Transcript

[00:00:00.730] Chris: What about you buy it at, like, the store and it comes in a jar and it’s peanuts at a minimum.

[00:00:08.270] Ned: I would expect peanuts to be in there.

[00:00:11.090] Chris: It’s actually a significant minimum because if you look at the side of the jar, there’s a lot more going on.

[00:00:18.930] Ned: I’d like to say I’m shocked, but whenever something has a product that has just a one ingredient name, it turn turns out that that’s like the 6th or 7th ingredient in the object. Take apple juice, for instance.

[00:00:32.650] Chris: So what I learned was if you go to one of the more ironically, I’m going to say crunchy stores like Trader Joe’s or Whole Foods.

[00:00:42.770] Ned: Yes.

[00:00:43.390] Chris: You can actually go to a machine that will grind the daylights out of actual peanuts right in front of you. And you can eat what was originally described and defined as peanut butter.

[00:00:56.290] Ned: Yes.

[00:00:57.200] Chris: And it’s very different.

[00:00:59.730] Ned: I have had natural peanut butter, which I think is close, but it’s still close, not quite as fresh. And usually even like the natural stuff has some salt added or some other ingredients to enhance the peanut flavor.

[00:01:15.260] Chris: Right. And then usually it’s an additional oil that kind of floats on top and makes you uncomfortable with the whole situation.

[00:01:23.050] Ned: And you have to mix it in which that’s one of the was it hydrogenated? Is what they do to get that.

[00:01:28.830] Chris: Yeah, it holds it in a permanent suspension.

[00:01:31.080] Ned: Right. So that’s one of the additions that’s added to the peanut butter that I eat.

[00:01:37.950] Chris: Anyway, long story short, too late.

[00:01:43.250] Ned: One plus one plus two plus one. One plus one plus two plus one.

[00:01:50.690] Chris: Anyway, that stuff’s different and it’s interesting. It makes a peanut butter and jelly sandwich taste very, very different. Like, you would never eat this stuff just on its own.

[00:01:59.990] Ned: Okay.

[00:02:00.710] Chris: Because it’s kind of a lot. Or like on a stick of celery with what are those things called? Raisins.

[00:02:12.650] Ned: So you would eat it on a stick of celery with raisins, but you wouldn’t see it straight off a spoon?

[00:02:17.680] Chris: No, I would not do either of those things.

[00:02:19.640] Ned: I see.

[00:02:20.490] Chris: But I would with, like skippy.

[00:02:23.290] Ned: Right. Because of all the other stuff that they put in Skippy that makes it sugar. Yeah, like lots of sugar and a couple of other oils and preservatives and salt things that I enjoy.

[00:02:38.130] Chris: So anyway, that’s my peanut butter and jelly story.

[00:02:41.410] Ned: Okay. I thought you were going to come at me with a peanut butter hierarchy and that you would come out and be like this peanut butter enthusiast. Oh, that’s for a separate episode, maximalist. Oh, is that for our new podcast that we’re going to launch shortly alongside the existing History podcast? Talk about it. Hello, alleged human, and welcome to the Chaos Lever podcast, where it giants up a little different. Inserting the music as I do the recording as opposed to later. It went great. And you all agree my name is ned. And I’m definitely not a robot. I’m a real human person who enjoys ambulatory excursions on silica granules adjacent to large bodies of water, preferably while our planet’s rotation turns us away. And now it’s going great. If you enjoy such activities as well, I think we could be an amenable match in our shared senesons. With me is Chris, who’s also here.

[00:03:53.450] Chris: I enjoy the fact that you’re trying a lot of complicated things right before you go on vacation.

[00:04:00.810] Ned: It raises my stress level enough so that I can truly relax when I get there.

[00:04:06.210] Chris: So how can I be the most upset before I spend 6 hours in the car?

[00:04:11.570] Ned: You say 6 hours, it’s only two. It’s not that bad.

[00:04:14.580] Chris: I’ve seen you drive.

[00:04:16.930] Ned: Not sure how to take that poorly. The driving or me? Yes. Okay, fine. So there’s this nice checkbox that says loop and apparently I left that checked, which is why the music started again. Yay, we’re learning. Let’s talk about some tech garbage, eh?

[00:04:37.190] Chris: Let’s learn about new things.

[00:04:40.090] Ned: I don’t wanna okay, there’s not many.

[00:04:42.720] Chris: Okay, so we are going to talk about Gestalt It’s. Security field day edition nine, series nine.

[00:04:52.900] Ned: Event nine DS nine. Perfect. Okay, we got it.

[00:04:58.830] Chris: So that just happened like 12 hours ago thereabouts. I attended Security Field Day Nine in beautiful well, the event itself was in beautiful San Francisco, but alas, I was not. I was actually just in my perfectly average house.

[00:05:21.590] Ned: That is sad and I’m sorry to hear that.

[00:05:24.740] Chris: I mean, to be fair, with every event this does happen to somebody. Scheduling is hard, people get sick, et cetera, et cetera.

[00:05:36.320] Ned: Right.

[00:05:37.230] Chris: Mix of presenters and delegates alike, we’re just not able to be there in person. I would say it’s not ideal being in person has a certain genesee qua to it. It does, but I mean, there was a whole group of presenters that could not make it because their flights out of Boston and I think New York were grounded due to the completely bizako weather we’ve been having in the northeast this week.

[00:06:03.430] Ned: I didn’t really consider how the thunderstorms rolling through our area might have impacted flights, but good point.

[00:06:10.790] Chris: But anyway, as it were, the show must and did go on. All right, so a little background for those who don’t know, security Field Day is part of the Tech Field Day family events put on by Gestalt It. Essentially vendors pay to present to a panel of twelve Ish delegates in an interactive format that is live streamed on pretty much every platform you can think of. Now there’s a bunch of these a year and most of them are two to three days in length with anywhere between six and nine vendors presenting, each vendor presenting for anywhere from one to 2 hours. The delegates are meant to represent the audience that is watching. So a lot of people from a wide variety of areas of technology, but usually with a specific focus. Right. So Security field Day is meant for security professionals or security focused products.

[00:07:06.620] Ned: Sure.

[00:07:07.930] Chris: Storage. Field day for storage. Edge. Field day for Edge. You get the idea.

[00:07:12.830] Ned: It’s becoming clearer. Yeah.

[00:07:15.690] Chris: And then ironically, there’s just one called Field Day where everyone’s confused.

[00:07:20.990] Ned: Yes.

[00:07:21.780] Chris: Do we do the swings?

[00:07:24.910] Ned: More of a sack race. Oh, I do like that. I like the spoon and the egg. That’s a good one.

[00:07:31.570] Chris: You would?

[00:07:32.560] Ned: I would.

[00:07:34.130] Chris: Anyway, so the delegates are encouraged to interrupt, ask questions, and to quote a great philosopher, just generally be nuisances while the poor beleaguered presenters desperately try to get through their PowerPoint decks. It’s fun for us.

[00:07:52.060] Ned: I mean, that sounds awfully familiar.

[00:07:57.130] Chris: I don’t know what you could mean. Anyway, we have talked about Field Day events a bunch on this show, including just a mere month ago in episode 61 where Ned that’s you, it’s me. Ran down experience at Cloud Field Day 17, which I believe, if I’m remembering correctly, was live and in person in Boston.

[00:08:20.860] Ned: That is correct. I was both live because I’m a living, organic being, and in Boston.

[00:08:29.730] Chris: Moving on. So this particular event was two days and six vendors. Let’s talk about some of them. And I really do mean some.

[00:08:44.180] Ned: Okay.

[00:08:45.000] Chris: Understand that even if it was a two instead of three day event, there’s a lot going on, and fully summarizing all of the approximately ten available hours of content is next to impossible. So I’m going to have to focus on the things that I found most interesting and unfortunately, either greatly summarize or just omit a few other things.

[00:09:08.110] Ned: It happens.

[00:09:09.950] Chris: Now, luckily, a link to the entire Field Day event, including videos of all sessions, will be in the show notes. And also, if you want to get some live results that are a little bit quicker to read through, there was a Twitter handle. Is it a handle hashtag? A Twitter hashtag called Hashtagxd Nine that you can go search for and get a little bit more breakdown, couple of copy and pastes, and a lot more links to the vendors with more information.

[00:09:43.610] Ned: Fair enough. Let’s dig into the first vendor that tickled your fancy, caught your eye.

[00:09:51.000] Chris: So the first one I want to talk about, and totally coincidentally was the first presenter, is a company called no Name Security that does something that I don’t have a great amount of personal experience with. These are always interesting because you’re learning about the thing and how they’re securing the thing at the same time. So no name? Security, first of all. Great name.

[00:10:18.470] Ned: It’s a name.

[00:10:20.230] Chris: Or is it?

[00:10:22.870] Ned: No, it’s a name.

[00:10:24.150] Chris: Okay. I’ve decided the company’s reason for existing is securing APIs. Now, this is important, so let’s do a little background.

[00:10:35.120] Ned: Sure.

[00:10:35.960] Chris: APIs are simply interfaces, programs used to talk to other programs. You, as a user can use a program to talk to an API anytime you use the AWS CLI example. What you’re actually doing is using a program, AWS CLI itself or whatever it’s called this week to make API calls back to the AWS API in probably US East one. Let’s be honest. Right?

[00:11:07.960] Ned: Yeah, I mean, more or less. More or less it the AWS API is actually a bunch of APIs with different endpoints.

[00:11:16.640] Chris: We’re going to get to that.

[00:11:17.780] Ned: Okay. But yeah, if we really want to boil it down to simplest language, my program is sending messages that are coded in a very specific way, per the way that API is defined to the endpoint of that API and asking it to respond based off of a request.

[00:11:37.070] Chris: Right. You are creating a request programmatically, and the API will answer you or not, depending on whether it is programmatically allowed.

[00:11:47.880] Ned: Right.

[00:11:49.090] Chris: So individual people might think about it in a different way, SSH into AWS and make changes to an S three bucket. Now, this is not a thing you can actually do, because that would be bizarre, but you can simulate that by using the CLI. And the API code or codes to Ned’s Point will do the equivalent for you right up to what the API allows. And that is the problem. What happens if you as a company don’t have a solid grasp on what your APIs allow? It’s a bunch of computers talking to each other more or less unsupervised. What’s the worst that could happen?

[00:12:35.410] Ned: I can think of a few.

[00:12:39.250] Chris: So, like I said, this is a pretty focused security company, and they have two main ways that they go about securing APIs. The first one is for APIs, as they are working out in the wild, as it were, no name looks to get their hooks into every API you have and then just kind of watch. Okay, what does it do? Does it connect in an appropriate manner? Is there a baseline of behaviors that have been established that something is suddenly and wildly not following those baselines? Is it allowing through an appropriate amount of connections? Should it be permitting files to download all of this through a centralized and continuously updated dashboard with what is important to communicating this detail, visual data flows? So, for example, the Twitter API had a pretty famous breakdown 18 months ago. What basically happened was the expectation was a user would use the API through a tool like Tweet Tech. So that user might have, I don’t know, 25 API calls. It could be even as much as 25 calls per minute or per 10 seconds, depending on how much they use it. That’s normal behavior. The API, however, had no limit on those connections.

[00:14:10.530] Chris: And somebody figured that out and connected something closer to a billion times a day.

[00:14:16.770] Ned: That is more that’s what we’re going.

[00:14:19.600] Chris: To call an abnormality.

[00:14:21.490] Ned: Yes.

[00:14:22.080] Chris: And that’s the sort of thing that these dashboards and these programs that we’re observing would recognize as not being standard communication or an API that’s misbehaving or in this case, being abused.

[00:14:34.560] Ned: Right.

[00:14:35.750] Chris: So this would get flagged, you would get alerted. And if you set it up in such a fashion, you could have this setup send something to say, cloudflare to flat out stop access to that API.

[00:14:51.550] Ned: Okay.

[00:14:53.550] Chris: Kind of cool, especially when you consider the amount of APIs that the average company has. We opened up by talking about AWS. AWS has something like 385 named services.

[00:15:07.250] Ned: Yes.

[00:15:07.840] Chris: Which already sounds like a lot too.

[00:15:10.550] Ned: Many even within each one of those services.

[00:15:14.170] Chris: Do you think it’s a one to one to the API, to the service?

[00:15:18.310] Ned: It seems incredibly unlikely, especially if they.

[00:15:22.490] Chris: Follow any type of rational programming ethos. Like write a simple API that does one or two things. They can all interact with each other, but they shouldn’t do twelve things. Then you’re like, well, s three can do 500 things. All of a sudden the amount of APIs that a company like AWS might have, I mean, do you think 10,000 is a too high of a number or too low of a number?

[00:15:48.240] Ned: It depends on how we’re defining APIs and endpoints. But yeah, no, the points taken that they are clearly running a ton of different endpoints. Each region is going to have a certain number of listening endpoints for API traffic for the different services. And then each individual service might have two or three different APIs associated with it that do different things in that service. So, I mean, 10,000 might be high, but not that high.

[00:16:18.090] Chris: And I know AWS is kind of an outlier. Any reasonable business would probably could easily have 300 APIs running at some point anywhere in their environment. And if you forget that they exist, if the developer who is working on this one Esoteric thing kind of leaves, if they throw a flag that says permit all by accident and nobody’s observing, they could just sit there waiting for an exploit to come. So this is where this kind of thing is important. You can also have it look at the data flows and notice, say all of the traffic for an API is supposed to go through an access port that gets scanned. But if somebody’s again testing in development and they just bypass it internal APIs that are not going through a WAF and then they turn that on in production, that’s another security vulnerability that you would not ordinarily notice because the API is behaving properly. It’s just not being scanned by your security tools.

[00:17:18.510] Ned: Okay.

[00:17:20.430] Chris: And this is something that for me, at least as an analyst, it’s really helpful for tools to be able to create pretty graphs because I can follow the line with my finger and go, oh, that one’s supposed to go there and it’s not right because I’m six. The other way that noname secures APIs is as part of the development process, so their platform can be programmed to respond to API requests. As if it was the business returning real data and kind of just allow the dev to see what happens. So this is not proper fuzzing in the sense of an actual security attack. What they’re trying to do is determine your business logic and make sure that all of your APIs that ask whatever question respond to the question in a uniform way. I’m not saying that security fuzzing is a bad idea, but it’s a different thing.

[00:18:23.140] Ned: Okay.

[00:18:24.290] Chris: The intent of business logic is to make sure that it’s responding to a specific request with the valid information that it is supposed to be responding with, and that’s it. So a simple example is if you have a request to an API for a customer ID, that should probably not include SSNs in the JSON output.

[00:18:50.510] Ned: Probably not.

[00:18:52.090] Chris: So you can program that as a business logic test and then the system will apply that to all of your APIs that respond to that and make sure that it is uniform across your entire portfolio.

[00:19:06.030] Ned: I see.

[00:19:07.790] Chris: Remember, you might have 299 APIs that behave perfectly, but if that 300th one does not, you need to know about it.

[00:19:16.770] Ned: Yeah. And it’s certainly the case that some API writers get lazy in terms of the data that they return from a given request. So rather than just giving you exactly what you need to move to the next step in your process, they might dump a whole blob of JSON output just to fulfill every potential use case and edge case that’s out there. Which is why things like Social Security numbers end up getting included in the output. Because they’re like, no, I’m just going to give you the entire customer record straight out of the database instead of filtering it in any way.

[00:19:49.160] Chris: Right. Because their expectation is, well, surely the customer who’s asking something from this API request, they’re only going to pull the fields that they care about. Right, because that’s how that works.

[00:20:00.450] Ned: But I’m going to reduce the number of requests that hit my API by giving you everything up front. Or alternatively, I don’t want to ever have to update or write another API call. So I’m just going to give you everything up front.

[00:20:14.330] Chris: Right.

[00:20:15.990] Ned: Either way bad.

[00:20:17.830] Chris: Yeah. So you have this idea that you can follow the APIs in flight and you can also see the ones that are in development and make sure that they are going to be responding to these questions responsibly. And most importantly, and this is going to be a common theme, you can see it all from one dashboard.

[00:20:37.770] Ned: Did they say single pane of glass?

[00:20:40.510] Chris: I feel like they all did.

[00:20:43.790] Ned: Did you take a drink?

[00:20:46.910] Chris: That’s one of the secret rules. We’re not allowed to have drinking games.

[00:20:50.390] Ned: Not anymore.

[00:20:54.370] Chris: So, yeah, that was API security from noname.

[00:20:58.390] Ned: Okay, thoughts?

[00:20:59.870] Chris: Questions?

[00:21:01.090] Ned: No, it seems like a useful product. Seems like it would, actually. So I will say that it seems a little bit more like a feature than a product. Like this is something that I would expect, like a really good, robust API gateway company to include in their offering.

[00:21:17.270] Chris: Well, I think part of the observability section of it, the first half that we talked about is the differentiator in that it can talk to the API gateway. It can talk to all the different pieces of infrastructure that either host or interact with the APIs to get that traffic and data flow information.

[00:21:34.910] Ned: Yes. Almost like a watcher of Watchers, as it were. I have my API gateway that’s responsible for exposing the APIs through a managed interface. But I’m not getting all the monitoring data from my 30 different API gateways. I need something that collates that information for me. And this will munge it together. I can see that. Okay, now I kind of understand where it sits in the pyramid.

[00:22:02.710] Chris: Good use of the word munge, though.

[00:22:06.330] Ned: It’s a favorite of mine. That and detritus. If I can sneak detritus into a sentence, I’m a happy boy.

[00:22:12.970] Chris: This whole conversation is nothing but Flotsome.

[00:22:16.570] Ned: That’s good, too. Anyway.

[00:22:21.150] Chris: Moving on to ComVault, and specifically ComVault, threat wise. And I say that because ComVault might have set a record at this field day event with the most information deployed in the shortest amount of time. Okay, now, this was especially impressive this was especially impressive if you knew that the amount of time in question was a solid 2 hours. So I’m going to have to not talk about all the updates to their backup security solutions, of which there were many, and focus on the one new thing to me, at least, their threat wise platform.

[00:23:06.010] Ned: That’s new to me because you say combo, I think backups, that’s what combo does. And I guess you can easily segue yourself into ransomware detection and prevention or protection.

[00:23:19.890] Chris: And that is precisely where threat wise sits, really, with a backup solution. Historically, it’s about recovering, right? Something bad has already happened. That bad thing has been fixed. How do we get back to a place where our data and our systems are not bad? Threat Wise tries to speed up that process by helping companies determine whether an attack is actually in process rather than has happened.

[00:23:52.490] Ned: Seems useful.

[00:23:54.170] Chris: So the product is interesting, and it’s based on detecting threats as they’re happening on the network. So this is not a new idea in and of itself. The classic way of doing it was to put in a honeypot, create something on your network, or especially create something facing the Internet from your network that looks like a big old juicy target that a hacker just could not resist.

[00:24:18.380] Ned: Right.

[00:24:19.350] Chris: Like a web server that’s malformed or is running an old version of Apache. By that I mean a version of Apache out. The trouble with these is they take a long time to get set up. They are big, elegant, full fledged, and also necessarily network isolated and secured pieces of hardware that still somehow have to look like your full environment.

[00:24:49.280] Ned: Right.

[00:24:51.130] Chris: A lot of the time they are intended to basically waste a hacker’s time. So a hacker spends all this time trying to break into this honey trap and whatever it’s called, it’s been a long day, shut up. And then you’re trapped in there and they can do nothing but try to fix CAPTCHAs all day so that they can access wire underscore transfer underscoreinfo XLS. Now, to be fair, especially in the olden days, this did work well. But now the problem is there are just too many ways into a network. One big trap is not going to work because there’s not one big front door.

[00:25:34.250] Ned: Yeah, the whole idea of perimeter less networks and implementing zero trust, which we’ve covered a few times.

[00:25:42.920] Chris: Yes. So what threat wise’s approach is so there’s a thousand different ways to get in. Sure, let’s lay down thousands of little traps. An attacker hits one, you get notified. And as we talked about, when it comes to threat detection and repairing from an attack, time is of course a factor. So they go about this in two different ways. First, there are fake hosts, and I’m putting that in air quotes because they called it a couple of different things and I couldn’t figure out what the actual name was.

[00:26:19.950] Ned: Okay.

[00:26:20.760] Chris: The second is very clearly called lures. Okay, so let’s talk about the fake hosts first.

[00:26:28.320] Ned: Sure.

[00:26:30.010] Chris: They follow the model of a honeypot in the sense that it is a real system. And I put that in air quotes again that exists on the network and will respond to pings and Nmaps and all of that, except that they are automatically generated containerized fake systems that have all kinds of alerts built into them. The general idea is that no legit user would ever try to log into one of these. They’re not real. They’re little teeny containers that look like whatever you want it to look like. It looks like a Windows desktop, it looks like an iPhone, it looks like the pressure cooker in the kitchen. There’s all kinds of different models you can set up and customize to your heart’s content. You want one looking like that XP server that everybody secretly still has running in the basement? Feel free. It’s set up to run as a container on a very hard and virtual machine so that even if it does get hit or compromised, which is almost impossible because there’s no real there there, the hacker still won’t get anywhere. The important point is if somebody tries to knock on the front door of one of these things, you can kind of assume that’s a bad guy doing a bad guy thing because nobody in the regular business would bother because they’re not part of the regular business.

[00:27:51.910] Ned: Yeah, I mean, like if I think of my standard business user, the way that they tend to connect to internal systems is they have shortcuts on their desktop BOOKMARKS that are automatically loaded by me. The It team mapped drives that are automatically set up by a logon script. They don’t know the names of servers. They don’t give a shit.

[00:28:09.230] Chris: Exactly. Right.

[00:28:10.280] Ned: Yeah. They’re not going to go after accounting server one two Seven because they don’t even know that that’s the name of an accounting server or what a server is.

[00:28:20.030] Chris: An attacker, however, does the exact opposite and will try to log into everything that they can find in a network scan. So that’s the big differentiator here. These fake systems, they don’t need to be sophisticated. There just needs to be a lot of them. The way that they describe it in the session was that this is a minefield, right? It’s not a nuclear bomb.

[00:28:47.410] Ned: I had a vision when you said little traps. I had a vision of a room covered in mousetraps that you now have to cross. And it doesn’t matter if you avoid the first 20, there’s 30 more that you still have to get past. And if you actually kind of sounds.

[00:29:02.190] Chris: Like the traps in Indiana Jones.

[00:29:05.070] Ned: Oh, that’s another good one. Yeah. So just like quantity over quality, I guess, is what we’re saying here.

[00:29:14.020] Chris: Right. And it works because they’re really small. They’re really easy to deploy. They answer immediately if they get stepped on, and then you can just get rid of them. So that’s a fake host.

[00:29:28.890] Ned: Okay.

[00:29:29.990] Chris: The second kind of a trap that they have is called allure. These go at. It the same idea, but with a different deployment model. Allure can be placed on any system. So the example that was used was it’s a fake file filled with fake credentials. Those credentials are well known, and if somebody tries to log in with them, say, if they pulled them out of sysadmin underscore logins text. Now I’m using file names that everybody thinks are funny but have actually existed in the world.

[00:30:04.290] Ned: Yes, they have.

[00:30:05.960] Chris: So this one, obviously, would tie into your IAM system, whatever it is. And if somebody tries to log in with those credentials on any computer, once again, boom alert.

[00:30:18.310] Ned: Right. And if each set of credentials is uniquely generated for the system that you place it on, you can trace back which system was compromised based off the Credential that was attempted to be used.

[00:30:30.490] Chris: Right.

[00:30:32.010] Ned: I love it.

[00:30:33.390] Chris: Once again, speed is the factor here. Even if you have an employee that’s making a mistake and trying to log into a system that doesn’t exist or using these administrator account passwords that they shouldn’t have, you still need to know that, and you need to know it fast.

[00:30:50.660] Ned: I see. So this threat wise system, it will deploy these things and then also monitor them?

[00:30:57.140] Chris: Yes.

[00:30:57.940] Ned: Okay.

[00:30:59.650] Chris: And then you’ve got the usual amount of what do you want to do next? Do you want the system Min team to just be notified. Do you want something automated to happen? Up to you.

[00:31:08.010] Ned: Right. Okay.

[00:31:10.150] Chris: So that one was pretty cool.

[00:31:11.690] Ned: Yeah.

[00:31:12.440] Chris: It’s an approach that I really hadn’t thought of before, and I wish I had had this idea. The things that they were talking about, the lures, it makes a lot of sense to pepper them all through your account systems as well, because then if you by hooker, by crook, your accounts do get lost to the dark web. Somebody might try to log in with a known invalid password from one of these lures and, you know, even faster if somebody’s trying to log in with something malicious.

[00:31:42.780] Ned: Right.

[00:31:44.050] Chris: So I liked it. In conclusion, neat. Neat. So that was that. And then the last one we’ll talk about today is different in the sense that it is physical in nature.

[00:32:03.520] Ned: I like gadgets.

[00:32:05.170] Chris: It is a super cool gadget. And you should look it up. You’ll love the color scheme. Fuchsia it is called the Net ally Cyberscope. And the log line for this device is, quote, the world’s first handheld cybersecurity analyzer, which is a pretty cool mission statement. The concept behind this thing is simple. You remember Fluke, right?

[00:32:32.960] Ned: Yeah.

[00:32:33.840] Chris: Handheld network device that got you a lot of fun information.

[00:32:37.110] Ned: I love them. Yeah.

[00:32:38.840] Chris: This is that company.

[00:32:40.370] Ned: Oh, no way.

[00:32:42.290] Chris: So in their lifetime, they’ve gone through approximately ten different name changes, divestitures, mergers and acquisitions. Yeah, it ended up here. Net ally is in fact, the people that made Fluke.

[00:32:56.010] Ned: I used to use Fluke to test out connectivity on patch cables and stuff. Yeah. Awesome technology.

[00:33:06.090] Chris: Yes. And the funny thing is all that technology still built into this thing. The handhelds that they have made are built for network discovery, network analysis for the past 20 years or something. They have technology that can support ethernet and WiFi and Bluetooth. They can already do tracking, discovery, mapping, which in and of itself is security e before you do anything to it. Right.

[00:33:38.630] Ned: Yeah.

[00:33:40.630] Chris: Cyberscope takes all of this. Adds in two other fun concepts. The first one is Nmap.

[00:33:50.650] Ned: Okay.

[00:33:51.850] Chris: You’ve heard of Nmap?

[00:33:53.310] Ned: I’ve used Nmap.

[00:33:55.770] Chris: So Cyberscope is actually officially licensed with Nmap for this. So not only can they do a lot of different things at a commercial level, what they’re doing is bake it into the analysis that gets performed by all of that previous technology that we talked about. Nmap is the network probing software. Not even du jour of, how do you say of all time.

[00:34:28.070] Ned: Of all time.

[00:34:29.080] Chris: Finito. It’s also a super complex program.

[00:34:35.080] Ned: Yes.

[00:34:35.560] Chris: That’s a pain to manage. And it’s a guarantee that once you get the command figured out with all 17 flags and operands that you need to make it run, you’re going to forget them all and have to look it all up again.

[00:34:45.980] Ned: Oh, no. That goes in a notepad and it never leaves.

[00:34:51.950] Chris: And then that notepad has how many lines?

[00:34:54.170] Ned: Let’s not. Talk about it.

[00:34:55.760] Chris: Exactly. So since they have this arrangement and since they’ve been doing these types of things, and they have 20 years of experience building a handheld device, they can kind of take that complexity away from you and put it into the types of things that we’re all expecting as conveniences. Prebuilt and customizable templates for scanning is a huge one. Automated testing that you can program into the device. And the output is graphical heat maps and of course, dashboarding. So just that, which I’m not really doing the convenience part of this justice. This presentation was only an hour, and once again, I think we got 2 hours worth of data out of it. So it’s definitely worth it, if you’re at all curious about what I’m talking about, to watch this in its entirety. But you build these things out and you can create a network probing what’s the word I’m looking for? Procedure that can then be automated for a system. And they’ll literally just tell you, walk the room, plug into whatever RJ 45s are open to you. We will collect all this information and in the background figure out what the heck’s going on.

[00:36:17.050] Chris: This can happen on device or new fun concept, the device can upload all of that data to net ally’s Link Live service for even easier ease of use. So here’s the thing. This device is a handheld, right? It’s barely bigger than an iPhone max. That’s a lot of screen for a cell phone, but not really for practical analysis use. I mean, I can barely function on a laptop screen.

[00:36:53.330] Ned: You can barely function.

[00:36:55.030] Chris: That’s fair. That’s fair. So if you choose to all of the scanning and analysis that I was just talking about, you can upload all that data and work with it on Link Live.

[00:37:08.090] Ned: I see.

[00:37:09.530] Chris: And as an added bonus, the device can also be configured so that it’s literally unusable on its own. All it does is record data as someone walks around and or plugs it into various exposed ethernet jacks. So you could have all of the advanced scanning and advanced probe stuff built out preformed read only, effectively hand the device to somebody that works in either a really secure building that you’re not physically allowed into, or maybe you mail it across the country to give it to the regional manager of a warehouse that just opens. Sure, where it’s not practical to send the human being, but you don’t want them messing with the device. You can set the device up for that. The device puts all the information into Link Live and you get all the analysis your little heart desires. You can also have it set up in a couple of different ways in terms of the data that the device records. So some people might say things like, you can watch TCP, but don’t record any of our data packets. Okay, checkbox. You can look at WiFi, but don’t look at bluetooth. Okay. Checkbox. And they take this to sort of an extreme one of the things the guy was saying is if you want these devices locked down in that manner permanently, they can burn a fuse inside of the system.

[00:38:39.030] Ned: Wow. Okay.

[00:38:40.280] Chris: So that you can’t undo that. Checkbox. It’s not only that, the device is used in new ways to enhance your physical security and your network posture on site, but you can actually secure the device itself in ways that are irreversible.

[00:39:00.830] Ned: All right, so when do I get one?

[00:39:07.070] Chris: I believe they are at least available for preorder, but I’m fairly certain they’re available. Available.

[00:39:13.630] Ned: They are available. Available. Do you want to know how much they cost? Because I looked it up.

[00:39:18.150] Chris: I don’t think we don’t need to get into that.

[00:39:21.090] Ned: You don’t want to ballpark it.

[00:39:22.790] Chris: I know how much it cost.

[00:39:25.670] Ned: This is not something that you’re going to get for Christmas.

[00:39:28.750] Chris: No. It’s not going to be something that is for everyone.

[00:39:33.590] Ned: No. It’s for a security or networking professional who needs this particular device and has enterprise spending behind them to buy that device.

[00:39:45.130] Chris: The way that they described it is the device is meant for where it ops meets SEC ops. And I think that’s really valid.

[00:39:52.580] Ned: Yeah.

[00:39:53.490] Chris: Like if you’re the person that is deploying a network and you want to prove before you leave the site that the network is set up as it was supposed to be and it is secure and there’s no open ports, you’re going to need this. If you just want to check your Ethernet cable to make sure that you’re not dropping packets because somebody stepped on it last year, I mean, you should probably still get one.

[00:40:15.640] Ned: I mean totally. Yeah, I’ll take two.

[00:40:22.150] Chris: There’s really just something irresistible about a physical device like this, especially if you’ve in fact used one in the past. Whether it’s a Fluke or something like this or one of its cheaper predecessors or what have you, it’s a toy. It immediately becomes a Game Boy.

[00:40:37.120] Ned: Yes.

[00:40:38.490] Chris: And I need the high score.

[00:40:40.600] Ned: We all do.

[00:40:42.750] Chris: So those are the three major ones that I wanted to highlight because I thought that they had something interesting or unique that they were bringing to the table. Certainly things that were more new and exciting to me personally.

[00:40:56.310] Ned: Okay.

[00:40:57.570] Chris: There was more, like I said, that we did not have time for. ComVault did in fact, go through their entire backup and recovery solution, particularly around ransomware detection and protection, which is worth looking into if you need that sort of thing. HashiCorp had a few. They had one called Boundary, which is a access management platform, and Vault Secrets, which is a cloud based stateless version of an already existing software that they have called Vault. Now, they both seem promising, but they’re also both still dot releases. I think there’s a lot of open runway in front of them, but I mean, in fact, vault Secrets is so new that it is barely in public beta.

[00:41:42.250] Ned: Yeah, perhaps. I worked on or I participated in the private beta that preceded Vault Secrets and in fact, before it was renamed Vault Secrets. So I can tell you how new this thing is. That was like, in March.

[00:42:01.350] Chris: Yeah. And like I said, I think it’s got a lot of potential. The concept of having all your secrets in one place and then having those secrets be shared out to other secret sharers. Very interesting.

[00:42:12.920] Ned: Yes.

[00:42:15.210] Chris: We’ll get back to it when it’s not in beta. Is that fair?

[00:42:18.380] Ned: I think that’s fair. I think we can cover it then.

[00:42:21.090] Chris: And by we nice. Nailed it. So Cisco was there and they released a lot of information. One thing was that they have a new series of hardware firewalls, the 4200 series, which supersedes the 4100 series, naturally, with a new version of their firewall software, which I believe is 7.4. If you need a new firewall, you’ll look at that one. It’s a firewall.

[00:42:53.850] Ned: Yay.

[00:42:55.190] Chris: No, I mean it’s super fast. And all of the network stuff, the racetrack data that they showed was impressive. And the way that they can be connected together, I think you can link up to 16 of them together into one super firewall.

[00:43:08.590] Ned: I like that more. Super firewalls.

[00:43:13.310] Chris: If you link super firewalls to super.

[00:43:15.700] Ned: Firewalls, it’s an ultra firewall.

[00:43:19.270] Chris: Nice. They also released or they talked about their multicloud multi cloud network security model for remote or centralized monitoring and alerting on network traffic in Azure, AWS or GCP. So what this really was is a classic Cisco deployment model in the cloud. By in the cloud, I mean any of the clouds, you can have all of your traffic scanned and reported on at sort of an endpoint model in the individual VPCs, or you can have all that traffic hairpin back to homebase, should you. So choose all of it through one single console. All of the commands are Cisco based, and you don’t have to know the absolute eccentricities of networking in Azure, AWS or GCP.

[00:44:10.370] Ned: It’s fair. I don’t want to know them.

[00:44:12.320] Chris: They’re all does anyone? Truly? If you need a classic Cisco deployment model in multi cloud, this is probably going to be of interest to you.

[00:44:26.470] Ned: All right?

[00:44:27.620] Chris: And let’s be honest, some people need that.

[00:44:29.940] Ned: Yeah, some do.

[00:44:32.310] Chris: And then finally, a company called cribble showed off their data observability tools. So this wasn’t a security product per se. It was more enabling security or making security operations more efficient. They have two major products, cribble Stream and cribble Search. Stream basically is a data broker. It takes data from anywhere, optionally, does something to it, and then sends it to anywhere. So one idea for this was you have all the data go through cribble Stream. You have a whole bunch of elegant filters on it so that you minimize the amount of stuff that has to be sent to something that charges you per file, like, say, a SIM simultaneously. You can send all of that to a cold storage data lake just in case you needed that record later. Okay, now that’s a dead simple example. People that are more versed in data analysis and data management will come up with thousands of other things to do with it, basically right off the top of their heads.

[00:45:36.500] Ned: Sure. But the first thing I think of is people with massive bills from Datadog today are like, I want that. Yeah, I want that.

[00:45:48.190] Chris: This one’s been around for longer. cribble stream has. And the amount of places that they can pull data from and the amount of data places that they can put data. It was an impressive list. And then they were like, oh, and also we can write an API and customize it for anyone.

[00:46:03.670] Ned: Okay.

[00:46:04.650] Chris: Neat.

[00:46:05.570] Ned: Very neat.

[00:46:06.690] Chris: The second part of it was the cribble search function. Now, this is definitely newer, but still under very active development in the sense that they don’t really have a roadmap per se. They basically are just like, everything’s going to be better tomorrow. Check in again.

[00:46:21.050] Ned: Okay.

[00:46:21.900] Chris: Rinse and repeat for the next, like, two years, probably. But the idea is it can search any number of areas online on a system through APIs to any area where you have text based files at this point. So the big ones are major object stores. You can have an agent that runs on your Windows or Linux systems, and it analyzes the logs there. And you can run a search from Cribble’s dashboard that will hit all of those different data points. I mean, you wouldn’t hit every single one all the time. Of course, you can say, put all this information, but only pull it from this group of ten web servers.

[00:47:07.510] Ned: Okay?

[00:47:08.040] Chris: And the cool thing about it is the data never leaves the web servers. So the use case that I came up with was, all right, you’ve got this massive data import that cribble stream did. What if we missed something? Let’s use cribble search to go back through all those other things or through the data lake and say, search for the 100 most active DNS hits from our web servers. All right, that’s what we put into the SIM. Just for fun, let’s look at 101 through 150. Maybe there’s data there that we need, maybe there isn’t.

[00:47:43.470] Ned: I see. Okay.

[00:47:49.190] Chris: That’S the short, short version of those guys. And like I said, everything’s available on the field day website so that you can review if any of this is even remotely interesting. And that’s all I got.

[00:48:01.960] Ned: Yeah. And if you really enjoyed it, why not buy both Chris and I one of those net ally cyber devices?

[00:48:09.700] Chris: I like it. I like it.

[00:48:11.540] Ned: Yeah. Lightning round.

[00:48:14.550] Chris: Lightning round.

[00:48:15.450] Ned: All right. Microsoft rebranding yammer as viva engage. A rose by any other name would be just as irrelevant. Do you remember when every tech vendor suddenly thought they had to build an enterprise social media platform, even if it had nothing to do with their business? I think the most egregious example has to be VMware’s Socialcast, an attempt to build a collaboration platform. For who? No idea.

[00:48:47.480] Chris: That’s a strange way to pronounce Google Wave.

[00:48:50.110] Ned: Not to be outdone in the useless and poorly thought out platform area, microsoft jumped into the enterprise collaboration platform fray with Yammer. You know, because someone yammering about things is good and worth paying attention to, right? Microsoft is nothing if not persistent in dragging bad ideas into the future. And they’ve rebranded their Yammer software to be viva engage. As names go, it’s an improvement. Yammer was folded under the team’s umbrella as an add on, which now appears to be how Microsoft is keeping the platform alive. Time will tell if the new name can breathe any new life into an entirely pointless product.

[00:49:35.590] Chris: The funny thing about this is that Viva is actually one of the names of Andy Warhol’s superstars. That’s all I can ever think about now. Why are you looking at me funny?

[00:49:46.480] Ned: I don’t know what you’re talking about.

[00:49:48.020] Chris: Gabby Hoffman’s? Mom? Nothing. Moving on anyway, Red Hat once open source’s biggest success story continues to turn its back on the movement. This week, Red Hat announced the effective end of Rel, which for those keeping home score at home, RH E L stands for Red Hat Enterprise linux. Sorry, emotional there, yeah. The effective end of Rel as open source software. Until now, the source RPMs were always available and reused by the company’s, shall we say affiliated Sentos project in a way that was totally free. Sentos was killed by the IBM acquisition basically as soon as possible. Other clones existed though, based on the fact that the repos were still open. Well, now they’re not. Red Hat published an embarrassingly corpuspeak justification press release for pulling the rug out on the admittedly free new clones and basically accused them of being freeloaders for not paying Red Hat a few shekels a month. A reply to criticism got one red hot honcho. Very got.

[00:51:08.810] Ned: Wow. Red hot honcho. You are upset.

[00:51:14.230] Chris: Let’s go ahead and try that one more time.

[00:51:16.170] Ned: Okay.

[00:51:16.980] Chris: A reply to criticism. Got one Red Hat head honcho to say very Jennifer Government type things like, quote, there are an awful lot of people who feel that simply because this is Linux, they have some kind of right to get it for free. Unfortunately, they don’t. Unquote while technically legal, this argument is of course philosophically laughable considering Red Hat has committed a grand total of approximately 5% to the committed Linux kernel code and an unknown but likely minuscule amount to the literally thousands of open source projects that they still ship as part of Rel. Now, there are legitimate things that are worth paying for in Red Hat’s portfolio, particularly support, but there are programs that they built that are completely and notably closed source. The give and take to the open source agreement was that the operating system itself was not automatically something you had to pay for, especially since Red Hat didn’t develop 95% of it.

[00:52:23.630] Ned: I really thought this was going to be next week’s main article, and maybe it still will be. I’m not surprised to put it in this week. Where should you park your domain after Google Domain sell off? An interesting analysis courtesy of Gurgley. We’re going with that. Arose at the Pragmatic Engineer looked at Google Domain’s share of the registrar market and how that compares to software developer perceptions. Google Domains is being sold off to Squarespace, and that has some people itching to migrate their domain somewhere else. Google Domains was known for cheap and easy registration without charging a premium over what ICANN costs. Squarespace is not where should you go first? The hard data coming in from Domain Name State shows that only GoDaddy has a double digit market share in global registrars, with 12% of the global market dang among the larger registrars, GoDaddy comprises 58% of the market, with Google Domains taking up a sizable 7%. An informal poll on Twitter by Arose showed that the most popular registrars were with developers were Cloudflare and Namecheap. So I guess if you have a Google domain today, those are probably your best bet. Although I have my own feelings about the Cloudflare CEO, so namecheap it is.

[00:54:01.550] Chris: Chat GPT can now use a browser to get data newer than 2021. All right, I should clarify this feature is going to only be available to people who subscribe to Chat GPT plus one, use the mobile application Two and understand that the web search is Bing three. Considering the ever cozier Microsoft OpenAI relationship, it doesn’t surprise anyone which search engine would be selected. It is interesting to see how quickly things are rolling out in the AI world. Quickly and curiously, as any of the big Three voice assistants could basically already do this. And if you needed anything more than what Alex A see, I’m practicing mispronouncing it so as not to accidentally make anyone’s echo buy the medal. Ah, crap, I did it again. Anyway, if you needed more than what a voice assistant could do, you would probably have to move off of your mobile device anyway, which I can only assume is what this enhanced feature is going to do sooner rather than later. If you want to use it though, enjoy. Expect to see it rolled out any day now.

[00:55:24.310] Ned: School District teaches kids about Hacking Interactively show don’t tell, right? The Oak Park and River Forest School District of Illinois had a big old security snafu last week when they set all 3000 students passwords to the same exact value. Change me with the attendant special characters one would expect. Apparently, the impetus for the mass change was a vendor issue that accidentally locked all of the students out of their Google accounts. The only recourse was to reset everyone’s password to regain lost access. And what could be easier than simply resetting everyone’s password to the exact same value at the exact same time and sending out an email stating this to the entire student body? Predictably, students immediately tried to log into each other’s accounts, and they were wildly successful. The school district admins were quickly informed of their mistake and issued a second password reset and forced logout to stop activity after 24 hours. Expect lawsuits to be filed in three, two, one.

[00:56:40.590] Chris: Micron to introduce new GDDR seven memory chips by July 2024. Man, oh, man. I have spent so much time thinking about CPUs and GPUs that I completely forgot about that other important component that still actually has to live inside a server chassis. For now, anyway. Micron announced a next generation set of graphics DDR, hence the G Ram. This Ram is intended to be a new next best level of one beta Ram, still at the performance levels of HBM three memory, but with data transfer speeds of 36 GT s. I don’t know what any of that means.

[00:57:30.290] Ned: High bandwidth memory three.

[00:57:33.890] Chris: So it’s high bandwidth memory memory, memory, memory, memory, memory.

[00:57:37.990] Ned: Yes.

[00:57:38.930] Chris: Malkovich. Malkovich. Malkovich.

[00:57:41.410] Ned: And 36 giga t’s. I don’t know. I can’t remember what the T stands for. I knew this at some point.

[00:57:48.010] Chris: 36 giga toasters.

[00:57:49.770] Ned: I like it. Let’s go with it.

[00:57:52.390] Chris: Anyway, so it’s going to be one of those 80% of the performance for 20% of the cost kind of things. Yeah, neat. Those are important. We need those. The chip will likely not get immediate attention or see store shelves in July 2024 as the controllers and Gpct controllers, and this is going great, as the controllers and GPUs that work with it will need to be designed to take advantage of the new memory. I mean, it still sounds cool, though, right?

[00:58:26.580] Ned: Yeah, I’m in.

[00:58:28.530] Chris: Expect to see an actual product that uses this tech out in the market by early 2025.

[00:58:35.810] Ned: You made it through, budy. That’s it. We done it. And hey, thanks for listening out there or something. I guess you found it worthwhile enough if you made it all the way to the end. So congratulations to you, friend. You accomplished something today. Now you can enjoy the remainder of our nation’s second most important holiday while your poor dog cowers in the laundry room. You’ve earned it. You can find me or Chris on Twitter at ned 1313 and at hener 80, respectively, or follow the show at chaos underscore lever if that’s the kind of thing you’re into. Show notes, the sign up for our newsletter, and other things are available@chaoslever.com if you like reading things which you shouldn’t. We’ll be back next week to see what fresh hell is upon us. Tata for now.

[00:59:21.330] Chris: All right, so if you’re writing text and you make a mistake, it’s called a typo. If you’re doing talking if you’re making face words and you make a mistake. What do we call that? Whatever it is, we did a lot of it.

[00:59:36.010] Ned: A speak oopsie, a spooksy.

[00:59:38.320] Chris: I was going to go with a taco.

[00:59:40.650] Ned: Oh, I like tacos. Let’s go now. I want lunch.