Phosphorus

foreign [Music] thanks everyone uh appreciate you guys uh attending just going to give you guys a quick overview of the phosphorus cyber security pro uh platform when you uh first log in you're going to be greeted with a snapshot of your xiot environment so we've done um you know Discovery we've identified what you have uh right now I'm actually showing our lab in Nashville so you can see one side of the lab here uh our Founders uh are you know old school hackers so you can see they've got their uh pay phone over here you've got some crock pots uh and then I actually have a close-in video here of a phone so I'll show you tell you more about that a little later as I do the demonstration because that's probably not the most exciting uh thing that you'll see oh now I'm oh okay sorry it looks like we're not uh yeah sorry about this all right how's that look foreign sorry about that so this was that snapshot screen that I was referring to giving you kind of a view into what you have um this is our lab here which is in Nashville so just giving you a quick show here there's the PayPal and everything that I mentioned and then this is a close-up on one of the phones here so we're going to be actually doing a firmware update on this phone a little bit later just to kind of show you how this works in action so going back to the snapshot screen here you can see we've got everything we've discovered we identify new devices we'll show you devices at risk and this is one active site so it's that site that I showed you we actually support multiple sites you can you know based on geography or tenancies you can set that up as well here's a highlight into credential management so we act as a Gateway into your privileged access management platform whether it's cyber Arc or Beyond trust or hashicorp or bicotic you name it we can integrate with those platforms and allow you to manage passwords on your X iot devices here's your most vulnerable devices so we'll do Discovery we'll identify the devices that you have based on the firmware that we're running we cross reference cdes and other information to identify the vulnerabilities and the severity of those vulnerabilities we'll also highlight end of life devices so we'll help you understand what devices are on your network that are no longer supported by the vendor which means no more new firmware and which means obviously you can't RMA or do other things like that and you know you're hitting eBay so there's that Disaster Recovery risk will give you views into vulnerable firmware and also risky configurations so identifying things like telnet being enabled and so on overall inventory being shown here as well breaking it down by device types and everything is clickable so you can go down and drill in and find out more information about the things that we discover and then going down here you've got the different alerts based on criticality overall kind of response remediation elements you know your homework list so to speak as you evaluate kind of what your stance looks like from an X iot perspective but yeah let's get into the device view so after we've done the discovery we've identified everything here we're going to sort of all the devices that we've discovered by alerts and these alerts are going to identify uh you know kind of the most vulnerable or the devices that have the most issues so you can see that list here you've got manufacturer model type we've got alert severities you can filter on that like if you just want to see the high severity you can do that really quickly um you've got tags so you can actually tag devices by their type so if I just want to look at my cameras for example I can do that tags are also utilized within the product for role-based Access Control so a lot of our clients right they've got different teams you might have a physical security team so they're focused on cameras and door controls and building controls things like that those people should have a different level of access to devices than perhaps your OT folks or other people that are involved within the environment you can also go by type manufacture even so this is a great one we start looking at you know for example the US Banning Huawei and ZTE uh certainly a big concern for for organizations uh understanding if those types of devices are in the network uh and so on so if I click on one of these devices here like this is one of the cameras you can see the type of information that we pull with our discovery basic Network information host name information but also detailed metadata so this is extremely important because accuracy and Fidelity is where we have to be you know top-notch and so when you come down here and you look at what we support with this device we support interrogation which is our term for querying a device after we've already discovered it talking to it in its native language making sure it's up and it's healthy password change and firmware update for this particular device we also identify based on our previous scans what has been added what's been changed or what has been identified from a protocol from reports and also a service perspective and then as you go down here you can see the active alerts that are existing for this particular device so it's got default credentials it's a discontinued device it's got automated firmware it's got vulnerable firmware and it's got a vulnerable SSH server so all of those uh elements have been identified I'm actually going to go back to my uh camera here which is 105. it's the one that I was just showing right here and before I get into doing a firmware update I want to click on this device and I want to show you real quickly what it looks looks like when we do a credential rotation so basically the credential rotation I've already integrated into my privilege access management Vault and if you guys end up wanting to take a look at the product within our proof of value we'll bundle the platform it's just a single Appliance either virtual or physical then it'll actually have a vault in there that you can use because most folks you know don't use their corporate Vault within a POV just to make it easy and clean but it's very easy right I'm I want to rotate the credential I go ahead and do that it's going to be very quick we're API integrated in I've gone ahead and I've changed the password on this camera now I'm showing you one device we can actually do hundreds of devices at a time we can do dozens we can do two you've got that flexibility I'll show you that briefly but I'm focusing on one device at a time password has been rotated so I go back to my camera I now have to sign in I don't actually know the password anymore because I just rotated it so I can go into actions show device password this is actually going to connect into that Pam because we have the integration and query that password we don't store any passwords we only grab it from the Pam based on these types of queries and as you can see here's the new password really nice complex password and that's another part of what our platform does for X iot devices is we know the recipe for the complexity of passwords that these devices can handle because as you may or may not be aware some of these xiot devices or embedded devices can only support certain components right they might not support special characters or maybe they only support lower case characters we will make sure that the most complex password possible is applied to that device so I've gone ahead and re-logged in here I'm in I'm gonna go ahead and close this and now we're back in and something I'm going to do here quickly is I'm going to actually reset the password again and I'm going to set it back to default which in this for this particular device is pass and I do that for two reasons number one uh I got to do this demo again later so there's that so I can show the credential rotation another time so I've logged back in here I'm going to go back to our video just so you guys can get back to seeing the stream that we were watching earlier now I'm going to go ahead and query this device just to uh simulate what it would be like if I uh did another uh Discovery and what you'll see here is we've identified that the password has been reset Now by me resetting that password back to the default you know out of the box brand new uh configuration that's a simulation of what we call the paper clip attack so you know I don't know about you guys but in my home network I'm guilty of a time or two having to reset my router or something like that right and you know the drill you take the device you pull the power you hold down a paper clip into the pinhole and then you power it up and you wait about 10 seconds or whatever it may be and it resets the configuration and the password and because I enroll this into our privilege access manager we've identified now oh wait that password is no longer what we set it to so I'm going to go ahead and update the credential now we've got that now we've we've communicated that we've validated that with the device and now it's back into that Pam now the other layer of that is that's one of the metrics from an alert perspective that you can see here so we can integrate with your sim your analytics platform your ticketing platform and you can see here alert passwords are set it's got default credentials and that assigned credentials invalid so that's an indicator it could be an admin doing something but it also could be somebody attempting to gain access which you know is pretty easy from that perspective when you're talking about a device like that another thing I'm going to do here and prior to doing that I want to show you firmware so this camera is another one of those cameras that I was looking at you guys have probably had the same story right in my home network I use I have a NETGEAR switch it's a 24 port and I think it's been around for a while because every time I go to netgear.com go to their support area check for new firmware I then have to know whether I'm a REV one a rev2 A rev3 or a REV 4 of that switch right uh and I don't always remember I remember the model but I don't necessarily remember the hardware revision number so sometimes I have to go under you know underneath my desk find the switch take a picture or use a flashlight and figure out what brev I have so all of that is just work that I have to do and that's just in my home right for one switch when you talk about organizations that have hundreds of cameras hundreds of printers hundreds of plcs hundreds of door controls whatever it may be that's an X iot device you've got to do that throughout all of those vendors and understand that and so what we do here at phosphorus for those types of situations number one it's Fidelity we understand exactly what the device is 100 from the hardware to the model everything number two we're a CDN content delivery Network for all firmware so we scrape the internet with all of these authorized manufacturers we download all the firmware and you can see this this access camera has 44 different firmware versions and where kind of towards the start of that Journey right it started with the seven series we're now in the middle on the 8 series you can see for each one of these you've got all the cves identified and if I for example wanted to go all the way to the latest one I can do that we handle everything the pre-flight checks to make sure the device is healthy will validate okay you got to get to version you know 9.2 before you can go to 9.8 we'll go through all of that you can see the shot 256 the md5 all that information is there and it's one ACL on your firewall for supporting all the vendors in your environment instead of having it allow access to nethere.com to Cisco to whatever it might be for all the files so that's one of the big differentiators there and now I'm going to go back and I'm going to do a firmware update on my polycom phone now this is the one that we've been looking at with the camera it's probably like the least sexy thing you've probably ever seen on film you know we're watching a phone which is you know number one who has a desk phone these days but this is actually very regular in a corporate environment for sure and the polycom is actually really really nice because these are very graphical when they do firmware updates so that's one of the reasons we chose this for our demonstration and don't worry I'm not going to make you watch a full 10 minute upgrade of a phone but I want to at least show you kind of that kicking off and so with the polycom phone similar to the camera you know you've got the the firmware it is the hardware we've identified all that the camera this one's a little more simple there's only a few options here I'm actually going to use this middle one because it's about half the size uh of the latest and so I go in here I hit install firmware I hit confirm and away we go right I can go do other things like look at reports and other things like that and I'll do that shortly now first I want you guys to see this kicking off uh and I'll go back here periodically and in fact later on I need to downgrade this before the next demo so I'll downgrade as well so we do upgrade we do downgrade and that's an important thing to recognize because there are scenarios especially in corporate environments new features may cause issues and all of that and so you want to roll back you can do that very quickly as well so you may have caught that it was contacting the provisioning server that's us now it's it's doing a reboot uh after it's downloaded the file and then it'll go proceed through its you know 10 minute update process so that's for more updates and while that's going on I'm going to show you guys uh some of the reports that we have um and kind of help you identify that now actually one thing prior to that you can see here now it shows that this device is updating meanwhile I can continue to look at all the devices in the environment um if I pick um you know uh pick another device here one that has a certificate now that one doesn't I'll just choose this camera so we also identify certificates on X iot devices now I'm going to preview this because this is an important feature that we're going to be releasing in Q4 this year right now we'll identify what certificate a device has and as you may or may not be aware X iot devices embedded devices you know any device that has an IP address but can't take an agent you know it's purpose built very low resource and it's focused on usually about one or maybe a handful of things nine times out of ten these devices has a they have a self-signed cert so we'll identify that we'll help you see that within your platform coming next quarter we'll integrate with your certificate Authority and allow you to deploy your own signed certificates to all of your X iot devices so you can get rid of all of those self-signed certificates so another cool feature and also prior to showing the reports I just want to show you how you can select all devices if you wish perform actions and you can do things like enroll in the privilege access management rotate the passwords install firmware so you can do that in Mass very very easily and in fact you can schedule it so as you're going through the process of you know crawl walk and run the important part do the discovery get your arms around what you have now and what you have today and as you're maturing down the line what will ultimately happen is you'll get to a point where you feel pretty good you've got all your X iot devices enrolled and you're doing password management you've changed the default password which is a huge win initially and now for compliance and Regulatory reasons you can change that password every 90 days you can schedule that you don't even have to come back to the platform let's check on our phone it's uh getting the network up so it's actually getting close to being done here so let's go back to reports here so number one this is a report on alert history pretty simple and straightforward I call this you know the why we bought phosphorus and the Justice justification report which you know you start with this many alerts and you get down really low right easy another one down here I like to hit is this is really my favorite uh is discontinued devices so with discontinued devices this could really be a very simple product in of itself because when you talk about X iot because they're purpose-built devices what usually happens is an organization or an individual or some party comes in to that environment and says okay I'm going to install cameras I'm going to install temperature sensors I'm going to install door controllers they do that task and they leave and oftentimes it may be managed in the sense that like with printers right someone comes and refills the ink and and you know fixes things once in a while but it's not managed in the sense that from a cyber security perspective people like you and I we want to make sure that we address issues with our attack service right and so this helps you see discontinued devices which are devices that are no longer going to get new firmware which means vulnerabilities will continue to exist and not be patched and it means you have no long you're no longer going to get any support if there's a hardware issue so for both of those there are serious problems especially when you look here there's three APC devices which are UPS's that are out of date so number one that's not good and if I go back to my firmware overview which I haven't showed you yet I like this one I can show you just how old the firmware is I've got one of those UPS's that's got an 11 year old firmware so if it's on your network with an 11 year old firmware do you think that the battery has been rotated out every three years probably not so those are the types of scenarios where you start uncovering layers and layers of debt which could lead to you know next time you have a power outage you might have a UPS that instead of giving you you know 45 minutes of power to get through you know a really small outage you might be talking about only a couple minutes because the battery is sold so this is pretty important helping you identify what's discontinued and then hear from a firmware overview helping you see how many versions behind you are is there a critical CDE that type of information to help you with your punch list because that is one thing we do certainly give you homework you know the visibility into what's happening in your environment but we make it easy because we actually can remediate unlike other platforms out there that tell you stuff and it's only detect and respond will help you get through this you and I together other area here is a security overview so this used to be kind of my favorite place to land uh before we added this really nice dashboard because this really is the overall view of why xiot can really be an attack surface problem so just in my lab here which you can see I've got uh 54 devices with default credentials that's 35 percent of all devices and I've got 11 of those with a critical CDE now a vulnerability like that is not just you know a big vulnerability it's also exploitable meaning it's out there someone can go and use it uh which is fine right but when I'm thinking next iot my Approach is always I'm going to use Google and a model name because look at all these default credentials right why use an exotic downloadable exploit which isn't exotic at all right but I can just use admin admin or whatever password right so this is the type of thing that happens and we break it out you know by device and criticality and all that good stuff uh similarly for alerts same thing you know you've got red you've got orange you've got uh beige for low uh and so on so it kind of gives you a view and where you are and how you're doing so let's che