Big Data

so ladies and gentlemen let me introduce our next speaker uh John just reminded me that there is a microphone in the middle of the floor right here if anybody wants to ask questions um so this is Dr Charles wood he's a professor and and author he's written several books on several topics um I think that it's important for one of the things I love about bsides the most is that we get a lot of a mix of a lot of different people from the government from corporations from Academia I think that one of the things that we've been missing up here a lot um is people from Academia and that's why I'm so happy that Dr Wood was accepted

for the um for his talk um he provides a Lifeline into the classroom for us which I'm not sure that we have uh such a good one so thanks a lot Dr Wood thank you thank you thanks everyone okay um thanks yeah uh let me give you a little bit of a a background on this um my my topic on big data and information security ended up being um a a topic where uh I I I consider myself I I teach data analytics at at Ducan University and I teach information security at Ducan University and uh so I consider myself uh uh kind of a an expert in both but they they seem to a disjoint field

and and and there there is really no need for that so I started delving into other people out there applying Big Data Solutions to information security and I found out that uh there there are some I I started this about a year two years ago and there are some people that are really cutting edge stuff uh I I admit that uh this may not be as technical as uh some besides presentations that I've given and that I've uh seeing the uh it's meant to be at a little bit higher level I I I try to I'm not sure how how much experience the rest of you have in big data and if you're all uh experts in

it then then uh you're going to be bored but uh the the uh uh that's where this came from anyway so the the problem that we have with uh big data is first off a lot of us see a lot of data and say I I am Big Data you know if you just look at my logs of you know intrusion uh attempts every single day I I get 3,000 a day I I'm big data and I wanted to bring up a point that that because you have lots of data you're you're not necessarily Big Data you you just have lots of data and in fact the amount of data that you get might might even be uh as it as it

starts to increase might even be a very big strain on your corporations uh I know that when I attend the uh uh security seminars around town like I see a lot of you there uh the the the uh uh quarterly end points where you have to verify all your controls and a lot of you realize you know when those hit you you see people coming to these conferences and they look like they haven't slept and they're all got the stress out look on their face and they say yeah we we have to do all this uh work at the end of each quarter and then next quarter it starts all over again and every quarter it grows and so and so

they're dealing with lots of data but you can see a problem like that causes a causes them to even uh causes them more problems than than a solution to the problem so so there there is lots of data the the hacking attempts have have increased um one Pittsburgh company told me that they get uh 3,000 intrusion attempts per day per day and uh uh that I don't think you can put a Network online and not start getting like a thousand per day I you know you know I could be you know some of you might be saying well we don't get any if you don't get any you're probably being hacked but you guys all know that that

we're preaching to the choir uh so it so uh information security is is a big data problem in and of itself so how many people here are consider themselves in Big Data data analytics the regret and stuff like that I am getting some some of you that's good that's good uh so so this be uh a a uh a problem so what am I doing here what are the problems in information security that can be helped by Big Data data analytics I I use those terms interchangeably um and and what are the problems you're going to run into and what is Big Data and I put no really uh there because I I run into a lot of people

that say especially outside the the uh Information Technology we're a big data firm we do big data we we have big data and you say what do you mean and they say well we have a a two terabytes of data in our database and I'm like well that's not big data that's just a big database you know uh that's that's not what what it means uh companies have realized this some companies and what they do is a lot of times nothing but a lot of times uh they put on a new front end and and say we're a big data company and if you actually pushed on what they're doing they've done the same thing for you know they've had updates

but they've done the same thing for 20 years you know for 15 years where they're they're they're uh or for 10 years where they came out with a product and the product deals with a lot of data and they they do what uh uh I I first heard this term used in cloud computing where every company said they were a cloud computing company you guys obviously remember that right and it still exists somewhat to the day where they're saying oh yeah we're cloud computing and you go what do you do well we provide updates online automatically and I'm like well you you've always done that and and uh do do we do any work on

in the cloud no you download it to your servers so we do everything at the server level but we but you get updates on the cloud and so that that's the uh the uh a uh a colleague of mine not well of ours not uh not uh myself came up with the term Cloud spray uh where they would take a product that exists already and Cloud spray it and say we're Cloud now and uh uh the same thing is is is uh happens with a big data it took me a real long time to make that paint can but uh but the uh the they they they take an existing system that uses a lot

of data and they say I'm going to say it's big data and the marketing department says say it's big data say it's big data and so Zing I'm I'm big data without doing anything and and uh so so you do run or sometimes with a A minor change on the front end or you know something like that uh it's for marketing purposes but it's not big data and because a lot of people don't know what big data is especially at the sea level executive area they say oh okay we're big data now and so they're not lying when they say they're big data they don't know uh so the problem is that businesses generate terabytes of

data but it's not just that the analysis burden that we're doing increases right because have you ever known a PCI DSS to remove requirements right I mean so they don't say oh okay you don't need to do that anymore that was that was 5 years ago they don't say that so they all they do is add hip adjust ads the the uh a socks just adds your own systems tend to grow you have controls that you're adding on to them right so so we did have uh you know 200 controls that you had to verify like last quarter now we have 300 this quarter okay so so the result is that we have uh increasing

notifications and I'm I'm going to bring up an old problem with a with a different lens do you increase your staff size when this happens and uh a lot of you raise your hands when you're hiring security people by the way I might want to talk to you I've got some students but the the um uh the a lot of times the security staff is not increased a lot of times that's because we can't find any one and I'm going to bring up that problem at the end of the presentation on why that is uh so the ssem systems are overload I I I saw uh I I had this seim all the way through my

presentation and then I started uh doing some research on some products and everyone called it s and then I switched it and then I just found some research and some other products that call it SE am so just seam or Sim but uh the the Sim the Sim systems are overloaded so let's talk about Target because we're all familiar with it by now okay so Target this these quotes were from U um Molly Snider so these were uh uh to me she is not an information security she's more of a spokesman marketing role um but uh but they were amazing first off that she knew this and that and that she actually said it so they said there are

a vast number of technical events so a lot of us are in this problem there are a ton of events that are triggered by our software okay so uh and then what do we do we don't have enough staff track all the events but we triage because we need to right so we triage the events um these ones look really important these ones I need to look at at some point and these ones I'm going to throw away okay so we triage all the events because there's two too many events from our from our intrusion detection software our IDs our seam software and uh uh so Target actually had a pretty robust system they really invested a lot of

money into it um and we I uh recently certified as PCI compliance some of you know that the PCI compliance can be revoked by PCI uh retroactively so they could say when you get hacked oh you're not PCI Compliant even though we said you were um so but but uh uh I don't think PCI did that to Target yet they did it to TJ Maxx um and uh where they just said you pretty much lied to us so you were never P complaint and then they can retroactively find you so it does get into a problem now firey was allegedly installed from what I've read uh firey refuses to confirm or deny their Client List which is probably good for firey

right and uh I'm going to say if they were installed uh whatever was installed arite or fire ey or whatever uh they did a good job they actually caught these airs put out incidents five of them on uh November 30th when the attack first happened multiple ones I couldn't get a number uh on December 2nd and and so they actually had these and they were investigated by target employees but the target employees were worked too much data okay so so they had a uh too much data so this is where I say this is maybe a big data problem but it's definitely not big data it is people being overwhelmed with lots of data without a good way to to uh

answer the problem of what do you do and so uh the auto delete was turned off which most of us do and that's reasonable right because we don't want to say to the software oh yeah delete those files that you detect there are a lot of false positives you would rather have the software detect everything then miss a detection and as a result you you you uh move the software towards over detection the software companies do this themselves uh towards overd detection and and uh so that you get a lot of things that are reported as as incidents that aren't incidents or or aren't severe incidents and and uh that's what happened here so I I I bring

this up because if the target employees were sitting around doing nothing and incidents all of a sudden popped up then they'd be like oh we got to investigate these we have incidents that's not what happened they were running around every day investigating hundreds of incidents right so so and and uh some of you might be in that situation right now where you're investigating incidents all the time you you only can work a person 40 hours a week they won't let you work them more than that I mean could say you have to work 50 this week or something but pretty much only 40 hours a week and so they only have so much time to do

what they need to do to investigate these so so you're you're burdened by this and and so uh the the uh they had too many alerts to investigate they triaged and put things in a priority and the uh uh Eastern European Western Russia hacks that that came in uh went not undetected but unresolved now when you read the popular press even in the security journals they say uh the uh system that Target had the firey system I think uh was was uh uh was ignored and Target ignored it and I'm like that's not quite the story right so that's why I say target employees did a good job they just uh probably were overworked and probably had to treat out of

necessity so they didn't ignore it they weren't sitting at their desk on another incident forget about it I'm taking a long lunch they weren't doing that they investigated what they could when they could and and because this was a zero day attack they couldn't uh do what they needed to do on this uh it wasn't flagged as as important as it should have been okay so what happened and this is where we're starting starting to get some changes not enough but we'll we're starting to get some changes the CEO did come out and say some pretty weird stuff I I don't think the CEO lied I thought Target actually handled the situation pretty good but he said some

pretty weird stuff that wasn't was mistaken wasn't true like I said I don't think he lied uh and he ended up being resigned and so did the CIO now a lot of our cios are not security Specialists right I mean because you're good at technology doesn't make you a security specialist we put you to the Chet I think on that one but you're not a security specialist if you're CIO you're responsible for a lot of things CIO was fired CEO was fired and people backed up a little bit that and the OPM hack where uh archeleta got resigned forced to resign under heavy pressure right uh uh where they the top secret applications were leaked

to we think China um that sort of thing is is is a making CEOs and sea level executive stand up and say wait we we need to do something about this I could be fired so we did so this actually there's a silver lining here because it used to be security was okay you uh security people go into your corner do the security thing and leave us alone and then they once every 6 months pull in the ciso and say you know okay uh we got hacked we trusted you and you didn't you know you didn't resolve the situation you're fired bring me the next next person in line and will make them ciso or hire outside and to the point

where there were even jokes about ciso standing for career is soon over so this this was the the problem but now that the and now that the CEO is on the line they're starting to get boardroom reports they're starting to get a little more interest in the topic and um uh this bottom quote was uh something that we're going to address when I say starting to I really mean starting to a lot of companies haven't done it yet there's a reluctance there still is but not a Target to tie data breaches to the bottom line so in other words you security people are an expense and and you don't help my Revenue at all the cheaper we can do it

the better off we are and they're starting to say that might not be a good way to live and like I said starting to not not uh not uh uh uh not not done so I make the point that uh we are all target here because we all have overflowing incident response reports from our S software that we have to respond to and we don't have a lot of times the Manpower so we all have to triage and when we triage there is a chance especially on a zerod day attack there's a chance that a zero day attack gets moved to a lower importance level okay so so that's where we're at and so and so uh uh that's that's one of

those uh uh if you look at Target I was looking at Target and saying what can what could have they done and to tell you the truth uh even now I I'm hoping that the Big Data uh uh solution is a solution think it is but but the the uh uh problem that we're having is that Target if it happened a day where they had another zero day attack what would they do and they would try to triage it and see how important it is and then move it I mean what would they do differently so we fire the people but we don't change what we do look at OPM if I pick on them a

little more they fired the director of the office of personnel management for the US government and they replaced her and she came out and said okay we're now doing two Factor authentication to get into our systems and I'm like that's great that's good two factors always better than one factor but that doesn't stop what China did to I mean you know that doesn't stop anything that and so my guess is she's saying that because Congress is saying what are you doing and she says two Factor authentication and they go um okay great CU I don't want to say I don't know what that is and how it relates but yeah so I I I was I was uh

listening to to the report and saying they fired the person who found the air now granted there was some did was it was it they had Einstein installed and Einstein claimed they found it then later they came out with someone else found it but whatever found on her watch and they fired her they brought someone new in without changing what they did okay and so that the problem that I I'm having so will the same thing happen again well maybe you know okay so now let's go into what is Big Data and Big Data analysis and a lot of times I use data analytics analytics and and and Big Data interchangeably uh someone might uh

might be some of you big data specialist might want to come out to me afterwards and going you can't use those interchangeably so but that's I do use them interchangeably because I I look at this as uh big data and data analytics has the same thing okay so we work with huge data sets but the goal of Big Data analysis is not that you work with them but to find out things you didn't know that you didn't know to ask about so if you a security specialist and you know enough to ask about something it's not a zero day vulnerability anymore it's probably a two we vulnerability right I mean by the time you know enough

to say hey are we protected against this it's too late you know so so that's that's the problem um the uh the way you do this is is is really statistics on on steroids so how many of us have taken a regression in the last two years you know and and that's a rhetorical question you but you know if you have never taken a regression in your life you really can't do big data um this the that's the low bar the entry point if you look at some of the neural network approaches uh some of the uh idea that people are typing things in and it's not in your database so the Big Data Specialists really take a and by the way

I don't I don't count I I I teach it and I do count myself as a a very knowledgeable in the field but the ones who are who who uh do it for a living really take uh uh their hackles rise up a little bit when you say uh yeah we do big data I have a database full of data because if it's in a database we're pretty good at that pretty good at terabyte siiz databases already so the idea from now is what if people type something in what about log files what about uh what about uh uh a length of time that you're stay spending on a system what all these data sources

that we're we're accessing now are not database data you can't do an SQL statement and retrieve them with a lot with as easy as you can with a database so so there's a lot of data coming out there the data is huge and to analyze it uh you know to make decisions on security or retail or or whatever it takes more than just than just accessing the database and and and doing an order by on your select statement okay so so that's the that's the point we're making here that you still still need to know SQL you still need to know uh uh some development but you probably need to know a lot of Statistics or be able to

use a stats package you've got to be ready for things that are not in a normal distribution you've got to be you know how do you how do you adjust that and and so uh things like that the complexity of the data uh is way larger than it used to be again go back to the Target hack a flat file stored on the system I think think in an area not mapped by the file aloc oan table where a ram scraper was used to populate this that was installed on the cash registers and then and then uh uh leaked out slowly into uh another another uh uh server in Eastern Europe leaked out slowly so we didn't have the problems

that we had be that we have before so if you look at your IDS system right now your intrusion detection system right now they typically have and by the way not a bad idea but they typically have a baseline where they they measure what your network traffic should be and if your network traffic seeds that Baseline by a 95% probability right that you're given this Baseline and our average every day and all of a sudden you get something way over here or way under or way over here you you end up with a a an alert saying our Network traffic is too too high so a lot of these packages try to keep under that radar and and so

that's that's what they're doing so so what we're doing the statistical analysis that they're doing is a just a a confidence interval right and they choose the confidence interval and they say seems unlikely that the network traffic would should be this high so if I want to grab data from you I take it at in smaller chunks right that's the whole that's the game and that's what they did at Target I think no one from Target called me by the way tried to get as much information I can just researching it but you know that's so so but no one no one called me on this but anyway so so the the uh uh idea is you

have this decision software and then you have to convey this complex and sometimes very hard to understand analysis to decision makers in normal Big Data analysis those decision makers are the marketing department the CEO in your case it would be this incident response that we're doing this these highlevel uh mathematical functions on a lot of times uh technical functions too uh they convey this to you in a way you can understand and act quickly on there so there's the key okay so so um and so we we do how big is Big uh there's record sources and I and I I grabbed this from a a normal data analytics uh uh slide uh but for you guys I I know

that I I've I've seen the um um uh the sech uh presenters before a couple of weeks ago uh when they were talking about uh that we that were right before me that were talking about some of the SE uh tools that they use to grab data and we end up with tons of data right every time anyone gets data from you we record their IP address we record the length of time of their session we record what port they were accessing and and and you know we we we uh have literally hundreds of thousands of of hits sometimes per hour so you end up with a large data set um and you recognize the pattern so this is the key

big data right here can you recognize the patterns and for information security can you recognize the patterns that you don't know enough to ask about the zerod day vulnerability okay so you don't know enough to ask about them all right so so uh the old way and this is where I try to bring up old versus new and this is from me not from anywhere I I uh uh picked up so this is this is how would we do things differently how do you stop Target and so the old way signature recognition check your server files some uh file existed check some with the file certain files probably not all of them but some of them uh what files do you

have on your system what are their dates what are their file sizes what's had run a check some to see if they're changed Network traffic uh IP addresses on the network traffic length of time of sessions things like that list of bad websites how many websites are people going on internally that they shouldn't be going on uh you know to see if anyone's internally a bad actor and trying to leak data from your company and so that that's the old way and by the way you still need to do this okay so this is not when I say old versus new I really mean hey don't stop doing that old way but uh you might need to add to

it the new way unknown patterns is zero day vulnerabilities detected new methods of of hacking stopped again if if uh uh if some someone comes up with something new that you stop it without knowing what it is first and then different techniques statistical analysis artificial intelligence expert systems neural networks things like that which are uh which require a skill set that you might not have in your information security area or in your entire it area right so the skill set that you need might not be there um and you might need to find a way to get that um so that's that's what I'm I'm doing now let's talk about what I what I what I look at as

some of the there are some people doing big data analysis and and Big Data uh using big data tools doing a real good job but I I I divide and I'm not I actually took somewhere but I don't remember where um I divide the big dat big data and data analytics uh into three areas where you have a visualization decision support and information Discovery so those three areas so the information discovery would be the the uh idea that we have this information uh what are things that we didn't know before about this information then the decision support is if I had a thousand of you and I gave information to all thousand what would you

do on all thousand cases so in other words you don't have the time so there's software there expert systems that mimic what you would do to report this and then visualization is this idea that once we decide something's questionable we decide something is definitely a threat we turn it off right and and that's a lot of you are unwilling to do that and I am unwilling to do that as well but we need to get to the point where we are willing to do this we we talked to uh uh the uh previous two two sessions all brought up that we're going to have to automate some things right now I know that uh there's

questions on what you can automate and you can't automate but we have to we can't be there all the time we have to automate some things so you have the things that are not a threat because you would look at them and you would analyze them yourself and say they're not a threat and then things that are a threat you've seen it before you know or yeah it's doing some very weird things shut it down right now and what you would do right and then things that we don't know and those are things that the visualization reports to you so you can make a quick decision now the problem we have going with the uh uh Big Data spray that I talked

about is that the visualization we are really good at okay so so we used to get reports and we still get reports but we used to get reports that were the previous night's activities and we would read the reports and even a checklist on paper sometimes on the screen and we'd go through the checklist and fix what we need to fix okay and and uh uh that's gotten a lot better there are a lot of tools out there that say we're big data and what they mean is that they are visualization is that bad and and the answer is it's not bad to have visualization it allows you to look at a bunch of data and a more compressed

format instantaneously and make decisions right away so visualization is not bad it's just that that's all they're doing that's all they're doing right now and and so there are some other companies but but uh uh the visualization part is is the problem in in my in my opinion that when you say you're big data and you come up with visualization and you don't have Discovery or decision support then you run into problems now I highlighted some things on on uh uh decision support and information Discovery uh some of us are are um pretty good at SQL Server already and ad hoc queries and things like that lot of us can do a SQL statement you know um you know without

much problem uh the the olap might be a little bit different but it's still a a a database issue right where instead of having relational databases where data is related to other data you relate every single bit of data to every other single bit of data in into what's called a cube and then you find the relationships that are kind of outside the normal bounds so you know are long connections uh typical in your company yes they are are long connections to California at 2: in the afternoon typical company and that's when they say hey this is weird we don't normally have this you know whereas you the manager wouldn't say well yeah we have long connections I I can't say

every time someone has a session that lasts 20 minutes you know but California 2:00 long session weird you know so it flies under the radar of most IDs but the big data analysis the olap the idea that you find relationships that don't exist would pop it up and say you never had this before then you say oh wait there's a a a a a nation state that is trying to get the data and pull it in okay and so and then the other two things I wanted to bring up or uh well the other thing so we understand that the data mining neural networks if you're not using those a lot of times the neural network finds relationships

but doesn't tell you why and I always use the the example that the uh population of sperm whales in the ocean versus a stock market right the population of sperm Wells is negatively correlated but not really there's no causation there right so so a lot of times NE networks come up with spous relationships the statistics though is important that if you're doing this on your own you have statistics that you have to employ and usually you can't just you know do an average you have to do more High powerered statistics and that takes a skill set that a lot of us don't have um the artificial intelligence and expert systems are important it's the idea that you map

what the rules you are using in your head into the software so you can have manyi U running around on your software and do exactly what you would do they don't have to be intelligent even though it's called artificial intelligent they don't have to be smart they just have to do exactly what you you would do and then the second thing and should be the third thing is the customized software you might need to develop some customized software okay so I bring this up that we do a very good job of visualization okay on dis support some of the time and information Discovery a lot of times we leave that completely out on Big Data Packages so a lot of

times people say we're big data and and we have a big data package and you'll say what are you the uh Tableau and and click sense and things like that are very good at visualization but they expect you to provide the back end they'll make bad decisions if you're if you don't do that so Google came up with this idea of map reduce where you take a database and reduce the information okay and and uh this is the idea and they give the example where we're trying to find stuff about John and put it into a database so we have this unstructured data the map reduce takes out patterns in the data reduces it into a database and ends up with the

result there's a package called headup it's Java based um that that uses this it looks kind of like a zombie attack right except in this case you're doing your own zombies and uh the the idea here is that you have all this data and there's no way a a server a computer one can run through it so you end up with these slave computers data nodes that that you say you do this part you do this part you do this part it's distributed computing and you have to you have to uh uh like a zombie attack is right when you get attacked by a zombie attack and and then the data ends up in a database this is very intensive

and technologically expensive some somewhat so you need someone to manage this and and uh it is Java code a good Java programmer should have no problem with this uh but the the the dup file system that's the tough part so setting up Hadoop is real tough after you get it set up I'm not saying any programming's got its issues right but then after you get it set up there's Java libraries that Hado provides um spun is a vendor here and I try to I'm trying to uh bring up spun because they are the the log file King although if you tell them that they say hey we do other things but uh and they do but the they uh analyze all

your log files which are pretty much unstructured data that not in your database registry entries database logs things like that configurations and they put it all together where the customer data uh the the outside the data center data the rfids the blogs things like that the alerts the the ticket the carabus tickets that you're that you're putting out things like that uh those they analyze all this uh and and they put it into a a bundle of of server where they actually take the data and make it accessible with a rest or soap interface this is where I said do I put rest or soap in here and I thought that'd be boring so you want to read

about rest and soap go Google but the the uh rest and soap interfaces XML output comes back at you and uh it it uh it allows you to do alerts and things like that they do have tools like this tool right here says what's running and what programs are running and what do they put out what data do they put out so they do have tools on Splunk I know that Barkley um was using I I think fire eye again but uh uh and and other s and the uh the person in charge of this came out as a a evangelist for Splunk and said we are actually replacing fire ey which I don't recommend by the way we are

replacing fire eye because they trained the the uh uh Splunk system because neural networks and big data has have to be trained to recognize things uh situations that are bad so they trained it using the firey output with the eventual hope to to uh remove fireye um according to the barklay executive that was doing this he eventually took a job with Splunk and left barklay so I always go wait a second did those talks come before or after you started uh being an evangelist so take it with a great assault but he seemed to be very very uh pro pro pro uh uh spun there are others that say that their incident response uh went down to 20 seconds per event on

average rather than two minutes is what they had before that was WordPress now this is going to be probably the last slide but this is probably the one that you all care about how much money are we making two days ago I went on to indeed.com and said how much are all these jobs paying okay and i' search for information security and big data now I did s similar things with infos and and uh uh cissp and data analytics and things like that and got similar results the blue section is 20 to 55,000 notice there is no blue section on Big Data this these are full-time jobs that are paying 20 to 55,000 so the lowest

paid was 20,000 I think uh the lowest I could find on Big Data was $65,000 a year and so the problem with implementing big data is a lot of Executives look at data analytics as helps Revenue not in security but but in you know when we're trying to do it and they look at information security as it's an expense like I was saying before like Target did and they haven't changed as of two days ago so so they they still are saying they so the you don't get the the brown section is the highest paid the 100,000 plus you get half the big data jobs are 100,000 plus you know less than a quarter of information security

are and so they say there's an information security shortage and the reason for that is they're not willing to pay people to take up the skill set and it's kind of a risky job you get hacked if I'm a developer you're not going to fire me you're just going to say hey develop pastor but if I get hacked you might fire me so so it's so that's the problem that we're having to implement this Executives need to change their mindset so you guys go tell your Executives to change their mindset and uh and see what happens but the uh but that's that's what they that's the problem that we have and again it security tied to expenses and and

information security I mean I information security tied to expens and Big Data uh tied to uh uh the uh revenues a lot of the time and and so expertise and Big Data is harder to come by okay and so uh I'm the idea here is if you can't afford it there are other companies that are incorporating big data in their Solutions make doing the learning process on their servers and sending you the finished product and I listed a couple of them IBM also has one um I didn't if I left your company out sorry there are some other companies that say they're doing in intelligence Big Data data analytics and when I look at it I

can't find any that they're actually doing they they they they say they are but I couldn't find it but these I know Silence has a 99% detection rate according to them of zero day vulnerabilities that when they get a zero day of vulnerability and then they just turn it off they they don't let you run it so that seems to be a very good uh good way to do it so if you can't afford it or you know then try to look for someone who will do it for you and send you updates on your system and you'll get the database nice structured data from them and they'll deal with all the messiness of the Big Data okay and I

think that's it are there any questions okay well then I guess it is uh approaching lunchtime so so anyway take care [Music] guys