Jon Clay with Trend Micro

On this week's Industrial Talk we're talking to Jon Clay, VP of Threat Intelligence with Trend Micro about “Securing your Digital Transformation Strategy “.  Get the answers to your “Cybersecurity” questions along with Jon's unique insight on the “How” on this Industrial Talk interview!

Finally, get your exclusive free access to the Industrial Academy and a series on “Why You Need To Podcast” for Greater Success in 2022. All links designed for keeping you current in this rapidly changing Industrial Market. Learn! Grow! Enjoy!

JON CLAY'S CONTACT INFORMATION:

Personal LinkedIn: https://www.linkedin.com/in/jon-clay-0880512/

Company LinkedIn: https://www.linkedin.com/company/trend-micro/

Company Website: https://www.trendmicro.com/en_us/business.html

PODCAST VIDEO:

THE STRATEGIC REASON “WHY YOU NEED TO PODCAST”:

OTHER GREAT INDUSTRIAL RESOURCES:

NEOMhttps://www.neom.com/en-us

Hitachi Vantara: https://www.hitachivantara.com/en-us/home.html

Industrial Marketing Solutions:  https://industrialtalk.com/industrial-marketing/

Industrial Academy: https://industrialtalk.com/industrial-academy/

Industrial Dojo: https://industrialtalk.com/industrial_dojo/

We the 15: https://www.wethe15.org/

YOUR INDUSTRIAL DIGITAL TOOLBOX:

LifterLMS: Get One Month Free for $1 – https://lifterlms.com/

Active Campaign: Active Campaign Link

Social Jukebox: https://www.socialjukebox.com/

Industrial Academy (One Month Free Access And One Free License For Future Industrial Leader):

Business Beatitude the Book

Do you desire a more joy-filled, deeply-enduring sense of accomplishment and success? Live your business the way you want to live with the BUSINESS BEATITUDES…The Bridge connecting sacrifice to success. YOU NEED THE BUSINESS BEATITUDES!

TAP INTO YOUR INDUSTRIAL SOUL, RESERVE YOUR COPY NOW! BE BOLD. BE BRAVE. DARE GREATLY AND CHANGE THE WORLD. GET THE BUSINESS BEATITUDES!

Reserve My Copy and My 25% Discount

PODCAST TRANSCRIPT:

Thu, 6/30 6:51PM • 44:47

SUMMARY KEYWORDS

network, work, cybersecurity, organization, trend micro, companies, attack, tx, scott, backdoors, digital transformation, industry, threat, cyber, targeting, people, systems, critical infrastructure, build, ransomware

00:00

Hey industrial Talk is brought to you by CAP logistics. You want to minimize downtime. Absolutely increase reliability, you bet ensure operational profitability. Yes you do. That means you need 24/7 365 insights into your supply chain look no further cap logistics go to cap logistics.com Or just call them they're great people 800-227-2471 also TX one now you know cybersecurity is important if you're on this digital transformation journey, TX one networks has the solutions for you. And you're saying to yourself, Scott, they're going to be complex, they're going to be difficult. No TX one's taken that into consideration. And they provide a suite of solutions that truly meet your cybersecurity needs. Go out to TX, one dash networks.com and find out more, you're not going to be disappointed.

01:05

Welcome to the industrial talk podcast with Scott Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's get

01:23

our right welcome to industrial talk the ever expanding industrial ecosystem that is dedicated to solving problems. It is featuring people that are bold like you brave like you, you dare greatly you, and you're solving problems, and you are just making the world a better place. That's not hyperbole. That is a scientific fact. All right, in the hot seat, we got Jon Clay. He is the VP of threat intelligence at Trend Micro, but I'm looking at a stat guard 26 years at Trend Micro he's seen it all. And I'm telling you right now, you need to know and you need to bone up on on definitely cybersecurity. Let's get cracking. Yeah. Yeah. So, yeah. If you're in digital transformation, you know, the buzz out there? How do we secure it? Yep. Manufacturing, how do we secure it? Everything industry? How do we secure it? Jon brings an this, I'm just telling you right now, this podcast is a notetaking podcast. So you listen, you take notes. And if you didn't get it, you rewind, you take notes more, because he's just, I mean, he's rifling through I mean, so many, just challenges and solutions that you just need to be aware of whether you like it or not. And if you have to take a breather, you put it on pause, because he is not letting up. He's has seen so much, it's an exciting time. And I've been wanting to have a real meaty conversation around cybersecurity, what to do, how to do it, because I think personally, Scott Mackenzie, ever so humble, I believe if we don't do this, right, if we don't protect our digital transformation, you know, this journey, then it's at risk, because then you're gonna get companies that are gonna say, I hear you, I see the importance of digital transformation. But the risk of somebody coming into my business and wreaking havoc, far outweighs the benefit. And I've just got so we've got to do this, right. It's important because digital transformation is important. This stuff is important. All right, I want you to go out to industrial talk outside of the fact that it's got a lot of great content. It is a massive collection of great thinkers, but we're going to be gearing up some we've got two webinars series, six parts, maybe seven looking for it. One is going to be in the state of energy and utilities. And it's going to just its state of, it's not going to dive deep to to a certain extent, but I we came back from distributech and and there was just so much buzz going on a lot of changes taking place within the energy and utility space. That's that, you know, we're going to focus in on now and we're gonna we're gonna bring in these great thinkers and, and you're just gonna, you're gonna enjoy it. You just are, I just I guarantee it. It's a guarantee. I'm not going to send you anything, but it is a guarantee. And the other one is in manufacturing. Now we're going to do stuff in cybersecurity, but, but the reality is, just like in in energy and utilities, right? There's a cyber component. What does that look like in manufacturing, all of the great stuff that's taking place in manufacturing, there's a cyber compute component. So we're going to also address that where it links in and all that good stuff. All right. Now you need to go out, you need to reach out to Jon Clay. Yep. And it's J ONCLAY. And it's Trend Micro Well, good luck. And Jen, we go to the same barber by the way, and you're not gonna be disappointed reach out Connect. Is this is an excellent conversation. So here's Jon and enjoy the conversation. All right, Jon, welcome to industrial talk. Thank you very much for finding time here to look at. He's waving his hands here. We're out on video. He's a nice guy, too. How are you doing? Jon, thank you for joining us.

05:23

It's got doing great. Happy to be here. And looking forward to our conversation.

05:28

We've been working on this for some time. It's it's one of those passionate to be able to be able to talk about cyber security, digital transformation, how it all works together. And I know listeners you said I don't want to talk about you have, we have to secure our assets, we have to secure our networks and and Jon brings a wealth of knowledge. And so there you go, Jon, for the listeners out there, give us a little background for one, one on who you are.

05:59

Yeah, so I am vice president of threat intelligence at Trend Micro, I've been in the cybersecurity industry, Scott for 25 years, almost 26. Now, all with Trend Micro I did a number of different roles. But most recently, what I do is I work with our threat research teams to understand what threats we're seeing out there in the world that are targeting our customers, and help bring that information and educate the population out there about cybersecurity about the threat landscape, about the criminal actors and the malicious actors that are targeting them.

06:31

I've got to ask the questions. What do you see it? What are some of the things that are happening? Because that is just great fodder for conversations? You're gonna make it simple, but what are what are you seeing out there?

06:43

Well, you know, the, the big one that we're seeing right now is obviously the crisis between Russia and Ukraine, and the fact that Russia has been targeting the Ukraine critical infrastructure for quite a long time, you know, a number of years ago, we saw them target one of the power plants and bring that down. And a lot of that was actually them learning how to target critical infrastructure, and the networks that that created, the systems that run the the operations and all that. And they learned very well, obviously, because now we're seeing in a cyber warfare, hybrid warfare, that they're actually targeting those types of industries. And you know, when we think about critical infrastructure, Scott, one of the things we don't think about is the misinformation, disinformation campaigns that Russia has been doing against Ukraine, as part of targeting the news, and the government agencies and websites that provide information to citizens. And that's a key part of the infrastructure that we have to think about as well. It's not always, you know, power plants and water plants, it's news stations, and, and even social media vendors that could be targeted as part of this. So, you know, it's a very broad, unfortunately, a broad issue that that these organizations can get targeted, we certainly see a lot of nation state activity. But one of the things that we're seeing in this in this actual conflict is the use of cyber mercenaries. And if you're not familiar with what a cyber,

08:16

because that's a new term,

08:18

Santa yes scenario.

08:20

These are essentially non combatants, who picked up the support of a nation state and hack for the for the country. So you saw it with the Conte group, which is a ransomware as a service or group that pledged their allegiance to Russia and said, We will target anybody who goes after Russia. And then on the flip side, we saw anonymous come out of the woodwork. Anonymous is a you know, a big hacktivist group, they came out and started targeting Russian networks. So you've got these, these all these players out there now that are working for and against the nation state. And that's an interesting development that we hadn't seen much in the past, and we're gonna have to deal with that type of situation to now in the future.

09:05

The learning that I Okay, so I'm still stumbling on cyber mercenaries. It makes sense, right? Yeah, it makes sense is as so these individuals, they're being are they being paid? Are they paid mercenaries? Are they saying

09:27

that easily? Not usually, again, they play well, part of the one of the models that Russia had brought to the table years ago was that, that you have all these cyber criminal gangs that go and launch attacks against, you know, other countries, businesses and stuff, and they get profit from those. And Russia goes, Hey, we won't arrest you. As long as when we call you to ask for your support in a nation state type activity. Oh, way we're gonna let you we're gonna let you slide. So and that's one of the things that's one of the challenges you have With the cyber mercenaries is that it's kind of a gray area in cyber right now is are they combatants? Are they non combatants? Are they criminals? Are they not criminals? It could be all of the above. So it's really going to be a challenge. I

10:14

don't even know where to go with that. One that that is that's interesting and frightening all at once. Yeah, right. It just is one

10:22

of the things. Scott, one thing I want to bring up, as I mentioned that the the early attack on the Ukraine power grid. Yeah. And one of the things we're seeing now is this idea of let's go hack into a network, but not to any kind of damage, let's not do any kind of cyber criminal activity, we're not trying to profit, all's we're doing is actually going in and trying to find out, can I get into an OT network? Can I get into an HMI system? Can I get into an industrial robot, and they will just do that to educate themselves on what is possible. And that's one of the thing where we've been seeing over the last several years, where a lot of companies may not even realize that they've been infiltrated. Because the the actors behind it aren't necessarily trying to do any, any specific activity like ransomware, for example, or, or exfiltrate, critical data, they're just in there to learn what's possible. And that scares the heck out of me, because that, and then on the on the flip side, what they can do at the end, is dropped some backdoors that can be accessed at a later date. So their backdoors sit on these networks for potentially even years, and then they get activated when they're needed. And that's, that's one of my biggest concerns with the Russian Ukraine conflict right now, that Russia or one of these nation states is dropping these backdoors into our critical infrastructure, and just letting them sit there and and basically sit and be resident and not be found,

11:56

and just formatted. And they they at that time, give them a tap on the shoulder saying, all right, I'm calling you into action and do whatever is necessary. And, and we or others don't even know they exist, right? How does somebody with that with that reality? You know, what's happening? You know, what's happening with that reality? How does? How does an organization we will get into digital transformation, but this is a better conversation right now. It's just FYI. How does? How does a company just say, Okay, I'm going to take the position that I've been hacked in some way, shape or form? I've got some backdoors. I, let's just take that. That approach? What are some of the things that can be done from a company's perspective to say, Okay, I haven't, but I'm blocked. I'm creating a wall.

12:47

Yeah, I mean, there's a few things that you can you can think about doing. One is that command and control infrastructure, which is what keeps them giving, having access into the network, you can try and identify that. So you look for, you know, you look for communications, outside outbound communications to command and control servers, or servers and other areas of the world that maybe you don't do business in. And that because that's where they've they've put their infrastructure. The other thing is, you look for files and certain types of have executables, that may be not typically resident on those systems. So you're looking for anomalies. And that's, that's the hard part. Because, you know, unless you know exactly what files and applications are supposed to run on those systems, and you look for anything that's out of out of sync, so to speak. That's the only way to really try to identify them. The other option, obviously, is if they do get activated, then you find you try to find that activity and identify it. But it's going to be difficult, because they do try to they hide their tracks very well. They put a lot of obfuscation and a lot of these files and executables that they drop on these systems. But yeah, it's that big one, I look for that kind of stuff.

14:03

That begs the question. And the question is, you your organization Trend Micro, it, you're constantly and you have in 2526 years, have got to be you've got to have your fingers on the pulse of all of the things that are taking place, and all the things that are changing and all of the and and to try to keep current as much as you possibly can. I don't know how you do it. Seriously, that's a huge job.

14:32

I mean, we've been in this industry for 34 years now. And the one thing that we know is that change will happen regularly. And so we've been able to innovate over the years, and we have these you know, we have people on staff that all's they look at is command and control servers and that infrastructure and that's their whole job is to go and find these systems out there in the world and then add them to our protection capabilities. And the same is true with backdoors. Same is true with you know botnets all that kind of stuff are new, you know, TX one, which is our new venture with Moxa that we've done recently, they're fully dedicated to the ICS SCADA ot network protection and, and understanding what are the threats that are targeting that type of infrastructure, and then coming up with technologies, and we're using a ton of artificial intelligence, machine learning, you know, whatever technologies needed. The nice thing is, because we are such a big organization and have so much resources and capabilities, we're able to build a lot of proof of concept engines and technologies to detect these threats. And we take the ones that work best, and then we move on to the next one. So, you know, over the years, we've been able to innovate tremendously in giving back to the community, giving back to the industry with some some stuff, we've got a number of open source technologies that are in there and open source now that we've we've provided and so it is, but it is a difficult thing, we're always trying to stay ahead of the bad guys. But as you know, Scott, they're very good. They're very well funded nowadays. And they do things that are difficult to defend against. And,

16:17

and now all they have to do is get it right once, right, and they can continue to try to find that soft underbelly in any type of network, and they can just get it once. And then you have to be 100%. You got to or if you find a threat, if you see something happening, how do you compress that time? How do you write? How do you correct dwell

16:37

time, if you can, if you can minimize the dwell time, then an actor or a group is inside your network, obviously, that's what your your your ultimate goal is the reality, Scott is that you're probably going to get infected, you're probably going to get compromised. So then it comes back to how quickly can I identify that I have been infected and infiltrated, I mean, you think, look at ransomware, for example, ransomware is the most noisy threat that are ever was created in the world, right? Because as soon as ransomware hits, all of a sudden, there's all your screens come up with a little message that says, You've been hacked by CompTIA. Revel or sodinokibi. And you owe us a ransom. And here's how to get access to you know, and negotiate that ransom. So you know, you're infected. But the problem is, is that that's the last stage of typical campaigns that are against your organization, they've probably been in your network for, you know, weeks, sometimes months already doing things. And then the last stage is let's just drop some ransomware to get some more money out of it.

17:37

So if I was an organization, and I'm listening to what you're saying, I'm already getting a little upset, you know, for lack of a better term. What are some of the push backs that you're seeing, we've got this whole digital transformation journey thing happening. And it's, from my perspective, it's still tip of the iceberg. Everybody's just sort of coming up with more use cases and doing this and shunting it here and analyzing that and put it a device out there. They're there. They're there. They're there, all over your network. What's the pushback? I would, I would imagine, if I was, you know, CEO for the day of some company, I would say, first thing, we're going to do any strategy, we need to make sure that our, our cyber our security strategy is in place and solid and not, you know, not something that squiffy? Yeah,

18:30

yeah, there's a couple of things that I would recommend an organization to, first and foremost is understand your attack surface. So do some of the attack surface discovery, which means essentially, look at your external IP segment, and identify all of the IPs that are external facing. And then once you do that, scan those and find out where are the weaknesses? Do I have open ports? Do I have open servers? Or do I have a couple of accounts that that don't? Haven't, you know, updated? They're, they're using a password or they they're set up with two multifactor authentication? Do I have vulnerabilities that haven't been patched on those systems, you do the same for your internal attacks of your internal network. And that includes your accounts, right, your administrator accounts, which are critical, do they have two factor authentication setup to access those because if they don't, the likelihood that you're going to get brute force or you're going to get some account taken over? Because there's a really weak password associated with it is pretty high. So once you identify all these, and then you mentioned the devices, right, I'm throwing devices all over my network. And a lot of times these devices don't have the capability of running security software. So now you have to think about how do I protect those assets? One, how do I identify that they're on my network, but then to how can I protect those assets through a layered approach and you know, network based approach whatever it might be, but you identify your assets and then you start looking at what are the risks associated with the As assets, you know, are there open ports are there vulnerabilities that have to be patched are there you are virtually patched or something. So then you start building out that capability and understanding and then you can start applying your security controls based on the risk level, you're willing to take associated with all that information, whether it's data that you want to protect devices, you want to protect, you know, whatever it might be. The other aspect that a company has absolutely has to do is build an incident response plan, and build that plan in a way that a lot that you recognize that if I am attacked, and I've got business critical systems that are down, I've got data that was exfiltrated. How do I, how do I make sure that I have business continuity in place? I can, I can make sure my critical systems and processes are still running day to day operations, etc. If I if I happen to have data exfiltrated and I, you know, do I have a plan to negotiate with the criminals do I do I have somebody who knows how to negotiate a ransom or an extortion attack, and make sure that so you want to get all of this upfront, and then run that plan through an exercise it to make sure you will everybody understands their role, what they play, how they're supposed to address it, you want to have your number to the FBI or to law enforcement, because you probably want to have them involve your cyber insurance company, you want them on speed dial in case something happens. So all of that, I think is, you know, you know, that's a lot. I've said a lot. But unfortunately, that's almost table stakes in order to be at the level that you need to be at to minimize that risk of compromise.

21:45

I think it's a non negotiable, I think it needs to do that. I'm sure that their companies say, no, not us, we're not going to get, you know, hacked or whatever you want to call it, that that's the other person, it's sort of like, but I think that if any company that has a desire to go down this digital transformation, it's just opening up other opportunities for penetration into their networks in some way, shape, or form. I just, it just is. And the thing,

22:13

the reality, Scott is there's a ton a ton of small business manufacturers, you know, that are vendors of other big corporations. And they have they have access to that big corporations network through and, and so what a lot of these malicious actors are doing what we call island hopping, which is I'm going to target the small little vendor who probably thinks I'm too small to get in, compromised or get infected, and they use their access to that bigger network to gain access to the to the ultimate prize, which is that big content company that they do work for. And that's where, and that's one of the things we're starting to see big too, you know, like, and then we also call that supply chain attacks, those are getting to become more personal. And that's why when I talk to customers who are small businesses, I said, I always say, you know, yeah, they may not want your data, they may not live and want your intellectual property, they do want your access to you have to that bigger customer of your,

23:17

you know, you're just a conduit, you're just a way of getting over the wall over there. And and I achieved, I didn't even think of that. Yeah, yeah, island hopping, cause I'm becoming a smarter and more scared person every time we're talking here, all at once. I

23:36

mean, you know, I mean, obviously, I try not to do the doom and gloom as much as possible, Scott. And the good news is we are doing stuff that is very capable of preventing a lot of these attacks from happening, you know, you you you have a patch management system, or you do virtual patching, which is a much easier process than than actually doing the full patch, you implement that and that that can help you eliminate some exploitation of vulnerabilities that are going to go into your into your system, or, you know, you have a basic solution that can look for misconfigurations in your cloud at, you know, a cloud account. So if I make a configuration change, and I do something wrong, it flags it and says, Hey, you probably shouldn't do that because you're opening that that application or that device up to attack. You know, things like that, you know, just basic hygiene that companies could do. And one of the reasons we may be seeing more zero day exploits, which are exploits of a vulnerability that is unknown today being used more and more is because the basics are being done now by a lot of companies, so they have to go to the unknown stuff to make to be able to get into these companies and so so I think the defenders are getting much better at what they're doing and how they're doing it. Us as a security vendor has got we've done leaps and bounds tons of improved technologies over the last several years, you know, we don't do we do pattern matching still, which is the old school stuff, because it's still detects that a ton and ton of malware. But for that stuff that's unknown. We have artificial intelligence, machine learning those kind of capabilities and technologies that can help an organization. It's just they have to implement it a

25:24

couple of questions that come to mind one, when I'm an organization, and I, and I'm listening to what you're saying, and I think it's, it's touching a nerve, right? I'm hearing I've gone yeah, that's about right. I contact trend, micro, and I say, Hey, I don't know how my network stacks up. I don't have a good picture of anything. That's when we got our standard, whatever, off the shelf sort of security products, whatever it might be. I wouldn't be scared to say, hey, Trent, come on in here. Take a look at our networks. Do a little do a little analysis. And then give me the sad, but you know, what's the results? Yeah, I know that it would make me feel uncomfortable. But then again, I would also say, okay, good. Now what? What are the strategies? Where do I go? How do I, how do I get rid of those problems? strengthen this up? I think that that is a that's a must you find company says like, can you come in? And?

26:29

Yeah, yeah, all the time, Scott. And you know, the old paradigm in security was, I want to run vendor a here vendor B here, vendor C here, because if one misses it, somebody else is going to detect it. But the problem with that old school mentality is that every threat or every attack today is customized to the user to that to that victim. And so the first time you're going to see any part of that attack is at one time, and that's the only time you're going to see it. So vendor A, B and C running at these different points in my network, are going to see the threat at the the first time at the at the same time. And so what is needed today is more of a platform approach where you have products working in conjunction together that can collaborate and coordinate themselves together to be able to see this entire attack lifecycle that is going on inside your organization. And that's where our Trend Micro one platform cyber, a unified cybersecurity platform approach is actually improving the way organizations are able to identify, detect, and prevent and detect these these attacks that are hitting them all the time. And so you know, we're regularly doing demos, and we there, you know, customers and non customers come in and say, Hey, can you take a look at this? And, you know, we'll come in and we'll actually talk to you about what are your needs? What what, you know, what is your risk associated with your, your organization? And then how can we customize a cybersecurity plan to help improve and protect your organization. And so that's what we try to do nowadays. And it seems to be working. Like I said, one of the benefits that we have compared to a lot of our competitors is our breadth of coverage. So we do cover endpoints, and the endpoints could be, you know, servers, that could be virtual servers, it could be mobile devices, it could be IoT devices, industrial IoT devices, through our TX one solutions. It could be an OT network, the regular network, we got network scanners that can look for lateral movement. And in worms that go across the network. We've got products at the messaging layer, the web layer, we've got cloud infrastructure, our cloud one platform that looks at if you're moving to an AWS or an Azure or Google Cloud, we've got stuff that can do that. So you know, so you look at that. And we're seeing I think we get right now about two and a half trillion events a day that we we re bring in and analyze.

29:00

That is just Tea, tea. Yeah, with

29:05

tea with a trillion.

29:11

That's jaw dropping, and I try to be doom and gloom. I just I know that for us to be successful companies to be successful. industry to be successful. We have to just recognize the fact that that exist out there. What do we do to sort of harden our, our network? A couple of questions. One. We've had the pandemic, we have a lot of people that have transitioned to their home office. How do you manage something like that? Because it's one thing to be within, you know, brick and mortar four walls, here we are. We're here. But now you've got your workforce that's at home, whatever. How do we how do we ensure that that's safe, too?

29:56

Yeah. You know, and that's, it's interesting, Scott, you say that because we've had a couple of customers that have had us in to do a security awareness, part of their security awareness training for their, their their employees who work at home, because we have, we have, like I said, you know, we've got a whole consumer part of our business where we sell consumer based products, we even have a home network scanner that scans traffic going into and out of the home. And last year, we had over two and a half billion events that we analyze and threats that we detected going in and out of home network. And so you have these, these employees that are working at home, and they are experts at how to set up the router, right their home router, how to set that up so so the companies are struggling because there's two pieces to this one they have, you have your your your work computer that you're using and your work network and stuff. But then you have all these home devices that are that are owned by the the organization and you're they're not going to manage those for that employee. And yet, you have threat actors that are like we talked about that island hopping, that are going to maybe look at getting in getting into the home network, and then laterally moving because they get access to the to the the office computer in the home network, and they ladder and move into the network. So you know, so we're trying to educate these employees on how to improve their personal cybersecurity in their home network. Besides then, you know, organizations dealing with their, you know, their work from home employees by implementing, you know, you've got, you know, encrypted networks and so forth, that you're tunnels that you're setting up things like that, to ensure that that things are safe, a lot of companies are moving to cloud based applications. So that data doesn't reside physical computers, but they reside in a in a cloud database data center. And that's very good at making sure that that that critical data and that, you know, private privacy stuff is is much better protected than we've seen in the past.

31:59

It's interesting. When, when you see threats when you experience or when you try to eradicate new threats, see trends, you know, you you're in the trillions. Is there a community that you sort of work with and saying, Hey, here's a new threat. Here, I just be a part of a body that tries to keep current with all of this.

32:28

Yeah, you know, that's, that is one of the challenges we have in terms of, you know, public threat information sharing today, because there isn't really one entity out there. That does it for everybody around the world, it's usually pocket. So like, for example, we work with, and kick and Washington DC, which is the National Cybersecurity Information Sharing group, CSIS part of that. And, you know, if you've seen Sisa, recently, you know, they did the whole shields up for critical infrastructure. So Biden administration put up the you know, and Sisa put out the shields up recommendations, and those are those that has some great information for companies that want to learn how to deal with these threats and how to protect themselves. So missed some other stuff. But, but you know, so we share information with with those organizations, our bug bounty program, which is our zero day initiative group, who actually get bugs from independent contractors and researchers out there, and we they share their bugs with them, we get Pam Apolonia. But then we work with like Microsoft, and we work with some of the entities that that publish the vulnerabilities out there and publicly disclose the vulnerabilities. And then we use the information to build IPS signatures to ensure our customers are protected through virtual patches. So yeah, there's a lot of sharing going on, out there. But again, I think the biggest challenge that most people have in organizations have is obviously it's a global issue, but there's no really one global central place where all that information is shared. And that's something that's going to have to be looked at, potentially in the future. But for now, you know, the the main beneficiaries for us is our customers, because they're protected, obviously. But we do also share a lot of the information with our peers in the industry. That's been a model that's worked in the past. If you recall, just recently with the Russian invasion, there were some wipers that were launched by Russia and a couple of our peers in the industry found those those wipers and they share them publicly to the world and let them know so you know, I'm I'm hopeful that in the future, we'll see a little bit more of this public sharing of threat intelligence that that will happen.

34:43

You know, it's interesting the conversation around cyber around protection all of the industry. I find that outside of you and companies like yours, which I think is an important conversation and you bring a sense of real market insights and threats and all that. And that's good stuff. Like people are in it, there's a pushback or a reluctance to share my dirty laundry as a company and saying, Yeah, hey, I was I was penetrating and in the attack, and they went there, and I did this, and I lost that. I think what you're doing, and what, what you're sharing is so vitally important with industry. And, and I'm not asking for anybody to share their dirty laundry, what I am asking is that there needs to be a recognition that you need, you need, you need to collaborate with trusted people, trusted organizations to be able to do this, right. And, and it's, and I think you guys have a decent view, real good for you, in fact, that you're not trying to prevent work. Like it's always like, that by cyber people, they're just, I can't get anything done. And, and, but that's not the case, you have to still be protected. And, and can get work done. But you can, you can do both. And I think that that's a message at

36:13

ng AMI, one of the things that we did initially, when we first started building our cloud infrastructure solutions, it was more about efficiency and making sure that Yeah, your your VMs could spit spin up as quickly as possible, you could have as many VMs on a server as possible. So because we built it, Nate, we built native controls. And we didn't just, you know, in the past, you used to see this, you know, let's just slap on the the old stuff into the new technology and just, you know, make it work. That doesn't work anymore, you have to build natively, it's just like with, you know, when we recommend for customers who are building their own applications, or building their own devices, you have to build security from the beginning of that lifecycle of that product all the way through, because that's the only way you're going to make be able to make sure it's secure and IoT device, for example. You know, in the past, it's always been, I got to get it out to market as fast as possible. And it's only going to have a year long lifecycle. So I'm not even going to bother with dealing with vulnerabilities that are found in that thing. That's the wrong way to think about it, you have to build it secure from the beginning to the end, so that it doesn't get can't take be taken advantage. Now, one thing you mentioned, Scott, is I do think there's been some effort in the US government, and within some of the industries to regulate a little bit more on the breach notifications. So we're starting to get more breach notifications, because it's it's kind of a requirement now through regulations, that that information gets out there. Now, the challenges is you don't tend to get a lot of the details out very early. So you have to wait a while before you get the details of how the attack worked and how it progressed. And but hopefully, we start getting that narrow that window a little bit more. But I do think we are going to see more and more of these types of regulations coming into play. For sure. The US government and and all their agencies and networks are under these kinds of things. Private industry, we're seeing a little bit more of the financial industry SEC came out with some stuff recently, we'll probably see it moving in more into it, obviously, with you in the critical infrastructure with energy and all those. They're pretty well regulated now. And they're getting even more regulation built into on the cyber side. So I'm hopeful that will we'll see improvements over the over the following years. But yeah, certainly, the malicious actors out there, like you said, they just got to figure out how to do it once and get in once and then they're there. You know, it's it's an end game for them.

38:51

I think the the parting message that I I hear is one. First off, you gotta find. If you're in the world of digital transformation, if you're going down that road, if you're trying to collect data from devices on your network, yet, you need to also a part of that strategic effort. Get up front with your cyber strategy, put some things in place, and be a part at the beginning at the beginning, not at the end at like an afterthought at the beginning, too. I think that I think that we need to collaborate business needs to find those trusted, professional, those companies that they can work with, to do it. And I mean, that, to me is important. And that's always been it's like, if I'm in the IoT world, who do I trust to deploy my system? The same thing has to exist. That whole I gotta find my team to collaborate properly to and to do it right. And I think that if you think you could do this on your own, I think you're kidding yourself. There's no way

40:00

We have this there's a huge lack of training personnel out there, right? We've got to work on this. Yeah. And so looking at a managed service, whether it's a managed service provider or a somebody like Trend Micro who offers a managed service to our customers, we have the expertise on staff, we can hire them, we can build them. And we can, we can augment what you're doing internally as an organization. So it was like I was telling you with incident response, if you don't have the expertise to negotiate the ransom, there's organizations out there that that's what they do day in and day out. So go hire them. Or if you have a group that does incident response, if you don't know how to do incident response, and and get the logs and analyze the logs, bring in a vendor that can do it for you. So definitely the partnership piece is huge. And it's going to continue to be huge.

40:52

No brainer. Absolutely. I couple of things I've taken away. I think that's interesting, where they have the what you talked a little bit about backdoor that incident response plan, maybe some people have it already in place, the island hopping approach. That's really interesting. And then of course, you know, me, if I'm a remote worker, I'm sort of like a little island. And I can hop into a bigger island. So all absolutely wonderful, wonderful suggestions. Now, Jon, how does somebody get a hold of you?

41:27

Yeah, I mean, they can go to trend micro.com A lot of our research, we do research all the time and publish it, it's free to the public, we don't get anything, Scott. So you can go and download, we've got tons of research, whether it's in critical infrastructure, we've got, you know, we got researchers that actually went and like, hacked into industrial robots, and we'd have them looking at the energy sector. And they we in the report in the reports give you information about what types of attacks you're going to see in the future against these types of industries. So all of that is in our research section of our website. Again, Trump micro.com. If you want to contact us, there's information on the website, you can do that. We've got free trials that people can take a look at and download and utilize the whole TX one, especially on TX one, you know, I know your your ot network, folks are probably really struggling right now with how to understand the threat that's targeting them. But more importantly, how do I defend against these types of attacks, and that's where our TX one solutions, whether it's our edge IPs or some other technology, we may have a thumb drive, you can plug into one of those robots that has a USB port, and it'll actually scan the robot for malicious code and stuff. So that kind of stuff, just you know, we'd love to chat with anybody and have a conversation with an organization and, and just to understand what you're going through and how we can help. I like

42:51

that. That's Jon, trend, Microsoft company, absolutely important conversation. We were sort of touching a little bit about digital transformation. But, boy, this was a really spectacular conversation. Jon, thank you very much for being

43:07

more of these if you want.

43:09

Oh, with 26 years of experience in cybersecurity, I've got a plethora of knowledge up here in the brain. It's just a matter of getting it out sometimes. Right?

43:17

She was laying it out. As you get older, that should be harder and harder. Excellent. Jon. Jon, thank you very much for being on Windows. Thanks. Yeah. Take care. All right, listeners. We're gonna wrap it up on the other side. We're going to have all the contact information for Jon at industrial talk. So stay tuned. We will be right back.

43:33

You're listening to the industrial talk Podcast Network?

43:42

A Yes, it is industrial talk wrap up time. That was Jon Clay. VP, red intelligence. Trend Micro. You can tell. He knows more about cybersecurity than me. Because I'm telling you, man, I was. I was gripped. There's just a lot going on. And I'm, I'm totally stoked at the fact that we've got people like Jon Trend Micro helping them try doing their best to keep everything safe and protected. That's pretty cool. I like that. That's a heck of a mission. All right. Once again, we're going to be having a couple of series of webinars I call them live podcast because webinars I don't like the name. So they're live podcasts. And one's going to be on energy and utilities data and and manufacturing stayed up. A part of that, of course is going to be a cybersecurity. All right, be bold, be brave, daring, greatly hang out with people like Jon, and you're going to change the world. Thank you very much for hanging out with me on industrial talk. We're gonna have another great conversation shortly. So stay tuned.

Transcript

00:00

-:

01:05

Welcome to the industrial talk podcast with Scott Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's get

01:23

our right welcome to industrial talk the ever expanding industrial ecosystem that is dedicated to solving problems. It is featuring people that are bold like you brave like you, you dare greatly you, and you're solving problems, and you are just making the world a better place. That's not hyperbole. That is a scientific fact. All right, in the hot seat, we got Jon Clay. He is the VP of threat intelligence at Trend Micro, but I'm looking at a stat guard 26 years at Trend Micro he's seen it all. And I'm telling you right now, you need to know and you need to bone up on on definitely cybersecurity. Let's get cracking. Yeah. Yeah. So, yeah. If you're in digital transformation, you know, the buzz out there? How do we secure it? Yep. Manufacturing, how do we secure it? Everything industry? How do we secure it? Jon brings an this, I'm just telling you right now, this podcast is a notetaking podcast. So you listen, you take notes. And if you didn't get it, you rewind, you take notes more, because he's just, I mean, he's rifling through I mean, so many, just challenges and solutions that you just need to be aware of whether you like it or not. And if you have to take a breather, you put it on pause, because he is not letting up. He's has seen so much, it's an exciting time. And I've been wanting to have a real meaty conversation around cybersecurity, what to do, how to do it, because I think personally, Scott Mackenzie, ever so humble, I believe if we don't do this, right, if we don't protect our digital transformation, you know, this journey, then it's at risk, because then you're gonna get companies that are gonna say, I hear you, I see the importance of digital transformation. But the risk of somebody coming into my business and wreaking havoc, far outweighs the benefit. And I've just got so we've got to do this, right. It's important because digital transformation is important. This stuff is important. All right, I want you to go out to industrial talk outside of the fact that it's got a lot of great content. It is a massive collection of great thinkers, but we're going to be gearing up some we've got two webinars series, six parts, maybe seven looking for it. One is going to be in the state of energy and utilities. And it's going to just its state of, it's not going to dive deep to to a certain extent, but I we came back from distributech and and there was just so much buzz going on a lot of changes taking place within the energy and utility space. That's that, you know, we're going to focus in on now and we're gonna we're gonna bring in these great thinkers and, and you're just gonna, you're gonna enjoy it. You just are, I just I guarantee it. It's a guarantee. I'm not going to send you anything, but it is a guarantee. And the other one is in manufacturing. Now we're going to do stuff in cybersecurity, but, but the reality is, just like in in energy and utilities, right? There's a cyber component. What does that look like in manufacturing, all of the great stuff that's taking place in manufacturing, there's a cyber compute component. So we're going to also address that where it links in and all that good stuff. All right. Now you need to go out, you need to reach out to Jon Clay. Yep. And it's J ONCLAY. And it's Trend Micro Well, good luck. And Jen, we go to the same barber by the way, and you're not gonna be disappointed reach out Connect. Is this is an excellent conversation. So here's Jon and enjoy the conversation. All right, Jon, welcome to industrial talk. Thank you very much for finding time here to look at. He's waving his hands here. We're out on video. He's a nice guy, too. How are you doing? Jon, thank you for joining us.

05:23

It's got doing great. Happy to be here. And looking forward to our conversation.

05:28

We've been working on this for some time. It's it's one of those passionate to be able to be able to talk about cyber security, digital transformation, how it all works together. And I know listeners you said I don't want to talk about you have, we have to secure our assets, we have to secure our networks and and Jon brings a wealth of knowledge. And so there you go, Jon, for the listeners out there, give us a little background for one, one on who you are.

05:59

Yeah, so I am vice president of threat intelligence at Trend Micro, I've been in the cybersecurity industry, Scott for 25 years, almost 26. Now, all with Trend Micro I did a number of different roles. But most recently, what I do is I work with our threat research teams to understand what threats we're seeing out there in the world that are targeting our customers, and help bring that information and educate the population out there about cybersecurity about the threat landscape, about the criminal actors and the malicious actors that are targeting them.

06:31

I've got to ask the questions. What do you see it? What are some of the things that are happening? Because that is just great fodder for conversations? You're gonna make it simple, but what are what are you seeing out there?

06:43

Well, you know, the, the big one that we're seeing right now is obviously the crisis between Russia and Ukraine, and the fact that Russia has been targeting the Ukraine critical infrastructure for quite a long time, you know, a number of years ago, we saw them target one of the power plants and bring that down. And a lot of that was actually them learning how to target critical infrastructure, and the networks that that created, the systems that run the the operations and all that. And they learned very well, obviously, because now we're seeing in a cyber warfare, hybrid warfare, that they're actually targeting those types of industries. And you know, when we think about critical infrastructure, Scott, one of the things we don't think about is the misinformation, disinformation campaigns that Russia has been doing against Ukraine, as part of targeting the news, and the government agencies and websites that provide information to citizens. And that's a key part of the infrastructure that we have to think about as well. It's not always, you know, power plants and water plants, it's news stations, and, and even social media vendors that could be targeted as part of this. So, you know, it's a very broad, unfortunately, a broad issue that that these organizations can get targeted, we certainly see a lot of nation state activity. But one of the things that we're seeing in this in this actual conflict is the use of cyber mercenaries. And if you're not familiar with what a cyber,

08:16

because that's a new term,

08:18

Santa yes scenario.

08:20

These are essentially non combatants, who picked up the support of a nation state and hack for the for the country. So you saw it with the Conte group, which is a ransomware as a service or group that pledged their allegiance to Russia and said, We will target anybody who goes after Russia. And then on the flip side, we saw anonymous come out of the woodwork. Anonymous is a you know, a big hacktivist group, they came out and started targeting Russian networks. So you've got these, these all these players out there now that are working for and against the nation state. And that's an interesting development that we hadn't seen much in the past, and we're gonna have to deal with that type of situation to now in the future.

09:05

The learning that I Okay, so I'm still stumbling on cyber mercenaries. It makes sense, right? Yeah, it makes sense is as so these individuals, they're being are they being paid? Are they paid mercenaries? Are they saying

09:27

that easily? Not usually, again, they play well, part of the one of the models that Russia had brought to the table years ago was that, that you have all these cyber criminal gangs that go and launch attacks against, you know, other countries, businesses and stuff, and they get profit from those. And Russia goes, Hey, we won't arrest you. As long as when we call you to ask for your support in a nation state type activity. Oh, way we're gonna let you we're gonna let you slide. So and that's one of the things that's one of the challenges you have With the cyber mercenaries is that it's kind of a gray area in cyber right now is are they combatants? Are they non combatants? Are they criminals? Are they not criminals? It could be all of the above. So it's really going to be a challenge. I

10:14

don't even know where to go with that. One that that is that's interesting and frightening all at once. Yeah, right. It just is one

10:22

of the things. Scott, one thing I want to bring up, as I mentioned that the the early attack on the Ukraine power grid. Yeah. And one of the things we're seeing now is this idea of let's go hack into a network, but not to any kind of damage, let's not do any kind of cyber criminal activity, we're not trying to profit, all's we're doing is actually going in and trying to find out, can I get into an OT network? Can I get into an HMI system? Can I get into an industrial robot, and they will just do that to educate themselves on what is possible. And that's one of the thing where we've been seeing over the last several years, where a lot of companies may not even realize that they've been infiltrated. Because the the actors behind it aren't necessarily trying to do any, any specific activity like ransomware, for example, or, or exfiltrate, critical data, they're just in there to learn what's possible. And that scares the heck out of me, because that, and then on the on the flip side, what they can do at the end, is dropped some backdoors that can be accessed at a later date. So their backdoors sit on these networks for potentially even years, and then they get activated when they're needed. And that's, that's one of my biggest concerns with the Russian Ukraine conflict right now, that Russia or one of these nation states is dropping these backdoors into our critical infrastructure, and just letting them sit there and and basically sit and be resident and not be found,

11:56

and just formatted. And they they at that time, give them a tap on the shoulder saying, all right, I'm calling you into action and do whatever is necessary. And, and we or others don't even know they exist, right? How does somebody with that with that reality? You know, what's happening? You know, what's happening with that reality? How does? How does an organization we will get into digital transformation, but this is a better conversation right now. It's just FYI. How does? How does a company just say, Okay, I'm going to take the position that I've been hacked in some way, shape or form? I've got some backdoors. I, let's just take that. That approach? What are some of the things that can be done from a company's perspective to say, Okay, I haven't, but I'm blocked. I'm creating a wall.

12:47

Yeah, I mean, there's a few things that you can you can think about doing. One is that command and control infrastructure, which is what keeps them giving, having access into the network, you can try and identify that. So you look for, you know, you look for communications, outside outbound communications to command and control servers, or servers and other areas of the world that maybe you don't do business in. And that because that's where they've they've put their infrastructure. The other thing is, you look for files and certain types of have executables, that may be not typically resident on those systems. So you're looking for anomalies. And that's, that's the hard part. Because, you know, unless you know exactly what files and applications are supposed to run on those systems, and you look for anything that's out of out of sync, so to speak. That's the only way to really try to identify them. The other option, obviously, is if they do get activated, then you find you try to find that activity and identify it. But it's going to be difficult, because they do try to they hide their tracks very well. They put a lot of obfuscation and a lot of these files and executables that they drop on these systems. But yeah, it's that big one, I look for that kind of stuff.

14:03

re constantly and you have in:

14:32

I mean, we've been in this industry for 34 years now. And the one thing that we know is that change will happen regularly. And so we've been able to innovate over the years, and we have these you know, we have people on staff that all's they look at is command and control servers and that infrastructure and that's their whole job is to go and find these systems out there in the world and then add them to our protection capabilities. And the same is true with backdoors. Same is true with you know botnets all that kind of stuff are new, you know, TX one, which is our new venture with Moxa that we've done recently, they're fully dedicated to the ICS SCADA ot network protection and, and understanding what are the threats that are targeting that type of infrastructure, and then coming up with technologies, and we're using a ton of artificial intelligence, machine learning, you know, whatever technologies needed. The nice thing is, because we are such a big organization and have so much resources and capabilities, we're able to build a lot of proof of concept engines and technologies to detect these threats. And we take the ones that work best, and then we move on to the next one. So, you know, over the years, we've been able to innovate tremendously in giving back to the community, giving back to the industry with some some stuff, we've got a number of open source technologies that are in there and open source now that we've we've provided and so it is, but it is a difficult thing, we're always trying to stay ahead of the bad guys. But as you know, Scott, they're very good. They're very well funded nowadays. And they do things that are difficult to defend against. And,

16:17

and now all they have to do is get it right once, right, and they can continue to try to find that soft underbelly in any type of network, and they can just get it once. And then you have to be 100%. You got to or if you find a threat, if you see something happening, how do you compress that time? How do you write? How do you correct dwell

16:37

time, if you can, if you can minimize the dwell time, then an actor or a group is inside your network, obviously, that's what your your your ultimate goal is the reality, Scott is that you're probably going to get infected, you're probably going to get compromised. So then it comes back to how quickly can I identify that I have been infected and infiltrated, I mean, you think, look at ransomware, for example, ransomware is the most noisy threat that are ever was created in the world, right? Because as soon as ransomware hits, all of a sudden, there's all your screens come up with a little message that says, You've been hacked by CompTIA. Revel or sodinokibi. And you owe us a ransom. And here's how to get access to you know, and negotiate that ransom. So you know, you're infected. But the problem is, is that that's the last stage of typical campaigns that are against your organization, they've probably been in your network for, you know, weeks, sometimes months already doing things. And then the last stage is let's just drop some ransomware to get some more money out of it.

17:37

So if I was an organization, and I'm listening to what you're saying, I'm already getting a little upset, you know, for lack of a better term. What are some of the push backs that you're seeing, we've got this whole digital transformation journey thing happening. And it's, from my perspective, it's still tip of the iceberg. Everybody's just sort of coming up with more use cases and doing this and shunting it here and analyzing that and put it a device out there. They're there. They're there. They're there, all over your network. What's the pushback? I would, I would imagine, if I was, you know, CEO for the day of some company, I would say, first thing, we're going to do any strategy, we need to make sure that our, our cyber our security strategy is in place and solid and not, you know, not something that squiffy? Yeah,

18:30

yeah, there's a couple of things that I would recommend an organization to, first and foremost is understand your attack surface. So do some of the attack surface discovery, which means essentially, look at your external IP segment, and identify all of the IPs that are external facing. And then once you do that, scan those and find out where are the weaknesses? Do I have open ports? Do I have open servers? Or do I have a couple of accounts that that don't? Haven't, you know, updated? They're, they're using a password or they they're set up with two multifactor authentication? Do I have vulnerabilities that haven't been patched on those systems, you do the same for your internal attacks of your internal network. And that includes your accounts, right, your administrator accounts, which are critical, do they have two factor authentication setup to access those because if they don't, the likelihood that you're going to get brute force or you're going to get some account taken over? Because there's a really weak password associated with it is pretty high. So once you identify all these, and then you mentioned the devices, right, I'm throwing devices all over my network. And a lot of times these devices don't have the capability of running security software. So now you have to think about how do I protect those assets? One, how do I identify that they're on my network, but then to how can I protect those assets through a layered approach and you know, network based approach whatever it might be, but you identify your assets and then you start looking at what are the risks associated with the As assets, you know, are there open ports are there vulnerabilities that have to be patched are there you are virtually patched or something. So then you start building out that capability and understanding and then you can start applying your security controls based on the risk level, you're willing to take associated with all that information, whether it's data that you want to protect devices, you want to protect, you know, whatever it might be. The other aspect that a company has absolutely has to do is build an incident response plan, and build that plan in a way that a lot that you recognize that if I am attacked, and I've got business critical systems that are down, I've got data that was exfiltrated. How do I, how do I make sure that I have business continuity in place? I can, I can make sure my critical systems and processes are still running day to day operations, etc. If I if I happen to have data exfiltrated and I, you know, do I have a plan to negotiate with the criminals do I do I have somebody who knows how to negotiate a ransom or an extortion attack, and make sure that so you want to get all of this upfront, and then run that plan through an exercise it to make sure you will everybody understands their role, what they play, how they're supposed to address it, you want to have your number to the FBI or to law enforcement, because you probably want to have them involve your cyber insurance company, you want them on speed dial in case something happens. So all of that, I think is, you know, you know, that's a lot. I've said a lot. But unfortunately, that's almost table stakes in order to be at the level that you need to be at to minimize that risk of compromise.

21:45

I think it's a non negotiable, I think it needs to do that. I'm sure that their companies say, no, not us, we're not going to get, you know, hacked or whatever you want to call it, that that's the other person, it's sort of like, but I think that if any company that has a desire to go down this digital transformation, it's just opening up other opportunities for penetration into their networks in some way, shape, or form. I just, it just is. And the thing,

22:13

the reality, Scott is there's a ton a ton of small business manufacturers, you know, that are vendors of other big corporations. And they have they have access to that big corporations network through and, and so what a lot of these malicious actors are doing what we call island hopping, which is I'm going to target the small little vendor who probably thinks I'm too small to get in, compromised or get infected, and they use their access to that bigger network to gain access to the to the ultimate prize, which is that big content company that they do work for. And that's where, and that's one of the things we're starting to see big too, you know, like, and then we also call that supply chain attacks, those are getting to become more personal. And that's why when I talk to customers who are small businesses, I said, I always say, you know, yeah, they may not want your data, they may not live and want your intellectual property, they do want your access to you have to that bigger customer of your,

23:17

you know, you're just a conduit, you're just a way of getting over the wall over there. And and I achieved, I didn't even think of that. Yeah, yeah, island hopping, cause I'm becoming a smarter and more scared person every time we're talking here, all at once. I

23:36

mean, you know, I mean, obviously, I try not to do the doom and gloom as much as possible, Scott. And the good news is we are doing stuff that is very capable of preventing a lot of these attacks from happening, you know, you you you have a patch management system, or you do virtual patching, which is a much easier process than than actually doing the full patch, you implement that and that that can help you eliminate some exploitation of vulnerabilities that are going to go into your into your system, or, you know, you have a basic solution that can look for misconfigurations in your cloud at, you know, a cloud account. So if I make a configuration change, and I do something wrong, it flags it and says, Hey, you probably shouldn't do that because you're opening that that application or that device up to attack. You know, things like that, you know, just basic hygiene that companies could do. And one of the reasons we may be seeing more zero day exploits, which are exploits of a vulnerability that is unknown today being used more and more is because the basics are being done now by a lot of companies, so they have to go to the unknown stuff to make to be able to get into these companies and so so I think the defenders are getting much better at what they're doing and how they're doing it. Us as a security vendor has got we've done leaps and bounds tons of improved technologies over the last several years, you know, we don't do we do pattern matching still, which is the old school stuff, because it's still detects that a ton and ton of malware. But for that stuff that's unknown. We have artificial intelligence, machine learning those kind of capabilities and technologies that can help an organization. It's just they have to implement it a

25:24

couple of questions that come to mind one, when I'm an organization, and I, and I'm listening to what you're saying, and I think it's, it's touching a nerve, right? I'm hearing I've gone yeah, that's about right. I contact trend, micro, and I say, Hey, I don't know how my network stacks up. I don't have a good picture of anything. That's when we got our standard, whatever, off the shelf sort of security products, whatever it might be. I wouldn't be scared to say, hey, Trent, come on in here. Take a look at our networks. Do a little do a little analysis. And then give me the sad, but you know, what's the results? Yeah, I know that it would make me feel uncomfortable. But then again, I would also say, okay, good. Now what? What are the strategies? Where do I go? How do I, how do I get rid of those problems? strengthen this up? I think that that is a that's a must you find company says like, can you come in? And?

26:29

Yeah, yeah, all the time, Scott. And you know, the old paradigm in security was, I want to run vendor a here vendor B here, vendor C here, because if one misses it, somebody else is going to detect it. But the problem with that old school mentality is that every threat or every attack today is customized to the user to that to that victim. And so the first time you're going to see any part of that attack is at one time, and that's the only time you're going to see it. So vendor A, B and C running at these different points in my network, are going to see the threat at the the first time at the at the same time. And so what is needed today is more of a platform approach where you have products working in conjunction together that can collaborate and coordinate themselves together to be able to see this entire attack lifecycle that is going on inside your organization. And that's where our Trend Micro one platform cyber, a unified cybersecurity platform approach is actually improving the way organizations are able to identify, detect, and prevent and detect these these attacks that are hitting them all the time. And so you know, we're regularly doing demos, and we there, you know, customers and non customers come in and say, Hey, can you take a look at this? And, you know, we'll come in and we'll actually talk to you about what are your needs? What what, you know, what is your risk associated with your, your organization? And then how can we customize a cybersecurity plan to help improve and protect your organization. And so that's what we try to do nowadays. And it seems to be working. Like I said, one of the benefits that we have compared to a lot of our competitors is our breadth of coverage. So we do cover endpoints, and the endpoints could be, you know, servers, that could be virtual servers, it could be mobile devices, it could be IoT devices, industrial IoT devices, through our TX one solutions. It could be an OT network, the regular network, we got network scanners that can look for lateral movement. And in worms that go across the network. We've got products at the messaging layer, the web layer, we've got cloud infrastructure, our cloud one platform that looks at if you're moving to an AWS or an Azure or Google Cloud, we've got stuff that can do that. So you know, so you look at that. And we're seeing I think we get right now about two and a half trillion events a day that we we re bring in and analyze.

29:00

That is just Tea, tea. Yeah, with

29:05

tea with a trillion.

29:11

That's jaw dropping, and I try to be doom and gloom. I just I know that for us to be successful companies to be successful. industry to be successful. We have to just recognize the fact that that exist out there. What do we do to sort of harden our, our network? A couple of questions. One. We've had the pandemic, we have a lot of people that have transitioned to their home office. How do you manage something like that? Because it's one thing to be within, you know, brick and mortar four walls, here we are. We're here. But now you've got your workforce that's at home, whatever. How do we how do we ensure that that's safe, too?

29:56

Yeah. You know, and that's, it's interesting, Scott, you say that because we've had a couple of customers that have had us in to do a security awareness, part of their security awareness training for their, their their employees who work at home, because we have, we have, like I said, you know, we've got a whole consumer part of our business where we sell consumer based products, we even have a home network scanner that scans traffic going into and out of the home. And last year, we had over two and a half billion events that we analyze and threats that we detected going in and out of home network. And so you have these, these employees that are working at home, and they are experts at how to set up the router, right their home router, how to set that up so so the companies are struggling because there's two pieces to this one they have, you have your your your work computer that you're using and your work network and stuff. But then you have all these home devices that are that are owned by the the organization and you're they're not going to manage those for that employee. And yet, you have threat actors that are like we talked about that island hopping, that are going to maybe look at getting in getting into the home network, and then laterally moving because they get access to the to the the office computer in the home network, and they ladder and move into the network. So you know, so we're trying to educate these employees on how to improve their personal cybersecurity in their home network. Besides then, you know, organizations dealing with their, you know, their work from home employees by implementing, you know, you've got, you know, encrypted networks and so forth, that you're tunnels that you're setting up things like that, to ensure that that things are safe, a lot of companies are moving to cloud based applications. So that data doesn't reside physical computers, but they reside in a in a cloud database data center. And that's very good at making sure that that that critical data and that, you know, private privacy stuff is is much better protected than we've seen in the past.

31:59

It's interesting. When, when you see threats when you experience or when you try to eradicate new threats, see trends, you know, you you're in the trillions. Is there a community that you sort of work with and saying, Hey, here's a new threat. Here, I just be a part of a body that tries to keep current with all of this.

32:28

Yeah, you know, that's, that is one of the challenges we have in terms of, you know, public threat information sharing today, because there isn't really one entity out there. That does it for everybody around the world, it's usually pocket. So like, for example, we work with, and kick and Washington DC, which is the National Cybersecurity Information Sharing group, CSIS part of that. And, you know, if you've seen Sisa, recently, you know, they did the whole shields up for critical infrastructure. So Biden administration put up the you know, and Sisa put out the shields up recommendations, and those are those that has some great information for companies that want to learn how to deal with these threats and how to protect themselves. So missed some other stuff. But, but you know, so we share information with with those organizations, our bug bounty program, which is our zero day initiative group, who actually get bugs from independent contractors and researchers out there, and we they share their bugs with them, we get Pam Apolonia. But then we work with like Microsoft, and we work with some of the entities that that publish the vulnerabilities out there and publicly disclose the vulnerabilities. And then we use the information to build IPS signatures to ensure our customers are protected through virtual patches. So yeah, there's a lot of sharing going on, out there. But again, I think the biggest challenge that most people have in organizations have is obviously it's a global issue, but there's no really one global central place where all that information is shared. And that's something that's going to have to be looked at, potentially in the future. But for now, you know, the the main beneficiaries for us is our customers, because they're protected, obviously. But we do also share a lot of the information with our peers in the industry. That's been a model that's worked in the past. If you recall, just recently with the Russian invasion, there were some wipers that were launched by Russia and a couple of our peers in the industry found those those wipers and they share them publicly to the world and let them know so you know, I'm I'm hopeful that in the future, we'll see a little bit more of this public sharing of threat intelligence that that will happen.

34:43

You know, it's interesting the conversation around cyber around protection all of the industry. I find that outside of you and companies like yours, which I think is an important conversation and you bring a sense of real market insights and threats and all that. And that's good stuff. Like people are in it, there's a pushback or a reluctance to share my dirty laundry as a company and saying, Yeah, hey, I was I was penetrating and in the attack, and they went there, and I did this, and I lost that. I think what you're doing, and what, what you're sharing is so vitally important with industry. And, and I'm not asking for anybody to share their dirty laundry, what I am asking is that there needs to be a recognition that you need, you need, you need to collaborate with trusted people, trusted organizations to be able to do this, right. And, and it's, and I think you guys have a decent view, real good for you, in fact, that you're not trying to prevent work. Like it's always like, that by cyber people, they're just, I can't get anything done. And, and, but that's not the case, you have to still be protected. And, and can get work done. But you can, you can do both. And I think that that's a message at

36:13

ng AMI, one of the things that we did initially, when we first started building our cloud infrastructure solutions, it was more about efficiency and making sure that Yeah, your your VMs could spit spin up as quickly as possible, you could have as many VMs on a server as possible. So because we built it, Nate, we built native controls. And we didn't just, you know, in the past, you used to see this, you know, let's just slap on the the old stuff into the new technology and just, you know, make it work. That doesn't work anymore, you have to build natively, it's just like with, you know, when we recommend for customers who are building their own applications, or building their own devices, you have to build security from the beginning of that lifecycle of that product all the way through, because that's the only way you're going to make be able to make sure it's secure and IoT device, for example. You know, in the past, it's always been, I got to get it out to market as fast as possible. And it's only going to have a year long lifecycle. So I'm not even going to bother with dealing with vulnerabilities that are found in that thing. That's the wrong way to think about it, you have to build it secure from the beginning to the end, so that it doesn't get can't take be taken advantage. Now, one thing you mentioned, Scott, is I do think there's been some effort in the US government, and within some of the industries to regulate a little bit more on the breach notifications. So we're starting to get more breach notifications, because it's it's kind of a requirement now through regulations, that that information gets out there. Now, the challenges is you don't tend to get a lot of the details out very early. So you have to wait a while before you get the details of how the attack worked and how it progressed. And but hopefully, we start getting that narrow that window a little bit more. But I do think we are going to see more and more of these types of regulations coming into play. For sure. The US government and and all their agencies and networks are under these kinds of things. Private industry, we're seeing a little bit more of the financial industry SEC came out with some stuff recently, we'll probably see it moving in more into it, obviously, with you in the critical infrastructure with energy and all those. They're pretty well regulated now. And they're getting even more regulation built into on the cyber side. So I'm hopeful that will we'll see improvements over the over the following years. But yeah, certainly, the malicious actors out there, like you said, they just got to figure out how to do it once and get in once and then they're there. You know, it's it's an end game for them.

38:51

I think the the parting message that I I hear is one. First off, you gotta find. If you're in the world of digital transformation, if you're going down that road, if you're trying to collect data from devices on your network, yet, you need to also a part of that strategic effort. Get up front with your cyber strategy, put some things in place, and be a part at the beginning at the beginning, not at the end at like an afterthought at the beginning, too. I think that I think that we need to collaborate business needs to find those trusted, professional, those companies that they can work with, to do it. And I mean, that, to me is important. And that's always been it's like, if I'm in the IoT world, who do I trust to deploy my system? The same thing has to exist. That whole I gotta find my team to collaborate properly to and to do it right. And I think that if you think you could do this on your own, I think you're kidding yourself. There's no way

40:00

We have this there's a huge lack of training personnel out there, right? We've got to work on this. Yeah. And so looking at a managed service, whether it's a managed service provider or a somebody like Trend Micro who offers a managed service to our customers, we have the expertise on staff, we can hire them, we can build them. And we can, we can augment what you're doing internally as an organization. So it was like I was telling you with incident response, if you don't have the expertise to negotiate the ransom, there's organizations out there that that's what they do day in and day out. So go hire them. Or if you have a group that does incident response, if you don't know how to do incident response, and and get the logs and analyze the logs, bring in a vendor that can do it for you. So definitely the partnership piece is huge. And it's going to continue to be huge.

40:52

No brainer. Absolutely. I couple of things I've taken away. I think that's interesting, where they have the what you talked a little bit about backdoor that incident response plan, maybe some people have it already in place, the island hopping approach. That's really interesting. And then of course, you know, me, if I'm a remote worker, I'm sort of like a little island. And I can hop into a bigger island. So all absolutely wonderful, wonderful suggestions. Now, Jon, how does somebody get a hold of you?

41:27

Yeah, I mean, they can go to trend micro.com A lot of our research, we do research all the time and publish it, it's free to the public, we don't get anything, Scott. So you can go and download, we've got tons of research, whether it's in critical infrastructure, we've got, you know, we got researchers that actually went and like, hacked into industrial robots, and we'd have them looking at the energy sector. And they we in the report in the reports give you information about what types of attacks you're going to see in the future against these types of industries. So all of that is in our research section of our website. Again, Trump micro.com. If you want to contact us, there's information on the website, you can do that. We've got free trials that people can take a look at and download and utilize the whole TX one, especially on TX one, you know, I know your your ot network, folks are probably really struggling right now with how to understand the threat that's targeting them. But more importantly, how do I defend against these types of attacks, and that's where our TX one solutions, whether it's our edge IPs or some other technology, we may have a thumb drive, you can plug into one of those robots that has a USB port, and it'll actually scan the robot for malicious code and stuff. So that kind of stuff, just you know, we'd love to chat with anybody and have a conversation with an organization and, and just to understand what you're going through and how we can help. I like

42:51

that. That's Jon, trend, Microsoft company, absolutely important conversation. We were sort of touching a little bit about digital transformation. But, boy, this was a really spectacular conversation. Jon, thank you very much for being

43:07

more of these if you want.

43:09

Oh, with 26 years of experience in cybersecurity, I've got a plethora of knowledge up here in the brain. It's just a matter of getting it out sometimes. Right?

43:17

She was laying it out. As you get older, that should be harder and harder. Excellent. Jon. Jon, thank you very much for being on Windows. Thanks. Yeah. Take care. All right, listeners. We're gonna wrap it up on the other side. We're going to have all the contact information for Jon at industrial talk. So stay tuned. We will be right back.

43:33

You're listening to the industrial talk Podcast Network?

43:42

A Yes, it is industrial talk wrap up time. That was Jon Clay. VP, red intelligence. Trend Micro. You can tell. He knows more about cybersecurity than me. Because I'm telling you, man, I was. I was gripped. There's just a lot going on. And I'm, I'm totally stoked at the fact that we've got people like Jon Trend Micro helping them try doing their best to keep everything safe and protected. That's pretty cool. I like that. That's a heck of a mission. All right. Once again, we're going to be having a couple of series of webinars I call them live podcast because webinars I don't like the name. So they're live podcasts. And one's going to be on energy and utilities data and and manufacturing stayed up. A part of that, of course is going to be a cybersecurity. All right, be bold, be brave, daring, greatly hang out with people like Jon, and you're going to change the world. Thank you very much for hanging out with me on industrial talk. We're gonna have another great conversation shortly. So stay tuned.

About the author, Scott

I am Scott MacKenzie, husband, father, and passionate industry educator. From humble beginnings as a lathing contractor and certified journeyman/lineman to an Undergraduate and Master’s Degree in Business Administration, I have applied every aspect of my education and training to lead and influence. I believe in serving and adding value wherever I am called.

Leave a Comment





This site uses Akismet to reduce spam. Learn how your comment data is processed.