Security Unfiltered
Security Unfiltered
Inside the Mind of a Cybersecurity Maestro: Oliver Tavakoli's Journey from Mainframes to AI
Have you ever gazed into the depths of a cybersecurity expert's mind? Prepare to be captivated as we sit down with Oliver, a virtuoso in the realms of IT and cybersecurity, whose tale unfolds from a childhood enchanted by math and sci-fi to the frontlines of digital defense. In today's episode, we peel back the layers of cybersecurity, from the bedrock of IBM mainframes to the latest in AI-driven security strategies, through the eyes of someone who has seen it all. Oliver's insights paint a vivid picture of the hacker's mindset and the relentless progression of cybersecurity challenges.
Oliver doesn't shy away from the personal, either. He lays bare his struggles with imposter syndrome, reminding us that even the most seasoned professionals harbor self-doubt. This candid talk traverses the landscape of technological leadership, contrasting the role of yesterday's CTO with today’s, and emphasizes the transformative journey required to shepherd teams through decades of tech evolution. With Oliver's narrative, you're invited to witness the metamorphosis of an industry and the professionals within it, rooted in the principle of lifelong learning.
As we explore the shifting sands of network security, Oliver guides us through the sophisticated use of AI and machine learning in detecting cyber threats. We probe the vital nature of identity security in a boundaryless digital world and the adaptation of cybersecurity strategies to protect networks, clouds, identities, applications, and endpoints. Diving into the ethical quandaries of AI in security, we uncover the importance of safeguarding privileged access against the burgeoning capabilities of AI. Join us for this enlightening episode that promises to arm you with a deeper understanding of the complex, ever-changing theater of cybersecurity.
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
So how's it going, oliver? You know it's fantastic to have you on. I know that we've been planning this thing for a while now, and I'm really looking forward to our conversation.
Speaker 2:Yeah, I'm glad to be on. These conversations tend to go sometimes in predictable ways and sometimes in unpredictable ways, but we'll keep it as organic as possible.
Speaker 1:So this podcast is completely organic, right, I may have a few questions on the side that I jotted down, right that I'm interested in. I want to make sure that I get to. But really, you know, this time is for you to tell your story how you want it to be told, right, and I pride myself a lot on how the podcast is structured. So I feel like a lot of people appreciate that. Yeah, absolutely so. You know, oliver, why don't we get started with you know, you diving into your background, right, like how you got into IT, what made you want to get into IT? You know, was there a certain you know show, movie, book that you read, something like that, that kind of sparked that interest to make you go down this path?
Speaker 2:Yeah, it's interesting. As a young kid I was, always I was the kid, the math kid, whose parents and grandparents would throw out to me, multiply these here numbers and come up with a result. My uncle, who was not much older than me, who was going to university and studying computer science. And so I remember from the early days when I was a kid he would come back and this was kind of like an IBM mainframe with green bars, you know the old printout, this kind of white printout with white and green bars on it, and so I remember always being kind of fascinated by that, certainly a science fiction person, so, you know, fitting like 2000 on Space Odyssey, which of course has Halloween and the notion of a malevolent AI and all of that was necessarily a thing back then. So I always kind of felt that I was predestined to go do computer science and math and some combination of the two and also to kind of study a better degree in both, and I always found complexity of turning problems into symbolic logic and running code in the early days to me was just like that, it was chatnet, and so I was always that in the creative process and I think there may be a lot of people that think cluster programming is a highly technical thing. I knew this before when I was in practice at all. If you've seen boot code, if you've seen back code, you understand how the emergency came out, and so for me it understand how to do business between that, and so for me it was always programming, was it? And I was also going to go on from the early days for really understanding systems well to the point that you know, when I joined IBM, I mean I was still at the main game operating systems in assembly language, and so you know, a low-level really understanding all the way down to the hardware, interrupt, vectors, those kinds of things. So that's how I cut my teeth and the notion of wanting to know how things work. It's like an intrinsic thing to something that's always not to others. Right, I mean it's bread. I mean it's bread, I'm using it intrinsically on a sandpile. All for me it kind of goes into that. I do these like rice, sourdoughs, salt and pepper and everything. But I need to have an understanding of how that works and how it's intended to work and how it can be made to actually not work. That's what I was intended. You saw more of the hacker ethos. You know smooth. This is the around the mid 90s.
Speaker 2:I kind of got into security and security. This is all of your kid right. And the only thing I learned in security was basically the amount of greatest servers off on the systems and the value of the key. How do you have two parties have an exchange without necessarily saying you know here's the password and get proof to each other that they have access to the same metric team material or that you have asymmetric team material and stuff like that to communications? Ultimately, I got acquired. I got acquired to Juniper Networks, where I kind of ran into R-Wall and IPSs and SSL VPNs and other things.
Speaker 2:It's a sort of this entire arc of you know getting into what I thought was either follow-up to short comms or authentication or preventative stuff. And the epiphany at the end of that journey and it devalued when I came to Vectra was that you know all this preventative stuff that we're doing is just like a filter. It's the first line of defense. Ultimately, the reason people have incident responders and they have SOC teams is that, yes, that's what happens. And there's also this of this interesting thing is, when you're on the preventive side, oftentimes you create these preventive controls that, if operated perfectly, might, you know, really save you. But you know, if you actually took a whole story and were a post-honorist, 2% of them were capable of running this thing, particularly because it required a degree of cleared lands and mental modeling that was just not economically feasible for them to have everything that they had off. And so often times I think, in my retrospective view of that world, is that the delta between both the theoretical efficacy of a solution and the actual, as-deployed efficacy of a solution was the large enough human capital that you as the customer were intended to kind of put into the system.
Speaker 2:And then, even if you got it all right, you know something like Log4J comes along or something like that, the latest kind of backdoors and balls kind of come along. It's just like, oh well. Or you know, microsoft gets one of their sign-in keys and we start seeing sort of, so you still kind of deal with the back end of it, and so then you know I kind of got to this point of at some point the law of the machine returns on the preventive side, right, it's like, yeah, if you put another million dollars to gain another percent of efficacy in your prevention, but that's how it is. This balance of trade of how much are you working on resilience and detection and response. That's the how it got me to Electra at the beginning of Actra To say, okay, I'm going to send in questions on either a perfect job or an imperfect job, but whatever job they have done, they filter out as much unwanted stuff as possible, with the problem that remains on the far side of that, which is okay. People are still going to get in, maybe as soon, as it depends upon thousands of users for fishing training, and well, let's assume that they're going to get that right.
Speaker 2:There was a customer that we had in the early stages. I remember talking to them this was 10 plus years ago at this point where I was visiting them in their offices and the CISO basically said to me yeah, I have 2,000, I know I have 2,053 vulnerabilities in our environment and their cars are out there in the parking lot. Because, I mean, as long as you have humans that can be engineered in different ways, they will make that decision. We'll assist them in respecting that and so stuff will get in. And now, really, for us, the mantra has been how do we actually make customers resilient, recognizing that there will be incursions into their environment? How do we stop those from becoming breaches that may devastate the information and also the big kind of being reported and fit in the news cycles? And so that is really our mission at the highest level, is to be swaying in the detection and response stage, and then we can kind of talk about the peculiarities of kind of our approach and the direction we've chosen.
Speaker 1:So you've really covered a lot there and I kind of want to break it down a little bit. You know, when you were at IBM, it sounds like you weren't just drinking from the fire hose, right, it sounds like you were trying to drink the ocean. Almost right For that sort of environment, for you to cut your teeth in that sort of environment, you know. Can you talk a little bit about the dividends that it paid down the road? Right, because I'm sure that that pays massive dividends, because you know even now paid down the road right, because I'm sure that that pays massive dividends. Because you know, even now, as a CTO, right, Like there's a lot of CTOs or C-level executives out there that you know are not, you know they know how to turn on their laptop, get to their email, maybe Teams, right, and that's really it, they rely on the rest of the team to tell them what's going on.
Speaker 1:I feel like with your experience, it's kind of the other way around. It's kind of like, okay, you tell me what's going on and I'll probably actually be able to figure it out.
Speaker 2:It's interesting, I think, getting a grounding in how systems work, to set their core right, rather than coming to the industry in the age where it's all about Java high code and there's some magic where Java high code is un-executed. I think there's a difference in being able to have it go out of the hard-to-replicate system. The other thing is I just learned how to learn and along the way I met a number of people who were very smart, people who were very good at simply saying, hey well, they didn't understand something, and so I tried to explain something to them and they didn't understand it. It's a I don't get it. So yeah, and I forced myself and this is my technique even to this day.
Speaker 2:I have security researchers reporting to me. I haven't really been a security researcher. I have user experience people reporting to me. I haven't really been a user experience designer. I have data scientists that I talk to on a daily basis. I'm not I mean, I'm math-framed, but not heavily in data science, and yet I've learned how to ask enough questions to construct a mental model for myself that is not only the accurate.
Speaker 2:Right can have meaningful conversations with these various parties within within our company and then also they kind of with outside their company and the one skill that I seemingly seem to have like.
Speaker 2:Again, when you have a skill yourself, I was going to think of it as quite exceptional until you kind of go for an entire career and don't find a lot of people seem to have.
Speaker 2:Again, when you have a skill yourself, think of it as quite exceptional until you go through an entire career and know quite a lot of people. But I'm being in the essence, the core essence of a problem, and then I can talk to it in various altitudes. And so I can talk to business people and still capture the core essence of it, but have it abstracted to a level where it's not just overwhelmingly detailed, it doesn't really bring anything to the table. And yet if I'm going to go talk to a security researcher or a beta scientist, I need to be able to speak at a low enough level that it just still feels like it's within their universe, and capturing the essence of what's hard, what's easy. So I think those are the skills. Ultimately for me, when I think of my skills as CTO, is to be the acquirer of enough information to construct reasonable mental models and then the ability to describe those models at a variety of altitudes appropriate to the conversation that's being had.
Speaker 1:It's a really good point that you bring up there. And you know, earlier on in my career when I was just starting out right and I was drinking from the fire hose, not the ocean, I kind of figured out how I learned right In that environment you really figure out what works best for you. And when I was trying to figure out how these Linux systems would work and how it interplayed with the emergency 911 system and how that, you know, got relayed to national call centers and stuff like that, me understanding that system at length made it a lot easier for me to be able to talk about it at higher levels, engage the room and, you know, break down what I'm saying into consumable terms to people that are non-technical. And it pays dividends now, because that's like primarily what I do, which is really interesting how that plays, because you know, like yourself, once I was able to get that mental picture or maybe even a physical picture right, maybe I drew it out.
Speaker 1:Once I was able to get that, it all started to kind of make sense to me. It all started to, you know, really open my eyes and whatnot. But I found that even after you know that role and I had moved on into more interesting, more, even more technical roles, I still had a little bit of imposter syndrome. Did you ever encounter that? Maybe you encountered it at IBM, but did you ever encounter it after IBM?
Speaker 2:All the time, every day, right, it's like I spend my time talking to people who are much more gifted at what they do than I am. Right, I'm an aggregator of information and as such, there's always kind of a question. It's like am I, you know? Do I really know what I'm doing? And I've talked to other kind of high-functioning people. A lot of them, the reason they're high-functioning is because largely the imposter syndrome problem kind of keeps them on their toes. It's like well, I don't feel comfortable talking about something until I actually grok it and understand it, and so you have to go to a certain threshold of learning and then I feel okay. But up to that point it's just like I know a bunch of other people who understand this, who spend time on it, and I don't understand it.
Speaker 2:Imposter syndrome, I think, is a good thing. In many ways it's kind of an evolutionary trait, right, because I think a lot of our ancestors, as long as they didn't get too confident in their understanding of, like yeah, I can deal with anything. It's like yeah, well, a new, faster animal has just fallen off and brought me down right. Yeah, well, a new, faster animal has just fallen off, it's going to walk me down, right.
Speaker 1:And so, yes, imposter syndrome to this day is a thing. Yeah, it's fascinating to me because I feel like it has the stigma, right, that, okay, eventually this will go away. And I think what it does is it just changes. It kind of changes with the role that you're in and whatnot. Like you know, for instance, I I used to have imposter syndrome a lot when I was getting started in security. Right, I don't really have it anymore for the most part, or at least I get over it pretty quickly now.
Speaker 1:Um, but you know, I was just confronted with an opportunity right to create, essentially, you know, something that communicates with satellites and it's regarding securing satellites in space in a different way, with new technologies that are just now emerging, and this is like a side project. And even with that and I'm getting my PhD in securing satellites, right, and even with that, I still thought to myself there's no way I'm going to my PhD in securing satellites, right, and even with that, I still thought to myself there's no way I'm going to last more than two weeks, right, they're going to figure out. You know I'm an imposter or whatever, right, like I literally dealt with this yesterday, you know, I was doubting myself and everything and it's it's important, I think, for people to understand like, hey, this is something that is very likely for you to, you know continuously, you know, have going on, and it's important to ask questions, to learn more, to become you know a forever learner.
Speaker 2:It is. The healthy perspective is simply a fossil one. It's so much more you don't know than you do know. You just need to get to a point of. That's the confidence that you can learn and you can acquire. It's almost like the Matrix version, right? It's just like hey, can I download the flying Apache helicopter thing?
Speaker 2:It's not quite like that. But we're asking for confidence. I think as you grow, there's already kind of confidence that's offset to that imposter syndrome which is the hey. I've done this enough times where I didn't know something and three weeks later I was like I understood it. Hold on, I've been going through that enough times. You have this offsetting instinct which is yeah, I don't know it now, but I will know in the end.
Speaker 2:And what people are valuing me for is not the sad knowledge that I have about a secret topic, but my ability to kind of grab a hold of something that I don't know today and power through and get to the hard side and distill it, connect it, aggregate it, explain it to others. That is the role that I provide and, almost by definition, it means going through periods of uncertainty where you don't understand something. Because that's the value role. Nobody does it, but it's my job to do it. And a number of times people just send me this website and it's like, hey, here's this particular intellectual life, probably a competitor, you know, just talking good and squinting at it and going, yeah, they're like a blend between S and Y and Z, with a little bit of this or that, and it's nothing really totally new?
Speaker 1:Yeah, it's really. It's a fascinating rabbit hole that we could definitely go down for the remainder of the time. But you know to kind of, I guess, move along right down your career line or your career background, right? I just did a quick look on LinkedIn, right, and it says that you were a CTO starting in the 90s and I'm wondering how is it different back then being a CTO compared to today? What's the difference? Because I feel like, personally, ctos back then were a lot less technical, right, they were maybe not, maybe not well-versed in all areas of technology, like like you had. They didn't come from the same background, whatnot and this is me just kind of spitballing, right, like this is me thinking without having that actual knowledge of what it must have been like. So, in that situation, you know what skills helped you stand apart and how is it different than from today? I think?
Speaker 2:there's both the time element of it. I think it's hard to make a distinction from the scale element. In those days, you know, I was a CTO of a company of 25, in those days I was a CTO of a company of 25, a CTO of a company of 100. And I progressed to being suddenly kind of CTO of a part of an organization at Juniper that had like a thousand people in it, right, and so there's both the time element of you know, how was this different in the 90s versus 2000 versus 2010? Element of you know, how was this different in the 90s versus 2000s versus 2010s? It's hard for me to kind of disconnect that from the reality that I was doing it in a very much smaller on in the early days and doing it in a much bigger on in the later days. So I did in the early days on the small size. I was basically the alpha developer, right, and learned how to lead small groups to at least more people as opposed to kind of BP of engineering, which was to be more. You run the entire machinery. So I was always going to just overlay into a few savants, collect the overlays kind of into engineering, and that progressed until I kind of got to Juniper and then at Juniper she felt like, okay, now I have this large team of an R&D organization and we are relationships with others. You're trying to again figure out where you can most impactfully move the needle, because there's this big machine kind of moving along and there's also more of an extra aspect to it. At that point there's an expectation okay, we've got all our festival surveys, we've got sales. The other half are the customers that are going to ask hey, what's your technical vision? Because customers aren't just eyeing your client on that, they're going on a journey with you and they don't know that your journey and their journey aligns reasonably well. So it's a much more complicated thing, unfortunately, oftentimes depending on the machinery and the bureaucracy and the existing business.
Speaker 2:But you also get further removed from actually kind of building cool stuff, oftentimes in CTOs and larger organizations.
Speaker 2:And so you know, coming back to Vectra, at a point when you know, in the very early years we had no product, we had no customers, we had a blank sheet of paper, we had a problem statement, and so it was good to shed that skin right.
Speaker 2:And now, as if you know, we're basically about six or three people now in the company.
Speaker 2:We're just kind of messed up, using some combination of the skills of you know how to build things and how much to be from not much to see, how steer of the blank sheet of paper, right, because oftentimes people are going to use the incremental building page, so being able to go from black sheet of paper as the organization has grown all those tools that I kind of built up later in my career of how you impact your organization, how do you get word out, how do you I mean they work with customers, with field people, with other parts of the organization and ultimately kind of get people onto a common for the future, all of those things.
Speaker 2:So I find that I'm now successful in this combination. I still hold on to this notion that we can build cool stuff, and so I have small teams of people building cool stuff in a cleaner form, where I can still build cool stuff, and so I have small teams of people building cool stuff in a cleaner form, right, where I can still build cool stuff and get it out. But it's also I have these other responsibilities to get much more, yeah, in service of the existing one way.
Speaker 1:Yeah, it's always a fascinating journey for me, right, to identify different skills, skills right, that different roles different organizations demand, and it's always interesting to see how people you know fit into that right, because you know, obviously, I, I see myself, you know, going and growing in that direction as well, and so it's out of out of my own curiosity as well. It's like, hey, what skills should I be working on now to prepare myself five, 10 years down the road, right? So it's always just fascinating. I feel like it's always beneficial for my listeners too, because a lot of them have that same mentality as well. So let's talk a bit about V vectra. What's the, what's the purpose of vectra? I'm sure a lot of people are just gonna say, oh, it's another ai company, right? That's what they're, that's what they're saying to themselves right now yeah yeah, what is it?
Speaker 2:so what is it so? So this journey for us didn't just about his own perspective really began in 2012, 2013, right, and so we were. When we're talking about ai, it was a very different kind of ai than for us didn't just put this in perspective really began in 2012, 2013,. Right, and so we were. When we were talking about AI, it was a very different kind of AI than what everybody talks about now, which is, you know, everything is about DNA.
Speaker 2:The notion at the time that it kind of came out of Juniper hackers at the point that they want to kind of sell their son foothold in the inside the further, but before they do, you agree with harm? And we were. We were networking people, that endpoint people. So you know, in lieu of doing that, like obviously, product strike and and and silence and others were in front of a blocker looking at this from an endpoint perspective, we said, hey, let's start with a network, because that felt like much more of a land flight at that point. Yes, you've got IDSs and things like that trying to do signature stuff, but we're like, no, this isn't a base of TensorFlow or other kinds of like a lot of the grounding elements of neural nets that you can build kinds of like a lot of the grounding elements of neural nets that you could build. We can actually use, like what I was using to refer to as SANSyNet, to go look for patterns that are indicative of attackers. And so in the early days we said, okay, we're going to basically put sensors on the network, you have shock data and we're going to check that data and we're going to de-gauze a series of different kinds of models. I'm going to look for things that look indicative of an attacker behavior and then I'm going to aggregate those attacker behaviors based on which entities they were attributed to, and then we're going to score those entities and say it's best work. We take this thing, this machine, this account, whatever is misbehaving in these different ways and you should go deal with it. That was kind of the early days, but it set the ground for a few things that I've told you to this day, which is our last part, is an application.
Speaker 2:We somehow believe that the efficacy of applying AI, ml and other kinds of models, mathematical models, through the problem of finding signals, and we don't believe it to be entirely an anomaly detection system, which is oftentimes what people did in those days. And if you look at the UEDA market, you know user identity, behavioral analysis it became this hell of well, you know this person is doing something weird. Well, it turns out that human beings, on the day that they do these weird things, that's what you usually do when you're in dust You're going to trigger a lot of signal and overwhelm the SOC teams. And if you're, on the other hand, about the attackers, that's gotten good enough in terms of flying below the radar that they're actually not going to look weird enough in a system like that. So we became much more attuned to saying if I was an attacker, what would I want to do? And then we started organizing these techniques and this was before MITRE G-Number and all of that stuff was out there. So we were effectively coming up with prefacers to classify the different attacker techniques and saying, well, I want to find that technique, I want to find the tool associated with that technique, I want to find the business of the loss, I want to find all the tools they're using long on weekends, so there's a great idea of call of life or similar or something like that maybe at any given moment, have a manifestation of it. So we built this corpus of protections and ultimately kind of built what was initially an NDR business, a network protection response business with data science, ai, mlml, kind of an underpinning to funding that signal as pincers then migrated and went in different directions in terms of data construction, right, so you're basically with detection for the data centers and for the attacks networks there's.
Speaker 2:You know, people started moving a bunch of stuff in the cloud, in the SaaS applications, and so we just have to deal with that reality. It's an exchange server and on-prem AD server, now an entry ID and, because you know, microsoft 365, the problem is still the problem. In fact, the problem is it's increased in the sense that your identity, which was under lock and key, is now federated on the internet. All of your tools and collaboration tools are kind of set to be internet-ready and out by the firewall and so lots more attacks can kind of occur and so inevitably on North Star Routes, which is you want to find attacker signal wherever it resides, we want to fire the data. So now we started acquiring the laws as of like four or five years ago. More and more laws are more logs into the system, but again, unlike a sim, which has very little opinion about those logs. We're like very careful about how we pull those in, how we represent them, how we stitch them, how we aggregate them in service of finding that attacker signal and effectively prioritize that. But that's kind of now the power of mission.
Speaker 2:So, whether it's the VRAM, public clouds, even public clouds, is your network being attacked or is your control plane being attacked? There's a two different attack factors. You've got identity out there federating it. You've got Microsoft 365 and all your assets and teams and other things out there. You've showed off messages via network and now you also you're just trying to reinvent your campus network by this flashy thing where you've showed off messages via network. And now you also you keep trying to reinvent your campus network by this flashy thing. You have a disease killer or an ex-co or a palo right. So it's kind of follow the modern ponce jokes that everybody else kind of created. And yet it's why that visibility across all these distributed tax services and this is where it becomes kind of XDR-ish, which is the term of art nowadays it's like, well, if we're covering these different attack surfaces your public cloud, your data networks, your identity, your app, the apps that you have that are the ones that you care about and at a customer's depth. We've now started integrating EDR alerts in which is kind of like a long other major attack surface that people tend to care about. So if we're pulling all these things together and we're aggravating them and we're exposing them to you as a hey, this looks like one attack, go investigate it, then the best term for that.
Speaker 2:In the same age, even though XDR is still defying, I wouldn't say that's ultimately the mission of XDR. It's trying to be. Can we come a third-party, take all these different signals some of them are native to us, some of them are third-party stitch them together, produce great speech, get them to their speech, which is response-tribunal? But it isn't. Because if you look at an account in this day and age, on-the-found, it's going to be a domain slash account In Azure AD. Azure AD will be your email address Within Azure itself. Mad Synths and RIDs and UPN and other kinds of things. They all refer to the same object. So a simple problem with people like getting all the last stuff done, like Wlinka, so that people are called as FOP and you have deductions related to that account in there as well. Funny thing to all stitch together. It's a non-trivial problem. This is where Simmons has struggled, quite frankly, and this is how I put it this DIY problem and Simmons and Shore and all that, and so we have to do a lot of heavy lifting for our customers and connect the dots, and also that we cannot prioritize things based on what we know and what they know as a collection. So AI is going to be used for mental disorders with identity.
Speaker 2:When we talk about attacker behaviors, a lot of this model are ML models and AI models. Again, ai is a term of ours, but 3GEN AI my repented description of AI was something that looked like it had some pixie dust in it. I mean you couldn't easily understand and so if you went back two or three years ago, this would be a lot of neural nets and deep learning and stuff like that. It was really at the forefront of what we might have called AI in those days. Obviously, in the last 18 months, jet AI has looked a lot out of the sun.
Speaker 2:Jet AI is generally not terribly good. I find it a good behavior. Jetai has a lot of fun. Jetai is generally not terribly good at finding hacker behavior. It was like, yeah, it doesn't have that kind of rational system, but it is useful. It has a number of things that two related accounts that we just have right, which is it can be useful for defenders If you look at things like Microsoft Security Pro I live under FN, crossfact, charlie and others but there's a notion of, hey, can you lower the bar and make it a little easier for those security analysts to basically give them this purpose of data that we're exposing them to and have them just deal with it in natural language? That's an edge On the attacker side.
Speaker 2:Clearly, there's a changing number of applications to affect resourceful engineering, be it writing something in the voice of your boss to basically actually reporting a voice on a voicemail from your boss that reports to you from your boss, to basically actually recording a voice on a voicemail from your boss that reports to you from your boss to ultimately have videos and other kinds of things like that. So there's a way, from a social engineering perspective, that Atomic is going to get use of this. And then there's one other part that people, beyond the kind of internalized, which is it's kind of the problem upon a task of its own. So if you think about WAF and AppSec as this problem whereby you know nefarious people would attach my application stack and figure out how to do C4 injection and script injection. Well, now it's 10-cal-LM.
Speaker 2:I see a lot of that.
Speaker 2:That means like, yeah, well, now it's trying to tell a lamb as a middle-of-the-bath.
Speaker 2:And now, when you go from the degrees of freedom that we've all had with the application with HTML to, hey, anything you can express in the English language in any form that you might want for its process, right, so that gives this notion that our duty to this world is to allow lambs Not just to have the lungs eat for pirates, but just use your identity but conducting donations, advocating that, these things on your behalf, but with more proven identities. That is going to get broken into. And so I think there will be a little bit of a mea culpa over the next two or three years as people keep rolling in more LLM-enabled things without selling a lot of for-pa, because if you're a CTO nowadays, you're being taught by your CEO. Hey, what are you doing to launch a new channel? Well, it doesn't matter. Celestine, right? So let's say you want to build a code system for our Celestine so we can just talk to a chatbot, right? So let's say you want to create a code system for our cell scene?
Speaker 2:Okay, so we create something where the cell scene can just go up to a chat box and say I want a code for these thoughts and for this hospital, and it should be similar to the code that we previously did for customer Z.
Speaker 1:It's like okay, great.
Speaker 2:When we launch a cell phone and you record a system and you're always sharing, and so I think it's just a better deal. You go okay, great, when you have a self-holding, you call it system and you're always sharing, and so I think it's just a little bit of you going well, yeah, you always said that way. You know one twist here and then you go, that system will have a lot of health core, to understand you, but the self-guided way. Well, in the back end it will have a region that is privileged. You're have an agent that is privileged. You'll notice that they have the sales force as the financial sales force, because these days you work on behalf of any of the sales guys that come in the front desk, not just this one sales guy, right? And then I'll ask you to quote whether or not you fully understand the quote system, because these are great quotes on behalf of any of the sales guys.
Speaker 2:So now you're talking about the law connecting in a privileged way these systems in your environment and I'd be like, okay now if an attacker that's inside and steals the credentials of that one sales guy, which is not a privileged account, and so you say, well, how much damage can they do. Well, they could punch a photo of your rate by going through this amorphous blob, getting over the guardrails or dealing with some inconsistencies in how the agent is implemented, and now they can dump the entire Salesforce database or the entire coding system and stuff like that. So those are the issues that we're trying to look at, but again, our perspective on this stuff is okay. If we believe those attacks will occur, where do we need to insert ourselves to get the data necessary to be? And then what theories can we form as to how we would find that attack or signal at high fidelity and relatively low noise, because you fill all the noise, but this is something the entire system requires.
Speaker 1:There's a lot there to send the entire system to hell. There's a lot there. It sounds like the solution is closer to a next-gen SIM XDR source solution. I mean, it's doing a lot. And something that you mentioned earlier on is catching the attackers as early as possible.
Speaker 1:Um, you know, a lot of the times security technology is catching attackers after the fact, right, or it's piecing things together after the fact. And now here you are a breach happened, someone got into your network, someone extracted data, whatever might might have been right, and you're trying to piece together how they did it. You're trying to figure out what they even took right, and it's, uh, it's, it's almost like the rest of the industry kind of gave up, right, I'm trying to identify as soon as that bad actor entered the environment. Yeah, and I, I've seen solutions where you know they base the attack or they base the identification of an attack off of a user's interactive, you know, or activity within the environment, right. So you know, I always kind of tell this story, right where we had this really cool piece of technology, had it in the environment. It was looking at the activity of what engineers are doing, where they access different resources, where from and all that sort of stuff and if anything was out of the norm it would alert you to a potential attacker and it was like meant it was meant to not give you so many alerts. That was like the big selling point.
Speaker 1:And then I talked to one of the engineers, one of the system engineers of our company, you know one of the one of the bigger ones, one of the guys that have been there for you know 20 years, that has access to things that you know you probably wouldn't expect Right and I brought up that solution. You know you probably wouldn't expect right and I brought up that solution. He goes oh yeah, I have to log into. You know 25 different systems. You know, once a month I've found to make sure that I maintain access because you know there's always that one time where you haven't logged in for a couple months and you know the solution pings it when you're up at 2 am and you're trying to do work right and I'm just sitting here like man. This guy just defeated what was supposed to be the crux of our security program. He just completely defeated it.
Speaker 2:Yeah, you kind of think about look, what do I have to do for those systems to kind of remain violent? Well, I'm not going to word on it right, effectively, right. On it right, effectively, Right. And you know, the way I'm going to kind of think about this is, again, I think oftentimes people design security solutions for like this idealized view of the world as to how the world works. Again, you know the standard saying it's like oh, you know users, you know, if you observe users for a week, a month, you know you can pretty much figure out their patterns and then you will only trigger a handful of anom month. You know you just figure out their patterns and then you will only trigger a handful of anomalies. You know a year, okay, great, you've got 100,000 users, a handful of anomalies a year. Let's say I earned it by $100 a year. I'm not actually working for a certain life, and so part of the epiphany that we had was that if you're trying to perfect any individual signal, one individual signal, and have it be the end-all, be-all for detecting the threat, you're going to invariably fail, because at that narrower scope that trying to get that one signal perfect you will invariably have, you'll draw a threshold and customer A will say it's too noisy and so you'll. They increase the threshold so you have less noise. And then customer E will say even this long? And so you find yourself a lot of constantly kind of going back and forth dealing with this, the purse of noise and noise and coverage.
Speaker 2:For us, I think, the destiny was ultimately you need just a lot of lower rate signals connected to the system, and the job was really to get out of the cumulative and as quickly as possible, how the comrades of evidence can build something. And for those of us who aren't about to use the patch zone, why not push something like that? Because that won't be going to be there. And so we're going to have to hear from the professors or we're going to see if the so we're going to have to hear all we want to hear. As soon as I have all the guesses on the scenes of Batman distinguish itself sufficiently, you're going to have 2000 alerts of you. If I let this story play out for two, three, the ones that are clearly not trending officially split off from the ones that were more threatening, right, and now you have the obstructive problem of dealing with the ones that actually look like they're progressing on a threatening path. It means that you have delayed by one or two or three hours, you know, trying to get on top of it. So this is, I think, for us it's sort of doing the same thing. We try and kind of give it to our customers, the best customers, the customers who are realistic about you know what resilience means. Get it.
Speaker 2:A lot of customers coming early in the journey from a kind of preventive mindset, they're like what do you mean? Something is in my environment. We should try and detect it immediately. I'm like, yeah, but it's not a tractable problem. There might be a thousand things in your environment. You can take them all out and thereby you're kicking off after legitimate users, or you're sending off a whole bunch of you know triage and deal with signal where just you know. Take you off and just chill. Let us our mobile environment, just you know, dig you off a crystal shell and let's see what they do next before we decay them. Bitter evil.
Speaker 1:This is a rabbit hole that I feel like we could go down for another couple hours, right, I mean, that just means that I definitely have to have you back on and we'll do a part two of this. But you know, oliver, we're unfortunately at the top of our time here that we have. But before I let you go, you know how about you? Tell my audience where they could find you if they wanted to reach out and where they could find Vectra AI if they wanted to. You know, learn more about the product.
Speaker 2:Yeah, sure, basically, vectra AI, easy enough, it's Vector and the product. Basically, I mean you can reach out to anybody kind of like info at Vectorai. Obviously you know Shieldkins and you know all the regions across the world. They can kind of reach out to us and people on our website. In general. We try and do a good job of providing you not just to stand out from marketing market texture. Right, you can go to our blog levels and other kinds of stuff like that. If you're, if you're trying to reach out to me directly, I'm, you know, I'm one of the OGs, so you can just reach me all over at Nice, awesome. Well, thanks, oliver.
Speaker 1:Awesome. Well, thanks, oliver. I really appreciate your time and thanks everyone for listening. I hope you really enjoyed this episode and we'll most likely, you know, have Oliver back on and do a part two.