Assurance IT invited Identify and Deception Specialist, David Lindstrom, from SentinelOne, to chat about how unsophisticated attacks breached high-profile companies like Uber, Cisco, and LastPass.
In this episode, David Lindstrom and co-founder of Assurance IT, Luigi Tiano, answer the following questions:
Resources:
Watch the episode: https://youtu.be/9zs2MzInI50
David Lindstrom's LinkedIn: https://www.linkedin.com/in/davidlindstrom/
SentinelOne's website: https://www.sentinelone.com/
Luigi Tiano’s LinkedIn: https://www.linkedin.com/in/luigitiano/
Assurance IT Website: http://www.assuranceit.ca/
About David Lindstrom:
Passionate cybersecurity sales professional focused on successful security and business outcomes. I’ve had the pleasure of working on behalf of enterprise and educational organizations across industries and have excelled in the role of start-up evangelist, team leader, and practice expert for established companies.
About 10 Questions to Cyber Resilience:
Twice per month, learn about how IT leaders are strengthening their cyber security practices. Every episode comprises of 10 questions that get you one step closer to cyber resilience. Subscribe to stay up-to-date with hot topics in cyber security.
About Assurance IT:
Assurance IT (www.assuranceit.ca) specializes in data protection and data privacy for the mid-market in Canada, since 2011. The Montreal-based company’s unique approach to helping customers become cyber resilient is called the PPR Methodology which stands for Prepare, Protect and Recover. Based on industry best practices, the PPR Methodology is an easier way to achieve cyber security and compliance objectives.
Good morning
Luigi Tiano:everyone, happy to be here this
Luigi Tiano:morning with a friend of ours
Luigi Tiano:from SentinelOne, David Lindstrom.
Luigi Tiano:Before we get started, we have
Luigi Tiano:some really good content and
Luigi Tiano:really good questions to ask Dave.
Luigi Tiano:But I want Dave to give us
Luigi Tiano:a bit of an introduction
Luigi Tiano:on himself, his expertise.
Luigi Tiano:Dave, tell us where you
Luigi Tiano:work and what you're doing
Luigi Tiano:today with SentinelOne.
David Lindstrom:Yeah.
David Lindstrom:Thanks Luigi.
David Lindstrom:It's a pleasure to be here.
David Lindstrom:So I'm an identity and deception
David Lindstrom:specialist for SentinelOne, and
David Lindstrom:I joined SentinelOne via the
David Lindstrom:Attivo acquisition last May.
David Lindstrom:And what's interesting about
David Lindstrom:those two things is Attivo
David Lindstrom:started as a deception company
David Lindstrom:and in the process of following
David Lindstrom:the attacker's evolution and
David Lindstrom:staying one step ahead, that
David Lindstrom:really evolved into protecting
David Lindstrom:the identity infrastructures
David Lindstrom:because that's where the action
David Lindstrom:happens, and we're seeing
David Lindstrom:that more and more these days.
Luigi Tiano:Yeah.
Luigi Tiano:It's interesting you say that the
Luigi Tiano:identity protection is becoming a
Luigi Tiano:huge conversation with our clients.
Luigi Tiano:It's always been there, right?
Luigi Tiano:But we see more of a
Luigi Tiano:conversation around it.
Luigi Tiano:Before it was taboo to talk
Luigi Tiano:about it because it, we
Luigi Tiano:thought it never happened, but
Luigi Tiano:the attack surface is huge.
Luigi Tiano:And there's so many
Luigi Tiano:angles to cover.
Luigi Tiano:So yeah, I'm really excited to
Luigi Tiano:have you on and I appreciate
Luigi Tiano:your time cause I know you're
Luigi Tiano:very busy, especially nowadays.
Luigi Tiano:So tell us a little bit
Luigi Tiano:about SentinelOne just
Luigi Tiano:before we get into it.
Luigi Tiano:The product that you
Luigi Tiano:support at SentinelOne and
Luigi Tiano:you deliver for clients.
David Lindstrom:Yep.
David Lindstrom:As the identity specialist, we
David Lindstrom:focus on protecting organizations
David Lindstrom:from identity compromise reducing
David Lindstrom:the attack surface detecting
David Lindstrom:identity attacks early in the
David Lindstrom:recon stage so they can, reduce
David Lindstrom:the blast radius, improve time to
David Lindstrom:recovery, improve the fidelity of
David Lindstrom:a lerts around identity compromise.
David Lindstrom:So it's very complimentary
David Lindstrom:to the overall SentinelOne
David Lindstrom:approach, which, involves
David Lindstrom:endpoint and XDR security.
Luigi Tiano:Awesome.
Luigi Tiano:Awesome.
Luigi Tiano:Thank you for that.
Luigi Tiano:So today we're gonna talk about
Luigi Tiano:some companies who've gotten hacked
Luigi Tiano:specifically around, identity.
Luigi Tiano:Two high profile attacks
Luigi Tiano:that we saw late last
Luigi Tiano:year were Uber and Cisco.
Luigi Tiano:So if you can double click on
Luigi Tiano:those, they often sound very
Luigi Tiano:sophisticated, but can you
Luigi Tiano:tell us a little bit about how
Luigi Tiano:unsophisticated those attacks
Luigi Tiano:were and what the impact
Luigi Tiano:was to both Uber and Cisco?
David Lindstrom:Yeah.
David Lindstrom:Luigi, these are two really good
David Lindstrom:examples of, unsophisticated
David Lindstrom:attacks that leveraged identity
David Lindstrom:in the initial breach phase.
David Lindstrom:Identity has always been page
David Lindstrom:one and one a of the attacker
David Lindstrom:playbook on a post breach basis.
David Lindstrom:So they're gonna go after
David Lindstrom:active directory to try
David Lindstrom:to get domain privilege.
David Lindstrom:They're gonna try to
David Lindstrom:enumerate active directory.
David Lindstrom:They're gonna try to
David Lindstrom:dump local credentials.
David Lindstrom:That's just what they do.
David Lindstrom:But increasingly we're
David Lindstrom:seeing that identity is
David Lindstrom:the initial breach vector.
David Lindstrom:And in the case of Uber,
David Lindstrom:this was an 18 year old who
David Lindstrom:bought an Uber employee's
David Lindstrom:credentials on the dark web.
David Lindstrom:Then created an MFA storm,
David Lindstrom:basically blasted him with MFA
David Lindstrom:requests until he finally relented.
David Lindstrom:And that allowed
David Lindstrom:him to gain access.
David Lindstrom:From there it was a more
David Lindstrom:traditional, attack profile.
David Lindstrom:So scan the internet find
David Lindstrom:PowerShell scripts that include
David Lindstrom:PAM privileges and as a privileged
David Lindstrom:user within the pam find
David Lindstrom:sensitive data that you can use.
David Lindstrom:And, in both the case of Uber
David Lindstrom:and Cisco, it's not so much about
David Lindstrom:the sensitivity or the value
David Lindstrom:of the data that they were able
David Lindstrom:to exfiltrate, but it's just
David Lindstrom:the approach that they took.
David Lindstrom:Which is really highlights the
David Lindstrom:importance of understanding the
David Lindstrom:attack surface around identities
David Lindstrom:and then reducing that protecting
David Lindstrom:identities and detecting early.
Luigi Tiano:You said
Luigi Tiano:something interesting, David.
Luigi Tiano:You mentioned that this 18 year
Luigi Tiano:old went on the dark web and
Luigi Tiano:just bought some credentials.
Luigi Tiano:In your experience or in your
Luigi Tiano:opinion, , do those credentials
Luigi Tiano:have to be attached to someone
Luigi Tiano:with a lot of privilege
Luigi Tiano:within the organization?
Luigi Tiano:Or it could just be a basic user.
David Lindstrom:It can be a basic
David Lindstrom:user and most often it's Joe from
David Lindstrom:accounting that gets popped first.
David Lindstrom:But, once I'm in, then
David Lindstrom:I'm a trusted user.
David Lindstrom:So active directory, for instance,
David Lindstrom:is more than happy to tell me
David Lindstrom:lots of sensitive information.
David Lindstrom:I can try to up level privilege.
David Lindstrom:I can try to see what
David Lindstrom:credentials exist, on disk,
David Lindstrom:in memory, in registry.
David Lindstrom:There's a lot of
David Lindstrom:leftover credentials
David Lindstrom:that can be very useful.
David Lindstrom:So it's most common that it's
David Lindstrom:just a regular user that is
David Lindstrom:the initial point of entry.
Luigi Tiano:So
Luigi Tiano:just a regular user.
Luigi Tiano:That's interesting because, and
Luigi Tiano:without pointing the finger at
Luigi Tiano:Microsoft, obviously we talk
Luigi Tiano:a lot about active directory
Luigi Tiano:because let's be honest,
Luigi Tiano:active directory is present
Luigi Tiano:in a lot of organizations.
Luigi Tiano:But what I've learned over
Luigi Tiano:the last year is how quickly
Luigi Tiano:someone can navigate through.
Luigi Tiano:And maybe you can just
Luigi Tiano:highlight that a little bit.
Luigi Tiano:Does active directory not
Luigi Tiano:do a good job of protecting
Luigi Tiano:the enterprise or, obviously
Luigi Tiano:there's a lot of loopholes
Luigi Tiano:that have come about obviously.
David Lindstrom:Yeah.
David Lindstrom:Active directory is really
David Lindstrom:good at what it's built
David Lindstrom:for, which is function.
David Lindstrom:It's a directory after all.
David Lindstrom:It's wide open to any domain
David Lindstrom:joined user level account.
David Lindstrom:Unless you take actions
David Lindstrom:to the contrary.
David Lindstrom:So it's more than happy to tell you
David Lindstrom:all kinds of sensitive information
David Lindstrom:about, where the data resides,
David Lindstrom:who the Sys admins are for those
David Lindstrom:systems, what the unpatched systems
David Lindstrom:are who the domain admins are.
David Lindstrom:It really allows you to plan
David Lindstrom:your attack progression.
David Lindstrom:And it's interesting, the data
David Lindstrom:around the LastPass breach
David Lindstrom:is just coming out, in the
David Lindstrom:last couple days, but that
David Lindstrom:was a more targeted attack.
David Lindstrom:They were able to compromise the
David Lindstrom:developer account last August.
David Lindstrom:They were able to steal some,
David Lindstrom:source code information and
David Lindstrom:LastPass was able to eject them.
David Lindstrom:So it didn't seem like such
David Lindstrom:a big deal, but, what we have
David Lindstrom:found out is that they were doing
David Lindstrom:reconnaissance in the environment.
David Lindstrom:They were able to find where the
David Lindstrom:sensitive corporate resources
David Lindstrom:existed and who they needed to
David Lindstrom:go after next in order to get
David Lindstrom:the credentials to access that.
Luigi Tiano:Oh, interesting.
Luigi Tiano:So that kind of leads
Luigi Tiano:to my next question.
Luigi Tiano:These unsophisticated attacks
Luigi Tiano:happen, unbeknownst to a lot of
Luigi Tiano:users, now, you mentioned the
Luigi Tiano:fact that a bad actor can get
Luigi Tiano:in and stay there for weeks or
Luigi Tiano:months to do all that recon work
Luigi Tiano:and I think really that's what
Luigi Tiano:companies are afraid of, right?
Luigi Tiano:How long have they been
Luigi Tiano:there and what information
Luigi Tiano:have they gathered?
Luigi Tiano:Because the point of attack
Luigi Tiano:or the point where you find
Luigi Tiano:out that you've been breached,
Luigi Tiano:to backtrack that how does an
Luigi Tiano:corporation backtrack to determine,
Luigi Tiano:how bad they've been hit?
Luigi Tiano:Is that even possible
Luigi Tiano:given what we've seen here?
David Lindstrom:It's not easy.
David Lindstrom:Certainly on a host breach
David Lindstrom:basis scoping the problem is
David Lindstrom:a big part of remediation.
David Lindstrom:Understanding how far it's gotten,
David Lindstrom:what the initial point entry is,
David Lindstrom:where they still exist, and how
David Lindstrom:to get them out are really the
David Lindstrom:main questions that SecOps ask.
David Lindstrom:The challenge in using identities
David Lindstrom:is that if you've got someone who's
David Lindstrom:acting as a legitimate, trusted
David Lindstrom:user . And that's someone whose
David Lindstrom:credentials have been compromised
David Lindstrom:or the same conversation
David Lindstrom:for a malicious insider.
David Lindstrom:If they're doing things that
David Lindstrom:aren't particularly anomalous,
David Lindstrom:then detection is a big challenge.
Luigi Tiano:Because if you
Luigi Tiano:have traditional EDR or XDR,
Luigi Tiano:you're able to backtrack or
Luigi Tiano:stitch, the events that happen.
Luigi Tiano:Now, again, in your opinion,
Luigi Tiano:does identity play into that?
Luigi Tiano:Is there any stitching that could
Luigi Tiano:be done from the endpoint to the
Luigi Tiano:XDR and backtrack that, or has it
Luigi Tiano:become a lot more difficult because
Luigi Tiano:it is from a trusted person?
David Lindstrom:It's interesting
David Lindstrom:one of the things I mentioned
David Lindstrom:with deception is that rather than
David Lindstrom:reveal legitimate assets like,
David Lindstrom:local credentials or information
David Lindstrom:within Active directory one of
David Lindstrom:the things that Deception allows
David Lindstrom:me to do is to present deceptive
David Lindstrom:responses to those types of
David Lindstrom:queries and in the process,
David Lindstrom:you can lure an adversary to
David Lindstrom:an authentic, legitimate decoy
David Lindstrom:environment that protects
David Lindstrom:legitimate assets in the
David Lindstrom:process, wastes their time.
David Lindstrom:They think that they're
David Lindstrom:engaged with real treasures.
David Lindstrom:But the other thing it does
David Lindstrom:is it really allows you to
David Lindstrom:capture the full attack path,
David Lindstrom:the full tools, techniques and
David Lindstrom:processes that they're using
David Lindstrom:and what their objectives are.
David Lindstrom:Because, they're gonna proceed as
David Lindstrom:if things are going well for them.
David Lindstrom:So you can really observe
David Lindstrom:what they're up to.
Luigi Tiano:Is that what
Luigi Tiano:you call the honey pot?
David Lindstrom:Yeah.
David Lindstrom:Yeah.
David Lindstrom:Honey Pot is a term that has
David Lindstrom:been around for a long time and
David Lindstrom:as I mentioned, the evolution
David Lindstrom:of deception technology, it
David Lindstrom:started as we're gonna put
David Lindstrom:this out there and see who's
David Lindstrom:attacking us, on the internet.
David Lindstrom:Then on an internal visibility
David Lindstrom:perspective, east, west
David Lindstrom:communications, moved into the data
David Lindstrom:center and then out closer toward
David Lindstrom:the edge where the action happens.
David Lindstrom:And, in the last several years onto
David Lindstrom:the endpoint, as the point we made
David Lindstrom:earlier, Joe from accounting, if
David Lindstrom:he's the one who gets compromised,
David Lindstrom:how do you protect on that
David Lindstrom:and how do you detect on that?
Luigi Tiano:Okay, that's great.
Luigi Tiano:So you kinda answered my question
Luigi Tiano:about the unsophisticated hacks.
Luigi Tiano:Because we often ask
Luigi Tiano:ourselves, how do they get in?
Luigi Tiano:But you've just outlined a few ways
Luigi Tiano:that bad actors can take advantage
Luigi Tiano:of seemingly innocent people and
Luigi Tiano:getting into the organization.
David Lindstrom:Yeah.
David Lindstrom:And I was gonna make one more
David Lindstrom:call out on the Cisco example.
David Lindstrom:That was very similar.
David Lindstrom:So in that case, it was a
David Lindstrom:regular user and they compromised
David Lindstrom:his Google account, which
David Lindstrom:had cached vpn credentials.
David Lindstrom:And besides the MFA storm that
David Lindstrom:they used, they also called him
David Lindstrom:as IT and said, Hey, we need you
David Lindstrom:to approve this so we can get in.
Luigi Tiano:My goodness.
David Lindstrom:Yeah.
David Lindstrom:So it's pretty gnarly, it's really
David Lindstrom:you have to be extremely diligent
David Lindstrom:to avoid that type of approach.
Luigi Tiano:There's so many
Luigi Tiano:things going on you feel for the
Luigi Tiano:IT folks who have so many things
Luigi Tiano:going on in a day and sometimes
Luigi Tiano:they take things for granted.
Luigi Tiano:And like you said, if it's coming
Luigi Tiano:from a trusted source, I can
Luigi Tiano:see how these things happen.
Luigi Tiano:I guess you gotta just, increase
Luigi Tiano:your vigilance or just increase
Luigi Tiano:your level of trust or decrease
Luigi Tiano:the level of trust and make
Luigi Tiano:sure that you're really, seeing
Luigi Tiano:and then hearing what you're
Luigi Tiano:hearing from everyone around you.
Luigi Tiano:Earlier you mentioned
Luigi Tiano:something about credentials
Luigi Tiano:for sale on dark web.
Luigi Tiano:What's going on with that?
Luigi Tiano:Is that a real thing?
Luigi Tiano:It sounds like it is.
Luigi Tiano:I hear more and more where,
Luigi Tiano:credentials could be bought
Luigi Tiano:on the dark web , talk to
Luigi Tiano:us a little bit about that.
Luigi Tiano:You're an expert in this field, so
Luigi Tiano:what's going on with credentials
Luigi Tiano:for sale on the dark web?
David Lindstrom:Yeah, it's
David Lindstrom:scary to think about, but
David Lindstrom:there is an extremely active
David Lindstrom:marketplace of credentials
David Lindstrom:for sale on the dark web.
David Lindstrom:And these are credentials that have
David Lindstrom:been captured by various ransomware
David Lindstrom:groups and threat actors over time.
David Lindstrom:At any given point in time, there's
David Lindstrom:dozens of forums for hundreds
David Lindstrom:of these initial access brokers,
David Lindstrom:and it's hard to put a number on
David Lindstrom:because it's simultaneously both
David Lindstrom:under reported and over reported.
David Lindstrom:But one estimate I saw said
David Lindstrom:that there was about 15 billion
David Lindstrom:legitimate credentials for
David Lindstrom:sale on the dark web today.
David Lindstrom:So it's a low cost of entry, as
David Lindstrom:we mentioned, the 18 year old
David Lindstrom:at Uber, that might have cost
David Lindstrom:him a couple thousand dollars.
Luigi Tiano:If that.
David Lindstrom:If that, yeah.
Luigi Tiano:Yeah.
Luigi Tiano:And 15 billion credentials, you're
Luigi Tiano:talking about username, passwords.
Luigi Tiano:Wow.
Luigi Tiano:That's a lot of credentials
Luigi Tiano:for sale or available anyway.
David Lindstrom:Yeah.
David Lindstrom:And it's really a force multiplier,
David Lindstrom:as a bad actor, if I can avoid all
David Lindstrom:of the recon work to, investigate
David Lindstrom:your organization and who I need
David Lindstrom:to target and you know how to get
David Lindstrom:to them, if I could just buy it
David Lindstrom:then, it really accelerates my
David Lindstrom:ability to hit, a lot of targets.
Luigi Tiano:Wow.
Luigi Tiano:Okay.
Luigi Tiano:And just off topic here, maybe
Luigi Tiano:within topic, how does social
Luigi Tiano:phishing fall into that?
Luigi Tiano:Because obviously once you have the
Luigi Tiano:credentials does social phishing
Luigi Tiano:even have to come into play?
Luigi Tiano:If you have the credentials,
Luigi Tiano:do you need to bother
Luigi Tiano:about doing more work or is
Luigi Tiano:that, you've cut the chase?
David Lindstrom:Yeah, it
David Lindstrom:can certainly compliment
David Lindstrom:the validity of an approach.
David Lindstrom:You can do, initial research to
David Lindstrom:identify who to target, then,
David Lindstrom:as a bad actor, you've probably
David Lindstrom:got better chance of success.
David Lindstrom:As a corporate citizen, you also
David Lindstrom:have to be really careful about
David Lindstrom:oversharing on social media.
David Lindstrom:That falls into two categories.
David Lindstrom:One is just what you post on
David Lindstrom:LinkedIn, so why make it any
David Lindstrom:easier to advertise the types
David Lindstrom:of systems that I work on and
David Lindstrom:where my area of expertise
David Lindstrom:is and those types of things.
David Lindstrom:But also just, being really
David Lindstrom:careful about who you engage with.
David Lindstrom:So if someone reaches out, your
David Lindstrom:guard has to be up really high.
Luigi Tiano:Is an age old
Luigi Tiano:thing about us sections
Luigi Tiano:on websites, right?
Luigi Tiano:Every corporation has their about
Luigi Tiano:us section and they give you
Luigi Tiano:so many details about, who the
Luigi Tiano:person is, who the CFO is, who
Luigi Tiano:the CTO is, and who the CEO is.
Luigi Tiano:And they give you like a pedigree
Luigi Tiano:of all kinds of stuff, like of
Luigi Tiano:all their experiences, right?
Luigi Tiano:And an email sometimes of
Luigi Tiano:how to reach them, that
Luigi Tiano:sometimes can backfire.
Luigi Tiano:As much as you wanna be transparent
Luigi Tiano:with your clients and prospects.
Luigi Tiano:You might wanna be careful
Luigi Tiano:what you're giving out there.
Luigi Tiano:Cause you're right, that could
Luigi Tiano:be a negative impact for sure.
David Lindstrom:While we're on the
David Lindstrom:subject, staying off of LinkedIn
David Lindstrom:is not the answer either, because
David Lindstrom:if you don't have a presence,
David Lindstrom:then someone will create one for
David Lindstrom:you and use that against you.
Luigi Tiano:Oh yeah.
Luigi Tiano:We just wrote an article
Luigi Tiano:very similar to that,
Luigi Tiano:what you just mentioned.
Luigi Tiano:We wrote in our newsletter,
Luigi Tiano:where a company will go and find
Luigi Tiano:real job postings and then mimic
Luigi Tiano:that job on another website.
Luigi Tiano:Recruit individuals and then
Luigi Tiano:they'll fish them in and
Luigi Tiano:then they'll do some kind of
Luigi Tiano:money transferring scheme.
Luigi Tiano:So, you gotta be on
Luigi Tiano:guard at all times.
Luigi Tiano:So the more we can, put this out
Luigi Tiano:there, I think, as professionals
Luigi Tiano:in the field, I think it's
Luigi Tiano:our responsibility to at least
Luigi Tiano:advise a community after
Luigi Tiano:that, you're on your own.
Luigi Tiano:You gotta make sure you do
Luigi Tiano:your part, like you said, as
Luigi Tiano:a good corporate citizen, you
Luigi Tiano:gotta play your part as well.
David Lindstrom:Yeah.
David Lindstrom:And if the next question is as
David Lindstrom:an organization, if there's 15
David Lindstrom:billion credentials for sale,
David Lindstrom:the odds are that someone in
David Lindstrom:my organization is on that
David Lindstrom:list, what do I do about it?
David Lindstrom:At the end of the day, there's a
David Lindstrom:lot you can do to make it harder
David Lindstrom:to be the one that becomes the
David Lindstrom:target, the successful target.
David Lindstrom:Things like credential
David Lindstrom:monitoring, so if you have a
David Lindstrom:threat intelligence service,
David Lindstrom:they'll often offer the service.
David Lindstrom:So you know for sure
David Lindstrom:that you're on that list.
David Lindstrom:And then, normal hygiene
David Lindstrom:things like MFA and the whole
David Lindstrom:conversation around password
David Lindstrom:reset on a periodic basis.
David Lindstrom:It's an interesting debate because
David Lindstrom:if your password is Frisky1, then,
David Lindstrom:in 90 days it's gonna be Frisky2.
David Lindstrom:And, it's gonna be Frisky3
David Lindstrom:90 days after that.
David Lindstrom:So that's no better.
David Lindstrom:That's way too easy to
David Lindstrom:figure out the pattern.
David Lindstrom:So it's better to have to have
David Lindstrom:a password manager or have
David Lindstrom:some type of secure password
David Lindstrom:phrase than it is to, follow
David Lindstrom:an easy to detect pattern.
Luigi Tiano:Okay.
Luigi Tiano:You bring up a good point.
Luigi Tiano:I know nothing about cybersecurity.
Luigi Tiano:I meet you, at a cocktail
Luigi Tiano:party and you tell me, Luigi,
Luigi Tiano:your password should be this.
Luigi Tiano:What is the golden rule given
Luigi Tiano:what you know in the industry?
Luigi Tiano:Like how long should
Luigi Tiano:my password be?
Luigi Tiano:How complex should it be?
David Lindstrom:Yeah.
David Lindstrom:And I'm not necessarily
David Lindstrom:a password expert.
David Lindstrom:But what I think is a good rule
David Lindstrom:of thumb is if you can create
David Lindstrom:something that's both a lot
David Lindstrom:of characters, which, makes it
David Lindstrom:a lot harder to crack through
David Lindstrom:brute force, but also easy to
David Lindstrom:remember , then you're better off.
David Lindstrom:So things like password phrases
David Lindstrom:for instance Jack and Jill
David Lindstrom:went downtown to buy a dog.
David Lindstrom:Is easy enough to remember,
David Lindstrom:but that's a lot of characters.
David Lindstrom:That's one approach.
David Lindstrom:The other is password manager.
Luigi Tiano:Obviously
Luigi Tiano:we hear about this recent
Luigi Tiano:hack of LastPass, right?
Luigi Tiano:That's a big one.
Luigi Tiano:So a lot of people had this
Luigi Tiano:fear now of password managers,
Luigi Tiano:and then obviously there's the
Luigi Tiano:issue with the Google Chrome
Luigi Tiano:hijacking of passwords as well.
Luigi Tiano:So we've seen some situations,
Luigi Tiano:but in your opinion, those are
Luigi Tiano:still safe password managers
Luigi Tiano:in general, should be safe?
David Lindstrom:Yeah.
David Lindstrom:What else are you gonna do?
Luigi Tiano:You can write
Luigi Tiano:'em on a piece of paper.
Luigi Tiano:But then that's not a
Luigi Tiano:good idea either, right?
David Lindstrom:Yeah.
David Lindstrom:And like at LastPass for instance,
David Lindstrom:it's interesting that by virtue
David Lindstrom:of knowing who to go after, they
David Lindstrom:used some fairly sophisticated
David Lindstrom:techniques to get to him.
David Lindstrom:So it looks like, it was this home
David Lindstrom:device which shouldn't be allowed
David Lindstrom:to access corporate resources.
David Lindstrom:It's usually not part of the
David Lindstrom:threat profile for organizations.
David Lindstrom:They used a vulnerability that
David Lindstrom:exists within a media server,
David Lindstrom:and with that they were able
David Lindstrom:to install a key logger and
David Lindstrom:get the master password.
David Lindstrom:And he was, one of four people
David Lindstrom:that that had those privileges.
David Lindstrom:So you can absolutely blame
David Lindstrom:LastPass for not doing
David Lindstrom:everything conceivably
David Lindstrom:possible to prevent that.
David Lindstrom:But at the same time, I think
David Lindstrom:they will have learned that
David Lindstrom:lesson and they will implement
David Lindstrom:stricter controls as a result.
Luigi Tiano:Yeah.
Luigi Tiano:It's amazing how the bad
Luigi Tiano:actor was able to pinpoint who
Luigi Tiano:that person of privilege was.
Luigi Tiano:To me, that's the most
Luigi Tiano:fascinating thing.
Luigi Tiano:Once you get in, there's so
Luigi Tiano:much information you need to
Luigi Tiano:gather to make sure that's the
Luigi Tiano:actual person you need to hunt.
Luigi Tiano:After that, once you know who
Luigi Tiano:the target is, and there's
Luigi Tiano:always a vulnerability somewhere.
Luigi Tiano:But to me that's the
Luigi Tiano:most interesting pieces.
Luigi Tiano:How do they know
Luigi Tiano:who to go and hunt?
Luigi Tiano:That takes some time.
Luigi Tiano:That takes some
Luigi Tiano:time and recon work.
David Lindstrom:Yeah, for sure.
David Lindstrom:Absolutely.
David Lindstrom:And one of the objectives of
David Lindstrom:identity protection is to detect
David Lindstrom:when that recon work is happening
David Lindstrom:early so that you can prevent
David Lindstrom:the worst impacts from any
David Lindstrom:type of identity compromise and
Luigi Tiano:So that
Luigi Tiano:leads my question.
Luigi Tiano:Sorry to cut you off there, David.
Luigi Tiano:A couple more questions before we
Luigi Tiano:cut off here, but, so how does a
Luigi Tiano:company avoid those tiny mistakes?
Luigi Tiano:Is there top three things, top
Luigi Tiano:five things that you as an identity
Luigi Tiano:specialist would recommend to, Hey
Luigi Tiano:guys, you gotta do this right now
Luigi Tiano:to stop, those tiny mistakes that
Luigi Tiano:maybe could lead to a cyber attack?
David Lindstrom:Yeah,
David Lindstrom:so a lot of the themes
David Lindstrom:we've touched on already.
David Lindstrom:So as an organization to
David Lindstrom:prevent being the softest
David Lindstrom:target for dark web credentials,
David Lindstrom:for instance, we want to apply
David Lindstrom:best practices, so we want to
David Lindstrom:use MFA and wherever possible.
David Lindstrom:So, we wanna subscribe to a dark
David Lindstrom:web monitoring service, which
David Lindstrom:could be available from your
David Lindstrom:threat intelligence provider.
David Lindstrom:Have I Been Pwned?
David Lindstrom:Is a good one.
David Lindstrom:Just to get a snapshot . And
David Lindstrom:then, as a individual there's
David Lindstrom:a lot of best practices that
David Lindstrom:can reduce the chances of you
David Lindstrom:being the one that is subject
David Lindstrom:to a identity compromise.
David Lindstrom:We talked about don't
David Lindstrom:overshare on social media.
David Lindstrom:Don't make it any easier to
David Lindstrom:be, found and to be researched.
David Lindstrom:Don't use personal devices
David Lindstrom:for corporate access.
David Lindstrom:Especially if you're, the dev
David Lindstrom:engineer at LastPass that has
David Lindstrom:access to the entire database.
Luigi Tiano:You just
Luigi Tiano:had to throw that one in.
Luigi Tiano:I like that one.
Luigi Tiano:Yeah.
Luigi Tiano:I'm sure they learn
Luigi Tiano:from that one for sure.
David Lindstrom:Yeah.
David Lindstrom:It's not a best practice and
David Lindstrom:it's usually not part of the,
David Lindstrom:risk profile for organizations
David Lindstrom:home networks and home computers.
David Lindstrom:And the problem's gotten
David Lindstrom:worse with work from home.
Luigi Tiano:Yes.
Luigi Tiano:The B Y O D work from
Luigi Tiano:home, the hybrid workforce.
Luigi Tiano:Yeah.
Luigi Tiano:We've seen a whole bunch of
Luigi Tiano:new attack options for bad
Luigi Tiano:actors that the attack services
Luigi Tiano:have become much bigger.
Luigi Tiano:So many more entry points like you
Luigi Tiano:said, and that's why as corporate
Luigi Tiano:citizens, I think we need to
Luigi Tiano:be on the lookout at all times.
Luigi Tiano:Your point is well taken
Luigi Tiano:and I appreciate those
Luigi Tiano:four or five points.
David Lindstrom:I was gonna add
David Lindstrom:one thing to an earlier comment.
David Lindstrom:So I try not to store credentials
David Lindstrom:in Chrome whenever I can.
David Lindstrom:It always asks me if
David Lindstrom:I want to, and no.
David Lindstrom:I always try to clear my
David Lindstrom:cache whenever possible.
David Lindstrom:I try not to use keychain on iOS.
David Lindstrom:Not that I don't, I try to
David Lindstrom:minimize the the exposure
David Lindstrom:that I personally have.
Luigi Tiano:Yeah.
Luigi Tiano:That's a good point.
Luigi Tiano:And I've used password managers
Luigi Tiano:and I continue to use them, but
Luigi Tiano:one thing maybe I made this piece
Luigi Tiano:of advice if anyone takes it,
Luigi Tiano:but I never like to include the
Luigi Tiano:actual URL of the of the website.
Luigi Tiano:So what I'll do for example, if
Luigi Tiano:I'm visiting my bank, I'll put
Luigi Tiano:the bank in either an acronym
Luigi Tiano:or something, and then I'll
Luigi Tiano:just put the credentials in
Luigi Tiano:that secure note basically.
Luigi Tiano:So I shy away from putting
Luigi Tiano:the actual url, cuz that
Luigi Tiano:could obviously give away,
Luigi Tiano:there's another layer, I
Luigi Tiano:dunno how valuable that is.
Luigi Tiano:But for me, I'm paranoid even
Luigi Tiano:within the password manager.
David Lindstrom:Yeah.
David Lindstrom:Yeah.
David Lindstrom:I think we all learned the lesson.
David Lindstrom:If you are a LastPass customer,
David Lindstrom:then you probably wanna
David Lindstrom:change all your passwords.
Luigi Tiano:And yeah, I know I'm
Luigi Tiano:not here to point any fingers,
Luigi Tiano:but that's been an argument that's
Luigi Tiano:happening over the last few months.
Luigi Tiano:Ever since this has happened,
Luigi Tiano:I think people are like, it
Luigi Tiano:hurt their reputation for sure.
Luigi Tiano:They're a huge company and
Luigi Tiano:I know, they're not the only
Luigi Tiano:ones who've been attacked, so
Luigi Tiano:I'm not here to attack them.
Luigi Tiano:But yeah, I'm sure it's
Luigi Tiano:impacted their reputation like
Luigi Tiano:many other companies who've
Luigi Tiano:been breached in that nature.
Luigi Tiano:Dave, we only have a few minutes
Luigi Tiano:here, so I don't want to keep
Luigi Tiano:you too long cause I know your
Luigi Tiano:time is precious, but I did
Luigi Tiano:have one question, one last
Luigi Tiano:question, or perhaps I should
Luigi Tiano:have asked this at the beginning.
Luigi Tiano:So today, in the corporate
Luigi Tiano:environment, what does it
Luigi Tiano:mean, identity security?
Luigi Tiano:If you can give us an
Luigi Tiano:umbrella, what does that
Luigi Tiano:mean when you're talking to
Luigi Tiano:a client or to a corporation?
Luigi Tiano:What does it mean to secure
Luigi Tiano:the identity in the enterprise?
David Lindstrom:Yeah, absolutely.
David Lindstrom:There are a number of excellent
David Lindstrom:tools that exist in the universe
David Lindstrom:of Provisioning, managing and
David Lindstrom:controlling identities such
David Lindstrom:as IAM and PAM, IGA, even MFA.
David Lindstrom:Those are all excellent techniques
David Lindstrom:to prevent an identity compromise.
David Lindstrom:. But identity compromises are still
David Lindstrom:happening, all over the place.
David Lindstrom:I think, conservatively
David Lindstrom:80% of successful attacks
David Lindstrom:leverage identity at some
David Lindstrom:point in the kill chain.
David Lindstrom:So there's this concept of identity
David Lindstrom:threat detection and response.
David Lindstrom:And the idea is that you're
David Lindstrom:gonna prevent the worst outcomes
David Lindstrom:from an identity compromise.
David Lindstrom:Assuming the worst and
David Lindstrom:protect the identity
David Lindstrom:infrastructure in the process.
David Lindstrom:And that's where
David Lindstrom:Sentinel One lives.
David Lindstrom:What we do for organizations
David Lindstrom:is we provide a comprehensive
David Lindstrom:view into the risk landscape
David Lindstrom:around active directory and
David Lindstrom:other credentials, allowing you
David Lindstrom:to reduce the attack surface.
David Lindstrom:Prevent identity attacks
David Lindstrom:and protect the identity
David Lindstrom:infrastructure, and
David Lindstrom:it's an emerging space.
David Lindstrom:Gartner, put a white paper
David Lindstrom:out in November about this.
David Lindstrom:But we think it's an
David Lindstrom:excellent compliment to
David Lindstrom:those more traditional
David Lindstrom:types of identity security.
Luigi Tiano:The acronym
Luigi Tiano:I T D R, we've seen more
Luigi Tiano:and more of it recently.
Luigi Tiano:Yeah.
Luigi Tiano:So Gartner's recognizing it as
Luigi Tiano:its own independent space now.
Luigi Tiano:Is that an accurate statement?
David Lindstrom:Yes.
David Lindstrom:Gartner has been beating this
David Lindstrom:drum for a couple of years,
David Lindstrom:by virtue of, the examples
David Lindstrom:that we talked about today.
David Lindstrom:And some of the more macro trends
David Lindstrom:it's really emerged as a critical
David Lindstrom:control that a lot of organizations
David Lindstrom:haven't haven't considered yet.
Luigi Tiano:And in your opinion,
Luigi Tiano:and based on what you've seen,
Luigi Tiano:do we have a lot of security
Luigi Tiano:professionals in the field?
Luigi Tiano:Is the I T D R domain still
Luigi Tiano:relatively new that the
Luigi Tiano:expertise needs to ramp itself
Luigi Tiano:up based on what we know?
David Lindstrom:Yeah.
David Lindstrom:It's an emerging field
David Lindstrom:within identity security.
David Lindstrom:As I mentioned, Attivo evolved
David Lindstrom:naturally to be a leader
David Lindstrom:in this space prior to the
David Lindstrom:acquisition by Sentinel One.
David Lindstrom:It's an excellent compliment for
David Lindstrom:the overall Sentinel One portfolio.
David Lindstrom:So we want to build the walls
David Lindstrom:as high as possible, but
David Lindstrom:regardless of how they get in,
David Lindstrom:whether it's through identity
David Lindstrom:or other means, they're going
David Lindstrom:to use identity from that point.
David Lindstrom:How can you prevent
David Lindstrom:that from happening?
David Lindstrom:How do you protect legitimate
David Lindstrom:assets and how do you detect that
David Lindstrom:those activities are in process?
David Lindstrom:And the question
David Lindstrom:was about expertise.
David Lindstrom:There's certainly some
David Lindstrom:growth, I would say in the
David Lindstrom:industry to support some
David Lindstrom:of these newer initiatives.
David Lindstrom:But it's important
David Lindstrom:enough, like this isn't a
David Lindstrom:marginal risk reduction.
David Lindstrom:We think this is a material
David Lindstrom:requirement for organizations.
Luigi Tiano:Yeah, I
Luigi Tiano:would agree with that.
Luigi Tiano:Yeah, absolutely.
Luigi Tiano:Definitely a material requirement.
Luigi Tiano:Dave, listen, this has been an
Luigi Tiano:honor , I've learned so much today.
Luigi Tiano:I'd love to continue
Luigi Tiano:conversation offline.
Luigi Tiano:But again, I appreciate you
Luigi Tiano:taking the time with us.
Luigi Tiano:I T D R is obviously a domain that
Luigi Tiano:is hot and on the rise right now.
Luigi Tiano:So thanks for bringing
Luigi Tiano:that to our attention.
Luigi Tiano:I will be putting out as many of
Luigi Tiano:the notes or maybe those links
Luigi Tiano:that you shared with us earlier.
Luigi Tiano:So some of the folks can
Luigi Tiano:obviously benefit from that.
Luigi Tiano:Do you have any questions
Luigi Tiano:before we go for me?
David Lindstrom:No,
David Lindstrom:this has been fun.
David Lindstrom:I appreciate the time.
David Lindstrom:I love talking about stuff.
Luigi Tiano:It's obvious.
Luigi Tiano:The passion comes right through.
Luigi Tiano:Dave, appreciate your time.
Luigi Tiano:Have yourself a great day, and
Luigi Tiano:I hope the audience loves this.
David Lindstrom:Yeah.
David Lindstrom:Thank you so much.
Luigi Tiano:Thank you.