Episode: 085
Title: Proximity Security
Aired: May 15, 2018
Featured Segments: Proximity Security
Synopsis:
Bret Piatt, CTR Host, and Bill Alderson, HopZero CTO, discuss proximity security.
Follow Us & Stay Informed:
Bret Piatt (left), Bill Alderson (right)
Tweet us: @cybertalkradio, @bpiatt, @packetman007 / Stream on iHeartRadio: Android or iOS
Transcript:
00:00:01 [Music] 00:00:06 [Music] 00:00:06 [Music] from the dark web to your radio dial you 00:00:09 from the dark web to your radio dial you 00:00:09 from the dark web to your radio dial you were listening to cyber talk radio on 00:00:11 were listening to cyber talk radio on 00:00:11 were listening to cyber talk radio on news 1200 WOAI 00:00:18 00:00:18 [Music] 00:00:28 00:00:28 welcome to cyber talk radio 00:00:30 welcome to cyber talk radio 00:00:30 welcome to cyber talk radio I'm your host Bret Pyatt the 20 year 00:00:32 I'm your host Bret Pyatt the 20 year 00:00:32 I'm your host Bret Pyatt the 20 year internet security veteran this week 00:00:35 internet security veteran this week 00:00:35 internet security veteran this week we're gonna be talking we're gonna title 00:00:36 we're gonna be talking we're gonna title 00:00:36 we're gonna be talking we're gonna title the episode proximity security but we'll 00:00:38 the episode proximity security but we'll 00:00:38 the episode proximity security but we'll be talking about how packets go across 00:00:40 be talking about how packets go across 00:00:40 be talking about how packets go across the internet we're gonna get a little 00:00:42 the internet we're gonna get a little 00:00:42 the internet we're gonna get a little nerdy so stick with us but we'll work 00:00:45 nerdy so stick with us but we'll work 00:00:45 nerdy so stick with us but we'll work through the intro to explain why this 00:00:47 through the intro to explain why this 00:00:47 through the intro to explain why this matters too to everyone out there and 00:00:49 matters too to everyone out there and 00:00:49 matters too to everyone out there and then for the engineers or other folks 00:00:52 then for the engineers or other folks 00:00:52 then for the engineers or other folks like us out in the audience we're gonna 00:00:54 like us out in the audience we're gonna 00:00:54 like us out in the audience we're gonna explain some novel stuff that my guest 00:00:57 explain some novel stuff that my guest 00:00:57 explain some novel stuff that my guest and his company are working on so bill 00:00:59 and his company are working on so bill 00:00:59 and his company are working on so bill thank you for joining us today 00:01:01 thank you for joining us today 00:01:01 thank you for joining us today absolutely pleasure to be here and to 00:01:03 absolutely pleasure to be here and to 00:01:03 absolutely pleasure to be here and to talk about our new product yeah so bill 00:01:07 talk about our new product yeah so bill 00:01:07 talk about our new product yeah so bill go ahead and share a little bit about 00:01:08 go ahead and share a little bit about 00:01:09 go ahead and share a little bit about your background and then and kind of 00:01:10 your background and then and kind of 00:01:10 your background and then and kind of what led you to the the founding of hop 00:01:13 what led you to the the founding of hop 00:01:13 what led you to the the founding of hop zero well I've done a lot of work in the 00:01:17 zero well I've done a lot of work in the 00:01:17 zero well I've done a lot of work in the military space and I was actually 00:01:19 military space and I was actually 00:01:19 military space and I was actually talking at a military cyber symposium 00:01:22 talking at a military cyber symposium 00:01:22 talking at a military cyber symposium conference just outside of st. Louis on 00:01:25 conference just outside of st. Louis on 00:01:25 conference just outside of st. Louis on June 28 2016 while I was waiting my turn 00:01:31 June 28 2016 while I was waiting my turn 00:01:31 June 28 2016 while I was waiting my turn to speak I was listening to other 00:01:33 to speak I was listening to other 00:01:33 to speak I was listening to other speakers generals and other leaders in 00:01:35 speakers generals and other leaders in 00:01:35 speakers generals and other leaders in the military complex bemoaning how state 00:01:39 the military complex bemoaning how state 00:01:39 the military complex bemoaning how state actors and other folks are basically 00:01:42 actors and other folks are basically 00:01:42 actors and other folks are basically eating their lunch getting into their 00:01:44 eating their lunch getting into their 00:01:45 eating their lunch getting into their data exfiltrating it and I said to 00:01:48 data exfiltrating it and I said to 00:01:48 data exfiltrating it and I said to myself at that moment I can fix this so 00:01:52 myself at that moment I can fix this so 00:01:52 myself at that moment I can fix this so the next day June 29th I began work on 00:01:56 the next day June 29th I began work on 00:01:56 the next day June 29th I began work on the patent for hop sphere radius 00:01:58 the patent for hop sphere radius 00:01:58 the patent for hop sphere radius security which limits how far data 00:02:02 security which limits how far data 00:02:02 security which limits how far data packets can travel so we're gonna go 00:02:05 packets can travel so we're gonna go 00:02:05 packets can travel so we're gonna go ahead and see if we can do a radio 00:02:07 ahead and see if we can do a radio 00:02:07 ahead and see if we can do a radio explanation of this so and I'll I'll do 00:02:10 explanation of this so and I'll I'll do 00:02:10 explanation of this so and I'll I'll do my understanding and then you can reach 00:02:12 my understanding and then you can reach 00:02:12 my understanding and then you can reach over and knock me on the head if I get 00:02:14 over and knock me on the head if I get 00:02:14 over and knock me on the head if I get some errors here so I think everyone out 00:02:17 some errors here so I think everyone out 00:02:17 some errors here so I think everyone out there and our listening audience has 00:02:18 there and our listening audience has 00:02:18 there and our listening audience has used a web browser before and visited a 00:02:20 used a web browser before and visited a 00:02:20 used a web browser before and visited a website so if you're going from your 00:02:21 website so if you're going from your 00:02:21 website so if you're going from your cell phone to that website or your 00:02:23 cell phone to that website or your 00:02:23 cell phone to that website or your computer to a website you're also 00:02:26 computer to a website you're also 00:02:26 computer to a website you're also probably experienced at your house or 00:02:28 probably experienced at your house or 00:02:28 probably experienced at your house or your office there's some router or cable 00:02:30 your office there's some router or cable 00:02:30 your office there's some router or cable modem or some other thing there so if 00:02:33 modem or some other thing there so if 00:02:33 modem or some other thing there so if you think about going from your phone or 00:02:35 you think about going from your phone or 00:02:35 you think about going from your phone or your computer to that first router 00:02:37 your computer to that first router 00:02:37 your computer to that first router that's a hop and as you go across the 00:02:40 that's a hop and as you go across the 00:02:40 that's a hop and as you go across the that device in your house or your office 00:02:43 that device in your house or your office 00:02:43 that device in your house or your office connects up to something that your 00:02:45 connects up to something that your 00:02:45 connects up to something that your internet provider has that they call 00:02:47 internet provider has that they call 00:02:47 internet provider has that they call that their edge device but that's 00:02:48 that their edge device but that's 00:02:48 that their edge device but that's another hop and if you bounce across 00:02:50 another hop and if you bounce across 00:02:50 another hop and if you bounce across from here to all let's say central China 00:02:53 from here to all let's say central China 00:02:53 from here to all let's say central China you might go for 22 hops but if you're 00:02:55 you might go for 22 hops but if you're 00:02:55 you might go for 22 hops but if you're gonna go from say here in San Antonio 00:02:57 gonna go from say here in San Antonio 00:02:57 gonna go from say here in San Antonio where we're broadcasting cyber talk 00:02:59 where we're broadcasting cyber talk 00:02:59 where we're broadcasting cyber talk radio and if you're listening to us on I 00:03:00 radio and if you're listening to us on I 00:03:00 radio and if you're listening to us on I heart streaming thank you very much for 00:03:02 heart streaming thank you very much for 00:03:03 heart streaming thank you very much for listening outside the audience if you're 00:03:04 listening outside the audience if you're 00:03:04 listening outside the audience if you're on 1200 W AI we appreciate our wonderful 00:03:08 on 1200 W AI we appreciate our wonderful 00:03:08 on 1200 W AI we appreciate our wonderful live listening audience they're on a 00:03:09 live listening audience they're on a 00:03:09 live listening audience they're on a great AM radio as well if you're going 00:03:12 great AM radio as well if you're going 00:03:12 great AM radio as well if you're going maybe to that iHeartRadio website which 00:03:14 maybe to that iHeartRadio website which 00:03:14 maybe to that iHeartRadio website which is here in the US you might be going for 00:03:16 is here in the US you might be going for 00:03:16 is here in the US you might be going for six hops or eight hops or ten hops but 00:03:18 six hops or eight hops or ten hops but 00:03:18 six hops or eight hops or ten hops but you're certainly not going twenty two 00:03:20 you're certainly not going twenty two 00:03:20 you're certainly not going twenty two hops so even those nation-state actors 00:03:24 hops so even those nation-state actors 00:03:24 hops so even those nation-state actors if I was a government in across one of 00:03:28 if I was a government in across one of 00:03:28 if I was a government in across one of the oceans from the US do I have control 00:03:30 the oceans from the US do I have control 00:03:30 the oceans from the US do I have control over the number of hops packet goes 00:03:32 over the number of hops packet goes 00:03:32 over the number of hops packet goes across the internet as a state nation no 00:03:35 across the internet as a state nation no 00:03:35 across the internet as a state nation no yeah the Internet is is filled with 00:03:38 yeah the Internet is is filled with 00:03:38 yeah the Internet is is filled with really millions of routers you have one 00:03:42 really millions of routers you have one 00:03:42 really millions of routers you have one in your home we have one in our 00:03:44 in your home we have one in our 00:03:44 in your home we have one in our businesses and those state actors have 00:03:46 businesses and those state actors have 00:03:46 businesses and those state actors have them there but because there are 00:03:49 them there but because there are 00:03:49 them there but because there are millions of routers there's still a path 00:03:51 millions of routers there's still a path 00:03:51 millions of routers there's still a path between any two locations on the 00:03:54 between any two locations on the 00:03:54 between any two locations on the internet which is typically less than 40 00:03:57 internet which is typically less than 40 00:03:57 internet which is typically less than 40 hops so anytime you have less than 40 00:04:02 hops so anytime you have less than 40 00:04:02 hops so anytime you have less than 40 hops you are not communicating to the 00:04:05 hops you are not communicating to the 00:04:05 hops you are not communicating to the entire world if you have like default 00:04:09 entire world if you have like default 00:04:09 entire world if you have like default settings for Microsoft is a hundred and 00:04:12 settings for Microsoft is a hundred and 00:04:12 settings for Microsoft is a hundred and twenty-eight hops or Oracle databases 00:04:15 twenty-eight hops or Oracle databases 00:04:15 twenty-eight hops or Oracle databases which are at 255 hops Linux is down at 00:04:19 which are at 255 hops Linux is down at 00:04:19 which are at 255 hops Linux is down at 64 hops so any of those devices in their 00:04:23 64 hops so any of those devices in their 00:04:23 64 hops so any of those devices in their default configuration out of the box 00:04:26 default configuration out of the box 00:04:26 default configuration out of the box they can communicate around the world 00:04:28 they can communicate around the world 00:04:29 they can communicate around the world yeah they can 64 hops away as well will 00:04:32 yeah they can 64 hops away as well will 00:04:32 yeah they can 64 hops away as well will get you anywhere with quite a bit of 00:04:33 get you anywhere with quite a bit of 00:04:33 get you anywhere with quite a bit of margin of error this hop setting in for 00:04:37 margin of error this hop setting in for 00:04:37 margin of error this hop setting in for for those listening it we're trying to 00:04:39 for those listening it we're trying to 00:04:39 for those listening it we're trying to learn a little more about this so you've 00:04:40 learn a little more about this so you've 00:04:40 learn a little more about this so you've probably heard of tcp/ip before and the 00:04:44 probably heard of tcp/ip before and the 00:04:44 probably heard of tcp/ip before and the IP that / IP the second part of that is 00:04:47 IP that / IP the second part of that is 00:04:47 IP that / IP the second part of that is actually the the base protocol that's 00:04:49 actually the the base protocol that's 00:04:49 actually the the base protocol that's the what's called the Internet Protocol 00:04:50 the what's called the Internet Protocol 00:04:51 the what's called the Internet Protocol inside of that IP packet 00:04:53 inside of that IP packet 00:04:53 inside of that IP packet there's a header and in that header 00:04:55 there's a header and in that header 00:04:55 there's a header and in that header there's that field for the hop count so 00:04:58 there's that field for the hop count so 00:04:58 there's that field for the hop count so what this prevents is if you end up with 00:05:00 what this prevents is if you end up with 00:05:00 what this prevents is if you end up with a loop on the Internet to where some 00:05:02 a loop on the Internet to where some 00:05:02 a loop on the Internet to where some device was routing improperly and it was 00:05:06 device was routing improperly and it was 00:05:06 device was routing improperly and it was bouncing back and forth this keeps those 00:05:08 bouncing back and forth this keeps those 00:05:08 bouncing back and forth this keeps those packets that were trying to travel to 00:05:10 packets that were trying to travel to 00:05:10 packets that were trying to travel to that destination that gets stuck in the 00:05:12 that destination that gets stuck in the 00:05:12 that destination that gets stuck in the loop from bouncing around forever so 00:05:14 loop from bouncing around forever so 00:05:14 loop from bouncing around forever so that the hops will eventually expire of 00:05:17 that the hops will eventually expire of 00:05:17 that the hops will eventually expire of 64 128 256 posed to an attack surface 00:05:44 64 128 256 posed to an attack surface 00:05:44 64 128 256 posed to an attack surface that is the entire world the entire 00:05:47 that is the entire world the entire 00:05:47 that is the entire world the entire internet we reduce the attack surface of 00:05:50 internet we reduce the attack surface of 00:05:50 internet we reduce the attack surface of these devices so that they can't be 00:05:53 these devices so that they can't be 00:05:53 these devices so that they can't be communicated to nor can they communicate 00:05:56 communicated to nor can they communicate 00:05:56 communicated to nor can they communicate from yeah so as an example with that 00:05:59 from yeah so as an example with that 00:05:59 from yeah so as an example with that Oracle database so say if we were only 00:06:03 Oracle database so say if we were only 00:06:03 Oracle database so say if we were only supposed to be communicating with that 00:06:05 supposed to be communicating with that 00:06:05 supposed to be communicating with that database via computers connected to its 00:06:09 database via computers connected to its 00:06:09 database via computers connected to its local segment on a VPN or other hosts 00:06:13 local segment on a VPN or other hosts 00:06:13 local segment on a VPN or other hosts across maybe a secured zone but no more 00:06:17 across maybe a secured zone but no more 00:06:17 across maybe a secured zone but no more than one other network away you could 00:06:19 than one other network away you could 00:06:19 than one other network away you could lower that hop count down from 255 to 4 00:06:25 lower that hop count down from 255 to 4 00:06:25 lower that hop count down from 255 to 4 or 3 and it would stop those database 00:06:29 or 3 and it would stop those database 00:06:29 or 3 and it would stop those database packets from getting out onto the 00:06:30 packets from getting out onto the 00:06:30 packets from getting out onto the Internet they would just expire and the 00:06:32 Internet they would just expire and the 00:06:32 Internet they would just expire and the router would drop them precisely that is 00:06:35 router would drop them precisely that is 00:06:35 router would drop them precisely that is the most powerful capability is changing 00:06:38 the most powerful capability is changing 00:06:38 the most powerful capability is changing that 255 hop count on an Oracle database 00:06:43 that 255 hop count on an Oracle database 00:06:43 that 255 hop count on an Oracle database that contains sock data PCI data PII 00:06:49 that contains sock data PCI data PII 00:06:49 that contains sock data PCI data PII information health information you 00:06:52 information health information you 00:06:52 information health information you change that from its default setting 00:06:55 change that from its default setting 00:06:55 change that from its default setting down to like you said for if there's 4 00:06:58 down to like you said for if there's 4 00:06:58 down to like you said for if there's 4 routers in the data center and we have a 00:07:02 routers in the data center and we have a 00:07:02 routers in the data center and we have a hop count of 4 it decrements through 00:07:05 hop count of 4 it decrements through 00:07:05 hop count of 4 it decrements through each router and 00:07:07 each router and 00:07:07 each router and decrements to 0 when the hop reaches 0 00:07:10 decrements to 0 when the hop reaches 0 00:07:10 decrements to 0 when the hop reaches 0 that's why we named our company hop 0 is 00:07:13 that's why we named our company hop 0 is 00:07:13 that's why we named our company hop 0 is because when the hop reaches 0 the 00:07:16 because when the hop reaches 0 the 00:07:16 because when the hop reaches 0 the packet is destroyed by every router ever 00:07:20 packet is destroyed by every router ever 00:07:20 packet is destroyed by every router ever made it is part of IP and what makes it 00:07:24 made it is part of IP and what makes it 00:07:24 made it is part of IP and what makes it work so we don't have to put any 00:07:26 work so we don't have to put any 00:07:26 work so we don't have to put any software on any routers or anything in 00:07:28 software on any routers or anything in 00:07:28 software on any routers or anything in fact that Oracle database we don't have 00:07:32 fact that Oracle database we don't have 00:07:32 fact that Oracle database we don't have to put any software on that Oracle 00:07:34 to put any software on that Oracle 00:07:34 to put any software on that Oracle database either all we do is change that 00:07:37 database either all we do is change that 00:07:37 database either all we do is change that value in the operating system so that it 00:07:41 value in the operating system so that it 00:07:41 value in the operating system so that it will only communicate for routers deep 00:07:45 will only communicate for routers deep 00:07:45 will only communicate for routers deep yeah and and so I've got some real 00:07:49 yeah and and so I've got some real 00:07:49 yeah and and so I've got some real security geeks and insists admins out 00:07:52 security geeks and insists admins out 00:07:52 security geeks and insists admins out there in the audience they go well why 00:07:53 there in the audience they go well why 00:07:53 there in the audience they go well why don't I just go change this on my 00:07:54 don't I just go change this on my 00:07:54 don't I just go change this on my database server by myself like it sounds 00:07:56 database server by myself like it sounds 00:07:56 database server by myself like it sounds like I should just do this right now 00:07:58 like I should just do this right now 00:07:58 like I should just do this right now great idea but it's not that hard is it 00:08:02 great idea but it's not that hard is it 00:08:02 great idea but it's not that hard is it actually you can do it and I encourage 00:08:05 actually you can do it and I encourage 00:08:05 actually you can do it and I encourage you to do it and as a matter of fact as 00:08:07 you to do it and as a matter of fact as 00:08:07 you to do it and as a matter of fact as soon as you've got about 10 or 15 set 00:08:10 soon as you've got about 10 or 15 set 00:08:10 soon as you've got about 10 or 15 set like that and there's one little bump 00:08:12 like that and there's one little bump 00:08:12 like that and there's one little bump because something does go awry somewhere 00:08:15 because something does go awry somewhere 00:08:15 because something does go awry somewhere and the hops increase for a little bit 00:08:17 and the hops increase for a little bit 00:08:17 and the hops increase for a little bit our system will find that and adjust for 00:08:22 our system will find that and adjust for 00:08:22 our system will find that and adjust for those and we will monitor for anything 00:08:26 those and we will monitor for anything 00:08:26 those and we will monitor for anything trying to escape beyond it so we really 00:08:29 trying to escape beyond it so we really 00:08:29 trying to escape beyond it so we really want people to go set the hop count 00:08:32 want people to go set the hop count 00:08:32 want people to go set the hop count because after you do it on 10 or 15 00:08:35 because after you do it on 10 or 15 00:08:35 because after you do it on 10 or 15 stations you'll be calling us up and 00:08:37 stations you'll be calling us up and 00:08:37 stations you'll be calling us up and asking us for that additional software 00:08:40 asking us for that additional software 00:08:40 asking us for that additional software that does all the kind of like how I 00:08:41 that does all the kind of like how I 00:08:41 that does all the kind of like how I oughta made it exactly yeah so as you 00:08:47 oughta made it exactly yeah so as you 00:08:47 oughta made it exactly yeah so as you were digging through working on this 00:08:48 were digging through working on this 00:08:48 were digging through working on this idea and you realized like no one has 00:08:53 idea and you realized like no one has 00:08:53 idea and you realized like no one has done this before what was that kind of 00:08:55 done this before what was that kind of 00:08:55 done this before what was that kind of epiphany moment of like this is a real 00:08:57 epiphany moment of like this is a real 00:08:57 epiphany moment of like this is a real kind of clean easy way to increase 00:09:01 kind of clean easy way to increase 00:09:01 kind of clean easy way to increase security to make the attack surface 00:09:04 security to make the attack surface 00:09:04 security to make the attack surface smaller to add attackers another hurdle 00:09:07 smaller to add attackers another hurdle 00:09:07 smaller to add attackers another hurdle they have to overcome and you're 00:09:09 they have to overcome and you're 00:09:09 they have to overcome and you're thinking and what was that that epiphany 00:09:11 thinking and what was that that epiphany 00:09:11 thinking and what was that that epiphany moment when it came through and what was 00:09:13 moment when it came through and what was 00:09:13 moment when it came through and what was going through your head well at that 00:09:15 going through your head well at that 00:09:15 going through your head well at that time that I decided that I was going to 00:09:19 time that I decided that I was going to 00:09:19 time that I decided that I was going to write the 00:09:20 write the 00:09:20 write the patent I had already known for many 00:09:24 patent I had already known for many 00:09:24 patent I had already known for many years how I pee hop count worked I've 00:09:28 years how I pee hop count worked I've 00:09:28 years how I pee hop count worked I've trained 50,000 technologists in 27 00:09:32 trained 50,000 technologists in 27 00:09:32 trained 50,000 technologists in 27 countries on network forensics so I had 00:09:37 countries on network forensics so I had 00:09:37 countries on network forensics so I had presented the what a hop count is and 00:09:41 presented the what a hop count is and 00:09:41 presented the what a hop count is and how those fields are and teaching people 00:09:44 how those fields are and teaching people 00:09:44 how those fields are and teaching people how to use Wireshark to look at that 00:09:47 how to use Wireshark to look at that 00:09:47 how to use Wireshark to look at that metric and that sort of thing for many 00:09:49 metric and that sort of thing for many 00:09:49 metric and that sort of thing for many many years however it wasn't until 00:09:53 many years however it wasn't until 00:09:53 many years however it wasn't until security became such a huge problem that 00:09:57 security became such a huge problem that 00:09:57 security became such a huge problem that you no longer wanted your hop count to 00:10:01 you no longer wanted your hop count to 00:10:01 you no longer wanted your hop count to be enough to go around the world now you 00:10:03 be enough to go around the world now you 00:10:03 be enough to go around the world now you were looking at saying hey man we we 00:10:07 were looking at saying hey man we we 00:10:07 were looking at saying hey man we we don't want to communicate to North Korea 00:10:10 don't want to communicate to North Korea 00:10:10 don't want to communicate to North Korea and to other places on the on the globe 00:10:12 and to other places on the on the globe 00:10:12 and to other places on the on the globe we want to restrict how far we 00:10:14 we want to restrict how far we 00:10:14 we want to restrict how far we communicate and that's when it really 00:10:17 communicate and that's when it really 00:10:17 communicate and that's when it really dawned on me that the firewall with all 00:10:21 dawned on me that the firewall with all 00:10:21 dawned on me that the firewall with all of its capabilities isn't able to limit 00:10:24 of its capabilities isn't able to limit 00:10:24 of its capabilities isn't able to limit the distance so whereas the firewalls 00:10:27 the distance so whereas the firewalls 00:10:27 the distance so whereas the firewalls take care of keeping things in or 00:10:30 take care of keeping things in or 00:10:30 take care of keeping things in or keeping things out 00:10:31 keeping things out 00:10:31 keeping things out hops zeros solution limits how far data 00:10:35 hops zeros solution limits how far data 00:10:35 hops zeros solution limits how far data can travel yeah and so speaking of 00:10:38 can travel yeah and so speaking of 00:10:38 can travel yeah and so speaking of firewalls so why wouldn't I just if I 00:10:40 firewalls so why wouldn't I just if I 00:10:40 firewalls so why wouldn't I just if I didn't want to talk to China it doesn't 00:10:42 didn't want to talk to China it doesn't 00:10:42 didn't want to talk to China it doesn't China some set of IP addresses wouldn't 00:10:44 China some set of IP addresses wouldn't 00:10:44 China some set of IP addresses wouldn't I just go block all of those that is 00:10:46 I just go block all of those that is 00:10:46 I just go block all of those that is correct you can use geo IP in the 00:10:51 correct you can use geo IP in the 00:10:51 correct you can use geo IP in the firewall and say anything that's in 00:10:54 firewall and say anything that's in 00:10:54 firewall and say anything that's in China by virtue of its IP ranges that 00:10:58 China by virtue of its IP ranges that 00:10:58 China by virtue of its IP ranges that Diana gave to them etc you you can 00:11:02 Diana gave to them etc you you can 00:11:02 Diana gave to them etc you you can restrict where your packets go now the 00:11:05 restrict where your packets go now the 00:11:05 restrict where your packets go now the trouble is is that sometimes there are 00:11:08 trouble is is that sometimes there are 00:11:08 trouble is is that sometimes there are applications that need to go to China 00:11:11 applications that need to go to China 00:11:11 applications that need to go to China and certain providers web providers and 00:11:17 and certain providers web providers and 00:11:17 and certain providers web providers and and and the like have things that are in 00:11:20 and and the like have things that are in 00:11:20 and and the like have things that are in China and you do need to communicate so 00:11:23 China and you do need to communicate so 00:11:23 China and you do need to communicate so when you hit that bit and say absolutely 00:11:26 when you hit that bit and say absolutely 00:11:26 when you hit that bit and say absolutely nothing from China you now may have 00:11:29 nothing from China you now may have 00:11:29 nothing from China you now may have stopped a service like GoToMeeting may 00:11:33 stopped a service like GoToMeeting may 00:11:33 stopped a service like GoToMeeting may not work anymore 00:11:34 not work anymore 00:11:34 not work anymore or some other application so although 00:11:37 or some other application so although 00:11:37 or some other application so although that does work and it is a good solution 00:11:40 that does work and it is a good solution 00:11:40 that does work and it is a good solution it doesn't work in every single case and 00:11:43 it doesn't work in every single case and 00:11:43 it doesn't work in every single case and when we set hop count we set it on an 00:11:46 when we set hop count we set it on an 00:11:46 when we set hop count we set it on an individual device basis not on a global 00:11:50 individual device basis not on a global 00:11:50 individual device basis not on a global basis yeah and we can even set it by 00:11:53 basis yeah and we can even set it by 00:11:53 basis yeah and we can even set it by port so a cool thing about setting it by 00:11:57 port so a cool thing about setting it by 00:11:57 port so a cool thing about setting it by port is that let's say you have a web 00:11:59 port is that let's say you have a web 00:11:59 port is that let's say you have a web server the web server you want to reach 00:12:02 server the web server you want to reach 00:12:02 server the web server you want to reach the entire globe however you don't want 00:12:05 the entire globe however you don't want 00:12:05 the entire globe however you don't want port 22 which is the SSH port which you 00:12:10 port 22 which is the SSH port which you 00:12:10 port 22 which is the SSH port which you can get access to the root functions of 00:12:12 can get access to the root functions of 00:12:12 can get access to the root functions of the box and control it you don't want 00:12:15 the box and control it you don't want 00:12:15 the box and control it you don't want that port 22 going around the globe No 00:12:18 that port 22 going around the globe No 00:12:18 that port 22 going around the globe No so you're gonna restrict port 22 and 00:12:21 so you're gonna restrict port 22 and 00:12:21 so you're gonna restrict port 22 and allow port 80 in port 443 to be able to 00:12:26 allow port 80 in port 443 to be able to 00:12:26 allow port 80 in port 443 to be able to go around the globe yeah that is you you 00:12:29 go around the globe yeah that is you you 00:12:29 go around the globe yeah that is you you get out for those that have not been in 00:12:31 get out for those that have not been in 00:12:31 get out for those that have not been in hands on managing firewall policies as 00:12:33 hands on managing firewall policies as 00:12:33 hands on managing firewall policies as soon as you start trying to have IP 00:12:35 soon as you start trying to have IP 00:12:35 soon as you start trying to have IP exclusion ranges by port and protocol 00:12:38 exclusion ranges by port and protocol 00:12:38 exclusion ranges by port and protocol and individual server and system you end 00:12:40 and individual server and system you end 00:12:40 and individual server and system you end up with a firewall rule set that is 00:12:42 up with a firewall rule set that is 00:12:42 up with a firewall rule set that is unwieldy and unmanageable so as is you 00:12:44 unwieldy and unmanageable so as is you 00:12:44 unwieldy and unmanageable so as is you you start thinking through some of these 00:12:46 you start thinking through some of these 00:12:46 you start thinking through some of these simple scenarios in your head you're 00:12:47 simple scenarios in your head you're 00:12:47 simple scenarios in your head you're going well I could just do this I could 00:12:49 going well I could just do this I could 00:12:49 going well I could just do this I could just do that there's a reason that those 00:12:52 just do that there's a reason that those 00:12:52 just do that there's a reason that those things don't necessarily work so if 00:12:55 things don't necessarily work so if 00:12:55 things don't necessarily work so if you're listening to us live in the radio 00:12:57 you're listening to us live in the radio 00:12:57 you're listening to us live in the radio you are on 1200 w ai this is cyber talk 00:13:01 you are on 1200 w ai this is cyber talk 00:13:01 you are on 1200 w ai this is cyber talk radio and we're talking cyber security 00:13:03 radio and we're talking cyber security 00:13:03 radio and we're talking cyber security if you are listening to us on I heart 00:13:06 if you are listening to us on I heart 00:13:06 if you are listening to us on I heart streaming thank you for joining us there 00:13:07 streaming thank you for joining us there 00:13:07 streaming thank you for joining us there and if you happen to be on your iPhone 00:13:10 and if you happen to be on your iPhone 00:13:10 and if you happen to be on your iPhone or Android device streaming our podcast 00:13:12 or Android device streaming our podcast 00:13:12 or Android device streaming our podcast thank you for joining in to listen and 00:13:15 thank you for joining in to listen and 00:13:15 thank you for joining in to listen and be part of our audience there you can 00:13:17 be part of our audience there you can 00:13:17 be part of our audience there you can also follow us on twitter at cyber talk 00:13:19 also follow us on twitter at cyber talk 00:13:19 also follow us on twitter at cyber talk radio you can find us on Facebook or on 00:13:22 radio you can find us on Facebook or on 00:13:22 radio you can find us on Facebook or on our web site at WWF or a do comm we've 00:13:26 our web site at WWF or a do comm we've 00:13:26 our web site at WWF or a do comm we've been talking about network hop count and 00:13:28 been talking about network hop count and 00:13:28 been talking about network hop count and a the patent and some of the work that 00:13:29 a the patent and some of the work that 00:13:29 a the patent and some of the work that bill is doing with his company hop zero 00:13:32 bill is doing with his company hop zero 00:13:32 bill is doing with his company hop zero so you've made the drive into San 00:13:35 so you've made the drive into San 00:13:35 so you've made the drive into San Antonio this morning down i-35 coming 00:13:38 Antonio this morning down i-35 coming 00:13:38 Antonio this morning down i-35 coming this way so you guys are headquartered 00:13:39 this way so you guys are headquartered 00:13:39 this way so you guys are headquartered up in Austin Texas that's right we are 00:13:42 up in Austin Texas that's right we are 00:13:42 up in Austin Texas that's right we are headquartered in Austin Texas and we 00:13:44 headquartered in Austin Texas and we 00:13:44 headquartered in Austin Texas and we actually office out of the 00:13:47 actually office out of the 00:13:47 actually office out of the Concordia University incubator there 00:13:50 Concordia University incubator there 00:13:50 Concordia University incubator there it's called CTX incubator so you've been 00:13:52 it's called CTX incubator so you've been 00:13:52 it's called CTX incubator so you've been all over the world as you'd said earlier 00:13:54 all over the world as you'd said earlier 00:13:54 all over the world as you'd said earlier training folks on these things how did 00:13:55 training folks on these things how did 00:13:55 training folks on these things how did you end up in Austin Texas in 2005 net 00:14:01 you end up in Austin Texas in 2005 net 00:14:01 you end up in Austin Texas in 2005 net QoS a performance company that was later 00:14:05 QoS a performance company that was later 00:14:05 QoS a performance company that was later bought by Computer Associates or CA 00:14:08 bought by Computer Associates or CA 00:14:08 bought by Computer Associates or CA Technologies bought my company that I 00:14:12 Technologies bought my company that I 00:14:12 Technologies bought my company that I had run for 16 years training tens of 00:14:15 had run for 16 years training tens of 00:14:15 had run for 16 years training tens of thousands of people and certifying 3,000 00:14:19 thousands of people and certifying 3,000 00:14:19 thousands of people and certifying 3,000 certified net analysts and when they 00:14:22 certified net analysts and when they 00:14:22 certified net analysts and when they bought the company that kind of meant 00:14:24 bought the company that kind of meant 00:14:24 bought the company that kind of meant that I was going to have to move out of 00:14:26 that I was going to have to move out of 00:14:26 that I was going to have to move out of my home state of California where my 00:14:29 my home state of California where my 00:14:29 my home state of California where my family has been since the mid 1800s just 00:14:32 family has been since the mid 1800s just 00:14:32 family has been since the mid 1800s just south of Monterey on the Monterey coast 00:14:34 south of Monterey on the Monterey coast 00:14:34 south of Monterey on the Monterey coast to Texas and I thought okay I can do 00:14:38 to Texas and I thought okay I can do 00:14:38 to Texas and I thought okay I can do this for a little while well it turned 00:14:41 this for a little while well it turned 00:14:41 this for a little while well it turned out to be a fabulous place and then 00:14:44 out to be a fabulous place and then 00:14:44 out to be a fabulous place and then later on after I moved here the company 00:14:46 later on after I moved here the company 00:14:46 later on after I moved here the company got sold to CA and that kind of freed me 00:14:51 got sold to CA and that kind of freed me 00:14:51 got sold to CA and that kind of freed me up to go wherever I wanted I ended up 00:14:52 up to go wherever I wanted I ended up 00:14:52 up to go wherever I wanted I ended up moving back to California and just six 00:14:55 moving back to California and just six 00:14:55 moving back to California and just six months ago because all the development 00:14:57 months ago because all the development 00:14:57 months ago because all the development people that I know so well the experts 00:15:00 people that I know so well the experts 00:15:00 people that I know so well the experts in processing this type of data we're 00:15:04 in processing this type of data we're 00:15:04 in processing this type of data we're here in Austin and so I moved back 00:15:06 here in Austin and so I moved back 00:15:06 here in Austin and so I moved back purposefully to take advantage of the 00:15:08 purposefully to take advantage of the 00:15:08 purposefully to take advantage of the great people who were in the Austin area 00:15:10 great people who were in the Austin area 00:15:10 great people who were in the Austin area to help me build this company yeah so as 00:15:14 to help me build this company yeah so as 00:15:14 to help me build this company yeah so as you guys go through on the the startup 00:15:17 you guys go through on the the startup 00:15:17 you guys go through on the the startup path here so many of the folks out there 00:15:20 path here so many of the folks out there 00:15:20 path here so many of the folks out there I think are cyber security practitioners 00:15:22 I think are cyber security practitioners 00:15:22 I think are cyber security practitioners listening to this so starting your own 00:15:24 listening to this so starting your own 00:15:24 listening to this so starting your own cybersecurity product company so you had 00:15:26 cybersecurity product company so you had 00:15:26 cybersecurity product company so you had this patent this idea you knew some 00:15:29 this patent this idea you knew some 00:15:29 this patent this idea you knew some people that can do development and kind 00:15:31 people that can do development and kind 00:15:31 people that can do development and kind of help you build a team but how do you 00:15:32 of help you build a team but how do you 00:15:32 of help you build a team but how do you go from patent an idea to an actual 00:15:35 go from patent an idea to an actual 00:15:35 go from patent an idea to an actual business that's up and running very 00:15:37 business that's up and running very 00:15:37 business that's up and running very painfully even if you have an idea that 00:15:41 painfully even if you have an idea that 00:15:41 painfully even if you have an idea that sounds terrific and is terrific it still 00:15:45 sounds terrific and is terrific it still 00:15:45 sounds terrific and is terrific it still has to be brought into some reality you 00:15:49 has to be brought into some reality you 00:15:49 has to be brought into some reality you start by socializing it to some degree 00:15:52 start by socializing it to some degree 00:15:52 start by socializing it to some degree and of course you don't want to 00:15:54 and of course you don't want to 00:15:54 and of course you don't want to socialize things until you have your 00:15:57 socialize things until you have your 00:15:57 socialize things until you have your information patented 00:16:00 information patented 00:16:00 information patented so I waited until I had it patented and 00:16:03 so I waited until I had it patented and 00:16:03 so I waited until I had it patented and then I started talking about it blogging 00:16:06 then I started talking about it blogging 00:16:06 then I started talking about it blogging about it discussing it and socializing 00:16:10 about it discussing it and socializing 00:16:10 about it discussing it and socializing it with other technologists yeah and and 00:16:14 it with other technologists yeah and and 00:16:14 it with other technologists yeah and and so now you guys have been up and running 00:16:17 so now you guys have been up and running 00:16:17 so now you guys have been up and running for a couple of years now actually I 00:16:21 for a couple of years now actually I 00:16:21 for a couple of years now actually I have been up and running for a couple of 00:16:23 have been up and running for a couple of 00:16:23 have been up and running for a couple of years as the founder however I worked on 00:16:26 years as the founder however I worked on 00:16:26 years as the founder however I worked on the patents and started socializing it 00:16:29 the patents and started socializing it 00:16:29 the patents and started socializing it working with investors and people that 00:16:32 working with investors and people that 00:16:32 working with investors and people that could help me do it and actually in 00:16:35 could help me do it and actually in 00:16:35 could help me do it and actually in February of 2018 February 1st our team 00:16:39 February of 2018 February 1st our team 00:16:39 February of 2018 February 1st our team started there's four of us and that's 00:16:42 started there's four of us and that's 00:16:42 started there's four of us and that's actually our true start date per se of 00:16:46 actually our true start date per se of 00:16:46 actually our true start date per se of when we started really writing serious 00:16:48 when we started really writing serious 00:16:48 when we started really writing serious code other than prototypes yeah so as 00:16:51 code other than prototypes yeah so as 00:16:51 code other than prototypes yeah so as you get out in front of early adopter 00:16:54 you get out in front of early adopter 00:16:54 you get out in front of early adopter customers and you start talking to folks 00:16:57 customers and you start talking to folks 00:16:57 customers and you start talking to folks about this what are the reactions you're 00:16:58 about this what are the reactions you're 00:16:58 about this what are the reactions you're getting from some of the networking or 00:17:00 getting from some of the networking or 00:17:00 getting from some of the networking or security teams it's it's pretty 00:17:04 security teams it's it's pretty 00:17:04 security teams it's it's pretty eye-opening when I explain what we're 00:17:06 eye-opening when I explain what we're 00:17:06 eye-opening when I explain what we're trying to accomplish whether it's the 00:17:10 trying to accomplish whether it's the 00:17:10 trying to accomplish whether it's the Cisco development team security team or 00:17:13 Cisco development team security team or 00:17:13 Cisco development team security team or junipers team or semantics team they 00:17:15 junipers team or semantics team they 00:17:15 junipers team or semantics team they come around and they start looking at it 00:17:18 come around and they start looking at it 00:17:18 come around and they start looking at it and they say so what is this and I 00:17:21 and they say so what is this and I 00:17:21 and they say so what is this and I explained how we're limiting how far 00:17:24 explained how we're limiting how far 00:17:24 explained how we're limiting how far data can travel by starving time to live 00:17:26 data can travel by starving time to live 00:17:26 data can travel by starving time to live and they look at themselves one another 00:17:29 and they look at themselves one another 00:17:29 and they look at themselves one another they look at me kind of with some 00:17:32 they look at me kind of with some 00:17:32 they look at me kind of with some curiosity and say why didn't someone 00:17:36 curiosity and say why didn't someone 00:17:36 curiosity and say why didn't someone else already do this yeah to wit I say I 00:17:40 else already do this yeah to wit I say I 00:17:40 else already do this yeah to wit I say I don't know but we're doing it now and 00:17:44 don't know but we're doing it now and 00:17:44 don't know but we're doing it now and it's very powerful and it's going to 00:17:47 it's very powerful and it's going to 00:17:47 it's very powerful and it's going to make a dent it's not going to change 00:17:49 make a dent it's not going to change 00:17:49 make a dent it's not going to change every everything but it's going to make 00:17:51 every everything but it's going to make 00:17:51 every everything but it's going to make a very serious dent our our objective is 00:17:56 a very serious dent our our objective is 00:17:56 a very serious dent our our objective is to stop the wholesale rating of 00:17:58 to stop the wholesale rating of 00:17:58 to stop the wholesale rating of America's data and the world's data so 00:18:02 America's data and the world's data so 00:18:02 America's data and the world's data so that everyone can keep their sovereign 00:18:05 that everyone can keep their sovereign 00:18:05 that everyone can keep their sovereign data there's yeah and and it's 00:18:09 data there's yeah and and it's 00:18:09 data there's yeah and and it's interesting as so I'd use the we talked 00:18:11 interesting as so I'd use the we talked 00:18:11 interesting as so I'd use the we talked a little bit about the how the Hopf 00:18:14 a little bit about the how the Hopf 00:18:14 a little bit about the how the Hopf stuff 00:18:14 stuff 00:18:14 stuff and if you think I'm an algae if you're 00:18:17 and if you think I'm an algae if you're 00:18:17 and if you think I'm an algae if you're out there listening still and not quite 00:18:19 out there listening still and not quite 00:18:19 out there listening still and not quite all the way up to speed so from air 00:18:22 all the way up to speed so from air 00:18:22 all the way up to speed so from air travel like you you think about I've got 00:18:24 travel like you you think about I've got 00:18:24 travel like you you think about I've got to go to one Airport and I've got to go 00:18:26 to go to one Airport and I've got to go 00:18:26 to go to one Airport and I've got to go to another Airport I've got to go to 00:18:27 to another Airport I've got to go to 00:18:27 to another Airport I've got to go to another Airport if you want to do stop 00:18:30 another Airport if you want to do stop 00:18:30 another Airport if you want to do stop people from flying from San Antonio 00:18:32 people from flying from San Antonio 00:18:32 people from flying from San Antonio Texas to the Middle East if they were 00:18:34 Texas to the Middle East if they were 00:18:34 Texas to the Middle East if they were only allowed to take direct flights 00:18:35 only allowed to take direct flights 00:18:35 only allowed to take direct flights you're not gonna be able to get there 00:18:37 you're not gonna be able to get there 00:18:37 you're not gonna be able to get there you can't fly on an airplane directly 00:18:40 you can't fly on an airplane directly 00:18:40 you can't fly on an airplane directly from San Antonio to Dubai 00:18:42 from San Antonio to Dubai 00:18:42 from San Antonio to Dubai you've got to hop and stop somewhere in 00:18:44 you've got to hop and stop somewhere in 00:18:44 you've got to hop and stop somewhere in between exactly and just another 00:18:48 between exactly and just another 00:18:48 between exactly and just another internet application that was one of the 00:18:50 internet application that was one of the 00:18:50 internet application that was one of the very first was BGP routers BGP routers 00:18:54 very first was BGP routers BGP routers 00:18:54 very first was BGP routers BGP routers have a hop of one when they broadcast 00:18:58 have a hop of one when they broadcast 00:18:58 have a hop of one when they broadcast their routes and that's purposeful so 00:19:01 their routes and that's purposeful so 00:19:01 their routes and that's purposeful so that they cannot peer with other than a 00:19:04 that they cannot peer with other than a 00:19:04 that they cannot peer with other than a direct adjacency they don't want to 00:19:07 direct adjacency they don't want to 00:19:07 direct adjacency they don't want to appear with some router that's across 00:19:10 appear with some router that's across 00:19:10 appear with some router that's across the world or across multiple other 00:19:13 the world or across multiple other 00:19:13 the world or across multiple other routers so they limit the hop count to 00:19:17 routers so they limit the hop count to 00:19:17 routers so they limit the hop count to one and that's one of the major 00:19:18 one and that's one of the major 00:19:18 one and that's one of the major applications of hop starvation is the 00:19:21 applications of hop starvation is the 00:19:21 applications of hop starvation is the bgp router only allowing one hop so they 00:19:26 bgp router only allowing one hop so they 00:19:26 bgp router only allowing one hop so they won't peer with other than adjacent 00:19:28 won't peer with other than adjacent 00:19:28 won't peer with other than adjacent peers yeah and and for for those that 00:19:33 peers yeah and and for for those that 00:19:33 peers yeah and and for for those that BGP is the way that all the different 00:19:36 BGP is the way that all the different 00:19:36 BGP is the way that all the different people out there on the Internet talk to 00:19:38 people out there on the Internet talk to 00:19:38 people out there on the Internet talk to each other so if I was AT&T isn't a 00:19:41 each other so if I was AT&T isn't a 00:19:41 each other so if I was AT&T isn't a service provider and maybe I was verizon 00:19:46 service provider and maybe I was verizon 00:19:46 service provider and maybe I was verizon they will appear with each other over 00:19:48 they will appear with each other over 00:19:48 they will appear with each other over BGP so it's it's kind of a low trust way 00:19:51 BGP so it's it's kind of a low trust way 00:19:51 BGP so it's it's kind of a low trust way to connect with each other you'd only 00:19:53 to connect with each other you'd only 00:19:53 to connect with each other you'd only have to advertise all the IP addresses 00:19:54 have to advertise all the IP addresses 00:19:54 have to advertise all the IP addresses that folks can reach through your 00:19:57 that folks can reach through your 00:19:57 that folks can reach through your network you don't have to share any 00:19:59 network you don't have to share any 00:19:59 network you don't have to share any topology or other details with somebody 00:20:01 topology or other details with somebody 00:20:01 topology or other details with somebody who might be a competitor it's 00:20:03 who might be a competitor it's 00:20:03 who might be a competitor it's interesting though BGP even with that 00:20:04 interesting though BGP even with that 00:20:04 interesting though BGP even with that hop count limiting is a frequent target 00:20:07 hop count limiting is a frequent target 00:20:07 hop count limiting is a frequent target of attacks there was one recently here 00:20:09 of attacks there was one recently here 00:20:09 of attacks there was one recently here the up in the Chicago area at a data 00:20:11 the up in the Chicago area at a data 00:20:11 the up in the Chicago area at a data center peering where Amazon's route 53 00:20:14 center peering where Amazon's route 53 00:20:14 center peering where Amazon's route 53 DNS service got hijacked for a couple of 00:20:16 DNS service got hijacked for a couple of 00:20:16 DNS service got hijacked for a couple of hours over a BGP 00:20:18 hours over a BGP 00:20:18 hours over a BGP attack so it's one of if you are curious 00:20:22 attack so it's one of if you are curious 00:20:22 attack so it's one of if you are curious to learn a little bit more about BGP 00:20:24 to learn a little bit more about BGP 00:20:24 to learn a little bit more about BGP there's a recent article there was a 00:20:25 there's a recent article there was a 00:20:25 there's a recent article there was a plenty written up about that attack 00:20:27 plenty written up about that attack 00:20:27 plenty written up about that attack on amazon's route 53 dns service that's 00:20:31 on amazon's route 53 dns service that's 00:20:31 on amazon's route 53 dns service that's a good one to get started and then you 00:20:33 a good one to get started and then you 00:20:33 a good one to get started and then you could go down a rabbit hole at bgp 00:20:35 could go down a rabbit hole at bgp 00:20:35 could go down a rabbit hole at bgp attacks for the rest of your life just 00:20:36 attacks for the rest of your life just 00:20:36 attacks for the rest of your life just like every other kind of protocol out 00:20:38 like every other kind of protocol out 00:20:38 like every other kind of protocol out there it's very interesting I did a 00:20:41 there it's very interesting I did a 00:20:41 there it's very interesting I did a study on my own internet connection and 00:20:45 study on my own internet connection and 00:20:45 study on my own internet connection and what I found was over the period of 00:20:48 what I found was over the period of 00:20:48 what I found was over the period of about eight hours I had two thousand one 00:20:51 about eight hours I had two thousand one 00:20:51 about eight hours I had two thousand one hundred and twenty six different 00:20:54 hundred and twenty six different 00:20:54 hundred and twenty six different organizations or IP addresses trying to 00:20:57 organizations or IP addresses trying to 00:20:57 organizations or IP addresses trying to attack my system now the firewall did 00:21:01 attack my system now the firewall did 00:21:01 attack my system now the firewall did block those attempts but how often are 00:21:05 block those attempts but how often are 00:21:05 block those attempts but how often are we tempted to just shut off the firewall 00:21:08 we tempted to just shut off the firewall 00:21:08 we tempted to just shut off the firewall for a couple of minutes to see if this 00:21:11 for a couple of minutes to see if this 00:21:11 for a couple of minutes to see if this other application will work well I'm 00:21:14 other application will work well I'm 00:21:14 other application will work well I'm here to tell you that if you do that 00:21:16 here to tell you that if you do that 00:21:16 here to tell you that if you do that there are thousands of devices around 00:21:20 there are thousands of devices around 00:21:20 there are thousands of devices around the world who are constantly even on a 00:21:23 the world who are constantly even on a 00:21:23 the world who are constantly even on a home connection to an ISP they are 00:21:27 home connection to an ISP they are 00:21:27 home connection to an ISP they are constantly looking for any little hole 00:21:30 constantly looking for any little hole 00:21:30 constantly looking for any little hole that might develop it's amazing that 00:21:33 that might develop it's amazing that 00:21:33 that might develop it's amazing that they have that much traffic that it just 00:21:36 they have that much traffic that it just 00:21:36 they have that much traffic that it just is a huge amount of traffic that of 00:21:39 is a huge amount of traffic that of 00:21:39 is a huge amount of traffic that of little attempts on every protocol to 00:21:42 little attempts on every protocol to 00:21:42 little attempts on every protocol to break into your home overnight and and 00:21:44 break into your home overnight and and 00:21:44 break into your home overnight and and as folks go well why don't why doesn't 00:21:47 as folks go well why don't why doesn't 00:21:47 as folks go well why don't why doesn't your internet provider just block all 00:21:49 your internet provider just block all 00:21:49 your internet provider just block all this stuff they they can't because they 00:21:51 this stuff they they can't because they 00:21:51 this stuff they they can't because they don't know whether bill went to that 00:21:53 don't know whether bill went to that 00:21:53 don't know whether bill went to that website or didn't go to that website 00:21:55 website or didn't go to that website 00:21:55 website or didn't go to that website they're delivering an IP packet that 00:21:58 they're delivering an IP packet that 00:21:58 they're delivering an IP packet that says I'm coming from this address I'm 00:22:00 says I'm coming from this address I'm 00:22:00 says I'm coming from this address I'm going to this address and there's a 00:22:02 going to this address and there's a 00:22:02 going to this address and there's a little bit more metadata and things on 00:22:04 little bit more metadata and things on 00:22:04 little bit more metadata and things on there but the Internet service provider 00:22:05 there but the Internet service provider 00:22:05 there but the Internet service provider doesn't know if Bill asked for that 00:22:07 doesn't know if Bill asked for that 00:22:07 doesn't know if Bill asked for that packet be delivered or not exactly so 00:22:10 packet be delivered or not exactly so 00:22:10 packet be delivered or not exactly so they have to allow pretty much 00:22:13 they have to allow pretty much 00:22:13 they have to allow pretty much everything to see what develops of it 00:22:16 everything to see what develops of it 00:22:16 everything to see what develops of it and then if there is a legitimate 00:22:18 and then if there is a legitimate 00:22:18 and then if there is a legitimate connection or even an illegitimate 00:22:21 connection or even an illegitimate 00:22:21 connection or even an illegitimate connection the internet does not check 00:22:23 connection the internet does not check 00:22:23 connection the internet does not check the security of any of the communicators 00:22:27 the security of any of the communicators 00:22:27 the security of any of the communicators on the Internet 00:22:28 on the Internet 00:22:28 on the Internet now in the the those internet 00:22:31 now in the the those internet 00:22:31 now in the the those internet connections are it's just a highway 00:22:34 connections are it's just a highway 00:22:34 connections are it's just a highway system connecting different things if 00:22:36 system connecting different things if 00:22:36 system connecting different things if you think about that Airport analogy 00:22:37 you think about that Airport analogy 00:22:37 you think about that Airport analogy again there's security checkpoints at 00:22:40 again there's security checkpoints at 00:22:40 again there's security checkpoints at the airport all of that every 00:22:41 the airport all of that every 00:22:41 the airport all of that every you fly in if you land another country 00:22:43 you fly in if you land another country 00:22:43 you fly in if you land another country you go through another security 00:22:44 you go through another security 00:22:44 you go through another security checkpoint the internet the airport 00:22:48 checkpoint the internet the airport 00:22:48 checkpoint the internet the airport analogy is useful for explaining the hop 00:22:49 analogy is useful for explaining the hop 00:22:49 analogy is useful for explaining the hop count piece but it's much more like a 00:22:51 count piece but it's much more like a 00:22:51 count piece but it's much more like a highway system like I can get in my car 00:22:53 highway system like I can get in my car 00:22:53 highway system like I can get in my car and I can drive from Texas all the way 00:22:55 and I can drive from Texas all the way 00:22:55 and I can drive from Texas all the way to New York and I don't wanna have to 00:22:58 to New York and I don't wanna have to 00:22:58 to New York and I don't wanna have to stop at a single security checkpoint 00:22:59 stop at a single security checkpoint 00:22:59 stop at a single security checkpoint anywhere along the way and the state of 00:23:01 anywhere along the way and the state of 00:23:01 anywhere along the way and the state of Texas is responsible for the roads here 00:23:04 Texas is responsible for the roads here 00:23:04 Texas is responsible for the roads here and as soon as I cross in Oklahoma 00:23:05 and as soon as I cross in Oklahoma 00:23:05 and as soon as I cross in Oklahoma they're responsible for the roads there 00:23:07 they're responsible for the roads there 00:23:07 they're responsible for the roads there so the internet is set up very much that 00:23:10 so the internet is set up very much that 00:23:10 so the internet is set up very much that way is you you go across on your 00:23:12 way is you you go across on your 00:23:12 way is you you go across on your computer built into any operating system 00:23:15 computer built into any operating system 00:23:15 computer built into any operating system there's a command called traceroute and 00:23:18 there's a command called traceroute and 00:23:18 there's a command called traceroute and you can open up a command prompt and you 00:23:20 you can open up a command prompt and you 00:23:20 you can open up a command prompt and you can use trace router there's even some 00:23:23 can use trace router there's even some 00:23:23 can use trace router there's even some websites that will do trace route stuff 00:23:25 websites that will do trace route stuff 00:23:25 websites that will do trace route stuff for you and you can see the different 00:23:28 for you and you can see the different 00:23:28 for you and you can see the different hops there and if you have the dns 00:23:30 hops there and if you have the dns 00:23:30 hops there and if you have the dns resolution turned on it'll also show you 00:23:33 resolution turned on it'll also show you 00:23:33 resolution turned on it'll also show you the names of all those routers along the 00:23:34 the names of all those routers along the 00:23:34 the names of all those routers along the hop path and you'll be able to see 00:23:36 hop path and you'll be able to see 00:23:36 hop path and you'll be able to see pretty quickly that you go from your ISP 00:23:38 pretty quickly that you go from your ISP 00:23:38 pretty quickly that you go from your ISP to some other ISP to somebody else to 00:23:41 to some other ISP to somebody else to 00:23:41 to some other ISP to somebody else to somebody else before you finally maybe 00:23:43 somebody else before you finally maybe 00:23:43 somebody else before you finally maybe get to the website if you're gonna go 00:23:44 get to the website if you're gonna go 00:23:44 get to the website if you're gonna go shopping at Amazon you might cross three 00:23:46 shopping at Amazon you might cross three 00:23:46 shopping at Amazon you might cross three or four different providers to go from 00:23:48 or four different providers to go from 00:23:48 or four different providers to go from your internet provider at your house to 00:23:51 your internet provider at your house to 00:23:51 your internet provider at your house to a backbone provider or two before you 00:23:52 a backbone provider or two before you 00:23:53 a backbone provider or two before you reach a website exactly I always talk 00:23:56 reach a website exactly I always talk 00:23:56 reach a website exactly I always talk about limiting how far your kids can 00:23:59 about limiting how far your kids can 00:23:59 about limiting how far your kids can drive in your car by reducing the amount 00:24:02 drive in your car by reducing the amount 00:24:02 drive in your car by reducing the amount of fuel or the toll value that you give 00:24:06 of fuel or the toll value that you give 00:24:06 of fuel or the toll value that you give them to go across bridges or row 00:24:08 them to go across bridges or row 00:24:08 them to go across bridges or row and when they when the hop equals zero 00:24:11 and when they when the hop equals zero 00:24:11 and when they when the hop equals zero or the toll equals zero you can't go any 00:24:14 or the toll equals zero you can't go any 00:24:14 or the toll equals zero you can't go any more so you're listening to cyber talk 00:24:17 more so you're listening to cyber talk 00:24:17 more so you're listening to cyber talk radio on 1200 W AI we're gonna go ahead 00:24:20 radio on 1200 W AI we're gonna go ahead 00:24:20 radio on 1200 W AI we're gonna go ahead and take a quick break here at the 00:24:21 and take a quick break here at the 00:24:21 and take a quick break here at the bottom of the hour for these traffic and 00:24:23 bottom of the hour for these traffic and 00:24:23 bottom of the hour for these traffic and weather update and we will be back with 00:24:25 weather update and we will be back with 00:24:25 weather update and we will be back with the CTO of hop zero to keep talking 00:24:28 the CTO of hop zero to keep talking 00:24:28 the CTO of hop zero to keep talking about how to keep data safe and 00:24:31 about how to keep data safe and 00:24:31 about how to keep data safe and protected from exfiltration on the 00:24:34 protected from exfiltration on the 00:24:34 protected from exfiltration on the Internet 00:24:35 Internet 00:24:35 Internet [Music] 00:24:42 00:24:42 [Music] 00:25:03 00:25:03 welcome back to cyber talk radio I'm 00:25:06 welcome back to cyber talk radio I'm 00:25:06 welcome back to cyber talk radio I'm your host Brett paya the 20-year 00:25:08 your host Brett paya the 20-year 00:25:08 your host Brett paya the 20-year internet security veteran joined this 00:25:10 internet security veteran joined this 00:25:10 internet security veteran joined this week by the founder of hop zero bill 00:25:13 week by the founder of hop zero bill 00:25:13 week by the founder of hop zero bill Alderson and we were talking about the 00:25:16 Alderson and we were talking about the 00:25:16 Alderson and we were talking about the novel approach to limiting how far your 00:25:20 novel approach to limiting how far your 00:25:20 novel approach to limiting how far your information can go across the internet 00:25:21 information can go across the internet 00:25:21 information can go across the internet that bill has uncovered and is using to 00:25:25 that bill has uncovered and is using to 00:25:25 that bill has uncovered and is using to help businesses out there now protect 00:25:28 help businesses out there now protect 00:25:28 help businesses out there now protect their data from making it further than 00:25:31 their data from making it further than 00:25:31 their data from making it further than it needs to on the highway that is the 00:25:33 it needs to on the highway that is the 00:25:33 it needs to on the highway that is the Internet thank you for coming down the 00:25:36 Internet thank you for coming down the 00:25:36 Internet thank you for coming down the highway today to join us from Austin 00:25:38 highway today to join us from Austin 00:25:38 highway today to join us from Austin Bill awesome to be here with you Bret 00:25:41 Bill awesome to be here with you Bret 00:25:41 Bill awesome to be here with you Bret it's really nice here and in San Antonia 00:25:45 it's really nice here and in San Antonia 00:25:45 it's really nice here and in San Antonia although I hope it's gonna break through 00:25:47 although I hope it's gonna break through 00:25:47 although I hope it's gonna break through and we might see the Sun today if you're 00:25:50 and we might see the Sun today if you're 00:25:50 and we might see the Sun today if you're just joining us after the bottom of the 00:25:51 just joining us after the bottom of the 00:25:51 just joining us after the bottom of the hour break we're talking about how to 00:25:55 hour break we're talking about how to 00:25:55 hour break we're talking about how to keep things safe and the kind of default 00:25:59 keep things safe and the kind of default 00:25:59 keep things safe and the kind of default operating system settings are one to 00:26:04 operating system settings are one to 00:26:04 operating system settings are one to over-communicate an overshare maybe 00:26:06 over-communicate an overshare maybe 00:26:06 over-communicate an overshare maybe further than you need to you can listen 00:26:08 further than you need to you can listen 00:26:08 further than you need to you can listen to the first half of our program on 00:26:11 to the first half of our program on 00:26:11 to the first half of our program on Tuesday May 15th that will go up on our 00:26:15 Tuesday May 15th that will go up on our 00:26:15 Tuesday May 15th that will go up on our website at wwlp.com you can also find it 00:26:19 website at wwlp.com you can also find it 00:26:19 website at wwlp.com you can also find it on itunes podcasts or on any podcasting 00:26:22 on itunes podcasts or on any podcasting 00:26:22 on itunes podcasts or on any podcasting service on your Android device in this 00:26:25 service on your Android device in this 00:26:25 service on your Android device in this segment of the program how we're gonna 00:26:27 segment of the program how we're gonna 00:26:27 segment of the program how we're gonna talk about some of bills other 00:26:29 talk about some of bills other 00:26:29 talk about some of bills other experiences recently here's a in the 00:26:32 experiences recently here's a in the 00:26:32 experiences recently here's a in the cyber world we have a giant annual 00:26:35 cyber world we have a giant annual 00:26:35 cyber world we have a giant annual conference it's now giant because the 00:26:37 conference it's now giant because the 00:26:37 conference it's now giant because the cybersecurity thing is starting to 00:26:38 cybersecurity thing is starting to 00:26:38 cybersecurity thing is starting to matter to more and more people it's 00:26:40 matter to more and more people it's 00:26:40 matter to more and more people it's called RSA you used to originally be 00:26:43 called RSA you used to originally be 00:26:43 called RSA you used to originally be about a company if you've been in the 00:26:44 about a company if you've been in the 00:26:44 about a company if you've been in the cyber industry for quite a while they 00:26:46 cyber industry for quite a while they 00:26:46 cyber industry for quite a while they made the two-factor authentication 00:26:47 made the two-factor authentication 00:26:47 made the two-factor authentication tokens you might have one from your bank 00:26:49 tokens you might have one from your bank 00:26:49 tokens you might have one from your bank these days you might have one from the 00:26:50 these days you might have one from the 00:26:50 these days you might have one from the VPN service for your company that it's 00:26:54 VPN service for your company that it's 00:26:54 VPN service for your company that it's now that conference is massively 00:26:57 now that conference is massively 00:26:57 now that conference is massively outgrown just multi-factor 00:26:59 outgrown just multi-factor 00:26:59 outgrown just multi-factor authentication so can you share a little 00:27:02 authentication so can you share a little 00:27:02 authentication so can you share a little bit for our listeners that have never 00:27:04 bit for our listeners that have never 00:27:04 bit for our listeners that have never experienced RSA or learn much about it 00:27:07 experienced RSA or learn much about it 00:27:07 experienced RSA or learn much about it what went on out there this year and in 00:27:09 what went on out there this year and in 00:27:09 what went on out there this year and in kind of what's your reason is an 00:27:12 kind of what's your reason is an 00:27:12 kind of what's your reason is an industry professional for visiting 00:27:13 industry professional for visiting 00:27:13 industry professional for visiting something like that RSA is in San 00:27:16 something like that RSA is in San 00:27:16 something like that RSA is in San Francisco at Moscone Center once a year 00:27:19 Francisco at Moscone Center once a year 00:27:19 Francisco at Moscone Center once a year they also have it in other locations 00:27:21 they also have it in other locations 00:27:21 they also have it in other locations around the world but that's by far the 00:27:23 around the world but that's by far the 00:27:23 around the world but that's by far the largest gathering of security 00:27:26 largest gathering of security 00:27:26 largest gathering of security professionals from around the world I 00:27:28 professionals from around the world I 00:27:28 professionals from around the world I went this year to showcase and we were 00:27:32 went this year to showcase and we were 00:27:32 went this year to showcase and we were selected from a large number of 00:27:34 selected from a large number of 00:27:34 selected from a large number of companies to be in the early stage Expo 00:27:38 companies to be in the early stage Expo 00:27:38 companies to be in the early stage Expo where new technology was shown to the 00:27:42 where new technology was shown to the 00:27:42 where new technology was shown to the market and that's why are predominantly 00:27:46 market and that's why are predominantly 00:27:46 market and that's why are predominantly why we went out there this year last 00:27:48 why we went out there this year last 00:27:48 why we went out there this year last year I went as well as just wanting to 00:27:51 year I went as well as just wanting to 00:27:51 year I went as well as just wanting to be more informed to see what the market 00:27:54 be more informed to see what the market 00:27:54 be more informed to see what the market doing to understand new products and 00:27:57 doing to understand new products and 00:27:57 doing to understand new products and services surrounding security thousands 00:28:01 services surrounding security thousands 00:28:01 services surrounding security thousands I think there was 41,000 or more people 00:28:04 I think there was 41,000 or more people 00:28:04 I think there was 41,000 or more people end users technology people who attend 00:28:07 end users technology people who attend 00:28:07 end users technology people who attend the show each year yeah 00:28:10 the show each year yeah 00:28:10 the show each year yeah and for for folks in in San Antonio to 00:28:13 and for for folks in in San Antonio to 00:28:13 and for for folks in in San Antonio to give some size scale scope our 00:28:17 give some size scale scope our 00:28:17 give some size scale scope our Convention Center here holds about 00:28:19 Convention Center here holds about 00:28:19 Convention Center here holds about twenty or twenty five thousand so the 00:28:21 twenty or twenty five thousand so the 00:28:21 twenty or twenty five thousand so the masconi's broken up into multiple 00:28:23 masconi's broken up into multiple 00:28:23 masconi's broken up into multiple convention centers and then that RSA 00:28:25 convention centers and then that RSA 00:28:25 convention centers and then that RSA Conference floods the Convention Center 00:28:27 Conference floods the Convention Center 00:28:27 Conference floods the Convention Center and a bunch of hotel exhibition space 00:28:29 and a bunch of hotel exhibition space 00:28:29 and a bunch of hotel exhibition space there it's a one of the probably five 00:28:34 there it's a one of the probably five 00:28:34 there it's a one of the probably five biggest conferences each year in San 00:28:36 biggest conferences each year in San 00:28:36 biggest conferences each year in San Francisco but it's a huge event all now 00:28:40 Francisco but it's a huge event all now 00:28:40 Francisco but it's a huge event all now tied to cybersecurity from 00:28:45 tied to cybersecurity from 00:28:45 tied to cybersecurity from authentication through to network 00:28:47 authentication through to network 00:28:47 authentication through to network through to application security to to 00:28:49 through to application security to to 00:28:49 through to application security to to everything you can think about so as you 00:28:51 everything you can think about so as you 00:28:51 everything you can think about so as you were out there and you're in this new 00:28:53 were out there and you're in this new 00:28:53 were out there and you're in this new technology expo is there anyone working 00:28:55 technology expo is there anyone working 00:28:55 technology expo is there anyone working on something where you in another area 00:28:57 on something where you in another area 00:28:57 on something where you in another area that you thought was interesting to you 00:28:59 that you thought was interesting to you 00:28:59 that you thought was interesting to you as a practitioner that folks should be 00:29:02 as a practitioner that folks should be 00:29:02 as a practitioner that folks should be checking out I can talk about it 00:29:04 checking out I can talk about it 00:29:04 checking out I can talk about it generally I don't know all the buzz 00:29:05 generally I don't know all the buzz 00:29:05 generally I don't know all the buzz words and terms associated with this but 00:29:08 words and terms associated with this but 00:29:08 words and terms associated with this but this is about taking software that has 00:29:11 this is about taking software that has 00:29:11 this is about taking software that has been written for various operating 00:29:14 been written for various operating 00:29:14 been written for various operating systems and putting it into a non 00:29:18 systems and putting it into a non 00:29:18 systems and putting it into a non operating system environment what they 00:29:21 operating system environment what they 00:29:21 operating system environment what they do is they they take your software and 00:29:23 do is they they take your software and 00:29:23 do is they they take your software and they put it into something that let's 00:29:25 they put it into something that let's 00:29:25 they put it into something that let's say it's supposed to run on Linux or 00:29:27 say it's supposed to run on Linux or 00:29:27 say it's supposed to run on Linux or Windows and it doesn't run on wet Linux 00:29:30 Windows and it doesn't run on wet Linux 00:29:30 Windows and it doesn't run on wet Linux and Windows they take the components 00:29:32 and Windows they take the components 00:29:32 and Windows they take the components needed to only run that application so 00:29:35 needed to only run that application so 00:29:35 needed to only run that application so that the operating system that usually 00:29:38 that the operating system that usually 00:29:38 that the operating system that usually runs your application cannot be hacked 00:29:40 runs your application cannot be hacked 00:29:40 runs your application cannot be hacked by other means and I found that really 00:29:44 by other means and I found that really 00:29:44 by other means and I found that really exciting because that's going to lead to 00:29:47 exciting because that's going to lead to 00:29:47 exciting because that's going to lead to our ability to have software that's not 00:29:50 our ability to have software that's not 00:29:50 our ability to have software that's not on an operating system that has these 00:29:54 on an operating system that has these 00:29:54 on an operating system that has these proclivities to have problems yeah well 00:29:57 proclivities to have problems yeah well 00:29:57 proclivities to have problems yeah well minimizing that attack surface again 00:29:59 minimizing that attack surface again 00:29:59 minimizing that attack surface again just back to the same kind of 00:30:00 just back to the same kind of 00:30:00 just back to the same kind of fundamentals with hobb zero it all the 00:30:03 fundamentals with hobb zero it all the 00:30:03 fundamentals with hobb zero it all the different places you can go through to 00:30:04 different places you can go through to 00:30:04 different places you can go through to minimize attack service you make the job 00:30:07 minimize attack service you make the job 00:30:07 minimize attack service you make the job of the hacker 00:30:07 of the hacker 00:30:07 of the hacker much more difficult job of the bad guy 00:30:09 much more difficult job of the bad guy 00:30:09 much more difficult job of the bad guy and it is jobs these days for for those 00:30:12 and it is jobs these days for for those 00:30:12 and it is jobs these days for for those that think hackers are something like 00:30:13 that think hackers are something like 00:30:13 that think hackers are something like out of a movie see on TV or just 00:30:16 out of a movie see on TV or just 00:30:16 out of a movie see on TV or just wargames these are sadly now 00:30:19 wargames these are sadly now 00:30:19 wargames these are sadly now professional criminal organizations and 00:30:22 professional criminal organizations and 00:30:22 professional criminal organizations and in many cases those professional 00:30:24 in many cases those professional 00:30:24 in many cases those professional criminal organizations run as an 00:30:26 criminal organizations run as an 00:30:26 criminal organizations run as an employer inside the country that they're 00:30:27 employer inside the country that they're 00:30:27 employer inside the country that they're operating in with kind of the country 00:30:31 operating in with kind of the country 00:30:31 operating in with kind of the country turning and looking the other direction 00:30:32 turning and looking the other direction 00:30:32 turning and looking the other direction those countries have employment issues 00:30:36 those countries have employment issues 00:30:36 those countries have employment issues they have salary and wage issues they 00:30:38 they have salary and wage issues they 00:30:38 they have salary and wage issues they have economic issues that make them turn 00:30:41 have economic issues that make them turn 00:30:41 have economic issues that make them turn and look the other way and these 00:30:42 and look the other way and these 00:30:42 and look the other way and these criminal organizations agree to not hack 00:30:44 criminal organizations agree to not hack 00:30:44 criminal organizations agree to not hack businesses inside the country they're 00:30:45 businesses inside the country they're 00:30:45 businesses inside the country they're operating from but they're kind of free 00:30:47 operating from but they're kind of free 00:30:47 operating from but they're kind of free to go hack all across the globe and 00:30:49 to go hack all across the globe and 00:30:49 to go hack all across the globe and because the internet is this big 00:30:52 because the internet is this big 00:30:52 because the internet is this big connected highway system that doesn't 00:30:54 connected highway system that doesn't 00:30:54 connected highway system that doesn't necessarily have security checkpoints 00:30:57 necessarily have security checkpoints 00:30:57 necessarily have security checkpoints there's nothing to stop the folks in 00:31:00 there's nothing to stop the folks in 00:31:00 there's nothing to stop the folks in these different places from going in 00:31:03 these different places from going in 00:31:03 these different places from going in hacking stealing information or locking 00:31:06 hacking stealing information or locking 00:31:06 hacking stealing information or locking systems up for ransom or doing these 00:31:07 systems up for ransom or doing these 00:31:07 systems up for ransom or doing these other things and if you think about a 00:31:09 other things and if you think about a 00:31:09 other things and if you think about a police investigation so from a physical 00:31:12 police investigation so from a physical 00:31:12 police investigation so from a physical if you're a business in San Antonio 00:31:14 if you're a business in San Antonio 00:31:14 if you're a business in San Antonio Texas and somebody came in and kidnapped 00:31:18 Texas and somebody came in and kidnapped 00:31:18 Texas and somebody came in and kidnapped your your staff well they're gonna have 00:31:20 your your staff well they're gonna have 00:31:20 your your staff well they're gonna have to physically be at your office location 00:31:22 to physically be at your office location 00:31:22 to physically be at your office location they're going to have to physically hold 00:31:24 they're going to have to physically hold 00:31:24 they're going to have to physically hold it for ransom they are they're the 00:31:27 it for ransom they are they're the 00:31:27 it for ransom they are they're the police in San Antonio the FBI in San 00:31:29 police in San Antonio the FBI in San 00:31:29 police in San Antonio the FBI in San Antonio whoever could come respond to 00:31:31 Antonio whoever could come respond to 00:31:31 Antonio whoever could come respond to that if your business gets attacked 00:31:35 that if your business gets attacked 00:31:35 that if your business gets attacked across the internet those criminals 00:31:37 across the internet those criminals 00:31:37 across the internet those criminals didn't have to physically be here they 00:31:39 didn't have to physically be here they 00:31:39 didn't have to physically be here they got to virtually be here they got to go 00:31:41 got to virtually be here they got to go 00:31:41 got to virtually be here they got to go 22 hops across the internet to get here 00:31:43 22 hops across the internet to get here 00:31:43 22 hops across the internet to get here and those criminals if you call the 00:31:48 and those criminals if you call the 00:31:48 and those criminals if you call the police here in San Antonio they're gonna 00:31:49 police here in San Antonio they're gonna 00:31:49 police here in San Antonio they're gonna forward to the FBI that's gonna get 00:31:51 forward to the FBI that's gonna get 00:31:51 forward to the FBI that's gonna get forwarded through to Interpol Interpol 00:31:53 forwarded through to Interpol Interpol 00:31:53 forwarded through to Interpol Interpol is gonna go we don't have an agreement 00:31:54 is gonna go we don't have an agreement 00:31:54 is gonna go we don't have an agreement to operate inside of that country and we 00:31:56 to operate inside of that country and we 00:31:56 to operate inside of that country and we can't really do anything to help you so 00:31:58 can't really do anything to help you so 00:31:58 can't really do anything to help you so the you have to do things proactively 00:32:00 the you have to do things proactively 00:32:00 the you have to do things proactively yourself to minimize your risk from some 00:32:04 yourself to minimize your risk from some 00:32:04 yourself to minimize your risk from some of these places and I would love to 00:32:07 of these places and I would love to 00:32:07 of these places and I would love to solve the geopolitical problems of the 00:32:09 solve the geopolitical problems of the 00:32:09 solve the geopolitical problems of the world so that countries didn't have the 00:32:12 world so that countries didn't have the 00:32:12 world so that countries didn't have the incentive to allow these type of 00:32:16 incentive to allow these type of 00:32:16 incentive to allow these type of organizations to operate from within 00:32:17 organizations to operate from within 00:32:17 organizations to operate from within their borders to help their economies 00:32:19 their borders to help their economies 00:32:19 their borders to help their economies but that's a topic for 00:32:21 but that's a topic for 00:32:21 but that's a topic for the program and the thing for another 00:32:22 the program and the thing for another 00:32:22 the program and the thing for another time and while the world is growing up 00:32:26 time and while the world is growing up 00:32:26 time and while the world is growing up in the way it is today we're the onus is 00:32:30 in the way it is today we're the onus is 00:32:30 in the way it is today we're the onus is on us to do things to to protect 00:32:32 on us to do things to to protect 00:32:32 on us to do things to to protect ourselves and another application that 00:32:36 ourselves and another application that 00:32:36 ourselves and another application that had a lot of talk was of course 00:32:40 had a lot of talk was of course 00:32:40 had a lot of talk was of course blockchain and blockchain is the 00:32:43 blockchain and blockchain is the 00:32:43 blockchain and blockchain is the technology the ledger technology behind 00:32:47 technology the ledger technology behind 00:32:47 technology the ledger technology behind Bitcoin and and of course that works 00:32:50 Bitcoin and and of course that works 00:32:50 Bitcoin and and of course that works perfectly for that I ran into an old 00:32:53 perfectly for that I ran into an old 00:32:53 perfectly for that I ran into an old friend of mine Radia Perlman now Radia 00:32:55 friend of mine Radia Perlman now Radia 00:32:55 friend of mine Radia Perlman now Radia was the one if you've ever heard of a 00:32:58 was the one if you've ever heard of a 00:32:58 was the one if you've ever heard of a switch or a layer to switch 00:33:00 switch or a layer to switch 00:33:00 switch or a layer to switch she wrote the protocol that keeps loops 00:33:02 she wrote the protocol that keeps loops 00:33:02 she wrote the protocol that keeps loops from occurring and that's called the 00:33:04 from occurring and that's called the 00:33:04 from occurring and that's called the spanning tree algorithm and Radia is a 00:33:07 spanning tree algorithm and Radia is a 00:33:08 spanning tree algorithm and Radia is a brilliant woman who has when you think 00:33:11 brilliant woman who has when you think 00:33:11 brilliant woman who has when you think of brilliant women in the industry you 00:33:14 of brilliant women in the industry you 00:33:14 of brilliant women in the industry you think of Grace Hopper the Admiral who 00:33:17 think of Grace Hopper the Admiral who 00:33:17 think of Grace Hopper the Admiral who brought a lot of Technology in well 00:33:20 brought a lot of Technology in well 00:33:20 brought a lot of Technology in well Radia is kind of another person another 00:33:24 Radia is kind of another person another 00:33:24 Radia is kind of another person another woman who is seriously brought 00:33:26 woman who is seriously brought 00:33:26 woman who is seriously brought technology in she has just written a 00:33:28 technology in she has just written a 00:33:28 technology in she has just written a white paper claiming that probably 00:33:32 white paper claiming that probably 00:33:32 white paper claiming that probably blockchain isn't a perfect application 00:33:35 blockchain isn't a perfect application 00:33:35 blockchain isn't a perfect application for every kind of use it works good with 00:33:39 for every kind of use it works good with 00:33:39 for every kind of use it works good with Bitcoin but not with the with the other 00:33:44 Bitcoin but not with the with the other 00:33:44 Bitcoin but not with the with the other applications that people are trying to 00:33:46 applications that people are trying to 00:33:46 applications that people are trying to apply it to although it's very 00:33:48 apply it to although it's very 00:33:48 apply it to although it's very interesting so if somebody wants to look 00:33:51 interesting so if somebody wants to look 00:33:51 interesting so if somebody wants to look up and find out a little bit more about 00:33:53 up and find out a little bit more about 00:33:53 up and find out a little bit more about blockchain she has a white paper that 00:33:55 blockchain she has a white paper that 00:33:55 blockchain she has a white paper that she's written out there that basically 00:33:58 she's written out there that basically 00:33:58 she's written out there that basically is the other side of the coin so to 00:34:02 is the other side of the coin so to 00:34:02 is the other side of the coin so to speak yeah and if you follow us on 00:34:05 speak yeah and if you follow us on 00:34:05 speak yeah and if you follow us on Twitter its cyber talk radio we'll get a 00:34:07 Twitter its cyber talk radio we'll get a 00:34:07 Twitter its cyber talk radio we'll get a link to that up probably with the blog 00:34:09 link to that up probably with the blog 00:34:09 link to that up probably with the blog post an episode recap that we will will 00:34:12 post an episode recap that we will will 00:34:12 post an episode recap that we will will do for the program here so definitely 00:34:14 do for the program here so definitely 00:34:14 do for the program here so definitely interesting reading that's blockchains 00:34:17 interesting reading that's blockchains 00:34:17 interesting reading that's blockchains going to be an area with lots of 00:34:18 going to be an area with lots of 00:34:18 going to be an area with lots of innovation there's counties out there 00:34:21 innovation there's counties out there 00:34:21 innovation there's counties out there going to using blockchain based things 00:34:23 going to using blockchain based things 00:34:23 going to using blockchain based things for title searches and for deed history 00:34:25 for title searches and for deed history 00:34:25 for title searches and for deed history and records on property there's some 00:34:27 and records on property there's some 00:34:27 and records on property there's some interesting places that it's going to 00:34:28 interesting places that it's going to 00:34:29 interesting places that it's going to get used and I think that we're gonna 00:34:30 get used and I think that we're gonna 00:34:30 get used and I think that we're gonna see over the next 10 years or 20 years 00:34:32 see over the next 10 years or 20 years 00:34:32 see over the next 10 years or 20 years some places where people use it and 00:34:34 some places where people use it and 00:34:34 some places where people use it and you're going 00:34:35 you're going 00:34:35 you're going look back and go oh they really 00:34:36 look back and go oh they really 00:34:36 look back and go oh they really shouldn't have done that so hopefully 00:34:38 shouldn't have done that so hopefully 00:34:38 shouldn't have done that so hopefully reading her white paper will help some 00:34:40 reading her white paper will help some 00:34:40 reading her white paper will help some folks avoid those decisions that put 00:34:43 folks avoid those decisions that put 00:34:43 folks avoid those decisions that put them down a path of regret later on 00:34:45 them down a path of regret later on 00:34:45 them down a path of regret later on because after you make a technology 00:34:48 because after you make a technology 00:34:48 because after you make a technology choice it's it's often pretty hard to go 00:34:50 choice it's it's often pretty hard to go 00:34:50 choice it's it's often pretty hard to go back and make a wholesale change of 00:34:53 back and make a wholesale change of 00:34:53 back and make a wholesale change of something like that this is why you end 00:34:56 something like that this is why you end 00:34:56 something like that this is why you end up making add-ons and security measures 00:35:01 up making add-ons and security measures 00:35:01 up making add-ons and security measures and controls around the system rather 00:35:03 and controls around the system rather 00:35:03 and controls around the system rather than just replacing the whole system 00:35:04 than just replacing the whole system 00:35:04 than just replacing the whole system itself so it was really exciting to 00:35:07 itself so it was really exciting to 00:35:07 itself so it was really exciting to bring out hop zero and hop sphere radius 00:35:11 bring out hop zero and hop sphere radius 00:35:11 bring out hop zero and hop sphere radius security to the RSA event we received a 00:35:16 security to the RSA event we received a 00:35:16 security to the RSA event we received a lot of interest from Cisco and juniper 00:35:19 lot of interest from Cisco and juniper 00:35:19 lot of interest from Cisco and juniper and Symantec and just a lot of vendors 00:35:23 and Symantec and just a lot of vendors 00:35:23 and Symantec and just a lot of vendors who are amazed that gee this sounds like 00:35:26 who are amazed that gee this sounds like 00:35:26 who are amazed that gee this sounds like an incredibly good idea and they always 00:35:29 an incredibly good idea and they always 00:35:29 an incredibly good idea and they always ask why didn't someone think of this 00:35:32 ask why didn't someone think of this 00:35:32 ask why didn't someone think of this before and then they kind of look at me 00:35:34 before and then they kind of look at me 00:35:34 before and then they kind of look at me curiously to wonder you know why you 00:35:37 curiously to wonder you know why you 00:35:37 curiously to wonder you know why you yeah and they're gonna go back to their 00:35:40 yeah and they're gonna go back to their 00:35:40 yeah and they're gonna go back to their R&D teams and go how did we not patent 00:35:42 R&D teams and go how did we not patent 00:35:42 R&D teams and go how did we not patent this yeah cuz now they can't go do it 00:35:45 this yeah cuz now they can't go do it 00:35:45 this yeah cuz now they can't go do it well they can they just need to call you 00:35:47 well they can they just need to call you 00:35:47 well they can they just need to call you and get a license there you go yes so 00:35:49 and get a license there you go yes so 00:35:49 and get a license there you go yes so bills phone is waiting for your phone 00:35:51 bills phone is waiting for your phone 00:35:51 bills phone is waiting for your phone call at Cisco so as you were out there 00:35:55 call at Cisco so as you were out there 00:35:55 call at Cisco so as you were out there working on this and we're gonna air here 00:35:58 working on this and we're gonna air here 00:35:58 working on this and we're gonna air here in the middle of May on Saturday night 00:36:01 in the middle of May on Saturday night 00:36:01 in the middle of May on Saturday night and there's gonna be some cyber folks 00:36:03 and there's gonna be some cyber folks 00:36:03 and there's gonna be some cyber folks that are probably up right now working 00:36:06 that are probably up right now working 00:36:06 that are probably up right now working well listen to this because they're 00:36:07 well listen to this because they're 00:36:07 well listen to this because they're trying to figure out how to deal with 00:36:08 trying to figure out how to deal with 00:36:08 trying to figure out how to deal with gdpr they're gonna try to figure how to 00:36:10 gdpr they're gonna try to figure how to 00:36:10 gdpr they're gonna try to figure how to deal with the requirements around data 00:36:13 deal with the requirements around data 00:36:13 deal with the requirements around data exfiltration and data notice and the 00:36:15 exfiltration and data notice and the 00:36:15 exfiltration and data notice and the rest of these as I'm thinking through 00:36:18 rest of these as I'm thinking through 00:36:18 rest of these as I'm thinking through this just in my own head sure seems like 00:36:22 this just in my own head sure seems like 00:36:22 this just in my own head sure seems like hop zero and this type of technology is 00:36:24 hop zero and this type of technology is 00:36:24 hop zero and this type of technology is a great way to be able to go back to a 00:36:26 a great way to be able to go back to a 00:36:26 a great way to be able to go back to a regulator and say my hop count on my 00:36:29 regulator and say my hop count on my 00:36:29 regulator and say my hop count on my database server that contains the sense 00:36:30 database server that contains the sense 00:36:30 database server that contains the sense of information is set to one and that 00:36:34 of information is set to one and that 00:36:34 of information is set to one and that means only these direct computers can 00:36:36 means only these direct computers can 00:36:36 means only these direct computers can talk to it it can't go any further than 00:36:38 talk to it it can't go any further than 00:36:38 talk to it it can't go any further than this I have evidence that these systems 00:36:41 this I have evidence that these systems 00:36:41 this I have evidence that these systems are all secured controlled and they have 00:36:44 are all secured controlled and they have 00:36:44 are all secured controlled and they have not been compromised and that means the 00:36:46 not been compromised and that means the 00:36:46 not been compromised and that means the data could not have leaked any further 00:36:48 data could not have leaked any further 00:36:48 data could not have leaked any further than this 00:36:49 than this 00:36:49 than this so like there's from a hack or a data 00:36:51 so like there's from a hack or a data 00:36:51 so like there's from a hack or a data exfiltration perspective the information 00:36:52 exfiltration perspective the information 00:36:52 exfiltration perspective the information couldn't get off of the network and you 00:36:54 couldn't get off of the network and you 00:36:54 couldn't get off of the network and you could go definitively prove that pretty 00:36:56 could go definitively prove that pretty 00:36:56 could go definitively prove that pretty easily exactly and in our effort to 00:36:59 easily exactly and in our effort to 00:36:59 easily exactly and in our effort to determine what the appropriate hop count 00:37:03 determine what the appropriate hop count 00:37:03 determine what the appropriate hop count is we look at every packet that goes in 00:37:06 is we look at every packet that goes in 00:37:06 is we look at every packet that goes in and out of your organization or in and 00:37:09 and out of your organization or in and 00:37:09 and out of your organization or in and out of a data center and we tell you 00:37:12 out of a data center and we tell you 00:37:12 out of a data center and we tell you exactly where your data is going after 00:37:16 exactly where your data is going after 00:37:16 exactly where your data is going after we have mapped out where your data is 00:37:18 we have mapped out where your data is 00:37:18 we have mapped out where your data is going around the globe we sit down with 00:37:21 going around the globe we sit down with 00:37:21 going around the globe we sit down with the data owner of that application who 00:37:24 the data owner of that application who 00:37:24 the data owner of that application who is a gas to see their information 00:37:27 is a gas to see their information 00:37:27 is a gas to see their information exfiltrating to Kazakhstan and other 00:37:30 exfiltrating to Kazakhstan and other 00:37:30 exfiltrating to Kazakhstan and other parts of the globe unbeknownst to anyone 00:37:33 parts of the globe unbeknownst to anyone 00:37:33 parts of the globe unbeknownst to anyone and you know the security people are 00:37:36 and you know the security people are 00:37:36 and you know the security people are doing a really good job trying to watch 00:37:38 doing a really good job trying to watch 00:37:38 doing a really good job trying to watch where your data is going and but it's 00:37:41 where your data is going and but it's 00:37:41 where your data is going and but it's really illustrative to have a map of 00:37:45 really illustrative to have a map of 00:37:45 really illustrative to have a map of where your HR database is going where 00:37:50 where your HR database is going where 00:37:50 where your HR database is going where your particular owned application s AP 00:37:54 your particular owned application s AP 00:37:54 your particular owned application s AP application is going across the internet 00:37:57 application is going across the internet 00:37:57 application is going across the internet and it's it's amazing to see that where 00:38:01 and it's it's amazing to see that where 00:38:01 and it's it's amazing to see that where your data is going and people are aghast 00:38:04 your data is going and people are aghast 00:38:04 your data is going and people are aghast to see that it's traveling to faraway 00:38:06 to see that it's traveling to faraway 00:38:06 to see that it's traveling to faraway locations unbeknownst to them yeah so if 00:38:10 locations unbeknownst to them yeah so if 00:38:10 locations unbeknownst to them yeah so if I wanted to do discovery with Hobbs 0 so 00:38:13 I wanted to do discovery with Hobbs 0 so 00:38:13 I wanted to do discovery with Hobbs 0 so say I just want to understand where my 00:38:14 say I just want to understand where my 00:38:14 say I just want to understand where my information is traveling what does that 00:38:16 information is traveling what does that 00:38:16 information is traveling what does that look like by I call you on the phone and 00:38:18 look like by I call you on the phone and 00:38:18 look like by I call you on the phone and say hey bill can you come out next week 00:38:20 say hey bill can you come out next week 00:38:20 say hey bill can you come out next week and send your team and let's go ahead 00:38:23 and send your team and let's go ahead 00:38:23 and send your team and let's go ahead and do discovery for my my tier 1 00:38:25 and do discovery for my my tier 1 00:38:25 and do discovery for my my tier 1 applications actually it's easier than 00:38:28 applications actually it's easier than 00:38:28 applications actually it's easier than that Brett what we do is we instruct 00:38:31 that Brett what we do is we instruct 00:38:31 that Brett what we do is we instruct your security people to give us just the 00:38:34 your security people to give us just the 00:38:34 your security people to give us just the network headers just the information 00:38:36 network headers just the information 00:38:36 network headers just the information that routes packets they give us that 00:38:40 that routes packets they give us that 00:38:40 that routes packets they give us that information a small snapshot we take it 00:38:44 information a small snapshot we take it 00:38:44 information a small snapshot we take it put it into our mapping system analyze 00:38:47 put it into our mapping system analyze 00:38:47 put it into our mapping system analyze it and then show you on a map where your 00:38:50 it and then show you on a map where your 00:38:50 it and then show you on a map where your data is traveling and when you click on 00:38:52 data is traveling and when you click on 00:38:52 data is traveling and when you click on one of those points it tells you is this 00:38:55 one of those points it tells you is this 00:38:55 one of those points it tells you is this a tour exit node is this an anonymous 00:38:59 a tour exit node is this an anonymous 00:38:59 a tour exit node is this an anonymous VPN all of this type of information 00:39:02 VPN all of this type of information 00:39:02 VPN all of this type of information out that particular point that you're 00:39:04 out that particular point that you're 00:39:04 out that particular point that you're communicating with we also tell you how 00:39:07 communicating with we also tell you how 00:39:07 communicating with we also tell you how much information is exfiltrating out to 00:39:10 much information is exfiltrating out to 00:39:10 much information is exfiltrating out to that point and how much information is 00:39:12 that point and how much information is 00:39:12 that point and how much information is coming in from that point and because we 00:39:14 coming in from that point and because we 00:39:14 coming in from that point and because we have such a performance analysis 00:39:17 have such a performance analysis 00:39:17 have such a performance analysis background we just went ahead and said 00:39:19 background we just went ahead and said 00:39:19 background we just went ahead and said okay well what's the throughput that 00:39:22 okay well what's the throughput that 00:39:22 okay well what's the throughput that this device is sending your data to 00:39:25 this device is sending your data to 00:39:25 this device is sending your data to determine the sophistication level of 00:39:27 determine the sophistication level of 00:39:27 determine the sophistication level of who's hacking you or who's getting into 00:39:30 who's hacking you or who's getting into 00:39:30 who's hacking you or who's getting into your information and we do latency 00:39:32 your information and we do latency 00:39:32 your information and we do latency analysis on all of those so when you 00:39:34 analysis on all of those so when you 00:39:34 analysis on all of those so when you click on one of those points you're 00:39:37 click on one of those points you're 00:39:37 click on one of those points you're presented with a whole bunch of very 00:39:39 presented with a whole bunch of very 00:39:39 presented with a whole bunch of very valuable information about who you are 00:39:41 valuable information about who you are 00:39:41 valuable information about who you are talking to and we have found for 00:39:45 talking to and we have found for 00:39:45 talking to and we have found for instance on some applications just 00:39:49 instance on some applications just 00:39:49 instance on some applications just looking at all the data and we found 00:39:51 looking at all the data and we found 00:39:51 looking at all the data and we found HVAC systems communicating around the 00:39:55 HVAC systems communicating around the 00:39:55 HVAC systems communicating around the world yeah and creating market would 00:39:58 world yeah and creating market would 00:39:58 world yeah and creating market would have liked to know about that a little 00:40:00 have liked to know about that a little 00:40:00 have liked to know about that a little bit sooner yeah for those not hearing my 00:40:02 bit sooner yeah for those not hearing my 00:40:02 bit sooner yeah for those not hearing my joke and it's not really much of a joke 00:40:04 joke and it's not really much of a joke 00:40:04 joke and it's not really much of a joke for those not hearing or understanding 00:40:05 for those not hearing or understanding 00:40:05 for those not hearing or understanding my comment the target the data breach 00:40:09 my comment the target the data breach 00:40:09 my comment the target the data breach there was through their HVAC vendor air 00:40:12 there was through their HVAC vendor air 00:40:12 there was through their HVAC vendor air in their air conditioning and control 00:40:14 in their air conditioning and control 00:40:14 in their air conditioning and control system and it's amazing you know once 00:40:18 system and it's amazing you know once 00:40:18 system and it's amazing you know once the application owner sits down and 00:40:21 the application owner sits down and 00:40:21 the application owner sits down and looks at that's at where your data is 00:40:23 looks at that's at where your data is 00:40:23 looks at that's at where your data is going the then what that does is it 00:40:27 going the then what that does is it 00:40:27 going the then what that does is it allows the application owner of that 00:40:29 allows the application owner of that 00:40:29 allows the application owner of that information to sit down with the 00:40:32 information to sit down with the 00:40:32 information to sit down with the security people and to begin to mitigate 00:40:34 security people and to begin to mitigate 00:40:34 security people and to begin to mitigate where that data is going because if you 00:40:37 where that data is going because if you 00:40:37 where that data is going because if you think about it the security people are 00:40:40 think about it the security people are 00:40:40 think about it the security people are in darkened rooms looking through logs 00:40:42 in darkened rooms looking through logs 00:40:42 in darkened rooms looking through logs looking at Splunk data looking at log 00:40:44 looking at Splunk data looking at log 00:40:44 looking at Splunk data looking at log data trying to determine where your data 00:40:46 data trying to determine where your data 00:40:46 data trying to determine where your data is going but they don't always know 00:40:48 is going but they don't always know 00:40:48 is going but they don't always know where it is supposed to go and not 00:40:50 where it is supposed to go and not 00:40:50 where it is supposed to go and not supposed to go who knows that the 00:40:53 supposed to go who knows that the 00:40:53 supposed to go who knows that the application data owner knows that so we 00:40:56 application data owner knows that so we 00:40:56 application data owner knows that so we present our maps to those owners of 00:40:58 present our maps to those owners of 00:40:58 present our maps to those owners of information the business people and say 00:41:00 information the business people and say 00:41:00 information the business people and say this is where your data is going and 00:41:02 this is where your data is going and 00:41:02 this is where your data is going and what that does is magically begin to get 00:41:06 what that does is magically begin to get 00:41:06 what that does is magically begin to get the people with the money and the 00:41:08 the people with the money and the 00:41:08 the people with the money and the influence and the business units into 00:41:11 influence and the business units into 00:41:11 influence and the business units into the security space helping the security 00:41:13 the security space helping the security 00:41:13 the security space helping the security people and funding those 00:41:16 people and funding those 00:41:16 people and funding those initiatives to go about mitigating this 00:41:19 initiatives to go about mitigating this 00:41:19 initiatives to go about mitigating this data traveling to places beyond where 00:41:22 data traveling to places beyond where 00:41:22 data traveling to places beyond where they care for it to be traveling yeah no 00:41:25 they care for it to be traveling yeah no 00:41:25 they care for it to be traveling yeah no it'll be interesting to see with the the 00:41:27 it'll be interesting to see with the the 00:41:27 it'll be interesting to see with the the size of the fines on GDP our how this 00:41:32 size of the fines on GDP our how this 00:41:32 size of the fines on GDP our how this changes some of the business risk 00:41:33 changes some of the business risk 00:41:33 changes some of the business risk decisions cuz I think if you go look I 00:41:37 decisions cuz I think if you go look I 00:41:37 decisions cuz I think if you go look I mean what I've heard on the the Equifax 00:41:39 mean what I've heard on the the Equifax 00:41:39 mean what I've heard on the the Equifax breach has cost two hundred and fifty 00:41:41 breach has cost two hundred and fifty 00:41:41 breach has cost two hundred and fifty million dollars they've gone they've 00:41:44 million dollars they've gone they've 00:41:44 million dollars they've gone they've blown their insurance policy out of the 00:41:45 blown their insurance policy out of the 00:41:45 blown their insurance policy out of the water they've been on the hook for a big 00:41:47 water they've been on the hook for a big 00:41:47 water they've been on the hook for a big chunk of that themselves but many of 00:41:51 chunk of that themselves but many of 00:41:51 chunk of that themselves but many of these data breaches end up being twenty 00:41:53 these data breaches end up being twenty 00:41:53 these data breaches end up being twenty thirty fifty million dollars and if 00:41:55 thirty fifty million dollars and if 00:41:55 thirty fifty million dollars and if you're a multinational many billion 00:41:58 you're a multinational many billion 00:41:58 you're a multinational many billion dollar revenue company you sadly enough 00:42:01 dollar revenue company you sadly enough 00:42:01 dollar revenue company you sadly enough we have ended up with ten million dollar 00:42:03 we have ended up with ten million dollar 00:42:03 we have ended up with ten million dollar mistakes on a fairly regular basis and 00:42:05 mistakes on a fairly regular basis and 00:42:05 mistakes on a fairly regular basis and you have to just kind of take that as 00:42:07 you have to just kind of take that as 00:42:07 you have to just kind of take that as part of doing business but now with the 00:42:10 part of doing business but now with the 00:42:10 part of doing business but now with the GDP are I mean we looking at potentially 00:42:14 GDP are I mean we looking at potentially 00:42:14 GDP are I mean we looking at potentially billion dollar fines for this and I 00:42:18 billion dollar fines for this and I 00:42:18 billion dollar fines for this and I think every company in the world looks 00:42:21 think every company in the world looks 00:42:21 think every company in the world looks at a billion dollars and that's still a 00:42:22 at a billion dollars and that's still a 00:42:22 at a billion dollars and that's still a real number even Apple and and to to 00:42:26 real number even Apple and and to to 00:42:26 real number even Apple and and to to build on that GDP are they will they 00:42:31 build on that GDP are they will they 00:42:31 build on that GDP are they will they have the ability to assess up to four 00:42:34 have the ability to assess up to four 00:42:34 have the ability to assess up to four percent of your global revenue gross 00:42:37 percent of your global revenue gross 00:42:37 percent of your global revenue gross revenue not net revenue which is an 00:42:40 revenue not net revenue which is an 00:42:40 revenue not net revenue which is an amazing amount so in our product when 00:42:44 amazing amount so in our product when 00:42:44 amazing amount so in our product when you get one of the maps that your data 00:42:47 you get one of the maps that your data 00:42:47 you get one of the maps that your data is is is represented as two going or 00:42:50 is is is represented as two going or 00:42:50 is is is represented as two going or coming from we have a button you click 00:42:52 coming from we have a button you click 00:42:52 coming from we have a button you click GDP are and guess what it shows you all 00:42:56 GDP are and guess what it shows you all 00:42:56 GDP are and guess what it shows you all the places on the map that you need to 00:42:59 the places on the map that you need to 00:42:59 the places on the map that you need to apply and make certain any data that you 00:43:02 apply and make certain any data that you 00:43:02 apply and make certain any data that you are getting from that nation you are 00:43:04 are getting from that nation you are 00:43:04 are getting from that nation you are treating appropriately for the GDP our 00:43:07 treating appropriately for the GDP our 00:43:07 treating appropriately for the GDP our rules so you can provide visibility to 00:43:09 rules so you can provide visibility to 00:43:09 rules so you can provide visibility to that as well exactly any port or 00:43:12 that as well exactly any port or 00:43:12 that as well exactly any port or protocol a lot of people look at it and 00:43:14 protocol a lot of people look at it and 00:43:14 protocol a lot of people look at it and say we've been trying to get SSL on all 00:43:18 say we've been trying to get SSL on all 00:43:18 say we've been trying to get SSL on all of our web servers and throughout our 00:43:20 of our web servers and throughout our 00:43:20 of our web servers and throughout our entire company and then they'll find 00:43:23 entire company and then they'll find 00:43:23 entire company and then they'll find that port 80 which is the HTTP protocol 00:43:26 that port 80 which is the HTTP protocol 00:43:26 that port 80 which is the HTTP protocol is open 00:43:27 is open 00:43:27 is open well you click a button and it will 00:43:29 well you click a button and it will 00:43:29 well you click a button and it will show you where all your port 80 is going 00:43:31 show you where all your port 80 is going 00:43:31 show you where all your port 80 is going around the world and also how much 00:43:34 around the world and also how much 00:43:34 around the world and also how much information is going out and how much is 00:43:37 information is going out and how much is 00:43:37 information is going out and how much is getting in by each pier going in and out 00:43:42 getting in by each pier going in and out 00:43:42 getting in by each pier going in and out of your organization they say and you 00:43:44 of your organization they say and you 00:43:44 of your organization they say and you can probably speak more highly on this 00:43:47 can probably speak more highly on this 00:43:48 can probably speak more highly on this than I that it takes about two hundred 00:43:50 than I that it takes about two hundred 00:43:50 than I that it takes about two hundred and fifty days to find that you've been 00:43:53 and fifty days to find that you've been 00:43:53 and fifty days to find that you've been infiltrated and so the hacker is sitting 00:43:56 infiltrated and so the hacker is sitting 00:43:56 infiltrated and so the hacker is sitting there having a field day for 250 days I 00:43:59 there having a field day for 250 days I 00:44:00 there having a field day for 250 days I mean that's just under a year that they 00:44:02 mean that's just under a year that they 00:44:02 mean that's just under a year that they are having free rein and by looking at 00:44:05 are having free rein and by looking at 00:44:05 are having free rein and by looking at where your data is going and getting the 00:44:08 where your data is going and getting the 00:44:08 where your data is going and getting the end user involved it very rapidly starts 00:44:12 end user involved it very rapidly starts 00:44:12 end user involved it very rapidly starts to mitigate and it's not only on the 00:44:14 to mitigate and it's not only on the 00:44:14 to mitigate and it's not only on the shoulder of all the security people 00:44:16 shoulder of all the security people 00:44:16 shoulder of all the security people thousands of security people are trying 00:44:19 thousands of security people are trying 00:44:19 thousands of security people are trying to figure out what to do but they need 00:44:21 to figure out what to do but they need 00:44:21 to figure out what to do but they need some input they need some help from the 00:44:24 some input they need some help from the 00:44:24 some input they need some help from the data owners by looking at where their 00:44:26 data owners by looking at where their 00:44:26 data owners by looking at where their data is going and giving them 00:44:28 data is going and giving them 00:44:28 data is going and giving them information and saying no it shouldn't 00:44:30 information and saying no it shouldn't 00:44:30 information and saying no it shouldn't go here and yes it should go there yeah 00:44:33 go here and yes it should go there yeah 00:44:33 go here and yes it should go there yeah that the interestingly enough you would 00:44:35 that the interestingly enough you would 00:44:35 that the interestingly enough you would think it's good news that the average on 00:44:37 think it's good news that the average on 00:44:37 think it's good news that the average on the amount of time it's taking a 00:44:39 the amount of time it's taking a 00:44:39 the amount of time it's taking a business to detect it's been hacked is 00:44:41 business to detect it's been hacked is 00:44:41 business to detect it's been hacked is going down you're like well this is 00:44:43 going down you're like well this is 00:44:43 going down you're like well this is great we're doing good work well what it 00:44:45 great we're doing good work well what it 00:44:45 great we're doing good work well what it turns out is that that number is going 00:44:47 turns out is that that number is going 00:44:47 turns out is that that number is going down because of ransomware as you find 00:44:50 down because of ransomware as you find 00:44:50 down because of ransomware as you find out immediately that you've been hacked 00:44:52 out immediately that you've been hacked 00:44:52 out immediately that you've been hacked when the pop-up shows up on your 00:44:53 when the pop-up shows up on your 00:44:53 when the pop-up shows up on your computer screen so there's all these 00:44:55 computer screen so there's all these 00:44:55 computer screen so there's all these data points now that are it one day 00:44:57 data points now that are it one day 00:44:57 data points now that are it one day immediately you've been discovered in 00:44:59 immediately you've been discovered in 00:44:59 immediately you've been discovered in one day that you've been hacked 00:45:00 one day that you've been hacked 00:45:00 one day that you've been hacked so that numbers down to about six months 00:45:02 so that numbers down to about six months 00:45:02 so that numbers down to about six months on average still even with all of those 00:45:04 on average still even with all of those 00:45:04 on average still even with all of those ransomware pop-ups out there it's still 00:45:06 ransomware pop-ups out there it's still 00:45:06 ransomware pop-ups out there it's still taking an average of six months and 00:45:08 taking an average of six months and 00:45:08 taking an average of six months and we've had on Chris Garrett's who used to 00:45:11 we've had on Chris Garrett's who used to 00:45:11 we've had on Chris Garrett's who used to be in the the US Air Force doing malware 00:45:13 be in the the US Air Force doing malware 00:45:13 be in the the US Air Force doing malware hunting and network reconnaissance and 00:45:16 hunting and network reconnaissance and 00:45:16 hunting and network reconnaissance and so he talked about hunt and trying to go 00:45:20 so he talked about hunt and trying to go 00:45:20 so he talked about hunt and trying to go find attackers that are already in your 00:45:22 find attackers that are already in your 00:45:22 find attackers that are already in your network and I mean I think something 00:45:25 network and I mean I think something 00:45:25 network and I mean I think something like what y'all are doing with Hobbs 00:45:26 like what y'all are doing with Hobbs 00:45:26 like what y'all are doing with Hobbs zero is - they're gonna get in sadly 00:45:29 zero is - they're gonna get in sadly 00:45:29 zero is - they're gonna get in sadly enough and anything you can do to slow 00:45:31 enough and anything you can do to slow 00:45:31 enough and anything you can do to slow them down to make their life more 00:45:32 them down to make their life more 00:45:32 them down to make their life more difficult to make their life more 00:45:34 difficult to make their life more 00:45:34 difficult to make their life more complicated it will increase your odds - 00:45:39 complicated it will increase your odds - 00:45:39 complicated it will increase your odds - that you are able to successfully 00:45:41 that you are able to successfully 00:45:41 that you are able to successfully mitigate and 00:45:42 mitigate and 00:45:42 mitigate and cuz if you go on like the physical 00:45:44 cuz if you go on like the physical 00:45:44 cuz if you go on like the physical person an analogy if if I go next door 00:45:47 person an analogy if if I go next door 00:45:47 person an analogy if if I go next door into a high-rise office building and I 00:45:49 into a high-rise office building and I 00:45:49 into a high-rise office building and I start walking around floor to floor I 00:45:51 start walking around floor to floor I 00:45:51 start walking around floor to floor I probably can get over there I can 00:45:53 probably can get over there I can 00:45:53 probably can get over there I can tailgate somebody through a door I can 00:45:55 tailgate somebody through a door I can 00:45:55 tailgate somebody through a door I can get in and I can wander around the 00:45:57 get in and I can wander around the 00:45:57 get in and I can wander around the building but am I really gonna be able 00:45:58 building but am I really gonna be able 00:45:58 building but am I really gonna be able to grab somebody's laptop or some other 00:46:00 to grab somebody's laptop or some other 00:46:00 to grab somebody's laptop or some other sensitive records and get out of the 00:46:02 sensitive records and get out of the 00:46:02 sensitive records and get out of the building before anybody notices 00:46:03 building before anybody notices 00:46:03 building before anybody notices hopefully not but the longer I'm allowed 00:46:06 hopefully not but the longer I'm allowed 00:46:06 hopefully not but the longer I'm allowed to wander around and the the fewer 00:46:08 to wander around and the the fewer 00:46:08 to wander around and the the fewer locked doors you have if you don't have 00:46:10 locked doors you have if you don't have 00:46:10 locked doors you have if you don't have laptop chains locking the laptops down 00:46:12 laptop chains locking the laptops down 00:46:12 laptop chains locking the laptops down to desks and those sorts of things the 00:46:14 to desks and those sorts of things the 00:46:14 to desks and those sorts of things the easier it's gonna be for me to steal a 00:46:16 easier it's gonna be for me to steal a 00:46:16 easier it's gonna be for me to steal a laptop if I had a chain lock down to the 00:46:19 laptop if I had a chain lock down to the 00:46:19 laptop if I had a chain lock down to the desk I've gotta have bolt cutters with 00:46:20 desk I've gotta have bolt cutters with 00:46:20 desk I've gotta have bolt cutters with him if I don't have bolt cutters well I 00:46:22 him if I don't have bolt cutters well I 00:46:22 him if I don't have bolt cutters well I just failed on that attempt I gotta come 00:46:23 just failed on that attempt I gotta come 00:46:23 just failed on that attempt I gotta come back with them again tomorrow so all the 00:46:25 back with them again tomorrow so all the 00:46:25 back with them again tomorrow so all the things you can do digitally to make it 00:46:27 things you can do digitally to make it 00:46:27 things you can do digitally to make it more difficult for the attackers is 00:46:29 more difficult for the attackers is 00:46:29 more difficult for the attackers is important each one of these adds up to 00:46:31 important each one of these adds up to 00:46:31 important each one of these adds up to increasing the likelihood that they get 00:46:33 increasing the likelihood that they get 00:46:33 increasing the likelihood that they get caught or they give up and they move on 00:46:35 caught or they give up and they move on 00:46:35 caught or they give up and they move on to an easier target and one of the 00:46:37 to an easier target and one of the 00:46:37 to an easier target and one of the troubles is the social engineering 00:46:38 troubles is the social engineering 00:46:38 troubles is the social engineering aspect like you talked about of sending 00:46:42 aspect like you talked about of sending 00:46:42 aspect like you talked about of sending in phishing and spear phishing where 00:46:46 in phishing and spear phishing where 00:46:46 in phishing and spear phishing where they send you an email and it looks like 00:46:48 they send you an email and it looks like 00:46:48 they send you an email and it looks like your bank it looks like your boss it 00:46:50 your bank it looks like your boss it 00:46:50 your bank it looks like your boss it looks like your friend and you click on 00:46:52 looks like your friend and you click on 00:46:52 looks like your friend and you click on that and boom you're going to North 00:46:55 that and boom you're going to North 00:46:55 that and boom you're going to North Korea and you're gonna get compromised 00:46:57 Korea and you're gonna get compromised 00:46:57 Korea and you're gonna get compromised well part of what Hobbs zero hop sphere 00:47:00 well part of what Hobbs zero hop sphere 00:47:00 well part of what Hobbs zero hop sphere radius security does is lower those 00:47:03 radius security does is lower those 00:47:03 radius security does is lower those number of hops that devices are able to 00:47:06 number of hops that devices are able to 00:47:06 number of hops that devices are able to go and for instance a lot of people use 00:47:09 go and for instance a lot of people use 00:47:09 go and for instance a lot of people use proxy servers in order to protect 00:47:12 proxy servers in order to protect 00:47:12 proxy servers in order to protect information that users are you know 00:47:16 information that users are you know 00:47:16 information that users are you know clicking on things but what happens is 00:47:19 clicking on things but what happens is 00:47:19 clicking on things but what happens is it goes out and it can go out around the 00:47:22 it goes out and it can go out around the 00:47:22 it goes out and it can go out around the world well where do hackers hide their 00:47:25 world well where do hackers hide their 00:47:25 world well where do hackers hide their yes they are in the United States 00:47:27 yes they are in the United States 00:47:27 yes they are in the United States they're in other locations but they work 00:47:30 they're in other locations but they work 00:47:30 they're in other locations but they work with impunity when they are beyond the 00:47:33 with impunity when they are beyond the 00:47:33 with impunity when they are beyond the border when they are beyond the rule of 00:47:36 border when they are beyond the rule of 00:47:36 border when they are beyond the rule of law and so what we try to do is lower 00:47:39 law and so what we try to do is lower 00:47:39 law and so what we try to do is lower your risk to those Deep Web people 00:47:43 your risk to those Deep Web people 00:47:43 your risk to those Deep Web people beyond the rule of law from simply just 00:47:45 beyond the rule of law from simply just 00:47:45 beyond the rule of law from simply just donning a little tool that they 00:47:48 donning a little tool that they 00:47:48 donning a little tool that they downloaded that has the NSA toolkit or 00:47:51 downloaded that has the NSA toolkit or 00:47:51 downloaded that has the NSA toolkit or the CIA toolkit on it and they just 00:47:53 the CIA toolkit on it and they just 00:47:53 the CIA toolkit on it and they just start pummeling 00:47:55 start pummeling 00:47:55 start pummeling your devices when you've lowered your 00:47:57 your devices when you've lowered your 00:47:57 your devices when you've lowered your hop count they can't connect to you and 00:48:00 hop count they can't connect to you and 00:48:00 hop count they can't connect to you and you can't even get a login prompt in 00:48:03 you can't even get a login prompt in 00:48:03 you can't even get a login prompt in order to use trying to crack a password 00:48:06 order to use trying to crack a password 00:48:06 order to use trying to crack a password so it's really very powerful yeah so we 00:48:11 so it's really very powerful yeah so we 00:48:11 so it's really very powerful yeah so we were talking during that bottom of the 00:48:12 were talking during that bottom of the 00:48:12 were talking during that bottom of the hour break about an animation or website 00:48:15 hour break about an animation or website 00:48:15 hour break about an animation or website I know I've used a couple of analogies 00:48:16 I know I've used a couple of analogies 00:48:16 I know I've used a couple of analogies here during the program but there's an 00:48:19 here during the program but there's an 00:48:19 here during the program but there's an animated video on the hob Xero website 00:48:23 animated video on the hob Xero website 00:48:23 animated video on the hob Xero website that goes through some of this in some 00:48:25 that goes through some of this in some 00:48:25 that goes through some of this in some more detail folks wanted to go visit 00:48:26 more detail folks wanted to go visit 00:48:26 more detail folks wanted to go visit your website and check that video out 00:48:27 your website and check that video out 00:48:28 your website and check that video out where would they go Haupt zero com 00:48:30 where would they go Haupt zero com 00:48:30 where would they go Haupt zero com so bill for the kids that are in our 00:48:33 so bill for the kids that are in our 00:48:33 so bill for the kids that are in our audience a CyberPatriot we have a lot of 00:48:34 audience a CyberPatriot we have a lot of 00:48:34 audience a CyberPatriot we have a lot of folks doing that that listen out here 00:48:36 folks doing that that listen out here 00:48:36 folks doing that that listen out here but should they worry that we're gonna 00:48:38 but should they worry that we're gonna 00:48:38 but should they worry that we're gonna solve all of the cybersecurity problem 00:48:40 solve all of the cybersecurity problem 00:48:40 solve all of the cybersecurity problem before they graduate from high school I 00:48:41 before they graduate from high school I 00:48:41 before they graduate from high school I think their future is secure yeah 00:48:44 think their future is secure yeah 00:48:44 think their future is secure yeah however in the future right now 00:48:47 however in the future right now 00:48:47 however in the future right now hop zero is working on securing the 00:48:50 hop zero is working on securing the 00:48:50 hop zero is working on securing the enterprise but our technology works in 00:48:53 enterprise but our technology works in 00:48:53 enterprise but our technology works in the home as well so if you have a ot 00:48:55 the home as well so if you have a ot 00:48:55 the home as well so if you have a ot gear for instance your refrigerator your 00:48:59 gear for instance your refrigerator your 00:48:59 gear for instance your refrigerator your thermostat your Barbie doll your Dino 00:49:02 thermostat your Barbie doll your Dino 00:49:02 thermostat your Barbie doll your Dino toy they're all in your house they can 00:49:07 toy they're all in your house they can 00:49:07 toy they're all in your house they can connect into the middle of the Internet 00:49:10 connect into the middle of the Internet 00:49:10 connect into the middle of the Internet and once they do that they can have a 00:49:12 and once they do that they can have a 00:49:12 and once they do that they can have a back door back into your network by 00:49:14 back door back into your network by 00:49:14 back door back into your network by limiting the hop count of IOT gear 00:49:18 limiting the hop count of IOT gear 00:49:18 limiting the hop count of IOT gear that's commercial or whether it's home 00:49:22 that's commercial or whether it's home 00:49:22 that's commercial or whether it's home you can keep those devices inside your 00:49:26 you can keep those devices inside your 00:49:26 you can keep those devices inside your home and limit how far data travels and 00:49:30 home and limit how far data travels and 00:49:30 home and limit how far data travels and keep that data in your home thank you 00:49:33 keep that data in your home thank you 00:49:33 keep that data in your home thank you very much for joining us 00:49:34 very much for joining us 00:49:34 very much for joining us and thank you for doing your part to 00:49:36 and thank you for doing your part to 00:49:36 and thank you for doing your part to make the internet a safer place 00:49:42 00:49:42 [Music] 00:49:48 00:49:48 you