James Azar from @TheHackerNews is hosting Adam Konlentz, Field CTO of @revealsecurity to discuss insider threats.
Defending against insider threats, whether they arise from malicious insiders or result from negligent users, remains a high priority for security professionals. The unfortunate reality? Many organizations are alarmingly unaware of how their applications are being used. Often, they do little to monitor trusted identities once authentication and access have been granted. No follow-ups, no check-ins — just blind trust. You can’t stop what you can’t see.
Proactive monitoring of user journeys both within and across applications is crucial for the early detection of misuse or abuse of trusted identities. This early detection is essential to mitigate threats and prevent consequences, such as data leakage and theft.
Dive deep into the world of advanced security tactics in this insightful webinar.
Transcript
00:01
what’s happening security Pros welcome to another Hacker News webinar James AAR here I’ve got my good friend uh Adam cin right did I say it right Adam did I say it ad you got it bud you know I’m trying with last names it’s very very difficult right because you know like last names
00:17
no one wants to destroy them welcome everyone to a Hacker News webinar series our friends from reveal security are joining us today and I’m happy to say for all of y’all no PowerPoints none isn’t that amazing like finally you get to hear an honest fun conversation that
00:31
we’re going to be talking about Insider threats and application detection and response we’re g to give everyone just a few more seconds and minutes to get into the room Adam how’s it going today are you ready to knock the socks off of our awesome audience I hope everyone more sock
00:47
holders keep them on yeah I mean I mean it is December right people have got socks up for Christmas if they celebrate Christmas or you know Hanukah K Quanza whatever your holiday of choice is um you know you’ve got some sort of sock for it right especially maybe you got
01:05
your onesie on maybe or ugly sweater if you have an ugly sweater on please comment we’d love to see it right we’d love to know that you’re wearing an ugly sweater I may tell you to go to my LinkedIn page and just drop a little just picture there with your ugly sweater maybe we’ll do a collage of ugly
01:26
sweaters during the webinars but welcome everyone to another hack news webinar series we’re going to go ahead and get started because we know your time is valuable and so we want to make sure you don’t hear us just randomly banter my name’s James AAR I’m the siso and
01:39
moderator for this webinar on behalf of the awesome team behind your favorite website thehacker news we’re very excited for today’s uh webinar but just a few house cleaning before I introduce Adam officially and we kind of kick off our webinar today one we see your comments we see your questions ask
01:54
comment away we love it we Thrive off of it during the webinar as many of you know I love seeing your comments I often crack up laughing in the background and I have to mute myself because you’re are a funny Bunch so with that being said Adam coblin he’s the field CTO over at
02:11
reveal Security today we’re talking about Insider threat in application detection and response Adam Welcome to The Hacker News webinar series it’s great to have you with us thanks James it’s awesome to be here and you know I’ve I’ve seen so many of your webinars in the past I’m happy to be here today
02:28
and and and be here with you live yeah I’m I’m happy that you’re here too because you we’re talking about a topic that I’m really really really passionate about I think a lot of people here know how much I you know application detection and response really is a big
02:42
deal um as well as Insider threats we obviously know there’s malicious and non-malicious Insider threats right we saw what happened at MGM crowd strike talks about 80% of breaches involving credentials these are unbelievable unfathomable numbers uh the idea of compromised credentials that threat to
03:01
the business again malicious non-malicious the limitations within specific systems of being able to contain the threats and I don’t know if it’s part of the you know the the lack of design or or lack of really critical thinking of addressing these threats but Adam we’re seeing so many recent
03:18
breaches that are really kind of highlighting the abuse of trusted identities as one of the main if not the top attack Vector what are you guys seeing and and how’s this amplifying risk both The Insider and external throughs to the organization it’s a great question you
03:39
think about the risks to an organization the just personally myself I’ve gotten so many emails that my email was included in some breach we all get these emails that we we know that now we are targets you know how many password reset emails have I gotten from various you
03:59
know just non-b buus accounts right the the abuse and misuse of of trust identities is such a key Vector now because the identity providers are no longer necessarily on site either if you’re thinking about you know in the MGM case you brought up uh if I’m managing my identity through OCTA I
04:23
don’t control the infrastructure around OCTA now someone can come in you know using creds cred stuffing bypassing MFA and I have no idea that it’s not James it’s it’s impossible to know right now yeah I mean you’re you’re bringing up the scenario of and and it’s to full
04:45
right here’s the risk the risk here is twofold you talked about OCTA right someone just drop some balloons on me they do gestures I do this yeah I you know that that’s awesome I love that I mean you know I did celebrate a birthday recently but I wasn’t sure we were going to do it on the webinar just
05:11
so random but but we you are talking about I think something that’s really really important right um which is one your identity is not controlled internally you’re relying on a third party that third party is now a Target to all external actors we’ve seen it right is
05:30
you know octa’s the market leader in identity management there’s no doubt that OCTA has a great product that many of us use and I’m an OCTA customer right like but they’re also a Target and they’ve got a supply chain and they’ve got to manage their they’re blind to
05:45
their supply chain like you and I are blind to them we don’t manage OCTA so so I I I absolutely you know I I absolutely agree and it kind of takes us you know you know you see these the these breaches you look at OCTA you look at Serv now you look at all those and it
06:00
really does become you know uh a big challenge you know thinking about that you know Adam our our audience is obviously here commenting a whole lot about this I think this topic does relate to a whole lot of people you know what what should we really be concerned with here is it
06:18
malicious insiders as super admins or or should we look at impersonations of privilege access where you know one account leads to the elevation of another to elevation of another account that’s a great question I mean I I would say that unfortunately due to the fact that we’re now talking about
06:42
how identities are using applications as opposed to people in seats in a building it’s it’s hard to know whether someone’s a malicious Insider or there’s been an account takeover and I think if you think about you know your experience as a SE so you know how many truly bad insiders did you
07:04
find versus your external attack attackers right it’s it’s probably 100 to one a thousand to one yeah I mean malicious insiders I don’t want to say they’re rare right because we don’t always the thing about a malicious Insider is you you brought up something a few minutes ago that that
07:26
nailed it on the head you said I’m constantly getting emails that tell me have been part of this breach and that breach right so you you and I are under the assumption that when someone’s credentials are compromised it’s likely they fell for a fishing attack and didn’t necessarily sell it
07:43
unless all of a sudden during Venezuela or bivia right then all of a sudden you go what happened to the employee no notice and now they’re in Venezuela okay I think we know where this originated yeah well that’s a good point I mean when it when we’re really talking about
08:02
whether the internal or the external is really the bigger concern one of the things we have to think about is we’ve already spent a lot of time as an industry trying to create prevention controls around these privileged insiders you have things like Pam for example um but we haven’t really gotten
08:22
to the point where we have that for Sash and other externally hosted Cloud apps so now something like a security comes in as more of a detection mitigation on or compensating control and a lack of prevention because now we can look at and see is is this actually
08:41
James or did did James you know fall for the the DHL scan or something in in his text message and that’s that’s where we’re starting to find the ability to differentiate between an Insider and a account takeover yeah I mean Pam is so hard to Implement it’s harder to manage right I
09:03
mean people bring up Pam to me Pam’s almost a buzzword as a ceso it’s something I want but very few applications have a glove fit to Pam very few it’s a costly implementation right so from a budgeting perspective you’re weighing what am I going to use Pam on all right am I going
09:24
to use it in AWS yeah I’m probably going to use it there but then all of a sudden the implementation goes sideways Pam doesn’t always work correctly there are uh ex you know circumstances where Pam is slowing down development and pushing through specific things to production
09:42
that’s that’s causing issues and you’ve got to rethink the way you’ve implemented it you’ve got to rethink that deployment Pam is is is a theory and a product that still hasn’t adjusted to the business business oh sure absolutely you know Pam Pam’s great if you’re only worrying
10:06
about admins on Linux or something right it’s not if you’re doing it on Prem right exactly if if you’ve got some sort of internal application on Prem where where you can have that type of control and that type of telemetry that’s great but when you’re when you’re talking about third parties right pam
10:26
pam becomes a bit more complex and and I think that’s that’s part of the reason why we see so much success around hijacking super admin accounts and admin accounts because technically those accounts should never exist with a person they should always be behind Pam with onetime passwords and limited
10:47
availability should be I mean the the reality is that you know even before covid we were already starting to shift to a more distributed Workforce you know SAS adoption was always increasing which made you know more Legacy controls like like Pam less possible even back when I was in the the
11:13
EDR space you almost almost a decade ago we were starting to say that you know the the the endo’s the perimeter now right and now maybe the identity is the perimeter because now you’re not even controlling the endpoints necessarily yeah I mean when you don’t control the endpoint right and and this
11:33
brings up a great question from our audience let’s go in I think this might be the earliest I’ve ever brought in an audience question but I see a lot of comments and and and contribution here so let’s pick on Roger for this one um why are we seeing why are we seeing more attacks related to
11:51
identities you know that’s a great question and I think a lot of it is tied to again the the I I saw some stat it was like the average the average company has over over a hundred SAS apps for every you know 100 employees or something after a certain point so like the the average company that has you
12:15
know 10,000 employees they have over a thousand SAS apps whether they know about them or not so they’re they have SAS permissions issues they’re overprivileged SAS posture manag the whole space and then on top of that from my time back in more threat actor focused uh space you MFA bypass used to
12:36
be something that only like nation states would do and now it’s trivial where you don’t have to be one of the top crime Rings you don’t have to be an a you’re not being tracked by Mandy and crowd strike to to do MFA bypass the right the right vising or fishing you know call the right help desk
12:56
person and all of a sudden people who who previously would have been relegated to the lower levels of e crime are now suddenly able to do these things because we’ve expanded the perimeter of where our precious information and identity Pro you provisioning is actually being
13:15
handled yeah I mean you bring up something I think where we might need to drill a little bit more on it because I think you know SAS as an example is a huge Factor right and most s today is managed in one of three ways I believe right direct signin SSO or some sort of token
13:42
right but then most businesses today’s critical operations and data isn’t sitting anywhere but your SAS application if you’re on Salesforce guess what Salesforce is folks it’s sass what’s in Salesforce what’s in your Erp system most Erp systems today are encouraging people to move to the move
14:02
SAS right they’re saying hey you don’t need to install one of our servers in your in your office just use our Cloud product it doesn’t matter where your people are right so what kind of obstacles do you see as as a field C reveal with customers that are trying to do secure SAS adoption yeah
14:22
that’s man you know we we were talking with an insurance company where they’re being pushed by their claim software provider to to put everything in SAS as well that’s my data that’s your data that’s not necessarily just their IP it’s RPI I think that one of the biggest challenges
14:43
especially on the SAS side is every different SAS vendor has their own version of a shared responsibility model they all have different knobs you can turn and different knobs they’ll turn for you on both both access control permissions audit logs detection capabilities if you’re using something
15:07
like Salesforce one of their um best practices is to turn on the audit logging which they do charge you more for and that implies that you’re going to do something with it I don’t know what you would do with you know without something like it like reveal security because you know we’re
15:26
cyber Security Experts we’re not experts in every different l a business we don’t know how to write known good known bad from a a process perspective I don’t know what sales people do yeah I mean and and I think that’s by the way I think that’s one of the disconnects that
15:41
cyber security has right yeah in general um is is our sometimes we’re very very disconnected from the business and that leads to creating opportunities for our adversaries to gain access to environments that otherwise they wouldn’t right and and this will go back
16:00
to my example of Pam earlier not only is it hard to implement but if you don’t understand how privileged users need to have access to an environment and what they can or can’t do what they can push or can’t push and can you restrict that and if you restrict it how well is it
16:16
right can you restrict it to the point where you’re actually mitigating risk or are you adding an annoying step that does nothing but create smoke and mirrors around security and if you do that they’re just not gonna do it but people will find a workaround they always do right we have we have a term
16:33
for that it used to be called Shadow it now we call it Shadow process right yeah yeah this term is trademark this term trademark James right Shadow process right yeah but Shadow process Adam is real right it’s it’s it’s it’s 100% real so so we we actually have a a
16:54
an interesting question here from from someone in the audience and before we get to that question though I kind of want to really quick look at you ask you an additional kind of followup to the SAS question should SAS providers be on the hook for having weak authentication and identity management
17:18
systems I mean they should you know the the real issue is if you if you go and you tell OCTA hey you’re responsible for this person getting in with these with these creds and being a super admin doing super admin things I think they would rightfully say look they authenticated our job is to open and
17:43
close this gate it’s not to so so Isa is is OCTA the right examp let’s talk about for example assaa or Salesforce or HubSpot or any one of those right could they be on the hook for potentially having weak authentication meth methods for maybe not adopting a stricter approach to to to credential
18:05
management I’d argue that the the challenge is is is I think that they they could do more but I think I think the real challenge is beyond the scope of any single application like for example if I you know authenticate using your credentials in Azure ad and then I use that token to then go
18:28
and do something in a tertiary application like a Salesforce Salesforce doesn’t know that I’m impersonating you sales force sees your token you know Azure ad doesn’t see doesn’t know anything’s necessarily wrong because you know there’s no rule saying oh James Can Only log in from
18:50
this time at this place given the distributed Workforce Now and Co and everything else you’d have to manage by exception and it’d be an absolute mess some of our customers told us that they before they start using Ral security they ended up with 40 if if if else
19:04
conditions inside a bunch of their rules because originally their rules were were written when their Workforce worked in the office preco and then suddenly all their rules were predicated upon no one being you know N9 to5 in this location that kind of thing and suddenly it all
19:21
broke and then I wouldn’t even know what to ask a company like Salesforce who has to know your processes in order to create what’s what’s a known good or a known bad I mean known bad I think that everyone should be on the hook for for you know having a prevention and
19:38
detection strategy and known bad for their applications but the real challenge is there’s no there’s nothing there’s no any certain action that’s wrong or bad in an application if they did if there was they wouldn’t have put it in there has to be some legitimate use case for it and I don’t know how
19:55
they would necessarily know that it was being used legitimately so so a question from uh uh from Anish is what’s what’s the solution for this what’s the way to mitigate all the risks we’ve talked about in identities so you know the the real solution I think you know 10 plus years
20:20
ago UA tried to solve this when it tried to identify what behavioral baselines but I think that we can all agree that the last 10 years years or so UA’s you know categorically failed to make good on that on that promise so what reveal security does is not look at individual
20:40
actions and then create risk score based on individual actions reveal security we have a patent on a technology called user Journey analytics user Journey analytics is really looking at what what James does in applications and across applications what did James’s peers do
20:59
in those applications and then really try to figure out what’s typical in an environment and then alert on the anomalies and because everything we’re doing is is post authentication you’re only going to have a handful of of options when you get you know an alert or an anomaly it’s going to be oh that
21:17
wasn’t me account takeover James as creds were compromised okay now we have an instant to go work we know how to do that we can go handle it oh James was being lazy today and for convenience used a break glass account he shouldn’t be using Shadow process compliance
21:33
issues that kind of thing or James got upset today got a bad review and decided that I’m just GNA start selling company IP or something and those are really it because everything’s authenticated right you’re you’re talking about post-authentication detection and response AKA application
21:52
detection and response something you and I have talked about as we were get were getting ready for this webinar which I which I you know I see um a lot of benefit to that FYI um and and I approach application detection and response and and everyone I see some of the comments here by the
22:13
way from some of our audience another acronym right because we’ve got EDR and ndr and MDR and xdr right and and and and then uh Cloud security uh Cloud detection and response right and you know and and and and and all of these you know I think we we uh cyber Security
22:33
Professionals like the government love to come up with acronyms um of course uh and and and and multiple names for Stuff um but application detection and response works at the application Level rather than the network or endpoint level and that’s the key difference am I
22:50
am I kind of summarizing application detection and response correctly yeah I mean if you think about application detection and response it’s it’s layer seven layer eight right we’re looking at the application layer itself because when it comes to something like uh a sass applica
23:09
Salesforce maybe you can do some of the ndr type things based on the infrastructure components but the reality is as more and more of the applications have come out of the environment that the company owns they’re getting less and less visibility into the infrastructure and less of it
23:27
matters it’s really the data and the actions taken inside of those applications and it’s also you know the the idea that all of those other things are still rules based either they they they create some single Baseline like you know how many emails you’re going to send today but you know
23:50
we’re not looking at things like that for example we actually have a customer where we found a call center employee was selling his access and the person the the crime group actually I don’t if he was selling it he was leveraged in some capacity uh and the crime group
24:05
basically told him whenever you get a tofa thing after you go home forward it to us and we’ll take it from there you don’t need to worry about anything thank you right and then it here’s your money or whatever it was and we found the guy because what they would do is they would
24:20
log in after he went home from the same geography so it’s not you could use a rule for a geography or impossible travel type thing they’ log in from the same iography and then they would look at every email that he got that day and read them one by one looking for customer financial information the
24:36
reason that we were able to detect this is because no sane human being sits there and reads all of their email in one sitting sequentially like that so we cre an anomaly no they do not right um but the the challenge is you know when you look at these volumetric type statistical
24:57
rules that all these other kinds of technologies have it may trigger on oh James sent too many emails today or whatever and and the question is who’s to say what’s too many you look at Salesforce if I’m running a looking at a whole bunch of dashboards is that Recon or is that a
25:15
sales professional managing a team that is the end of the quarter and has a bunch of dashboards open auto refreshing all there I don’t know but you can identify the patterns what’s normal and understand the different profiles and peer groups grp of of how different people use the applications in
25:31
environments so so let me ask you this question because it’s it’s actually multiple people here in the Q&A part in the Q&A section of asked this so let’s say I Implement an ADR solution and I’m summarizing some of these questions so this is you know Tomas and and and John
25:49
and and a few other people that have asked this question here and then I see a few more and they’re all kind of thinking the same same process great now I get more detection and response which which means we’re adding more work for our sock right we’re adding another alert to a
26:05
place that gets so many alerts a day you know we’re trying to get AI to manage it you don’t want more Source types in your sim what’s the problem you know I would love to have more Source types in my sim you want to have good source types in your sim you also want to have Telemetry right so so
26:23
how does how does this kind of fit in to an overall you know kind of sock approach to security to you know that that Sim approach so our goal is to be the highest Fidelity input to a sock everything that we surface we want to be worth looking into we can’t promise it’s
26:42
bad it could be like I said before compliance negligence convenience but everything should be worth looking into that we raise and that comes from again us not looking at individual actions and saying it’s risky for example one of my friends was implementing a ubaa took him over two
27:02
years they gave up because he would come up with admins that had a risk score of 13,000 he’d go to the vendor and say what do I do with this what’s it even out of and their response was basically oh yeah you should just exclude the admins because they basically thought
27:20
that you know if you as an admin in organization exclud your highest risk user how this connect yeah no but thing is if if if you being an admin in your organization are adding more admins to to your your you know ad infrastructure or something great that’s probably part of your job if I’m doing
27:41
it using your creds that that’s a problem so really the idea is that we want to give you the highest Fidelity alerts and to give you just some like quick examples of some numbers we have um one of the largest Hospital Systems in the country they gave us I think it was like over two billion logs from
27:58
Microsoft 365 and they were like 120,000 users and in a three-month period we gave them maybe five alerts a week to look at whereas previously with you know Microsoft depended for apps and mcass they were gain 600 a month which was just they just didn’t look at them a
28:15
threat engineering team that’s not that’s not manageable right it’s not absolutely not you can’t manage it because I think most people don’t understand you know I know a lot of people watching us now understand this right this isn’t a Hollywood movie where you know in 10 seconds you can bunch a
28:35
bunch of keys on your keyboard and go I just saved the world from a nuclear more hands on more Hands On The One keyboard makes it work faster yeah apparently so apparently when you write code if you have five hands on there it’s kind of like playing the piano you you play the song Faster right um but
28:51
but that’s not the case um you create at ofune stuff um which which is which is definitely uh true and real I know we’re we’re at 29 minutes we’re almost at 30 minutes y’all we appreciate I know that some of y’all may have to draw but please stick with us we’ve got maybe 10
29:07
more minutes I think we’ve got just a few more points we’ like to share with yall here yeah so and and they’re really really good so if you can stay with us for 10 more minutes please do um this is really a a fascinating discussion here and no PowerPoint again it’s lovely um I
29:25
haven’t been this happy in a very long time you you look you look jazzed I I I I I enjoy these conversations without a PowerPoint I’m not gonna lie yeah same I I think you know PowerPoints are great when you’re trying to kind of get across a a visualized message but uh at the end
29:43
of the day we’re two you know professionals here having a awesome conversation and and by the way by the comments and and questions I’m seeing I think people are are loving it as well um you know so he talked about reducing these alerts right and you talked about kind of taking all that data and
29:60
processing that data comparing it to Microsoft tools which which I think is really really important right that there’s there’s there’s stuff to that that that really comes into play but when when we look at you know our audience and kind of how ADR fits in an Insider threat
30:20
program right because what you kind of talked about is understanding user Behavior so ADR gives me better insights into user Behavior analytics right because it’s looking for real anomalies and we all know user Behavior analytics as you clearly indicated in so many
30:36
great examples one it’s it’s almost like Pam it’s hard to implement doesn’t have a baseline can’t really write good policies about it takes anomalies when they happen and creates a standard out of them rather than highlight them as as an anomaly it create and I’ve seen a lot
30:52
of uas make anomalies into normal behavior right yeah which is why you know a lot of times a c I change my metrics uh constantly in those kinds of tools because that’s the only way you you can kind of look at it but how does ADR support an Insider threat program yeah it’s a good question I mean
31:11
if you think about it going back to you know what what are the the the the tenants of a good inside threat program one of them is you don’t impact business you want to make sure that you’re enabling business while still protecting the company so the challenge is you can’t just put a bunch of brick
31:32
walls in front of everybody so what you need to do is do probably more on the the detection side than the prevention side at least now with how Technologies changed and how the infrastructure has changed so you gotta look at all your different you know your threat vectors
31:47
assess the the impact of the risks and then something like like ADR you can use to find these Insider threats where you have all these applications and you goingon to have to write all these rules about the things but again going back to us being cyber Security Experts not
32:03
business process experts the likelihood of us getting time with the people who actually really know the line of business and what good looks like and that Good’s not going to change is is very unlikely what we really need to do is figure out and and kind of into it what normal looks like
32:22
in the business so that we can understand what abnormal looks like and so this is where you know user Journey analytics and ADR come in because we’re basically giving you the ability to implement a monitoring and auditing mechanism to track user activities and Journeys through applications with
32:39
sensitive data and critical systems without having to create a bunch of rules create a bunch of noise tune everything like for example one of the um ubaa vendors is really proud of the fact that they’ve got over 2,000 rules and 75 of these volume metric models to
32:58
me if I was run managing a sock I’d be horrified because to me that’s over 2,000 rules I have to now tweak or tune or modify or disable and a whole bunch of rules I’m now G have to like you’re saying go and change all the metrics on you know really what we’re trying to
33:13
provide is a very accurate way to find anomalous behaviors inside your environment and that also ties into threat hunting think about threat Hunters you know we’re now giving you the ability to have more Search terms that are relevant to your organization that are not just I read a blog post I
33:31
found some PO Code let me try to see if I can you know find that now we’re looking at more of here are some of the actual actions and people that were involved in this anomalous activity you can now go and based on that as well yeah I mean you’re you’re really given
33:48
actionable intelligence to people to go out and look at it number two you’re establishing a baseline based on role which is significant because you don’t want to because user behavior is is similar but it but it’s really separated by role right accountants access different parts and look at different
34:07
accounts payable look at something different from accounts receivable right um your sales guys looks something different than marketing your your software Engineers look at something different than you know your your Hardware developers or or your infrastructure Engineers like these
34:24
these and and you want to be able and and when we talk security you know security has a lot of disciplines but one of the disciplines is is actually understanding what every role is so you can actually cater to that role and if you don’t understand how that person interacts with the different
34:39
applications they use and you won’t be able to recognize anomaly and especially by the way for a lot of you I see you talking about database data science and and all of that this is huge there because they’re constantly downloading and mov moving data they’re constantly
34:59
breaking things down they’re constantly dealing with large amounts of data which pose the greatest risk for the organization right I mean there’s a reason why data scientists and and and and data analytics folks are a number one target for people who are looking to
35:15
steal data and gain insights so being able to have a tool like an ADR for them is is is significant because those anomalies are so little that only some that’s really looking at it at a role-based scenario can actually identify those anomalies because otherwise a gig of
35:36
data here a gig to data there makes no difference hell 10 gigs of data to here or there won’t make a difference I mean look at look at the um um um what’s it called the breach that happened at uh Henry sh shine uh just a few weeks ago right right 35 terabytes of data they exfiltrated 35 terab
35:59
terabytes not one alert yeah I mean 35 terab it’s nuts it’s nuts I mean and and this kind of goes into it’s actually even more complicated than just by rooll I mean think about this you know in your you know day-to-day do you do the same stuff every day no no so we actually look at
36:20
it it’s even more we do peer grouping and so like we actually have a many to many relationship on you and and profiles so for example you and I could actually share profiles for some of the applications is we do some of the things enough the way that I like to think about it and it’s going to
36:38
sound corny so I’m sorry but you go to a grocery store it give you my credit card my shopping list you’re not gonna do it the same way I am and what’s and so we have you know I go to the store by my house I park in roughly the same part of the parking lot but then I have maybe
36:54
four or five different name branches or profil through the store minor deviations here and there you know but if you look at a camera in the store looking down for six months you’ll see there’s a bunch of natural pattern some people are starting to share and think
37:09
about this way that company they spent a lot of money on optimizing that store get the most money out of my pocket so there’s internal things that kind of control our Journeys but there’s also these external things in the application world the external things are your business
37:23
processes and so you have some role-based profiles that will emerge but then you also going to have several yourself as well um Adam we’re almost at time here we’ve got a just about uh two minutes left let me ask you this because this has been so fascinating we can keep
37:39
going for another hour um what are one or two practical things you’d like member of the audience to take out of today’s conversation and webinar the first thing is knowing what logs you actually even have and don’t have for every application service because like I said without the logs you
37:60
don’t know what’s going on and you have to assume breach and the other thing is I would say disallowing SMS and push notification based MFA and requiring explicit entry from trusted you know trusted code devices because almost all these breaches that we’ve seen have
38:15
involved either Sim swapping or some other thing that allowed someone to bypass MFA which like I said is everywhere now those are those are my two big things focusing on the application space and getting rid of phone based or SMS based push I one I agree with that this allow
38:35
SMS and and push based MFA unless it’s an app based push notification I mean OCTA push Spas notifications are how Uber got but but but through their app right so true through through their app um it’s it’s it becomes harder to uh to to to to copy and out but we’ll have to keep that for
39:00
another webinar right because we’re almost at time and I want to be mindful of that but I I I completely agree this allow SMS MFA right off the bat uh that’s one of the smartest things one can do yeah it really is identity is the new perimeter and and I think the more
39:16
people understand that the better it becomes absolutely I want to say thank you to Adam and the team at reveal security for all their support and bringing this amazing webinar to our awesome audience thank you so much Adam for taking time to be with us today and thank you to the team at reveal for
39:31
being part of The Hacker News webinar series I really appreciate it thank you James this been awesome awesome audience really appreciate the conversation awesome well for everyone tuning in here thank you so much for taking time to be with us today really do appreciate it um
39:46 – I believe this is our last webinar for 2023 so with that being said we hope to see y’all in 2024 with a whole new set of webinars and in this time period if there’s any topics you want to see here on The Hacker News webinar series please let us know you can go to The Hacker News uh
40:02 – webinar uh thehackernews.co weinar and find all the latest greatest this webinar can be found on demand later on as well so don’t miss that Adam on behalf of myself and the team at The Hacker News and on behalf of the awesome team behind reveal security thank you all for being here today have a greatadd a notejump to
