Artwork for podcast 10 Questions to Cyber Resilience
Breaking down the infamous Uber, Cisco and LastPass breaches, with David Lindstrom
Episode 225th October 2023 • 10 Questions to Cyber Resilience • Assurance IT
00:00:00 00:25:19

Share Episode

Shownotes

Assurance IT invited Identify and Deception Specialist, David Lindstrom, from SentinelOne, to chat about how unsophisticated attacks breached high-profile companies like Uber, Cisco, and LastPass.

 

In this episode, David Lindstrom and co-founder of Assurance IT, Luigi Tiano, answer the following questions: 

  1. Do you need someone with high credentials to hack a system?
  2. Is Active Directory good at protecting the enterprise?
  3. Is it possible to understand the full scope of a data breach?
  4. What is a honey pot?
  5. Can you buy credentials on the dark web?
  6. How do you prevent an employee from being a target of social phishing?
  7. Is there a golden rule for creating a safe password?
  8. How do you avoid being the softest target for dark web credentials?
  9. What does it mean to secure your identity in an enterprise?

 

Resources: 

Watch the episode: https://youtu.be/9zs2MzInI50

David Lindstrom's LinkedIn: https://www.linkedin.com/in/davidlindstrom/

SentinelOne's website: https://www.sentinelone.com/

Luigi Tiano’s LinkedIn: https://www.linkedin.com/in/luigitiano/

Assurance IT Website: http://www.assuranceit.ca/

 


 

About David Lindstrom: 

Passionate cybersecurity sales professional focused on successful security and business outcomes. I’ve had the pleasure of working on behalf of enterprise and educational organizations across industries and have excelled in the role of start-up evangelist, team leader, and practice expert for established companies.




About 10 Questions to Cyber Resilience: 

Twice per month, learn about how IT leaders are strengthening their cyber security practices. Every episode comprises of 10 questions that get you one step closer to cyber resilience. Subscribe to stay up-to-date with hot topics in cyber security. 

 


About Assurance IT: 

Assurance IT (www.assuranceit.ca) specializes in data protection and data privacy for the mid-market in Canada, since 2011. The Montreal-based company’s unique approach to helping customers become cyber resilient is called the PPR Methodology which stands for Prepare, Protect and Recover. Based on industry best practices, the PPR Methodology is an easier way to achieve cyber security and compliance objectives.

Transcripts

Luigi Tiano:

Good morning

Luigi Tiano:

everyone, happy to be here this

Luigi Tiano:

morning with a friend of ours

Luigi Tiano:

from SentinelOne, David Lindstrom.

Luigi Tiano:

Before we get started, we have

Luigi Tiano:

some really good content and

Luigi Tiano:

really good questions to ask Dave.

Luigi Tiano:

But I want Dave to give us

Luigi Tiano:

a bit of an introduction

Luigi Tiano:

on himself, his expertise.

Luigi Tiano:

Dave, tell us where you

Luigi Tiano:

work and what you're doing

Luigi Tiano:

today with SentinelOne.

David Lindstrom:

Yeah.

David Lindstrom:

Thanks Luigi.

David Lindstrom:

It's a pleasure to be here.

David Lindstrom:

So I'm an identity and deception

David Lindstrom:

specialist for SentinelOne, and

David Lindstrom:

I joined SentinelOne via the

David Lindstrom:

Attivo acquisition last May.

David Lindstrom:

And what's interesting about

David Lindstrom:

those two things is Attivo

David Lindstrom:

started as a deception company

David Lindstrom:

and in the process of following

David Lindstrom:

the attacker's evolution and

David Lindstrom:

staying one step ahead, that

David Lindstrom:

really evolved into protecting

David Lindstrom:

the identity infrastructures

David Lindstrom:

because that's where the action

David Lindstrom:

happens, and we're seeing

David Lindstrom:

that more and more these days.

Luigi Tiano:

Yeah.

Luigi Tiano:

It's interesting you say that the

Luigi Tiano:

identity protection is becoming a

Luigi Tiano:

huge conversation with our clients.

Luigi Tiano:

It's always been there, right?

Luigi Tiano:

But we see more of a

Luigi Tiano:

conversation around it.

Luigi Tiano:

Before it was taboo to talk

Luigi Tiano:

about it because it, we

Luigi Tiano:

thought it never happened, but

Luigi Tiano:

the attack surface is huge.

Luigi Tiano:

And there's so many

Luigi Tiano:

angles to cover.

Luigi Tiano:

So yeah, I'm really excited to

Luigi Tiano:

have you on and I appreciate

Luigi Tiano:

your time cause I know you're

Luigi Tiano:

very busy, especially nowadays.

Luigi Tiano:

So tell us a little bit

Luigi Tiano:

about SentinelOne just

Luigi Tiano:

before we get into it.

Luigi Tiano:

The product that you

Luigi Tiano:

support at SentinelOne and

Luigi Tiano:

you deliver for clients.

David Lindstrom:

Yep.

David Lindstrom:

As the identity specialist, we

David Lindstrom:

focus on protecting organizations

David Lindstrom:

from identity compromise reducing

David Lindstrom:

the attack surface detecting

David Lindstrom:

identity attacks early in the

David Lindstrom:

recon stage so they can, reduce

David Lindstrom:

the blast radius, improve time to

David Lindstrom:

recovery, improve the fidelity of

David Lindstrom:

a lerts around identity compromise.

David Lindstrom:

So it's very complimentary

David Lindstrom:

to the overall SentinelOne

David Lindstrom:

approach, which, involves

David Lindstrom:

endpoint and XDR security.

Luigi Tiano:

Awesome.

Luigi Tiano:

Awesome.

Luigi Tiano:

Thank you for that.

Luigi Tiano:

So today we're gonna talk about

Luigi Tiano:

some companies who've gotten hacked

Luigi Tiano:

specifically around, identity.

Luigi Tiano:

Two high profile attacks

Luigi Tiano:

that we saw late last

Luigi Tiano:

year were Uber and Cisco.

Luigi Tiano:

So if you can double click on

Luigi Tiano:

those, they often sound very

Luigi Tiano:

sophisticated, but can you

Luigi Tiano:

tell us a little bit about how

Luigi Tiano:

unsophisticated those attacks

Luigi Tiano:

were and what the impact

Luigi Tiano:

was to both Uber and Cisco?

David Lindstrom:

Yeah.

David Lindstrom:

Luigi, these are two really good

David Lindstrom:

examples of, unsophisticated

David Lindstrom:

attacks that leveraged identity

David Lindstrom:

in the initial breach phase.

David Lindstrom:

Identity has always been page

David Lindstrom:

one and one a of the attacker

David Lindstrom:

playbook on a post breach basis.

David Lindstrom:

So they're gonna go after

David Lindstrom:

active directory to try

David Lindstrom:

to get domain privilege.

David Lindstrom:

They're gonna try to

David Lindstrom:

enumerate active directory.

David Lindstrom:

They're gonna try to

David Lindstrom:

dump local credentials.

David Lindstrom:

That's just what they do.

David Lindstrom:

But increasingly we're

David Lindstrom:

seeing that identity is

David Lindstrom:

the initial breach vector.

David Lindstrom:

And in the case of Uber,

David Lindstrom:

this was an 18 year old who

David Lindstrom:

bought an Uber employee's

David Lindstrom:

credentials on the dark web.

David Lindstrom:

Then created an MFA storm,

David Lindstrom:

basically blasted him with MFA

David Lindstrom:

requests until he finally relented.

David Lindstrom:

And that allowed

David Lindstrom:

him to gain access.

David Lindstrom:

From there it was a more

David Lindstrom:

traditional, attack profile.

David Lindstrom:

So scan the internet find

David Lindstrom:

PowerShell scripts that include

David Lindstrom:

PAM privileges and as a privileged

David Lindstrom:

user within the pam find

David Lindstrom:

sensitive data that you can use.

David Lindstrom:

And, in both the case of Uber

David Lindstrom:

and Cisco, it's not so much about

David Lindstrom:

the sensitivity or the value

David Lindstrom:

of the data that they were able

David Lindstrom:

to exfiltrate, but it's just

David Lindstrom:

the approach that they took.

David Lindstrom:

Which is really highlights the

David Lindstrom:

importance of understanding the

David Lindstrom:

attack surface around identities

David Lindstrom:

and then reducing that protecting

David Lindstrom:

identities and detecting early.

Luigi Tiano:

You said

Luigi Tiano:

something interesting, David.

Luigi Tiano:

You mentioned that this 18 year

Luigi Tiano:

old went on the dark web and

Luigi Tiano:

just bought some credentials.

Luigi Tiano:

In your experience or in your

Luigi Tiano:

opinion, , do those credentials

Luigi Tiano:

have to be attached to someone

Luigi Tiano:

with a lot of privilege

Luigi Tiano:

within the organization?

Luigi Tiano:

Or it could just be a basic user.

David Lindstrom:

It can be a basic

David Lindstrom:

user and most often it's Joe from

David Lindstrom:

accounting that gets popped first.

David Lindstrom:

But, once I'm in, then

David Lindstrom:

I'm a trusted user.

David Lindstrom:

So active directory, for instance,

David Lindstrom:

is more than happy to tell me

David Lindstrom:

lots of sensitive information.

David Lindstrom:

I can try to up level privilege.

David Lindstrom:

I can try to see what

David Lindstrom:

credentials exist, on disk,

David Lindstrom:

in memory, in registry.

David Lindstrom:

There's a lot of

David Lindstrom:

leftover credentials

David Lindstrom:

that can be very useful.

David Lindstrom:

So it's most common that it's

David Lindstrom:

just a regular user that is

David Lindstrom:

the initial point of entry.

Luigi Tiano:

So

Luigi Tiano:

just a regular user.

Luigi Tiano:

That's interesting because, and

Luigi Tiano:

without pointing the finger at

Luigi Tiano:

Microsoft, obviously we talk

Luigi Tiano:

a lot about active directory

Luigi Tiano:

because let's be honest,

Luigi Tiano:

active directory is present

Luigi Tiano:

in a lot of organizations.

Luigi Tiano:

But what I've learned over

Luigi Tiano:

the last year is how quickly

Luigi Tiano:

someone can navigate through.

Luigi Tiano:

And maybe you can just

Luigi Tiano:

highlight that a little bit.

Luigi Tiano:

Does active directory not

Luigi Tiano:

do a good job of protecting

Luigi Tiano:

the enterprise or, obviously

Luigi Tiano:

there's a lot of loopholes

Luigi Tiano:

that have come about obviously.

David Lindstrom:

Yeah.

David Lindstrom:

Active directory is really

David Lindstrom:

good at what it's built

David Lindstrom:

for, which is function.

David Lindstrom:

It's a directory after all.

David Lindstrom:

It's wide open to any domain

David Lindstrom:

joined user level account.

David Lindstrom:

Unless you take actions

David Lindstrom:

to the contrary.

David Lindstrom:

So it's more than happy to tell you

David Lindstrom:

all kinds of sensitive information

David Lindstrom:

about, where the data resides,

David Lindstrom:

who the Sys admins are for those

David Lindstrom:

systems, what the unpatched systems

David Lindstrom:

are who the domain admins are.

David Lindstrom:

It really allows you to plan

David Lindstrom:

your attack progression.

David Lindstrom:

And it's interesting, the data

David Lindstrom:

around the LastPass breach

David Lindstrom:

is just coming out, in the

David Lindstrom:

last couple days, but that

David Lindstrom:

was a more targeted attack.

David Lindstrom:

They were able to compromise the

David Lindstrom:

developer account last August.

David Lindstrom:

They were able to steal some,

David Lindstrom:

source code information and

David Lindstrom:

LastPass was able to eject them.

David Lindstrom:

So it didn't seem like such

David Lindstrom:

a big deal, but, what we have

David Lindstrom:

found out is that they were doing

David Lindstrom:

reconnaissance in the environment.

David Lindstrom:

They were able to find where the

David Lindstrom:

sensitive corporate resources

David Lindstrom:

existed and who they needed to

David Lindstrom:

go after next in order to get

David Lindstrom:

the credentials to access that.

Luigi Tiano:

Oh, interesting.

Luigi Tiano:

So that kind of leads

Luigi Tiano:

to my next question.

Luigi Tiano:

These unsophisticated attacks

Luigi Tiano:

happen, unbeknownst to a lot of

Luigi Tiano:

users, now, you mentioned the

Luigi Tiano:

fact that a bad actor can get

Luigi Tiano:

in and stay there for weeks or

Luigi Tiano:

months to do all that recon work

Luigi Tiano:

and I think really that's what

Luigi Tiano:

companies are afraid of, right?

Luigi Tiano:

How long have they been

Luigi Tiano:

there and what information

Luigi Tiano:

have they gathered?

Luigi Tiano:

Because the point of attack

Luigi Tiano:

or the point where you find

Luigi Tiano:

out that you've been breached,

Luigi Tiano:

to backtrack that how does an

Luigi Tiano:

corporation backtrack to determine,

Luigi Tiano:

how bad they've been hit?

Luigi Tiano:

Is that even possible

Luigi Tiano:

given what we've seen here?

David Lindstrom:

It's not easy.

David Lindstrom:

Certainly on a host breach

David Lindstrom:

basis scoping the problem is

David Lindstrom:

a big part of remediation.

David Lindstrom:

Understanding how far it's gotten,

David Lindstrom:

what the initial point entry is,

David Lindstrom:

where they still exist, and how

David Lindstrom:

to get them out are really the

David Lindstrom:

main questions that SecOps ask.

David Lindstrom:

The challenge in using identities

David Lindstrom:

is that if you've got someone who's

David Lindstrom:

acting as a legitimate, trusted

David Lindstrom:

user . And that's someone whose

David Lindstrom:

credentials have been compromised

David Lindstrom:

or the same conversation

David Lindstrom:

for a malicious insider.

David Lindstrom:

If they're doing things that

David Lindstrom:

aren't particularly anomalous,

David Lindstrom:

then detection is a big challenge.

Luigi Tiano:

Because if you

Luigi Tiano:

have traditional EDR or XDR,

Luigi Tiano:

you're able to backtrack or

Luigi Tiano:

stitch, the events that happen.

Luigi Tiano:

Now, again, in your opinion,

Luigi Tiano:

does identity play into that?

Luigi Tiano:

Is there any stitching that could

Luigi Tiano:

be done from the endpoint to the

Luigi Tiano:

XDR and backtrack that, or has it

Luigi Tiano:

become a lot more difficult because

Luigi Tiano:

it is from a trusted person?

David Lindstrom:

It's interesting

David Lindstrom:

one of the things I mentioned

David Lindstrom:

with deception is that rather than

David Lindstrom:

reveal legitimate assets like,

David Lindstrom:

local credentials or information

David Lindstrom:

within Active directory one of

David Lindstrom:

the things that Deception allows

David Lindstrom:

me to do is to present deceptive

David Lindstrom:

responses to those types of

David Lindstrom:

queries and in the process,

David Lindstrom:

you can lure an adversary to

David Lindstrom:

an authentic, legitimate decoy

David Lindstrom:

environment that protects

David Lindstrom:

legitimate assets in the

David Lindstrom:

process, wastes their time.

David Lindstrom:

They think that they're

David Lindstrom:

engaged with real treasures.

David Lindstrom:

But the other thing it does

David Lindstrom:

is it really allows you to

David Lindstrom:

capture the full attack path,

David Lindstrom:

the full tools, techniques and

David Lindstrom:

processes that they're using

David Lindstrom:

and what their objectives are.

David Lindstrom:

Because, they're gonna proceed as

David Lindstrom:

if things are going well for them.

David Lindstrom:

So you can really observe

David Lindstrom:

what they're up to.

Luigi Tiano:

Is that what

Luigi Tiano:

you call the honey pot?

David Lindstrom:

Yeah.

David Lindstrom:

Yeah.

David Lindstrom:

Honey Pot is a term that has

David Lindstrom:

been around for a long time and

David Lindstrom:

as I mentioned, the evolution

David Lindstrom:

of deception technology, it

David Lindstrom:

started as we're gonna put

David Lindstrom:

this out there and see who's

David Lindstrom:

attacking us, on the internet.

David Lindstrom:

Then on an internal visibility

David Lindstrom:

perspective, east, west

David Lindstrom:

communications, moved into the data

David Lindstrom:

center and then out closer toward

David Lindstrom:

the edge where the action happens.

David Lindstrom:

And, in the last several years onto

David Lindstrom:

the endpoint, as the point we made

David Lindstrom:

earlier, Joe from accounting, if

David Lindstrom:

he's the one who gets compromised,

David Lindstrom:

how do you protect on that

David Lindstrom:

and how do you detect on that?

Luigi Tiano:

Okay, that's great.

Luigi Tiano:

So you kinda answered my question

Luigi Tiano:

about the unsophisticated hacks.

Luigi Tiano:

Because we often ask

Luigi Tiano:

ourselves, how do they get in?

Luigi Tiano:

But you've just outlined a few ways

Luigi Tiano:

that bad actors can take advantage

Luigi Tiano:

of seemingly innocent people and

Luigi Tiano:

getting into the organization.

David Lindstrom:

Yeah.

David Lindstrom:

And I was gonna make one more

David Lindstrom:

call out on the Cisco example.

David Lindstrom:

That was very similar.

David Lindstrom:

So in that case, it was a

David Lindstrom:

regular user and they compromised

David Lindstrom:

his Google account, which

David Lindstrom:

had cached vpn credentials.

David Lindstrom:

And besides the MFA storm that

David Lindstrom:

they used, they also called him

David Lindstrom:

as IT and said, Hey, we need you

David Lindstrom:

to approve this so we can get in.

Luigi Tiano:

My goodness.

David Lindstrom:

Yeah.

David Lindstrom:

So it's pretty gnarly, it's really

David Lindstrom:

you have to be extremely diligent

David Lindstrom:

to avoid that type of approach.

Luigi Tiano:

There's so many

Luigi Tiano:

things going on you feel for the

Luigi Tiano:

IT folks who have so many things

Luigi Tiano:

going on in a day and sometimes

Luigi Tiano:

they take things for granted.

Luigi Tiano:

And like you said, if it's coming

Luigi Tiano:

from a trusted source, I can

Luigi Tiano:

see how these things happen.

Luigi Tiano:

I guess you gotta just, increase

Luigi Tiano:

your vigilance or just increase

Luigi Tiano:

your level of trust or decrease

Luigi Tiano:

the level of trust and make

Luigi Tiano:

sure that you're really, seeing

Luigi Tiano:

and then hearing what you're

Luigi Tiano:

hearing from everyone around you.

Luigi Tiano:

Earlier you mentioned

Luigi Tiano:

something about credentials

Luigi Tiano:

for sale on dark web.

Luigi Tiano:

What's going on with that?

Luigi Tiano:

Is that a real thing?

Luigi Tiano:

It sounds like it is.

Luigi Tiano:

I hear more and more where,

Luigi Tiano:

credentials could be bought

Luigi Tiano:

on the dark web , talk to

Luigi Tiano:

us a little bit about that.

Luigi Tiano:

You're an expert in this field, so

Luigi Tiano:

what's going on with credentials

Luigi Tiano:

for sale on the dark web?

David Lindstrom:

Yeah, it's

David Lindstrom:

scary to think about, but

David Lindstrom:

there is an extremely active

David Lindstrom:

marketplace of credentials

David Lindstrom:

for sale on the dark web.

David Lindstrom:

And these are credentials that have

David Lindstrom:

been captured by various ransomware

David Lindstrom:

groups and threat actors over time.

David Lindstrom:

At any given point in time, there's

David Lindstrom:

dozens of forums for hundreds

David Lindstrom:

of these initial access brokers,

David Lindstrom:

and it's hard to put a number on

David Lindstrom:

because it's simultaneously both

David Lindstrom:

under reported and over reported.

David Lindstrom:

But one estimate I saw said

David Lindstrom:

that there was about 15 billion

David Lindstrom:

legitimate credentials for

David Lindstrom:

sale on the dark web today.

David Lindstrom:

So it's a low cost of entry, as

David Lindstrom:

we mentioned, the 18 year old

David Lindstrom:

at Uber, that might have cost

David Lindstrom:

him a couple thousand dollars.

Luigi Tiano:

If that.

David Lindstrom:

If that, yeah.

Luigi Tiano:

Yeah.

Luigi Tiano:

And 15 billion credentials, you're

Luigi Tiano:

talking about username, passwords.

Luigi Tiano:

Wow.

Luigi Tiano:

That's a lot of credentials

Luigi Tiano:

for sale or available anyway.

David Lindstrom:

Yeah.

David Lindstrom:

And it's really a force multiplier,

David Lindstrom:

as a bad actor, if I can avoid all

David Lindstrom:

of the recon work to, investigate

David Lindstrom:

your organization and who I need

David Lindstrom:

to target and you know how to get

David Lindstrom:

to them, if I could just buy it

David Lindstrom:

then, it really accelerates my

David Lindstrom:

ability to hit, a lot of targets.

Luigi Tiano:

Wow.

Luigi Tiano:

Okay.

Luigi Tiano:

And just off topic here, maybe

Luigi Tiano:

within topic, how does social

Luigi Tiano:

phishing fall into that?

Luigi Tiano:

Because obviously once you have the

Luigi Tiano:

credentials does social phishing

Luigi Tiano:

even have to come into play?

Luigi Tiano:

If you have the credentials,

Luigi Tiano:

do you need to bother

Luigi Tiano:

about doing more work or is

Luigi Tiano:

that, you've cut the chase?

David Lindstrom:

Yeah, it

David Lindstrom:

can certainly compliment

David Lindstrom:

the validity of an approach.

David Lindstrom:

You can do, initial research to

David Lindstrom:

identify who to target, then,

David Lindstrom:

as a bad actor, you've probably

David Lindstrom:

got better chance of success.

David Lindstrom:

As a corporate citizen, you also

David Lindstrom:

have to be really careful about

David Lindstrom:

oversharing on social media.

David Lindstrom:

That falls into two categories.

David Lindstrom:

One is just what you post on

David Lindstrom:

LinkedIn, so why make it any

David Lindstrom:

easier to advertise the types

David Lindstrom:

of systems that I work on and

David Lindstrom:

where my area of expertise

David Lindstrom:

is and those types of things.

David Lindstrom:

But also just, being really

David Lindstrom:

careful about who you engage with.

David Lindstrom:

So if someone reaches out, your

David Lindstrom:

guard has to be up really high.

Luigi Tiano:

Is an age old

Luigi Tiano:

thing about us sections

Luigi Tiano:

on websites, right?

Luigi Tiano:

Every corporation has their about

Luigi Tiano:

us section and they give you

Luigi Tiano:

so many details about, who the

Luigi Tiano:

person is, who the CFO is, who

Luigi Tiano:

the CTO is, and who the CEO is.

Luigi Tiano:

And they give you like a pedigree

Luigi Tiano:

of all kinds of stuff, like of

Luigi Tiano:

all their experiences, right?

Luigi Tiano:

And an email sometimes of

Luigi Tiano:

how to reach them, that

Luigi Tiano:

sometimes can backfire.

Luigi Tiano:

As much as you wanna be transparent

Luigi Tiano:

with your clients and prospects.

Luigi Tiano:

You might wanna be careful

Luigi Tiano:

what you're giving out there.

Luigi Tiano:

Cause you're right, that could

Luigi Tiano:

be a negative impact for sure.

David Lindstrom:

While we're on the

David Lindstrom:

subject, staying off of LinkedIn

David Lindstrom:

is not the answer either, because

David Lindstrom:

if you don't have a presence,

David Lindstrom:

then someone will create one for

David Lindstrom:

you and use that against you.

Luigi Tiano:

Oh yeah.

Luigi Tiano:

We just wrote an article

Luigi Tiano:

very similar to that,

Luigi Tiano:

what you just mentioned.

Luigi Tiano:

We wrote in our newsletter,

Luigi Tiano:

where a company will go and find

Luigi Tiano:

real job postings and then mimic

Luigi Tiano:

that job on another website.

Luigi Tiano:

Recruit individuals and then

Luigi Tiano:

they'll fish them in and

Luigi Tiano:

then they'll do some kind of

Luigi Tiano:

money transferring scheme.

Luigi Tiano:

So, you gotta be on

Luigi Tiano:

guard at all times.

Luigi Tiano:

So the more we can, put this out

Luigi Tiano:

there, I think, as professionals

Luigi Tiano:

in the field, I think it's

Luigi Tiano:

our responsibility to at least

Luigi Tiano:

advise a community after

Luigi Tiano:

that, you're on your own.

Luigi Tiano:

You gotta make sure you do

Luigi Tiano:

your part, like you said, as

Luigi Tiano:

a good corporate citizen, you

Luigi Tiano:

gotta play your part as well.

David Lindstrom:

Yeah.

David Lindstrom:

And if the next question is as

David Lindstrom:

an organization, if there's 15

David Lindstrom:

billion credentials for sale,

David Lindstrom:

the odds are that someone in

David Lindstrom:

my organization is on that

David Lindstrom:

list, what do I do about it?

David Lindstrom:

At the end of the day, there's a

David Lindstrom:

lot you can do to make it harder

David Lindstrom:

to be the one that becomes the

David Lindstrom:

target, the successful target.

David Lindstrom:

Things like credential

David Lindstrom:

monitoring, so if you have a

David Lindstrom:

threat intelligence service,

David Lindstrom:

they'll often offer the service.

David Lindstrom:

So you know for sure

David Lindstrom:

that you're on that list.

David Lindstrom:

And then, normal hygiene

David Lindstrom:

things like MFA and the whole

David Lindstrom:

conversation around password

David Lindstrom:

reset on a periodic basis.

David Lindstrom:

It's an interesting debate because

David Lindstrom:

if your password is Frisky1, then,

David Lindstrom:

in 90 days it's gonna be Frisky2.

David Lindstrom:

And, it's gonna be Frisky3

David Lindstrom:

90 days after that.

David Lindstrom:

So that's no better.

David Lindstrom:

That's way too easy to

David Lindstrom:

figure out the pattern.

David Lindstrom:

So it's better to have to have

David Lindstrom:

a password manager or have

David Lindstrom:

some type of secure password

David Lindstrom:

phrase than it is to, follow

David Lindstrom:

an easy to detect pattern.

Luigi Tiano:

Okay.

Luigi Tiano:

You bring up a good point.

Luigi Tiano:

I know nothing about cybersecurity.

Luigi Tiano:

I meet you, at a cocktail

Luigi Tiano:

party and you tell me, Luigi,

Luigi Tiano:

your password should be this.

Luigi Tiano:

What is the golden rule given

Luigi Tiano:

what you know in the industry?

Luigi Tiano:

Like how long should

Luigi Tiano:

my password be?

Luigi Tiano:

How complex should it be?

David Lindstrom:

Yeah.

David Lindstrom:

And I'm not necessarily

David Lindstrom:

a password expert.

David Lindstrom:

But what I think is a good rule

David Lindstrom:

of thumb is if you can create

David Lindstrom:

something that's both a lot

David Lindstrom:

of characters, which, makes it

David Lindstrom:

a lot harder to crack through

David Lindstrom:

brute force, but also easy to

David Lindstrom:

remember , then you're better off.

David Lindstrom:

So things like password phrases

David Lindstrom:

for instance Jack and Jill

David Lindstrom:

went downtown to buy a dog.

David Lindstrom:

Is easy enough to remember,

David Lindstrom:

but that's a lot of characters.

David Lindstrom:

That's one approach.

David Lindstrom:

The other is password manager.

Luigi Tiano:

Obviously

Luigi Tiano:

we hear about this recent

Luigi Tiano:

hack of LastPass, right?

Luigi Tiano:

That's a big one.

Luigi Tiano:

So a lot of people had this

Luigi Tiano:

fear now of password managers,

Luigi Tiano:

and then obviously there's the

Luigi Tiano:

issue with the Google Chrome

Luigi Tiano:

hijacking of passwords as well.

Luigi Tiano:

So we've seen some situations,

Luigi Tiano:

but in your opinion, those are

Luigi Tiano:

still safe password managers

Luigi Tiano:

in general, should be safe?

David Lindstrom:

Yeah.

David Lindstrom:

What else are you gonna do?

Luigi Tiano:

You can write

Luigi Tiano:

'em on a piece of paper.

Luigi Tiano:

But then that's not a

Luigi Tiano:

good idea either, right?

David Lindstrom:

Yeah.

David Lindstrom:

And like at LastPass for instance,

David Lindstrom:

it's interesting that by virtue

David Lindstrom:

of knowing who to go after, they

David Lindstrom:

used some fairly sophisticated

David Lindstrom:

techniques to get to him.

David Lindstrom:

So it looks like, it was this home

David Lindstrom:

device which shouldn't be allowed

David Lindstrom:

to access corporate resources.

David Lindstrom:

It's usually not part of the

David Lindstrom:

threat profile for organizations.

David Lindstrom:

They used a vulnerability that

David Lindstrom:

exists within a media server,

David Lindstrom:

and with that they were able

David Lindstrom:

to install a key logger and

David Lindstrom:

get the master password.

David Lindstrom:

And he was, one of four people

David Lindstrom:

that that had those privileges.

David Lindstrom:

So you can absolutely blame

David Lindstrom:

LastPass for not doing

David Lindstrom:

everything conceivably

David Lindstrom:

possible to prevent that.

David Lindstrom:

But at the same time, I think

David Lindstrom:

they will have learned that

David Lindstrom:

lesson and they will implement

David Lindstrom:

stricter controls as a result.

Luigi Tiano:

Yeah.

Luigi Tiano:

It's amazing how the bad

Luigi Tiano:

actor was able to pinpoint who

Luigi Tiano:

that person of privilege was.

Luigi Tiano:

To me, that's the most

Luigi Tiano:

fascinating thing.

Luigi Tiano:

Once you get in, there's so

Luigi Tiano:

much information you need to

Luigi Tiano:

gather to make sure that's the

Luigi Tiano:

actual person you need to hunt.

Luigi Tiano:

After that, once you know who

Luigi Tiano:

the target is, and there's

Luigi Tiano:

always a vulnerability somewhere.

Luigi Tiano:

But to me that's the

Luigi Tiano:

most interesting pieces.

Luigi Tiano:

How do they know

Luigi Tiano:

who to go and hunt?

Luigi Tiano:

That takes some time.

Luigi Tiano:

That takes some

Luigi Tiano:

time and recon work.

David Lindstrom:

Yeah, for sure.

David Lindstrom:

Absolutely.

David Lindstrom:

And one of the objectives of

David Lindstrom:

identity protection is to detect

David Lindstrom:

when that recon work is happening

David Lindstrom:

early so that you can prevent

David Lindstrom:

the worst impacts from any

David Lindstrom:

type of identity compromise and

Luigi Tiano:

So that

Luigi Tiano:

leads my question.

Luigi Tiano:

Sorry to cut you off there, David.

Luigi Tiano:

A couple more questions before we

Luigi Tiano:

cut off here, but, so how does a

Luigi Tiano:

company avoid those tiny mistakes?

Luigi Tiano:

Is there top three things, top

Luigi Tiano:

five things that you as an identity

Luigi Tiano:

specialist would recommend to, Hey

Luigi Tiano:

guys, you gotta do this right now

Luigi Tiano:

to stop, those tiny mistakes that

Luigi Tiano:

maybe could lead to a cyber attack?

David Lindstrom:

Yeah,

David Lindstrom:

so a lot of the themes

David Lindstrom:

we've touched on already.

David Lindstrom:

So as an organization to

David Lindstrom:

prevent being the softest

David Lindstrom:

target for dark web credentials,

David Lindstrom:

for instance, we want to apply

David Lindstrom:

best practices, so we want to

David Lindstrom:

use MFA and wherever possible.

David Lindstrom:

So, we wanna subscribe to a dark

David Lindstrom:

web monitoring service, which

David Lindstrom:

could be available from your

David Lindstrom:

threat intelligence provider.

David Lindstrom:

Have I Been Pwned?

David Lindstrom:

Is a good one.

David Lindstrom:

Just to get a snapshot . And

David Lindstrom:

then, as a individual there's

David Lindstrom:

a lot of best practices that

David Lindstrom:

can reduce the chances of you

David Lindstrom:

being the one that is subject

David Lindstrom:

to a identity compromise.

David Lindstrom:

We talked about don't

David Lindstrom:

overshare on social media.

David Lindstrom:

Don't make it any easier to

David Lindstrom:

be, found and to be researched.

David Lindstrom:

Don't use personal devices

David Lindstrom:

for corporate access.

David Lindstrom:

Especially if you're, the dev

David Lindstrom:

engineer at LastPass that has

David Lindstrom:

access to the entire database.

Luigi Tiano:

You just

Luigi Tiano:

had to throw that one in.

Luigi Tiano:

I like that one.

Luigi Tiano:

Yeah.

Luigi Tiano:

I'm sure they learn

Luigi Tiano:

from that one for sure.

David Lindstrom:

Yeah.

David Lindstrom:

It's not a best practice and

David Lindstrom:

it's usually not part of the,

David Lindstrom:

risk profile for organizations

David Lindstrom:

home networks and home computers.

David Lindstrom:

And the problem's gotten

David Lindstrom:

worse with work from home.

Luigi Tiano:

Yes.

Luigi Tiano:

The B Y O D work from

Luigi Tiano:

home, the hybrid workforce.

Luigi Tiano:

Yeah.

Luigi Tiano:

We've seen a whole bunch of

Luigi Tiano:

new attack options for bad

Luigi Tiano:

actors that the attack services

Luigi Tiano:

have become much bigger.

Luigi Tiano:

So many more entry points like you

Luigi Tiano:

said, and that's why as corporate

Luigi Tiano:

citizens, I think we need to

Luigi Tiano:

be on the lookout at all times.

Luigi Tiano:

Your point is well taken

Luigi Tiano:

and I appreciate those

Luigi Tiano:

four or five points.

David Lindstrom:

I was gonna add

David Lindstrom:

one thing to an earlier comment.

David Lindstrom:

So I try not to store credentials

David Lindstrom:

in Chrome whenever I can.

David Lindstrom:

It always asks me if

David Lindstrom:

I want to, and no.

David Lindstrom:

I always try to clear my

David Lindstrom:

cache whenever possible.

David Lindstrom:

I try not to use keychain on iOS.

David Lindstrom:

Not that I don't, I try to

David Lindstrom:

minimize the the exposure

David Lindstrom:

that I personally have.

Luigi Tiano:

Yeah.

Luigi Tiano:

That's a good point.

Luigi Tiano:

And I've used password managers

Luigi Tiano:

and I continue to use them, but

Luigi Tiano:

one thing maybe I made this piece

Luigi Tiano:

of advice if anyone takes it,

Luigi Tiano:

but I never like to include the

Luigi Tiano:

actual URL of the of the website.

Luigi Tiano:

So what I'll do for example, if

Luigi Tiano:

I'm visiting my bank, I'll put

Luigi Tiano:

the bank in either an acronym

Luigi Tiano:

or something, and then I'll

Luigi Tiano:

just put the credentials in

Luigi Tiano:

that secure note basically.

Luigi Tiano:

So I shy away from putting

Luigi Tiano:

the actual url, cuz that

Luigi Tiano:

could obviously give away,

Luigi Tiano:

there's another layer, I

Luigi Tiano:

dunno how valuable that is.

Luigi Tiano:

But for me, I'm paranoid even

Luigi Tiano:

within the password manager.

David Lindstrom:

Yeah.

David Lindstrom:

Yeah.

David Lindstrom:

I think we all learned the lesson.

David Lindstrom:

If you are a LastPass customer,

David Lindstrom:

then you probably wanna

David Lindstrom:

change all your passwords.

Luigi Tiano:

And yeah, I know I'm

Luigi Tiano:

not here to point any fingers,

Luigi Tiano:

but that's been an argument that's

Luigi Tiano:

happening over the last few months.

Luigi Tiano:

Ever since this has happened,

Luigi Tiano:

I think people are like, it

Luigi Tiano:

hurt their reputation for sure.

Luigi Tiano:

They're a huge company and

Luigi Tiano:

I know, they're not the only

Luigi Tiano:

ones who've been attacked, so

Luigi Tiano:

I'm not here to attack them.

Luigi Tiano:

But yeah, I'm sure it's

Luigi Tiano:

impacted their reputation like

Luigi Tiano:

many other companies who've

Luigi Tiano:

been breached in that nature.

Luigi Tiano:

Dave, we only have a few minutes

Luigi Tiano:

here, so I don't want to keep

Luigi Tiano:

you too long cause I know your

Luigi Tiano:

time is precious, but I did

Luigi Tiano:

have one question, one last

Luigi Tiano:

question, or perhaps I should

Luigi Tiano:

have asked this at the beginning.

Luigi Tiano:

So today, in the corporate

Luigi Tiano:

environment, what does it

Luigi Tiano:

mean, identity security?

Luigi Tiano:

If you can give us an

Luigi Tiano:

umbrella, what does that

Luigi Tiano:

mean when you're talking to

Luigi Tiano:

a client or to a corporation?

Luigi Tiano:

What does it mean to secure

Luigi Tiano:

the identity in the enterprise?

David Lindstrom:

Yeah, absolutely.

David Lindstrom:

There are a number of excellent

David Lindstrom:

tools that exist in the universe

David Lindstrom:

of Provisioning, managing and

David Lindstrom:

controlling identities such

David Lindstrom:

as IAM and PAM, IGA, even MFA.

David Lindstrom:

Those are all excellent techniques

David Lindstrom:

to prevent an identity compromise.

David Lindstrom:

. But identity compromises are still

David Lindstrom:

happening, all over the place.

David Lindstrom:

I think, conservatively

David Lindstrom:

80% of successful attacks

David Lindstrom:

leverage identity at some

David Lindstrom:

point in the kill chain.

David Lindstrom:

So there's this concept of identity

David Lindstrom:

threat detection and response.

David Lindstrom:

And the idea is that you're

David Lindstrom:

gonna prevent the worst outcomes

David Lindstrom:

from an identity compromise.

David Lindstrom:

Assuming the worst and

David Lindstrom:

protect the identity

David Lindstrom:

infrastructure in the process.

David Lindstrom:

And that's where

David Lindstrom:

Sentinel One lives.

David Lindstrom:

What we do for organizations

David Lindstrom:

is we provide a comprehensive

David Lindstrom:

view into the risk landscape

David Lindstrom:

around active directory and

David Lindstrom:

other credentials, allowing you

David Lindstrom:

to reduce the attack surface.

David Lindstrom:

Prevent identity attacks

David Lindstrom:

and protect the identity

David Lindstrom:

infrastructure, and

David Lindstrom:

it's an emerging space.

David Lindstrom:

Gartner, put a white paper

David Lindstrom:

out in November about this.

David Lindstrom:

But we think it's an

David Lindstrom:

excellent compliment to

David Lindstrom:

those more traditional

David Lindstrom:

types of identity security.

Luigi Tiano:

The acronym

Luigi Tiano:

I T D R, we've seen more

Luigi Tiano:

and more of it recently.

Luigi Tiano:

Yeah.

Luigi Tiano:

So Gartner's recognizing it as

Luigi Tiano:

its own independent space now.

Luigi Tiano:

Is that an accurate statement?

David Lindstrom:

Yes.

David Lindstrom:

Gartner has been beating this

David Lindstrom:

drum for a couple of years,

David Lindstrom:

by virtue of, the examples

David Lindstrom:

that we talked about today.

David Lindstrom:

And some of the more macro trends

David Lindstrom:

it's really emerged as a critical

David Lindstrom:

control that a lot of organizations

David Lindstrom:

haven't haven't considered yet.

Luigi Tiano:

And in your opinion,

Luigi Tiano:

and based on what you've seen,

Luigi Tiano:

do we have a lot of security

Luigi Tiano:

professionals in the field?

Luigi Tiano:

Is the I T D R domain still

Luigi Tiano:

relatively new that the

Luigi Tiano:

expertise needs to ramp itself

Luigi Tiano:

up based on what we know?

David Lindstrom:

Yeah.

David Lindstrom:

It's an emerging field

David Lindstrom:

within identity security.

David Lindstrom:

As I mentioned, Attivo evolved

David Lindstrom:

naturally to be a leader

David Lindstrom:

in this space prior to the

David Lindstrom:

acquisition by Sentinel One.

David Lindstrom:

It's an excellent compliment for

David Lindstrom:

the overall Sentinel One portfolio.

David Lindstrom:

So we want to build the walls

David Lindstrom:

as high as possible, but

David Lindstrom:

regardless of how they get in,

David Lindstrom:

whether it's through identity

David Lindstrom:

or other means, they're going

David Lindstrom:

to use identity from that point.

David Lindstrom:

How can you prevent

David Lindstrom:

that from happening?

David Lindstrom:

How do you protect legitimate

David Lindstrom:

assets and how do you detect that

David Lindstrom:

those activities are in process?

David Lindstrom:

And the question

David Lindstrom:

was about expertise.

David Lindstrom:

There's certainly some

David Lindstrom:

growth, I would say in the

David Lindstrom:

industry to support some

David Lindstrom:

of these newer initiatives.

David Lindstrom:

But it's important

David Lindstrom:

enough, like this isn't a

David Lindstrom:

marginal risk reduction.

David Lindstrom:

We think this is a material

David Lindstrom:

requirement for organizations.

Luigi Tiano:

Yeah, I

Luigi Tiano:

would agree with that.

Luigi Tiano:

Yeah, absolutely.

Luigi Tiano:

Definitely a material requirement.

Luigi Tiano:

Dave, listen, this has been an

Luigi Tiano:

honor , I've learned so much today.

Luigi Tiano:

I'd love to continue

Luigi Tiano:

conversation offline.

Luigi Tiano:

But again, I appreciate you

Luigi Tiano:

taking the time with us.

Luigi Tiano:

I T D R is obviously a domain that

Luigi Tiano:

is hot and on the rise right now.

Luigi Tiano:

So thanks for bringing

Luigi Tiano:

that to our attention.

Luigi Tiano:

I will be putting out as many of

Luigi Tiano:

the notes or maybe those links

Luigi Tiano:

that you shared with us earlier.

Luigi Tiano:

So some of the folks can

Luigi Tiano:

obviously benefit from that.

Luigi Tiano:

Do you have any questions

Luigi Tiano:

before we go for me?

David Lindstrom:

No,

David Lindstrom:

this has been fun.

David Lindstrom:

I appreciate the time.

David Lindstrom:

I love talking about stuff.

Luigi Tiano:

It's obvious.

Luigi Tiano:

The passion comes right through.

Luigi Tiano:

Dave, appreciate your time.

Luigi Tiano:

Have yourself a great day, and

Luigi Tiano:

I hope the audience loves this.

David Lindstrom:

Yeah.

David Lindstrom:

Thank you so much.

Luigi Tiano:

Thank you.

Links

Chapters

Video

More from YouTube