All right. Thank you everybody for coming. Thank you for listening. Good morning. So there's an old fable Byon Crio, Russian poet, about a pike, a Swan, and a crawfish, also known as a lobster that contracted to pull a loaded cart. The result is in front of your eyes. The last update from yesterday, the cart is still there. Let's put it in a business context, shall we? So when we look at the modern enterprise, the business is there to set the vision, to innovate, to stay relevant and doing so why? Reducing the spending constantly reducing the spending and minimizing the business risk.
So this is our Swan. What happens with the pike? The DevOps there are to fulfill that vision. They're here to innovate, collaborate, automate. Do they care about the business risk? Not really, because in the morning the business guy walks in. I need this app by this afternoon, up and running, then they don't wake up in the morning thinking how, how I going to make it secure?
How make sure that I'm not increasing that tax surface and how I make it to be very cost effective. And then comes the pool guy, the security team that always viewed as somebody that pulls everybody backwards.
And why is that? Because they are dealt with the impossible reality where they're not only not collaborating with the people on the development side, they're being excluded from these discussions. Just a recent experience. When we sat down with the infrastructure networking team and security was not even invited. So we said, yeah, let's have a workshop. Let's invite all the business stakeholders and security people into the room and let's talk about it. And the infrastructure guy stands up and says, if this guy shows up, I'm working out and it's not because they're bad people.
It's just because they are misaligned. There are goals and objectives are not aligned. So in the next few slides, we'll try to figure out, is there a way to bring everybody back together, working as a team? So first let's start talk about security. What we do with security, we build walls. And by the way, for anybody who does not recognize the reference, we have a special gift for the 0 0, 0 1% who did not watch the game of trans come to my booth. And I will give you a gift for resilience and withstanding peer pressure for everybody else.
This is the wall to keep the night workers out, also known as hackers, but the walls not always work by the way, the president of United States also builds one, right? Just as we speak
And you do not need, I promise you the eyes, fire, speeding, dragon to get through that wall. All you need. And that connects to the conversations we just had before with two other speakers and Martin was talking about it. All you need is to exploit a legitimate access path.
And while they all need one to go in, we as a security and infrastructure network, whatever you are need to protect against all attack vectors, there are many, and they're gonna be even more. Cause you know what happens with the networkers, right? They turn more and more people into those scary people with blue ice.
So,
Oops,
And this is just not to scare you because this gonna be a lot of this campaigns going around the world. But there's something else that we learn from these guys while we are out there doing business transformation while we are innovating in our space and our business space and the enterprise, the night workers are also innovating. They are doing exactly the same thing as we do in their own space. So this attack, I cannot pronounce it.
I practiced all week, whatever it is, they it's very well known worm that what they were doing since 2017 is the cyber, sorry, cryptocurrency mining. That's all what they did. We discovered them about two months ago already completely redesigned their attacking tactics and designed their entire attack as a modern enterprise. They have servers. Most of them in the United States and Southern Malaysia, they have high availability, resistance, resilience, disaster recovery, and they operate as a business.
It is the payroll revenue stream about 3.5 million just last year.
And they have their own goals and objectives. So while they're doing all this, we are on the receiving end of this attack. They are. And just look at those numbers. They're infecting about 5,000 machines every month and they're super, super aggressive. They started as a crypto mining cryptocurrency mining engine. Now thereafter data, exfiltration, credentials, stealing, and the propagating themselves very, very aggressively throughout the network, which it means that it's now it's all about control. It's not only about getting something out the business and getting the payoff.
Funny fact, they are very, very jealous about other attackers. So not only they propagate, they actually remove adult malware. If they find it and then defend the affected servers against the competition, that's how good they are. But what you really should be worried about besides the fact that they're using known exploits and known and legitimate connectivity vectors inside the network, what you really should be worried about is out of 5,000 infected networks, all of them without exception were more than one host affected, meaning that are spreading.
And after the cleanup, some of them done with us, some of them with other vendors, 25% of the systems where surprise, surprise, reinfected almost immediately. Now I'll give you one minute to be worried. Okay. Are you worried? Yes. No. Maybe you look worried because the next slide I gonna tell you, this is not what we all should be worried about because this is the side effect of what we all have been creating years over years, over years.
And we just on the path of creating more of this. Anybody knows that what it is, it's your it shop all these little nods.
All these little symbols are servers, containers, virtual machines, anything desktops. This is how the modern enterprise looks like. This is actually a real picture from our software when we deploy it in the any environment. And now let's think about it. Every time the DevOps, anybody releases a new software release, a new application, puts out a new server. What we just did, we just expanded our attack surface. That's what we are doing. So the guys that are doing the infection are pretty much using what we have created for them.
That for tile, ground, where all certifi attacks were gonna be lurking. So you shouldn't be worried about the next guy that is going to hijack one of our servers. We should be worried why we hate that security guy that S not to do certain things, because he was dealt with all these cards.
That's what he's doing while we are running and busy, innovating, right? It's very cool to innovate. Everybody likes to innovate. I had a customer. I will not tell you who that customer was.
They, a few years ago, they set up on Friday between 9, 2 12. We are going to innovate. That's what they decided from nine to 12 every Friday. But seriously. So while we are busy, innovating that's security team is dealing with flat networks, outed security controls, completely preferred perimeter and hybrid environment. That's why the title of this keynote is beyond cloud. It's beyond cloud it's beyond containers. Doesn't matter. Over on that picture, we don't even know where the server is over the desktop is sitting. It doesn't matter.
What matters is we create a perfect scenario for the lateral movement to happen. So is there a solution out there?
Well, apparently there is first and most important thing.
We should stop, like starting from today, thinking about walls. Not because it don't work and please shoot me. If I will come talking to you about, you should take away all your firewalls, shut them all down, take away your antivirus because it's not working. This is not what I'm saying.
Okay, what we need to do while we still have these walls around our enterprise, around the perimeter, we need to start thinking about ships. Cause this idea is not new in the ship building industry. It has been done for centuries and generations, how I gain control once I'm inside and how I control the spread. So what is it that I need to do today to create what we call this micro perimeter of control within the enterprise, while our big walls are protecting us from the outside, we still can contain the attack while it's getting into inside.
So there's three simple rules that we should start thinking about segmentation. We have to starting early, early in the process, not to wait until the application is being out there and running. We need to do it simply. And I will talk about it for a second and we need to do it fast. Because again, we are against not just the bad guys, we are against our own it, that innovates and evolves much faster than we can as a security professionals, catch up and go back to for a second to the simplicity.
Please, when you go back to your regular jobs, whatever you do in your organization, if you hear somebody telling you, we already segmenting, we doing it as Villa, and we're doing this far rules, we define new rules. It's all taken care of. Please tell them, stop. This is not the right technology. This is not the right way. It's gonna take you time. It's not gonna address the agility, the speed and the simplicity. Okay. There are technologies, emerging technologies that are almost mature at this point in time, almost four or five years, including our company that are doing it differently.
And we should really design our security. That should look like that fully segmented, partially segmented, somewhat segmented, where the controls for that segmentation are not tied to the infrastructure cause that's, what's going to kill us.
And now I will attempt to bring it all back together. Remember this nice Swan and a lobster and a pike. So how are we gonna make them all work together? And it's really not about cloud. It's really much more about collaboration and alignment of their business and technical execution. So what's needs to be done.
And I'm, I'm, I'm assuming you are very familiar with this cycle. That's a typical DevOps cycle here. We need to start thinking about the segmentation rules while we are designing that software, that application. But what's nice about this approach because again, it's completely disconnected from the infrastructure. The design of the security is not happening with the DevOps. They can go and design what they really are here to do. Design the processes, the software develop and release.
The security team is now gaining back the control of creating the segmentation rules and all what the DevOps processes need to do is to embed the labeling of all the assets that create. So once it's deployed, it becomes part of the policy.
So again, the control is within the security. They are the ones that have the controls. They have the ones that have the tools at just now part of the process. And hopefully they will stop hating each other because now they have no conflict. They don't have to step on each other toes
And how this affects the business.
Well, obvious result, if you remember that big picture with all this multiple connected assets, it prevents the lateral movement. As simple as that, it allows us to create those micro perimeter of controls to ring fans are critical applications. So when this guys are coming in and they will come in, they're already in, okay, we can still contain that aggressive spread within our network. We didn't talk about compliance, but it's not about compliance is like a weird word because everybody does, oh, wait, we make a compliant.
Oh, we help you to be compliant. It's not about that. What happens to compliance when we release new application out there that's last slide is that it causes us to reevaluate our policies, right? An example, we have a customer that has compliant PCI environment. The second they release a new application, they have to figure out if that new application is not contradicting their existing PCI rules and controls put in place. So it simplifies the process.
When this environment is cemented, you can assure that even the future development will not affect your compliance pasture and the logical result of all this is we actually can start innovating faster and removing those roadblocks on a way to innovation. All we need to do is to be just one step ahead of the night workers because they move faster. Thank you.
