Beyond Prevention: The Vital Importance of Data Protection in Cybersecurity

are you filming I'm good okay so thank you everyone for joining today um my name is Darren gynan I'm going to a minute talk about uh give you a little brief bio of myself I'm here to talk today about the vital importance of data protection in the security for security Beyond prevention we're going to try to draw some connections there and make it more obvious for you just a typical disclaimer These are My Views and opinions and nobody else's just in case my manager gives me later on he may or not be may or may not be in the room so let's start off with when you're on a security panel and somebody catches you rolling your eyes at the

question and it's your manager who catches you rolling your eyes at the question it's not a really good start to a security panel but he got me with that so 25 years in in it 18 years focused on security various industry certifications I do believe certifications are useful I you know I like keyword here industry not necessarily individual manufacturer Etc I also one of the things about these certifications they at least show employers that you can go after something and accomplish something right so it's a good start right there 10 years in the manufacturer space so I've worked at at companies such as PTA networks crowd strike and now I'm in my first year at VH so what I get asked or

what I really got asked at the very beginning when I first moved over to VH is you were at these companies crowd strike po networks top security companies why are you leaving the security industry and the answer is I'm not I never was but I saw that there was another way another solution another option that data protection can help help with security there's another way to go here let me explain how this how I see this working so the security industry typically focuses on prevention and we focus on a lot of products right we have firewalls we have endpoint protection network access control we got a whole slew of these products but when I think back of all my time of talking

about a security polisher with different companies I can only maybe think about one or two times in 10 years did anybody ever mention backups as part of that conversation so to me you know it's kind of interesting thinking back of it once I kind of made that shift [Music] um I do believe that you know I want to make it clear I do believe in security a security prevention posture I do believe we do need to vest these Technologies but it can't be the be all end all we have in the world nowadays we have lots of different disasters that like look at what's happened in Canada last forest fires everywhere this stuff is you know

flooding in Quebec this summer Quebec had flooding and they had forest fires they had everything we're seeing unprecedented times uh for natural disasters um data protection can help you with this security can't security doesn't play in this field right security is there to stop something if it doesn't stop something he gets by the other natural I shouldn't say natural the other disaster that's out there is the I call it the human-made one right ransomware seeing ransomware I almost was going to say we should have a bside should have done a drinking game everybody talks about says the word ransomware this these two days get to take a drink it would have been quite interesting I think

um you know the the probability of fire flood or natural disaster is easy to write off right we're used to that when you have an insurance policy you write that off ransomware is much more tangible it's not that easy to write off quantify Etc so more definitely more difficult cyber security is designed to stop this this is where they come in let's make it a little more clear where I'm getting at what does every breach that happens have in common they have a firewall they have endpoint protection they have all these prevention Technologies right prevention isn't 100% we have to go that direction we have to use prevention do the best we can but we

I think we need to plan a little bit for what else we can do what is the ultimate fail failback what else can we do now I know somebody in the room is thinking ultimate failback what we can do well let's talk about cyber insurance this is so hot right now everybody's talking about cyber insurance and leveraging it and I find it really easy it's interesting because you know they can cover monetary losses they can help with your ransomware paying fine or paying the ransomware if you if you need to downtime regulatory fines um but sometime some people would argue two ways of rans paying the ransom is also is a problem right one we're

contributing to hey you stole from me I'm going to pay you you're probably going to learn your lesson to keep stealing from me or or causing me grief so that's not good um and the second thing is that it's not so easy get these insurance companies to cooperate right with cyber insurance it's not that easy um if you look at this is from the Talis 2022 ransomware study I thought this was very interesting study they they talked to 463 organizations 95% of the people they talk to were actual decision makers only 5% were influencers and I thought 40% have cyber insurance only 40% and then the next one the one really was interesting to me

26% had insurance but no longer have coverage so why why don't they have coverage so if we dig a Little Deeper of the 60 of of of this um claim submitted 66% of people CLA actually made a claim only 51% paid out so half the people who submitted a claim actually had it paid out and 28% had a paid out and it says but drop coverage but if you look at the report it means that the insurance was actually dropped after by the provider so the insurance cover did not uh renew their insurance the others you know Insurance did not pay out some of them are still having discussions and you know some people don't know what's actually going

on this shouldn't be I think all that surprising because have we any of you tried to use Insurance lately it's gotten very difficult to use Insurance depending on what type of insurance man if you ever try to do some kind of health insurance like a disability and stuff like that you're fighting for your life Insurance you got to remember they don't want to pay out right so the very first thing they're going to do is deny your claim then you're going to appeal and guess what they're going to do again deny your claim and then you're going to appeal and then maybe just maybe they're going to pay out that money how long does that

actually take if you're in a middle of ransomware t attack and you're going through this process like what is that three or four months can any how many businesses can survive three or four months waiting for help so I'm not trying to say don't buy or don't use cyber insurance I think that's up to every organization to figure out where they see the value in that uh and I do think personally I do think it does provide value but I would not look at that value as I need help getting back up and running next week that's not cyber insurance so let's talk about a pretty big buzzword in the industry man I've heard the word resiliency Lots this this

last couple days um even our our workplace Mental Health the resiliency was brought up I thought that was cool data resiliency is having your organization data always available and accessible despite unexpected business eruption such as a Cyber attack again data protection can help you with the Cyber attack but they can help you with all the natural disasters right so in the data protection field we've been talking about data resiliency I shouldn't say we I'm only one year in everybody else who's been in this for 10 12 years have been talking about this but they haven't been using the business word they've been talking about the 321 rule so if you're in data protection or new to it

this is what they call the Golden Rule of data protection you want three copies of your data one can be production two could be backups you want to have two of those those two backups stored on different types of media don't put all your eggs in one basket in other words and you want one copy off site in case your site blow or melts down where oh yeah we were talking yesterday you actually take she actually takes her data puts it on a portable drive and takes it offsite once in a while and she backups to Google great resiliency both offsite so while that is been the standard some companies hint hint hint have also been augmenting to

make this better we still have the three copies of the data two different Media One offsite but we've also added an extra one there which is that offline that honestly that could be tape still right tape is still effective especially depending on how often you need it what your process is also a mutable storage copying something to the cloud we're going to talk about a mutable a little bit more in a couple minutes and then a really big important one is zero how do we know that when we actually do a backup that when we need that backup it actually work how many times have we all heard horse stor of people that hey we had

backups but when we went to run them something didn't work I used to see that all the time on tapes when we used to have like multiple tapes and what happened if one tape had a problem so you want to be able to check your backups proving that they work and you probably want to be checking your backups if they got anything malicious in them right like if we are going to talk about recovery at some point we want to make sure what we're recovering isn't bringing back the problem into the network if this ransomware where and we clean it we don't want to reintroduce it so I love this as a use case so first

off I love Indigo chapters not trying to bat on these guys at all I love going there I love reading books and I love just wandering around chapters I find it very therapeutic it just you can take your mind out of things so I love doing that uh and it's something I passed on to my kids so I love Chapters Indigo and it was really sad seeing what happened to them earlier in the year but if you look at this attack and this is all public information that I've kind of pieced together is this oh the dates aren't really that U shiny here or bright but on February 8th an actual issue was reported and then they

determined it was a cyber security incident ransomware was confirmed on the 24th they identified at least publicly that it was lock bit on March 1st the criminals made it known that they were going to release the data onto the dark web as well full website backup online on March 8th and then I updated this on June 7th that the founder and the for the board members for the board members actually had a resign over it I saw this week or the past week that the founder is coming back to the company now but big implication for this company right like they weren't able to process credit cards for I don't know how many days you

couldn't buy anything off their site Michelle I'll give you the slide later if you want um they couldn't buy anything off their site then when they had the site back up and running they actually only had a limited amount of things that you were allowed to buy on the website this affected things pretty it was pretty major thing for an online retailer that had stores as well the the interesting thing is if you think from a forensic point of view when this when this activity happened when you bring somebody into forensic it might take five six seven days to do collection let's just call it collection of data right not an not the analysis that could take a lot longer but five or

six days to collect the data and then guess what we want to get back up and running every day we're down costing us money 28 days they were down not resilient I would and I have no idea what data protection platform they working or using but something went wrong here right and it comes down to that whole we call all the time we talk about this is backup is easy it's really wow recovery is hard right and why is it hard well one we always have to make sure everything is working we need to be testing everything and not everybody's testing their backup but the other side of it is ransomware being a a type of

disaster is unique in the fact that you actually have somebody on the other side fighting back against you you actually have adversaries groups of people who are saying oh they're in your environment you're trying to get them out they're able to fight back they're trying to fight against you to keep the their keep their uh presence alive so it's completely a different approach um than natural disasters overall immutability man my first month I I I had a hard time saying the word I kept bungling it all the time made me really nervous to be honest with you um I love this because and it's another buzzword people are talking about in an industry but this is basically wrri write once

read many times right we want to write the data somewhere but we don't want anybody to touch it which is good obviously because if the bad guys get in what do they want to do they want to delete your backups they want to encrypt your backups they want to do something they want to make it as hard as possible again these guys are fighting against you so with this you set the retention you might say I want my mutable backups on this one target to be 20 days nobody can touch those backups for 20 days you can always get back I thought this was interesting from that Talis report multiple extortion ransomware we got a grand new a brand

new buzzword in the industry to me I thought it was really we're actually making a new buzzword on you know to me when people are Ransom they're always trying to steal your date at the same time they want to extort you no big deal but we should also make sure that backups are encrypted right man that seems obvious right you'd be surprised among people I talk to don't have their backups actually encrypted if you don't want it on the dark web make sure it's crypted what about cleanup I briefly mentioned I shouldn't say cleanup necessarily making sure your backups are good make sure you're able to recover we want to be able to test those backups on

a nightly well it's up to you just to do the frequency determine the frequency but you could do it as a nightly basis take a backup mount it run scripts again against it automate everything I talk to a lot of people nowadays well I test my backups well what do you do well once a week I come in I do this restore I'm like so you're actually doing this manually sitting there watching this happen yeah hey that's great but I think you in our it space you could probably think of something better to do at that time and secondly even if you can do a restore and you've proven it you're not ensuring that the data you're restoring

is clean clean up to the best we know up to this point how do we know we're not reintroducing things into the environment that are bad data protection can also monitor your backup uh environment it can monitor the metrics of everything in your backup environment being process CPU load memory load hard drives or the hard disk how much activity input output it can monitor your repositories and tell you hey we see how much you're backing up and we know that in 29 days you're going to be full might want to look at some of that but let's focus more on security we also probably want to get notified when we see that every day your

backups grow by 2% and on this one day they grew by 50% or 80% could be a completely legitimate reason for this but we want to put our hand up and we want to say you need to investigate you need to take a look at this this is something that you have to dig into what about all of a sudden we see files encrypted in the backups with that encrypted before probably something good to flag on something worth investigating I don't know how many people are really encrypting their own file structure and then backing it up so probably something that we want to look at I've always really enjoyed if you ever seen my presentation before I

always love using the cast approach talking about security right it's just such a easy thing to look at you Keys of the Kingdom are in the middle that's what everybody's trying to get at you have multiple layers of protection you have your fire walls your I your IPS endpoint protection sprinkled identity control is huge now making sure that you understand who's allowed in you're only allowing particular people to have to prove their identity to specific objects that's where whole zero trust is starting we want to make sure and and have these multiple layers of security one thing I didn't realize I was missing with this whole diagram again until I came to data protection what about the concept in the

castle of the the tunnel out or maybe in this regard the tunnel in if the bad guys are getting into your environment and they're compromising and you can bring the data back an hour later a day later you're kind of changing the dyamic of this whole Siege of your Castle you're providing another option to protect it we talk about data coming out because we are doing backups I would suggest that 321 rule data resiliency that we're making sure data is going out but we can bring that data back in we can make sure we can leverage that what does that look like in a practical term here this is actually a Darren diagram that I threw together so if you want to

make fun of it you're more than welcome so if we talk about a production site we have our typically a virtual environment we can have physical servers we can have workstations and you know data protection protects everything right it's not just one thing and a lot of times people think that they're like oh well you only protect virtual or something like that like even if you wanted to back up your your n your uh laptop every day we can do that data protection can totally handle that I got burnt last year by last P before the last breach and you know six breaches in 10 years is pretty massive but I thought I had some identity fraud and I said you

know what I'm going to change my last pass I don't think it's compromised but it's a 30 character password I'll change it anyway the password change didn't work so I had to call them they made it work and I lost three years of all my passwords they're like well that's not possible I'm like okay so here's an offline copy cuz I got a laptop turned off want to compare and they refunded my money and then three weeks later we found out they were in another breach so I now use data protection to back up my new password Vault every single day I got 250 copies of my password password Vault when you lose 300 passwords you don't realize how much

it affects you till months it takes a long down it's like the surprise that keeps on giving every day and you oh I'm trying to do this I'm allowed to swear right so um I'm only allow so many and then YouTube won't allow it to be on so so let's talk about the backups we can do a backup and a restore from storing the backups on production on a production data Repository some kind of storage on site we can do a backup copy of that backup and send it to the Dr site now we got three copies right production two backups we can send another copy to Azure for example it doesn't matter AWS Google it's all the same just using it

as an example we could send a copy there and I'm seeing this a lot nowadays it's more like the four three two or 31 rule there's four copies anyway production in one two three so I see this a lot this allows you to restore multiple if a whole site goes down you can grab stuff from the other site you can grab stuff from your aure blob whatever you want I actually drew a couple little icons here saying that like you know if you actually did recover your full environment into aure you can run there as well so there is solutions for that as well what's a recovery look like because that's more important right not

the backups it's the recovery a recovery looks like I've lost a whole Data Center or maybe I've lost two data centers fire up a box get a server up and running restore the configuration of your data protection data prot that config file should be stored on one two three that we should have multiple ways to restore that configuration so get the configuration backup and running that's going to include where your backups are being stored and it's going to look at those what's available what disc is available and show you what backups are good that you can start your restore it's that simple like getting a box up and running you have an image somewhere 20 minutes installing vhm or any data

protection I shouldn't be focus on one 20 minutes load a config 3 minutes restore very quick what about if you don't want to actually do what I just said and which is manual and you want to automate this well we can do the automation as well data protection can handle that what if you set the runbook that if you know let's think hypothetical bad guys don't attack us on Christmas Eve right they don't want to attack us at night they don't want to do any of that so it's Christmas Eve something happens you set the Run book up somebody takes a the whole site it's gone well if you set the Run book up the

solution is actually going to move all those workloads have all the production moved over to another site and get it all about back up and running for you so instead of you having to come in and say man it's Christmas Eve the whole Network's down I want to be at home how am I going to restore all this you're notified that we had a disaster whatever caused it doesn't have to necessarily be Security based ransomware could have been a natural disaster data center is down but everything moved over to the other data center we're still up and running I got to come in and troubleshoot something without that pressure on me of an outage you ever

been in a I'm sure a lot of you have been in this you ever been in a data center after 12 hours and you're pulling your hair out trying to think what to do and try to get help it's not a fun experience it's one of the reason I don't do post sales and implementations anymore so data data protection can handle all this for you um I typically like to rant a little bit going past this is when we talk about security tools Etc uh people say well what else should I do to make my security posture better and I say start using your tools fully there's a lot of things in configurations at different products Etc

but if you actually really look at what people are how they have it configured they're usually only using 10 20% of a product make sure you're fully using the product do like every company like or us included we do like health checks check things for standards are you using is your backups encrypted are you using immutable storage how are you doing on multiple copies in different spots you you should do this let's also not forget about in this scenario here and I did talk about orchestrating or uh or recovery we also want to make sure everything's tested nightly right so these solutions that do this orchestration can also fire up these workloads like I mentioned earlier

and actually check them every single night it's really nice to say to management they go when's the last time you tested your backups well we test them every single night here's a report we met the RPO the RTO we know everything's going to work wow okay sure takes a lot of pressure off you right there and then Clayton might recognize this is an old Pol Network slide this is this thing is 10 years old uh so I I still do believe and I I think everybody should be practicing uh a prevention posture doing the best they can to prevent as many attacks different types of attacks um so I'm definitely um not saying don't invest in this

technology you do have to invest in it uh but let's just not lose sight of something that's really simple that is there that will make your life a lot easier in security and that is data protection right that's where data protection comes

in I like this slide I've used it a few times too but I really think this is hits the nail on the head is that we're all focused on prevention Technologies these big guys that's going to protect us but a lot of time it's going to be that little guy with the obvious solution in the back that's going to solve the day and make everything work for you that's all I have questions did it suck not one question come on and not you Rick okay if there's no questions we're happy we're around I'm around Rick's around another data protection guy we're here to chat if want to have uh any oh we got a question see I stalled long

enough to get a

question model

out right and there's a certain frame of thinking and what you're saying in the RO will change any suggestions best practices to like get people along I think change management processes overall are really good I think typically people don't find a process is bro is not really working until it's broken I always l in the security side when somebody says Hey like we sent an email to somebody and they paid a bill to the wrong company it's a cyber security incident it's not that's a pro business process that broke down there wasn't a validation you need to check that stuff um so I think the more you document things out uh anybody knows me that I

like little flowcharts of everything I want to see the flow of everything and understand it and that's how I think you build uh change management is based on the flow that you understand how everything's working step by step I will say also from a data protection P perspective we especially at V we're trying to add things in all the time for example we're both to add in what we call Four Eyes where we actually if you're trying to delete um four what's the right term four I what what's the end it's just four eyes okay I thought I missing something um but I thought this is really good say for example you're going to about to delete a repository a

bunch of data you're going to have to get somebody else to agree with you to be able to delete that data so you should build all some of this technology into the processes into the change management and the technology is starting to to get to that point where they're try they're adding those uh the bill to do some of this to help with that change management no problem go

ahead that okay yeah great question just so everybody didn't hear it organizations are used to doing things a certain way how do you start that change within the organization I'm not trying to I definitely wouldn't have the crystal ball on on how that how it's a difficult conversation we see it all the time is we've always done it this way well just because you've always done it this way doesn't mean it's the right way right off the bat right so it's really hard when you have when you're working with people who have a mindset that they don't want to even look and encourage new things in their environment so the way I usually let's take an this is from

a pre-sales I'm a pre-sales engineer I help people understand Solutions at the beginning I will look at who I'm working with um clients my own team and I will Asain a strategy maybe I see Chad here as my my or Tad sorry my roadblock um I'm going to try to figure out what makes Tad tick how I can help him at the same time I'm probably going to surround Tad with some other people that I know are friendly maybe some of my Champions that try to influence him so it's not me coming at them maybe it's a few people trying to and I don't want to say coming at them but it more trying to

educate and try to understand and get them to maybe open a little bit be a little more open to stuff I do find organizations that have been with one product one solution for a long time very resistant to change it does happen I know for in the last uh six months here in Emon we displaced a couple products for over 20 years in an environment like 20 years in an environment and it was those thing hey don't touch it because it will break but we don't like don't touch it we don't want to replace it because it could break that that's a hard thing to change but so it takes time strategy helping work around it really understanding how

people think and and maybe how you can influence it I think there's was there one more here okay go ahead

sure great question kind of we talked a little bit about this but we what you can do again is we W to let's just talk testing backups right we want to we don't want to assume our backups are going to work because that's you know what assuming is you know all about right so that's bad we want to test those backups and we want to make sure that we know they're going to work when we need them but the other side of it is we do want to check them every night so our solution does do what we call like you can use traditional antivirus scan based technology up to the latest definition we can check

it pretty CT CPU and you know really Nails the CPU it could take hours to do so we also have the ability to do yard hunting that's out right away here so now we're going to be able to look and if you understand y hunting it breaks uh basically patterns you design down in 8 Bits and it searches through your data very efficiently not like antivirus so we're actually going to be able to look for indicators of attack and compromise in the backups to match so it's not necessarily looking for as a bad hash but if we know for example and when I was testing this week lock bit we saw it on Indigo we see it across Canada a lot

now I took a Yara search made by reverse Labs I'm not smart enough to write all that stuff it had like 80 or 90 different ways to identify lockit in an environment and I ran that yard search against all my backups and went one day by one day one by one day and if it popped it would say it came in infected infected not infected you probably know where your latest backup is right and we even draw it make it easier and we'll actually point out now that that's your clean backup we actually bring that together so great question it's top of mind we have to make sure that not only testing but we need to ensure if we're

going to restore data we know it's good you can also stage a backup by the way too you could stage it in an isolated environment and look at it clean it so sometimes maybe you what if your restore point you need the restore point as as soon as possible but your clean is way further down we can do that stage restore you can go in and clean the data if possible if it's encrypted you're kind of pooched no matter what but if it's just indicators of attack things you don't want to rerun in your environment you can clean it

sh no I do know of a company that does technology like that completely different but no not on I don't the thing with with that is that's a huge CPU processing you're really processing the traffic and doing that decryption algorithm them at the same time you're I think you're going to need specialty boxes to do something like that I don't think I don't think the data protection field will be really capable of doing that that it might have to evolve a lot our Hardware will have to evolve a lot to be able to support that type of decryption on the

Fly

of of config files for switches firewalls whatever they are no I would say the best practice there is going to bring in change management where you're actually you're having that solution do it and putting it somewhere where the backup job is getting it it's encrypted it's stored on mutable storage Etc yeah no problem go

ahead no EDR no no we don't do

EDR

sure the easiest way is that when we actually do the backup we're actually looking and you can we we have our own AI ml built in now and you can actually specify external file extensions is identify the extensions right so we're going to have that AI to look for files that have been encrypted but we're also going to have we do have the ability to add your own extensions you want to put in a list of 30 or 40 different extensions you know are typical from encryption you can do that I think the next Evolution you're going to see is that we are not an EDR company we are not a threat threat company and to be

honest we can't be that right because we collect we don't collect any data in EDR company collects that data they can do threat process or threat intelligence from it we can't do that but we sure the heck can integrate with them right and start pulling some information from them so that's where I think you're going to see data protection as more and more people understand what data protection can do and how it can we're not a security company but we sure can improve a security posture we're going to be bringing more and more of those Integrations in and making sure we work with different companies like i' I've thought about 20 different examples just even with EDR threat intelligence what

you know pull the threat intelligence rate from Bitcoin addresses if identify bit pull the Bitcoin rate down through check a backup any of these Bitcoin addresses in there that we know we are linked to known ransomware threat actors so there's a there's definitely some stuff we can do there Michelle

[Music] sure

I'm not I yeah I don't at the threat detection level at at a firewall and me and you both know we've been in the firewall game a long time we've gone through this one for a long time as competitors um it's it's interesting I I definitely would say that we want to encourage people as much as possible to be leveraging the cloud targets to store copies especially using immutable storage in AWS aure Etc so um I would say that a lot of that traffic is going to go through that firewall now do I think the firewall can identify if something was malicious in the traffic going back and forth or to at least say because it went through we know it

clean I probably don't think it it right it's going to be encrypted it's going to be SSL so I let you know and then we get in discussion well you're doing SSL decryption I still don't think that's probably going to be very possible um and I don't know too many see that wasn't something that I generally had conversations about back in the day I'll be honest um and I probably would say that I would tell everybody to throw everything through but

yeah convergence is

happening 100% 100% I think real realistically if if you're into Data protection data security and you're trying to make sure the very first thing that comes to that you should be doing is you make sure your data is available right so like when something bad happens we don't want to be waiting for that that insurance poliy to kick in because you're going to wait forever you want to be back up and running and as quick as possible you want to make sure your day is available then the next thing is to all the questions here we want to make sure the day we're bring back is good so check it I think the fact the

fact that you were able to do Yara hunting now and get into that stuff and it's actually from a selfish security learning perspective I love that I can go on and I don't have to be a threat intelligence guy to write all these Yara but I could sure take them and then start to see how they're used and start to play with them and adjust and make my own which is kind of fun right it's a good way to start that learning process any other questions Nicole hasn't given me the hook so we're doing good three minutes she's she's on time okay go ahead Mark we we really do well how long it takes us to recover

is kind of important every minute that we're down depending on your organization cost means a certain amount of money right so I think it's sometimes we get into this whole discussion is what what should those say what what should those be well that's not up to the data protection it certainly is to the security and that's up to the business now the question really comes down does the business know what it really needs and that's a difficult discussion the business a lot of time hasn't figured that out and then they put that pressure on security and data protection and other it groups and my my advice is to dodge the heck out of that question that's not your

responsibility to figure that out you're getting you don't get into that that whole thing so I mean when we look at we want to make sure that we can fulfill whatever your RPO or RTO is and that's why even we had talk about the ability to automate an orchestrate recovery which obviously increases that dramat dramatically and that's where we were kind of discussing a little bit yesterday that's the next Evolution The Next Step Up from just starting off with doing your backup and restores and having to go through a manual process you can automate

everything yeah I think I I don't know SB is always tougher to for any topic we're talking about security anything right I will say one thing that I have been pleasantly surprised on how data protection license itself it's usually by the number of seats or nodes or workstations and how many does typically an SB have pretty low number right so I've been pleasantly surprised and and I want to say shocked actually that the cost for a lot of companies of getting into this is is not that drastic so the other side of it too is that most of the solutions out to data protection VM included we we offer a Community Edition which is free up to

10 10 uh whatever type of yeah so I think you set me up for that question and you were trying to I'm not sure why but thank you it was good I I like uh the freebies and keep giving them to me all day long anybody else give me a freebie not Michelle cuz her's not freebies okay thank you very much everyone have a good day and uh we're around the talk