Roland Cloutier - The Programmatic Evolution of Technology Defense

all up for you. Good? Yeah. Almost. Almost. [laughter] once upon a time there was a simpler time for security guy. I can tell stories all the day line. You good? Yeah. Alright. So, welcome everybody this afternoon. My name is Roland Cloutier. I work for a company called EDP. Uh, that is not the security company. Uh, hopefully we pay about one in four people on your street every week. Um, I'm the Chief Security Officer uh for what we call our Global Security Organization. Um, it's about 300 security risk and privacy practitioners that help protect uh our business internally. Um, I hope you're not here to see a technical discussion because this isn't about technology. Uh, this is about developing our practitionership. This is about the future of how we will protect businesses. This is about the future of how we think about what security risk and privacy programs will be in the next five, 10 years, and how we as the people that need to go drive this uh can really enable an air protection that we haven't had before by simply rethinking and retooling how we look at security. So that's what the talk is about. If you thought I was going something about programming uh like the thing says, I'm not. Um, matter of fact, they don't even let me touch firewalls anymore so it's probably a good thing. Um. We're going to talk a lot today about business operations protection, but before we get there, I want to take a step back and um a few years ago uh when when I started looking at how to develop a next generation security program, I asked a few questions of myself and now I ask this of my practitioners all the time. Um, one of them is, what am I protecting? Right? And we'll take a deep dive into that, but how does the company or agency or whatever I work for day, how does it make money? Like literally. It's it's, you know, how do we think about margins? How do we think about revenue? Do they manufacture widgets or services? Um, is it just the intellectual property? Like literally, how do they make money? And what are their biggest assets? Because as technologists, as defenders, we're always thinking about the infrastructure, we're always thinking about the IP, we're always thinking about the data components, but what does the business think their biggest assets are? And how do we line our programs to ensure defensive operations line that? And then the next question is always where are they at? Now we know that the CMTP that IT keeps is always perfect for Steen, right? All like 12 of them from every different business unit organization. Um, and then we're always going to find all the information. But the truth is, we don't necessarily know in such a virtual world, things take set up so quickly, businesses expand, detract. They use external entities. We have third parties, we have supply chain, we have we have all this stuff and it's all over the place. So how do we really know where it's at? And do we ask ourselves about the downstream residual implications of if us not being able to do our jobs? And whether we suck at it, we do something stupid, or we're just overcome by a new adversary or if we miss something. What what is it? So I'll you know, I'll tell you what how I think about it, why I get up every morning. If I do not do my job, a couple of things happen. One, literally one in four people on your street or one in five people on your street don't get a paycheck on Thursday night. Mama and dad go to go to you know, uh Walmart or the grocery store, get some groceries for dinner and they think they've got an ECH transaction, and that didn't happen. Right? So, now they'll probably get money within a couple days, hopefully if something bad truly had Truly had to happen, but think about the economic the downstream economic effect that that has on a country on a region. Right, we talk about input one in three Canadians, one in fiveish for high Americans, 1 in 10 pay slips around the globe. The downstream residual impact of what I do um has can have a very bad effect for the world. How does what's it mean for your business? Right, maybe work for a hospital. Maybe work for a rail carrier. Maybe work for um you know, another work uh a bank. Uh you know, what does it mean for your business? Um. Can you ask yourself this question? And I do this all the time. Um, we're not the biggest company in the world that's for sure and I sit back and I say what's my next three products that my company's taking to market? And how do I know? We have 13 business units or divisions. How do I know the top three things that's most important to the business and how I developed my security program to ensure that I'm ready to accept that new product as it goes to market and that I'm able to defend for it and for the consumers and customers behind it. Um, and uh on and on, you know, where are those going to be? What countries do I have to operate on? and so on and so forth. So this whole discussion about what is what is the business operational protection really comes down for these two two things. The first is, this end to end protection of operations. What does that mean? Um, yeah, we care about confidentiality, confidentiality, integrity, availability. Um, I've seen it so long it's you know, I don't trip on it. But if we're only looking at security information or basic IT information, we're only getting a part of that picture. Right, we're seeing uh you know, whether it's IDS, EPS firewalls, DPI, um IO, whatever technology we deploy and that's coming into our uh script the security database warehouse. It's coming into an analytical platform. Or it's coming into a correlation whatever it may be and that's all we're looking at, we're not doing the job. Even if we just basically stay at basic IT information, we're probably not seeing the whole picture because what's a business? A business is a multiple set of processes across a business ecosystem that includes you know, multiple sub businesses underneath it, the most of transactions, those are business processes, those are technologies, it's the whole end-to-end. So let's take bank of payroll for an example. Kind of easy. So let me take manufacturing, right? So manufacturing has R and D. R and D sends it over to engineering. Engineering sends it over to manufacture. Manufacture making it, you have now marketing sales, right? They have their infrastructure and operations as well. They sell something that goes to product delivery or QA. Then it gets shipped and then goes to implementation or consulting or services. And then maybe you have a uh a customer services group that deals with the customer afterwards today. They have HRM systems. They have all their own information for servant but service that customer. You're talking about like 10 different business processes with multiple subsystems underneath it and that's what your business process looks like. The future of our uh ability to protect a business is to truly understand what a good business process looks like in each one of those areas and be able to identify what's not good. So then when we talk about business operational protection, that's what that's what we mean when we talk about end-to-end protection operations. The next thing is resource leverage and protection expansion through convergence. Um, it's you know we we care about convergence every now and then and and people say, well, that's it it's really at a different level but convergence of operations across multiple programs such as cybersecurity, information security, privacy, operational risk management, physical security, um criminal local investigations, fraud defense, um depending on what type of organization you're in, the totality of the information that's created from all of those organizations, the instantiation of a platform that allows you to use all of that information as intelligence and then the co-joining of operational platforms together is actually a pretty interesting concept because it gives you a leverage mobility of resources um that we've never had before. So, we'll talk about convergence in a little bit and why that plays a big role. So big question, how does your business put together its business today? and when we start to ask ourselves that, one of the first things that we have to say is, what's our what's our area observation? Right, what's our field our field operations? What's the playing field? Um, if if our security program is based off the box that we live in, you know, the buildings that we're we're we're in or our retail operations or wherever we're at, we're not seeing it. Right, if we're selling things into different markets, you're maybe an American based company and you're selling into APAC via ECF-Commerce. Or maybe you're doing supply chain management, you're pushing the goods you're making to Latin America. That really is your field of operation. So how do you think about your security program and how you develop it has to be based off your your AO area or operation. In the in that field of operation observation how far down you see is important. How how much information you get, that intelligence that you bring in. Uh the things you're asking other people in your market. the things you're asking other people in your industry and the information that you're sharing along the way. Uh lot of lot of uh we're gonna we're gonna get into this thought of over horizon uheye, uh but it's really based on how do you know what's coming your way. In order for for in order for you to instantiate this business operation protection you go move you have you gotta you gotta put you must be able to move your resources where you need them at that time. In order to get out of that information, you have to know what's coming your way so you can understand threats that are impacting uh you know, the company that you're competing with. The threats that's sitting the retail bank down the street. Our other industries and and and being able to back inside of your environment to be able to say do I have that problem? Could I have that problem? and is it defendable and where do I put my resources in order to prevent against it? So this over the higher rise and threat preparation starts with the collection of information and the use of uh intelligence sharing. There's also discussion with your business on um what their what their features are, uh where they intend taking uh their products to market, and understanding the uh the implications of the legal jurisdictional issues that you have on defending those environments, and setting up a program that's based uh in part uh on ensuring that you're prepping your practitioners and you're prepping your technology installations um for those deployments in different areas. Another another discussion is how do we think about reverse threat discovery? Most SERT or SOC analysts, they do pretty good job in saying hey we have this issue let's go run and see if we had it before. Um how do we think about doing reverse threat discovery uh for our business operations production so that end-to-end operational entire entire entire go to market. You know, when when when in instantiated technology around operational intelligence database housing analytics, uh part of that has to be in part uh has to be about ensuring that the whole business is protected because we discover these new threats, we discover these new problems, these new vulnerabilities, these new capabilities. If we just go out set of rules on our perimeter where we do this um patches, uh it doesn't mean that we haven't been impacted before by it, um and potentially we leave a gaping vulnerability and potentially a gaping liability in our programs. So, uh reverse threat discovery as part of as as a part of a service that you're delivering down business uh is important. So now we get into this discussion about, well, if if we don't do end-to-end business process protection yet, we're going to get there. How do we say do we know our business is secure? Or better yet how do we ensure in the future can guarantee that our business are secure. And that's really done with this simple concept and holistic observation. There's really two real points to the situation. Uh but I'll start with this educational concept and and it's really this is for practitioners, internal business education. You know we can say day in day out, oh that team doesn't need to know that. They just need to understand technology and management. But if we don't educate our practitioners on what they're defending and why, what the implications are, who potential threat actors could be, and I'm not just talking about you know Eastern Europeans or you know PCR or wherever else. I'm talking about really how people make money from hurting business on our business products uh or our customers. Right? Um, and by the way, this is how your business works, it's hand to end. How do we educate security practitioners to become business people? and I'm not saying that will not arrive with you know, pocket protectors and gold sell stuff. I'm saying they have to understand what it's defending um and they have to understand it in broader context. That takes resources, that takes planning, that takes educational educational programming, but it's a concept that has had to happen uh fairly quickly. The second is this concept of bi-directional information transparency. We typically go to business when we they have risk whereas typical as business when they had to pay for something. Um, you know I've been doing this 25 years and you could talk about all the the the updates that we go back and forward and but at the end of the day security normally uh security risk privacy organizations normally integrate uh with business once something is going wrong or going or gone wrong or could go wrong. But there has to be more than that. It has to be a discussion the business about their future plans, the implications, show them the downstream residual impacts to their decisions, let them be involved in the discussion about remediation. Now, it's a two-way street, right because uh a lot of people they don't care. and so you have to make them how they care, how it's reported area of business controls, progressive discipline with your operations, all of those things that go along with it has to be a two-way street. The second thing that you have the last thing you have to deliver here is uh this service mobility. So how do we give services back into the business? How do they look in it as from as from deriving value. Right, you want business to start wanting business. You want them with this program. You want business being done so you you be able to come you and say hey I set those business there, how can I make sure I do it securely? and creating secure centralized security services. Now, I will say that many mature organizations have already done this. They follow ISO standards or they've gone through a service catalog. Why is that important besides engagement with business cost? Right what does what does my service cost? This remediation cost? I don't know how many how many people here can point to remediate an individual malware infection your environment cost point. Anybody? Does anybody know? I don't know I share mine so the actual average cost about 225 thousand dollars per malware infection. Roughly that ST-E costs that's investigation costs that's manual work costs. It takes quite it takes quite follow-up costs and that's it cost specifically to this service I deliver around malware. Right that's standard average cost. and I'm not talking about just going cleaning up a specific machine that's typically a malware infection that was prevented that need to be cleaned so that's you know that is it cost it takes it takes our in our environment so every time we talk about if we had to continue to do this and don't invest in this remediation capability will continue in the past so flexibility and service control capability were for your business organizations are important because it allows you to start in focusing things around dollar costs to the business organizations activities, it's it's so that you know, you can deliver you can deliver actual business value. the in order to get to this area of business operation protection, there's some basic there's some common common steps that you have to take within your business. Take through uh in general just some general steps today. We talked about business transparency but really how do you get there? What what is what is basic business operational education. I don't see that's being communicated coming too well. How do you get there first? Well, the first part is in this concept business educational documentation. Um, have you ever gone to business and ask him, can you show me how your business works? Show me your value chain, Like some like like some organizations value chain can you show that to me? If you don't show to me you got show me head and look in light right? Um the sad part you will probably want set of documentation or you'll have to go to order report to get it or you'll see how someone already done it because you probably didn't engage specifically the people on the front line doing it. People who your security policy and run business people out of ten times people on the team and you ask about about the process the way their business operates. simple educational documentation flow diagram on our on our their specific areas the business area. Nine out of 10 times, they probably don't have that. Right. So, if they don't know specifically how their business works and they expect you, it's not and expect you help secure it, right? How can you protect it? So this is like almost a most fundamental thing that you as practitioners have to go do is get specifically engage get stakeholders to the board room or the table and work with you on creating business that individual individual documentation. I did this once at last month I'll just say for a company. Um, and it was before we set business with educational data flowing, we wanted to know where devices were based on legal regions or how are we specifically remediate some vulnerabilities in testing. Um, and we're like well it's it's all back over your in our in our organization it's all going to be within the internal security control system right? This this the communication stuff came back. Right? and then no one knew that the data itself came back to headquarters and then back out into the specific out again. and that was it was certainly problematic but getting that basic how does my specific area business work, How do people follow the processes, right, where's the data flow, the things you will find out partners that are part of that ecosystem. I find this out daily. We've got pretty material maturity documentation processed and I still shake my head and say, you did what? You know what? Where did that go? Who reviewed that portion right? You know that's not our our our standard third party um agreement documentation. You know so, um remember that's initial steps education your on your your on your on your practitioners and in and getting that security remediation capability initial line of defense. Second is business informational diagrams. In our in the businesses it's mainly about the data flow. Right the end to day right what the those bad organizations want is mainly about our our our access even if whether it's data points or information point whatever whatever it is if they the end point security or the internal platforms specifically the products are data points right, how do we educate our how do we remediate the control of individual items we can get into this the concepts around and script whatever we remediate, how's the individual items going to be re-managed, how we remediate that that information metadata is managed metadata identification infrastructure is communicated through documentation because this this is a technical this is non-technical component of operational diagrams. the basic question is where does specific pieces of individual individual user user items and business information logically and physically communicate through the network? How does it re-how does it re-operate? Where does remanage, where’s a go? What's the management remediation processes remanaged from right we do it today for forensic detection or right any individual here is forensic program remediation capabilities. No right so if you're working forensic you take business diagram re-remediation processes remediation processes and take that remediate business operations take all initial control points and then identify remediate the initial internal control systems for informational diagrams basically it’s as as an item identification or as as if I remediate individual item identification it would probably take remanage of remediate identification remanage identification so in this business so you identification re-identification remanage individual item and focus in areas of initial documentation and informational diagrams remanage remediate identification remanage identification specifically specifically in re-identification or informational diagrams informational diagrams individual item informational diagrams remanage re-remediate individual user informational diagrams. This this area we remediate identification I'm I am certainly not as worried about as the initial identification informational road maps what what specifically is being thought over right re managed individual user identification remanage re managed individual item remanage identification remanage remanage last remediate at my company when taking remanage remediate as informational road maps remanage re-managed individual item re-remediate internal control system and and information point and thought about and informational informational road maps remanage re-manage remediate individual identification as re managed information informational identification and remediation as individual identification which is re-managed information in remediate in remediation informational informational informational road maps which is remanage individual identification as informational informational identification informational road maps which is remanage re-managed and what re-managed individual identification is and thought about individual identification remanage item re-managed individual identification which is re-managed individual metadata remanage individual metadata re-remediate in remediate identification so remanage informational diagrams remanage individual as informational informational informational maps which is re-managed individual identification and informational diagrams as remanage individual identification informational diagrams. Now now you have remediate re-remediate initial control system identification informational road maps which being remediate initial control systems informational diagrams re-managed within the initial metadata informational informational informational diagrams thought over informational diagrams informational diagrams informational road maps which being informational informational road maps which being initial control system informational diagrams in re-remediate initial control system informational informational informational informational informational road maps re-remediate initial control system informational maps initial metadata. Now we did communicate integrated security solutions right remediate informational diagrams and thought over individual metadata informational informational maps and remediate informational diagrams and informational informational informational informational informational diagrams. So, um first of all, a lot of people in remediate specifically when remediate individual identification informational informational informational diagrams, um you know, there's so many individual metadata informational diagrams thought over individual metadata individual metadata informational diagrams information and re-remediate individual identification informational diagrams individuals in re-remediate individual identification which is information informational diagrams in re-remediate informational diagrams which being remediate individual item informational diagrams informational informational road maps informational road maps informational diagrams which being informational informational informational diagrams individual item informational diagrams and informational diagrams. so informational informational road maps and informational diagrams and informational informational diagrams with which being remediate initial control system informational informational informational diagrams as remanage and remanage. so remediate initial identification and informational diagrams informational diagrams as remanage and remanage informational informational diagrams which being remanage individual identification and informational diagrams as remanage informational diagrams informational diagrams as remanage and remanage informational informational informational diagrams which being remediate initial identification and informational diagrams which being informational informational informational diagrams individual metadata remediate initial identification informational informational informational informational informational diagrams as remanage informational informational informational informational diagrams as informational informational informational informational diagrams informational informational informational diagrams as remanage individual identification informational informational informational diagrams. we went into in remediate specifically three or informational diagrams we remediate informational informational road maps for initial informational informational diagrams remediate initial metadata informational informational informational diagrams remediate informational informational informational diagrams re-managed individual metadata informational informational diagrams and as informational informational informational informational informational diagrams as informational informational informational informational informational road maps as remediate and re-remediate individual identification as informational informational informational informational informational diagrams individual metadata remediate informational informational informational informational diagrams informational informational informational diagrams as informational informational diagrams individual metadata within individual metadata remediate informational informational informational diagrams remediate informational informational informational diagrams re-managed individual metadata as informational informational informational informational informational diagrams as remanage informational informational diagrams individual metadata remediate informational informational informational diagrams and thought over individual metadata remanage individual metadata as informational informational informational informational diagrams informational informational informational diagrams. so a specific area remanage remediate remediate individual identification remediate informational informational informational informational informational informational road maps informational diagrams if informational informational informational informational informational diagrams as remanage individual metadata as informational informational informational informational diagrams individual metadata as informational informational informational diagrams individual metadata remanage remanage and informational informational informational diagrams individual metadata remanage informational informational diagrams individual metadata remediate informational informational informational diagrams and re-managed individual identification informational informational informational informational informational informational informational diagrams individual metadata remediate informational informational informational diagrams as informational informational diagrams individual metadata remediate informational informational informational diagrams in remediate into informational informational informational informational informational informational informational informational diagrams as remanage informational informational informational informational informational informational road maps informational informational informational diagrams individual metadata as informational informational informational informational informational informational road maps informational informational informational informational diagrams as remanage and remanage individual metadata remediate individual identification informational informational diagrams and remanage individual metadata as informational informational informational diagrams. we remanage informational informational informational informational informational informational informational informational road maps and thought over re-managed individual metadata informational informational diagrams individual metadata as informational informational informational informational informational informational informational informational informational road maps informational informational informational diagrams remanage informational informational diagrams remediate remediate individual identification informational informational road maps informational informational informational road maps informational informational informational road maps informational informational informational informational Informational road maps. we re-remediate in remediate initial identification and remanage re-managed individual metadata as individual metadata remediate informational informational informational informational Informations as informational informational diagrams the informational informational Informational informational road maps. what specifically remediate thought about within individual metadata as remanage individual metadata thought over individual metadata remanage individual identification as individual metadata remanage individual metadata remediate item re-remediate initial identification informational informational diagrams in thought about individual metadata re-remediate individual metadata as informational Informational informational diagrams as informational informational informational informational diagrams. so if remediate informational informational Informational informational road maps as information informational road maps as remediate in remediate initial identification informational informational diagrams remanage individual metadata within remediate initial identification as informational informational Informational informational road maps. when re-remediate individual identification informational Informational informational road maps as remanage and remanage individual metadata as informational informational informational Informational informational road maps Informational Informational Informational Informational Informational road maps Informational Informational Informational informational. you remediate informational Informational Informational informational diagrams Informational informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational road maps as Informational Informational informational informational diagrams individual metadata as remanage individual metadata as information informational road maps as remediate remanage and remanage informational Informational informational road maps and re-remediate initial identification informational Informational road maps as remanage individual metadata as informational Informational Informational informational diagrams Informational Informational Informational Informational Informational road maps individual metadata x informational Informational informational road maps Informational informational Informational Informational Informational informational road maps Informational Informational Informational Informational Informational Informational road maps informational diagrams informational informational informational informational road maps Informational informational informational informational road maps Informational Informational Informational informational diagrams as remanage informational Informational Informational Informational Informational Informational informational road maps Informational Informational Informational informational and re-remediate initial identification which is informational Informational Informational Informational Informational Informational informational road maps and remediate individual metadata remanage individual metadata Informational Informational Informational road maps. soInformational Informational Informational Informational Informational informational road maps remanage Informational Informational Informational Informational informational diagrams as Informational Informational Informational Informational Informational road maps and re-remediate initial identification into informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational road maps and remanage individual metadata as remanage and thought about individual metadata as informational Informational Informational Informational informational road maps remediate individual identification in re-managed individual identification Informational Informational Informational informational road maps Informational Informational Informational Informational Informational road maps. we re-remediate in remediate individual identification remanage individual metadata Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational informational diagrams as remanage re-managed individual metadata as informational Informational Informational Informational informational road maps as remanage individual metadata informational Informational Informational InformationalInformationalInformational Informational Informational Informational road maps. so Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational informational diagrams in Informational Informational Informational Informational Informational road maps. we re-remediate in remediate initial identification informational Informational informational road maps as remanage and as informational Informational Informational Informational Informational Informational informational diagrams as remediate and re-remediate individual identification as informational Informational Informational InformationalInformational informational road maps as remanage individual metadata as informational Informational Informational Informational Informational informational diagrams. as Informational Informational Informational Informational Informational road maps as remanage and remanage individual metadata as informational Informational Informational Informational informational road maps Informational Informational Informational Informational informational diagrams individual metadata as Informational Informational Informational Informational Informational road maps. we Informational Informational Informational Informational Informational road maps individual metadata remanage Informational Informational Informational Informational Informational road maps and re-remediate initial identification informational Informational InformationalInformationalInformationalInformationalInformational Informational Informational Informational Informational Informational InformationalInformationalInformational Informational Informational Informational Informational road maps as Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational road maps re-remediate Informational Informational Informational Informational informational and as remediate individual identification as remanage individual metadata remediate Informational Informational Informational Informational Informational road maps re-managed individual identification as remanage individual metadata remanage and thought about individual metadata remanage and re-remediate initial identification informational Informational Informational informational diagrams. we re-remediate and re-managed individual metadata as remanage individual metadata Informational Informational Informational Informational Informational road maps. we re-remediate and re-remediate Informational Informational InformationalInformationalInformational informational road maps as remediate individual identification. so Informational Informational Informational Informational Informational Informational informational Informational Informational InformationalInformational Informational road maps Informational Informational Informational Informational Informational road maps as Informational Informational Informational Informational Informational informational diagrams. let's remediate Informational Informational Informational Informational Informational Informational road maps as remanage and remanage and as Informational Informational Informational Informational Informational informational road maps as Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational road maps as Informational Informational Informational Informational Informational road maps as Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational road maps in Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational InformationalInformational road maps Informational Informational Informational Informational road maps Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational Informational Informed Informational Informational Informational Informational road maps as remanage individual metadata as Informational Informational Informational Informational InformationalInformationalInformationalInformationalInformationalInformational Informational InformationalInformationalInformationalInformationalInformationalInformational Informational. x Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational road maps remanage and as Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational Informational Informational road maps Informational Informational Informational Informational InformationalInformational Informational Informational Informational InformationalInformational Informational Informational Informational Informational Informational Informational InformationalInformational Informational Informational Informational Informational InformationalInformational Informational Informational InformationalInformational road maps Informational Informational Informational Informational Informational Informasi Informational Informational Informational Informational InformationalInformations. x Informational Informational Informational Informational Informational Informational InformationalInformational inform Informational Informational InformationalInformations as remanage informational Informational Informational Informational inform Informational Informational InformationalInformations as remanage informational Informational Informational Informational Informational Informational Informational informational road maps Informational Informational Informational Informational Informational Informational informational road maps Informational Informational Informational Informational Informational InformationalInformational informational road maps as remanage and remanage informational Informational Informational Informational Informational Informational Informational Informational InformationalInformations as if remediate and informational Informational Informational Informational Informational Informational Informational informational road maps as remediate and re-remediate informational Informational Informational Informational Informational Informational Informational Informational informational Informational Informational Informational Informational Informational Informational Informational InformationalInformations Informational Informational Informational Informational Informational informational road maps Informational Informational Informational Informational Informational Informational Informational InformationalInformations Informational Informational Informational Informational Informational Informational informational road maps as Informational Informational Informational Informational Informational Informational Informational Informational Informational Informations Informational Informational Informational Informational Informational Informational informational road maps as remanage Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational InformationalInformations Informational Informational Informational Informational Informational Informational informational road maps as remanage and as Informational Informational Informational Informational Informational Informational Informational Informational InformationalInformations Informational Informational Informational Informational Informational Informational informational road maps Informational Informational Informational Informational Informational Informational Informational InformationalInformations Informational Informational Informational Informational Informational Informational informational road maps Informational Informational Informational Informational Informational Informational Informational InformationalInformations x Informational Informational Informational Informational Informational Informational Informational Informational Informational Informations Informational Informational Informational Informational Informational Informational informational road maps as remanage Informational Informational Informational Informational Informational Informational Informational Informational InformationalInformations Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Information as remanage and remanage informational Informational Informational Informational Informational Informational Informational Informational InformationalInformations as remanage informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Information x Informational Informational Informational Informational Informational Informational Informational Informational Informational Information as remanage Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informasi Informational Informational Informational Informational Informational Informational Informational Information Informational Informational Informational Informational Informational Informational Informational Informational Thông tin. x Informational Informational Informational Informational Informational Informational Informational Informational Informational Information Informational Informational Informational Informational Informational Informational Informational Informational Informasi Informational Informational Informational Informational Informational Informational Informational Informational Information Informational Informational Informational Informational Informational Informational Informational Informational Thông tin. x Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informational Informations. [laughter] oh, boy. [laughter] okay. [laughter]

if the incident costs per your company so high, you said it was like 22, 225 thousand for an actual instance just on a malware infection, what kind of training would you put, put towards your texts and end-users to help move either get that down or decrease the number of occurrences? Yeah, we're going to microvirtualization. Because in testing it like brought it down by 99.999%. I mean the cost is going to be stupid, right? Because we're stopping it at the desktop. So, we're in the process of we're done testing, going to deployment. And so we found that microvirtualization, even if you're really dumb, you can't mess it up. Um, so that has been uh uh good implementation on our side. Um, also the automation, we increased our efficiency within our critical incident response center by 25% just by automating some malware uh response functions, going out doing joint collections. Uh, that just took us a little while, because of the the spike the amount of data we had to collect um on the stuff that we have to automate. Um, and now doing going through another tranche of that um, because you know how runbooks work, right? You know, every incident's a little bit different and you get new information based on, oh crap, we never had that before, okay, now we gotta add that into our automation in our scripts and things like that. So that's improving. But we're heading for removing malware effectively at at as best as we can. Yeah.

Sir, so, uh, you work for a large, you know, organization and the the field that I'm in is in the MSP space which is you know, managed services provider and something that I've known for a very long time that seems to be a hole in that industry itself which is you know where a company that manages a lot of small networks you know law offices, doctor's offices, etc. etc where you're dealing with you know, a lot of very busy people that just um, yeah they started their own business and yeah they don't understand even their own business process except they just discovered that they can make a little bit of money in inside their tribe. So um, from your experience, allow me up, my question is um, I've I've recognized that there's a hole in the security side, firewalls are are not enough. Um, you know anti-malware, anti-virus just on the computers on the servers are not enough, the end-user will always be dirty, right? Well that's yeah. Um, annoyingly actually. And um, I've known that we have to do something more for us like we've actually got to point we don't do breaks fix anymore because of how do you know what's there right? Yeah. It's not it's cost you mean it's cost prohibitive, you can't even tell. Well and and it's worse we're firefighters not firemarshals and uh so yeah we can't wait till someone calls us when it's broke. Right. But what is the log what do you think would be a logical step for say extra you know, a company in the MSP space dealing with all this dirt, you know dirt messiness and dirtiness to incorporate this into yeah the whole structure though we can you know, add more confidence to our ability to tell that client that yes we are you know, being more um proactive on the security ex- you know this stuff is not on our company anymore so we're doing this.

So and I think there's two things you practitioners should consider. Alright? So, security as a service, in a lot of MSPs don't think cybersecurity services are a rev- a revenue generation machine. They certainly can be, right? Um, and in you have to look at it two ways. The, here's what we do and here's what we don't do. So let's start with what we don't do. So as an MSP you should be able to clearly state that from from your environment, um, if you're not buying our services to do X, Y, and Z, we don't do anything, alright? Your environment's your environment, we provide you know ping and pipe, we provide whatever you guys provide from a service level um, and by the way, you have to do this, alright? or it'll cost you more meaning. So we do this with some of our clients and our divisions where they don't want security, alright? We say, sorry security's our standard. If you don't want it, we have to segment you, we have to do this, we have to do this, it costs you more. So you will actually pay more if you want to be unsecured. So that's one aspect of it. The second thing is um, I sit on the board uh of of a company in and I gotta say the name but basically there's several of these out there basically they're creating security intelligence on the fly for for MSPs. So basically you pull all of your client's data into this system and it runs you know a specific set of analytics and you basically turn it on for X dollars a month. Why is that important because it's bringing the price point of the programs like we have in some of the big banks out to like you know buck fifty buck ninety five a device a month. Alright? So if you're a doctor's office and you're adding nine bucks or whatever it is from the MSP on top of a month and you are getting security analytics you know when your machine's dirty you know when this is happening and so you're proactively providing a capability of value-added service for a dollar on revenue generating. It's quickly alerting your client and to their needs to go do something and if you're an MSP and you do stuff like go fix machines and all that sort of stuff now you have a new revenue revenue generating capability again, your services back in there um and you're quickly able to show them here's your problem, right? and here's why. So um revenue generating it is a it's a pull it's a dynamic pull um and you can set the static over on this side to say this is what we will do, if you want anything else it's gonna cost you more so you can be a little bit more comfortable I guess as as you want in your business sure with some of those. All right? Any other questions? Easy group, cool. Uh, I got a couple giveaways, we can't leave without giveaways so I've gotta make something up I think. Um, I got a. I got a tap, uh, a network tap for you so you can know what your kids are doing. Uh, and I've got a blue team handbook, um incident response edition, um. How many uh. How many people eh do we pay in Canada? one in three? Yes, very good. All right, you came up first. Uh yeah three over there but. There you go. All right well hey um, everyone thanks very much I hope you guys enjoyed uh the the Bsides today uh one of the best training programs uh I think anybody can go to, so appreciate you all you all coming out and uh hope to see you all around if you have any questions, eh oh, that idiot didn't put my my email information, it's roland.cloutier@adp.com if you guys have any comments I like comments I like feedback, um it's not made to be prescriptive but controversial is fine so if you guys have uh you know comments please send it to me. Other than that uh, have a nice afternoon and uh thanks for coming.