The Unmanaged Device Tsunami: Surf or Suffer

okay okay thank you very much so it's been a while since in spoken and a key University Hall so yeah looks good so I'm going to talk to you about the tsunami about all of those io T's and all of those devices that are a forsaken or the people don't think about so let me start with a few really short questions and I appreciate it Saturday at 3:00 p.m. so try to do my best here how many of you believe that there well that's not with that how many have a seem to be at work seem to be okay how many of you think the seem to be is accurate okay that's a really good

response so look at it this way if I would ask the same question ten years ago I think that about the same number of people would say that they have the same to be but then most of them would say yes we have an amazing CMDB yes we have a good seem to be or at least yes we have some problems but we'll fix them we are on a way to fix that thing is that the world kind of change sense so the explosion of those IO T's what's an IOT any examples here ideas what's what's an IOT device cellphones electric meter okay yes it is yeah that projector exactly that projector that yeah that's

not a small TV it's not the TV but yeah actually I've seen some of those smart boards that have the cameras on both sides right that you could just capture what's on that same thing any but these are just you know these are office environment or electrical environments what about your innovator what about your HVAC system what about what's the funkiest thing I've seen lately that actually connects home anybody heard about the fishtank example

medical care everything is an IOT whatever whatever you touch is an IOT fishtank so as you see I have a presentation I have many slides III hate slides so I'll go through some sites do but I hate slides when you look at there was a there was a casino in Vegas that had what still has it a huge aquarium with lots of amazing fish lots of expensive fish in gorgeous dish and this fish had a small sensor that was supposed to measure how hard to what was right that's really important measurement okay how much you think that sensor cost yeah I'm five bucks ten bucks you know something something you'd get from eBay I'm sure the casino said they didn't get

him from eBay so they pay fifteen sort of five that sign they connected it to the guest Network because Fisher gets our guests and and they had to connect it because that's how those fish where I'm sorry that that's how the head sensor connected to the Internet okay and there was a whole knock somewhere in China I don't know where this that was actually monitoring them and that water and made sure that the fish will still be alive what do you think happened so usually when I tell the story somebody would say fish tag is a nice thing that that's usually somebody would say did the fish burn no the fish did not burn what what

happened I actually went to see that aquarium like the fish are okay what actually happened there was that somebody came with his cell phone and connected the tiny computer to that and used bluetooth in order to connect to that $5 sensor now it got now this $5 em so you might imagine doesn't really have too many security features right I mean it's a sensor it protects fish so connected via bluetooth nobody cares about that was in the network was what was in the fish tank then from there he went into the guest network from the guest network he went into the corporate network because that's what people do nowadays you know the distinction between guest and

corporate network is just for show if you know what you're doing takes two five minutes and got into the database and got all the lists like the one thing that the casino has that's the most expensive thing which is the list of its high waters okay you can google it later true story so fishtank $5 devices everything that explodes in the world so yeah I don't have some slide so let's just go to some examples here a smart office right looking at all the devices in your office how do you know if your printer is malicious why do you care same thing like same thing like anything else right if the printer is doing something wrong it will get into your

network and will get to wherever the most important value but whatever things is not to mention if you really need to print something and it doesn't work that's not good hospitals right health care that's where it becomes just not funny right so when you're looking at patient monitors and we're looking at infusion pumps right these are true examples that happens in hospitals in the US so when you look at a monitor you know just think about the possibilities here I mean monitor saves lives right it will give you an alert when somebody when somebody needs attention that's not funny anymore so what happens if that monitor just doesn't alert what happens if it's a I don't know a famous person

and that monitor instead of what monitoring would just send all the vital information to someone in the cloud right privacy issues infusion pump in other I mean it is a funny story now because the patient is actually alive and well but again true story there was an infusion pump that was connecting to a person and that person was not in a good state and that infusion pump was compromised and it was discovered that is compromised but they couldn't take it off because it was actually really important so they actually for a whole week like they literally didn't know what to do I mean taking it off is bad keeping it is well bad too because you don't know

what's going to happen they actually had the nurse 24/7 looking at that person with that infusion but not have really known did not want to be in that person's family there was a nurse 24/7 sitting there in making sure that the patient doesn't deteriorate because of that infusion time that they didn't know what's going to do okay left one of those robotic arm industry ot environment all of the all manufacturing things and at have a few like funnier examples about manufacturing later but all of our everything that's being manufactured works in a protocol called SCADA anybody here know SCADA that's actually a lot for that question okay SCADA is well old right there are several protocol where there are million

protocols inside SCADA some of them on you or some of them are older but when you look at the factory most of them have older equipment because guess what it's really expensive to replace that equipment and 20 years ago not to mention 50 years ago but 20 years ago when you create when manufactured a million dollar worth of a a nano a manufacturing machine nobody cared about security wasn't didn't existent nowadays the newer things would have newer protocols that are encrypted that have lots of interesting things you can actually look at the automobile industry as the evolvement of those machines right anybody knows what happens when you any cards you're using when you hit on the brake yeah what

[Music] exactly exactly it's literally like like the day the petal itself doesn't do anything it just it just triggers a command it's not SCADA because it's car doesn't matter but it's the same idea right just trigger the command and then something breaks who protects that well they're companies that do that that's not us but but that's leave or when things they are way more encrypted when way more protected okay a few numbers few numbers look at those numbers of devices green device and just going from 2010 to 2020 one I have numbers for 2025 and 2030 this is actually a gardener grass the green is what we call the normal devices okay normal devices increase obviously things

evolve but not too much normal devices a big computers PC servers things like that you know in normal growth then you have all of your BYO these laptops tablets smartphones I'm not that old but when I was in college nobody had the laptop nobody could afford I mean we had laptops nobody could afford it there was like nothing there and two years later everybody came to class with a laptop right I mean I guess it's the same thing now same thing now all of that is exploding but IO T's 25 billion devices in 2021 they're talking about a trillion devices by 2030 a trillion from 25 billion which by itself is crazy all of those devices

are unable so when you're looking at 10 years ago again in any n 10 years not 100 not 20 not 50 10 years ago 5 years ago when people talk about protecting networks protecting devices usually the next word that came was agents right how many of you have agents on their laptops at work ok make sense every corporate it basically means hey I work in a corporate right every corporate would have you know one agent to agent 25 agents whatever it is for different purposes that would protect your computer better or worse whatever that's fine but would protect your computer you can put any agents of those if we're looking at that correct projector right there you cannot but you

cannot put an agent on that that's what we like to call the ungettable device great those are devices that you cannot put agents on 95% of the devices by 2025 are going to be an agent over okay before we go to that I am from so again my name is live I hope a it's got a bit of your attention with all kinds of war stories I have many more to continue with I'm from Armas and I'm heading solution architecture in the East Coast and strategical accounts that means that and we'll talk later about what we do and why we're doing I just want you to remember one thing as I continue my story what we do is listen to traffic

with any story that I continued that I continue saying and telling you about think about the fact that every device that I'm talking about cannot have agent every device that I'm talking about has traffic we listen to the traffic and give protection any examples that I'm going to give towards the end there will be ok what we would have done any differently then the reason I'm saying it now we're not waiting to the end is a short story like to tell you I like to tell you those things why did they join arms what great place to work at but beside that I used to work for five years in a small startup that was in the

telecommunication completely not cyber had nothing to do with cyber and we were managing cellular antennas ever thought about here at the cellar antennas around wherever you are right there are so many of them some of them are hidden low tech trees some of them are way too obvious 8% of the power consumption in the world is cellular antennas 8% yeah that's crazy the reason I'm saying that that my old company used to do managed capacity of the antennas and saving energy my pitch used to be hey if you're going to deploy us all over the world we will save 10,000 Niagara Falls a year okay my point is I had a project in Indonesia and I went to Indonesia and I

needed to connect to their networks go into the main part of their corporate network that actually manages the antennas we won't get into all the details there but just to that one place from which I can power off and manage all the antennas in all of Indonesia and I needed a VPN could you give me a VPN anybody to that one server that can power of all the attainers in your country so I I can tell you that some American companies did give me vpm but wouldn't tell you which ones but to go back to Indonesia they would they didn't want to give me a VPN I flew to Indonesia I met with the CTO of one of

the biggest Indonesian several companies in three bottles of wine later he signed a document saying ok you can get a you can get a VPN ok two-story so why am I telling all of that story well we started walking with this with this network and and we powered off those antennas we did whatever we needed a week later we discovered that by accident we actually powered off also all the cameras in that building by accident connected to the network who knows where it goes where it continues so that's when I came back and said okay I need to switch to a different place to where we actually protect from those things that's another example of

something that we would have done better and protect from that would have been discovered in like five minutes okay 84% of security professionals believe that IOT s are more vulnerable than computers I should have asked you first before saying 84% but okay enterprises have experienced IOT security incidents just like I've said before and 74% believe that they have in adequate security for IOT s okay showing some numbers here cyber attacks on IOT devices surged by 300% don't you like this big slides of you know scaring you about something and Microsoft ones Russian hackers can breach secure networks okay anybody heard about those guys strontium or I'm sure it's pronounced differently because it's in Russian nobody okay this is a

Nash nation nation nation-state this is a group backed by the Russian government everything that I'm saying now is not a top-secret whatever this is was actually published by Microsoft so the Russians are really good at doing those things and you might think okay so there are against these governments so not to get into which ones but against this government so what do I care or what can I do about it well according to the statistics twenty percent of what they did was actually intended against governments around the world 80 percent was not true story anybody knows who Mondelez is really nobody knows their name anybody knows who or what Oreo is come on motive in

the or yours come on the cookie yeah okay Mondelez makes Oreos they actually made they make like half of the chocolate in the world okay in all kinds of other snacks and whatnot in 20 I want to say 2015 might have been a year or two before after Mondelez was attacked who the tech chocolate makers and they make chocolate they they're specifically a factory that they own was attacked and it's only problem was or the reason that it was attacked supposedly at this Factory has the misfortune to be placed in the Ukraine now they they have over a hundred factories around the world and that factory was in Ukraine was attacked you know globally and that Factory was

one of them and if you can google later wanna cry attack in Mondelez or Mondelez Ukraine or any other combination of that you will see that ok public record it got into their new queen factory it close it shut down the Ukraine factory can you just imagine if like there's no more Oreos in the world because the globe they didn't manufacture Oreos in that Factory Eggman I don't know what exact type of chocolate they made but can you imagine the world shortage of that specific type of chocolate because somebody attacked a chocolate factory in the Ukraine okay that was one of mine anybody knows wanna cry oh that's actually nice okay doesn't wanna cry exists anymore okay so

if you go to frankly if you go to manufacturers if you talk to the sea to the sitios of the sea sauce and you kind of mention the word wanna cry they would knock on wood they would jump three times they would hide under the chair like everybody is really afraid of that and the reason is it's it's kind of like the plague it's was supposed to be radical about two years ago and yet we keep seeing that again and again and again I was actually doing a POC with this company I wouldn't say that company's name but I was doing a POC with the company just last month and we were installed we started really small in a tiny lab that

they had somewhere and like five minutes into being there hey you ever wanna cry and the lab manager literally went under a chair when I said that okay so let's get a bit in depth you know we're not too much but in depth into one of the more interesting attacks and the reason I say it's more interesting is that actually we Thomas discovered that specific vulnerability and I'm about to talk about so who knows what vxworks is higher like really okay very good is the most okay let me ask differently what is the most common operating system in the world right now exactly yeah sorry about that so I was shocked when I heard that and when we start with that I

mean know what's the most no operating system Windows Linux don't want to get into that site I'm I have a Mac but I don't know Android iOS for that matter you know whatever it is so no but not not even close okay so there are over two billion devices that are running vxworks VxWorks is a actually over to two billion devices that are running older version of VxWorks they're over 10 billion devices that are running fix works right now Vic's box is a simple operate and amazing yet simple operating system that literally everything that's an IOT has so projector I really don't know but most likely is running vehicles all of your printers are running VxWorks all of your

Xerox machines fridges lots of switches by the way and a lot a lot more we'll get into that so Forbes when was that July 29th published that the reason this is July 29th is that we or every year we published some new vulnerabilities that we found before blackhat everybody does that so that's when that came in two billion IOT devices that got the critical object now critical object now means well that it is critical and it should update right now and then we're going back to the medical part look at those devices anybody recognize those all kinds of all kinds of medical pumps there right that is also running vxworks okay because again there's they're simple and sure

they're doing amazing things but your simple i of T's right running the same thing decade old code is putting millions of critical devices at risk okay so let's forget a bit into that debt vulnerability and this is what this is one ability that we came with it's called urgent 11 anybody knows why anyway that's how anybody heard about urgent 11 okay not too many okay that's well it's bad for us but it's good because you won't be bored anybody knows why of those who knows it why it is called urgent 11 so sorry it's what Oh excellent now now it's it's action hmm no no it's actually it's a combination of eleven vulnerabilities so urgent 11 now marketing guys so

so what does it actually do so if we look at any type of device or IOT for that matter there are basically three layers we have the physical layer which is the Ethernet port itself or Wi-Fi for that matter we'll call that a layer then there is the network stack layer which is the network and transportation so basically everything that runs in the network and then we have the application layer which is well the application the layer of the application okay everything that's in the actual code right that will run at the application if something is a vulnerability in the physical layer it is really bad because then you need to replace the actual cables I mean that's

that's crazy if anything happens in the application level then then it's usually a patch right because okay there is something wrong with the code it will impact something very specific right so you just protect that it's usually easier and you'd usually have different layers that would protect you from that so urgent 11 is in the network layer meaning that meaning that if a device is vulnerable to urgent 11 all the attacks will happen through the network layer it means that it runs through all of your firewalls so let me say that again traffic that goes through the firewall without stopping isn't that what 5 was a 4 to stop traffic going from A to B well not at

the urgent 11 so basically and I won't get into all the sub versions whatever many versions of VxWorks are vulnerable to that over 2 billion devices in the world and the whole idea is that attackers are bypassing security traditional security is just a fancy name for firewall so what bypassing firewalls and just going through that and get into the devices so if there is one device that is vulnerable inside your network an attacker can go through the firewall get into that device and spread all over the network as simple or alarming as that so what is impacted well I said that everything that has the Xbox right but everything that is SCADA oriented all the in just all the industrial

controllers all over the world patient monitoring MRI machines firewalls VoIP phones printers have some list of manufacturers I'm allowed to put it all here because we actually announced it to them a few months before we published it to the world right and there actually and this is the story of how we did that so look at that this actually happened at Def Con last year so I think it was definite it's biohacking village that's what it was so our CTO stood there you don't see him on the picture but that was right there and he was sitting with the CTO of Alerus and that's why we're showing their logo right there I mean true story

he was sitting right there and he told him let me show you something and it took his laptop and broke into the device and like five seconds and just to show that he broke into it see what it and don't see it really well but here on the zoomed in picture it says communication error so basically took him five seconds to make this medical device stopped working and that device was a new device that was shown in that you know in that biocking village I mean it was the newest latest whatever they had in five seconds communication error then we came into the into the hospitals and announced it to everybody we actually took I think it's three months

between telling them and announcing to the world we worked with the FDA and DHS and with Alerus before the announcement and made sure that everybody is aware of that and that the on the day that we announced that they would actually have a patch already ready for that right not just start making the patches then but so the vulnerability is only vxworks and then it became a bit interesting so two weeks after that there is a big hospital chain that we work with and we came to them and said hey you know you have us installed and said yeah we're very happy with you and we said so this is the list of all of your devices that are

vulnerable to urgent 11 please go ahead and you know patch them because it's all dangerous and we like to do that on a Friday so that way they have to work on the weekend and only for those we want them we want to work on the weekend so we did that and then the next day Saturday we get a usually like to you know call us back the next day ins during the weekend because we started I guess you know what why so the colors back Saturday and they call shenanigan and they said this device right here that you say this vulnerable is not and we said hmmm why I mean you know we found the urgent 11 we're kind of good

at saying who is fundable and who is not nobody else knows anything about it because we just came out with that so why are you saying that said well we contacted the the manufacturer of that device and they said that this device does not use speech folks so therefore it's not vulnerable and literally culture Nanga was not a good weekend I can tell you that it was noon right so kind of okay maybe we have a bug in that mechanism that discovers the devices or anything else I mean you know make sense so we came back and so we actually checked it out verified then came back and said okay we found the problem actually urgent 11 is way bigger than

what we thought vxworks bought some I mean many companies throughout its life 20 years ago they bought a different company that I won't say its name but they bought a different company the bug actually started at that company so all of the older devices that do not use VX works just use that company before it was bought by VX works actually also have that bug and that was that medical device yeah so it keeps expanding actually every month since that summer we found some unpublished some more things that came in with urgent eleven so you can go to a website I'm not done yet but you can go to a website and see all of those reports and

patches and everything about urgent eleven it's really fascinating when you get into that and see some more things and the interesting part is that it's not it's it's you know it's everyday it's everything that we touched every day that is vulnerable to that okay so let's continue with a few other examples here so we talked about wanna cry right and run a cry for chocolate so what about wanna cry for MRIs true story so all of this okay I didn't look at this right the reality of real IOT what actually lays behind that is real customers of ours okay so all the stories that I'm telling you now and not things that I read on Google that are

actually our customers MRI machines that are connecting to the internet who knows what is running on what operating system is running on MRI come on it's only it's on the slide Windows XP Windows XP MRI machines are actually pretty old computers that have amazing things connected to them right being an MRI machine but from the you know from our point of view it's it's a Windows XP machine that's what it is so you don't have to tell you how uncatchable or and how vulnerable Windows XP is being so old right not to get into Linux windows things just being that all more than it's under warranty it cannot be patched unless it is patched by the manufacturer

you can you know I actually went to one of the hospitals and say you know I'm pretty ignorant there why can't you upgrade the damn windows XP I mean why said what we can it's the FDA not approved actually doing anything everything that you do in a hospital has to be FDA approved right a manufacturer approved and I said where we can't we can't do anything about it okay having said that that MRI MRI machine is connected to the manufacturer in order to get updates yeah bit of an oxymoron there but anyway it is connected to the Internet Windows XP do I need to tell you what what's going on when that happens right so when equai got into the hospital got

into that MRI machine started connecting to anywhere in the environment using SMB protocol and infected everything around okay I told you I don't like slides so I'll tell you a different story about an MRI which is not on the slide another true story this is in hospital and I won't say where but it's say that's quality cost and what they did was where I started with a lack we discovered it throughout the story but I'll tell you what actually happened so this lady did they found her like I know her name this lady was bored one night at 2:00 a.m. and she wanted to go on Facebook I said she was on hospital and she wanted to go

on Facebook I don't know why I guess she doesn't have a phone or a tablet or whatever and she had to do it from a computer and she had to choose the MRI machine to go on Facebook I really want to meet her and so she went to that MRI no MRIs are connected to the metal of that MRI anyway it's connected to the network using Wi-Fi I don't know why and she went to that and you know literally you know facebook.com and Amy didn't work you know why with somebody to this job within that hospital and it had a firewall that in other solutions and whatnot that basically you know point where that segmented the medical network

into you know so you can go on Facebook kind of make sense and I'm all into network segmentation it's an amazing thing it's not good enough but it's really good so she was so so so she was really she really wanted to go on Facebook at that 2 a.m. so she changed the wireless network to Starbucks it's a hospital heavy Hospital has a Starbucks right so now we have a Windows XP computer oh excuse me MRI machine connected to stop so she spent about half an hour this is all what we found in the logs she spent about half an hour doing whatever she did on Facebook then she was was really good about it she

connected back to the medical network and you know went back to doing your stuff no no she would not she was walking there she was oh yeah I hope patients don't have that access to the MRI machine so so anyway three weeks later so everything is okay right I mean it's stupid but it's okay because it's back on the medical network always good sweet mix later there was an outage in the medical network elect two seconds so nobody really paid attention to it okay it shouldn't happen but okay did a few seconds or was back on all is good except that the MRI machine switch to the Starbucks Network so now you have MRI tests being sent out on on the

Starbucks Network public network Smart TVs so we talked about projectors let's talk about TVs every boardroom has small TVs heavy board rules where not every most board rooms have really top-secret personal information things that we don't want to get anywhere right this is another true story Smart TV was compromised and with a malware that malware instead of trying to spread in the network started spreading using Wi-Fi smart TVs are they don't have chromecast nowadays or other casts for that matter the broadcasting an SSID right they're actually doing the same for broadcasting for bluetooth so you can connect through that you so they just started broadcasting that whatever was open just cut it and got the malware by that so

you're asking you might be asking okay what did armies do about it right because you know and again and I'll get at the end like in the next five minutes about what we're doing about that but it's not in the network and I started with saying protecting the network so how did we found out that so people don't know about people don't know that but I was like oh okay the access point I don't see which whose access point that is but yeah it's right there I don't see who's the manufacturer but anyway most likely its Cisco aruba because we're in the u.s. so people don't know that those access points actually have a model

that scans all the Wi-Fi in the area on 2.4 and five that means that if I am using this computer right here I'm not in I'm not in the guest network here I'm not on any network if I'm connecting it to my phone's hotspot it will know if I'm connecting it over Bluetooth because I have a I know FM keyboard that I connect to the computer it will know nothing is connected to this access point but it will still know about this axis same for ZigBee same for any type of information of traffic that's two point four or five gigahertz that's how we know about it we come to these places we look at that information we say hey

did you know that x y&z connected to your Smart TV usually answer is what my favorite boardroom story is actually about it's one of our first clients we came into an office environment nothing special not medical not ot not nothing and we did a nice POC we connected ourselves we got spam traffic right copied the traffic of the network listening to that Network and and then we came back after a week we kind of give results and we show the dashboard that we went through alerts and we say you have to have death and this is what you do and what's very interesting and then the last one was in by the way did that tablet that you have

in your boardroom this is and then they stopped us which tablet that work you have a tablet in the boardroom that's sending traffic every night at 2:00 a.m. to somewhere and that somewhere is outside of your network I don't know where it's in a cloud and they and they say well what happened we don't have that we don't have it habit there's no tablet in that bottom so everything I don't know I know there isn't have that I know it's connected to the access point called the boardroom so either you have another access point called the wardroom which I hope you don't or you have a tablet connected to your boardroom so they literally we were

sitting at that boardroom he stood up went look at all the there was some deaths around there's some closets and found the tablet tablet was there like forever and was sending that in for me it was recording whatever was in the office and send it up to wherever it was yeah so this is why yeah so this is this is the help let me jump yeah okay last example and then and then we'll go to the last slide actually no I'll stay with the TV's last the story this is one of my favorites it's not type of security though it's a bit more funny than that so Friday 7:00 p.m. I'm in the middle of a a POC with the most

important client in the world must-win project everything has to work ok again Friday 7:00 p.m. right and I get the phone call and said well there is this lady in this I don't know why again it was the lady I later I later I later met her instead there is this lady on the fourth floor of this building in California in which were installed and she says that Internet is really sluggish and there are issues in the network and I really wanted the same way she might want to go home and it's Friday 7 p.m. 4 p.m. California fine but ok let's call it a day a week and I couldn't do that so we opened the Consul

together and we saw a few alerts so the first alert that we saw was abnormal behavior for a device of type Smart TV so a few things there first of all a Smart TV should do very specific things right I mean it should well show something right it should download traffic because if you are using onion on Netflix or whatnot it should download that it should download some updates right software updates for the TV hopefully not much more than that so this mart TV was uploading 100 gigs a day and there were 4 of those in the building uploading uploading so so that was one alert second alert was a policy violation so they basically according to

their regulation that company small tvs should not be connected to the network at all that's whatever that's what they sent some companies do it this way some other way but they had the strict regulations regulation no TV should be connected to the network and yet it was so that's what the alert that's the second order that came third alert was abnormal behavior for the network nothing should upload 100 gigs a day right so one alert was a small TV shouldn't behave that way neither alert was a nothing should behave that way ok just take a look at that anyway what happened was and that's why I'm saying it's it's so funny because it's not it was not an attack I'll get

to the end of it it's kind of like the fish that we didn't burn so it's kind of the same thing it was not an attack that the Russians were not you know attacking that office in California or nobody else attacked it what happened was that somebody connected that TV to the network again he shouldn't have right I said it's against the law against their regulation and yet he did that if we try to get an update as it should it was blocked by their neck so now the TV try it because it was not connected to the network it didn't have a certificate so then the TV tried to get a certificate and failed because TVs are not receiving

certificates so then we try to update or up to update the software and fail and then try to get a certificate and failed and it did it quite faster than you know my withum of speaking and got to a hundred gigs a day this is a really big client so they're not just a big client of ours they're also big client of Samsung okay it was the Samsung TV so they reached out to Samsung and said hmm like what are you doing and told them the story and Samsung said no way that's not happening so they came back to us and said hey well first of all you saw your network so something did happen and

B here are the logs of everything because I see everything I listen to all the traffic I show everything here are my logs so they went back to Samsung Samsung came back and said well we're gonna do it there's nothing wrong with the TV X exactly it should be here's a patch by the way ok so not to spend all the weekend I'm going to jump over all of that and get to the last point in two minutes to nothing I hope so why am i speaking about all of that except that IOT so fun what are we doing so we are armas and we are basically coming to big corporates and we are when we are giving

three things discover analyze and protect full discovery of all the devices in your network everything computer servers BYOD device IOT device ot devices medical banking whatever it is if it has a pulse now if it has a MAC address or an IP we see that right that's why I started with asking who has a same DB who thinks Aseem DB is good nobody this is the only source of truth because it listens to the traffic nobody can hide second thing is understanding what is this device doing so ok gets I discovered the device and I see it has traffic great I am able to compare that to my knowledge base and I'm able to show what type of device it is this is

the camera this is a dishwasher this is a projector they say whatever it is and I can show how it should behave like so going back to the TV I know that it shouldn't behave that way going back to a camera that has bought net I know it shouldn't behave that way going back to the MRI machine I know that it shouldn't behave that way that's the strength of what we're showing completely passive no agents no installing anything not doing anything listening to the traffic knowing what the device is what it should behave like in saying hey that's not good that's abnormal that's malicious that's a breach of policy and the last part is protecting

and saying okay you got the malicious device let's take it out of your network okay I'm still within my two minutes so questions okay yes so I'm getting two sources of traffic one is the two sources of traffic one is my wirelessly your wireless LAN controller just read only show commands and the second and most important is a spent port or tab if you have it but basically spend port copying or receiving a copy of your traffic that's why I call it listen because we just get we're not in the middle and not poking the devices we're not trying to reach out to the device in any way we just receive that traffic from your span listen to it and do

everything yeah so first of all we are in the cloud so there's a nice cloud picture there we put something on site we get that traffic we parse it we reduce it get only the metadata and send it up to our cloud so that that's one thing second thing nothing stays only in the cloud so it's good enough that let's say that you have a million servers in the cloud and they are connecting to your actual network because you need to get out of the cloud one day connect to your actual network that's how we'll get all the traffic coming from the cloud by the way you know roadmap pretty soon we're going to just duplicate everything

to the cloud itself and kind of put instead of a appliance and like a physical thing we'll duplicate that into the cloud you okay yes I it's nothing so we're usually doing its either virtual machine just four cores something really small or we're using a one you have deep tiny server so it's really simple and the reason it's so small is that it doesn't do anything it just takes the traffic which uses it and send it up to the cloud so I can throw that the cloud environment is a monster one but you don't care about that okay thank you so much and