This Week in Enterprise Tech Episode 560
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Lou Maresca (00:00:00):
On this week, enterprise Tech, Mr. Brian, chief, Mr. Curtis Franklin. Join me back on the show, Noah, a size of a shift in the corporate landscape as the SS e t pushes forward. Its rules for cybersecurity disclosure, governance and risk management for public companies. Plus exclusive insights from Mutare from Mr. Brian McDonald. He's director of product development and he talks about how the redefining communication and voice security and an error plagued with cyber threats and a special treat. That's right. Our network expert, Mr. Brian Chi, he's going to explain out of band management what it is [00:00:30] and how to do it. We have an info pack show for you today. You definitely shouldn't miss it. Try it on the set.
TWIT Intro (00:00:38):
Podcasts you love from people you trust. This is twt Twit.
Lou Maresca (00:00:52):
This is twt. This week, enterprise Tech episode five 60. Recorded September 8th, 2023 Vishing for compliments. [00:01:00] This episode of this week at Enterprise Tech is brought to you by Duo Protect Against Breaches with a leading access management suite, providing strong multilayer defenses to only allow legitimate users in. For any organization concerned about being breached in need of solution, fast duo quickly enable strong security and improved user productivity. Visit css.co/twit today for free trial and by [00:01:30] ACI learning acis newest product insights assist in closing lucrative skill gaps. Visit go dot ACI learning.com/twit. Twit listeners will receive at least 20% off or as much as 65% off an IT Pro enterprise solution plan. The discount is based on the size of your team and when you fill out their form, you receive a proper quote tailored to your needs and by discourse, the online home your community discourse makes it easy [00:02:00] to have meaningful conversations and collaborate anytime anywhere. Visit discourse.org/twit to get one month free. All self-serve plans, welcome to twit this week, enterprise Tech, the show that is dedicated to you, the enterprise professional, the IT pro, and that geek who just wants to know how this world's connected. I'm your host, Louis Marske, your guy to the big world of the enterprise. I can't guide you by myself. I need to bring in some professionals, some experts in their field. Senator very Mr. KZ Franklin, he's principal [00:02:30] analyst at am Dia and he's the man who has the pulse of the enterprise and he is always busy. Curtis, what's what's keeping you busy this week?
Curt Franklin (00:02:38):
Oh, getting reports run. Looking at my research schedule for the coming year, preparing some articles. It's just writing, writing, writing. Well with a little analysis thrown in. It's been a good week, a busy week and I'm [00:03:00] looking forward to talking about some of our stuff during the show today because lots of interesting things going on out there in the wide world of security, some of which will almost have certainly touched a lot of our viewers are listeners if they are live here on the day where we are live because all Apple environment users have had a big mandatory [00:03:30] update pushed out. We just love us some zeroes days. We
Lou Maresca (00:03:37):
Do indeed. We do indeed. Thanks Chris for being here. Well, speaking of experts, we also have to welcome our Mr. Brian Chi. He's networking gadget guy all around. Tech Geek Siebert, you're always busy as well, keeping you busy this week.
Brian Chee (00:03:50):
I'm just collecting the hardware and making sure everything fits. I'm building a 20 R RU rack. [00:04:00] Basically. Equipment racks are not exactly cheap and when you have a 5 0 1 C three charity like the central Florida fairgrounds, you try to corners when possible without cutting quality. So one of the challenges I have is when the air conditioning is turned off in the Florida sun, the metal sided metal roof buildings that make up central Florida [00:04:30] fairgrounds turn into ovens and they do a pretty good job of baking our network equipment. So the plan is I'm making a wooden rack from scratch and I think I'm going to be able to keep the cost of the rack under $150 to build I, and I'm going to add a filtered blower. It's basically kind of like a bathroom exhaust fan except it's got a kind of a can shaped filter [00:05:00] So it's easy to clean, easy to change, and I'm going to force air into the front of the rack in hopes that I can keep my gear from melting and make the network more reliable.
And then I'm going to be running a bunch of different fiber optic paths so that if some person decides to go and run around the fairgrounds with the snorkel lift fully extended and rakes down my fiber optics, hopefully they won't take [00:05:30] the entire network down. So that's going to be interesting. In fact, one of the things I'm doing is going to be talked about in place of the blips today, and I'm going to talk about out of band management and how that played a giant part for the interop net and how we actually managed to get the interop net back up and running within 10 minutes after the slammer worm hit. So ought to be interesting.
Lou Maresca (00:06:00):
[00:06:00] Thank you. Cheaper. Yeah, I'm glad you mentioned that because I'm actually glad that Curtis actually mentioned security as well. We have a lot to talk about in both places today. Today we discussed the SE of a shift in the corporate landscape as the S E C actually pushes forward its rules for cybersecurity discourse and disclosure as well as governance and risk management for public companies. But the question is how will this reshape the market and what does it mean for the actual future of corporate governance? We'll definitely talk about it and get into it. Plus we'll delve deep with Mr. Brian McDonald, director of product development for Mutare, [00:06:30] a company that's actually at the cutting edge of voice security and digital transformation, and I want to find out how they're redefining communication security in the era that's actually plagued with a lot of cyber threats. We'll have some exclusive insights and some expert analysis later in the show, but first, like Brian mentioned this week we're going to start with a special treat. We get a little bit of network expertise from Mr. Brian Cheese going to help us success and how people manage devices and infrastructure remotely and actually how they separate their production environment [00:07:00] from their major networks as well as how tough that is, right. Brian, how are organizations doing that?
Brian Chee (00:07:06):
So the general concept that I'm talking about is called out of Band Management or Obi, O O B I. It's been around a very, very long time. I first got introduced to out of band management with the federal government. In that case it was being used so that we could have our taps and filters [00:07:30] so we can go and monitor anything that exits or crosses through the network in classified installations. My second big introduction was actually as part of the interop net team back in the mid eighties. They actually ran a thing called Access Ether. It was a physically separate network and in those days we were starting to transition to faster and faster speeds and we're getting away from the [00:08:00] old 62 and a half micron multi-mode fiber. So we had a lot of 62 and a half micron fiber that weren't being used as part of the interrupt that as everything shifted over to the single mode world.
Well, the cool thing about this was we were able to run a fairly large flat network, meaning no routing involved that only had terminal servers on it. And so we use [00:08:30] different things. I'm actually going to hold this one up. This one's one of my favorites. This is from a company called Open Gear. This one's a little interesting. This one has a L T E modem built in and I've been using those in remote locations where if our, say our microwave goes down the microwave link, I would fail over to the L T E link so they can always get access so I could go and restart things and so forth. Open [00:09:00] Gear was actually a sponsor for the Aloha Cabled Observatory and was one of the pieces of equipment that got shredded when our glass camera dome let go recently and imploded three miles down.
So obviously I'm going to have to put something else there. So the idea is it has a whole series of RJ 40 fives and it allows me to go and put little dongles on 'em. So here, let's [00:09:30] show one. This is a typical dongle. This one happens to be a no modem so that I can run it straight into a typical piece of gear and by just changing out the dongles, I can have it either pretend it's a modem or pretend it's a PC change between gender and so forth so that I can hook it up to lots of different types of equipment. The cool thing about this type of arrangement is that it allows a single [00:10:00] port, an RJ 45 to be able to connect it to all kinds of things because little things like say for instance, the nine pin serial connector on the back of a lot of UPSs, if you plug a standard serial into that, say a serial cable from a pc, nine times out of 10, it'll actually cause the u p s to shut down because they're looking at control pins.
So if the pin is live ups is up, its pin goes [00:10:30] down, it shuts down because it says I'm out of power. Anyway, the whole idea is we're trying to get into things and I mentioned the slammer worm. Well, when slammer hit on the Interrupt show, it was actually during the show and all of a sudden because slammer was sucking up all the bandwidth on the show network, people couldn't do their demos, they couldn't get out to the internet. You could actually almost [00:11:00] hear it as it went through the show floor. All those yells and screams because we had so much gear that was sitting there, we were able to go and characterize slammer very, very quickly and in under 10 minutes, still get in. So here's something a lot of people don't know. That serial console port on the front of your ethernet switches and your routers, because it's serial, it uses a hardware interrupt [00:11:30] on the C P U of the switch.
So the serial console always takes, well, anyone that I've ever seen takes priority over inbound. So if you're trying to tell net in or SS s h in or web into a typical switch and you've got a denial of service attack going against you, there's a really good chance your switch is going to just sit there and act dumb because it's desperately [00:12:00] trying to keep up. But if you go in through the serial port because it's interrupt driven, it takes a priority over inbound, it allows you to get in. So some of the things that I'll do is this dude ad this is called an air console, happens to be fairly heavy because there's a significant battery in there. I can either go in wired ethernet or wifi. It can actually become its own wifi access point. So [00:12:30] it's standalone. And so I can plug this in and say in a telco closet and say for instance the telco closet just happens to be on a manufacturing floor and it's really, really loud, say it's right next to a machine tool.
So for safety's sake, I would rather not sit right next to it so I can plug it in and wander off someplace else, work on it in a safer location where I don't have to wear earmuffs [00:13:00] and keep going. Now that's cool, but this is a device that has kind of fallen out of favor. More and more switches and routers aren't using serial ports, they're using U S B ports, which is all well and good, but this guy has an RJ 45 on it and I could actually plug it right into the RJ 45 on a switch or a router that's [00:13:30] set up for Cisco pin outs. And on the back of this guy, it's got a nine volt transistor battery plug so that it could stay bonded or paired to my PC with Bluetooth and I can move it around from switch to switch to switch and do the initial configs. Because even though a lot of devices have web interfaces, you still have to use a initial config to give it an IP address, a net mask, a gateway, D n Ss and so forth, [00:14:00] some basic networking gear. And then you can SS s H in or Telnet in or web in.
One of the cool things about this was long, long before Kickstarter, a gentleman that actually lives in Florida, actually not far from here, I can't remember his name now. Anyway, I did an article on these types of Bluetooth serial dongles [00:14:30] for InfoWorld magazine a long, long time ago, and they fell out of favor less and less. But now with the internet of things going on, lots of things need to start happening, need to be used serial to configure them. So if you are playing around with say something like i e e 1588, which is precision time, you're probably using an industrial switch. Those industrial switches normally [00:15:00] must be configured through a serial interface. So I'm predicting that as time goes on and i o t gets more and more popular and we're going to start seeing it more and more, we'll probably start seeing the need for these things again.
And so this comes as a thank you from one of our viewers. They're starting to ask me questions about this and there are still Bluetooth serial dongles being made. They're just more expensive. [00:15:30] My favorite from Blue Console, this guy here wasn't very expensive. I think it was like $65. The newer ones are quite a bit more expensive, closer into 200 range, but Bluetooth serial dongles, I predict are going to start coming back. That happens to be my second favorite one. Unfortunately. Grid Connect drop their Firefly version, which [00:16:00] used two AAA batteries, which is a great thing I was when you have it and you don't have to keep restarting the Bluetooth, you can move from rack to rack to rack to do initial configs or configs. So in the case of for instance, interop, we're able to get in the A C L rules and defeat slammer get bandwidth back, so we could go upstream into the routers from our I S P and then [00:16:30] start going backwards and putting in more and more ACLS until the Interrupt net was fully functional. So out of band management is one of those interesting unsung heroes of the network that allows you to do all kinds of different things and still get access to your gear even during a denial of service attack. Anyway, ran.
Lou Maresca (00:16:57):
Thank you, Chiver, that was fantastic. And these little devices, [00:17:00] are they affordable when you're starting to build out your network, how affordable are they?
Brian Chee (00:17:06):
Okay, so right now the Air Connect is probably one of the more popular ones. You can get an air console or air connect for under 200 bucks. Interestingly enough, one of the things that the viewer mentioned when I sent them to the air console people was if you're willing to buy a 20 pack, they drop [00:17:30] down into like $130 each range. So that's kind of a nice quantity discount.
Lou Maresca (00:17:39):
Very nice, very nice. Cool. Anything else? Curtis, you have anything for out-of-band management? He is gearing up.
Curt Franklin (00:17:52):
No, Brian handled it really well. I would say that one of the [00:18:00] issues that I'm paying attention to these days is resilience. And the thing that Brian brings up about out-of-band management being a key ingredient in resilience in the face of unexpected activity against the network is very true. The nice thing is that Outand management allows a separately controllable way [00:18:30] to work with your infrastructure and there is rarely a time when a separate path to control is a bad thing. So Brian has some great instances in which this turned out to be true, but for me, this out-of-band management falls into the category of best practice for a resilient organization.
Lou Maresca (00:18:59):
Thank you [00:19:00] guys. This has been really good primer and a good information for some people. I'm sure that we'll get some questions about us. Thank you cheaper for doing that. Appreciate it. Well guys, I think that does it for that. I think we're going to head over to the bites, but before we do, we do have to take a really great sponsor of this weekend enterprise tech and that's duo. Now Duo protects against breaches with a leading access management suite. We talk about it all the time on this show. You want strong multi-layer defenses and innovative capabilities only allow legitimate users in and keep [00:19:30] those bad actors out. And DUO does just that. For any organization concerned about being breached, that needs protection Fast Duo quickly enables strong security while also improving user productivity. Now, DUO prevents unauthorized access with multi-layered defenses and modern capabilities that prevent sophisticated malicious access attempts.
It also increases authentication requirements in real time when risks actually arise. Plus DUO enables high productivity by [00:20:00] only requiring authentication when needed, and it's enabling swift and easy and secure access for your users. That's really what you want. You won't get that whole thing out of the way so users can be productive. Duo provides an all-in-one solution for strong M F A passwordless single sign-on and trusted endpoint verification. Plus, it helps you implement zero trust principles by verifying users and their devices. It's a great solution. Definitely sign and try it today. Start your free trial and sign up today at css.co/twit. [00:20:30] That's css.co/twit and we thank DUO for their sport of this week and enterprise tech. Well folks, it's time for the news by stay. We're diving into the buzz around the SEC's SEC's proposed rule for public companies, also known as P R P C has been talked about for a long time since the introduction back in March, 2022.
Now here's the breakdown. The rule is pushing for companies to spill [00:21:00] the beans on material, material cybersecurity incidents and fast, like within four days fast. Plus it wants companies and their boards to actually up their cybersecurity game. Now it might seem like a good idea. I think it does, but not everyone's on board with this speedy reveal. Now CISOs are finding themselves between a rock and a hard place here having to potentially air the dirty laundry before they're actually sorted it all out. Imagine the stress of actually a ticking time bomb ticking clock when trying to figure out how big a deal of a new vulnerability [00:21:30] actually is on your network. Now, drawing parallels with this, the GDP R'S 72 hour report card is there and the new rule is seemingly actually giving an extra day in the hand here, but here's where it gets dicey.
Defining what's material is a whole other gray area in here. While the terms there being as broad as being reasonable shareholder would find important, and it sounds just like trying to attack a moving target. So we'll have to see, we won't want to get my thoughts in a second here. Now adding to the chaos [00:22:00] in this notion of disclosing incidents is the material and aggregate. Now companies might have to actually dig deep and reveal those long forgotten vulnerabilities that have come up. It's practically opening a canning worms on what needs to be disclosed, especially when you're looking for a series of aggregation or aggregate incidents. And I would say we shouldn't even get started on the fact that they're asking for quarterly earnings calls to turn into stages for disclosures as well. So this is very interesting. As the industry navigates this foggy terrain, one [00:22:30] thing is clear, the bridge between boardrooms and security experts needs to strengthen.
We definitely agree on that and I feel like it's almost like a very intricate dance and we're finding the right rhythm is really the key here and I think organizations will probably be adjusting for a while. But I do want to get my cohost thoughts on this. So Curtis, I want to throw this to you first. Obviously you work with a number of security professionals and enterprise people. The concept of material cybersecurity incidents as defined by the S E C seems quite broad and leaves a lot of room for interpretation [00:23:00] here. How can companies establish more of a concrete definition here?
Curt Franklin (00:23:06):
Well, first of all, the necessary disclaimer, I am not a lawyer, neither do I play one on television. So nothing that I I'm about to say should be construed in any way possible as legal advice or legal advice. Consult your corporate counsel with that as prelude. I think that in most cases, material [00:23:30] incident is going to be an incident that has an impact on a business unit outside of the IT department and perhaps a little more pointed if it has an impact that will be seen in any way on a financial statement, it is a material impact. [00:24:00] So whether it requires an expense and a size that would have an impact on quarterly p and l or it's something that requires a payment. Most incidents are going to be negative. We don't [00:24:30] hear about too many cybersecurity incidents that result in a giant windfall of cash to the company, but if it would have an impact that spreads outside the IT department, that is something that will need to be reported. Interestingly enough, that's also the point at which a board would tend to want [00:25:00] to know about it if it has an impact on multiple parts of the business. Boards are not micromanagers boards really don't care. And in many cases, they can't care about how an individual department is run.
They don't want to know how business units are run. They want to know how the business as a whole is being run [00:25:30] and guide it into the future. And so if an incident is going to have an impact on the results of the business now or how they might guide it into the future, that's when they want to know. And if the board needs to know, then the S C C is saying that the investors need to know.
Lou Maresca (00:25:53):
Agreed. Agreed. And Bert, this is kind of a stark shift into disclosure norms, I would say. How do [00:26:00] you think organizations need to shift some things here? They need to obviously start to understand what's going on in their network at a moment's notice. They need some more ways to report incidents and better ways to report incidents. Is this going to be a forcing function for organizations to shift some things?
Curt Franklin (00:26:15):
Yeah, it's pretty much going to force people to spend money, something like Splunk, because realistically the problem with networks is they get more and more complex is so do [00:26:30] the logs, so do the alerts and shifting to that basically means you're going to need something to help you sift through all that noise. And
Brian Chee (00:26:42):
Something like Splunk or a log analysis system or something, this is where I think AI is going to start playing a part, have something that'll learn your network and help you alert and separate the [00:27:00] signal from the noise. That's going to be a real big issue. And I'm sorry, this is one of those things. The S e C is almost demanding that corporations or organizations across the board have to go and make fairly large investments just to be able to meet this timeline. And that's going to be really tough, especially as the logging goes up as we move [00:27:30] to the cloud because you've got more traffic crossing your network and crossing the boundaries of your network. So I'm hoping the S E C also comes up and works with the Congress critters to provide some tax breaks to help pay for all of this.
Lou Maresca (00:27:49):
I agree. I agree. Curtis, I think this is an interesting thing because we talk about the fact that organizations are thinking about zero trust or thinking about moving forward with [00:28:00] more security, better security being proactive. You think that this is going to push anything forward there?
Curt Franklin (00:28:08):
I think what we are beginning to see is a number of different regulatory and governmental organizations requiring companies to not just [00:28:30] follow best practices, but to demonstrate that they are following best practices. And so I think that what we're beginning to see in the past to this point on executive boards, you want the executive boards to be made up of people who are smart and know about business and things like that. [00:29:00] We're beginning to see requirements that the S E C says that a board should have someone on the board. Our company should have someone on the board that knows about cybersecurity and they're going to have to be able to demonstrate that. We have the T S A saying that companies in the energy pipeline, energy [00:29:30] transportation business have to have a resilience plan and prove that it works through exercise. So we're going more and more.
What we're seeing is this drive for not only competence and demonstrated competence, but visibility into the demonstrated competence. It's expanding out and the whole goal [00:30:00] is so that law enforcement, so that regulators and ultimately so that the owners of the company shareholders are able to know that the money that they put in is being protected. It is sort of the government helping with that due diligence. If you're visible with all this, it makes the due diligence before buying shares a little bit easier. And I think that that's ultimately where [00:30:30] we're going with all this more visibility all the way around.
Lou Maresca (00:30:35):
Love it. Love it. Well, we'll have to see just how the industry actually adapts to all this. We'll have to see what's coming up. Well folks, that does it for the bites. Next up we have our guests, but before we get to our guests, we do have to thank another great sponsor of this week in enterprise tech and that's a c i Learning the best place to go to get your team's training and keep knowledge up to date. Now, 94% of CIOs and CISOs agree that attracting [00:31:00] and retaining talent is increasingly critical to their roles. Now with today's IT talent shortage, it's more important than ever for your teams and their skills to be current, right? 87% of companies say that they have skill gaps in their employees. That's a lot. Now the challenge we're assessing your IT staff skills is really overwhelming, but it doesn't have to be a c i Learning has partnered with the best in the industry by adding insights, the new skills gap analysis tool to assure you that the training you're providing is actually working.
[00:31:30] And a quick one hour assessment by Insights a C I learning will provide your whole team with key diagnostics. This is the solution IT managers have been waiting for. And with insights, you can actually identify specific skill gaps in your employees and see where your team's weaknesses actually lie. Empower your team with personalized training, blanket training, waste money and time. We know this, this is a way to get away from that insights offer detailed solutions support and strategy by issuing recommendations and training plans for individuals [00:32:00] and your entire team. Now you can actually compare results against other organizations so you know where you actually stand plus test skills and close the gaps with Practical Labs that allow trainees to focus on the skills they actually need Most. A C I Learning helps you retain your team and entrust them to thrive while investing in the security of your business.
More than 7,200 hours, that's a lot of content are available with new episodes added daily, A C I Learning [00:32:30] stomps its competitors with a 50% higher completion rate. These are the training solutions for your business and these are the ones you want. And these are the ones you've been waiting for. Future-proof, your team and company with insights from ACI learning visit go dot ACI learning.com/twit. Twit listeners will receive at least 20% off or as much as 65% off an IT Pro enterprise solution plan. The discount is based on the size of your team and when you fill out their form, you'll receive [00:33:00] a proper quote tailored to your needs. And we thank a c I learning for their support of this week in enterprise tech. Well folks, it's time for our guest to drop some knowledge on the TWI riot, and today we have Mr. Brian McDonald, he's director of product Development from welcome to the show. Brian,
Brian McDonald (00:33:20):
Thank you very much. It's a pleasure to be here with you guys.
Lou Maresca (00:33:25):
We're excited to talk about this topic because we haven't talked a lot about voice and voice [00:33:30] technology, but before we get to all that, our audience is kind of a spectrum of experiences, whether it's entry level all the way up to the CTOs, CIOs of the world and they love to hear people's origin stories and their journey through tech. Can you take us through a journey through tech? What brought you to metari?
Brian McDonald (00:33:45):
Sure, absolutely. So that's actually kind of a funny story. Just June, I celebrated my 31st anniversary at Ari, congrats and first job right out of college [00:34:00] and started installing ethernet, not ethernet coax network cards into computers. So that was a fun start. And our company has always kind of been in the telecom area. We originally cut our teeth writing bespoke I V R applications for customers on a couple different [00:34:30] platforms, but mostly on voicemail platforms. And so we wrote one of the original facts on demand applications, one of the original messaging applications and things like that. So over the years we moved away from these bespoke applications into products that we could sell over and over again. We've morphed many, many, many, many times. And of late, about [00:35:00] 10 years ago, we decided that most people hate voicemail. I mean just with a passion. It's horrible. And we said, well, it's about time somebody rewrote voicemail and made it good. So we did that. And so when we started getting going on this and installing this with customers, we had some of our larger customers tell us that this is great, but I'll tell you what, it'd be really great if you could stop those [00:35:30] dang robocallers.
And people hate robocallers more than voicemail. It's true. And so we pivoted and now our focus is our voice traffic filter and we are helping enterprises fight the fight of not just robocallers, but the more insidious threat actors out there that are using voice to break into their organizations and disrupt.
Lou Maresca (00:36:00):
[00:36:00] That's actually a really great segue into this because I think organizations don't necessarily think about this that often and they probably should be. So you maybe can take us through a little bit about what, a little bit more, obviously give us a little tease there about what voice threat defense actually is, maybe what organizations need to pay attention more to.
Brian McDonald (00:36:17):
Sure. Well the reality is every organization needs to pay attention to this. Typically when you talk to organizations about security, they've got, they're doing all the right things. Well, [00:36:30] we got our edge networks protected, we've got our endpoint protection, we've got our internal protections and any good security kind of platform plays multiple layers, right? We like to call that the Swiss cheese defense where you got multiple layers and we take that same approach to voice and if you kind of step back and take a look at security, it's very much device focused, network [00:37:00] focused. There's not a lot of focus on voice. And one of the weakest points in security defense is the human. We know this through spam emails. People just, oh, that looks super interesting. Let me click on that for voice. Sometimes it's even easier. You're talking with someone, a practiced phishing and phishing, which is one of my favorite words, combination of voice and [00:37:30] phishing. A good Cher can dig right in and go right to the heart of the matter to get what they need. And so we're out there and really where our focus is where we start our defenses right at the edge before the call is answered, knock down as those threatening calls and be able to provide intelligence [00:38:00] to the company and part of their security platform to provide that information back to the company so that they can handle them appropriately. And we've got a lot of different means to do that.
Lou Maresca (00:38:12):
It sounds like obviously your tools are providing a little bit of foresight internally around obviously how to keep voice channels secure. Can you maybe go through some of the increasing number of cyber crimes that are actually happening? Obviously we talked a little bit about, [00:38:30] you said a little bit about maybe some social engineering techniques, but what else are some things that you're hearing about?
Brian McDonald (00:38:36):
Well, robocalls in and of themselves, even apart from just like a social engineering, they can cause disruption in any number of ways. It might be from a productivity standpoint, in context centers, we're seeing a lot of disruption because contact centers are where those phone calls are headed [00:39:00] in a lot of places, especially for the enterprise. And so they've already got some tools to thwart situations that occur. A lot of the ones we've seen are what they call the five second call. Call comes in, it's five seconds and it's a hangup and then they call again, these are disruptful because it's throwing off all of the data sets and all the KPIs that contact centers have disrupting there.
So [00:39:30] from the voice network, it kind of spreads throughout, right? And there's a multiple attack vectors even in voice. And what we've done is tried to get the word out. Phishing is obviously one of the ones that can be the most impactful. We know in the news recently there's been a lot of really high profile ransomware or ransomware attempts from [00:40:00] that. One of the major access points was Vishing. I was at R S A conference this year and one of the programs I sat in was from Cisco, Cisco, one of the largest security vendors out there. And they had fascinating story about how they were attacked and they walked right through exactly how it happened. And it's not just one avenue of attack. These are things that organizations have to deal [00:40:30] with all the time. Some part of the attack came through from a browser plugin, password sharing, and then ultimately elevated escalation of privileges came through from a ving attack. And it's just crazy, these threat actors that are out there, not even the really insidious nation state ones, but these are organizations that have healthcare plans that are out [00:41:00] to attack these organizations because companies will pay.
Lou Maresca (00:41:06):
Speaking of things that organizations have to deal with all the time, you guys put out a recent survey, it's called the Voice Network Threat Survey. What kind of things are, what's uncovered with the survey? Because obviously lots of organizations are dealing with similar things.
Brian McDonald (00:41:23):
It was actually really, really interesting. So this is our second year we've done this and [00:41:30] we send the survey out. Our participants are security technical including telecom professionals. And some of the things were surprising, I would think to a lot of folks, but some of them not to us. We kind of already knew this was happening, but fully a quarter of the respondents just don't even answer their phone anymore. And that kind of [00:42:00] stood out to us and kind of made us sit back and say, huh, well that can't be good, right? I mean, when you're running an organization and you're not answering the phone call to do business, that's a bad thing. And some of the other pieces of information we had was that it's finally becoming clear. 85% of our respondents agree that voice needs to be elevated [00:42:30] into the security platform as a legitimate and something to look out for in terms of a threat vector.
And 90% think that at least the voice, the data about the voice network should be part of the security platform, part of the telemetry. And it's funny because Brian, you were very earlier talking about how logs, sis logging and all [00:43:00] of this information for all kinds of activities on the network, all kinds of activities throughout the organization need to be logged and analyzed and frankly logged, you're right is not enough. And that's where some really cool AI comes in. And typically for a mature security organization, they're gathering all this information and we call aggregation into Sims, ss i e M, these [00:43:30] are systems that can log all of this information and usually then that information is then sent out to one or more X D R systems, which is the new hotness for security. And that's where AI can come in and start doing some correlation, right?
There's a lot of things going on right now in the X D R world for correlations between email spam, which has been out forever, and then other activities. So [00:44:00] if you're C-suite is starting to get a lot of spam and you can correlate phone calls from might be what unwanted callers or suspicious callers and even correlate that information, that's super helpful to your security teams, you might be able to prevent or thwart or get an idea of some of the attacks going on in your organization. I do want to ask a little bit more about AI even from that attack factor. In fact, tech Dino in our chat room has asked about it, but before [00:44:30] we get to that, and
Lou Maresca (00:44:30):
Of course I want to bring my co-host back in, but before we get to them, I do want to thank another great sponsor of this weekend enterprise tech and that's discourse the online home for your community now for over a decade, discourse has made it their mission to make the internet a better place for online communities by harnessing the power of discussion time, chat and AI discourse makes it easy to have meaningful conversations and collaborate with your community anytime, anywhere. Would you like to create a community? Well visit discourse.org/twit [00:45:00] to get one month free on all self-serve plans, trusted by some of the largest companies in the world. Discourse is open source and empowers more than 20,000 online communities. Whether you're just starting out or want to take your community to that next level, there's a plan for you, whether it's a basic plan for a private invite only community, a standard plan if you want unlimited members and a public presence, a business plan for active customer support communities.
John Ulva, he's developer [00:45:30] advocacy lead at Twitch says, discourse is the most amazing thing we've ever used. We've never experienced software so reliable ever. One of the biggest advantages to creating your own community with discourse is that you own your own data, you get to own it, keep it. You'll always have access to all of your conversation, history and discourse will never sell your data to advertisers. Discourse gives you everything you need in one place. Make discourse the online home for your community. Visit discourse.org/twit [00:46:00] to get 1 1 3 on all self-serve plans. That's discourse.org/twit and we think discourse for their support of this week in enterprise tech. Well, folks, we'll be talking with Brian McDonald. He's actually director of product management and development, sorry, product development at Mat Ari. And we've been talking about voice threat defense. We've been talking a little bit about ai, but I do want to bring my cohost in because I'm sure that they've got some questions, [00:46:30] especially Mr. Brian Chi Chi Burch.
Brian Chee (00:46:33):
Well, having played in the voice world, especially in the I V R world, one of the things I always found out is, gee, how much I can do really depends upon, well in the old days, what P B X I was running or nowadays what switch or what voice VoIP controller you're running, what kinds of things do I need to think about? Am I going [00:47:00] to need to do a forklift upgrade to be able to go and take advantage of the mattar solutions?
Lou Maresca (00:47:06):
Fortunately, no, you don't. We play very well in the VoIP world, the SIP world. And as most customers are migrating to the cloud even for their telephony, this kind of makes that a little easier because there's an abstraction layer for that phone call.
Brian McDonald (00:47:29):
So as [00:47:30] P S T N moves to VoIP, we can sit right along the call path in certain engagements and certain implementations and others because we've got a full p I stack on the backend, we can fit in anywhere. So if this is a contact center where you've got a cloud contact center or a cloud unified communication system, typically there are engagement points where we can connect up. So [00:48:00] it's usually fairly trivial to get started, at least looking at some of your call data and go from there.
Curt Franklin (00:48:09):
Okay, well let's take this a little further. What kinds of things, what's my homework? What should I need to do? What kind of inventory should I be doing in my organization if we want to be able to go and use this kind of gear?
Brian McDonald (00:48:24):
Great question. So first thing you're going to want to do is take inventory and they talk about [00:48:30] that insecurity a lot. First thing you need to do is get a lay of the land. Where are you taking phone calls? Where are you making phone calls within your organization? And then without. So as soon as you step out of your infrastructure out into the public telephone network, whether that's the old school hard line or VoIP, you're going to need to find out where that is and where those integration points [00:49:00] are. You're going to want to talk to your carrier, see how you're connected there. And you might have multiple carriers and you might have carriers that you don't think you have. A lot of organizations, especially larger ones, have multiple places where phone calls take place. This is a phone call we're on right now on this conversation we're having here. So this is actually [00:49:30] part of the phone network in some respects. So finding all of those points is your first step. And once you've got that and you figure out, hey, how we can integrate and how can we analyze and troubleshoot and integrate into these software solutions such as MUS to try to get some intelligence on your traffic patterns and [00:50:00] to stop the bad guys.
Curt Franklin (00:50:03):
Well, I'm going to come in and sort of build off of what you just said there, looking at the whole visibility question because I know that when it comes to cloud services, when it comes to network endpoints, all sorts of things, we know that most CIOs, most CISOs don't have a solid idea of what's [00:50:30] on their network. There's lots of services of products, of technologies running around on their networks that they don't know about. How big a problem is that for most enterprises when it comes to voice? I mean, do they really have no clue about what's going on in the voice world?
Brian McDonald (00:50:52):
So it's not to say all companies are bad at this, but it's not top of mind. Voice is not top [00:51:00] of mind. And so they're looking at the strict, well, we've got a network connection where we've got a V P N connected, that's probably enough, but those phone calls and that inventory needs to be handled with the same care that the network interfaces into the organization are treated. And that's really what our voice network threat survey is all about, is raising that awareness [00:51:30] and saying, Hey, the voice network is just as important if not more so than your what you might call your traditional IP network. So inventory is first. Absolutely.
Curt Franklin (00:51:44):
Okay. Well, with inventory first, I suspect that user behavior is another one that's big. And I know that last year I wrote a report on cybersecurity awareness training and how important it is for most organizations. [00:52:00] How important is it to train your employees to deal with the threat of Vishing and Ming? Can you talk about that and maybe define that vishing and smishing a little bit more as you're talking about why it's important or not to train users on them?
Brian McDonald (00:52:29):
Absolutely. [00:52:30] Training is extremely important and it should be 100% part of your existing training program. Most organizations should already be doing a security training program and voice should be another part of it because this is where the human element comes into play. And so just like we train our users to look out for spam emails to make sure you are [00:53:00] watching what you're doing on the web, your mobile device, whether it's a B Y O or it's provided by the company or even managed by the company watching what you're doing and where you're taking it, your conversations that you're having in email need to be scanned. They're already being scanned and monitored, but phone call conversations are quite different, right? They're not elevated to that. And so training exercise is about if someone calls you and says that they know you or even hints that they're [00:53:30] with your organization, they may not be, that call might be spoofed. You might have someone trying to either be your friend, which is one of the avenues, or they might try to be a threat to you, and they might say, well, this is it. Your system has been compromised. You're going to need to give us access to your system so that we can fix it. And employees need to be trained to always verify, always check [00:54:00] these types of situations. And even that's not enough. And that's why we have tools for security and threat prevention.
Curt Franklin (00:54:11):
One of the things that I'm fascinated by, you talk about employees who just have stopped answering their phones, and I will admit there is a degree to which I've done that. I know for [00:54:30] example, if something comes in from my native area code that's not in my contact list, it's going to go straight to voicemail. My native area code is one where there aren't any large cities. So the idea that a major bank is going to be headquartered there isn't realistic, but that's irritating both for me and for the legitimate people [00:55:00] who call. So is technology like yours or any technology that's on the horizon sufficient in and of itself to allow us to regain trust in telephony or is it going to require some sort of multi-threaded response in order to deal with the combination of threats and [00:55:30] annoyances that have reduced the value?
Brian McDonald (00:55:34):
That's a great question. I think anybody who's worth their salt and security would tell you there's no one answer. I joke again about the Swiss cheese method for security, and you have to apply layers. It has to be layer upon layer upon layer upon layer of protection. Excellent training can help, technology can help [00:56:00] all that together. Might put a little bit of trust back into the phone network. But boy, you talk to anybody about how they treat phone calls coming in. And most people these days, if they're truthful, will say, I'm always thinking, do I really want to answer this call? I might not know who this is. One of the things you talked about was looking at the actual phone number. So neighbor spoofing is one of the more popular attack [00:56:30] methods for consumers and frankly, even for businesses. And so what that is is the number might be spoofed to be a number or might be purchased by a company who's trying to spam you.
And that might be a legitimate number that they purchased in your area code N P A N X X and might be calling you because this might be a neighbor or I just took my dog [00:57:00] to the vet and I'm waiting for a call back. Is this their number? I don't really remember doctor appointment. Is this my doctor? Is the car dealership calling me that looks familiar? I better answer. And sure enough, you got the, well, we got a car warranty for you that you can't pass up, or hey, you just want a free trip to Bermuda on a cruise. That's one of these things that everybody's in a hurry, everybody falls [00:57:30] for it. The reason why that Microsoft flipped over to their M F A program, it used to be you just had to one tap and they changed it. So now you have to enter in a couple digits.
They did that because companies got burned by this. Because a way to get in is as a hacker is you hit that at two o'clock in the morning to a user a hundred times. You get that and you're waking [00:58:00] up in the middle of the night and every 30 seconds you get an M F A alert from your phone, you're going to hit yes one of those times. And so Microsoft went, yeah, that's probably not a good idea. And they recently changed it. So now you got to enter in a couple digits into the portal that you're logging into. So technology isn't fixing that. Training isn't fixing that. All of this together is helping and getting trust back. [00:58:30] And then that's where I think we're headed is it's a lot of everything, a lot of little things contributing.
Lou Maresca (00:58:38):
It's a lot of great, some super information, super interesting information. So thank you Brian, so much for being here. Unfortunately, time flies when you're having fun. You have some good conversations. So since we're running a little bit low on time, you want to tell folks at home where they can learn more about mu maybe some upcoming stuff?
Brian McDonald (00:58:54):
Absolutely. You can find email@example.com. That's M U T A R e.com. [00:59:00] Just hit the website. If you're a current organization who wants to learn more about this, we've got more data on there than you can shake a stick at. And also we are offering free proof of concept installations for customers for 30 days. So contact us about that. Okay,
Lou Maresca (00:59:21):
Fantastic. Thanks again, Brian, for being here. Appreciate it. Well, folks, you've done it again. You sat through another out of of the best dang enterprise and [00:59:30] IT podcast in the universe, so definitely tune your podcast. I want to thank everyone who makes this show possible, especially to my wonderful co-host starting with everyone. Mr. Brian Chi, Mr. Brian Chi, what's going on for you this week? Where can people find you in all your work?
Brian Chee (00:59:46):
Well, I'm still on Twitter. I guess it's now called X doesn't roll off the tongue the same, sorry. Anyway, I am A D V N E T L A [01:00:00] B advanced Net Lab on Twitter. And you're also welcome to throw email at me. I'm seabert spelled C H E E B E R T at twit tv. You're also welcome to throw email at at tv and that'll hit all the hosts. And one of the things I'm going to be doing this week is I'm trying to track down the gentleman that made the blue console, this little Bluetooth serial dongle. [01:00:30] He lives in Orlando, so I'm going to try and see if I can convince them to do a limited license on the design and software so that I can go and build some more for my friends and colleagues.
Lou Maresca (01:00:46):
Very cool. Very cool. Good luck with that. I want to hear about that if you do. Thanks Bert. Well, folks, we also thank Mr. Brian Chi and Mr. Curtis, Frank and Curtis, thanks so much for being here. Can you maybe give us a tease of what's coming for you in the coming week?
Curt Franklin (01:01:00):
[01:01:00] Well, let's see. What sort of things am I doing this coming week? I'm going to be talking to a group of future executive board members. It was interesting to have the conversation we did earlier. In this particular episode, I'm going to be talking to a cohort going through training in a group that [01:01:30] is sponsored by Allied with somehow connected to nasdaq. And it's a good group of folks. So I'm looking forward to that. I'm going to be doing things around insurance, cyber insurance, got a report coming out that should be live sometime in the next few days. Got several things I'm writing that'll be out on both dark reading [01:02:00] and on oia.com. And a lot of the things I'm doing on oia, I'm making available to the general public. Usually you have to have your company write what is frankly a fairly big check to Omnia in order to subscribe to our work. But I think in the world of enterprise security management, there's a lot out there that generally needs to be talked about. And so I'm trying to encourage that, [01:02:30] taking a lot of the things I write and making them available for everyone. And so I hope people will check that out. I point to all that on my social media. I'm on X kg four g w, I'm on Mastodon kg four g w.mastodon.sdf.org or something like that.
I'm getting, it's one of those things. LinkedIn [01:03:00] is a good place. Curtis Franklin, you're welcome to follow me on LinkedIn. And if you care for one reason or another about things like my running and my painting, feel free to check me out on Instagram, Kurt Franklin. So I look forward to seeing you one of those places. Let me know what you want to hear about in the world of cybersecurity.
Lou Maresca (01:03:25):
Thank you, Curtis. Appreciate you being here. Well, folks, I also have to thank you as well. You're the person who drops in each and [01:03:30] every week to get your enterprise and it goodness. So go to our show page right now, tweet tv slash slash twit. That's right. We'll help you get all the amazing IT and enterprise shows that we have there, all the back episodes, all the show information. But more importantly, next to those videos, you'll get those helpful, subscribe and download looks, get your show of your video version of your choice audio version of your choice on any one of your devices, any one of your podcast obligations on all of them, and it's really easy to subscribe and support the show. So definitely do that [01:04:00] and help us out. But you may have also heard there's also Club Twit as well. That's right.
It's a members only ad free podcast service with a bonus TWIT plus Feed DE really can't get anywhere. You can't get anywhere else. It's only $7 a month. And not only that, you get amazing access to the members only Discord server. I'm on it right now. A lot of great channels. It's really well managed, a lot of great conversations. There's special events that show up on there. So definitely check out Club twit, TWIT TV slash club twit Plus, you may have also [01:04:30] heard, they also offer corporate group plans as well. That's right. It's a great way to give your entire team access to our ad Free Tech podcasts. And the plans start at a discount rate of $6 each per month. That's right. And you can add as many seats as you like. It's a really great way for your IT departments, your tech teams, your dev dev teams, your sales teams to get access to all of our podcasts.
And just like regular memberships, you can join the TWI Discord server and get that TWI plus bonus feed as well. So definitely join Club Twit and check out that for your corporate team. [01:05:00] Plus, get this. They also have family plans, really easy to add. It's $12 a month. You get two seats with that $6 each, more per seat you want to add. And same advantages of the single plan as well. So lots of options that TWI tv slash club twist. Now, after you subscribe, you can your friends, your family members, your coworkers with the Gift of twit, because you know what? We talk a lot about fun and interesting tech topics on the show, and I guarantee they will find it fun and interesting as well. So definitely have them check out twit and subscribe. [01:05:30] Support the show. Now, if you've already subscribed, we do this show live.
That's right, live TWIT TV is where you go. There's all the streams there. You can come see how the pizza's made, all the behind the scenes, all the banter before and after the show live is where it's at. And if not, if you're going to jump in the show, actually watch the show live, you want to jump into the chat room as well. We have an amazing IRC channel. You can go to IRC dot twit TV in your browser, and then you can log in right there to our twit live channel. And then we have some amazing people in there, of course, each and every week. Lots of great discussions, [01:06:00] conversations, questions for the guests. We have some really great show titles for the show today as well in there. So definitely check out our I R C channel and be part of that. So appreciate all your support there.
Now I definitely want you to hit me up on any of the social channels, whether it's x.com/lm. I'm on Threads. I'm Lou MPM on Threads there. Of course, I post all my enterprise tidbits, what I do during my normal work weekend, Microsoft, I'm also on MAs on Lmm at Twit Social direct message me, ask questions, have conversations about career. Whatever [01:06:30] you want to do, definitely hit me up there and have a conversation. I'm also on LinkedIn, Louis Morasca there. Plus also, if you want to have and see what I do at my job on Microsoft, definitely check out developers.microsoft.com/office. There we post all the amazing and great ways for you to make your office experience more productive for you in your organization. Not only that, if you have Microsoft 365, check out the automate tab in Excel, just pop up in Excel, check out the automate tab there on your ribbon there.
You can create some amazing automations directly in [01:07:00] Excel there. And not only that, you can run them in the cloud using Power Automate. You can run them without even having the client open. You can send emails, you can ingest more data from different sources. Lots of great ways to customize the pipeline and use Excel for your analytics. So definitely check that out at developers.microsoft.com/office. I want to thank everyone who makes this show possible, especially to Leo and Lisa. They continue to support this week at Enterprise Tech each and every week, and we really couldn't do this show without them. Thank you for all their support over the years. Of course, thank you to all the [01:07:30] staff and the engineers at twit. Of course, they make this show possible. And of course, thank you to Mr. Brian Chi one more time. He's not only our co-host, but he's also our Kyle's producer.
That's right. He does all the bookings for the show, and of course he gets all the guests on the show as well, and of course the plannings of the show as well. So thank you for your support, Mr. Brian Chi, of course, again, of course, before we sign out, I want to thank our editor for today because they will make us look good after the fact cut out all of my mistakes. So thank you so much for your support and of course, thank you to our technical director today, Mr. [01:08:00] Ant Pruitt. He does some amazing shows here on Twit Ant. What's coming up for you on twit this week?
Ant Pruitt (01:08:08):
Well, thank you Mr. Liu. Actually, I had a fun time in Club Twit this week. I was able to interview Mr. Daniel Suarez, as well as Mr. Hugh Howie together all in the same room, virtual room that is, and we had a really, really good time because they're old friends. Didn't know they were old friends, so we got them together and just chatted like a bunch of old friends. [01:08:30] So make sure you all check that out. But sir, one more thing for you. Actually, word on the street is today at the time of recording is Star Trek day. Does that mean anything to you? Oh gosh. You such a nerd. Well, since it is, we
Lou Maresca (01:08:48):
Got 'em lined up. We got nine movies to watch
Ant Pruitt (01:08:51):
Today. Oh my gosh. Well, since it is Star Trek day at the time of this recording, I'd like to recommend you check out our space podcast this week [01:09:00] in space with Mr. Rod Powell and Tart Mallek, their episode that's going to be releasing right now. They talk a little bit about Star Trek Day and a bunch of other interesting things. So check 'em out, twit tv slash TWIs.
Lou Maresca (01:09:18):
And until next time, I'm Lewis Mariska. Just reminding you, if you want to know what's going on in the enterprise, just keep twiet