Steve Kenniston, Dell Technologies | Cube Conversations
foreign [Music] welcome to this special Cube conversation as part of our recognition of cyber security Awareness Month Steve kenniston is here he's a senior cyber security consultant at Dell technology Steve good to see you good to see you Dave glad to be back on thecube so look Lots has changed in cyber over the last couple of years and we want to update the audience on the major Trends I want to start with the the AI heard around the world right I would argue that prior to the announcement of chat GPT the good guys the technology vendors had more access to AI in fact I would say most access to AI and then all of a sudden open AI releases all these tools now you're getting you know the the bad guys have more access and could do more bad things how has that affected sort of what you've seen in the trend landscape well the first thing I would ask is you really think that's Fairground Dave the AI only used by the technology vendors no definitely not only but I would say that they predominantly had the best AI Tech and then like take phishing emails for instance how many Bad phishing Emails have you seen um over the years and I think I actually think they're getting better right because you can run them through chat CPT or you know give me some malicious code that you know AI will generate for you so I I would say in general I think the consensus is and I wonder if what you think about this is that initially the the release of chat gbt helps the bad guys but over time we'll reach some kind of equilibrium and might even help the good guys what do you think about that I actually like where you're going with that Dave because uh I think I think in my mind I have two Avenues or two paths at which gen AI can really be helpful towards um cyber security well not not to both Avenues being helpful one Avenue is how are the bad guys going to leverage it what are they going to be able to do to you and then one is is how is it going to be helpful to a lot of the security tools and technology that are out there that are actually going to be used to combat a lot of those threats but that's really all kind of at the end I don't know a lot of vendors that have put a lot of gen 8 gen AI into their Solutions yet it's something that we're definitely looking at but the real question then becomes um you know do you have a solid foundation in your environment a song infrastructure to be able to to have a secure environment what are you looking to do what have you what have you been doing things like reducing your attack surface things like being able to detect and respond to threats things like being able to recover from a threat those are some of the basic foundational building blocks to being able to make sure you have a secure well let's talk about actually I just want to make a comment I think you know you're right I haven't seen a lot of vendors yet put gen AI because it's generative AI gives you a different answer every time so that's probably not the best solution I'm sure there are other ways to certainly uh summarizing you know maybe automating run books things like that which we've already been doing but come back to reducing the attack surface what you know how do you do that what are the major Trends you're seeing within your customer base as to how they're you know effectively achieving that yeah I think there's a list of things you can do to help reduce your attack surface but a lot of them start with just implementing a zero trust environment right are you are you doing the things that require you you to have a non an environment where people are not trusted they're only trusted once they get in and get through the front door and all of the applications behave the same way they can't just you know the castle and moat analogy doesn't work anymore you can't just come in and use things so capabilities like multi-factor authentication are being laid out and used a lot these days and I think it's it's very helpful that's a that's a number one way to kind of really help start to reduce that attack surface things like roles-based access and getting consistency among who has access to what and what privileges do they have when they're in there we have things in our backup environment that are a little bit different that they might not think of but things like um dual authorization for destructive commands so you need two people to basically turn that key to the nuclear missile not just one person so if you have a rogue employee walking out the door who wants to delete that data pool you need two people to say yeah that's actually the thing we want to do so there are some really important things you can do to make sure you're reducing that a surface what I like about what you're saying is a zero trust sometimes is amorphous concept to people and you know when you think about like the nist framework or the miter Frameworks they're really good but they're hard to operationalize you just gave three examples of the multi-factor authentication which of course is just good best practice role-based access which means more granularity and then you know two switch authorization those are operational uh policies that you can actually put in place that fit into a more comprehensive zero trust architecture which of course is it's a maturity model right you know not like non-zero trust one day and then you wake up and you're zero trust it's it's a journey yeah that is the hard thing I mean it you got to take it step by step and you know like you said these Frameworks are very big they can be very intimidating to some customers especially depending on your size and depending on the skill set that you have inside your company dealing with security we've actually gone a step further at Dell and we've actually announced Project Fort zero last year or this year at Dell technology world and that's a way to basically uh One-Stop shop purchase a zero trust infrastructure and put behind it the capability that you're going to need to be able to have to secure not available yet right but but will be you know in time in in the US Department of Defense is is working with Dell to help Implement and put a lot of those um Partners together to take it it takes a village right we like to say security is a team sport right a lot of a lot of different folks collaborating and putting things together to be able to deliver a true zero trust environment yeah so project four zero typically what Dell does is they'll announce something at Dell tech world there's a project and in the year later the product ties it we saw that with you know project Frontier and a number of other projects as well so I would expect that you know sometime around next May um what about remote work and now hybrid work you see an interesting Trend I mean obviously remote work changed the world and then now you then you had hybrid work now you're seeing a lot of people forced back to the office so people having to beef up the corporate networks again so how has that affected just the overall attack surface yeah I think I think that's one of the number one areas where things like multi-factor authentication can be incredibly helpful right so it used to be once you came into that office and you sat at your desktop in your PC you were inside the corporate firewall inside the network and you could you could you had access to anything that you wanted right now everybody's outside and they have to be able to get in but but not everybody has access to everything right before when I was inside there I might have had access to to everything but I was considered trusted because I'm my badge I got through the front door that was fine now any application that I need I actually need explicit permission to be able to use and if I if I have that and I have my multi-factor authentication key card and every time I try to use it I have to authenticate who I am now I'm getting the the organization is getting more secure and more granular about who has permission to do what and who can actually have access to those corporate corporate Jewels this point you're making about you know it used to be if I'm behind the firewall I'm safe it no longer is so that that means that detection threat detection and response becomes much more important so what are you seeing there as Trends and what is Dell doing in that area yeah so we have a number of different tools starting with our manage detection response team that helps to you implement some technology in your environment that actually goes and looks to see what's happening looks at the trends and this is where you know we talked about gen AI Dell uses a lot of AI to be able to help capture things like anomalies that are happening within your environment changes that shouldn't be happening right and and send a warning now in some cases those warnings might be a false positive right but at least it's a warning that it's not normal and hey you better pay attention and see what's going on and our services organization helps to monitor that so again along the skills Gap range right you have you have an extra set of eyes or is paying attention to the things that are going on within your environment and you can even graduate that to an xdr an advanced set of um Security on site looking for these kind of anomalies to be able to you know set up a morning help you stop Gap what's going on and we should go back to um another great solution that helps you to reduce the attack service but is caught by this this this threat detection this detection and response is doing things like Network segmentation so if I detect a a an issue within my let's say my Oracle database for my financials if it's Network segmented only to that area then the Bad actors aren't going to automatically they might figure it out but they're not automatically going to get through to my other database maybe my Salesforce database or some other database right so um being able to detect and respond and actually mitigate that blast radius where things are going and that sort of thing that's all about detecting what about the the backup and Recovery strategies how have they evolved prior to the pandemic a lot of people said that our business resiliency strategy was really based upon Dr which was essentially an architecture that was designed for an event that was going to occur once every 10 years right so they said wow now the combination of pandemic and increased cyber threats means that our business resilience strategy needs to evolve and so part of that is being able to recover and that's why a lot of attackers go after the the backup Corpus so what are you seeing as Trends there yeah I I think you know with my knowledge and experience in backup that's right right in my wheelhouse and I see a lot of changes and a lot of Trends going on in that space that are very good that a while ago you might have thought were negative but but aren't necessarily today things like the first thing I always tell customers is stop architecting for backup start architecting for recovery today we have tools and solutions that can back up a petabyte of data in an evening big deal if I can't get back the two terabyte database I need that runs my business I don't care how much data I backed up last night right so start thinking about what first of all what is it that runs your business and what are you going to back up and protect and and how are you going to do that and this is where I see one of those trends of you know in the day we used to say one backup vendor simplify your life make make your organization simple things like snapshotting snapshot backups replicated backups backups to vaults right these all make sense depending on the data type that you have right so so Technologies like snapshot based backups that can do instantaneous recovery and this will get to another point that I want to make is now now I know if I can do instantaneous recovery for that small data set even though that product might be a little bit more expensive it's different than my streaming media Solution that's backing everything up to tape or or just big disk drives I'm know for a fact I can get the business back up and running really quickly with that solution right and I can worry about you know the 85 percent of other stuff that is you know Steve's PowerPoint that nobody really cares about I can get that back a day or so later right but I can get my business back to operational that's really important the other nice thing about having solutions that allow you to do things like instantaneous recovery is testing remember in the in in the um uh Disaster Recovery world you say you didn't have a disaster recovery plan if you didn't test the plan same thing happens with your cyber security point which you didn't test it was too risky it was too risky tested right yeah it's too difficult right right but now when I can just Mount that that VM recover and mount that VM test it make sure it works I can even use some automation tools which is really becoming more prevalent these days to make sure that active directory came up before my ldap server that became that you know before my my exchange database to make sure that I could actually get to my email when it came up I can do that now in a matter of a few Mouse clicks right or I can automate that and say do this and have my coffee and come back and test it if it works great and I know and I feel safe I feel confident that I'm protected if it doesn't work then I can change my automation schedule or I can you know click this this that and the other thing and it comes up in the order that I want and boom now I have that confidence again right so that's important how are customers dealing with tools creep and you think about you know threat detection you got intrusion detection you got you gotta you got to worry about endpoint you've got the Sim tools that have that are kind of Legacy but have been around right and part of the compliance and audit makes you have them so you've still got this tools creep problem how are you guys solving that as you guys come with a One-Stop shop is it a services play how are customers dealing with that yeah that's a that's a really good question from the standpoint of of um it happens this has been happening throughout I.T for for decades right no matter what the technology was um one of the things that we're doing at Dell so first of all there's no One-Stop shop right I mean no one vendor does Everything 100 the way you would want it right but one of the things that Dell has done is we actually have a security team within the organization within our infrastructure group right that does something to ensure that all the solutions so servers networking storage data protection Cloud IQ that they can run a consistent MFA solution or they can run a consistent rules-based access solution or that they can run a consistent you know other security solution and the premise behind that is to say if a customer has has uh you know kind of decided that they want to use one of these MFA tools we can we can say that we can make your life a lot simpler you're not learning four or five new different tools for each type of login that you want you have consistency among all of your tools right so that's that's one way right I think another way that's going to help and we'll get to this a little bit later is is Janae I will be able to help solve some of that in the future right but not right now what should customers think about in terms of of incident response planning I mean obviously it starts with planning the the how can how can you help customers sort of update their thinking and their protocols for incident response yeah I think I think one of the bigger things that happens in incident response planning is is the first thing everybody thinks of is this is an I.T issue right and you know what you know what are you going to recover first which is a good part of the plan right you got to know you know what's going to keep the business operational but all these other things that make a difference like how do you notify your customers who should be notified do you have how does your website operate is it is it Partners come to your site and deliver you things how do you notify your partners so that you can then in turn notify your customers are you in a regulated industry what's your communication protocol out to that in part of the industry right or out to the the consumer base right are you publicly held right what do you need to say all of those things make up an incident response plan it's not just about the technology components that are in place to help you recover the data to get the business running again that's 50 of it the other 50 is who is responsible for the notification how does that notification go out um do you notify the police do you have to notify the FBI you know who who does that how does that happen do have you tested I say tested that but have you have you called them and said hey you know if I call you how do you respond how do you want me to respond to you what data do you want me to collect for you those are all pieces of that overall incident response plan that you need to have in place and and again practice that plan should I pay the ransom you know it's funny we just did an interesting survey with the Enterprise storage group and um 50 57 of the people that paid paid again to make sure they got all of their data back and they still didn't get it all back but they they paid twice to be as sure as they could be I mean you know don't negotiate with terrorists but I mean at the end of the day so we we did a uh an on-stage interview with um with a customer at Dell technology world and they paid and they paid because they just wanted to be sure to give the confidence to the consumer that by paying they were doing everything in their power to ensure that everything was back no they won't confirm or deny that they got everything but they went through the motions to make sure that that was going to happen and there's some legal risk there too right if you're paying a rogue State like North Korea if it happens to the attack came out of North Korea yeah it's actually illegal right to pay a terrorist like you said so it's a really complicated situation you said you want to come back to to gen AI what's the what do you want to come back to is it a does it help with skills does it help with automation um what did you want to sort of touch on I think the answer to all that is yes right I think I think we know like you said in the beginning that gen AI is going to cause a massive amount of of attacks so just like gen AI can help you scale your business from a security standpoint to be able to put tools in place and actually monitor what's going on and have all of that be automated that's fantastic so can the threat actors right the threat actors can now scale like you said they can any type of different phishing email now they can make sure it's punctuated not just the right way but but we have seen examples where they purposely misspell words that your boss might misspell right so it's like oh it's going to be real he always misspells l or she always misspells that word so that's that's going to be from that person right and then you go often you and you do the event right and it's like all of a sudden there's a problem right so um I do think it's going to help with the skills Gap because I do think in many ways um I've done some some in early investigation and some work and I know you know these guys the chaos search guys that can actually look at log files and allow you to ask specific questions about you know what should I be looking for and where should so you don't have to have a lot of knowledge but if you ask the right questions it can tell you what to go look for and so while training is ultimately really really important not just training your employees not to click on that mail but training your employees in it of what solutions that they should be going to look at and what's new on on the truck that can help them subvert the adversary these are some ways that you can actually get get a lot of that stuff in place before they actually get that that deep level of Education yeah and but having that education is obviously very very important because the user can mess up great security any day I mean some csos say don't click on links right well how can I not click on links don't click on links well but if you send me a YouTube If okay if it's coming from Me Maybe it's okay but just thinking right well me but well what about the CEO right oh well that's okay too well well now right now the world's getting bigger right yeah so all right Steve hey uh we'll give you the last word uh thanks for the support and cyber security awareness month it's a big deal uh and something that I think as part of that security culture forces us all it's no longer an I.T thing it's no longer just a board thing it's a middle out everybody thing give you the last word yeah I think we're really excited about cyber security awareness month I think what this allows us to do is to really just hopefully provide a great educational platform for folks not necessarily talk a lot about products and solutions but talk about things you need to be paying attention to within your environment now of course everything costs money right so but what should I be paying attention to what type of assessment should I be looking at how can I properly think about where my gaps are in my environment and how do I balance that with risk and also my budget right those three things play this this tricky Balancing Act and and we just want to help close that Gap well thanks for the good work that you do and and the folks at Dell Technologies appreciate your thanks Dave you're welcome all right thank you for watching this Cube conversation this is Dave vellante and we'll see you next time foreign [Music] foreign
2023-10-14 14:20
