use credit elders another example and this is a little more gas this was around basic got older we know what to prepare for we know the one are going to be the pockets I can kind of strengthen make sure that these are okay and practices and another example of practicing incredible correctly is counterintelligence you won't get to those points where you build a good enough practice internally that you're able to start manipulating or participating or call it pushing the engagement line further around out of your bone field towards impactors and that's where it gets interesting counterintelligence how do I mess or alter or minimize whatever legally feasible acceptable water we can find we

might have to minimize my exposure and so good example again from my palette of practicing Freddie tell and putting it to good use I hope was identifying before were my friend you know my customers own thread of community or actors we're getting their tools Commission build whatever it is and and see that someone again get really involved humans into that form and get to one word someone is releasing a new version of a tool of a rat and knowing that I have I can't do something with it and in fact the tool with itself because but i was downloading this another on for vauxhall his number one box cannot it's a [ __ ] virus so this

is going to be infected with a virus but it's really infected with itself and its popping a shell from the hacker back to some random place where I can know that some of these running it so that's a great indication Oh who's using that tool when they're obviously again if you target it narrowly enough you know that these are bad guys alright this is not some ready to go to the pool three sophomores nope this is from specific forum in specific language used for specific people that I know just again I pull that the intelligence arm sore today uncorrelated into the context that makes intelligence for me so that's a great example of getting an alert that

says but someone just downloaded this from there on ask your lawyer all right a little here in heaven find a way to use this opportunity and to the right everyone again you'll get it too definitely my thing of I'm glad fat for it what how do i act without alerting my attacker I know what they're doing and so on so forth critical alright this is not a one-shot game as I alluded to in the beginning threat Intel comes into play to provide feedback to enrich your thread pod I on time boring we're talking threat models and not some fancy that's what book your home but I actually something that show the value in a defensive practice of how you are

increasing your resilience how you're reducing your risk so the feedback loop is critical after every event after every alert after every step of the way of practicing threat intelligence you need to make sure that we have that feedback loop that could enrich and actually change your threat model because that's going to change the way of how you collect intelligence and how you handle is it them how you adapted back to your specific context they make sure that you have it don't have something like this all right where you start good for a bottle collection analysis and dissemination and then alerts and actives and you don't have those two red lines you map your process you're not doing anything good I mean

you're just staying at that same point you're not you're not getting any better so the attackers by definition we're getting ahead of you in the running into you and that something's going to go like in why aren't we getting better I mean the first couple months with knives but I think our relationships were really going and so you need to make sure that that feedback loop exists in order to retain that job hunting threat intelligence it could way to do that is to again get a system of men during my expected versus observe all right this is where your Freddie pilkinton all right I expect something to happen right an attack by X with a knife in the library but actually

it was by Y with a knife in the kitchen all right what is that a difference why did I get that perfect world everything you feel about bag online all right expected and observed would be snap-on together everything's fine right the green and the red our difference is between what I expected and what actually happened analyze those products and what makes this again all right what did I do wrong and it's not really wrong or how can I do better that's time to minimize this all right and have the expected closer to what actually is being observed again create the tools and the measures to show that to show and two allies that over time if you're

not showing programs in terms of minimizing or getting those points closer again you're not doing your life to make sure that these processes aren't if you have st. the language the metrics whatever frameworks want to put around this measurements in in place so that you can fix your Freddie told practice later life and so quickly summarize what we went to resolve over time where's my calendar still good for a minute I'm lot of time so first of all kinda fun all right yeah it's true it's very tempting to go to any conferences yo freddie tell and they get free stuff and it was speaking in weird languages and they all seem very professional athlete Bradford

birdies cut about a talk about how how do you help me do my job it's a it's not really hard question all right and a lot of people are going to be stopped like what do you paint provide threat intelligence you need running counselors okay I'll ask again how does that help me each other and the second question is is really how is that actionable what do I do with this alright if the answer is no you plug into your firewall or sin or you're welcome to that oh you mean you're a signature provider that you talk oh you know what here's the phone is the phone number for checkpoint and not talk to them all right into the

signature so that when I use the products they're really now I'm doing again what do I do with this if it's not actionable it's not great intelligence all right I don't just want to about [ __ ] or not I love the example off everyone freaked out after it due to we have a signature for doing two weren't the first ones and have signatures particular to do you not even do the two targets they want though it's very scary lights the second version of doom to gluten targets as first it targets ad companies all right I don't give a [ __ ] about like great for you can have signature I don't need it all right if

me is this all business he's concerned about do gluten I have bigger problems that I think all right I'm not running though I don't need to deal with the birth mother and so again cuttlebug get action build yourself you know it's not a snot really rocket salad is one of my favorite twitter friend safe and but you do have to actually do work again I know it's kind of weird in our our world everything is notable and clickable there's nothing to naturally water and that's why I spend a lot of time going through building a threat model in bridging it building a practice of I think intelligence analyzing and using pimp your own tools there is lots of

free stuff very very usable they made all the shortcuts for you you just need to kind of assemble it together for your specific situation all right they told that's being sold and mass to a luck to everyone in every industry is probably not the perfect fit for you right unless it's a train you can adapt and use for you don't just apply to use and when you do and you want you identify an opportunity off I don't want to do this and I found a bender who can that's where you can start throwing Anya all right not negating any blinky lights to say if I think oh I need a big screen in our soft

rock whatever days ago all right identified opportunity to throw iowa where you need it it's like I don't want to hire more people to do this these guys do it and get it for cheaper that's where you throw on this love business one of them I'm sorry forfor bringing the business people that's about it hey I think we covered everything this if there's anything any slight as you see with you from from this 48 minutes of blabbering is this is making sure that you've got it agreeing one of those boxes checked okay you know a lot of us especially federal science already loves a love to check boxes to check all the boxes make sure it we're connected and

then we should be fine and we have a couple minutes for questions if you have any communist a true yes sir in that you're going to be really shout out

so the question is how do I measure the effects of different attackers in different organizations or in a group the model is simple guess why are we not using models that are simple enough work

I'm trying not to be too jaded depressing guy that says you know I talked to Jack anthem all right jack is got a phenomenal talk right well Sam much all those openings for sick time to calm down let me give you a hint most of the ship we're dealing with now has been stalled 30 years ago why are we not doing it I don't know we keep learning and keep teaching ourselves I go Oscar started working with my college students and one like the resolving problems that we have that I sold as a college student all right there I'm seeing master's thesis on problems that I would solve and provided code for five years ago

we're not really good that this whole intelligence that yes I don't know I don't have an answer for you I really don't mind I'm trying to be positive here it's not selling its practicing it's practicing again it's and the problem is I think a lot of times people are looking for that who's going to sell me that all right it's the easy check box approach of booby threading to who do i buy that for any more fun I think that's the root of the problems but we can we just meet up for drinks anyone else one of our dreams yes you're the bike rack

is there a significant impact and threat prevention from industry best practice and I think we're slowly getting away again this is the optimist in and we're seeing standards such as V test which again unjaded I'm biased because I loaded get an adoptive into PCI who would have thought pci we have something relevant person here so we're getting there you know we're forcing people to adopt the best practices i hate the word best practices because they're not best for you all right their best or like john toes and everyone else alright so that's time that you need to get this hi alright to ride the eCos that thing so that's the best practice you want to

really practice cardiello little better but again it's getting us past those stupid hurdles and so we're not just just completely failing you know kind of the nights with no hands and so we're gonna got out of that falls unfortunately again best practices are not really conference yeah

and if so it pretty much and are not going to awkward the question was are threatening competitors basically perpetuating the problem a dancer is actually kind of yes right they we as an industry and founded new topic to deal with and as a nurse myself included like oh I can have a great product in this line of business and how tangible holder and I am and yes they've done that and they're like oh I'm everything to lie are threaded on they're all [ __ ] but recently and I just posted like a link on twitter this morning you can see them starting to understand that if they're not in your specific context they're not really relevant and we're starting to

adopt this kind of way of thinking and methodology on the same practice and saying you know this is how we can fit into your threat model gradually same print model under saying failure again which is one of my favorite Fred oddly frameworks inter saying this is how we can enrich very specifically elements of your thread Bob fair headlock is famous tree of how they factor in Brisbane is a visit this and that can enrich by our friend Calvin so they're getting their first outcomes man [ __ ] met about four or five of our research adoption chart they're realizing they're not really selling as well now maybe they sorted out to do something more actual rock it up all

right thank you for one second st yes thank you