Keith A lot of people retired to Florida and had the same kind of issue. It’s a target for scammers because the people who are not technically sophisticated, have some money because they’ve retired, and at leisure mostly – but I think it’s mostly down to reporting.
Sanjay I think it was eight years of State of Origin losses.
Keith I get calls every once in a while from someone who tells me that my computer is having malware, and I said ‘oh really, okay’ and they run you through to look at things and it’s like ‘let’s make sure it’s my computer, what’s my IP address’ and then they start swearing at me and hang up.
Sean My usual response to those is ‘which one?’
Keith I say just to make sure it’s me what is my IP address? That’s still going on, and again the ransomware and scareware and stuff it’s still happening. I got called a couple of weeks ago, and now I get tired, because I get called a lot. I said ‘look just take me off your list, because I know what you’re about, and if you’re not going to give me my IP address, save yourself a long distance call and take me off your list, and call somebody else’.
Sean We started with this discussion saying ‘all of this is not new, security is not new’ and we all know that security is a process, there is no end of it.
Keith A journey not a destination.
Sean How often do we hear things like ‘here’s all the threats’ and our conclusion is ‘where’?
Keith We’ve got to think differently about the problem. Looking at some of the US companies that had Chinese attacks on them, that’s where they came up with this cyber kill chain, again as a new way of looking at it. Then when I thought about it, it was like we need to understand the threat actors, what they’re after and how they’re going to go about it; how can we stop the particular one and there may be different kill points for different threat actors depending on who they are.
We know that we’re compromised, and so we have a compromised network and really it’s about thinking differently about how do we do this problem, because it has to be different thinking. You’re right, all this stuff, it’s been there done that, same thing. It’s got to have a different way of looking at the problem, and this is how I ended up. I didn’t plan to do that. Even though it’s security architecture that’s not new, stopping an attacker getting in isn’t new; having flat networks, being evil isn’t new. But now we can start putting it together maybe to learn from those things, and that’s where I was really happy with the outcome of this, and it’s actually got me thinking differently and now I can go back to my clients and say ‘let’s look at the problem from a different angle shall we, let’s approach it in a different way’ and you’re right, we’ve all got these security widgets in there and we’ve got people which are our weakest link, but also our last line of defence. We’ve got all the knowledge that we have from everybody’s good work and research here, but let’s start thinking about it differently. So what are you guys thinking differently about as well?
Aaron I guess to simplify security is quite complex. You said before that it seems complex and it is and it can be, because there are a lot of ports, a lot of protocols a lot of products, a lot of different users. But if I could just simplify it down to users, data and the team we need the concentric circles with regard to the perimeter. We’ve come up with the latest go-to-market which is buy-in-protection. So ou need to think about the source of the threat, and if the threat is coming from the internet, then you may not be as concerned about the next generation capability to link that with active directory, because they’re not in the active directory. You certainly will be worried about potentially the volume of traffic for the number of sessions, or looking deeper into the protocol to get some actual application protection. If the source and threat is internal, i.e. the victim of the spearfishing attack, then you probably do care about the next generation capabilities. Maybe an IPS or a botnet detector to look for outbound CNC. You certainly want to be able to correlate it then back to LDAP or Active Directory or some sort of user source.