84: IGEL Weekly: Digital Thinking: Don’t Forget the Endpoint in Your Ransomware Defense and Recovery Strategy

Sep 8, 2023

From pension funds to healthcare providers, ransomware is still finding plenty of victims. After a post-pandemic drop, the rate of ransomware is accelerating. Two groups getting attention are CIOp and BlackCat (ALPHV). Cl0p’s MOVEit Transfer hack to date has affected 15 million people and 121 organizations, including two large pension funds, CalPERS and CalSTRS. BlackCat (ALPHV), skilled at exfiltration, threatened to leak photos and sensitive data of a plastic surgeon’s patients and, according to a Check Point report, previously leaked patients’ photos and medical records after an attack against American healthcare provider LVHN earlier this year.

Host: Andy Whiteside
Co-host: Chris Feeney
Guest: Jason Mafera

WEBVTT

1
00:00:02.300 –> 00:00:13.429
Andy Whiteside: Oh, well, welcome to episode 84 of I Joel weekly every host Andy White side we got got Chris Feeney with me and Jason. Oh, told you I was gonna mess it up

2
00:00:13.490 –> 00:00:14.550
Andy Whiteside: Leferra.

3
00:00:15.050 –> 00:00:17.140
Jason Mafera: You got it.

4
00:00:17.280 –> 00:00:34.939
Chris Feeney: I practice it 3 times in my head before we hit record. And then I turned around and had to do it again. Guys, thanks thanks for joining. It’s day after Labor Day. So it’s kind of it was kind of a mess in my world. How about you guys, Chris? How’s it going digging out from the pile, man? I tried to let it all

5
00:00:35.070 –> 00:00:40.540
Chris Feeney: get away and and get away from the war the working world there for the weekend. But

6
00:00:40.770 –> 00:00:43.699
Chris Feeney: reality hits on a Tuesday after labor day. So

7
00:00:43.760 –> 00:00:52.279
Chris Feeney: but it’s going well, I mean, a lot’s happened this summer. Excited about entering the fall, the change of seasons. I mean, you got football going on. It’s

8
00:00:52.430 –> 00:00:53.670
Chris Feeney: so, you know.

9
00:00:53.990 –> 00:01:13.010
Andy Whiteside: it’s kind of crazy, you know, with the role this summer and the way they acted around the gladiator sports. And we do the same thing around American football. I’m sure the rest of the world does it around. You know, football soccer? But it it really does give you something we can mostly all come together on

10
00:01:13.030 –> 00:01:23.340
Andy Whiteside: even if you don’t know a whole lot about the sport. My my wife! We were at a football game the day my son’s playing, and somebody fumbled, and she asked how many points that was worth, and I was like, oh, my goodness, we’ve been going to games all these years, and

11
00:01:23.610 –> 00:01:28.150
Andy Whiteside: just no clue. But at the same time she’s still excited every year for football season. So it’s

12
00:01:28.320 –> 00:01:32.480
Andy Whiteside: it’s kind of kind of interesting to watch Jason. Are you a American football fan or not?

13
00:01:33.570 –> 00:01:44.990
Jason Mafera: Absolutely. But now more getting into soccer. So I’ve got a 9 year old who is just all the time fifa everything all the time. So I’m I’m catching up quickly

14
00:01:45.080 –> 00:01:48.490
Jason Mafera: all of my my European football.

15
00:01:48.680 –> 00:01:57.440
Andy Whiteside: It’s gonna be interesting to watch how the next generation or 2 gravitates towards American football or away from it.

16
00:01:57.950 –> 00:02:10.309
Chris Feeney: It’s gonna be an interesting dynamic in our world and our economy. Certainly us. You know what’s interesting. As far as that goes. We woke up. I don’t know. For for years we always had, like, you know.

17
00:02:10.370 –> 00:02:18.709
Chris Feeney: Saturday morning we’re watching Espn game day Friday. I find out that spectrum and E. And Disney are having a feud

18
00:02:18.780 –> 00:02:26.530
Chris Feeney: about pricing and and no longer not only Espn and all the other related channels, but ABC, so

19
00:02:27.040 –> 00:02:36.679
Chris Feeney: we ended up. I mean, this is where technology is going to the point where. hey? Spectrum? I’m probably going to drop your inner cable and just do streaming. I’ll take your Internet, though.

20
00:02:36.940 –> 00:02:44.399
Chris Feeney: Or Google fiber, whatever. But that’s we’re seeing seem to be going because we ended up just using

21
00:02:44.970 –> 00:02:52.140
Chris Feeney: my wife, we kinda air air pet or airplayed it to the TV and watched it that way. Just so we could have some of that.

22
00:02:52.210 –> 00:02:54.529
Chris Feeney: It’s amazing, like, I mean, I can’t imagine

23
00:02:55.000 –> 00:03:05.410
Chris Feeney: all the craziness behind the economics here of that. But things are definitely changing. Yeah. So I’m gonna tie that back to the blog for the day. And then we’re gonna go back to Jason, but in that scenario

24
00:03:05.650 –> 00:03:08.650
Andy Whiteside: did a robust, capable.

25
00:03:09.210 –> 00:03:12.530
Andy Whiteside: secure all those things in point matter?

26
00:03:12.940 –> 00:03:21.840
Chris Feeney: Yeah, it was to the point where, certainly functional and usable.

27
00:03:21.910 –> 00:03:25.040
Chris Feeney: But it was more like, Hey.

28
00:03:25.070 –> 00:03:40.529
Chris Feeney: we wanted to watch this thing. What options do we have, you know, but because you had a very capable endpoint in points, probably plural scenario. You were able to get it done versus the old days when you had a box, a TV plugged into a K coax cable into a cable modem.

29
00:03:40.530 –> 00:04:08.780
Andy Whiteside: or you were locked in like you couldn’t do anything. But whatever the local cable company was, yeah, that big, ugly dish on the side of your house, which a lot of us did. True, it’s a before streaming. There would have been no option other than we probably been marching outside with signs, and are, you know, protesting whatever like, put it back on the TV or whatever. But there are options now. So II grew up in a household with the the Betamax. Not Vhs. But Betamax cause my dad had to have the best of everything, no matter what the rest of world was doing.

30
00:04:09.080 –> 00:04:24.510
Andy Whiteside: And then I also grew up in a world where I had that that 12 inch, that 12 foot satellite dish in the backyard, that I was out there holding up, saying, Is it better? Is it worse? Is it better or worse, and tightening it down? We we used to have to work really hard to overcome the scenario you just pointed out.

31
00:04:24.590 –> 00:04:32.039
Andy Whiteside: Now, it’s a very doable even on the fly, because of the Internet and the world, Wide Web and all the apps available on it.

32
00:04:32.510 –> 00:04:36.920
Chris Feeney: Yeah, I mean, security Review in terms of options

33
00:04:37.360 –> 00:04:52.070
Chris Feeney: which we we end up looking at Youtube. TV. I haven’t signed up for it yet, but but certainly when we looked at what was available and how much it costs, and like, you know what? It’s pretty much the same as we’re paying for cable. So bump the Internet up what? So we may end up going that route. But

34
00:04:52.440 –> 00:04:58.329
Andy Whiteside: so let’s come back to that in a minute. Jason. First time on the podcast I think, what the, what’s your role at? I Joe.

35
00:04:59.320 –> 00:05:03.180
Jason Mafera: So I’m Joe, I am the field CTO for North America.

36
00:05:03.700 –> 00:05:05.620
Andy Whiteside: Okay, what’s that mean?

37
00:05:06.570 –> 00:05:25.829
Jason Mafera: So that means that I spend my time looking at not only where we’re going and the strategy for the future, it as part of the office of the CTO. But also working directly with our partners and customers. To really kind of, you know, drive the current technology to its.

38
00:05:25.880 –> 00:05:55.080
Jason Mafera: I guess maximum value while we’re always looking at. Where do we need to go? Right? So I spend a lot of my time doing that most recently, it’s really been focused around healthcare for us as a vertical with some of the new work that we’ve been doing at the endpoint with some of our partners to continue to expand the types of workflows and specific capabilities we can deliver in in that vertical. But really, yeah, looking at

39
00:05:55.730 –> 00:06:11.850
Andy Whiteside: all the areas across. All the different usage scenario. I have 2 topics for you, one before we get into the blog they’ll both tie back. I love the fact. You said your job as Field CTO is to be engaged with your customers.

40
00:06:11.850 –> 00:06:36.850
Andy Whiteside: partners, and your own internal employees. I’ve started using that for a measurement in my CTO roles here. It’s Integrra, what impact are you having directly on our customers? First and foremost. And that’s that’s how I’m starting to measure. CTO, CTO shouldn’t sit in a box and come up with net. New technical ideas. They can. They should. But they also should be very, very much in front of partners and customers and have an impact on them

41
00:06:37.580 –> 00:06:53.939
Jason Mafera: absolutely. And you know, looking at where things are going. Look at how the markets evolving that sort of stuff. But I find that you know E, especially as a technology supplier and a vendor, you know, being able to look at the landscape of what’s out there.

42
00:06:54.180 –> 00:07:09.610
Jason Mafera: There isn’t any need to reinvent the wheel right? There’s lots of great technology that serve specific purposes, and the more that we can find those unique values and put them together into an overall offering, you know, the more value we can deliver to our customers. So

43
00:07:09.620 –> 00:07:19.280
Jason Mafera: you know, that’s that’s also a big part of it. Looking at, you know. Where can we, partner? Where can we extend capabilities? It’s not always about just building things. And

44
00:07:19.300 –> 00:07:25.570
Jason Mafera: you know, having the the latest and greatest innovations. That’s just a a small part of it. Honestly.

45
00:07:25.700 –> 00:07:26.470
Andy Whiteside: oh.

46
00:07:26.590 –> 00:07:44.740
Andy Whiteside: absolutely 100% agree. The other thing I want to bring up with you is II have struggled at Zintigra just like, I think ideal has struggled every customer out. There is an addressable customer for you guys, because you enable the access to this content these apps

47
00:07:44.740 –> 00:07:59.190
Andy Whiteside: without having to be windows. And I love windows. But yeah. Windows is probably the most vulnerable thing in our world, as far as being hit by Malware ransomware. You name it and and I’ve hearing from idol over and over again that you guys wanna still be

48
00:07:59.340 –> 00:08:20.530
Andy Whiteside: a lot of things to a lot of people. But you’re also gonna focus on verticals as you move forward a little bit healthcare being one of those, can you? Kinda can you kinda help tell that story kind of briefly, before we jump into the blog. I’m struggling because we’re starting to be all things to all people still. And I think you’re gonna keep doing that. But you guys are kind of going more vertical industry focus. Is that is that true statement.

49
00:08:21.290 –> 00:08:38.819
Jason Mafera: you know, over the past few months we’ve started to look at how we can continue to focus on specific areas. So we can do a really good job for the workflows. And you know, value that we’re adding in those areas. And it really boils down to kind of 5 areas for us right now.

50
00:08:38.820 –> 00:08:53.460
Jason Mafera: Healthcare is obviously kind of on the top of the list. We’re we’re very successful there. And we’ve got a lot of new things that we’re doing in that area. But beyond that, it’s the government area. So we’re looking at both

51
00:08:53.500 –> 00:08:57.700
Jason Mafera: Federal Government at the Us level and across

52
00:08:57.770 –> 00:08:59.450
Jason Mafera: various.

53
00:09:07.950 –> 00:09:10.029
Andy Whiteside: she said. Here, Gov.

54
00:09:10.060 –> 00:09:30.189
Jason Mafera: Gov, and then as we continue to expand out. It really comes down to financial services, and that, you know, has a bunch of categories for us, and then retail and manufacturing are really the places that we’re focused. We’ve been pretty successful in those areas. And really, anywhere

55
00:09:30.190 –> 00:09:46.169
Jason Mafera: that you know, there’s a requirement for a lighter way, more secure endpoint operating system that connects you to all these things. You know whether they’re virtualized resources, saas, resources, etc. Especially when those

56
00:09:46.230 –> 00:09:49.320
Jason Mafera: devices and endpoints are distributed.

57
00:09:49.330 –> 00:10:10.420
Jason Mafera: So if they’re not within the 4 walls, which tends to be more and more common with hybrid work, and the way that that’s evolved being able to fully manage and secure those in a kind of a new way that removes a lot of the heavy lift. A lot of the additional components that are layered together to try and deliver that security profile.

58
00:10:10.420 –> 00:10:20.650
Jason Mafera: We can do that, you know, much more cost effectively with what we’re delivering. But again, it’s really about those 5 areas of the market that we’re focused on now to allow us to really.

59
00:10:20.650 –> 00:10:31.670
Jason Mafera: you know, provide the best capabilities and the best workflows and the best security for those specific you know, verticals and use cases that are required there.

60
00:10:31.760 –> 00:10:51.850
Andy Whiteside: And so you wrote the blog we’re reviewing today. The title of it is digital thinking, don’t forget the endpoint in your ransomware defense and recovery strategy. Yeah, that’s a massive no brainer. It should be top of mind. That’s where the bad stuff typically comes in. That’s where the the things get attacked. And you’re going to need that in order to move forward with what happens next in your incident? Response. Chris.

61
00:10:51.850 –> 00:11:03.900
Andy Whiteside: Well, one comment. I’ll just make this comment for us that the industry uses mentioned healthcare Gov. Fit sled, financial retail and manufacturing. This logic applies there as well as every other industry on the market, doesn’t it?

62
00:11:04.080 –> 00:11:06.069
Chris Feeney: Absolutely? Yeah. I mean.

63
00:11:06.710 –> 00:11:20.880
Chris Feeney: well, anything about I mean any any, for I jail anywhere. That’s an bit device is being used to access these digital workspaces. We often talk about. Those are target markets. But there’s something specific about

64
00:11:20.950 –> 00:11:31.250
Chris Feeney: where we’ve been able to penetrate and have success. And so that’s why we’re hounding in on those. But there’s plenty of others outside of that. We haven’t really talked about like

65
00:11:32.000 –> 00:11:51.449
Chris Feeney: education or whatever like that, I mean. certainly Google has a clamp on that market in a lot of places, but not without their own challenges. And so but yeah, those those are the things. But yeah, any anywhere. We’re from an agile perspective that that x 86, 64 device can be used.

66
00:11:51.790 –> 00:12:15.940
Andy Whiteside: We can help lock it down and secure it. For all the reasons that Jason just talked about a minute ago. So, Chris, this is so 2 2 part question for you, and then we’ll jump in. Let Jason kind of tackle some of the the pieces of the blog. This is part of what you guys are calling. The blog is part of the end point of View series on digital Workspace from the ideal CTO. I guess, Jason, you’re probably best to answer that. What is the overall series about

67
00:12:17.290 –> 00:12:27.120
Jason Mafera: the series is really about highlighting and focusing on some of the areas that maybe don’t get the most.

68
00:12:27.360 –> 00:12:47.540
Jason Mafera: I don’t know, I guess, call it visibility across what we’re doing and how we think that you know the the operating system that we’re delivering for these Edge workspaces are is really kind of the next generation of where things are going. We see a lot of trend towards centralizing windows, infrastructure

69
00:12:47.750 –> 00:12:55.259
Jason Mafera: whether it be desktop app delivery, etc. And as that trend continues, we believe that you know you need.

70
00:12:55.470 –> 00:13:17.599
Jason Mafera: You need to rethink what you’re doing at the endpoint. Now that you know Windows is moving away from being at the edge. How do you? You know? Better protect that edge device? And you know we have a lot of customers. That is, they’re looking at, you know whether it be transitioning into a citrix or Vmware delivery platform or Microsoft delivery platform.

71
00:13:17.810 –> 00:13:35.310
Jason Mafera: Really? What? What do they? What do they do from the edge? Because connecting to windows from windows doesn’t necessarily make a lot of sense when you’re overlaying all the security tools and threat visibility and those sorts of components that you need. So it makes a lot of sense to move in that centralized direction.

72
00:13:35.370 –> 00:13:46.360
Jason Mafera: And now, so we, you know, our series that is coming out is really all focused around, how we can help with that transition, and how we can deliver better security and better value

73
00:13:46.370 –> 00:14:00.639
Andy Whiteside: to that endpoint device. So, Jason, I have a favorite one of my Andi isms with Comrade here, and that is the you wouldn’t get in a car to drive to meet a Uber somewhere unless it was really odd circumstances you shouldn’t get in windows to go meet windows somewhere.

74
00:14:01.290 –> 00:14:11.759
Andy Whiteside: So, Chris, you picked this blog? So yeah, we’re gonna come back to Jason. Second, I walk through it. But why this? Why this blog? Why did you think this would be a good topic for today?

75
00:14:12.500 –> 00:14:15.280
Chris Feeney: Well, certainly. Kind of highlighting.

76
00:14:15.310 –> 00:14:36.390
Chris Feeney: Some of the things that have happened in the last few months within igl, really and where we’re going and focusing. And this is a a key part of that. You can expect more of these types of blogs, not just part of the series, but one of the things that we recently done is is hired a an old colleague of ours, a friend, James Millington. He’s going to be our

77
00:14:36.560 –> 00:14:55.919
Chris Feeney: Vp. Of the vertical solutions product marketing and a big part of what we’re gonna be doing with the vertical solutions is putting these types of content out there to have that discussion to throw it out. There are a lot of the stuff that you like to do, Andy, and we’ll be able to highlight but as we’ve talked quite a bit about

78
00:14:56.190 –> 00:15:04.270
Chris Feeney:  One of the things that Klaus, our new CEO, is kind of latch onto is really the focus of security at the end. Point.

79
00:15:04.430 –> 00:15:24.449
Chris Feeney: That being sort of the the key value prop that Ijo brings starting. That is your baseline. And then all the other things that you can use to get there. Some of the things we’ve looked at. I know you’ve latched on to that the what’s the browser the one that we’ve been that I met these guys at your kick off or mid year one

80
00:15:24.740 –> 00:15:35.319
Chris Feeney: island Browser Island, I mean just secure browser. I mean, just it’s we’ve talked about this, for it doesn’t have to necessarily come from a virtual desktop. It could be an app. It could be running locally or just.

81
00:15:35.550 –> 00:15:53.750
Chris Feeney: you know. So but that secure endpoint platform, you know, starting there, and you’re already better protected, even with very little configuration on the ideal device from the get go, you can lock it down. As as we’ve talked about before and prior podcast but starting there as your baseline. And then.

82
00:15:54.090 –> 00:16:01.750
Chris Feeney: whatever industry doesn’t necessarily matter, you know, you’re just getting to a workspace and making it user friendly on the endpoint.

83
00:16:01.940 –> 00:16:12.340
Andy Whiteside: So Jason, normally, we we say, Hey, we’ve covered the intro because we’ve covered a lot here, but there’s a lot of there’s something juicy in the middle in this particular intro paragraph.

84
00:16:12.820 –> 00:16:22.879
Andy Whiteside: Can you kind of cover the intro paragraph a little bit, and what some of these call outs to these acronyms and various maybe customers are, and why, they’re part of this blog.

85
00:16:23.930 –> 00:16:35.250
Jason Mafera: So you know, as we, as we put this data together, we always want to make sure that we PIN it back to something that’s real, right that the the world is dealing with. And

86
00:16:35.580 –> 00:16:56.300
Jason Mafera: from this perspective, it’s really all about. You know, we have a lot of ransomware controls. There’s a lot of mitigation, capabilities and technologies that you can put in place. But they’re still not fully solving the problem right? And part of that really comes down to the way attackers are going after devices, and it tends to be.

87
00:16:56.300 –> 00:17:15.909
Jason Mafera: you know, I think of it. As you know, the user edge. Essentially. So the the area between the end user and the stuff that they access. And there’s always a device in between there, right? And that’s where you know whether it’s the device itself and vulnerabilities on the device. Or you know, social engineering that

88
00:17:16.030 –> 00:17:33.770
Jason Mafera: you know these guys go after when it comes to whether it’s malware or ransomware. It really, you know, the model that the endpoints traditionally use today is not ideal right from a privilege and permission perspective from

89
00:17:33.770 –> 00:17:50.909
Jason Mafera: vulnerability, assessment and defense perspective. There’s there’s still challenges there. So you’ve got groups that you look here. And we’re talking about scy Ops and black CAD, right? And they’re essentially, you know, coming up with some of the new ways to.

90
00:17:51.490 –> 00:18:14.799
Jason Mafera: you know, compromise these devices, and, you know, use it as their entry way into the broader organization. You know, in this case there’s a few pension funds that were highlighted, but it really goes across the spectrum of different verticals. Everyone’s really impacted by this. And so, you know, when when we started to put this blog together, it’s really one of my.

91
00:18:15.330 –> 00:18:20.629
Jason Mafera: The pain points, I see, is really around the ability to

92
00:18:20.700 –> 00:18:48.029
Jason Mafera: have this defensible kind of device at the edge. That’s granting all of this access and be able to do a better job in how we protect that device. And it starts for us with, you know, the secure operating system having it be read-only, not having user data be persistent on the device and being able to rapidly recover it. That tends to be the biggest piece. It’s, you know, not that

93
00:18:48.100 –> 00:18:59.920
Jason Mafera: you can necessarily stop every bad thing from happening, but making sure that there’s a plan when these things do happen, you know that there’s rapid recovery, because what we see today with windows, endpoints.

94
00:18:59.930 –> 00:19:03.280
Jason Mafera: If they get compromised and they’re remote.

95
00:19:03.450 –> 00:19:24.709
Jason Mafera: you can. You can be looking at, you know, one to 4 weeks of downtime for that user while they try to recover that device right? In a lot of cases, they’ll need to have it ship back. Someone will physically have to touch it, reimage it, test it, ship it back out, and that presupposes that you know the bad stuff that was moving around is no longer there.

96
00:19:24.710 –> 00:19:55.529
Andy Whiteside: and that’s not always true. Let me you up with this. So I guess 20 years ago that’s hard to believe. It’s been 20 years. But roughly, 20 years ago. most organizations had an external firewall or 2 fronting their environments. We turned on the firewalls at the server level. We started to implement network technologies for east west traffic and our data center. And I think that’s when the the the point you point out here in this first paragraph in the second section, the second section being the endpoint at first line of threat defense.

97
00:19:55.530 –> 00:20:19.089
Andy Whiteside: That’s when the attackers realize, hey, we can’t go for the juicy center anymore. People are on to us. There, let’s go after this edge story, whether it’s edge in the in the office edge, on the land, somewhere, whether it’s edge. And now, with remote work and hybrid work everywhere else, everywhere else, literally. And I think that’s what you’re pointing out. Here is the world is, the world of attackers have moved to the endpoint, and and most companies

98
00:20:19.240 –> 00:20:23.410
Andy Whiteside: have no good idea how to succinctly get a handle on that.

99
00:20:23.890 –> 00:20:29.700
Jason Mafera: Yeah, absolutely. I think you know the the moat and Tower strategy

100
00:20:29.710 –> 00:20:49.239
Jason Mafera: still important. But it doesn’t get the job done the way it did, maybe 20 years ago, right? Because you you still want to get to that data ultimately. But that’s you don’t go after it directly anymore. Right? It’s well protected. It’s well thought out from a disaster. Recovery perspective replicated, etc.

101
00:20:49.290 –> 00:21:01.329
Jason Mafera: It’s really, you know, where’s the where’s the easiest place? And you know, as we went through this and we started to put together the data. It turns out that, you know not only is the endpoint the easiest.

102
00:21:01.370 –> 00:21:06.189
Jason Mafera: but it tends to be a place where you don’t even need a sophisticated attack.

103
00:21:06.350 –> 00:21:17.690
Jason Mafera: because there’s there’s a lot of vulnerability that exists there today, whether it’s the user themselves, or you know, something that you can find to compromise on the device

104
00:21:17.930 –> 00:21:27.690
Andy Whiteside: you thought about. That’s layer 8 layer 8. You can’t fix layer 8. You can try, you can educate. You can do the best you can. You can’t fix Layer 8. You got to mitigate it as much as possible.

105
00:21:28.070 –> 00:21:33.269
Chris Feeney: Yeah. So what’s interesting here is our kids are old enough now, or will be

106
00:21:33.450 –> 00:21:41.760
Chris Feeney: I’m watching my son who’s going into? I’m I can’t. I won’t say where, but he’s he’s got a job in the Fed Government. And one of the things we were talking about this weekend was.

107
00:21:42.780 –> 00:21:45.500
Chris Feeney: he hasn’t been given a laptop

108
00:21:45.610 –> 00:21:57.649
Chris Feeney: to access stuff he he’s using the one he had in college, and he was given a smart card reader to go to a browser and and log in to access some stuff, and he’s he has been issued a a phone.

109
00:21:57.820 –> 00:22:10.799
Chris Feeney: and he just uses that for accessing email and stuff like that on that securely managed device from the Government. But we’ve talked about some of the recent things that have been ex, you know, talked about in terms of

110
00:22:10.840 –> 00:22:21.310
Chris Feeney: some of the hacking that’s occurred you know, with with compromising some stuff. But one of the things that he is on his mind is

111
00:22:21.370 –> 00:22:30.660
Chris Feeney: the end point. The device is, when is he going to get something, you know? Is it gonna be? And I have to like this is the world I live in, son. II have some ideas there for you when you if you wanna talk about them. But

112
00:22:30.810 –> 00:22:32.100
Chris Feeney: but

113
00:22:32.290 –> 00:22:43.870
Chris Feeney: you know the security pod. He’s he’s aware of it. He knows like, but he’s also, you know, sitting there controllers like Golly, Dad, II I’m not sure I trust my device on the end point, you know. So

114
00:22:43.950 –> 00:22:53.549
Chris Feeney: but yeah, I mean, think about all the millions, probably billions at this point of products, solutions that are out there just to try to secure the endpoint in today’s world.

115
00:22:53.820 –> 00:23:10.650
Andy Whiteside: right? And how expensive that is. And and, by the way, and this is totally off topic, but somewhat aligned. People have no idea what they’re paying to secure those endpoints unsuccessfully. It drive up a wall that that’s like the last thing you think about. It might be the most expensive thing you’re doing.

116
00:23:11.320 –> 00:23:17.639
Chris Feeney: That’s a great point. Now you talk about that when we do, our luncheon learns, you know, the actual cost of the endpoint itself per person

117
00:23:17.870 –> 00:23:40.249
Jason Mafera: interesting to go through that exercise to quantify that, because, as I talked to customers, you know, they’ll tell me that they have, you know, 5, 7, 9 different endpoint components that they’ve got deployed, this agent proliferation that happens at the endpoint. And then you’ve got challenges with things interoperating, coexisting, etc.

118
00:23:40.300 –> 00:24:02.929
Andy Whiteside: So definitely a challenge. Yeah. So, Jason, I’m gonna walk you through this paragraph, the one below it, and then the one below that that brings them all together. But look, I know this is extremely important. Igl, this is where most people need to understand. The main thing about Igl is. It’s very usable in this world that we live in. Use your compute. And even without that middleware layer. In many cases, if you’re using sas apps and things like that.

119
00:24:03.030 –> 00:24:25.170
Andy Whiteside: We we don’t need. We don’t need windows, and that’s the most beautiful thing about it, is it ain’t windows I use at all time to say it ain’t windows, that’s what makes it great. But I’m gonna walk you through the section here. So you guys at ideal have a handful of things that you do natively by default that makes it a more secure endpoint. You wanna just lay those out for us real quick, so we can move to the next block next paragraph.

120
00:24:25.620 –> 00:24:51.349
Jason Mafera: Absolutely so. You know, the the operating system itself has been designed from a security perspective right from the ground up, so not only does it make sure that it has a full chain of trust from the hardware all the way up to the application layer, and really, what that means is that you turn on one of these devices, and if anything has been changed, modified, compromise, it either won’t boot.

121
00:24:51.420 –> 00:25:01.589
Jason Mafera: or it will warn you that something has changed, and stop you from getting all the way into your application. So that’s kind of the first line of defense, if you will

122
00:25:01.670 –> 00:25:17.460
Jason Mafera: to make sure that it it hasn’t been compromised in some way. Now, if it has been, there’s also capabilities built in very much like virtualization technologies where you have a gold image, you know that you can refresh from after a while

123
00:25:17.660 –> 00:25:30.049
Jason Mafera: same sort of thing with the iglos that if something is compromised. There are encrypted, protected partitions that you can fall back to. That will get you back to working quickly.

124
00:25:30.080 –> 00:25:50.590
Jason Mafera: to a known good state, if you will. And so, you know, it’s been built around that methodology. And then beyond that, it’s also a read-only operating system which is different than most of the other stuff that’s out there in that, you know, when the system boots up and a user logs in all their information is held in secure memory space.

125
00:25:50.590 –> 00:26:05.020
Jason Mafera: But when they leave the device nothing is left behind. So it’s also trying to make sure that no no data is ever left at the edge that can be compromised where a lot of the, you know, data exfiltration happens.

126
00:26:05.820 –> 00:26:10.459
Andy Whiteside: So so, Jason, 100%, that’s the strategy.

127
00:26:10.470 –> 00:26:11.620
Andy Whiteside: How much

128
00:26:11.630 –> 00:26:29.279
Andy Whiteside: credence would you give the fact that it’s just not windows and the attack, the attack vector or the maybe not the vector but maybe the vector the the people trying to attack it or mitigate it. That’s that’s the whole security through obscurity. Thing which I know is not a strategy. However, it’s probably real.

129
00:26:30.710 –> 00:26:43.859
Jason Mafera: absolutely real. So when we talk about the overall attack surface of the operating system in our latest version. So stuff you’ll hear us talk about as cosmos and OS. 12. These sorts of things.

130
00:26:43.860 –> 00:27:05.430
Jason Mafera: That version of our operating system where different than in the past, where it was kind of a monolithic firmware where everything was built in. That’s no longer the model we’ve taken moving forward. And so now everything is modularized, including the applications that live on top of the operating system. So a citrus receiver client, a vmware client, that sort of stuff.

131
00:27:05.430 –> 00:27:23.189
Jason Mafera: You could actually now further reduce that attack surface by only deploying exactly what that end user needs. So any extra stuff that could lead to some sort of compromise has been removed. So further kind of reducing the overall security

132
00:27:23.220 –> 00:27:33.739
Andy Whiteside: challenges that you can run into. I’d be amazed how many attacks happen on applications that aren’t even really used on a on a windows endpoint because they’re just sitting there vulnerable, and nobody

133
00:27:33.740 –> 00:27:54.259
Andy Whiteside: nobody cares, maybe. No, don’t even know this. There! Let me let me take you to this next paragraph here, because now you you talked about endpoints. Now you’re talking about the cloud delivered workloads and how they factor into this. And then the next paragraph we’re gonna be to bring the 2 together. But what’s your take on the enablement of these delivered workloads versus deployed workloads, and how it fits into the story

134
00:27:55.180 –> 00:28:23.510
Jason Mafera: are equally applicable. And for any given customer. There’s a mixture of these things, without a doubt. Maybe one day it’ll all be cloud based, and we seem to be on that path. But right now. Still, a mixture. And I think you know the security protection around that starts with making sure that you can, you know, strongly identify the user. So the identity and access management pieces are very important to make sure that you know that

135
00:28:23.510 –> 00:28:51.700
Jason Mafera: Chris has an access to application A and B, but not C, and that you can enforce that at the endpoint before you even get to the application layer so really critical to have those controls in place, so that, you know, you could do the best job possible in making sure that the attacker can’t impersonate that user, because that’s where a lot of these attacks come from compromise, credentials, etc. And when you’re not using something like multi factor off

136
00:28:51.700 –> 00:29:13.569
Jason Mafera: now, just the username and password makes it much easier for the attackers to gain access, to impersonate you, and then use your access to do some of the nefarious things that they’re trying to accomplish. II talk to people all the time that don’t have a digital workspace strategy. They don’t have identity access management strategy with multi factor. And then the benefits that come along with single sign-on

137
00:29:14.130 –> 00:29:16.280
Andy Whiteside: it that users the crown jewels.

138
00:29:17.190 –> 00:29:23.419
Andy Whiteside: People are gonna try to exploit that, however, they can, including taking advantage of the endpoint. And that’s where most of it happens these days

139
00:29:23.960 –> 00:29:40.419
Jason Mafera: going back to what we talked about before. Right? The user is the weakest link in that chain in a lot of cases, regardless of how much training there is. So the the better job we can do in programmatically protecting them the better overall the security will be right.

140
00:29:41.070 –> 00:29:43.559
Andy Whiteside: Okay, so did this last paragraph kind of

141
00:29:43.740 –> 00:29:52.200
Andy Whiteside: ties it together by saying, Separate them. But make them work together. I think we’ve kind of covered this, but kind of kind of wrap up this last paragraph for us in this section.

142
00:29:52.660 –> 00:30:18.979
Jason Mafera: Sure. So you know, one of our guiding principles is making sure that data isn’t left around on the endpoint after you’ve accessed your applications, done your work and and kind of disconnected. So when you bring all these things together, it’s really more of a holistic approach from, you know, the authentication authorization of the user all the way to, you know, making sure the device is as

143
00:30:19.060 –> 00:30:43.640
Jason Mafera: attack resistant as possible while delivering access into all these environments. And what we found is that over time, these start to get mixed together right? So it’s really important for us to be able to support a wide range, so that as customers make business decisions and they move from one hosting technology to another, or have distributed apps across platforms that we can bring all that together in a secure way

144
00:30:44.970 –> 00:30:56.609
Andy Whiteside: at at the end of the day. The end user needs a secure, reliable, dependable solution versus what I would think we’ve kind of come up with over all these years, where we have all these disparate systems. That just kind of evolve together.

145
00:30:56.630 –> 00:31:13.640
Andy Whiteside: This is coming at it from an end to end. Solution, perspective that includes security as a as a, as a frontrunner in the thought process. Chris, we had these 3 paragraphs as part of 4 paragraphs as part of the endpoint as first line defense strategy, conversation. What do we miss that you’d want to bring into the conversation.

146
00:31:14.130 –> 00:31:36.150
Chris Feeney: No, I think we covered. I mean it. Really, it’s just a mindset. I mean it. It kinda often is the after thought. In many respects. Getting the data center stuff secured first. But it it really should be. We’re just saying advocate for the upfront, you know. Start there because, there was a point in time. Remember, a couple of years ago.

147
00:31:36.250 –> 00:31:37.870
Chris Feeney: when

148
00:31:38.370 –> 00:31:53.390
Chris Feeney: we were talking with one of our our partners that had a security mitigation practice, and I asked them to say, Do what is getting hit? What are you guys going in to remediate? What is it? Is it the end point, or something else? And then number one was the end point. So

149
00:31:53.430 –> 00:31:56.859
Chris Feeney: just, you know, this is more of a proactive approach.

150
00:31:56.930 –> 00:32:02.769
Chris Feeney: And obviously for me was one of the very first things that came up when I came to Ijo

151
00:32:02.830 –> 00:32:05.199
Chris Feeney: covering Federal. I was in

152
00:32:05.210 –> 00:32:16.059
Chris Feeney: this meeting, surrounded by all these people that were managing the endpoint security apparatus, if you will, the disc encryption pieces, the antivirus, all that they had a ton of questions about

153
00:32:16.110 –> 00:32:22.870
Chris Feeney: what would change, and when they realize they had a chance to test it like, Oh, wow! This actually is a much better

154
00:32:22.950 –> 00:32:27.999
Chris Feeney: situation because that laptop could be stolen. Technically speaking, there’s nothing on the end point

155
00:32:28.140 –> 00:32:31.890
Chris Feeney: that is usable. So

156
00:32:32.010 –> 00:32:35.790
Chris Feeney:  But, anyways. But this is this this

157
00:32:36.710 –> 00:32:58.469
Andy Whiteside: the the Dr. Approach to the rapid recovery. So, Jason, we’ve taught all this about securing and making sure we have a smart, secure solution. I find that a lot of folks are thinking about that a lot, but they don’t think about what they do when it happens, not not if, but when it happens because it will happen.

158
00:32:58.710 –> 00:33:05.540
Andy Whiteside: How does Ijo play a role in that after effects to make that more more?

159
00:33:05.560 –> 00:33:17.420
Jason Mafera: really, 2 different ways, right? And you know, I think there there hasn’t been a lot of specific focus around endpoint. Dr. Right? It sounds like an easy thing to.

160
00:33:18.260 –> 00:33:42.369
Jason Mafera: I don’t know. Resolve or fix after the fact, but it tends to be the thing that keeps organizations down for the longest. They’re able to more quickly recover their centralized infrastructure. And now you’ve got, you know, hundreds or thousands of endpoints that in a lot of cases need to be physically reimaged and touched to, you know, do that

161
00:33:42.370 –> 00:34:06.879
Jason Mafera: disaster recovery at the endpoint. So from an igl perspective, we wanted to make that as easy as possible. So, like I mentioned before, there’s a way to kind of within less than a minute reboot the machine to a known good state if something’s happened to. Now, obviously, if there’s still something in the environment that caused it to happen. To begin with, that needs to be cleaned up first. But

162
00:34:07.000 –> 00:34:32.699
Jason Mafera: you know you have this ability to rapidly recover. Built into the operating system without someone going out, needing to physically touch every machine. Beyond that we have a way that if Igel hasn’t been deployed yet in an environment. And one of these events occurs where you need to recover all the endpoint devices. And we’ve seen this happen over and over again with customers who have run into these ransomware issues

163
00:34:32.969 –> 00:34:58.619
Jason Mafera: that we have what we call a Ut pocket, which is basically the operating system running on a USB flash drive purpose built device that you can actually plug in boot off of it and get back to working within, you know, one to 3 min. Essentially. Now, in that case you still need to touch every device. But it gets you back up and running. And you know, back to business in this

164
00:34:58.810 –> 00:35:00.610
Jason Mafera: rapidly. Yeah.

165
00:35:01.230 –> 00:35:09.310
Jason Mafera: I guess, focused way without needing to spend 1, 2, 3, or 4 weeks or more having to go through that process.

166
00:35:09.420 –> 00:35:14.110
Andy Whiteside: Okay. Chris, any thoughts there, any real world working knowledge of something like that happening.

167
00:35:14.530 –> 00:35:23.109
Chris Feeney: Oh, gosh, yes, I mean, there’ve been several just just in the last year. Just some examples. When

168
00:35:24.380 –> 00:35:31.269
Chris Feeney: I was up in Boston, and we were talking with Jason. At the time. And

169
00:35:31.500 –> 00:35:41.829
Chris Feeney: this is this is right around the time we’re trying to negotiate some new technology with our vendor partner. In bravada

170
00:35:42.160 –> 00:35:57.490
Chris Feeney: that very weak. There was one of our customers that had gotten hit, and they had just bought these Ud pockets, and they were rapidly trying to deploy them into locations that had not yet been compromised. Just to make sure those devices would be protected should that

171
00:35:57.510 –> 00:36:03.120
Chris Feeney: stuff come over and begin taking picking up end points and and compromising them.

172
00:36:03.150 –> 00:36:06.400
Chris Feeney: That’s just one. There’s another one that

173
00:36:06.440 –> 00:36:17.069
Chris Feeney: I think we actually got some actual numbers from the downtime that they occurred with with ransomware where they had not fully deployed Igl in the healthcare setting but they had

174
00:36:17.080 –> 00:36:36.730
Chris Feeney: a mix of windows and igl the windows. Machines did get compromised to the point where they had to bring in the National Guard to help reimage these devices, and they noticed that the Igl devices were still up and running, and they were asking questions about that. You know it’s a real thing. This is not.

175
00:36:37.180 –> 00:36:46.870
Chris Feeney: you know, fake stuff, I mean, I gel being on that end point is way. Better option than having windows on there, regardless of what I mean. End users might be able to get tricked into a lot of different things.

176
00:36:46.950 –> 00:36:50.970
Chris Feeney: But but yeah, real world stuff,

177
00:36:51.040 –> 00:36:52.909
Chris Feeney: and and also again.

178
00:36:53.180 –> 00:36:58.780
if it does get hit, I mean pop in that ud pocket, you’re bypassing the local hard drive. It’s not getting touched.

179
00:36:59.010 –> 00:37:03.180
Chris Feeney: Take the hard drive out. Still. Use the hardware on the device. So

180
00:37:05.060 –> 00:37:23.109
Andy Whiteside: so, so, Jason, this last section says, remember the endpoint had this. Remember the Alamo statement just went through my head as I read that. Bring bring bring us home here and help us understand and help people just reiterate the fact that the endpoint matters. It matters more than ever, and it’s probably been neglected.

181
00:37:23.750 –> 00:37:50.589
Jason Mafera: Yeah, I think that’s exactly it right. When you think about disaster, recovery, and mitigating some of these challenges. Ransomware, malware, one of the biggest places to think about beyond, you know, your centralized computing infrastructure is really, how do you maintain business continuity? If your endpoints are unavailable, that device that’s between the user and the applications they access. If it’s unavailable to them. You know, they’re

182
00:37:50.930 –> 00:38:03.109
Jason Mafera: not able to perform their their duties. They’re not able to work, especially you get into highly regulated industries, and it becomes even more critical. So you know the advice here would be to start looking at

183
00:38:03.740 –> 00:38:07.639
Jason Mafera: what you, what your plans are in the case of

184
00:38:08.180 –> 00:38:28.869
Jason Mafera: a scenario where your endpoint devices have now become unavailable, and they can’t be used by the end user. Wh, what do you do next? And I think we, as Igl, have a solution to help with that. And so you know, that’s that’s what I would put out there. Think about how you’re gonna go through that recovery process. And you know

185
00:38:28.920 –> 00:38:32.489
Jason Mafera: what kind of tools you have in the in the toolkit to help with that.

186
00:38:33.050 –> 00:38:38.139
Andy Whiteside: Hey, Jason? If I were to argue that we have a working model of this being true

187
00:38:38.160 –> 00:39:00.949
Andy Whiteside: by the growth of the ideal. I’m sorry, agile apple operating system. Yes, I understand there are designers and things out there that need that the the apple solution, the the ecosystem, the power of those machines. But there’s a percentage of companies out there using apple today just to accomplish, and paying a lot of money for it, just to accomplish the things we’ve covered in this blog, it might totally off base. With that.

188
00:39:02.860 –> 00:39:06.590
Jason Mafera: There, there is a model where

189
00:39:07.140 –> 00:39:31.470
Jason Mafera: those sorts of devices in that operating system are somewhat aligned with what we’re talking about definitely from a security perspective. I think there’s a huge difference between the 2. When we think about overall roi of the solution and overall manageability, the ability to centrally manage an update. You know, I think of Igl as really the enterprise operating system of choice.

190
00:39:31.470 –> 00:39:45.570
Jason Mafera: Right? It’s the one that really allows you to maintain your business operations over time and have the best security posture that’s essentially possible today, because it was built from the ground up with those goals in mind.

191
00:39:45.790 –> 00:39:53.499
Andy Whiteside: Yeah, that wasn’t to mean that the apple operating system does all the things Igl does, or this anywhere near as cost cost effective.

192
00:39:53.610 –> 00:40:03.469
Andy Whiteside: But people are doing it, and I bet Ceos and Cfos kind of are embracing it. even though they have really no idea what they’re really costing themselves to do it.

193
00:40:03.760 –> 00:40:04.850
Jason Mafera: Yeah, exactly.

194
00:40:04.910 –> 00:40:09.730
Andy Whiteside: Hey, Chris? What other? What other comments would you like to make as we kind of wrap this one up?

195
00:40:09.750 –> 00:40:19.410
Chris Feeney: Well, just on the latter part, we just talked about one of the things that is beginning to see, some movement is additional applications in the eye. Gel, app

196
00:40:19.470 –> 00:40:29.730
Chris Feeney: portal. We have some endpoint analytics, solutions that are going to when one is you know them liquidware. They are out officially today. They were the

197
00:40:29.780 –> 00:40:49.340
Chris Feeney: actually built their own. So that’s very exciting. We have others that are lining up. And so I think we’re gonna see more of that, because as these workloads shift to Ijo, one of the things that is of grave importance is user. Experience has to. I talk about it as it. It has to feel as if it’s natively installed, locally installed, you know.

198
00:40:49.440 –> 00:41:09.039
Chris Feeney: and if that experience suffers by any chance, you know they’ll they’ll look for something else, you know, just to make them be with so more of that coming and in the future. As as a OS 12, and those app to get more. And it. It reminds me of how Apple ultimately shifted into the enterprise with their

199
00:41:09.160 –> 00:41:11.299
Chris Feeney: initially, that consumer based

200
00:41:11.500 –> 00:41:41.129
Andy Whiteside: device that now everybody pretty much uses. So yeah, I just did a quick test while you do. I went to the Ijo app portal. I didn’t call app store app portal and did a category security. And it’s gonna be interesting over time to take what you guys already talked about in this blog, which is a game changer in terms of securing the endpoint. And then this portfolio of ecosystem partners start to show up and add additional security offerings into what you guys would consider apps in your portal. That’s gonna be fun to watch.

201
00:41:41.480 –> 00:41:43.620
Chris Feeney: Yeah. definitely.

202
00:41:45.330 –> 00:41:50.810
Andy Whiteside: Well, Jason, Chris, thanks for joining Jason first time doing it hopefully. This was fun for you. And you see, the

203
00:41:51.000 –> 00:41:57.920
Andy Whiteside: you know the value of just having these conversations. We can’t have enough of these conversations. We can’t get the word out enough

204
00:41:58.100 –> 00:42:27.239
Andy Whiteside: what you guys are doing to provide some segment of an organization’s users a more secure way, but yet high functioning, high fidelity way to compute. I run into people all the time to think if you adopt Ijo, you gotta adopt it for the entire company. That’s not true, like, I’m probably always gonna have a windows machine where I get on airplane, and and I do all kinds of crazy presentations and stuff. But there’s a lot of people as integral that could use a virtual desktop Sas app both from an igl unit all day long, and some do and that’s gonna grow, I hope.

205
00:42:29.460 –> 00:42:43.120
Jason Mafera: Really appreciate you having me here, and was a whole lot of fun. Thanks, Andy. Thanks, Chris, for inviting Jason. Jason. I’ll let Chris decide how often to bring you back unless you tell me you want to come as much as you can, and we’ll make you optional.

206
00:42:44.230 –> 00:42:47.120
Jason Mafera: I’m I’m happy to happy to join.

207
00:42:47.230 –> 00:42:55.999
Andy Whiteside: Yeah, alright guys appreciate it. Guys enjoy the rest of your short week, even though I don’t think it means less work. I think it just means more work in a shorter time period.

208
00:42:56.330 –> 00:42:58.210
Jason Mafera: Exactly.

209
00:42:58.240 –> 00:43:01.039
Jason Mafera: Alright. Guys have a good week.