Rethinking Privileged Access Management for Agile Clouds & Data Center Environments

from CMD he's got over 15 years of experience in cybersecurity and I'll let him introduce himself thank you so much you guys hear me okay great hey thanks for thanks for showing up thanks for being here today I'm really excited this is my first besides talk so go easy on me but I'm actually from Connecticut I grew up in Trumbull so I was really excited to like come down today and see you guys and gals so I'm gonna be talking about privileged access management on Linux and a little bit of background well before I get into anything I saw this on any you guys see this on reddit just like a few days ago I saw this on reddit just a few days ago

which I thought was very coincidental given I'm giving a talk about this right now I'll give you a second to read it all right the chuckles tell me you've read it I you know I I wanted to just put this up there because when I think about privileged access or access in general this is just a reminder that it's a very human problem to write there's you know if you think about it what we're doing is we're we're taking a computer and we're telling a machine hey you have to authenticate a person and here's some rules that tell you how you're gonna do that and once you do I'm trusting you the machine to make that decision and

then from then on you let them do whatever they need to do and that is fine if you have a lot of right technology but because there's a human on the other end because there's humans all throughout that humans could take advantage of that and that's social engineering that's hitting somebody with a wrench until you get the password out of them all these all these examples are ways that people get around access problems that hackers that attackers get around access problems so I just thought this was an interesting one it kind of reminds me about the human angle of security which is really really important so that's kind of what I'm going to talk about today is privileged

access management particularly as it applies to Linux environments and I talked about high velocity high gaile you know data centers and clouds these types of environments that have really exploded in the last few years we'll talk about what Pam which has been around for decades but what it needs to do today to operate well in those environments how data and analytics can actually solve some of the challenges that we have with access in those environments and then I work for a company CMD we're getting ready to release a free product so I'll just give a little plug for that because this is free so yeah I've been in cybersecurity for 15 years 17 years actually I'm not

an analyst I've never worked directly you know stopping threats what I do do is I work with companies who are developing innovative security technologies I work at CMD now previously I was at carbon black I was at bit 9 in the early days I worked at RSA back in 2004 on the security ID token so I've kind of been in this space for a really long time and I've done a bunch of consulting for a lot of other companies too the last few years I've really spent a lot of time in threat research and working with the data that we're seeing in actual incident response scenarios the data that we can collect in clouds of all the activity that's

going around that's going on that's leading to breaches and things like that and working with these teams to understand the story understand what was happening and help communicate that out and what was really interesting through that experience because I love I actually have a technical background I got my computer science degree way back when so yeah I can get a little deep in the weeds there and what I think is so interesting about that whole space is kind of watching how attacker behavior evolves and what we really started to see over the last few years was all this technology that we're building to keep people out of where the goods are but the truth is they get into those systems

and those systems are primarily Linux these days there's so much information that the attackers are after that is sitting in the cloud and sitting in data centers so so I just thought this was a really interesting space right and as much activity is happening in cybersecurity there was this this lack of solutions for how do you really secure Linux and then a few months ago I got introduced to this company CMD and they said you know what we're gonna solve the Linux security problem and this is my first Tom Cruise movie reference of the slide show so I just totally broke down I said yeah you got me that's the space that I just know there's there's a lot

of opportunity for security so I've been at the company for three months now so I want to kind of back up and talk a little bit about the problem with Linux security and just kind of do some framing here and one of the biggest problems with Linux security is so much effort has gone into securing the network and securing Windows and it's not really hard to understand why that is you know a few years ago Linux was so much smaller than than it is today and so for decades we've had to secure networks and we've had to secure Windows and many companies if they had Linux it was a few boxes that people needed to

log into sometimes and you could treat those boxes very much in the same way you treated any other kind of Windows box so you see a lot of vendor solutions that were built for Windows and the security problems of a Windows Network and they port them over to Linux and and those solutions don't necessarily fit the problem that's over there and this is one of the things that I you know experienced for years working in this industry is customers who really are pushing the boundaries of Linux and the cloud and these data centers in these high scale DevOps environments customers who are really pushing those boundaries are just frustrated with the state of the products that are out there

like many of you guys you probably know how to secure Linux like IT security Linux is a it's a securable platform right there's a lot of information in it's open source you can get in deep there's a lot of capabilities in there the problem is you know how do you roll that out at scale in a high velocity very fast changing environment Linux is exploding it's you know 2.3 billion public facing servers I think there's on the order of 2 trillion servers that are actually running like inside all these clouds it's just enormous and it's gonna grow and grow and grow you look at IOT security all the IOT devices are built on Linux pretty much

Linux is is is is just exploding the top websites all the top million servers and the data of course is moving into these systems as well and that's what the attackers are after but the solutions for securing these environments they don't really exist when we look at this is a this is a chart that Gartner produces and this is workload protection which is you know maybe a more advanced version of server security but they used to draw very similar chart with slightly different terms that was just server security so you can really look at this chart and say yeah this is these are the best practices for securing servers in this chart and I'll just draw your

attention to the things that are at the top which are less critical things like anti-malware and even EDR is up there but these are these are less critical in these server environments but it's actually where a lot of the products and a lot of the the mature companies have built products in these spaces the stuff at the bottom is much more in the realm of practice best practices good hygiene all the way at the foundation we have things like hardening configuration vulnerability management how do you make sure there's no arbitrary code running how do you make sure privileged access is locked down and changes are locked down and you're capturing logs and all that if you are building the system and

you know this you can build it there's solutions for that there's ways of building cloud systems with good hygiene but think about how fast the cloud is exploding and how developers are cranking up machines quickly cranking up environments they're deploying apps quickly they're putting something in beta and guess what it works and customers are happy and their company puts pressure on them and suddenly that gets rolled out to production so so the problem isn't really how do I secure Linux it's how do I make sure that all the people who are building out these massive cloud systems and these applications how do we know that they're following the best practices that are dictated by something like this

that's after a few months here and all the years I've had in this industry this is seems to be a huge huge problem in Linux in these large environments is how do I know that the policies I as a security person how do I know those policies are actually being followed it's really hard to figure that out so what do you have to do you kind of have to assume that you've been breached and even if this is a mental exercise right even if this is alright I I don't know that I can completely block everybody from getting in but a lot of times if somebody has a password if they were able to get a rogue credential somewhere

if they were able to steal something off the web or take advantage of vulnerability on some system that hadn't been updated and get in they might stay there for you know a couple hundred days before something actually happens and in that time they're doing something so you have to start to think not how do I keep them out or how do I know when they're just about to exfiltrate data but what are they doing in those couple hundred days right because that's your best chance of finding them if you can find them doing all the things that they do to get from their initial access point all the way down to the data that they're after and the types of things

that they do are reconnaissance they look around at the different machines they see what the environment looks like they probe they look for other accounts that they can hijack so they can move from box box from you know a low level account to a higher level account they look for software that's out of date or vulnerable where they can trigger some kind of an exploit and trigger higher privileges they move from machine to machine all these things are the types of activities that happen after the breach but before these the incident right problem is these are really hard to detect we just really don't have visibility if you've got you know thousands of servers running in a you

know a typical cloud formation and you've got a trap all that and all those logs are coming in it's really hard to find the one instance of somebody probing from one system to another system there's a he you can see it right every day the only thing that happens on most of these servers is they get rebooted and one day somebody runs a couple extra commands and that should be super suspicious and as people we can look at this we could say man I really want to know what was happening on October 27 like give me all the information around that but the types of solutions that are out there for gathering and correlating all this

data could be really hard to spot this this is a needle in the haystack but it's a pretty compelling needle if you can find it it's really hard to get it so it makes you think that something's really wrong with the way we do Linux security we're kind of approaching it a little backwards we don't have the right solutions instead of focusing on hygiene the market is focusing on these higher-level solutions what we really need is how do you give an IT security professional the tools the visibility the control that they need in these vastly changing large Linux environments right so that's kind of where where we started so how do you solve this so I

want to kind of talk a little bit about starting from scratch right and I'm going to go back to this diagram and say all these security solutions that you have on top of this if you don't have good hygiene across your environment it's really hard to implement a good security solution and so let's start with that foundation of hygiene how do you harden your configuration your vulnerabilities how do you make sure that you're doing the right things operationally and I and I think this is really interesting when you actually look at these individual foundational elements right so there's four of them I'm gonna start with log management because I think most companies do pretty good log management they there's a lot

of products out there you can suck all logs into a sim or into some other kind of log management tool you get all that stuff out there now the quality of your logs may be a different story but at least you can do fair amount of log management but some of these other things are really are actually really hard in these environments so look at no arbitrary code no email or web client probably you're not running an email browser a web browser and in a in a Linux cloud that you're spinning up but how do you know that you don't have arbitrary code running like you'd like to believe that there's no arbitrary code running but

hey if somebody's got root access and you don't know that they went and downloaded some binary just to try it out somebody's responding to an incident and they needed a tool and it wasn't tracked or recorded right but they needed it right then there's actually a lot of instances where arbitrary code does get run in these environments and it ties back to how did you manage the privilege that allowed somebody to do that in the first place and change management and similar story how do I know that the changes that are happening are the changes that are supposed to happen when I look at a high velocity DevOps environment a see I see the environment I've got code dropping into

production multiple times a day you really have to trust that all the right steps are happening right it would be great if dev sec ops was real if we developed code and tested it and tested it for security unit by unit and rolled it out into production and Matt all worked great that would be wonderful but that's not really how most organizations operate at this point so you do these changes and the volume of change is significant and how do you really know the right changes are happening if you don't have good privileged access management it's actually hard to really even tell that so we look across these and I think in Linux a lot of the problems here come

down to the way privileged access works in Linux right if you solve that you can bubble that up and improve hygiene all across all across the board here out of foundational level and privileged access on Linux is a security hole big enough to drive a truck through and what do I mean by that well once you get access you can do anything that that account lets you do you can do anything on a Windows environment you've got GPOs right you can as a Security traitor you can set policy that even a Windows administrator has to at least jump through hoops to get around and those hoops you can track but most Windows administrators are not bad

people they will hit one of those guardrails and realize oh I I guess I'm not supposed to change that I better find another way instead of actually trying to actively subvert the policy none of that exists in Linux if you get root access you can do anything your god and there's no protection there's no guardrails from threats from errors from mistakes somebody could log into a production environment thinking it was a test environment make a change install a install a tool to help them debug a problem leave it there by accident that tool has a vulnerability in it there's all sorts of errors that can happen along the way and you don't have visibility and you don't have guardrails

to keep that from happening I I've used this picture I've used this scene you guys know what this is from does anybody not know what this is from maybe I'm just like super old but like this is like a classic you know seeing this is one of the classics Mission Impossible I just was reading about this Tom Cruise did all his own stunts in this too like a the one where he's lying like an inch from the floor he actually that was all real and all him but I'll set it up right so this scene they're trying to get the the list of agents that's stored on this computer that's in the secure facility in the secure super

secure room inside this even more super secure facility and and there's all this technology that exists as he if he were to walk directly into the room you know scanning and biometrics and all those other stuff that that way he would immediately trigger and he wouldn't be able to get in so what they decide to do is wait until the room is out of operation right nobody's in there nobody's logged in and they sneak in through the ceiling and and the thing is the room is making sure nobody can sneak in because the floor is touch sensitive if he steps on the floor if there's like a drop of sweat lands on the floor it's

going to trigger the alarm I think there's temperature controls in the room so they have to like keep the 10 sure at the right thing there's noise as microphones so if he's too loud it's gonna set off the trigger right so he they go through all these gymnastics and then he's you know kind of fly in there right above the keyboard and he goes to the keyboard and he types in the password that they stole and he puts a disk in the in the machine and he downloads this super secure list that all this technology was built to protect to make sure nobody downloaded it now I wonder why there's a floppy drive on this machine in the first place right

that seems a little ridiculous but if you think about it it's really good parallel to the way like development and operational security kind of work right a developer built this machine a developer built the system that holds the data they weren't really thinking about security at the time if they were they might have put in something on that machine to make sure that you know what you can't log in if if the door is closed and we're in the off mode in the room right you might say um every time somebody logs in they're walking on the floor and I can detect that and this time somebody's logging in and there's nothing on the floor maybe that's maybe

that's risky maybe there's something wrong there right there's all this data that the security people had to build a really large sophisticated fence around this thing that the developer built to make sure that nobody could penetrate it to the point where the weak security is exposed right there's so many things that if you actually tied in what's happening on the system to what's happening in the room there's so much data there that would make this whole thing just a ridiculous concept right and I think I've used this I think this scene I've used it actually multiple times and talking about multiple different security issues I still think it's a great scene fantastic movie um but it really illustrates I

think what happens when you have development and security and they're kind of separate and they're not sharing data and they're not sharing information and they're not building secure systems and it would be great if those groups work together from the beginning but a lot of times it's just not reality right [Music] even linus torvalds and this is only a few weeks ago finally admitted that this hole in route security is something that should be addressed that there should be a way to lock down a kernel in Linux even if somebody's logged in as root right he pushed back on this for a long time I don't really know why but he pushed back on this for a long time a lot of the a

lot of the flavors of Linux have actually put this technology in so it was out there but there was a resistance you know all the way up to Linus himself for getting rid of this idea that a root user is essentially God and I think times have changed enough now where yeah you know what we need to have some cure some security controls even for a root user but that's not how most of the systems that are in operation now are working so we have this hole and it's something that we have to deal with now how do you deal with access today well I kind of mentioned earlier a lot of these access control solutions were built for

Windows and then ported over to Linux and and so I mean without naming like who these tools are I just wanted to show like some of the techniques that you see for how you deal with privileged access out there this one it's it's very much like a Windows administrators view right okay I've got not a thousand servers that I'm trying to manage or a bunch of you know ephemeral or ephemeral servers right servers that are coming in and drop it out and containers and all that but I have a list of servers that I can browse through and identify and I'm gonna want to log into one of them and and not supply password I'm gonna grab

it out of a vault so it's one time and it can be tracked to me it's it's built through this proprietary tool so if you are in DevOps and need access to that server it means you've got to go out of your workflow and go into some other browser and log in to some other system and grab the password and bring it back that's not how DevOps likes to work that's not how people who build in Linux like to work you don't have any control once they get in they get in with root access they can do whatever they want to do this is another one that's a little newer a little more recent it gets rid

of the password vault it's got some other benefits over some of the older Pam stuff but it still does not strike you as yeah this is the way Linux is supposed to work all right people who work in Linux they love Linux like it's a it's a it's a lifestyle almost it's a it's a way of working and it's not this totally different world when you go there so so where are we so we've talked about kind of the problem with access on Linux and we've talked about the state of the tools that exist to protect that access and so now we're at a point you know what what if we took a totally different

approach what if we started from scratch and said if we were gonna build a privileged access system for today's Linux you know with DevOps with cloud with massive data centers with high velocity code changes with developers or operators who need root access to solve problems because problems happen all the time with containers we were gonna start there what would it look like so I think there are there are four things that you need in this kind of environment if you're really gonna have solid visibility and control over who's logging in and what they can do so the first one is a hundred percent identity based tracking everything that happens should be tied to an individual that you

can recognize right now in Linux you have shared accounts it's so easy to take an account take a password and pass it over to somebody else like that it would be great if you could disambiguate that and you know that you know brian's password or Brian used the shared account on this instance but Sam used the shared account in that instance so I think we need this we need a hundred percent identity based tracking the second thing we need to do is we need access control not at the session level but at the command level it's fine if you want to browse a directory it's not fine if you want to dump a customer database we should be able to get

granular enough to create those rules then we need detection and remediation of access gaps so what that means is if somebody is doing something that they're not supposed to men send me an alert let me know you know tell me this person did something that they're not supposed to and there's an opportunity to fix it right and we don't fix it by putting anti-malware signatures in the way you do on Windows you fix it by going back and changing the configuration of Linux or changing the configuration of the container that's what we do in the Linux world so so you need to be able to detect those gaps and you need to be able to remediate them and then lastly

it's got to be DevOps friendly if your developers and your operators if they have to jump into another tool if it doesn't fit with their tools in their workflow they won't use it and anybody with a credit card can pull their credit card out and open up their own account and start doing stuff and integrated in you want to make it as easy as possible to for the rest of your developer and operational organization to actually use it and that means take the responsibility out of their hands right put it into the IT security hands and these are different than what's available today so I'll call it old Pam I wanted to find a picture of Pam from

the office like through one of those age filters and put it on here but I couldn't find that so I'll just settle for name old Pam so so old Pam identities are only tracked with their only tracked if you go through these proprietary access methods so you're used to writing pseudo well now you have to write something else do right you're used to just logging into a machine now you have to go get a credential from somewhere else and you have to drop in so only if you use these proprietary controls you only have session level access control are they allowed to login or are they not allowed to log in and there's no detection or remediation and

they're really built for the windows case so we need something kind of different right and it's got different requirements now to do that we start to think all right well how do you do that like what would you need to do you're a security professional you want to put those requirements in place you need a lot of data and that's what I'm going to talk through next is like what kind of data do you actually have access to and how would you use it to solve to address these requirements to fulfill these um and it's kind of like what we're doing is saying all the stuff in the Tom Cruise room in the white room

we're actually gonna plug it into that login console on the computer and in fact onto every command that he issues right into the operating system so everything knows the state of the room where he's hanging and dangling right there so you get that data you put it centrally you can build monitoring and detection on top of it you can use it to define policies that are really granular and you can use it to enforce control what's actually happening and so that's kind of the model here totally different way from the way access management is done today alright so now what I want to do is walk through what some of that data looks like and some of the work

that we've done with customers and if you were going to be doing some of this stuff like what kind of data would you need to suck in and how would you want to evaluate that what kind of stuff would you need to do to make these decisions as you go and what you find is that like this is hard there's a lot of data available you can just imagine the volume of data we've collected like 40 billion data points at this point command-line arguments that we're using with all this context and we're starting to see some really interesting patterns and we see them even with a single site but it's a very different way of solving

this problem so what kind of data is available to us right we've got there's actually a lot of data with that comes with the command line that you can capture so you know when the command was executed you know who did it whoever was logged in maybe not the specific identity but whoever that login user was you have all the data that's on the command line itself you know how that command line was issued is it an interactive session or was it done through a shell script and on and on it's actually a lot of information that's sitting in the room right there's a lot of information that if that computer was connected to the rest of

the room could make a much smarter just so first we have to collect all this we have to pull it together and then you got data science data science in this area is actually pretty hard just like it is in security in general and I think one of the biggest reasons one of the biggest things that makes it hard it's actually the second point on here is the fact that security data is not stationary so I can set up a machine learning algorithm to identify a bowl as opposed to a fork or a spoon because bowls don't change I mean they may change a little bit but basically bowls have certain characteristics that don't change forks and spoons same story but

security there's a human on the other end security tactics change all the time attacker tactics change all the time they try new things so you're not working with a stable data set you're working with the data set that's actually always evolving that may that means you have to constantly be retraining your algorithms on this data so that makes it hard the assumptions that you make about that data to the first point make it hard to those assumptions can have big big consequences one way or another it's actually hard to get accurate training data so nobody is sitting there saying here's all the commands that were run and who ran them like you have to get a

lot of good training data in that's reliable in order to create these algorithms so it's hard to even accumulate that much data the data may not be rich enough you may not know the features of the data you have to be really accurate and how you classify the data all this stuff makes data science hard in this realm but as we start to look at it and we start to see it because there's so much of it happening we got a large pool we can actually start to build some pretty decent algorithms out of it and then we can start to do really interesting things so there's a bunch of stuff that we could do with this information if you know

every command line and all the context around every command line you can start to model user behavior and that's the one I'm going to dive into so I have a few I kind of walk you through what that actually looks like and in actually real terms but you can detect share credentials you can detect in true you can prevent sensitive information hacking there's a lot of stuff that you can do with this information at that granular level once you have it well let's dive into that user behavior modeling scenario so the so this data here these next few slides are actually from a real site where we collected data and we ran these algorithms and and we

actually discovered some interesting interesting things going on that the that the site didn't know about so first thing like obviously we've changed the names it's not really Bob and Alice and all them we just put those names in so what we're looking at here are set of six users that had access to this environment three of them are active three of them are active today and the height here in the purple or the gray that shows kind of their average number of sessions per day the green is how many sessions those users are have executed just on this day today right so we're gonna look at Bob Bob is this is his third session of the day and

typically he executes I don't know like eight or something like that whatever that number is but you can kind of see just that that average across all these obviously if somebody one day logged in a thousand times that would be a flag we can look at these three sessions that Bob executed and we can start to look at the commands so what was he doing be nice to know what he's doing and it turns out two of these sessions looked similar to each other he executed a lot of route commands but one session was different and he was executing a lot of file commands now knowing Bob's job as an administrator he's really there to

make sure the machines are healthy he's not there to move files around so maybe there's something interesting there now if you're just looking at those command levels you know no no analysis is going to just trigger and say oh somebody catid a file that's got to be bad but what we're trying to do is build a picture here across all this information so that stands out we can pull in some more information where did he go login - sorry where did he login from and again we see a discrepancy between the first and third session in the second session so in the first and third session he was logging in from a private IP address in

the second session he was logging in from a public IP address and we rewind the tape and look historically and it turns out hey there's actually a series of sessions over over the last you know week or two weeks or whatever this time frame was where he's logged in from public IP s now maybe the system doesn't have the right access control you know there's a configuration somewhere maybe nobody ever thought to make sure that you can only access this environment from a private IP maybe that control was never put in place but it's interesting to see it so we dive a little deeper we take a look at the next thing which is alright so we know where he came from

now what systems is he act accessing internally and remember his job Bob's job is to make sure that the systems are healthy and so you could see to these sessions actually in all these sessions he accessed these front-end systems or a particular front-end system that's fine that's what he's supposed to do but one of these sessions he's accessing a system that he doesn't normally access it's a billing system so there's a red flag we can look at time when did he login he's got a very specific pattern of time he logs in between you know 2:30 p.m. and call it 9:00 p.m. sometimes 10:00 or 11:00 but then there's a few times in the wee hours of the morning

that he's logging in and we see some of those as well and if you're reading logs if you're looking at any one of these data points nothing might flag to you but at this point you've put enough together to say you know what there's a lot of fishy things that are here and what was required was taking all that data correlating it together looking at those patterns and calling them out right um so what do we know from this well the data you know I showed you like one day a couple sessions well as it turns out as we study this data uh a user's patterns across all those data points create almost like a fingerprint for

that user so you know the way one person logs in and interacts and the commands that they run isn't gonna look like a second person or a third person what that means is if you do see the first person looking like the second person the third person it's probably the same person using multiple accounts that makes sense you can use this as a fingerprint to say um look we think Bob's been doing some shady things and we could take his fingerprint though and we see Joe has the same fingerprint so was that tell you well either Bob's a bad guy and he's grabbed Joe's credentials or somebody has figured out how to access both Bob

and Joe's credentials right so you know there's a problem and and we can see a little sliver in Carol's account to that or no now they've they found out who Carol is and they're attempting to figure out what she's got access to so we see some of those same patterns right in this fingerprinting method which if you look at any one of these data points individually it's not that telling it's not like enough to spin up a whole response on but when you look at them across all these data points and we touched on a few but there's a lot more data points that you have access to with this you can see these patterns you can

start to build some trust so what do you do about this well you see this and immediately you might say alright everybody like go reset your password and then it would be interesting to see what happens to Bob does his behavior stay the same or does it go back to like a green state right now you know if Bob's bad guy or if somebody else just accessed his account you might start some active monitoring trigger alerts for some of these fingerprints coming up and maybe like hey this is a really good time to get some two-factor authentication and because we see somebody's in this environment they're interested in being in this environment we better make sure that the right

people are authenticating themselves before they get access so we did this we this was a real site where we did this data analysis and the conclusion of this was we actually found out that there was a rogue employee a contractor in I think an Indian like based in India in an india-based out sourced portion of this company that was doing some bad things I don't really know the details they wouldn't share her what the detail not surprisingly they wouldn't share exactly what he was doing but they got rid of the employee and and you know they found something that they wouldn't found before and you can see it right there in the data so a really

interesting example of like how this information can can identify somebody who's who's doing something bad in a real-world scenario all right so so we kind of go through that so what does all that mean going back to privileged access management well that foundation of data and the things you can do with it the analysis you can do on it the controls you can build around it actually lets you address all these requirements so first of all you can make sure that everything gets tracked back to an individual person you do that with a combination of like a two-factor authentication every time somebody logs in but now when they do you can actually confirm that any action that's happening

you know who did it so you can do that you can put access control around those individual commands right you can intercept a command and block it from happening if it's if it's bad if it like we talked to we have a customer who's making sure that if somebody logs in so right somebody logs into production during normal working hours that's fine if they log in to production outside of normal working hours they need tab two-factor authentication right so you can start to put these really interesting rules in to fit your business logic um you can alert like everything that we just walked through was detecting something that was wrong and being able to learn on it and then being able to

identify the problem go back and fix it and this technique is DevOps friendly you don't have to take your developers outside of their comfort zone they can they can continue to use the tools that they want to use which means it's easy for them so so it meets those requirements which is which is good that's what we were after um and ultimately it leads to a few good benefits that kind of really matter in the way IT security does their job you do you get better change tracking so there's no identity identity gaps you know hello folks I'm gig here unfortunately had an audio glitch so we have no more audio to the rest of this

presentation sorry for the inconvenience

you