Cybersecurity: Amplified And Intensified

Episode 29 - Identifying NSO Pegasus breaches with CrowdStrike Mobile - Cameron Buriani

September 13, 2021 Shiva Maharaj/Eric Taylor/Cameron Buriani
Cybersecurity: Amplified And Intensified
Episode 29 - Identifying NSO Pegasus breaches with CrowdStrike Mobile - Cameron Buriani
Show Notes Transcript

Recorded September 6, 2021

On this episode we discuss using CrowdStrike tools to identify and help mitigate mobile and USB borne attacks.

https://github.com/AmnestyTech/investigations

Cameron Buriani is a cyber security professional who works as a Senior Solutions Architect at Crowdstrike over 3 years now. Over the last two years , he’s dedicated his efforts to building out the Crowdstrike MSSP offering from the ground up to the full blown solution it is today.

In his spare time, he works on his land in Texas raising livestock, growing annual crops, and working the peach orchard with his Wife and Daughter.

Eric Taylor | LinkedIn
Twitter: barricadecyber
www.barricadecyber.com

Shiva Maharaj | LinkedIn
Twitter: kontinuummsp
www.kontinuum.com   

Shiva Maharaj:

Good morning. Welcome to another episode of cybersecurity amplified and intensified with your host Eric Taylor, myself, Shiva Maharaj. And today we are joined again by Cameron variani of CrowdStrike. What's going on man?

Cameron Buriani:

Howdy, how you doing? same ol same ol you know, living the dream, I feel it. So we had a nice long break. So now we're just gonna get back on with the grind and get into it. Welcome.

Shiva Maharaj:

So the reason we asked camera back on here is because in the news a few weeks ago before the cycle changed to other things Pegasus and the NSO group were in the media. And I sent Cameron an email saying, Hey, does CrowdStrike do anything for this and crowds? Cameron replied graciously and quickly ran and appears you do. So what exactly? Oh, I guess if you can go into a little bit about what Pegasus is from 30,000 foot overview, and how does CrowdStrike help to identify and potentially mitigate these attacks?

Cameron Buriani:

Yeah, we definitely talk about it. So Pegasus is obviously it's a spyware based tracking exploit from the NSO group. And so group basically initially developed it as nation state level spy craft, in order to put it on their adversaries and be able to actually see Varner abilities and understand what people are saying to like imessages, Apple photos, even things like Apple Music, it was largely consolidated around apple. Now, of course, we've seen some manifestations of it within Android and iOS. But really what this is, is the ability to put that spyware on potential adversary machines. Now, this started off as a white hat operation being used against adversaries of nation states, such as you have the five countries as well as Israel. And from there, it became something that was used in a malicious fashion by external adversaries. So what we're seeing now is we're seeing people who are using the Pegasus software in a malicious fashion in order to put it on specific iOS machines to read those capabilities. Now, this is, the most troubling thing about this is we're seeing it in the zero trust fashion. And we're also seeing it in what's known as a zero touch fashion, which means there appears to be ability, at least on iOS machines, to put this on impacted workloads or mobile devices without having any form of any user intervention, there's no touch involved with it. So they're able to send an SMS message where then a disabled inject the adversary's form, spycraft put it on that in the background, and then from there, read messages, call logs, whatnot, so forth. And it's the zero touch fashion. That's really the most troubling about it. Typically, legacies Well, maybe not even legacy, but a lot of times it's cybersecurity, you said, there's always an element of consent, where there typically is not going to consent, the end user will click something, take an action, do something that is indeed malicious. And once we remove that, and we go to a zero touch model, that's where it becomes especially nefarious, because you can be one of the best, you know, off sex guy. But if you just get a random message, and you don't touch it, you can still be impacted by the Pegasus spyware. And that's really the thing that bothers a lot of people the most about it, is the fact that you can't take mitigative action, just off your behavioral day to day life, you have to make sure that there's a layer of protection involved in that. So hopefully, that's a decent high level view. There's obviously nuances associated with it. But that should kind of be a level set for individuals

Shiva Maharaj:

now, do these messages have to be opened? Or is it just a matter of getting it onto the device just for clarity sake,

Cameron Buriani:

it's just a matter of getting it on device opening, the message would, of course, constitute a touch. This is a zero touch methodology, which is, frankly, an ingenious way to do it. If you're in a white hat sec setting which it did manifest and originate as a white hat setting. The NSO group is typically used for counterterrorism operations over in the Middle East. But of course, through a series of acquisitions and sales. You know, software like that can always fall into the wrong hands. And that's indeed what happened is

Shiva Maharaj:

it's a, it's owned by a Japanese company. Now,

Cameron Buriani:

to my understanding the NSO group is potentially an Israeli company is it is

Shiva Maharaj:

but I think they were sold a few years ago. And we can help the guy read the article, I'm not

Cameron Buriani:

looking on the article, the chain of custody, I know at least and it could be Japanese, from an owner. The Chain of Custody that I'm aware of is that it was initially started off as a defense application, then sold to American venture capital firm, and then the American venture capital firm, resold it for 10x, the profit to another defense application, who then sold it to the United Arab Emirates who are using it against like nation, state level journalist and whatnot. So I think we're the leak comes from is the UAE United Arab Emirates probably started using it well did Rather, they started using it against journalists against the regime, which got Amnesty International involved and Amnesty International involves like, Okay, well, you can't be targeting journalists, you know, you have to be using this on legitimate nation state level threats. But of course, there could be a threat that involves, you know, Japan as well, I'm not aware of that part.

Shiva Maharaj:

Pick that up before you publishing here.

Cameron Buriani:

But yeah, it's uh, I think, I think really where this got to the market and I'm willing Just fashion is through the selling of it to the UAE in the UAE was leaky from that point. So and now we're seeing it's starting to be used at least we're seeing it manifest and in the Middle East, which targeting journalists. And then there's also been some use against like, white hat uses against people like the, like the cartel down in South America largely the Mexican cartel. The Mexican government credits the use of Pegasus in capturing I think it's I don't I don't know the names of the of the individuals that are running those organizations, but they credited as being it. So anyways, once you start using a software that much, it's hard to control exactly who has the chain of custody, and now it appears to have potentially leaked into vectors. So that's why it's now a potential concern for individuals largely leveraging iOS devices, not implying that it can't go to Android just know that we're seeing and mostly manifest on iOS devices, Android, it's still unknown whether or not it's actively exploiting an invertible status.

Shiva Maharaj:

So how long has CrowdStrike mobile, Dan identifying.

Cameron Buriani:

So I've been seeing reports on the NSO group. Because frag mobile, starting in about mid July, we've been tracking it since it surfaced. But of course, it's a known white hat methodology. But we've only been seeing it use malicious in the last couple of months. Now, here's what CrowdStrike can do to protect against these tax. Now, when we're developing protection on mobile, it's all about having that visibility, right. And what we want to do is we want to develop tactics and visibility to mitigate the techniques used by adversaries and their testers rather than the tools themselves. And what this allows us to do is it allows us to go on and stop it within the chain of custody. Now expanding beyond these generic capabilities, CrowdStrike will give you additional visibility for this by actually giving you the analyst. And they're going to deploy and have deployed indicators of compromise into the mobile sensor, which will allow you to identify network communications with all known domains associated with Pegasus. So that's the number one thing that we're doing right now, full visibility into all known domains associated with Pegasus if you go in to an iOS device, and you see an iOS device making communication bilaterally or even one direction, to a known bad domain associated with Pegasus, that's a massive red flag. And we have those pre baked into the UI for everybody to view at that point. So that's one of the number one things we're doing right now is full visibility into machines that are making those communications. Now, the second thing we're doing is we're going to generate mobile detections for those network communications linked to Pegasus flight in the future, we're going to provide the capability to block them. So I do want to be clear right now, we're not going to block those communications, if you install CrowdStrike on a mobile device that has Pegasus will give you this action, and will show exactly what device it is where it's communicating. And when we're not blocking it yet, that's a future capability prospects mobile device capabilities right now is full visibility. And we want to move towards a blocking stance. And that's something that we're going to hopefully achieve within the foreseeable future.

Shiva Maharaj:

Now, isn't that a limitation on the iOS side? Because they really limit what any application should be able to do?

Cameron Buriani:

Yes, with iOS, it's very difficult simply because of how restricted the operating system is an apple in and of itself is not very conducive to kernel level players. And it's why they've been trying to move people out of the kernel, or ring zero rather for four years at this point. So it's increasingly difficult to perform prevention based functionalities or attempt to but it's something that we're working closely with, you know, our engineering team in order to be able to do that. But yes, it is hard operating system limitation that makes it more difficult. But of course, you know that that begs the question, what we do for Android, Android is still in the visible state. So it's just kind of where the product stands as it is, when CrowdStrike does a product release. I think we mentioned this last time, we kind of do a minimally viable product, what we do is we bring a minimally viable product to market, because we're not humoristic enough to say I know what the market demands, I know what's going to happen, bring minimally viable product and iterate based on the demands that you see either from the customers or from the threat landscape. If you say, Well, I think it's going to be X and you spend all your development time and resources to deliver a completely polished product, that its use case why? But the market demands x, you're in a kind of a pickle, right? So if you get yourself to a point where you can start to steer that ship, they some of the winds flow, you can meet the demands and address the threats. And that's basically what we're doing with mobile.

Eric Taylor:

So is there going to come a point, just before we get too far down the line in the feature set on I'm sure this is not going to be a possibility. But would there be a possible containment like we can or network isolation that we can with the current Falcon agent on the mobile device, or any sort of any sort of mobile device, right? So tablet, iPhone, whatever the case is?

Cameron Buriani:

Yeah, definitely. So containments a core thing for us, we want to make sure we have the ability to contain, we won't be able to install on tablet right now. We're just doing iOS and Android from the mobile standpoint. But yes, containment is something that we're working on and looking into. So we want to get to that stance where you can actually contain those machines. Now. I do want to make a caveat here. Do note that CrowdStrike is a exceptionally robust visibility tool. There are a lot of tools like that. But I typically recommend people only put the CrowdStrike agent on a company operated and owned machines. It's exceptionally intrusive. And I'm no Luddite by any means. But there is a balance to be had with security versus the notion of privacy. So when you're looking at managing machines in order protect from a Pegasus based spyware, you know, sort of think, why would something hit that? Why would I have Pegasus spyware? What's the endgame objective? For a standard civilian, it shouldn't be too much of a problem. But of course, once you start to get to corporate assets, you look at corporate espionage, looking at individuals trying to see your corporate data. I guess, of course, in a civilian sector, you're accessing your bank accounts, I mean, it will potentially pick up things like that. But once you start to think about why would I need it, I'd highly encourage people to restrict them to corporate devices, simply just to create a just a nice boundary between you know, you know, your personal cell phone, and of course, a company on workload, because there is visibility,

Shiva Maharaj:

in terms of the visibility, what are you seeing or not, you know, what is CrowdStrike, mobile seeing when pegasystems passing data for lack of better words.

Cameron Buriani:

So one of the most important things that we're seeing, obviously, is communications in the known see to server. So when you go on, and we see the CQ server communicating, that's obviously going to be important. We're also seeing the running, when you actually capture a snapshot file, we can see the list of running processes. And if you see the running processes, you can actually identify the indicators of compromise that have been identified by Amnesty International. And you can identify those and run through there with EDR data, those are going to be seen in the running processes, Amnesty International released to GitHub repository with all the known indicators. And those are pre baked into CrowdStrike. So you can see like shownotes, we do, yes. Okay, let me drop this in there, you might already have it, but you can drop the show notes for Amnesty International's GitHub repository. And I just put it in there. So people want to go do that, you could take that to the Splunk data, we're CrowdStrike, run it for those indicators are compromised and see if those running processes are running at that point, because we will be gathering them. Like

Shiva Maharaj:

you just mentioned Splunk, how deeply tied in to the Falcon platform is blank for those listening, because I know that's one of the main reasons I chose you guys, just as much as you know, you chose me,

Cameron Buriani:

you have no mutual relationship. I laughed when I said, Hey, this guy's a cool cat. And you said the same thing. So it works. But with CrowdStrike, we have a an OEM integration into Splunk. So you're going to get a Splunk back end built in the box, right out of the gates. And that's actually the backbone of the CrowdStrike software. So when we look at our EDR based visibility, all its stored within a Splunk base repository of which we host in a isolated AWS instance, everybody gets their own Splunk. It is integral to the CrowdStrike software. And so far as the visibility goes, you look at certain modules like mobile module, you look at modules, like Falcon discover, which is 90 hiji module, you look at modules like spotlight, any of the time you start to build off core prevention based capabilities, you have to have the EDR or that Splunk back end as the backbone in which to pivot off. So it is indeed the integral portion of CrowdStrike. I typically tell people that, you know, based on your security needs, you can go in without the Splunk. And it's known as the defend package, at least in the MSP space, which is just the core AV is just protecting and blocking with minimally viable coverage is what I call it, MVP, minimally viable covers similar to the product methodology. But once you really start want to do things like mobile view, the Pegasus Bay spyware, do anything advanced more than just stopping and triage seeing the bleeding? It requires that Splunk back end of which we are spunks largest OEM partner, it is the central tenant of the CrowdStrike visibility.

Eric Taylor:

So how is the is the mobile minute tie into the zero trust assessment module that's inside of CrowdStrike? And can you dive in because I know I'm kind of pivoting a little hard there. But how the out partners could build potential look at CrowdStrike and obtaining zero trust assessments for their client base?

Cameron Buriani:

Yes, eta is newer features. eta is of course zero trust assessment, where we're watching and identify them. And these are misconfigurations on the operating system level to show if you need to, like restrict secure kernel boot, you need to do anything on an operating system level, which, you know, should we have this configuration set as x or should we move it towards y? And then we'll give you a score assessment with it. To my knowledge, I don't, I don't want to speak definitively on it. I'm not sure if we have that today with a mobile. But we are moving towards zTa style assessment zero trust environment has seen with our acquisitions. So it is something that we want to eventually bring the mobile but I'm not entirely sure if that's available on mobile, at least as it stands today, commercially, gotcha. But you do get zero trust dashboards. So if you are CrowdStrike customer if you want to become one zTa dashboards are built out of the box for individuals who have insight, which is the EDR portion. So you know, for both barricade as well as continuum. You guys have the CTA dashboards and that's just part of the standard updates that we do and you're gonna see us on that a little bit.

Eric Taylor:

Yeah. Now, just from our side on barricade, you're either going through a pretty heavily is like, Oh crap, I didn't even think about doing this. I didn't think about doing that. Like, even though we always talk about, you know, always do a zero trust. And, you know, we kind of hammered around even when you just mentioned the secure boot. And that was one of our current projects. That's one of the most painstaking tasks to do but you are the what are the chances of somebody injecting a potential malware in the strain of a boot up process? pretty minimal leisure, you're really being attacked by ADP or ATP? But do you really want to take that chance, especially when you have clients that are in manufacturing or finance? Do you have to take that chance? Right? Yeah.

Cameron Buriani:

So that's really the question, do you want it Linda, you have to. So security is all about reducing risk, there is intrinsic risk involved in operating in the world. I mean, I suppose you can live in a world where you want to reduce risk to net zero, that's not even viable you get on the road. I mean, you're driving, you can get in a car accident, you know, you can get pulled over by a cop, anything can happen. There's intrinsic risk, but you do everything you can do to mitigate that risk, such as go the speed limit, make sure you're not like, impeded in any way from a cognitive standpoint, when you're on the road. Same thing with security, drive it to a net neutral status, we don't have to leave those for an abilities open, just driving in, there's going to be some implicit risk. But again, if we can go in and reduce secure kernel boot, like you said, it's a minimal risk, but it doesn't have to be there. And it's something that you can just spend 10 to 15 minutes, lock it down. And guess what you're showing value to the clients. You can go in and said, Hey, you know what you want to know what we did this week, we locked down all these security configurations. And that's something that you just got from the zTa dashboard rolled out.

Eric Taylor:

Yep, absolutely.

Shiva Maharaj:

I do want to say that I just researched who owns the NSO group. And it was resold to the founders a couple of years ago. So I was incorrect. When I mentioned any Japanese company had any Norrish its ownership stake. So I do want to put that out there. That was my, my bad.

Cameron Buriani:

No, you know, it's good that you brought that up because they do do a lot of stuff with cybersecurity. What was the Gosh, there used to be an old? Well, I don't want to, I don't want to. There used to be an old style malware. Sorry, an old style AV tool that was Japanese based. I'm trying to remember. It's very popular back in the day.

Shiva Maharaj:

I don't even recall. Maybe that's more Eric's wheelhouse.

Cameron Buriani:

Turn number stop trend. I think trend is English from correct. Anyways, they did have a there. I know there's one. And I see the logo in my head, but I can't see what it says.

Shiva Maharaj:

Alright, Eric, let's fire up a Microsoft Paint and have Cameron do some drawing here. In the meantime, one thing I do want to ask you about, and this is somewhat of a pivot away from mobile USB control with CrowdStrike. And specifically tying that to the recent, I guess, proof of concept of Razer peripheral devices launching as with elevated privileges. Yep.

Cameron Buriani:

Yeah. So with USB based device control, what we're able to do on that is, you know, when you start to look at launching with elevated privileges, a lot of things that we recommend doing with USB based device control is doing a net neutral status of only allowing certain USB based devices. So when you look at escalation controls, when you look at Legacy assaults, like you know, the rubber ducky attack, when you look at people coming in through USB vectors, you know, I just talked to a Canadian partner, who their biggest problem right now, he's in Canada, they're handing out these free chargers. And it looks like an iOS charger, looks like an Android charger, and they plug them in, and then it does a standard rubber ducky style attack. Because what you're able to do is if you ever seen like those wireless mice where it's no bigger than a fingernail, you know, you put it in there. And it's just it's almost flush. And now your mouse has a USB connector, they build those into the charger. So it looks like you're charging your phone, but it's actually a malicious exploit based. And that's you know, that's actually pretty ingenious, because when you think about the people who are security minded, oftentimes, we don't even consider a charger as potentially being an exploit vector. But that's a really common one that's rising is using charges in order to do USB based device attacks, which is why crowd strikes are recommending that we go on energy, a full block of USB based devices and only allow a certain subset of them. And you'll identify them right? You'll go in and say, Hey, for my practice yet 16 coarser USB devices, and you have to use those 16. Otherwise, it's a full block on all policies. And that's typically the best way to go about that.

Shiva Maharaj:

And are you doing that by class,

Cameron Buriani:

you can do it by class, you could do it by serial number, you can do it by a variety of things. You can even do custom, you can even do like by class for an individual group of users. So you can say class is mass storage, full block for all users except it or a class equals mass storage full block for all users except these you could do a company ID company would be you know, an Steve's the Coursera example of course there that's a little more wide than we'd like it we'd like you to do by the actual the serial number, which you plug in you'll get a number associated with that actual USB device. And then of course, you Allow it from there, and then just get like a handful, right?

Eric Taylor:

And just hit rate or reiterate on what cameras talking about what? There's a company that's really, really popular space called OMG. Oh dash mg, but they have, even in the Type C classifications, they have a built in mini Wi Fi transmitter. So if you have the app loaded up on your I think it's only available on Amazon or Android, not Amazon, what the heck am I thinking today anymore? Um, but they have it on Android. You know, you can sit there real time on your mobile device within I think it's only 30 or so feet. Because I mean, that's small, the transmitter is not going to work very far, right? But you can see real time keystrokes instead of using a C to application so you can be potentially, if you're parking lots close enough and you know, your attack or the person you're trying to steal the information from is that close, you can potentially be in the parking lot being able to

Cameron Buriani:

you can park on on the next story in the bathroom, right?

Eric Taylor:

Yeah, just one more they could do in the bathroom, and you

Shiva Maharaj:

can be in the Amazon truck outside. I didn't even

Cameron Buriani:

then I really get in the fairing away I get on, you're like, Hey, what's that black van out there?

Shiva Maharaj:

What's going on? And now they don't use black vans anymore. They just go. They paint the truck to look like an Amazon or a FedEx truck. And those things are everywhere.

Cameron Buriani:

You wouldn't even think about it right? Like Yeah, yeah, you probably just see the Amazon truck. You're like, Hey, cool, ordered that last week.

Shiva Maharaj:

What did my wife order today? Yeah, you get in big trouble. We hear you're trying to save here. Yeah. What? What do you think is the ideal CrowdStrike? stack for lack of better words, when a company is deploying your products? Because you have a few different skews. And let's say EDR is definitely in there. What else would you think is the best practice to add in there?

Cameron Buriani:

Well, I think you should always have insight, right, which is the EDR portion. That's why I was referring a little bit earlier to the notion that if you just go with just our core ad base functionalities, which is in the MSP world known as protect, minimally viable coverage, I don't typically recommend any partners get minimally viable covers, simply because it becomes difficult for us to help you as a partner. So, you know, if you chose to partner with CrowdStrike, and build out an MSSP practice, this is designed to be a continual relationship, for example, while I'm on these calls with you, because we're all going out continually, right? So if you come to me, and you know, Eric says, For example, Cameron, I got this attack, can you tell me what you think about it, if you don't have the EDR portion, it becomes difficult for me to do any form of investigative action becomes difficult for our T team to do any form of investigative actions, we can only just look at that immediate process tree and take an educated guess based on it. So it's more of something where a Mac case typically the recommended remediation advice is going to be Well, looks like it was terminated looks like the machine is fine. I can't do any searching. And your policies are okay. So just sit tight, you know, your policies are good, everything's in a good policy. And no one wants to hear that. They want to say, well, let's go take those artifacts. And let's go see all the machines that are compromised. That's where we have to have insight or the EDR portion. So the recommended stack is if you can at least get insight on those machines, because you're not using it every day. And some people will say oh, well, Cameron, of course I use it every day. It's sure all right. But when you need it, it's quite valuable. And it's something that, you know, you're going to be happy when you do have it. So I recommend inside of course. And then mobile is something that I do recommend on a tactical case by case basis, especially with the rise of Pegasus software being used in a malicious fashion. I do want to make sure we call out that you do have to use an improved MDM to deploy to mobile devices. You can't just scan a QR code like he used to be able to if you're putting this on iOS devices, you have to use our approved MDM, and I forgot what they were but I think

Shiva Maharaj:

I like that because we use Intune.

Cameron Buriani:

Microsoft Intune for it. Intune is one of them. Yes. So okay, Citrix, we allow you to that champ, Microsoft endpoint manager 4 million soon, of course, mobile iron soapless, mobile MDM, workspace one formally airwatch. So those are the ones that are supported, you do have to have an MDM to deploy that. So that's a huge thing we should mention, if you're thinking here, like, hey, I want to use CrowdStrike global sounds cool. I don't want to get hit by Pegasus or at least want to know, when Pegasus is down there. Got to have one of those mdms

Shiva Maharaj:

I will tell you I was very disappointed last year when I figured that out. But then I sat down and I thought about it. And I said, You know what, with some with putting an EDR on a device. At least there's a real process tree you have to go through. And someone just can't slip it onto your device, which quickly turned me around on it.

Cameron Buriani:

Yeah, I remember. I remember telling you that you weren't too keen. You personally did not ask like Hey, dude, I wish I wish I had more say on it. But yeah, now that you pointed that way, like, would I want CrowdStrike slipped on my device? No, I wouldn't. I would. It's It's very, it's got a ton of visibility. And you know, it's never which means you know, security and privacy is always a balancing act. And it's not a privacy thing. When you think about privacy. It's like this like what what do you have to hide? It's not that we have anything to hide. It's I questioned the intentions or the motives of the individuals reading it. I don't know. You don't know that right? So, you know, when I think about privacy, that's what it is. It's not about my actions is about you, I can't control what another person does with that data. And that's what it is. For me. It's I don't know their motives, you don't know their motives. You only know what you're doing and how somebody interprets a fact. You know, when you perceive things, you see something you can have somebody say, well, that plant is green, the other guy says is gray. Well, he's colorblind, who actually has the true notion of what reality is perhaps his view, is the actual core and everybody else has a skewed perception that's a little bit abstract. But at the same level, when you come to a privacy standpoint, you can see data, which you would think is completely benign uses another person says, whoa, they can see demons in the shadows. And that's why, you know, you want to make sure have an MDM. So it's an approved installation methods, so that way, authorized users on authorized devices have the ability to deploy it.

Shiva Maharaj:

One thing I agree, sorry, Eric,

Eric Taylor:

you bring up a very good point that I still want to skim over, because me is shivah. Yo, we get beat up a lot, especially in the MSP community, because we tend to ask a metric f ton of questions of any prospect camera, you seen this when we were talking to you and Nick and everything like that, and, you know, was like, What are you doing with our data? How can we trust you? Do you have, you know, you're going through your audits and stuff? And when most these companies can't answer these things, that you're going to really put your trust in your clients, data and potential access to be a glorified CT product into people you can't trust? It's like, yeah, are we using them? Why not?

Shiva Maharaj:

Well, you know, I'd much rather have vendor Tell me, yes, we have complete access to everything, and I can see everything you do. I prefer that. And I would use that vendor over vendor that just ignores the question

Cameron Buriani:

yet. And you want transparency, right? Because if they ignore the question, it's like, why are you ignoring or you're not taking it seriously. If somebody comes in and like you said, You know, I have full access, we can see everything you're going in eyes open, they're being transparent about the motives. And that's where it does indeed become important. Because you're right, it's not just, you know, we use these word data. But what does that actually mean? if somebody gets your data to your E trade account? I mean, there's your 401k, right there, and somebody gets the data to your bank account. Do you know how hard I mean? I don't need to tell anybody, but going through, like, what do they call it, and so far as like, going through, like identity, credential and stuff like that, it's, you know, this is such a laborious process. A lot of people can't take those type of financial hits, the time the strain, I mean, that's what data translates into, it's, you know, it's financial loss, it's stress, it's concern, it's worry, things that you don't need to be on there. You know, the world as it exists is already at a base level of stress enough that building onto it is not going to do anything for life expectancy. So let's be conscious about where we put our data. Let's make sure it's a trusted vendors who at least acknowledge the responsibility. And let's move forward in like sensible fashion about it.

Shiva Maharaj:

And, you know, one thing I want to add to that is, I think a lot of employees and even a lot of employers don't understand that a corporate device should automatically say you have zero privacy when you because it is an asset that belongs to the company.

Cameron Buriani:

Yeah, no, I would agree. Corporate devices, I mean, a lot of people are pretty lenient on corporate devices. And it's, you know, you just got a third thing like this, the company asset, you know, you're doing company style work. So, you know, that's, they're gonna have full visibility on that. And, you know, to a lesser degree, or to a large degree, rather, should have full visibility, because, you know, it is a company device. And that's where you want to make sure that you can see what's happening on it. Because it's not just about like, well, we want to see what you're doing on there. You just don't know if there's something with an X film method on that if you leave a vulnerable state. Or if you don't have visibility into this portion of your user base, that's exactly where you would attack. That's where an adversary would start to target. Where do they not have visibility? Where can I get under the radar? And that's where you want to actually hit. So once you get that full blanket coverage, it's not about looking at your actions and making sure well, you know, what are you doing? It's, let's make sure that nothing malicious is coming externally to steal that company data. Or you could also make sure that you're not doing anything to leak company info as well. But that's, that's largely in your control. Eric,

Eric Taylor:

that's it for me. I mean, really a conversation or really enjoy the talk today, Mr. Cameron? Yeah.

Cameron Buriani:

Thanks for having me. I mean, I'm always down to talk about anything. I know that you guys, you guys run these a lot. So hopefully, it was informative for you and your viewers. And yeah, correct me in the comments. Also, I did Google it. Not a Trend Micro is actually Japanese base. So I was wrong on that. So there you go. trend is this, it's

Shiva Maharaj:

no, but I would like to thank you for coming on and addressing the, what I would call the core strengths of the Falcon platform and the fact that you gain extensibility into mobile devices, which is increasingly where most corporate workloads are being accessed, especially in a you know, or from anywhere mentality. Cool,

Cameron Buriani:

ya know? And if anybody has any questions, she has always you know, you guys can reach out to me and we'll go from there.

Shiva Maharaj:

Good thank you so much.

Eric Taylor:

Thanks again for so much for tuning in. Please listen to our podcast on amplified and intensified YouTube version is located at YouTube dot barricade cyber calm. Please help us spread the word. Share this content if you enjoyed it with somebody you think will enjoy it as well and until next time, take care