Check out our companion blog!
July 15, 2024

IT Security Audit Essentials: Protect Your Network

In this episode of The Backup Wrap-Up, we delve into the critical world of IT security audits. We explore why these audits are essential for maintaining a robust cybersecurity posture and how they can help organizations identify and address potential vulnerabilities. Our discussion covers key elements of surviving an IT security audit, including user education, application whitelisting, and securing remote access protocols. We also touch on the importance of regular security assessments and proactive measures to stay ahead of cyber threats. Whether you're an IT professional or a business owner, this episode provides valuable insights into conducting thorough IT security audits and implementing best practices to protect your digital assets. Tune in to learn how you can strengthen your organization's defenses and become a cybersecurity hero.

Transcript

Speaker:

W. Curtis Preston: Welcome to the backup.

 

 


Speaker:

Wrap up your go-to podcast for all things backup recovery and cyber recovery.

 

 


Speaker:

I.

 

 


Speaker:

In this latest episode of our series on ransomware, we're

 

 


Speaker:

tackling a critical aspect of cybersecurity, the IT security audit.

 

 


Speaker:

We'll explore why they are essential, what they entail, and the things that

 

 


Speaker:

you could implement in your environment to actually do well in such an audit.

 

 


Speaker:

We talk about user education, application white listing, a

 

 


Speaker:

whole bunch of other things.

 

 


Speaker:

Key elements that make up a comprehensive IT security strategy stick around

 

 


Speaker:

as we unpack the ins and outs of it, security audits, and equip you

 

 


Speaker:

with the knowledge that you need.

 

 


Speaker:

If you are not familiar with me, I am w Curtis Preston, AKA, Mr.

 

 


Speaker:

Backup.

 

 


Speaker:

And I've been doing this for over 30 years.

 

 


Speaker:

Well, not the podcast, of course, but backups.

 

 


Speaker:

Ever since, I had to tell my boss that we had no backups of a

 

 


Speaker:

production database that we had lost.

 

 


Speaker:

I got this passion.

 

 


Speaker:

I don't want that to happen to you, and that's why I do things like this.

 

 


Speaker:

On this podcast, we turn unappreciated backup admins into Cyber Recovery Heroes.

 

 


Speaker:

This is the backup wrap up..

 

 


Speaker:

To the show.

 

 


Speaker:

Before we continue, can I ask you to click to subscribe or follow button so

 

 


Speaker:

that you'll always get our great content?

 

 


Speaker:

Thanks.

 

 


Speaker:

Hi, I'm w Curtis Preston, AKA, Mr.

 

 


Speaker:

Backup, and with me as always is my secret assistant conspire persona.

 

 


Speaker:

Molly, how's it going?

 

 


Speaker:

Persona?

 

 


Prasanna Malaiyandi:

I am doing well, Curtis.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

So, uh, what can I assist with?

 

 


Prasanna Malaiyandi:

W. Curtis Preston: No.

 

 


Prasanna Malaiyandi:

No, no.

 

 


Prasanna Malaiyandi:

No, you, you're, you're conspiring with me regarding my secret assistant.

 

 


Prasanna Malaiyandi:

Oh, yes.

 

 


Prasanna Malaiyandi:

Yes.

 

 


Prasanna Malaiyandi:

Your, well, I am assisting with your secret assistant.

 

 


Prasanna Malaiyandi:

Yes.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

Uh, did you know, did you know that he was secret?

 

 


Prasanna Malaiyandi:

Did you know that?

 

 


Prasanna Malaiyandi:

I haven't told my wife.

 

 


Prasanna Malaiyandi:

Oh, geez.

 

 


Prasanna Malaiyandi:

Don't put me in that spot because you know that if,

 

 


Prasanna Malaiyandi:

W. Curtis Preston: I haven't told my wife that I have a.

 

 


Prasanna Malaiyandi:

It, it could just say that it's, uh, the Easter

 

 


Prasanna Malaiyandi:

bunny came over and everything went poof and cleaned itself up,

 

 


Prasanna Malaiyandi:

W. Curtis Preston: somehow magically I got a lot more done around the house

 

 


Prasanna Malaiyandi:

than I, than I would normally get done.

 

 


Prasanna Malaiyandi:

yeah.

 

 


Prasanna Malaiyandi:

Or it could be like those one 800 junk commercials.

 

 


Prasanna Malaiyandi:

You point, we, we take it a bit away.

 

 


Prasanna Malaiyandi:

We make it

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah, it's, it's kind of like that.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

I, I've hired a guy who's helping me get some stuff done around the house

 

 


Prasanna Malaiyandi:

because I just can't get it all done.

 

 


Prasanna Malaiyandi:

Um, 'cause you know, me, I'm a, I'm a very, like, I like to do things myself

 

 


Prasanna Malaiyandi:

that's why I was very surprised.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Um, and, uh, but.

 

 


Prasanna Malaiyandi:

I just, you know, I've been so busy with, you know, with the new job

 

 


Prasanna Malaiyandi:

and the podcast and all the diff all the stuff that I've been doing to

 

 


Prasanna Malaiyandi:

make the podcast, uh, you know, to grow the podcast and all that stuff.

 

 


Prasanna Malaiyandi:

And, um,

 

 


Prasanna Malaiyandi:

Prasanna Malaiyandi: Well, it's just excuses,

 

 


Prasanna Malaiyandi:

W. Curtis Preston: building, building up.

 

 


Prasanna Malaiyandi:

Well, I think it's also excuses because if it

 

 


Prasanna Malaiyandi:

was something you enjoy doing, you know, you would go do it

 

 


Prasanna Malaiyandi:

W. Curtis Preston: I would find time.

 

 


Prasanna Malaiyandi:

yes.

 

 


Prasanna Malaiyandi:

But because this is cleaning stuff up and other tasks which are low on your

 

 


Prasanna Malaiyandi:

priority list and don't bring you joy.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: They don't bring me joy.

 

 


Prasanna Malaiyandi:

The result brings me joy, but the actual activity does not bring me joy.

 

 


Prasanna Malaiyandi:

So I,

 

 


Prasanna Malaiyandi:

me and the last like four weeks I've been weeding outside and

 

 


Prasanna Malaiyandi:

although it's not awful, it's like very

 

 


Prasanna Malaiyandi:

W. Curtis Preston: how weeding can take you four weeks.

 

 


Prasanna Malaiyandi:

Well, I do little bits at a time, like I'm out there for

 

 


Prasanna Malaiyandi:

like, like they're like, I'm sitting there picking each individual weed.

 

 


Prasanna Malaiyandi:

Curtis.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: I, uh, I don't know.

 

 


Prasanna Malaiyandi:

I don't know how that works.

 

 


Prasanna Malaiyandi:

You need to get a guy, you need to get a weed guy.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

My wife tells me I need to, we should get a person to clean.

 

 


Prasanna Malaiyandi:

I'm like, uh, it's okay.

 

 


Prasanna Malaiyandi:

It gets me out in the sun and now, like last weekend, we sat outside,

 

 


Prasanna Malaiyandi:

enjoyed the back yard because then you enjoy it even more because you didn't.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Right, right.

 

 


Prasanna Malaiyandi:

Well.

 

 


Prasanna Malaiyandi:

We're gonna talk about, we're gonna talk about nothing like that.

 

 


Prasanna Malaiyandi:

Uh, this week we're gonna talk about securing your IT environment, and

 

 


Prasanna Malaiyandi:

specifically this is in support of, uh, stopping ransomware.

 

 


Prasanna Malaiyandi:

Uh, and, and, you know, and cyber attacks, right?

 

 


Prasanna Malaiyandi:

This continues on from our previous episode where we talked about the

 

 


Prasanna Malaiyandi:

three things that I think like absolutely everybody has to do.

 

 


Prasanna Malaiyandi:

Um, you know, that, that you just absolutely cannot get by,

 

 


Prasanna Malaiyandi:

would doing or without doing.

 

 


Prasanna Malaiyandi:

And what were those,

 

 


Prasanna Malaiyandi:

Patching password management and MFA.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: yeah, we throw

 

 


Prasanna Malaiyandi:

Woo hoo.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: there a lot, right?

 

 


Prasanna Malaiyandi:

I go back and think.

 

 


Prasanna Malaiyandi:

I was like, what did we talk about?

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Well, the good news is we talk about those three a lot, right?

 

 


Prasanna Malaiyandi:

Um, and the, I've been, you know, I've been working with my new,

 

 


Prasanna Malaiyandi:

uh, co-author of my upcoming book.

 

 


Prasanna Malaiyandi:

I.

 

 


Prasanna Malaiyandi:

I don't know if we're public about that yet, so I won't use his

 

 


Prasanna Malaiyandi:

name, but I have a coauthor from my upcoming book on ransomware.

 

 


Prasanna Malaiyandi:

I've been talking to him about that.

 

 


Prasanna Malaiyandi:

And we've been talking about a lot of the things that people

 

 


Prasanna Malaiyandi:

need to be do, that people need to do to secure their environments.

 

 


Prasanna Malaiyandi:

And um, so one of the first things that I wanted to talk about is, you know, I

 

 


Prasanna Malaiyandi:

dunno, you've ever heard this thing that this, um, like, we get a lot more done.

 

 


Prasanna Malaiyandi:

You know, if there weren't so many customers, right, and it, we, you

 

 


Prasanna Malaiyandi:

know, it'd be so many, so much fewer.

 

 


Prasanna Malaiyandi:

So, so, uh, how do I put this?

 

 


Prasanna Malaiyandi:

Uh, there'd be so fewer problems.

 

 


Prasanna Malaiyandi:

There'd be fewer problems.

 

 


Prasanna Malaiyandi:

Why?

 

 


Prasanna Malaiyandi:

Why isn't this coming out in English?

 

 


Prasanna Malaiyandi:

There would be,

 

 


Prasanna Malaiyandi:

there would be more time to do stuff with,

 

 


Prasanna Malaiyandi:

less with people doing dumb stuff if people didn't do dumb stuff.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: I was just trying to say something funny.

 

 


Prasanna Malaiyandi:

It's just not coming out right.

 

 


Prasanna Malaiyandi:

Anyway, so what would you say is the number one security

 

 


Prasanna Malaiyandi:

risk in every environment?

 

 


Prasanna Malaiyandi:

Every IT environment.

 

 


Prasanna Malaiyandi:

Oh, this is obvious, Curtis.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: What's that?

 

 


Prasanna Malaiyandi:

It's the users.

 

 


Prasanna Malaiyandi:

People, humans.

 

 


Prasanna Malaiyandi:

The humans.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: is.

 

 


Prasanna Malaiyandi:

It is the human.

 

 


Prasanna Malaiyandi:

It is the human, by the way.

 

 


Prasanna Malaiyandi:

Do you

 

 


Prasanna Malaiyandi:

I do have a question

 

 


Prasanna Malaiyandi:

W. Curtis Preston: sure.

 

 


Prasanna Malaiyandi:

with chat, GPT and hallucinations, do you

 

 


Prasanna Malaiyandi:

think that now becomes an issue?

 

 


Prasanna Malaiyandi:

W. Curtis Preston: I am not prepared to discuss that at this time.

 

 


Prasanna Malaiyandi:

Um, no comment.

 

 


Prasanna Malaiyandi:

So the, the, um,

 

 


Prasanna Malaiyandi:

I was,

 

 


Prasanna Malaiyandi:

So, so I, I, I like your, uh, users being the

 

 


Prasanna Malaiyandi:

problem because I know in backups, right, if we think about that right.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: right?

 

 


Prasanna Malaiyandi:

A lot of your restore scenarios are

 

 


Prasanna Malaiyandi:

because people did dumb stuff.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

I think you've made, you've had the story about someone

 

 


Prasanna Malaiyandi:

accidentally deleting a file server.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah, absolutely.

 

 


Prasanna Malaiyandi:

And, and the thing is, as we have made it systems more resilient, right?

 

 


Prasanna Malaiyandi:

You have to realize that when I started it, we didn't have raid, right?

 

 


Prasanna Malaiyandi:

So we had mission critical servers running on individual hard drives, right?

 

 


Prasanna Malaiyandi:

We didn't really have highly available systems, et cetera.

 

 


Prasanna Malaiyandi:

Not, at least not in the open systems world, I think they

 

 


Prasanna Malaiyandi:

did in the mainframe side.

 

 


Prasanna Malaiyandi:

But, um, so as we've made, especially storage systems more resilient,

 

 


Prasanna Malaiyandi:

the percentage of time that we have to, you know, that the, that the

 

 


Prasanna Malaiyandi:

problem is the user is like 95%

 

 


Prasanna Malaiyandi:

Yeah,

 

 


Prasanna Malaiyandi:

W. Curtis Preston: right?

 

 


Prasanna Malaiyandi:

That's in backups and is definitely the case in security.

 

 


Prasanna Malaiyandi:

What's that?

 

 


Prasanna Malaiyandi:

With great power comes great responsibility.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah, absolutely.

 

 


Prasanna Malaiyandi:

Um, by the way, did you ever think about the fact that there's only two

 

 


Prasanna Malaiyandi:

industries in the world of which I'm aware that refer their customers as users?

 

 


Prasanna Malaiyandi:

Um, I'm gonna say the, the IT industry

 

 


Prasanna Malaiyandi:

and also the drug trade.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah, exactly.

 

 


Prasanna Malaiyandi:

Oh, just, you know, something funny there.

 

 


Prasanna Malaiyandi:

So why are we talking about users?

 

 


Prasanna Malaiyandi:

Because the, I would say one of the best things that you can do to help secure

 

 


Prasanna Malaiyandi:

your environment is to educate your users, your customers, the people inside

 

 


Prasanna Malaiyandi:

your environment that are using your, um, you know, all of your IT systems and

 

 


Prasanna Malaiyandi:

what, what, what does that look like?

 

 


Prasanna Malaiyandi:

So there are different things you could do for.

 

 


Prasanna Malaiyandi:

Training, right?

 

 


Prasanna Malaiyandi:

You could have mandatory training when they join the company, periodic

 

 


Prasanna Malaiyandi:

updates like, Hey, here are security policies, and I'm sure everyone has

 

 


Prasanna Malaiyandi:

like those little cheesy videos that go on on the screen, like with the

 

 


Prasanna Malaiyandi:

little cartoon animations being like, Hey, here's this phishing email.

 

 


Prasanna Malaiyandi:

Please click all the things that rely on phishing and why it's bad, right?

 

 


Prasanna Malaiyandi:

So you have this sort of training that can happen.

 

 


Prasanna Malaiyandi:

You also have the ones.

 

 


Prasanna Malaiyandi:

Which are more testing you.

 

 


Prasanna Malaiyandi:

So some, uh, software packages have the ability to send out phishing emails to

 

 


Prasanna Malaiyandi:

test your users and say, Hey, by the way, are you clicking on something?

 

 


Prasanna Malaiyandi:

And if you did click on an email, maybe you need some additional training.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah, exactly.

 

 


Prasanna Malaiyandi:

Uh, so let's talk about those two.

 

 


Prasanna Malaiyandi:

Those are two very different things.

 

 


Prasanna Malaiyandi:

So the first thing I do like, um, what I think you should be doing

 

 


Prasanna Malaiyandi:

is very periodic, obviously some.

 

 


Prasanna Malaiyandi:

New employee training for sure, because you have no idea what they've seen before.

 

 


Prasanna Malaiyandi:

And then I do think that it should be something, uh, I like the idea of

 

 


Prasanna Malaiyandi:

quarterly, um, you know, quarterly, just a little bit, something that's

 

 


Prasanna Malaiyandi:

not gonna take forever, and you're just trying to bubble up into

 

 


Prasanna Malaiyandi:

their minds on a regular basis.

 

 


Prasanna Malaiyandi:

You're trying to remind them of the things that they should be looking for.

 

 


Prasanna Malaiyandi:

Because when we look at the typical attack vector, it's usually something

 

 


Prasanna Malaiyandi:

like phishing, phishing or spear phishing or something like that.

 

 


Prasanna Malaiyandi:

I.

 

 


Prasanna Malaiyandi:

Or clicking open a link.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: a user, uh, to, yeah, to get them to open a

 

 


Prasanna Malaiyandi:

link, um, to, um, you know, to get them to, to do whatever right.

 

 


Prasanna Malaiyandi:

To, to get them to do something that, that opens up that initial door.

 

 


Prasanna Malaiyandi:

And so the idea of repeated, uh, security training just bubbles that stuff up

 

 


Prasanna Malaiyandi:

and yes, also helps to educate them on the current state of the art in

 

 


Prasanna Malaiyandi:

I was gonna ask.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

I was gonna make that point.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

I think it's important because you don't wanna have security training,

 

 


Prasanna Malaiyandi:

which is like three years old talking about the issues from three years ago.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

An example would be, it may not make sense.

 

 


Prasanna Malaiyandi:

During the pandemic when no one was going into an office to have

 

 


Prasanna Malaiyandi:

a security training, talking about people tailgating through an office,

 

 


Prasanna Malaiyandi:

through an access control door.

 

 


Prasanna Malaiyandi:

Because people, so why waste people's cycles?

 

 


Prasanna Malaiyandi:

Because users aren't gonna remember things.

 

 


Prasanna Malaiyandi:

Right?

 

 


Prasanna Malaiyandi:

That's the other problem.

 

 


Prasanna Malaiyandi:

So how do you make it relevant for what is common and what is current

 

 


Prasanna Malaiyandi:

in terms of the attack surfaces?

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah, absolutely.

 

 


Prasanna Malaiyandi:

And the one that I know that, uh, you know, my previous employer used, uh, know

 

 


Prasanna Malaiyandi:

before you're, I'm sure you're familiar

 

 


Prasanna Malaiyandi:

the Kevin Nick one, right?

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

Um, and so basically it, it just, it's constantly, you know, doing all of

 

 


Prasanna Malaiyandi:

that, you know, the, the, the security training with little, little bits and

 

 


Prasanna Malaiyandi:

bites, little videos, little little quizzes, all of that kind of stuff.

 

 


Prasanna Malaiyandi:

And I'm sure there are plenty of other, uh, companies that are like

 

 


Prasanna Malaiyandi:

that, that are constantly trying to, um, you know, provide security

 

 


Prasanna Malaiyandi:

training for your end users.

 

 


Prasanna Malaiyandi:

And by the way, I would say additional security training for people with,

 

 


Prasanna Malaiyandi:

uh, privileged accounts, right?

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Uh, and that, you know, that goes back to your quote too.

 

 


Prasanna Malaiyandi:

Too much is given, much is expected, right?

 

 


Prasanna Malaiyandi:

Uh, or great power comes great responsibility, right?

 

 


Prasanna Malaiyandi:

Um, so then let's talk about this idea of, um, testing those users.

 

 


Prasanna Malaiyandi:

When you're going to test your users, there is sort of the punishment, you know,

 

 


Prasanna Malaiyandi:

the, the stick versus the carrot, right?

 

 


Prasanna Malaiyandi:

That's one of the big things.

 

 


Prasanna Malaiyandi:

And one of the things that um, that, you know, I don't remember which one

 

 


Prasanna Malaiyandi:

of the previous experts that we had on that talked about this, but what

 

 


Prasanna Malaiyandi:

they really liked is they much more appreciated the carrot than the stick.

 

 


Prasanna Malaiyandi:

What, what do I mean by that?

 

 


Prasanna Malaiyandi:

Basically don't shame and punish users who fail a test,

 

 


Prasanna Malaiyandi:

but give them additional training, be supportive, make sure that they

 

 


Prasanna Malaiyandi:

understand why they sort of failed and sort of do positive reinforcement, right?

 

 


Prasanna Malaiyandi:

Which is kind of, I'm looking at my dog right now, who's sleeping

 

 


Prasanna Malaiyandi:

right next to me, but literally, that's how you train dogs, right?

 

 


Prasanna Malaiyandi:

It's positive reinforcement rather than the stick.

 

 


Prasanna Malaiyandi:

And

 

 


Prasanna Malaiyandi:

W. Curtis Preston: so well, positive reinforcement when

 

 


Prasanna Malaiyandi:

they do something right.

 

 


Prasanna Malaiyandi:

What would be an example of that?

 

 


Prasanna Malaiyandi:

They did something right.

 

 


Prasanna Malaiyandi:

Um, so that they identified a phishing email correctly,

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Exactly

 

 


Prasanna Malaiyandi:

right.

 

 


Prasanna Malaiyandi:

Protected the

 

 


Prasanna Malaiyandi:

W. Curtis Preston: them a fake phishing email.

 

 


Prasanna Malaiyandi:

They identified it and they did what you trained them to

 

 


Prasanna Malaiyandi:

do, which is report it to it.

 

 


Prasanna Malaiyandi:

They should definitely get some brownie points if they do that.

 

 


Prasanna Malaiyandi:

I.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

Um, and then if they get, if they get caught, if you will, this isn't like put

 

 


Prasanna Malaiyandi:

them up on a d board, you know, the, you know, announce the list of people that

 

 


Prasanna Malaiyandi:

are messing up the world, or, or, you know, here's, you know, you've got three

 

 


Prasanna Malaiyandi:

strikes this month, you're gonna be fired.

 

 


Prasanna Malaiyandi:

What?

 

 


Prasanna Malaiyandi:

I, I, I don't like any of the, now, um, we, we can talk about the extreme person.

 

 


Prasanna Malaiyandi:

If there is someone who just doesn't seem to be able to get the concept of

 

 


Prasanna Malaiyandi:

cybersecurity, you have two choices.

 

 


Prasanna Malaiyandi:

You either build a wall around them, which is increasingly difficult to

 

 


Prasanna Malaiyandi:

do, or you decide to terminate them.

 

 


Prasanna Malaiyandi:

Right?

 

 


Prasanna Malaiyandi:

But the person who makes the occasional mistake should just be reminded,

 

 


Prasanna Malaiyandi:

you know, in a, in a pleasant way that you know, Hey, you know what?

 

 


Prasanna Malaiyandi:

However, however you want to do that.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

and don't feel bad if you.

 

 


Prasanna Malaiyandi:

Failed that test because I was actually just browsing Twitter earlier this

 

 


Prasanna Malaiyandi:

morning, and there was a security person who was going through training because

 

 


Prasanna Malaiyandi:

they got caught by a phishing attack.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

Or by the phishing training test.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

And so it can happen to any of us because some of those are hard, and that's really

 

 


Prasanna Malaiyandi:

what the bad guys are looking at as well.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

These aren't gonna be obvious that it, this is a phishing attack, so it's okay.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah, I, I can remember one that I fell

 

 


Prasanna Malaiyandi:

for a couple of years ago, and

 

 


Prasanna Malaiyandi:

Prasanna Malaiyandi: drained your bank account.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: no, look, I got, I got, uh, not, no, no, ill effects happened as

 

 


Prasanna Malaiyandi:

a result of it, but it was the, it was, I think it was spear phishing because

 

 


Prasanna Malaiyandi:

they specifically said your, um, the, the, the, the employer that I worked for.

 

 


Prasanna Malaiyandi:

Had paid for like Norton or something?

 

 


Prasanna Malaiyandi:

Uh, they had, they had paid, not Norton, they had paid for.

 

 


Prasanna Malaiyandi:

What's that service that, um, the one that the guy puts his

 

 


Prasanna Malaiyandi:

social security number online?

 

 


Prasanna Malaiyandi:

LifeLock,

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

What was it?

 

 


Prasanna Malaiyandi:

What is it?

 

 


Prasanna Malaiyandi:

LifeLock.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: LifeLock?

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

Well, they had paid for LifeLock because we had had a breach.

 

 


Prasanna Malaiyandi:

So they paid for LifeLock for like a year and then.

 

 


Prasanna Malaiyandi:

I got this notice it said, your LifeLock thing is expiring.

 

 


Prasanna Malaiyandi:

Do you want to Right.

 

 


Prasanna Malaiyandi:

And it f it, it came at just the right time and it was like, and it's quite

 

 


Prasanna Malaiyandi:

possibly that the, that the attacker knew that there had been a breach.

 

 


Prasanna Malaiyandi:

They had waited the right amount of time and then they went and just sent

 

 


Prasanna Malaiyandi:

an email to everybody and I fell for it.

 

 


Prasanna Malaiyandi:

I went right in there.

 

 


Prasanna Malaiyandi:

And, um, the.

 

 


Prasanna Malaiyandi:

I remember at the time I was really not happy with LifeLock's response.

 

 


Prasanna Malaiyandi:

Like I felt I had, I'd done something and, uh, but anyway.

 

 


Prasanna Malaiyandi:

Yeah, you, you can, you can, can fall for it.

 

 


Prasanna Malaiyandi:

Um, and so don't feel horrible about

 

 


Prasanna Malaiyandi:

yeah, and the one thing I want to add, I know

 

 


Prasanna Malaiyandi:

we're talking about sort of training and testing, but also when a user

 

 


Prasanna Malaiyandi:

accidentally gets caught with actual phishing, make it such that it's okay

 

 


Prasanna Malaiyandi:

for them to come forward and be proactive because that's the best thing to do.

 

 


Prasanna Malaiyandi:

Is you want them to be like, Hey, tell us when something goes wrong so

 

 


Prasanna Malaiyandi:

we can start locking down systems and dealing with this, rather than, Hey,

 

 


Prasanna Malaiyandi:

I'm just going to pretend this never happened and go along on my merry way.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Agreed.

 

 


Prasanna Malaiyandi:

And, and you know, that goes, you know, you've heard the phrase before that

 

 


Prasanna Malaiyandi:

you train people how to treat you.

 

 


Prasanna Malaiyandi:

You train your users on how they're going to respond if they actually

 

 


Prasanna Malaiyandi:

get, you know, uh, they get.

 

 


Prasanna Malaiyandi:

They respond to an actual, uh, phishing attack.

 

 


Prasanna Malaiyandi:

So if you're big, you're, if you're a big stick environment, right?

 

 


Prasanna Malaiyandi:

And, and they get beat a little head with a real stick, imagine what

 

 


Prasanna Malaiyandi:

they're, what they think is going to happen if they actually get hit with a

 

 


Prasanna Malaiyandi:

real, um, you know, a real ransomware.

 

 


Prasanna Malaiyandi:

So, yeah.

 

 


Prasanna Malaiyandi:

Um, this is back to that positive reinforcement.

 

 


Prasanna Malaiyandi:

Um, and I, and I'll give you an example of something that, that

 

 


Prasanna Malaiyandi:

was just a little while ago.

 

 


Prasanna Malaiyandi:

There was a.

 

 


Prasanna Malaiyandi:

I think we talked about it on the podcast where the guy said that everyone,

 

 


Prasanna Malaiyandi:

that on Valentine's Day, that everyone received a notice that they had flowers

 

 


Prasanna Malaiyandi:

down at the front desk or something and they just needed to respond to,

 

 


Prasanna Malaiyandi:

to get the flowers or something.

 

 


Prasanna Malaiyandi:

And, and it was, it was all fishing related.

 

 


Prasanna Malaiyandi:

And, uh, he said his wife didn't fall for it.

 

 


Prasanna Malaiyandi:

So he was, you know, because of.

 

 


Prasanna Malaiyandi:

You know, he had trained her right, but, but he's like, for, for a few minutes

 

 


Prasanna Malaiyandi:

everyone in that building fell loved.

 

 


Prasanna Malaiyandi:

Prasanna Malaiyandi: Oh yeah, I do remember

 

 


Prasanna Malaiyandi:

W. Curtis Preston: a, that's an example of the, of the wrong

 

 


Prasanna Malaiyandi:

kind of thing to do for sure.

 

 


Prasanna Malaiyandi:

Um, so the next thing, and, and, and I think I wanted, I, I really want,

 

 


Prasanna Malaiyandi:

this is something that I don't think very many people do, but, but I'd

 

 


Prasanna Malaiyandi:

like you to at least consider that, and that's application white listing.

 

 


Prasanna Malaiyandi:

What is that and why would that be such a big deal?

 

 


Prasanna Malaiyandi:

So this is basically saying only certain

 

 


Prasanna Malaiyandi:

applications are allowed to be installed, are able to run on your devices.

 

 


Prasanna Malaiyandi:

Um.

 

 


Prasanna Malaiyandi:

In order to sort of lock down the scope and prevent people from

 

 


Prasanna Malaiyandi:

going and downloading arbitrary packages which might have issues.

 

 


Prasanna Malaiyandi:

Um, while I agree in principle with the purpose and probably locks down a lot

 

 


Prasanna Malaiyandi:

of things, uh, I have two concerns with application white listing, maybe three.

 

 


Prasanna Malaiyandi:

So the first concern is.

 

 


Prasanna Malaiyandi:

By putting a white list, you sort of restrict like a user's

 

 


Prasanna Malaiyandi:

ability to get work done.

 

 


Prasanna Malaiyandi:

For instance, Curtis, I'm sure if there was a software package that

 

 


Prasanna Malaiyandi:

you needed in order to be able to get your work done and you couldn't get

 

 


Prasanna Malaiyandi:

access to it because it wasn't part of the white list, now there's probably

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Absolutely a downside of it.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

Yeah, there's a giant process in order to get that going.

 

 


Prasanna Malaiyandi:

The second thing, and I know we had talked about this the other day, um,

 

 


Prasanna Malaiyandi:

is it doesn't necessarily protect you from supply chain attacks.

 

 


Prasanna Malaiyandi:

So if someone had compromised that application that you are, that you have

 

 


Prasanna Malaiyandi:

on the white list, it's not gonna protect you because it's still on your white list.

 

 


Prasanna Malaiyandi:

You're still able to run it, and the fact that the application itself

 

 


Prasanna Malaiyandi:

is compromised doesn't help you.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

So,

 

 


Prasanna Malaiyandi:

W. Curtis Preston: you, I thought you thought, I thought,

 

 


Prasanna Malaiyandi:

I thought you said you had three.

 

 


Prasanna Malaiyandi:

And then the third one is, um.

 

 


Prasanna Malaiyandi:

When you're writing code, sometimes you do need access to libraries and other pieces

 

 


Prasanna Malaiyandi:

of software to download install packages.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

I think it would be a big burden and also a big compliance and governance thing.

 

 


Prasanna Malaiyandi:

Like how do you make sure, like what's the process for adding a software, how long

 

 


Prasanna Malaiyandi:

does it take to go through that process?

 

 


Prasanna Malaiyandi:

In order to add something to the application white list to make sure

 

 


Prasanna Malaiyandi:

everything's signed off, how long does it stay there as software packages are

 

 


Prasanna Malaiyandi:

changing, when do things get dropped?

 

 


Prasanna Malaiyandi:

Like it's so much of a program that sometimes it may be difficult for

 

 


Prasanna Malaiyandi:

both small and large organizations to implement something like this.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: So those are all valid concerns.

 

 


Prasanna Malaiyandi:

Um, I want to counter counter them.

 

 


Prasanna Malaiyandi:

Prasanna Malaiyandi: I'm not saying it's bad.

 

 


Prasanna Malaiyandi:

I'm not.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: no, no, no.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

You did what?

 

 


Prasanna Malaiyandi:

So what are the three what?

 

 


Prasanna Malaiyandi:

Remind me the three.

 

 


Prasanna Malaiyandi:

It was, um, so you were worried about the.

 

 


Prasanna Malaiyandi:

You're worried about the, uh, the difficulty on the user, right?

 

 


Prasanna Malaiyandi:

You're worried about supply chain hacks and then sort of the, the burden

 

 


Prasanna Malaiyandi:

on it, developing third party apps.

 

 


Prasanna Malaiyandi:

Yeah, so what I would say is, you know, I agree with all of those and I

 

 


Prasanna Malaiyandi:

think that especially with the first one, I think with the first one, I

 

 


Prasanna Malaiyandi:

think you're focused a little bit too much on people like you and me.

 

 


Prasanna Malaiyandi:

Yeah, I agree.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

That

 

 


Prasanna Malaiyandi:

W. Curtis Preston: right.

 

 


Prasanna Malaiyandi:

Uh, and I'm focusing at least with this on, on servers, right.

 

 


Prasanna Malaiyandi:

And especially servers, number one.

 

 


Prasanna Malaiyandi:

And especially like the laptops for the masses.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

Um,

 

 


Prasanna Malaiyandi:

Prasanna Malaiyandi: Don't also forget phones.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: well, yeah.

 

 


Prasanna Malaiyandi:

Okay.

 

 


Prasanna Malaiyandi:

I'll, I'll, I'll agree to that.

 

 


Prasanna Malaiyandi:

It's just most environments.

 

 


Prasanna Malaiyandi:

That's a whole other discussion.

 

 


Prasanna Malaiyandi:

That's a whole other can of worms.

 

 


Prasanna Malaiyandi:

Agreed.

 

 


Prasanna Malaiyandi:

Um, but what, what do you think the percentage of the people that have

 

 


Prasanna Malaiyandi:

actual company phones these days?

 

 


Prasanna Malaiyandi:

Well, or they're using their phones with

 

 


Prasanna Malaiyandi:

access to company resources.

 

 


Prasanna Malaiyandi:

It's all the same, right?

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yes, that's a whole other, that's a whole other can of worms.

 

 


Prasanna Malaiyandi:

But because, because pushing application, white listing on somebody

 

 


Prasanna Malaiyandi:

else's phone, that's not gonna work.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

Um, so I, I guess what I'm saying is, what I am saying is if you can

 

 


Prasanna Malaiyandi:

do it, I think you should do it

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: right?

 

 


Prasanna Malaiyandi:

Yes.

 

 


Prasanna Malaiyandi:

Um, it's gonna be difficult for it people and like power users,

 

 


Prasanna Malaiyandi:

and perhaps you have exceptions.

 

 


Prasanna Malaiyandi:

This is what we talk about, like block all outgoing traffic except

 

 


Prasanna Malaiyandi:

for, you know, the ones that you need.

 

 


Prasanna Malaiyandi:

Restrict as many laptops as you can, except for the ones that

 

 


Prasanna Malaiyandi:

you can't restrict servers.

 

 


Prasanna Malaiyandi:

Uh, really think about that, right?

 

 


Prasanna Malaiyandi:

You know, if you're, if you're, if it's just a server that does one job, perhaps

 

 


Prasanna Malaiyandi:

you, you make, you know, exchange.

 

 


Prasanna Malaiyandi:

It's the only thing that's allowed to run on that box or whatever else it needs,

 

 


Prasanna Malaiyandi:

you know, active directory, et cetera.

 

 


Prasanna Malaiyandi:

Um, and.

 

 


Prasanna Malaiyandi:

The, uh, regarding your second one, I would say I'm gonna,

 

 


Prasanna Malaiyandi:

but I'm gonna do a Yeah.

 

 


Prasanna Malaiyandi:

But, okay.

 

 


Prasanna Malaiyandi:

Yes.

 

 


Prasanna Malaiyandi:

It doesn't stop you from supply chain attacks, but supply

 

 


Prasanna Malaiyandi:

chain attacks are really rare.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

I'm not saying they don't happen, but they are really rare.

 

 


Prasanna Malaiyandi:

And just because it doesn't stop you from everything doesn't

 

 


Prasanna Malaiyandi:

mean you shouldn't do it.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

Um, and then the third, I would say, um, this, this just

 

 


Prasanna Malaiyandi:

goes back to the first one.

 

 


Prasanna Malaiyandi:

It's like.

 

 


Prasanna Malaiyandi:

Yes.

 

 


Prasanna Malaiyandi:

But again, I think maybe you're, I think there's a lot of companies that don't do

 

 


Prasanna Malaiyandi:

their own in-house development, right?

 

 


Prasanna Malaiyandi:

And they're just using, um, you know, their own, they're using, they're

 

 


Prasanna Malaiyandi:

using Microsoft Word, et cetera.

 

 


Prasanna Malaiyandi:

Right?

 

 


Prasanna Malaiyandi:

They're using 15 applications and everybody's using the same 15

 

 


Prasanna Malaiyandi:

applications, and you could whitelist those applications and nothing else,

 

 


Prasanna Malaiyandi:

yeah.

 

 


Prasanna Malaiyandi:

And I agree for most users, they probably don't need access beyond

 

 


Prasanna Malaiyandi:

those specific apps like your 15 or whatever the number is.

 

 


Prasanna Malaiyandi:

And then I think also for, um.

 

 


Prasanna Malaiyandi:

The servers.

 

 


Prasanna Malaiyandi:

I think that, like you said, you should be probably be going through an IT

 

 


Prasanna Malaiyandi:

process anyway to onboard an application, including looking at the resources,

 

 


Prasanna Malaiyandi:

making sure you're including backup and DR as part of the deployment process.

 

 


Prasanna Malaiyandi:

So I, I think that is also a good point.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Agreed.

 

 


Prasanna Malaiyandi:

Agreed.

 

 


Prasanna Malaiyandi:

Agreed.

 

 


Prasanna Malaiyandi:

I know you talked about application whitelisting.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

What are your thoughts on extending that to

 

 


Prasanna Malaiyandi:

browser whitelisting like website?

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Um, that.

 

 


Prasanna Malaiyandi:

That it's a very similar concept, right?

 

 


Prasanna Malaiyandi:

Um, where you allow, I, I'll just say this, um, it doesn't, it doesn't

 

 


Prasanna Malaiyandi:

work because all it takes is, um, all it takes is someone using A-C-T-P-S

 

 


Prasanna Malaiyandi:

and the right tool to go around your, um, to go around your tool, right?

 

 


Prasanna Malaiyandi:

All they need is something as simple as hide my ass.com.

 

 


Prasanna Malaiyandi:

Have, have you seen hide my ass.com?

 

 


Prasanna Malaiyandi:

No, I have

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Um, there's literally a website called hide my ass.com, and

 

 


Prasanna Malaiyandi:

you can go there and put the website you actually want to go to and they'll take

 

 


Prasanna Malaiyandi:

you there and encrypt the whole thing so that your security software won't find it.

 

 


Prasanna Malaiyandi:

So it's only gonna stop like the dumbest people.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

But hey, if that's common.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

Um, the, that is the, I, I think that's something you should discuss

 

 


Prasanna Malaiyandi:

as to whether or not you should block.

 

 


Prasanna Malaiyandi:

Um, you know, access to, well, well, let's just move on into the next thing,

 

 


Prasanna Malaiyandi:

which, talking about, so disabled different attack vectors, right?

 

 


Prasanna Malaiyandi:

So the, the, the first thing I, I do think you should be looking at when

 

 


Prasanna Malaiyandi:

you're, when you're inventorying your environment and you're looking for

 

 


Prasanna Malaiyandi:

things to lock down, is you really need to look at service accounts.

 

 


Prasanna Malaiyandi:

This really came up when we had Dwayne on here and he was talking about that,

 

 


Prasanna Malaiyandi:

and that freaked me out when he was talking about the backup service account,

 

 


Prasanna Malaiyandi:

how that allows you to do whatever you want without auditing at all.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Uh, and, and there are many, many service accounts.

 

 


Prasanna Malaiyandi:

So the first thing I think, or one of the things that you should do as

 

 


Prasanna Malaiyandi:

you're inventorying your environment and you're trying to secure your

 

 


Prasanna Malaiyandi:

environment, is to go through your environment and look for service accounts.

 

 


Prasanna Malaiyandi:

What are they being used for?

 

 


Prasanna Malaiyandi:

Do they have a, I'm, I'm gonna say the most common thing with these is

 

 


Prasanna Malaiyandi:

that they have a very basic password.

 

 


Prasanna Malaiyandi:

Um, or they have a default password or they have no password and they're being

 

 


Prasanna Malaiyandi:

used by something really important.

 

 


Prasanna Malaiyandi:

Um, and.

 

 


Prasanna Malaiyandi:

The result is that it becomes a really easily, um, hackable account.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

Yeah, no, and also turning off things that you don't need a service, that

 

 


Prasanna Malaiyandi:

particular service account for.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: exactly.

 

 


Prasanna Malaiyandi:

Exactly.

 

 


Prasanna Malaiyandi:

Um, and, and on that end, um, let's talk about services that typically run.

 

 


Prasanna Malaiyandi:

I.

 

 


Prasanna Malaiyandi:

That maybe shouldn't.

 

 


Prasanna Malaiyandi:

Let's talk about what I like to call the ransomware deployment

 

 


Prasanna Malaiyandi:

protocol, otherwise known as RDP.

 

 


Prasanna Malaiyandi:

Yes.

 

 


Prasanna Malaiyandi:

RDP or Remote Desktop Protocol.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

Uh, it, it, uh, I'm trying to get the world to change.

 

 


Prasanna Malaiyandi:

It's the ransomware deployment protocol, disabled, RDP disable, RDP, disable RDP.

 

 


Prasanna Malaiyandi:

Can I correct that?

 

 


Prasanna Malaiyandi:

W. Curtis Preston: it sure.

 

 


Prasanna Malaiyandi:

So, or slightly mod tweak your statement.

 

 


Prasanna Malaiyandi:

I think it's disable RDP, unless you really need a

 

 


Prasanna Malaiyandi:

machine that needs RDP running.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: that, I mean, that's the way I am with everything.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

Disable it wherever you can.

 

 


Prasanna Malaiyandi:

I think the other thing is also disable RDP

 

 


Prasanna Malaiyandi:

leaving your network unless you need access outside of your intranet.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Well, I, I would say that you, you absolutely cannot

 

 


Prasanna Malaiyandi:

allow direct RDP access to the internet 100% there is in, in my opinion,

 

 


Prasanna Malaiyandi:

there is no reason to ever do that.

 

 


Prasanna Malaiyandi:

If you need, if, if you need something like that, then you

 

 


Prasanna Malaiyandi:

should, you should require VPN.

 

 


Prasanna Malaiyandi:

In fact, what I would suggest is that if you're going to do RDP, you put

 

 


Prasanna Malaiyandi:

those interfaces on a separate network.

 

 


Prasanna Malaiyandi:

And then you must be on that network, either physically or via VPN in

 

 


Prasanna Malaiyandi:

order to access those, those, um,

 

 


Prasanna Malaiyandi:

Those hosts.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: yeah.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Um, because already you, you just need to understand, just

 

 


Prasanna Malaiyandi:

like we talk a lot about with backups, you need to understand the degree to

 

 


Prasanna Malaiyandi:

which your backup server is under attack.

 

 


Prasanna Malaiyandi:

You need to understand just how bad RDP is from a ransomware deployment perspective.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

And I know we harp on RDP, but the same is

 

 


Prasanna Malaiyandi:

true for any other service, which you don't need to be running.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: S-M-B-N-F-S-A Fs, PFTP, right?

 

 


Prasanna Malaiyandi:

Um, all of these services need to be turned off.

 

 


Prasanna Malaiyandi:

And this is why, by the way, this is why Windows got, I think, a,

 

 


Prasanna Malaiyandi:

a, a big knock for, you know, being insecure, mainly because it

 

 


Prasanna Malaiyandi:

turned everything on by default.

 

 


Prasanna Malaiyandi:

Whereas Unix and Linux turned everything off by default.

 

 


Prasanna Malaiyandi:

Um, and so just go and look at these services, all of the services

 

 


Prasanna Malaiyandi:

that are running and ask you do you absolutely have to, to, to run them.

 

 


Prasanna Malaiyandi:

or the other thing is just do a port scan on your

 

 


Prasanna Malaiyandi:

servers that'll tell you if this, like what ports are being listened to on,

 

 


Prasanna Malaiyandi:

and you could map those back to figure out, okay, what services is that?

 

 


Prasanna Malaiyandi:

And it's all pretty standard, right?

 

 


Prasanna Malaiyandi:

I think RDP is 3 9 2 2.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Right.

 

 


Prasanna Malaiyandi:

And, and I would say if you, let's go back to RDP for a minute and

 

 


Prasanna Malaiyandi:

then, and this is just remote.

 

 


Prasanna Malaiyandi:

If you need remote access and in today's world, you probably do need remote access.

 

 


Prasanna Malaiyandi:

Don't use RDP.

 

 


Prasanna Malaiyandi:

Use a service that gives remote access, right.

 

 


Prasanna Malaiyandi:

Like ConnectWise, which is a service that is properly securing and probably,

 

 


Prasanna Malaiyandi:

uh, you know, properly doing things in a way that doesn't, it, it's a

 

 


Prasanna Malaiyandi:

service Where the way ConnectWise works is it, is it reaches out, right?

 

 


Prasanna Malaiyandi:

And you, you, you've gotta first connect to them and then

 

 


Prasanna Malaiyandi:

it will connect to you, right?

 

 


Prasanna Malaiyandi:

And so you can add things like.

 

 


Prasanna Malaiyandi:

A and all of that extra protection on, um, and so I, if you need

 

 


Prasanna Malaiyandi:

remote access and you need remote access, use a service to do it.

 

 


Prasanna Malaiyandi:

Please don't allow something like RDP or SSH or any of that stuff

 

 


Prasanna Malaiyandi:

directly accessible via the internet.

 

 


Prasanna Malaiyandi:

Yeah, those are

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

Very, very bad.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Um, and then, uh, also let's talk about, um, you know.

 

 


Prasanna Malaiyandi:

Again, I, I can't believe I have to say this, but you need to look at some type

 

 


Prasanna Malaiyandi:

of, um, uh, malware scanning, right?

 

 


Prasanna Malaiyandi:

Some type of antivirus, anti malware.

 

 


Prasanna Malaiyandi:

Um, and this is not just on Windows, this is also on Mac,

 

 


Prasanna Malaiyandi:

Which is surprising that how many people say,

 

 


Prasanna Malaiyandi:

I don't need anything on my Mac.

 

 


Prasanna Malaiyandi:

It's like, no, you really do.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

And the same thing on Linux, right?

 

 


Prasanna Malaiyandi:

And the same thing on like, they're, they're targeting, they're directly

 

 


Prasanna Malaiyandi:

targeting VMware and other, other, uh, uh, uh, virtualization solutions.

 

 


Prasanna Malaiyandi:

So, um, you need to, uh, put that in.

 

 


Prasanna Malaiyandi:

And then finally, let's just talk a little bit about, um.

 

 


Prasanna Malaiyandi:

Proactive.

 

 


Prasanna Malaiyandi:

Uh, what, what was the term that, that he used?

 

 


Prasanna Malaiyandi:

He didn't like the term ethical hacking.

 

 


Prasanna Malaiyandi:

He didn't like the term, what did he call the red team concept?

 

 


Prasanna Malaiyandi:

What did he call it?

 

 


Prasanna Malaiyandi:

I don't remember.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: um,

 

 


Prasanna Malaiyandi:

the,

 

 


Prasanna Malaiyandi:

well, let's just say this.

 

 


Prasanna Malaiyandi:

You need a red team,

 

 


Prasanna Malaiyandi:

Yeah,

 

 


Prasanna Malaiyandi:

W. Curtis Preston: right?

 

 


Prasanna Malaiyandi:

What is a red te What is a red team persona?

 

 


Prasanna Malaiyandi:

this is basically a.

 

 


Prasanna Malaiyandi:

Team who works for you, who thinks like the bad guy.

 

 


Prasanna Malaiyandi:

So they are there attacking your systems just the same way a bad guy would, but

 

 


Prasanna Malaiyandi:

unlike a bad guy, they work for you.

 

 


Prasanna Malaiyandi:

So then hopefully once they've identified the issues, you can go fix 'em.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah.

 

 


Prasanna Malaiyandi:

And I, and I really liked, um, you know, you know, when we had Dwayne

 

 


Prasanna Malaiyandi:

on here, I really liked the way he talked about the way they did it,

 

 


Prasanna Malaiyandi:

where they work with the blue team.

 

 


Prasanna Malaiyandi:

Uh, the blue team of course is the defensive side.

 

 


Prasanna Malaiyandi:

I.

 

 


Prasanna Malaiyandi:

And you need a red team, you need a blue team.

 

 


Prasanna Malaiyandi:

You need both of these.

 

 


Prasanna Malaiyandi:

And, and I do believe that you should hire experts to do this.

 

 


Prasanna Malaiyandi:

Um, and, um, I can put links to the two episodes that we just played,

 

 


Prasanna Malaiyandi:

if you miss them, um, uh, that, that show you what a red team does, what

 

 


Prasanna Malaiyandi:

a blue team does, and why you need a relationship with them now versus, you

 

 


Prasanna Malaiyandi:

know, waiting to call, you know, waiting until after attack to call a blue team.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

Um, so the, the, basically what they'll do, and this is more than

 

 


Prasanna Malaiyandi:

just port scanning, this is more than just a basic penetration test.

 

 


Prasanna Malaiyandi:

This is, this is a, a group, this is a company with a group of people

 

 


Prasanna Malaiyandi:

that are actively going to try and attack your company, uh, and

 

 


Prasanna Malaiyandi:

Yep.

 

 


Prasanna Malaiyandi:

Expose any weaknesses.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah, absolutely.

 

 


Prasanna Malaiyandi:

Which may include.

 

 


Prasanna Malaiyandi:

Depending on, you know, what level of service you're gonna buy, which

 

 


Prasanna Malaiyandi:

may include physical penetration testing, which may include things like

 

 


Prasanna Malaiyandi:

trying to figure out how to scan your security badges and things like that.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

yep.

 

 


Prasanna Malaiyandi:

Or even probably working with third party vendors who might be connected

 

 


Prasanna Malaiyandi:

with you to try to get access to your accounts through those other ways.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Right.

 

 


Prasanna Malaiyandi:

So these are other things, um, you know.

 

 


Prasanna Malaiyandi:

When you're going to do some to type of security audit, these are things

 

 


Prasanna Malaiyandi:

that you might want to take a look at, uh, in order to, uh, ensure,

 

 


Prasanna Malaiyandi:

you know, to further ensure that you're securing your environment.

 

 


Prasanna Malaiyandi:

Uh, be, go ahead.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

Well, I like the term doing a security audit.

 

 


Prasanna Malaiyandi:

I do wonder if many of these things that we are looking at get sort of baked into

 

 


Prasanna Malaiyandi:

when an application gets deployed, right?

 

 


Prasanna Malaiyandi:

Here are the things that you should be taking into consideration,

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Mm-Hmm.

 

 


Prasanna Malaiyandi:

right?

 

 


Prasanna Malaiyandi:

As part of that questionnaire to identify, okay, are they really

 

 


Prasanna Malaiyandi:

following the best practices?

 

 


Prasanna Malaiyandi:

Because if you get to the point where you're doing a security

 

 


Prasanna Malaiyandi:

audit and you found things, that means that it failed upfront.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

So it's not a bad idea to do a security audit at the end, right?

 

 


Prasanna Malaiyandi:

Or at some point, but

 

 


Prasanna Malaiyandi:

W. Curtis Preston: I would say on a regular basis.

 

 


Prasanna Malaiyandi:

Right.

 

 


Prasanna Malaiyandi:

Yeah.

 

 


Prasanna Malaiyandi:

But also, remember doing a security audit is time consuming

 

 


Prasanna Malaiyandi:

across an organization, right?

 

 


Prasanna Malaiyandi:

And so baking it into the process, so everyone's thinking about this

 

 


Prasanna Malaiyandi:

day in and day out will make it more scalable and achievable.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Yeah, I, I think the idea is like, you've

 

 


Prasanna Malaiyandi:

gotta start somewhere, right?

 

 


Prasanna Malaiyandi:

So you go through, you, you, you know, you get a list of, I, you get a list of

 

 


Prasanna Malaiyandi:

applications, you get a list of things.

 

 


Prasanna Malaiyandi:

You, you train your users, you do all the things that you, maybe you

 

 


Prasanna Malaiyandi:

haven't been doing up to this point, and then we can start talking about.

 

 


Prasanna Malaiyandi:

Things that we should be doing on a regular basis, which is a list of

 

 


Prasanna Malaiyandi:

things from a security perspective that you should be looking at

 

 


Prasanna Malaiyandi:

when you deploy a new application.

 

 


Prasanna Malaiyandi:

Exactly.

 

 


Prasanna Malaiyandi:

Um, so, uh, all right, persona.

 

 


Prasanna Malaiyandi:

Well thanks for good discussion as always.

 

 


Prasanna Malaiyandi:

Oh, thank you Curtis.

 

 


Prasanna Malaiyandi:

And, uh, yeah, I'm excited to hear what your, uh, secret assistant does next.

 

 


Prasanna Malaiyandi:

W. Curtis Preston: Me too.

 

 


Prasanna Malaiyandi:

Uh, all right.

 

 


Prasanna Malaiyandi:

Uh, listeners, uh, we love you.

 

 


Prasanna Malaiyandi:

You're, you're why we're here.

 

 


Prasanna Malaiyandi:

Uh, we're trying to turn you into a, a cybersecurity hero.

 

 


Prasanna Malaiyandi:

So, uh, be sure to subscribe.

 

 


Prasanna Malaiyandi:

Uh, and, uh, that is a wrap.