Webinar Recording
Making Sense of the Top 5 Latest Cybersecurity Trends
Let’s face it: with each passing year, the CISO’s job is not becoming any easier. As companies continue embracing the Digital Transformation, the growing complexity and openness of their IT infrastructures mean that the attack surface for hackers and malicious insiders is increasing as well. Combined with the recent political developments such as the rise of state-sponsored attacks, new surveillance laws, and harsh privacy regulations, security professionals now have way too many things on their hands that sometimes keep them awake at night.
What’s more important – protecting your systems from ransomware or securing your cloud infrastructure? Should you invest in CEO fraud protection or work harder to prepare for a media fallout after a data breach? Decisions, decisions… Alas, most companies still have pretty limited cybersecurity budgets and simply cannot afford to cover all their grounds sufficiently. Even worse, the dreaded skills gap in IT security is making qualified experts increasingly scarce. In this webinar, KuppingerCole lead analysts John Tolbert and Alexei Balaganski talk about the biggest cybersecurity buzzwords to help you separate fact from fiction and make informed decisions about investing in the latest technology trends.
Welcome today. We're going to talk about making sense of the top five latest cybersecurity trends and I'm John Tolbert. And with me, I have Alexei Balaganski another lead Analyst here at co or Cole. Next slide please. So before we begin a little bit about Cooper or Cole, we're an independent Analyst firm headquartered in Europe, founded in 2004. We support all sorts of different kinds of companies, corporate users, governments, system integrators, software vendors, with both tactical and strategic advice for roadmaps and implementation. We offer neutral advice. We're vendor neutral. We try to provide thought leadership and relevant information to our customers. And we really specialize in these areas below information security, including cybersecurity identity and access management, identity governance, GRC, and anything concerning the digital transformation.
So a little bit about some of our events. We have just completed our first consumer identity world of this year here in the us. We have two more coming up this year at the end of October in Amsterdam, and then in the middle of November and Singapore. And then we have a cybersecurity leadership summit and a cyber access summit running at the same time in Berlin, November 12th through the 14th. And we hope you can join us for those events. So for this webinar, everyone is muted. You don't have to mute or unmute yourself. We'll take care of that for you. We are recording the webinar and that recording should be online tomorrow and we'll have a Q and a session at the end. And in the go to webinar control panel on the side, you'll see a blank in which you can enter questions and we will address those at the end as well. And with that, I'd like to turn it over to my colleague Alexei.
Okay. Thanks John. Hello everyone. Alexei a Balaganski here. Well on this slide, our, you can see the other short summary of our agenda for today. We are going to talk about five top cybersecurity trends we have identified, which will probably dominate the price. And some of the, some of your thoughts during those three plus nights next year, and still stay on this site, I would really make a short disclaimer. Some of you would probably ask, like why these trends, what were the reasons for us to identify this particular five topics for today? Well, well actually not an easy decision. First. We were thinking about talking about topics, which our customers at our mostly thinking about, but quite frankly, some of them are just already going away like the dirty trend somewhere and crypto check, which are actually both on a very sharp decline. Recently, some are just plain boring and really had to make a compromise and choose those topics, which are on one hand still relevant and still going strong in the press and in windows, press releases and stuff like that.
On the other hand, actually have some depth to explore only five of course, because we only have a bit over 30 minutes today. And if you have questions or believe that we have missed a very important topic, we really should have addressed. Rather just put those in the questions tool. And we still, we still have time at the end. We will definitely at least briefly address them as well. And without further ado, let's start with the first topic for today, which is our artificial intelligence and machine learning in cybersecurity. Before we actually go to the cybersecurity part, it's very important to mention that our, the whole AI slash ML topic nowadays is almost a holy grail for marketing people are in cybersecurity. And it's probably, it has the same vague or notion like cloud was 10 years ago. Like everyone is talking about it. Everyone is selling it and nobody can really tell what exactly it does it actually do.
And on this slide, I've listed a few of flu, common myth and misconceptions about artificial intelligence. And the first one of course is that AI is somehow cutting edge stuff, which is which it most certain is not since as this, it might sound artificial intelligence actually predates digital computers. And the first technologies have appeared in 1950s, even before the widespread of modern computers. And some of those technologies haven't actually changed a lot. It's, it's still complicated math, but it's not nothing really new at all. And the second myth of the thing that are AI or machine learning model or algorithm, or just kind of something which you could buy and deploy is already available and figured out and or exists for every possible application, including cybersecurity. Again, some of those algorithms have existed for many decades. Some have been already academically and then technologically perfected like computer vision or language processing, or some really kind of deeper foundation of mathematical methods for digging through huge amounts of data.
But for cybersecurity, it's definitely not true. Even those companies which are selling packaged cybersecurity solutions, which are supposedly machine learning power, it's still very much an early days or of academic research or very, very kind of scratching the surface level of potential applications. The third is probably the most dangerous or myth about machine learning that it does not require human involvement, both in the sense that you buy it, you deploy it and you forget it, which obviously isn't true for every security tool out there because in cybersecurity, things change all the time and new classes of malware, peer, new cyber rates, the old ones are evolving. And so even existing and tried and tested machine learning models have to be retrained and readjusted all the time. And of course, machine learning alone will can, and we will never replace additional security tools. You will still need to a very dumb firewall or an antivirus, or probably a thousand of other security tools, or, but of course it would be nice if some kind of machine learning engine would automate and simplify the whole orchestration and integration all those tools. And finally, the biggest selling point of machine learning tools now is that they will somehow fix and bridge that's dreaded skill gap that so many are trained security experts are missing in the jobs market and machine learning will somehow replace them. Well, obviously again, this is, and will never be true because even the most sophisticated and the most automated machine learning based solution still cannot make decisions for you. There is, there has to be a human involved if only for ethical and legal reasons alone.
And before we continue to cybersecurity, let's just quickly have a look at what AI and machine learning and cognitive technologies actually are. I have to confess, I have shamelessly stole on this slide from one of our earlier presentations and cognitive technologies. Just to give you a shorter view that this whole area is extremely complicated. There is a lot of areas of academic, of ongoing academic research are covering multiple, very much unrelated applications ranging from information security to driverless cars, to as I, as I mentioned earlier, image processing to very basic stuff like digging through data and doing data mining and business intelligence, all of these areas have, are kind of operating with absolutely different mathematical models, using different frameworks methods, even to a certain extent different hardware or foundations are. And yet in the press in the marketing materials, they are casually referred to AI. Well, my personal opinion on that is that AI is just a term which should really be avoided because there will probably never be a mind that operates exactly as a human brain. And so let's continue and talk about machine learning.
Again, whenever you trying to shop for a machine learning powered security tool, it's really important to understand that AI isn't equal AI, if you will. And there are very different levels of applications of very different machine learning technologies. The most basic one, the simplest one is just doing data correlation, like for example, 15 through dozens of different lock files and network package captures to detect some patterns or anomalies or outliers, or just to kind of filter those huge numbers like tens of talents, unrelated security alerts, which traditional security will generate and combine them into enriched and pre-processed and risked arranged by risk actionable alerts. This is the most basic level. This is what most of the vendors out there are offering. The next more advanced level is decision support where the, the brain, if you build a machine learning part, the artificial intelligence will not just do some hardcore data crunching, but will actually try to apply some semantic to the data, to do some basic predictions, to offer some helpful recommendations based on the past history.
So it's probably as close to what traditional expert systems are of the seventies and eighties were striving. Be basically, if you are a level one support engineer and you have hundreds of calls, such a, my machine learning based tool would go through the history of your previous cases and recommend what to do in the current one. Or it'll go through the history of your equipment failures and recommend some proactive maintenance features. And so on this, again, there are products on the market which already do that, but usually they are limited to very few and very specific industries or markets like help desks or industrial networks. And so on the next level is probably the cutting edge or of current academic research are the cognitive technologies where machine learning actually reaches that semantic understanding of probably very small child, but still a child that's capable to do some reasoning.
Some the rationalization of the data it's reading through. And this is for example, where the famous IBM Watson solution is operating in and potential applications of this technology in cybersecurity include going through online resources like forums and blogs and magazines and publications, and extracting the unstructured data from those publications and turn them into some useful unstructured rules and recommendations for threat intelligence. For example, another very popular and growing technology is conversational AI, where you could just ask questions and receive some context based replies. And a bot would not just answer a question like Alexa, but would actually be able to maintain a conversation. Remember your previous questions and kind of anticipates the common ones. And finally, there is this autonomous AI show down the sky net, if you will. I think which is definitely, and luckily does not yet exist. And it probably hopefully never exist at all.
Because as I mentioned earlier, in, in most fields or for many reasons, if only just for ethical reasons, a machine will never be allowed to make their own decisions. It's definitely true for robot centers with guns. It's definitely true for cybersecurity decisions as well. However, it's important to understand that there is already a very big and active market, which has absolutely no reservations and no inhibitions about compliance or ethics. And these are of course, cyber criminals, be hackers or politically motivated parties or nation states. And those are, or probably will, or soon be the, the earliest adopters of this technology as soon as its, and this is basically all I have to say about AI because of the time constraints. Let's move directly to the second topic, which is zero trust again, zero trust is something which everyone is talking about. And again like a cloud or AI, every company is putting some different meaning behind those words.
First of all, why, why is no trust? What's the reason behind the emergence of this approach. And it's actually very simple. Your company, no longer has this cast and mode security perimeter because your resources, your employees, your data, your partners, your connected vehicles, and other devices are no longer behind the firewall perimeter. They are out there. And basically perimeter does not no longer exist. A typical modern infrastructure is way too complex and unpredictable and ever change and completely unprotected by traditional security tools. And this is why it has given such a sharp and almost amazing rise to the notion of zero trust. I think it was probably Google that came with the first practical implementation they called beyond Corp. And then it was Forester that came up with the actual term zero trust as referring to, or a network architecture where basically you trust no one, there is no longer an internet.
There is no longer trusted network segment in there and untrust out. Everyone's UN trusted. What's important to understand that there are multiple companies out there trying to sell you zero trust product. And zero trust is not a product. It is above all architecture model concept, which requires you not just deploy or new technologies, but also significantly change the way your business operates, retrain your employees and just kind of reconsider many of the ways you are doing business now, internally or busy partners or customers. It does offer multiple very tangible business. And it benefits of course. And obviously it's massive reduction of a tech servers because there are no data. There are no services applications, which are exposed to the dark net. If you will. It potentially offers a massive reduction of it complexity because there is no longer there, there are no longer separate segments of your network, which have to operate with different it stack.
There is no longer cloud versus OnPrem versus model or mobile versus third party contractors. It's all the same. It functions exactly the same software, exactly the same processes and policies across your whole infrastructure. So which is obviously reduces the complexity. And of course it's a natural and the most natural way to go to a hybrid cloud. It offers again, attentionally, it offers greater flexibility and productivity for your users and partners, because it's a chance for you to reap and throw away the legacy infrastructure like old school VPN solutions and offer your employee something more convenient. But then again, a zero trust is not a product. This is not a new approach to build a different generation perimeter around your network. And that's not something which only an it department can solve. And it's most crucially zero trust is not about trust. The first thing you have to do when you go to, when you go zero trust, you have to forget that this word even exists.
It shouldn't be just like corporate network. Internet should not be the part of lexicon because you, the name says you should trust no one and again, or just a few short recommendations. You, you have to start with a strategy. You have to design your strategy to be secure by design and heterogeneous and hybrid by design because, or you have to be in the cloud and you have to be everywhere to efficiently implement or trust across all your networks. You have to redefine your notion of identity because for zero trust network, not just users have to have an identity, but devices as well. And of course, each identity has to be, has to have a constantly updated context attached to be to business context or some relevant security variables and attributes. There has to be a separate control pain for managing the configuration and security policies and access controls across all the network segments, if you will.
And of course all the traditional security recommendations still apply. You still have to discover and classify and protect your sensitive data, resources, be databases or apps or something else. Or you have to, you have to restructure a network in a way that all those existing sensitive data resources are isolated from each other and from, and from the outside world. And you have to enforce the strictest access controls to each of those resources. And of course, continuous monitoring and audit of our activity. Still the key, not just for compliance, but for efficient management and enforcement and governance. And finally do not trust vendor marketing because some of the claims out there are completely outrageous. Or I would say that zero trust vendors beat even AI vendors or in the attempt to wrap their existing. And sometimes very old school security solutions like VPNs in this new rep and try to sell them the next generation security. And again, this is all I had to say about zero trust, and let's quickly hop to the next topic, which is the insider threat. The biggest problem nowadays, that it was privileged users like admins and database like DBAs and other it users with lots of privileges who used to be used to be considered. The biggest insider threat nowadays is completely different are since we are becoming or even more digitalized and our businesses are becoming more open and our networks are becoming less and less periodized.
The, the whole number of attack vector is increasing and the missed kind of the cost of even the tiniest mistake is becoming more and more massive. And nowadays every user inside your network is basically a potential malicious insider, or even if they are not, especially if they are not it experts, but rather you financial officer or accountant or HR manager, or even your CEO. And of course the best part of this insider threat attacks is that for hackers exploiting people is much easier than exploiting infrastructure because victims do all the work themselves like that probable Albanian virus, which I just included as an illustration down there. The problem is, as I mentioned, are insiders can be everywhere. Anyone in your company, it's no longer admins. It's basically, there was a very interesting, I started on by the pal Institute recently about the cost of the insider threat and apparently the biggest threat to the company and most costly ones are actually not like whistleblowers or persistent, the real malicious insiders who are there to steal your data.
It's the negligent employees, because are they are the easiest victims to social engineering or any other types or of attacks, which are, should not actually be even called cyber attacks anymore because they are probably involved just a phone call on email and not, and again, this involves involves not just your own employees, but your contractors and even total outsiders like legal advisors of, and basically dealing with insider threats is no longer about a single technology. You cannot fix it with an antivirus. You cannot fix it with efficient tool. You, again, you have just like with zero trust, you have to reinvent your whole business. You have to educate your users. You have to strengthen and reshape your basic business processes, especially around financial transactions. And of course you have, you have a broad choice of technologies, but then again, there is no singles bullet. There is no single bandaid.
You can just apply to your network to fix all the inside threats. You really have to approach it from a Sical point of view. And again, zero trust is a great start. Although zero trust network alone is still not the solution and the most, really the easiest and the most important takeaway here would be no, your colleague, if talk to your colleagues more, know what your CEO habits are. Okay. And if you receive a phone call during the night telling you that you have to make an urgent financial transaction somewhere to a Chinese bank. Well, just think again, trust no one. And this is basically where my part ends. And John, now it's your to talk about the next topic.
Well, thank you. And just a reminder, if anybody has any questions, you can put the questions in the blank and the go to webinar control panel there, and we'll take them in a few minutes at the end. So I wanted to talk about some of the myths that we hear about around authentication and identity systems. Let's say you're an executive and you're thinking, you know, what I have is probably good enough. We've bought this identity management system years ago, my users logging in with username and password. You know, we've got automated password resets if they forget 'em so we don't have help desk problems anymore, they can just go answer a security question. And for, you know, the really sensitive stuff, we've got things set up where users get a, a one time password texted to their phone and they have to enter that. Well, that sounds great, but you know, things have evolved.
And, and now we know there are problems with these kinds of simple solutions. Passwords are easily guessed. There's rainbow table attacks. Most people use pretty common and easy to guess passwords. And really at this stage of the game, I think it's impractical to tell people to use really long passwords when there's no consistency between the kinds of characters they're supposed to use. And then the knowledge based questions people are answering those questions right on Facebook today, you know, what's your mother's maiden name? What was the first phone number you had? So all this information has kind of become common knowledge. And if there's a bad guy out there who wants to attack your business, it's easy to get in and reset the password. And then lastly, on the SMS OTP, N us NIST has deprecated that many other organizations are trying to move away from texted onetime passwords because it's, there are some known issues, security issues with the implementation of that. So really what we need are what we call continuous or risk adaptive, authentication solutions, identity systems, still over 80% of the time are the reason why there are data breaches, passwords are no good. And then, you know, once an attacker gets a spot on your network, the next thing they try to do is move laterally to get onto other machines, get higher privileges, get access to the data that they want. So you don't wanna be part of the statistics of the world's biggest data breaches there. Next slide please.
So with risk adaptive authentication, I just wanted to list out some of the important factors. I mean, obviously there are different kinds of authenticators other than the ones that I was mentioning a few minutes ago, with the username password, you can do mobile applications. There are smart cards, there are USB keys. There are much better authenticator form factors and techniques that can be used today. In addition, a lot of authentication systems can now process different kinds of risk factors at each request. So you can find out where's the request coming from location wise. And then there's a factor we call geo velocity or impossible journey where, you know, somebody shouldn't be able to log in from Canada and then an hour later, try to log in from Chile and just, you know, it's physically impossible and you should shut down the, that subsequent attempt because you know, it's, it's probably fraudulent.
You can also restrict people, your users to certain address ranges, geofencing time of day or day of week. If it's outside of normal business hours, you might wanna flag that you can just put device IDs or many of these solutions allow you to collect what we call a device fingerprint, which is, you know, maybe a conglomeration of information about the device, including hardware could be screen resolution size, installed fonts on the operating system, operating system version. All that can be hashed and kind of turned into a factor you can evaluate same thing with device health assessment. Is it running endpoint, security, antivirus? If so, is it up to date? You could block it or send it to a quarantine network. If you don't get a satisfactory answer, there are lots of threat intelligence subscriptions out there that will give you up to date lists of known bad IPS or bad networks.
And you can block authentication or authorization requests that emanate from those networks. You can look at different user attributes, what groups users are in and base authentication policies on that user history, user behavioral analytics is the current request kind of in line with what you've seen them ask for in the past, if not flag it or deny it. If the user's on a new device, you might wanna pop up another channel and verify that that's them. We've probably all seen that either at work or even with personal email accounts, you don't wanna let jail broken or rooted devices on your network. Probably there are also known compromised credential checking services. Think of that as like an API for the, have I been POed kinds of service if somebody's using a bad credential, especially like on a consumer facing site, you'd probably want to at least think twice about authenticating them. And then there are services that do fraud pattern analysis and can shut down, you know, or at least provide you with enough information to say, this looks fraudulent. I'm gonna deny this transaction.
Next slide please. So then we roll these risk adaptive authentication methods into what we call continuous authentication in the interest of time. I think I'll just kind speed through here and say, it's applying these techniques across time. So every time a user makes an authentication or authorization request, evaluate which of these factors you think are important and then run and get a different risk score. So let's say, you know, time one, you know, you do an initial authentication. Then throughout time, the user moves around the nature of the request changes, and then they can return to a normal state. But along the way, based on that changing risk score, you may want to either collect additional information about the user's request context or force them to, you know, use some other channel for authentication or authorization. Maybe if it's a transaction, you do some sort of mobile push notification. Many of these different actions can be configured within a modern identity and authentication solutions. Next slide please.
And then the last big myth we wanna address is security kind of takes care of itself. And by this, I mean, you know, maybe you, you look at benchmarks for your spending for your organization. You say, you know, other organizations or companies in my industry spend X percent on it. And of that X percent, you know, Y percent gets spent on some security and we're right there. You know, we've got firewalls, we're, you know, maybe we're running certain things and by a managed service provider and, you know, the contract takes care of that. Well, that's not really the case. And there's still things that you have to worry about, even if you're think you're doing everything right. I mean, there are botnets, you know, what your machines to become part of a botnet, cyber espionage is alive and well, it's not just the stuff of movies. It's, it's not something from the past. It's still happening every single day out there. I mean, in many cases, companies or governments realize it's cheaper to steal technology than to do the R and D on it. And then there are activists, hackers, people that are don't really have your best intentions in mind. So you have to be always vigilant. Next slide please.
So we think, you know, this really starts with a cybersecurity culture and I've pulled up five specific areas. I wanted to try to quickly address here, employee training, training on products or services, running exercises to see how effective that training is and fishing resistance. I, I wanted to call out separately just because it is such a problem. Still, you know, many employees will fall victim to fishing scams and, and you have to say that the fishing scams just get increasingly complicated and difficult to discern what's real and what's not. So there are services out there that you can use to help educate your employees to so that they can figure out what's fishing and what's not. And then lastly conferences. So next slide, please, employee training. Now you might think that these all sound really, really basic, but these, these are ongoing problems. Even as of this week.
I know companies that are having problems with physical security issues. We've got employees that print out proprietary trade information and, and maybe throw it in the recycle bin. You know, this is not a safe practice, same thing with information on USB drives that can be left out on the office desk. People come in after hours or visitors. I mean, it's still a real problem. And this is a way that cyber espionage occurs every single day on the information security side. Again, it may seem very straightforward to those of us who are in the information security business, but it's not a good idea to use your personal email for business. You shouldn't share, you know, your, your competition, sensitive materials over public file sharing sites or social media. And these things are happening. I mean, on Tuesday, I think I read about an NSA employee who was terminated or prosecuted for this very thing and, you know, securities in the middle of the name of the agency.
So this is a, a real problem that still happens today. And users need to be constantly reminded that to take care of the information that they are supposed to then deprovisioning terminated users. Somebody leaves it can be difficult unless they're automated solutions in place to cut off all the access. So having a solution in place that deprovision all the different accounts that the user may have is an important consideration. Privacy, privacy. It's kind of the flip side of security, but when dealing with PII, you know, I think we, every organization, whether it's an HR or if it's a consumer facing business or retail business winds up collecting PII, and you need to be aware of what jurisdiction you're in, what are the privacy regulations there? And then how do you deal with it? GDPR is a huge concern, not only in Europe, but for any company that does business with European citizens, you've got new responsibilities for handling their PII.
And then lastly, here, incident response, I most small, medium sized businesses that I talk to have almost an attitude of, well, big data breaches can't happen here, or, you know, we don't really have anything of value that somebody would wanna steal. Well, you know, that's not true because you wouldn't be in business if you didn't have anything of value that somebody else wanted. So before you reach a situation where you've got a data breach to deal with, you know, have having processes in place, understand what each one of your employees and it and communications, what what's their role gonna be? You know, who notifies the executives with GDPR, you've got a 72 hour data breach notification that that's way different than it was even last year. So understanding what processes and how you're gonna respond to a potential data breach before it happens is imperative.
Next slide, product, and service training. Remember when we used to go to classes on products that we were, you'd buy a product and then you'd go to the class to learn how to run it. You know, a lot of things are open source these days and that's, that's great, but, and there's also a lot of open source training or online training that you can use or your employees can use. And, you know, it's still important to understand the ins and outs of all the different software solutions that you're running. And that includes for cloud-based services, you know, so make sure that employees have adequate time, you know, within their work year to stay up to date on all the products or services that they're responsible for. It's more than just knowing the basics. You can leave yourself open to misconfiguration and data loss can occur through that. So having your employees up to date on what all the best practices are for the particular products and services that they run is really a key thing. Next slide.
And then lastly conferences, and this is more than just a, an encouragement to come to our upcoming cybersecurity leadership summit in Berlin and November, but conferences really are an excellent way. And there are many different conferences to choose from. Conferences are an excellent way for people in security to stay up to date on what the latest threats are and what the latest best practices are. There's so much the changes as you know, from month to month and year to year Alexei a was mentioning ransomware and crypto jackers, you know, they kind of dominated the news ransomware in 2016, and it's still out there. New variants are being created every day, but you know, many operating system vendors, endpoint, security vendors have put into place. Lots of good controls for that now. So it's not, it's still a concern, but it's not at the top of everybody's mind the way it once was. So in order to stay fresh, you know, we encourage people to go to conferences, you know, listen to what the latest research is, find out what vendors have to offer, and then talk to peers in industry, see what threats and challenges they're facing and how they're dealing with it, networking between people in the same industry or with the same kinds of responsibilities is a good way to keep up to date and, and find out what they're doing so that it can help you with your own practice.
And with that, we'll do some Q and a, we've got a couple of them here. Let's assume there are already bad guys on your network. Can adaptive authentication help weed out the a P T intruders as well as would be actors? I would say yes. I mean, they're, if they capture a password and can do replays on that, having an adaptive authentication solution, or let's say privileged access management solution as well is really useful in those cases, too, that way you can lock down the privileged account so that it makes it more difficult for the bad guys to move laterally around your network. And then also you can apply policies to specific data resources so that you can make it harder. And I've, I've always heard. And I think it's a really good thing about information security training. You know, you gotta make it as hard as possible for the bad guys to steal your information. Then they'll look for easier target. So, you know, that's what we do. An adaptive authentication is a way of making it harder for the bad guys to get access to your data.
But if I may add to that on one hand, you absolutely. Right. So technology that like definitive authentication will definitely help to reduce attack surface, but of course it won't eliminate the danger completely because you have this whole or kind of stack of technologies and yes, a deputy health authentication will help you enforce or kind of policies on legitimate access attempt, but it won't help your, if your database UN patched, and there is a zero day exploit for your windows endpoint or anything like that. So if there is, if there is one single biggest takeaway from this webinar, then it's like, you should not think in individual technologies, you really have to start with the strategy and try to add a little bit of everything, including authentication and zero trust and all other technologies we mentioned today.
Yeah. I think that's a good point because of the nature of the way vendors sell products. They're often packaged as if by this product and it'll solve all your needs. And like you said, Alexei say the adaptive authentication is just one method that can be used to help protect companies resources. I have one more question here in the blank. Are there large, well known companies using continuous authentication? Now the answer to that is yes. I mean, if you're using, let's say any of the public web email solutions or social media, they all have continuous authentication sort of running in the background, they're doing risk adaptive. They're looking at many of those factors that I just went through a few minutes ago, they're looking, you know, and, and you'll probably even notice this, if you get a new phone or you try to log in from a computer that you don't, you'll get a notification on some other channel saying, Hey, is that really you, we saw you're coming in from this IP address. You know, it's new click here to say, yes, it was me or click here to say, no, it wasn't. So, I mean, those are really easy to find examples of companies that are putting this into practice and, you know, it works, it doesn't prevent all fraud or all breaches, but it's, it's a good first step. And yes, many companies are using that today
And you used the word fraud, and this is actually the right one because probably the, the earliest adopters of this technologies were banks in other financial institutions because they have to, and then it kind spread towards mobile applications. Because again, this is something which doesn't have that huge kind of architectural legacy in them. It was much easier for mobile app developers to integrate this technologies from the very start. And you are probably using them or for years already, you just don't see it most of the time, because the best security tool is the one which does not pop fuel until it detects something really nasty happening for wild user. It'll just stay transparent and visible.
Yeah, you're absolutely right. You know, the financial industry often tends to lead the way in terms of security innovation. For that very reason, you know, fraud, fraud costs them money and they'll do whatever it takes to make their user experiences secure. Well with that, I don't see any additional questions in the blank. So Alexei a, unless you have anything, I think we're ready to close.
Well, I can only say thanks to all our attendees for attending let's hope. We'll see you again in one of our future webinars where we address each of the topics we had today in the more details and kind of deeper in the technological stack and hope to see at least some of you at the cybersecurity leadership summit in the lean.
Thanks, everyone. And this should be online. The recording of this should be online tomorrow with our slides. And with that, we will conclude.
So a little bit about some of our events. We have just completed our first consumer identity world of this year here in the us. We have two more coming up this year at the end of October in Amsterdam, and then in the middle of November and Singapore. And then we have a cybersecurity leadership summit and a cyber access summit running at the same time in Berlin, November 12th through the 14th. And we hope you can join us for those events. So for this webinar, everyone is muted. You don't have to mute or unmute yourself. We'll take care of that for you. We are recording the webinar and that recording should be online tomorrow and we'll have a Q and a session at the end. And in the go to webinar control panel on the side, you'll see a blank in which you can enter questions and we will address those at the end as well. And with that, I'd like to turn it over to my colleague Alexei.
Okay. Thanks John. Hello everyone. Alexei a Balaganski here. Well on this slide, our, you can see the other short summary of our agenda for today. We are going to talk about five top cybersecurity trends we have identified, which will probably dominate the price. And some of the, some of your thoughts during those three plus nights next year, and still stay on this site, I would really make a short disclaimer. Some of you would probably ask, like why these trends, what were the reasons for us to identify this particular five topics for today? Well, well actually not an easy decision. First. We were thinking about talking about topics, which our customers at our mostly thinking about, but quite frankly, some of them are just already going away like the dirty trend somewhere and crypto check, which are actually both on a very sharp decline. Recently, some are just plain boring and really had to make a compromise and choose those topics, which are on one hand still relevant and still going strong in the press and in windows, press releases and stuff like that.
On the other hand, actually have some depth to explore only five of course, because we only have a bit over 30 minutes today. And if you have questions or believe that we have missed a very important topic, we really should have addressed. Rather just put those in the questions tool. And we still, we still have time at the end. We will definitely at least briefly address them as well. And without further ado, let's start with the first topic for today, which is our artificial intelligence and machine learning in cybersecurity. Before we actually go to the cybersecurity part, it's very important to mention that our, the whole AI slash ML topic nowadays is almost a holy grail for marketing people are in cybersecurity. And it's probably, it has the same vague or notion like cloud was 10 years ago. Like everyone is talking about it. Everyone is selling it and nobody can really tell what exactly it does it actually do.
And on this slide, I've listed a few of flu, common myth and misconceptions about artificial intelligence. And the first one of course is that AI is somehow cutting edge stuff, which is which it most certain is not since as this, it might sound artificial intelligence actually predates digital computers. And the first technologies have appeared in 1950s, even before the widespread of modern computers. And some of those technologies haven't actually changed a lot. It's, it's still complicated math, but it's not nothing really new at all. And the second myth of the thing that are AI or machine learning model or algorithm, or just kind of something which you could buy and deploy is already available and figured out and or exists for every possible application, including cybersecurity. Again, some of those algorithms have existed for many decades. Some have been already academically and then technologically perfected like computer vision or language processing, or some really kind of deeper foundation of mathematical methods for digging through huge amounts of data.
But for cybersecurity, it's definitely not true. Even those companies which are selling packaged cybersecurity solutions, which are supposedly machine learning power, it's still very much an early days or of academic research or very, very kind of scratching the surface level of potential applications. The third is probably the most dangerous or myth about machine learning that it does not require human involvement, both in the sense that you buy it, you deploy it and you forget it, which obviously isn't true for every security tool out there because in cybersecurity, things change all the time and new classes of malware, peer, new cyber rates, the old ones are evolving. And so even existing and tried and tested machine learning models have to be retrained and readjusted all the time. And of course, machine learning alone will can, and we will never replace additional security tools. You will still need to a very dumb firewall or an antivirus, or probably a thousand of other security tools, or, but of course it would be nice if some kind of machine learning engine would automate and simplify the whole orchestration and integration all those tools. And finally, the biggest selling point of machine learning tools now is that they will somehow fix and bridge that's dreaded skill gap that so many are trained security experts are missing in the jobs market and machine learning will somehow replace them. Well, obviously again, this is, and will never be true because even the most sophisticated and the most automated machine learning based solution still cannot make decisions for you. There is, there has to be a human involved if only for ethical and legal reasons alone.
And before we continue to cybersecurity, let's just quickly have a look at what AI and machine learning and cognitive technologies actually are. I have to confess, I have shamelessly stole on this slide from one of our earlier presentations and cognitive technologies. Just to give you a shorter view that this whole area is extremely complicated. There is a lot of areas of academic, of ongoing academic research are covering multiple, very much unrelated applications ranging from information security to driverless cars, to as I, as I mentioned earlier, image processing to very basic stuff like digging through data and doing data mining and business intelligence, all of these areas have, are kind of operating with absolutely different mathematical models, using different frameworks methods, even to a certain extent different hardware or foundations are. And yet in the press in the marketing materials, they are casually referred to AI. Well, my personal opinion on that is that AI is just a term which should really be avoided because there will probably never be a mind that operates exactly as a human brain. And so let's continue and talk about machine learning.
Again, whenever you trying to shop for a machine learning powered security tool, it's really important to understand that AI isn't equal AI, if you will. And there are very different levels of applications of very different machine learning technologies. The most basic one, the simplest one is just doing data correlation, like for example, 15 through dozens of different lock files and network package captures to detect some patterns or anomalies or outliers, or just to kind of filter those huge numbers like tens of talents, unrelated security alerts, which traditional security will generate and combine them into enriched and pre-processed and risked arranged by risk actionable alerts. This is the most basic level. This is what most of the vendors out there are offering. The next more advanced level is decision support where the, the brain, if you build a machine learning part, the artificial intelligence will not just do some hardcore data crunching, but will actually try to apply some semantic to the data, to do some basic predictions, to offer some helpful recommendations based on the past history.
So it's probably as close to what traditional expert systems are of the seventies and eighties were striving. Be basically, if you are a level one support engineer and you have hundreds of calls, such a, my machine learning based tool would go through the history of your previous cases and recommend what to do in the current one. Or it'll go through the history of your equipment failures and recommend some proactive maintenance features. And so on this, again, there are products on the market which already do that, but usually they are limited to very few and very specific industries or markets like help desks or industrial networks. And so on the next level is probably the cutting edge or of current academic research are the cognitive technologies where machine learning actually reaches that semantic understanding of probably very small child, but still a child that's capable to do some reasoning.
Some the rationalization of the data it's reading through. And this is for example, where the famous IBM Watson solution is operating in and potential applications of this technology in cybersecurity include going through online resources like forums and blogs and magazines and publications, and extracting the unstructured data from those publications and turn them into some useful unstructured rules and recommendations for threat intelligence. For example, another very popular and growing technology is conversational AI, where you could just ask questions and receive some context based replies. And a bot would not just answer a question like Alexa, but would actually be able to maintain a conversation. Remember your previous questions and kind of anticipates the common ones. And finally, there is this autonomous AI show down the sky net, if you will. I think which is definitely, and luckily does not yet exist. And it probably hopefully never exist at all.
Because as I mentioned earlier, in, in most fields or for many reasons, if only just for ethical reasons, a machine will never be allowed to make their own decisions. It's definitely true for robot centers with guns. It's definitely true for cybersecurity decisions as well. However, it's important to understand that there is already a very big and active market, which has absolutely no reservations and no inhibitions about compliance or ethics. And these are of course, cyber criminals, be hackers or politically motivated parties or nation states. And those are, or probably will, or soon be the, the earliest adopters of this technology as soon as its, and this is basically all I have to say about AI because of the time constraints. Let's move directly to the second topic, which is zero trust again, zero trust is something which everyone is talking about. And again like a cloud or AI, every company is putting some different meaning behind those words.
First of all, why, why is no trust? What's the reason behind the emergence of this approach. And it's actually very simple. Your company, no longer has this cast and mode security perimeter because your resources, your employees, your data, your partners, your connected vehicles, and other devices are no longer behind the firewall perimeter. They are out there. And basically perimeter does not no longer exist. A typical modern infrastructure is way too complex and unpredictable and ever change and completely unprotected by traditional security tools. And this is why it has given such a sharp and almost amazing rise to the notion of zero trust. I think it was probably Google that came with the first practical implementation they called beyond Corp. And then it was Forester that came up with the actual term zero trust as referring to, or a network architecture where basically you trust no one, there is no longer an internet.
There is no longer trusted network segment in there and untrust out. Everyone's UN trusted. What's important to understand that there are multiple companies out there trying to sell you zero trust product. And zero trust is not a product. It is above all architecture model concept, which requires you not just deploy or new technologies, but also significantly change the way your business operates, retrain your employees and just kind of reconsider many of the ways you are doing business now, internally or busy partners or customers. It does offer multiple very tangible business. And it benefits of course. And obviously it's massive reduction of a tech servers because there are no data. There are no services applications, which are exposed to the dark net. If you will. It potentially offers a massive reduction of it complexity because there is no longer there, there are no longer separate segments of your network, which have to operate with different it stack.
There is no longer cloud versus OnPrem versus model or mobile versus third party contractors. It's all the same. It functions exactly the same software, exactly the same processes and policies across your whole infrastructure. So which is obviously reduces the complexity. And of course it's a natural and the most natural way to go to a hybrid cloud. It offers again, attentionally, it offers greater flexibility and productivity for your users and partners, because it's a chance for you to reap and throw away the legacy infrastructure like old school VPN solutions and offer your employee something more convenient. But then again, a zero trust is not a product. This is not a new approach to build a different generation perimeter around your network. And that's not something which only an it department can solve. And it's most crucially zero trust is not about trust. The first thing you have to do when you go to, when you go zero trust, you have to forget that this word even exists.
It shouldn't be just like corporate network. Internet should not be the part of lexicon because you, the name says you should trust no one and again, or just a few short recommendations. You, you have to start with a strategy. You have to design your strategy to be secure by design and heterogeneous and hybrid by design because, or you have to be in the cloud and you have to be everywhere to efficiently implement or trust across all your networks. You have to redefine your notion of identity because for zero trust network, not just users have to have an identity, but devices as well. And of course, each identity has to be, has to have a constantly updated context attached to be to business context or some relevant security variables and attributes. There has to be a separate control pain for managing the configuration and security policies and access controls across all the network segments, if you will.
And of course all the traditional security recommendations still apply. You still have to discover and classify and protect your sensitive data, resources, be databases or apps or something else. Or you have to, you have to restructure a network in a way that all those existing sensitive data resources are isolated from each other and from, and from the outside world. And you have to enforce the strictest access controls to each of those resources. And of course, continuous monitoring and audit of our activity. Still the key, not just for compliance, but for efficient management and enforcement and governance. And finally do not trust vendor marketing because some of the claims out there are completely outrageous. Or I would say that zero trust vendors beat even AI vendors or in the attempt to wrap their existing. And sometimes very old school security solutions like VPNs in this new rep and try to sell them the next generation security. And again, this is all I had to say about zero trust, and let's quickly hop to the next topic, which is the insider threat. The biggest problem nowadays, that it was privileged users like admins and database like DBAs and other it users with lots of privileges who used to be used to be considered. The biggest insider threat nowadays is completely different are since we are becoming or even more digitalized and our businesses are becoming more open and our networks are becoming less and less periodized.
The, the whole number of attack vector is increasing and the missed kind of the cost of even the tiniest mistake is becoming more and more massive. And nowadays every user inside your network is basically a potential malicious insider, or even if they are not, especially if they are not it experts, but rather you financial officer or accountant or HR manager, or even your CEO. And of course the best part of this insider threat attacks is that for hackers exploiting people is much easier than exploiting infrastructure because victims do all the work themselves like that probable Albanian virus, which I just included as an illustration down there. The problem is, as I mentioned, are insiders can be everywhere. Anyone in your company, it's no longer admins. It's basically, there was a very interesting, I started on by the pal Institute recently about the cost of the insider threat and apparently the biggest threat to the company and most costly ones are actually not like whistleblowers or persistent, the real malicious insiders who are there to steal your data.
It's the negligent employees, because are they are the easiest victims to social engineering or any other types or of attacks, which are, should not actually be even called cyber attacks anymore because they are probably involved just a phone call on email and not, and again, this involves involves not just your own employees, but your contractors and even total outsiders like legal advisors of, and basically dealing with insider threats is no longer about a single technology. You cannot fix it with an antivirus. You cannot fix it with efficient tool. You, again, you have just like with zero trust, you have to reinvent your whole business. You have to educate your users. You have to strengthen and reshape your basic business processes, especially around financial transactions. And of course you have, you have a broad choice of technologies, but then again, there is no singles bullet. There is no single bandaid.
You can just apply to your network to fix all the inside threats. You really have to approach it from a Sical point of view. And again, zero trust is a great start. Although zero trust network alone is still not the solution and the most, really the easiest and the most important takeaway here would be no, your colleague, if talk to your colleagues more, know what your CEO habits are. Okay. And if you receive a phone call during the night telling you that you have to make an urgent financial transaction somewhere to a Chinese bank. Well, just think again, trust no one. And this is basically where my part ends. And John, now it's your to talk about the next topic.
Well, thank you. And just a reminder, if anybody has any questions, you can put the questions in the blank and the go to webinar control panel there, and we'll take them in a few minutes at the end. So I wanted to talk about some of the myths that we hear about around authentication and identity systems. Let's say you're an executive and you're thinking, you know, what I have is probably good enough. We've bought this identity management system years ago, my users logging in with username and password. You know, we've got automated password resets if they forget 'em so we don't have help desk problems anymore, they can just go answer a security question. And for, you know, the really sensitive stuff, we've got things set up where users get a, a one time password texted to their phone and they have to enter that. Well, that sounds great, but you know, things have evolved.
And, and now we know there are problems with these kinds of simple solutions. Passwords are easily guessed. There's rainbow table attacks. Most people use pretty common and easy to guess passwords. And really at this stage of the game, I think it's impractical to tell people to use really long passwords when there's no consistency between the kinds of characters they're supposed to use. And then the knowledge based questions people are answering those questions right on Facebook today, you know, what's your mother's maiden name? What was the first phone number you had? So all this information has kind of become common knowledge. And if there's a bad guy out there who wants to attack your business, it's easy to get in and reset the password. And then lastly, on the SMS OTP, N us NIST has deprecated that many other organizations are trying to move away from texted onetime passwords because it's, there are some known issues, security issues with the implementation of that. So really what we need are what we call continuous or risk adaptive, authentication solutions, identity systems, still over 80% of the time are the reason why there are data breaches, passwords are no good. And then, you know, once an attacker gets a spot on your network, the next thing they try to do is move laterally to get onto other machines, get higher privileges, get access to the data that they want. So you don't wanna be part of the statistics of the world's biggest data breaches there. Next slide please.
So with risk adaptive authentication, I just wanted to list out some of the important factors. I mean, obviously there are different kinds of authenticators other than the ones that I was mentioning a few minutes ago, with the username password, you can do mobile applications. There are smart cards, there are USB keys. There are much better authenticator form factors and techniques that can be used today. In addition, a lot of authentication systems can now process different kinds of risk factors at each request. So you can find out where's the request coming from location wise. And then there's a factor we call geo velocity or impossible journey where, you know, somebody shouldn't be able to log in from Canada and then an hour later, try to log in from Chile and just, you know, it's physically impossible and you should shut down the, that subsequent attempt because you know, it's, it's probably fraudulent.
You can also restrict people, your users to certain address ranges, geofencing time of day or day of week. If it's outside of normal business hours, you might wanna flag that you can just put device IDs or many of these solutions allow you to collect what we call a device fingerprint, which is, you know, maybe a conglomeration of information about the device, including hardware could be screen resolution size, installed fonts on the operating system, operating system version. All that can be hashed and kind of turned into a factor you can evaluate same thing with device health assessment. Is it running endpoint, security, antivirus? If so, is it up to date? You could block it or send it to a quarantine network. If you don't get a satisfactory answer, there are lots of threat intelligence subscriptions out there that will give you up to date lists of known bad IPS or bad networks.
And you can block authentication or authorization requests that emanate from those networks. You can look at different user attributes, what groups users are in and base authentication policies on that user history, user behavioral analytics is the current request kind of in line with what you've seen them ask for in the past, if not flag it or deny it. If the user's on a new device, you might wanna pop up another channel and verify that that's them. We've probably all seen that either at work or even with personal email accounts, you don't wanna let jail broken or rooted devices on your network. Probably there are also known compromised credential checking services. Think of that as like an API for the, have I been POed kinds of service if somebody's using a bad credential, especially like on a consumer facing site, you'd probably want to at least think twice about authenticating them. And then there are services that do fraud pattern analysis and can shut down, you know, or at least provide you with enough information to say, this looks fraudulent. I'm gonna deny this transaction.
Next slide please. So then we roll these risk adaptive authentication methods into what we call continuous authentication in the interest of time. I think I'll just kind speed through here and say, it's applying these techniques across time. So every time a user makes an authentication or authorization request, evaluate which of these factors you think are important and then run and get a different risk score. So let's say, you know, time one, you know, you do an initial authentication. Then throughout time, the user moves around the nature of the request changes, and then they can return to a normal state. But along the way, based on that changing risk score, you may want to either collect additional information about the user's request context or force them to, you know, use some other channel for authentication or authorization. Maybe if it's a transaction, you do some sort of mobile push notification. Many of these different actions can be configured within a modern identity and authentication solutions. Next slide please.
And then the last big myth we wanna address is security kind of takes care of itself. And by this, I mean, you know, maybe you, you look at benchmarks for your spending for your organization. You say, you know, other organizations or companies in my industry spend X percent on it. And of that X percent, you know, Y percent gets spent on some security and we're right there. You know, we've got firewalls, we're, you know, maybe we're running certain things and by a managed service provider and, you know, the contract takes care of that. Well, that's not really the case. And there's still things that you have to worry about, even if you're think you're doing everything right. I mean, there are botnets, you know, what your machines to become part of a botnet, cyber espionage is alive and well, it's not just the stuff of movies. It's, it's not something from the past. It's still happening every single day out there. I mean, in many cases, companies or governments realize it's cheaper to steal technology than to do the R and D on it. And then there are activists, hackers, people that are don't really have your best intentions in mind. So you have to be always vigilant. Next slide please.
So we think, you know, this really starts with a cybersecurity culture and I've pulled up five specific areas. I wanted to try to quickly address here, employee training, training on products or services, running exercises to see how effective that training is and fishing resistance. I, I wanted to call out separately just because it is such a problem. Still, you know, many employees will fall victim to fishing scams and, and you have to say that the fishing scams just get increasingly complicated and difficult to discern what's real and what's not. So there are services out there that you can use to help educate your employees to so that they can figure out what's fishing and what's not. And then lastly conferences. So next slide, please, employee training. Now you might think that these all sound really, really basic, but these, these are ongoing problems. Even as of this week.
I know companies that are having problems with physical security issues. We've got employees that print out proprietary trade information and, and maybe throw it in the recycle bin. You know, this is not a safe practice, same thing with information on USB drives that can be left out on the office desk. People come in after hours or visitors. I mean, it's still a real problem. And this is a way that cyber espionage occurs every single day on the information security side. Again, it may seem very straightforward to those of us who are in the information security business, but it's not a good idea to use your personal email for business. You shouldn't share, you know, your, your competition, sensitive materials over public file sharing sites or social media. And these things are happening. I mean, on Tuesday, I think I read about an NSA employee who was terminated or prosecuted for this very thing and, you know, securities in the middle of the name of the agency.
So this is a, a real problem that still happens today. And users need to be constantly reminded that to take care of the information that they are supposed to then deprovisioning terminated users. Somebody leaves it can be difficult unless they're automated solutions in place to cut off all the access. So having a solution in place that deprovision all the different accounts that the user may have is an important consideration. Privacy, privacy. It's kind of the flip side of security, but when dealing with PII, you know, I think we, every organization, whether it's an HR or if it's a consumer facing business or retail business winds up collecting PII, and you need to be aware of what jurisdiction you're in, what are the privacy regulations there? And then how do you deal with it? GDPR is a huge concern, not only in Europe, but for any company that does business with European citizens, you've got new responsibilities for handling their PII.
And then lastly, here, incident response, I most small, medium sized businesses that I talk to have almost an attitude of, well, big data breaches can't happen here, or, you know, we don't really have anything of value that somebody would wanna steal. Well, you know, that's not true because you wouldn't be in business if you didn't have anything of value that somebody else wanted. So before you reach a situation where you've got a data breach to deal with, you know, have having processes in place, understand what each one of your employees and it and communications, what what's their role gonna be? You know, who notifies the executives with GDPR, you've got a 72 hour data breach notification that that's way different than it was even last year. So understanding what processes and how you're gonna respond to a potential data breach before it happens is imperative.
Next slide, product, and service training. Remember when we used to go to classes on products that we were, you'd buy a product and then you'd go to the class to learn how to run it. You know, a lot of things are open source these days and that's, that's great, but, and there's also a lot of open source training or online training that you can use or your employees can use. And, you know, it's still important to understand the ins and outs of all the different software solutions that you're running. And that includes for cloud-based services, you know, so make sure that employees have adequate time, you know, within their work year to stay up to date on all the products or services that they're responsible for. It's more than just knowing the basics. You can leave yourself open to misconfiguration and data loss can occur through that. So having your employees up to date on what all the best practices are for the particular products and services that they run is really a key thing. Next slide.
And then lastly conferences, and this is more than just a, an encouragement to come to our upcoming cybersecurity leadership summit in Berlin and November, but conferences really are an excellent way. And there are many different conferences to choose from. Conferences are an excellent way for people in security to stay up to date on what the latest threats are and what the latest best practices are. There's so much the changes as you know, from month to month and year to year Alexei a was mentioning ransomware and crypto jackers, you know, they kind of dominated the news ransomware in 2016, and it's still out there. New variants are being created every day, but you know, many operating system vendors, endpoint, security vendors have put into place. Lots of good controls for that now. So it's not, it's still a concern, but it's not at the top of everybody's mind the way it once was. So in order to stay fresh, you know, we encourage people to go to conferences, you know, listen to what the latest research is, find out what vendors have to offer, and then talk to peers in industry, see what threats and challenges they're facing and how they're dealing with it, networking between people in the same industry or with the same kinds of responsibilities is a good way to keep up to date and, and find out what they're doing so that it can help you with your own practice.
And with that, we'll do some Q and a, we've got a couple of them here. Let's assume there are already bad guys on your network. Can adaptive authentication help weed out the a P T intruders as well as would be actors? I would say yes. I mean, they're, if they capture a password and can do replays on that, having an adaptive authentication solution, or let's say privileged access management solution as well is really useful in those cases, too, that way you can lock down the privileged account so that it makes it more difficult for the bad guys to move laterally around your network. And then also you can apply policies to specific data resources so that you can make it harder. And I've, I've always heard. And I think it's a really good thing about information security training. You know, you gotta make it as hard as possible for the bad guys to steal your information. Then they'll look for easier target. So, you know, that's what we do. An adaptive authentication is a way of making it harder for the bad guys to get access to your data.
But if I may add to that on one hand, you absolutely. Right. So technology that like definitive authentication will definitely help to reduce attack surface, but of course it won't eliminate the danger completely because you have this whole or kind of stack of technologies and yes, a deputy health authentication will help you enforce or kind of policies on legitimate access attempt, but it won't help your, if your database UN patched, and there is a zero day exploit for your windows endpoint or anything like that. So if there is, if there is one single biggest takeaway from this webinar, then it's like, you should not think in individual technologies, you really have to start with the strategy and try to add a little bit of everything, including authentication and zero trust and all other technologies we mentioned today.
Yeah. I think that's a good point because of the nature of the way vendors sell products. They're often packaged as if by this product and it'll solve all your needs. And like you said, Alexei say the adaptive authentication is just one method that can be used to help protect companies resources. I have one more question here in the blank. Are there large, well known companies using continuous authentication? Now the answer to that is yes. I mean, if you're using, let's say any of the public web email solutions or social media, they all have continuous authentication sort of running in the background, they're doing risk adaptive. They're looking at many of those factors that I just went through a few minutes ago, they're looking, you know, and, and you'll probably even notice this, if you get a new phone or you try to log in from a computer that you don't, you'll get a notification on some other channel saying, Hey, is that really you, we saw you're coming in from this IP address. You know, it's new click here to say, yes, it was me or click here to say, no, it wasn't. So, I mean, those are really easy to find examples of companies that are putting this into practice and, you know, it works, it doesn't prevent all fraud or all breaches, but it's, it's a good first step. And yes, many companies are using that today
And you used the word fraud, and this is actually the right one because probably the, the earliest adopters of this technologies were banks in other financial institutions because they have to, and then it kind spread towards mobile applications. Because again, this is something which doesn't have that huge kind of architectural legacy in them. It was much easier for mobile app developers to integrate this technologies from the very start. And you are probably using them or for years already, you just don't see it most of the time, because the best security tool is the one which does not pop fuel until it detects something really nasty happening for wild user. It'll just stay transparent and visible.
Yeah, you're absolutely right. You know, the financial industry often tends to lead the way in terms of security innovation. For that very reason, you know, fraud, fraud costs them money and they'll do whatever it takes to make their user experiences secure. Well with that, I don't see any additional questions in the blank. So Alexei a, unless you have anything, I think we're ready to close.
Well, I can only say thanks to all our attendees for attending let's hope. We'll see you again in one of our future webinars where we address each of the topics we had today in the more details and kind of deeper in the technological stack and hope to see at least some of you at the cybersecurity leadership summit in the lean.
Thanks, everyone. And this should be online. The recording of this should be online tomorrow with our slides. And with that, we will conclude.
Stay Connected
Related Videos
How can we help you