Fabrice Delouche with Binalyze

00:03

Welcome to the Industrial Talk podcast with Scott Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's go.

00:21

Alright, once again, thank you very much for joining in does real talk. And thank you very much for your continued support. We are bringing a platform to the world that is educating individuals in the world of industry. That's what we're doing here. And we're at the IoT Solutions World Congress on site right now. Read this pointing at you in the video right now. And it is a collection of companies and people who are solving problems you don't even know have a problem. I guarantee they'll have a solution here. All right. In the hot seat, a hot seat, Fabrice. And by the way, Fabrice. You're the first one out of the out of the cat, out of the bag, here at IoT Solutions, World Congress. Thank you. And then now the company is finalized. There we go. Let's get cracking. Yeah, you're the first.

01:12

I'm happy to be the first. I would want. Yes, it's a privilege. It is. It is.

01:21

Thank you very much. Appreciate that. All right. You have a good conference? Yes. This was the first time here.

01:28

So first time here. First time in the name of finalize being in the cybersecurity Congress. Well, obviously, IoT and OT is part of the seven. So that's great.

01:36

There to two final. Yeah, so this is, and I always have to keep this keep track of this. This is the this was the Congress. It's cyber related. Right? It's an it's bringing a lot of companies together to I mean, a cyber is a big deal.

01:53

So it's a big deal on. I'm seeing this more and more often in the events we are doing, obviously, with the people we are interacting with. The fact we have in one single place, one single area, all those I would say, technology that are interesting to this and how they can be secured by design. This is how we try to interact together.

02:14

Even if you're a competitor, I mean if you guys,

02:17

but so far, I haven't seen any competitor. Yeah, but I don't know who they are.

02:25

But it is it. I do like the fact that it's collegial. Everybody say it. Okay. The problem is yes, there's a lot of nefarious and bad people out there and we got it right. How do we how do we continue business? How do we protect those assets? How do we protect the business from that so that we can continue to sort of enjoy what people do?

02:44

Yes, um, you talk about business. So just keep in mind that no matter what we are doing at the end of the day, is to avoid the business to stop. So this is why we're here. Obviously, we are not the only one to, let's say, help this environment to be secure. But at the end of the day, there is a real situation that we're facing since few years that there is new threat, that we're not existing 10 years ago, that we have to face. And so the developers, the new company, needs to be able to protect themselves from this is to protect their people to protect the assets you mentioned, but also to protect our business.

03:19

Yeah, in No, no doubt about it. I agree with you. 100%. And it is important. The the scuttlebutt on the street has always been, hey, I'm it, I do I protect I do I do the IT stuff. But that has been obliterated. Because of all of this sort of IoT, IoT, AI, all of the stuff that's helping the OT world become better. But then that just opens things

03:49

up. Yes, because, again, it's definitely something that resonate on the market today. Everything wants to be connected, even your fridge tomorrow will be suggesting today, but I will say not everyone got a fridge connected, but I'm sure in few years, everybody will get it. It's not that you need it is that you will not find any other product, which will not talk to other products in your environment. Cars are the same. No, no, they are a building big platform worldwide, to accelerate, autonomous driving on ramp coming from this world, just for you to know but the reality is that it's not a question of if you want to adopt it or not, it will happen. Now, everyone needs to understand what is the benefit I get from this, the thing that you will get is the usage, the ability to get a new experience, the thing that will not accept is that you can get rich or you can get your data stolen, or you can get your money removed from your bank, then you will start to complain say that I bought a new car. Why should I be facing such issue now because my car is connected to this to my one whatever. That's an example. The ready that all those issues or threats are happening more and more often. And why we were creating buying allies is to understand and tell the story Who has done what, when, how, and to be able to analyze this from a timeline perspective, to avoid this to happen again, which other partners maybe do, okay? But what we are tending to understand is what happened in order to prevent the risk to happen again.

05:19

Take us through a process take us through the sort of that, that journey. I get it in the world that we live in. And the threats that we face never stops. It's not a static environment. It's not like

05:35

a city, as we say, What's heading I velocity? High

05:38

Velocity? That's exactly correct. And it doesn't stop. And for me, let's say I'm ot guy, I just want to I just want to manufacture I just want to do my thing, right. But there's never How do you take us through a process of how do you keep ahead of that?

05:55

So that's not only a good question, that's the main challenge that we are all facing cybersecurity. So obviously, you need to be able to understand that what you know, today will not be very tomorrow. So it's like a mindset that we need to have in cybersecurity space. But I don't want to be too negative in what we are dealing with. What also we are facing that is not complex at the end of the day, because you can see some students were put in some very big companies being hardtack, or get ransomware. On the one behind that we are just students are teenagers. So it's not that they are smarter than engineers who develop that product is that they know how to find the bridge, because they are a teamwork worldwide. And they are learning very fast. So the rarity is that when we develop some products or T products, they were not put in the real world, in order to get stressed enough to make sure they are secure. One of the reality in OT, which is a shame, but it will change for sure that no one looked at the security as a layer of development. Usually it was done at the end.

07:06

You know, that is so true. And you know, guilty as charged,

07:12

especially in the in the legacy environments, mechanical environments, you know, engineering, those guys, which I was part of I was a developer in engineering years ago. And your goal is to develop a smart product on time during the delay the budget, the quality, but not secure is not part of the of the request. Now it's becoming since few years because so many breaches, put big companies at risk. And we have seen on we'll see more, because those products were released without being security,

07:42

focus. See. And God bless you guys in the sense that that has to happen, we have to continue to sort of proceed forward as a society, and that is doing the economic things. And that's manufacturing that's doing the things that we do best. And, and yet there is this community out there that is destined to create that chaos that that and never stops. And it would just seem to me that I would me, well I'd if I put my hat on, to be able to just know that know, with confidence that I can continue my business, do what I do best, and know that I am safe.

08:27

Exactly. And so the good thing is that today, we have more and more partners or companies that are able to handle this type of service. Okay? So, at the end of the day, it's not a question to say, am I protected, I am secure, is just that when something bad will happen, I must be ready to handle it.

08:47

You're, that's a whole nother conversation because I don't want to be, you know, Debbie downer here. But reality is, is that if you're gonna be faced with that, if you're in business, you're gonna be faced with that. And, and, and I think that the ability to be able to do some root cause whatever it is, to be able to prevent it, but understand, learn and grow from that. And for and protect against, I think it's just key. So

09:15

you are just opening a very great door. Because why by analyze was created is to get the root cause understand what happened. And the reality is that no matter what of the level of protection you put in your environment, which is an IT environment, global, local, virtual, whatever it is, if it's a product, when something bad happened, you need to get the ability to analyze it. And this is where all technology just to talk a bit about it is coming in play. But the reality that Okay, you tell your story, you were able to find the root cause but why you were not able to do that before this happened. What prevents you to the analysis before this happened? And this is where we're also visible today. This is what we call proactive or preventive forensic meaning Why you are not investigating in real time, your development, your product, what is running your operating system, in order to understand that the bad guys, if they do that, they can put you in trouble. So this is all a question of maturity on we know that obviously, it's not like everybody trying to look at us and say, Oh, guys, but while you're doing that it's a waste of time. No, the reality is that there is a need for this. If you look at what happened the past 12 months, we never heard so many big companies, which are very mature in the cybersecurity space, been hacked. With big news, ransomware, finance, beans, I mean, money being stolen, those guys are the experts in cybersecurity, they have all the technology, but they got bridge. Why? Because it's very complex. And so gone, the impact was done, because they had most of the time, not the ability to react at speed. So speed is always a key environment. And this is why we create this technology, which we call Binalyze. Err, which is a platform we trained on the customer side, on premise, also, in order to tell the story, no matter what happened, tell the story in a very effective way for the analyst. At the end of the day, we are talking with analyst to be able to accelerate their time to close the incident, and also to play these vertical playbooks in advance to be proactive, what we call compromise assessment. So this is just something that should be tomorrow in operating mode to run 24 by seven 365 days per year. Must have company do that during the week, we can No, no, we have no time. Oh, we have nobody even worse. So this is a level of maturity on when you talk about ot OT is running it, there is no one behind it. Your car is running you don't you don't know if you get hacked when your car is parked on the parking? This is when maybe the risk will happen because no one is there. So it's easy to stall the car

11:54

a question because you brought up some really good points in that statement. I think speed is key speed, escape, compress, compress, compressing, make it faster, faster, faster, and do you know drive for that? And I see the value of really compressing that time. Got it? When you do your forensics, when you do your analyzing of it, do you do have an opportunity to to share it to a community and say, Hey, we found this out.

12:22

So that's a very good point. So just to clarify, we are providing this technology to the people who will use it partners, customers, which is enterprise. And those are the ones who can share then the story. We don't share any story because we are not the one who is legitimate to tell that all technology is able to find a bridge. Obviously we know that but it's not under her name that we can share it. But with a community that exists which is usually cert community, you know, I can just give a flavor of what is asserted because maybe the audience is not up to speed with that. But it's basically to deal with emergency and response. Again, speed response means you need to be fast. So now we see more and more at government level, country level, those things who are to share within the community what they have found. It's linked to what we called threat intelligence. threat intelligence is the ability to identify the bad guys who are able to impact the market worldwide. In order to avoid this to happen. Those teams are usually using technology like us, in order to tell the story. But we are not the one who are telling stories we can share in a very agnostic way.

13:34

I view you and others within this community. What we have here, I find that there's that I envision a defense like like there's a wall line of there's there is there's a battle, there's there's there's fighting going on, it's just happens to be in a cyber way. But I that's what I see the role that you play in others, and why it's important. And if if there's anything that I can sort of communicate to industry, it's it's a simple fact that it's happening. Yes, and it needs to be upfront in that conversation. So,

14:14

one word that is key also is live. Before we are talking about incident response. Now we talk about live response live means you need to go fast, and to go at the same speed of your opponent. And when you talk about defense is in the cyber world where you have obviously cybercrime so cyber is just the way to say it come from outside, you know that you have a flow of the threats, internal threats, that can even be worse sometimes. So this type of forensic that we provide is also eligible for internal investigation. So for us, there is no difference between someone who is part of the company who made something bad versus someone outside of the company who is doing something bad for us. Exactly, to find the root cause. And the technology we developed is to do that.

15:06

I see the importance I understand I, I get the picture of what what you're saying. Now, if I'm just a company, just a company that wants to do better. And that means I want to get greater insights into my assets and all of the stuff that's wrapped around digital transformation, how difficult and I call you, and how difficult will that conversation be? What what is just general process to make sure that I hear what you're saying, Scott, we need to do this, this this, and then we can get you in a position where you have some level of competence. What's

15:41

what is, so as we shared offline, I was a CFO before on I was a CIO before, so I went through that journey. So it's not like it's an easy path. Okay, the rate at which I always share to all my peers on it, what I'm doing is back to basics. So don't focus on technology, technology will be a commodity, focus on people on process. That's the basic foundation of anything people process on, then, when you have that, you may think about technology, what we are seeing in the threat landscape, more than 90% of root cause analysis, which show that someone trigger that risk, trigger the situation accelerated press, click link, whatever human was involved. Human was always involved, I would say 90%. Because I don't want to say 100%, because the rate depends on the cases. But he's still very today, after some people know now we are talking about 75%. Okay, but it's still more than 50. Why? Because human in the process are involved on there, potentially not trained, or they don't have any clue about what they're doing, or they were not even aware. So people are the central place of risk still today. Now, how do we do that? It's a question of maturity, again, on what is the way you want to make your people aware. And autonomous. One example with a COVID. What we have seen, it's accelerate a lot people to work from home. They had to work from home, due to the global risks that we have to face. But the reality that most of the companies were not ready to get their people to work from home. The only thing that was the commonality is that they have to work with an IT staff, which is called a computer. But why you cannot use your computer at home is a computer there at that because it was not secure. No control were put in place to give you the ability in most of the companies to use your personal computer, and to do things you have to do, which the computer can do. So the question of it cannot do it. But due to restrictions control security, it was not available, it accelerate the maturity in most companies to go to the best in class of remote access. This was existing since decades. Most of the complexity No, no, we don't go there. Because it's not secure, which is a wrong statement. It's even more secure sometimes. But it costs some money to put this in place is what we call digital transformation, change management. That accelerate in a way, but not for good because it was done in a very small timeline. We have some companies face a very difficult situation. But at the end of the day, two years after most of the company, no other work from home policy, with a very good cybersecurity, I would say Foundation, which is the baseline. So people are happy because they can stay one two days at home without kids without whatever, you know, activities they want to do, and they are very effective. So we are seeing a change in cybersecurity, that obviously you know that frontier are not exist in our world. There is no frontier. It's a worldwide risk we have to handle on this risk can come from anywhere. Yeah.

18:53

Yeah. Now you're you're absolutely spot on. All right, we got to wrap up. How do people get a hold of you to say, hey, I want to have this conference at least have begin the journey begin the conversation.

19:08

So we have a website, which is the entry point is yours to get a flavor of what we are doing. WW dot Binalyze bi n a l ys.com.

19:20

That was painless. It's pretty easy. And then you just reach out and then you have a conversation.

19:25

To contact us. My name is Fabrice, the Roush you can find me on LinkedIn. But we are Team. And we have smart people who are able to answer your questions.

19:34

There it is. There's the grabber statement right there. You are absolutely wonderful. Thank you, sir. Great conference, man. He's just right down the street from in our neighborhood right there, just down that way. All right. Once again, we're broadcasting from IoT solutions World Congress 2023 in Barcelona, and I want to tell you that this is a growing community, a growing conference that you need to be a part of put this on your calendar for next year. If you're not I'm here today, because you will not be disappointed. There's a lot of great people out there trying to solve problems and trying to really, it's really collaborative. So please put that on your calendar. All right, once again, thank you very much for joining. We're gonna have wrap it up on the other side. Thank you very much. We will be right back.

20:18

You're listening to the Industrial Talk Podcast Network.

20:23

How about that for another great conversation from IoT solutions World Congress, you need to put that on your calendar for 2024. It is a must attend event you get to meet people like February's and talk about cyber security. If you're in the world of connected assets, cyber security, and if you're in the world of is anything that's IoT, digital transformation related, you need to find individuals, you need to find companies that you can trust to be able to protect those vital assets to help you succeed. That's where Fub reason and I want to say penalize Yeah, I think I got that right penalized as the company, it doesn't matter. It'll all be out there on Industrial Talk.com. And you'll get, you'll get the information directly from that wonderful company and reach out to Fabrice. And he knows his stuff. It's It was a fantastic conversation. All right, we're going to be attending IoT solutions World Congress 2020. For next year, we're planning on doing that. If you are in the neighborhood of Barcelona, and you are planning to attend that event, you need to look me up, look me up and Industrial Talk, and get on the podcast, tell your story. And that goes for anything. We're going to be at a number of conferences this year. And we are passionate about celebrating you. And you need to be a part of this ecosystem in a big, big way. Because it's expanding. And it is including all the problem solvers. And you know what? You can reach out to everyone this is a network. This is a network that you can collaborate in. Make it happen, people will be brave, dare greatly hang out with Fabrice and you're gonna change the world. We're gonna have another great conversation coming from IoT solutions World Congress shortly so stay tuned.