Exploring the Intricacies of Cybersecurity with Expert Aviv Grafi

Speaker 1: 0:00

How's it going, Aviv? It's really good to finally have you on the podcast here. I've been looking forward to our conversation.

Speaker 2: 0:08

I think that's really great and thank you very much for inviting me.

Speaker 1: 0:11

Yeah, absolutely so, aviv. You know I always start my guests off with how they got into IT overall, because there's a portion of my audience that are in that boat where they're trying to, you know, figure out if this is a path that they can take, if this is something that they can actually do, make a career transition, you know, whatever it might be. And so I think it's very helpful for everyone to hear you know the background kind of. You know, maybe they're coming from a similar background and they, you know, can finally hear like, oh, this is possible.

Speaker 2: 0:47

Okay, so sure. So I'm based in Tel Aviv, Israel, just for those who don't know, and one of the things I can tell myself that I was kind of interested in how things are working from probably when I was really into IT, Probably when I was really really young. So I was tearing apart some you know, computers and some tech stuff. I was really into assemble things and creating new things and I think the most important skill, I think, for someone who's really interested in getting into that, I would say, area and the mindset is do not be afraid of anything, Just try and get your hands dirty. I think that would help actually to build all of the confidence and the knowledge and experience. So I think when I was kind of in high school, I was starting to do that. I was mainly was you know? Curious about cybersecurity. Back then it was just you know, security and I think one thing I learned is how to hack some stuff, how to, you know, take advantage of some websites and stuff like that. I was kind of doing those little things as a high school and one thing happened is here in Israel you need to do an army service for three years, at least three years. So I was recruited by the IDF, in fact, specifically for the intelligence forces in Israel. It's the 8200 unit, it's like the NSA, and I think this is where my kind of security real security career actually started to evolve.

Speaker 1: 2:15

So that's really interesting. You know you mentioned how you kind of started hacking or playing around with it in high school. How did you get that frame of mind to kind of look at these you know websites and web pages you know in a different way and try to, you know, exploit them in some way? Like, how did you develop that mindset? Because that's a totally different you know mindset you know a lot of people have when they're looking at the Internet.

Speaker 2: 2:43

Yeah, I think it started from the desire to build things and actually it started from how do I achieve this and that it started from the kind of engineering mindset. But then it started how do I do that in the easiest way, the cheapest way? And when you start to do that you actually figure out that you need to travel through a lot of stuff and sometimes you know I've heard that saying that a security or a pentester is actually a QA guy with a lot of motivation and I think it started from there to understand that how things are really working, because you need to fix it. And when you really started to think how things are working, whether that can be like, I built my own kind of billing, like a voice voice system, and when I was in high school, using very old computers that I had in the garage in my parents' house, so building that and say, okay, I want to have a way, when I'm traveling with the family, to have a long distance call without having all the costs back then. So it started to solve problems and building those kind of hacks and when you really understand how things are working, how, for example, in that specific case, how VoIP teleconference systems are working, say oh, so maybe I can leverage this and that and play with something that is online out there, and I think that's where the curiosity came.

Speaker 1: 4:10

So when you made it into the Israel's 8200 group, you know what did you specialize in. Can you talk a little bit about that?

Speaker 2: 4:18

Yeah. So in terms of the process that was recruited when I was in high school and went through a series of tests for about like a year while I was in high school and then I started my career as doing a course with folks like me for a few months and learning more about intelligence and complex systems and that kind of stuff programming and then I started that roots of being kind of the developer at start and then we'll be doing security researcher, both working on offense and defense operations. And I think one of the great things that happened at least to me, I was with myself doing those almost five years, four or something years that I was there is that you learn, you know, as like a 19, 20 years old, I mean you're pretty naive. So when someone telling you go get this thing, so you're so naive, say, yeah, okay, that's possible. I guess that's possible. And there's some magic happening there when you're getting 20 something years old into that room, that building, that floor, that things actually happen, things that if you look, I mean now, like 20 years after that, looking back, say, look, those things are crazy and maybe today I would think that they're impossible. You know, when we're getting older, we're getting more cynical, we're getting based on our experience. Man, maybe that's not work, maybe that's a complex, maybe just some other constraint that that would fail us, but when, when you're so naive and you're so passionate and there's room or building full of those kind of young things, young guys and girls, there's a magic happening there. I think that's where the mindset of everything is possible. I still been in my mind Huh, that's interesting.

Speaker 1: 6:08

I assume that they probably have to develop that mentality in you that everything is possible, because you know they give you kind of like I mean, at least this is assuming, right, they probably give you a target, they tell you what needs to be done and then you figure out how to achieve it With that mentality of not giving you an easy way out, right, like not saying like, oh, this can't be done, this isn't possible. It's like, no, you need to figure out how to actually get this done, no matter what. That's a great mentality to have. You know, like I feel like that mentality would pay dividends.

Speaker 2: 6:45

I agree and I think the biggest thing I learned from that experience that there is a solution to almost every problem and probably there are multiple solutions to almost every problem. And you know, put in one room enough smart people and they will find a way. Yeah, there will be some constraints. Of course, there will be some assumptions. Yes, you need some luck in the process. Maybe that will take time, but there is that mentality of everything is possible. That is really great and I think if I would be hearing myself like 20 years ago, I would emphasize that say, follow that thing. This is the most important thing.

Speaker 1: 7:21

Oh yeah, that is a. It's just a really fascinating mentality to have. So when you're going through your testing in high school, you know, I assume everyone around you is also going through that testing as well, and maybe it's different tests the farther you go down the road, right, are you able to discuss the testing with other people around you? Right, because I'm thinking of you know, here in America, right, if I was to go and test for the NSA, I mean, I'm not allowed to tell my mom that. I'm probably not allowed to tell my wife that I could tell her what region you know I'm going, what state I'm going to, but you know, I can't even tell her like, oh yeah, I'm going to. You know, for me to go into this building, on this top secret floor, you know to figure out something, right, like, I can't do that. But it's a totally different culture at least that's what I would think you know in Israel, right, like you're not going to just tell anyone everything? Right, that would be highly frowned upon. But it's more open, right, because everyone knows like, oh, you're 17, you're testing. Everyone went through it before. Is it more of an open topic? Is what I'm trying to get at? I guess.

Speaker 2: 8:36

So yeah, I think that when you're 17, actually there's something, you know, very prestigious around that. So you want to get into the like, the top units. So if you're a combat, you want to get to the like, the Navy SEALs in Israel. So you want to be, you know, qualified to do that. You want to get through those tests and in fact in high school, those who really can really get into those elite units, they share that and say, okay, they did well because they were able to get into those units. Now, once you start a service, that's a completely different thing. I mean, you're not talking about what you're doing with your family, obviously You're not. Sometimes you're not talking about where is your base is or you need to go to the service for it yet for days, maybe for a day, maybe for a week. That's a completely different story. But the fact that you actually qualified and you accepted to specific units, I think that's something that people are talking about. It's very encouraging also the others to follow that route. I mean, if you want to make sure you get a career in the security space, in the high tech, you better go start your career from one of those elite units, because that would be a great jumpstart.

Speaker 1: 9:45

Yeah, it seems like it's almost like a tech incubator to some extent, right, I mean, there's so many people out of Israel that come from that unit that start revolutionary companies. You know one of them that comes to mind. I've interviewed several, but one of them that comes to mind is, you know, cyber reason. The founders came from that unit and they created this technology that I would argue, at least the last time that I was using it, that it was better than the top EDR solutions on the market and they were like brand new, right out of the box. You know.

Speaker 2: 10:17

So, yes, I can tell you that a lot of those unit graduate folks first they have the network so you can actually found your new venture, your new company with the folks that you served with for a few years. You know that you'll be doing well. This is one, and of course, I would say that it's incubated in terms of ideas, because a lot of the things that are actually happening after that service, those are new things that mostly you know. You haven't worked on them in the unit, but at least in the mindset you know how the bad guys are thinking and you know how the defense should be built. So that's definitely the great thing and at least for me, that's actually started my journey. I worked in a couple of startups after graduating from that specific unit and then I just wanted to have my own venture. I knew that I want to solve the problem and I think that's a lot of those graduate, a lot of those who really good at problem solving, like I mentioned. Like get them into one room to solve this and this will be solved. I think a lot of the passion for problem solving actually you would in those days.

Speaker 1: 11:25

So talk to me about you know what you started doing after the 8200 group. Like you had your time at the 8200 group. For obvious reasons, we can't talk about what exactly you did, but what did you start diving into afterwards?

Speaker 2: 11:40

Yeah, so right after I finished my service I was working for a couple of startups. One of them was deep in the security space and the security solution based on virtualization back then and really core Windows kernel product, and after that I realized that I want to have my own venture.

Speaker 1: 12:00

I had a couple of ideas, and that's an interesting part.

Speaker 2: 12:03

The first idea, the original idea was nothing to do with what Fotearo, the company I founded, is actually doing today. And this is also a lesson I learned, because sometimes your first idea that would be one thing, but then you realize. In our case it was like about five months into the founding the company, we found out that it's not going to work. But then I realized, you know, I still want to have my own thing. So we started to do like freelancing and services. I was doing penetration testing audits for companies and one of the things I learned is that this experience actually got me the idea it's what behind actually Fotearo today. And the thing I learned is that when I was traveling around the world as a 20-something years old guy, I was traveling around the world my clients paid for my trip and said, look, we want an audit, we want a security audit. It tells what the where the weak points are. And I was sharing with them a document and saying, okay, these are the vulnerabilities, this is how you should fix them. Now, one thing I learned is that I was able to show them or demonstrate. I could hack them pretty easily, and I found there was one technique that worked for me 100% of the times and it was very simple. Just, I went to the website, I went to the open positions section and I sent a PDF, which is a weaponized resume, and I said hi, I want to apply to this position and I want to work with Joe and, by the way, I know Philip from the finance and I'll be happy to share some references and on the other side there is a guy or lady that their job is to screen hundreds of resumes a week. That's in order to do their job, so they cannot really think twice before they're opening that webinar's PDF. And bam, that was just working 100% of the times. And I would think to myself maybe there's a real problem that need to be solved here, because years after date anti-mower, edr, all those technologies invented still people are actually falling in that trap and opening those weapons documents. And I think this was the moment where I realized that this is the problem I want to solve, and this was actually what led to found what today's video that's interesting.

Speaker 1: 14:14

So is that kind of? Is that solution more defensive programming, where you're proactively building in defenses to different kinds of attacks, or do I have this mistaken Right? Let's start off with, maybe, what defensive programming is and then how it's applied, right?

Speaker 2: 14:33

Yeah, so. So the idea behind the material of it's a technology that's called content disarmament, reconstruction or CDR, and what it actually means is that, if you think about all the defense systems out there that need to screen those weaponized resume or invoices or any attachment, maybe a company deck or maybe a podcast outline that I will share with you, is that they all do the same thing. They try to take that document and you know, judge whether it's malicious, suspicious or benign, and they're all relying on one thing they're relying on the history and trying to predict the future, because either, if you think about anti-mower, they had the signature database, which is an historical database. If you think about next gen AVs, they built on machine learning, and what machine learning or AI is? It's just a model that is trained, based on samples, past samples, and now I need to predict the future. Same goes for IDR they're trying to understand whether there's a malicious behavior based on past malicious behavior. So they all do the same thing. They're trying to look at the past and trying to predict the future, and that's where we all fail, right, because the bent eyes are faster than us If you think about the number of malicious samples of documents that produce every like minutes, like thousands of new samples. We cannot really keep up with that. I think this is where most of the technology kind of a defense technology kind of fail because they're all doing that same paradigm of looking back and trying to predict the future. And what I thought about how it could really change that dynamic, how it can really not look at the past and but really protect the user. And the idea was okay. I was asking myself what is that recruiter, that HR guy or lady really interested in when they reading that resume? They really want to have the content of the resume, they want to see the text, they want to see the paragraphs, they want to see the phone number, maybe a picture, maybe some links. Where the vulnerability or the exploit actually resides, it actually resides in the specification of the format and the actual bits in that word document. There's something in the structure, the binary structure of the word document that actually lead to that exploitation of that vulnerability. But they're really interested in the content. So what if I would take the content, lift it up and just paste it on a fresh, brand new template of that word document? I would create a replica which looks and feel exactly the same like the original, but anything that might be malicious in it it's just gone because I'm not delivering it. I'm just delivering a fresh and safe, a known, safe replicas of the original documents and that's the idea behind CDR or content disarmament reconstruction that you can actually deliver a known, safe content 100% of the times and you don't need to chase those bit guides anymore because you're just delivering the good content and not trying to decide to keep it. Very specific document.

Speaker 1: 17:37

That's interesting. So you know, if I have a document and I embed some malicious code into it, right, is this solution going to also somehow read that malicious code and print that to this document that I would then read? Or, I guess, is it too far buried into the document or into the program for it to actually be read on the screen, so to speak?

Speaker 2: 18:02

So if you think about, let's say, a PDF or Excel spreadsheet, maybe there's some bad code in it, but you as a user, when you talk we talk about the V9 documents you're interested in the charts, in the formulas, in the values in that Excel spreadsheet. By copying the valid content to a fresh template of Excel spreadsheet, delivering that, you don't need to deal with all those questions Whether the malicious code will do something, because the malicious code is not there anymore. When you're delivering the known good content, it's like rethinking about the entire problem. It's like turning the problem on its head, because you're not looking for the bad stuff anymore, you're just looking for the good stuff. And this is kind of the idea that your question is spot on, because you're asking okay, what do we do with the malicious code? There's nothing that you need to do with it. You just need to ask where is the known good content, what I'm really interested to read in that document, whether that will be in the word document, the paragraphs, the fonts, the styling, maybe some links, maybe the images, maybe some embedded objects that we would take care of, all that stuff that the user need to read and really be productive. So that's actually what we deliver the rest, that might probably, maybe malicious. We're just throwing away in that sense. So your question is spot on. You just need to rethink about how we really approach that.

Speaker 1: 19:32

That's very interesting. That's a new way to approach that problem. I mean it just seems to be ever present, right Like we can't get away from it, but it seems like the solution really solves it. Is this an idea that maybe formed even when you were at the 8200 group of prior experiences of how you identified ways to compromise systems and whatnot.

Speaker 2: 19:57

So I think I've asked myself if I want to really be aggressive or block all those malicious attempts that delivered by documents. What would we do? And what I had in mind? Okay, I wouldn't be delivering the original document. I said, okay, but I do need to have the content. So what should I do? Because the financial company, any company, still need to work. So by replicating the content itself, I think that actually solved that tension between the security and the productivity which a lot of us are suffering from. Because that's exactly what the recruiter was suffering, because he was told to open resumes and at the same time the security guy told them look, think twice before you're opening documents. And then that's going to self. What should I be doing now? Can I open documents or can I just? ask my manager what to do. So by having those kind of solutions, and you know, a lot of companies and the industry talk about zero trust, and this is actually zero trust for data security, because you're actually not trusting a thing out of those documents and then you're delivering a replica which is completely same. So I think this is actually implementation for zero trust for data, which most of the zero trust implementations today are for network, for identity, and I think this is now the time where we're going to talk about the zero trust for data. So I think that in that way, the tension between security and productivity is being solved and, of course, we're introducing a new concept into the security stack.

Speaker 1: 21:36

That's interesting. You know you bring up zero trust for data and you know, honestly, I probably haven't even thought about that myself. You know doing some sort of zero trust solution or framework around the data. Whenever I think about securing data, it's always encryption and least privilege right. Who can access it and what's the state that it's in and how are we securing that data in that state? But adding zero trust kind of augments it, you know. How do you think that it augments it? Do you think it's more or less preparing for the future, or is it adding additional security protections around it? What's your thoughts on it?

Speaker 2: 22:18

So the way I think about that is that we have multiple layers of zero trust or security frameworks. One is for the network who can access that, first, what you can access and of course, the second thing is for the identity who can access that resource. So, once you went to the two zero trust frameworks of who can access that resource and how we can access that resource, whether you need to go to two factor authentication, maybe that specific authentication, maybe from those IP addresses, maybe from that specific ports or from that specific VPN, and then you can access the resource, but no one asking whether the resource itself, how you can actually protect that data. So if you think about I mean a lot of our customers and protecting their web application using material technology, the way to think about that is now, for example, insurance company. It's open the system to the clients. So now, as a client, you can upload documents, for example, like insurance claims. I want to, you know, file a claim. So I need to upload a doctor report, maybe some pictures and maybe some scans and maybe an idea. So now I need to upload those old things. Who can assure that I'm not uploading a resource or data that is really malicious and say it goes from the other way. If I'm accessing a resource, I want to make sure that I'm not accessing like a malicious one, because someone already uploaded that malicious thing and everything was working like zero trust network, zero trust from identity perspective. But yet I'm dealing with that layer of it can be even encrypted, like you mentioned. It can be encrypted at rest, it can be encrypted in motion, but the data itself is weaponized and the thing that's the missing piece from completing all that chain of zero trust model from the identity through the network encryption, as you mentioned, for data security and for the asset itself.

Speaker 1: 24:17

That's interesting. So you know, I saw on LinkedIn you did a bit of kernel security research. You want to talk about that a bit?

Speaker 2: 24:26

Yeah, sure, I think one of the things I really like, as I mentioned, is how things are working, and I have a strong background in that research of kernel models. Back then I was working in a company that we were actually running several like virtualization, several operating system on the same hardware and actually how to make this actually like what today, like parallel desktop and that kind of stuff. So I was very familiar with how the kernel working in terms of the subsystems and how to make sure that you actually compile with the hardware. One of the things that's really really nice for the bad guys is to have those kernel exportation path and techniques. If you think today but I think that was very popular to inject malicious documents with malicious fonts, because fonts, for example, the Windows subsystem of fonts, is actually a kernel based system. So in fact, that font that you read on your web browser or on your Word documents is being, you know, there is a work done in the kernel. So that was a very, very slick method of the bad guys to send a documented execute kernel code, which is very, very important if you want to just, you know, go through all those EDR things straight to the holy grail which is the kernel, which is the unprotected memory portion. So that was one of the things I learned as part of that kernel research and I think today a lot of the great work is being done, especially in some of the operating systems like the Apple one. I also think that Microsoft is doing a better job, but yet there is tons of playground for those who really want to have some kernel research and privilege escalation that apple does it best with their security architecture of how they are architecting their OS's. So I wouldn't say that I'm an expert with Apple OS but at least from my experience with that, they are doing a great job. I would at least better job than Microsoft and I'm not saying that Microsoft, I know the Microsoft they had, you know, huge, huge challenge. Because if you think about Microsoft, you know having windows for no 30 something years and with tons of hardware. Think about, I mean, apple have a very easy job the coupling the hardware and the software, the controlling everything. So for them, if you think about the kind of no the world in terms of even the qualifications process, even the possibilities of what they need to support from OS level towards the hardware, that's crazy. As opposed to, apple have one set Of hardware and software that they can actually test and close, and with Microsoft it's not. You know, it's like a hell. Think about the number of permutation and need they need to support and no wonder I mean the tons of security exploits and bridges out there. Because if you think about even a device drivers, think about the huge amount of hardware devices that need to be loaded in with in work with Microsoft OS. This is huge as opposed to Apple, which is, you only know that handful things that they actually build and provide. So I think the advantage that Apple has is that they have that close kind of garden thing and they can really work with that close ecosystem. I think it's makes, also from security perspective, it way, way easier on them. So I'm not saying that Microsoft are not trying their best, and just saying that the problem is 100 times, you know, bigger than Apple.

Speaker 1: 28:20

Yeah, it seems like Microsoft has like, almost like a unsurmountable work in front of them where they continuously build their OS is on top of code that they built 30 years ago and they're trying to, you know, secure it and do their best and whatnot. But at the same time, you know, like you said, it has to work with so many other products. It has to work on basically any hardware out there. Right, you can put Microsoft Windows on it. That's a very complex issue and you know a lot of people give Apple, you know, a lot of grief for, you know, locking down their ecosystem in the ways that they do. But you know, at the end of the day, they control it all, they control the security, they have full control over that environment and in return, it tends to be a bit more secure because they have the proper guardrails in place. It seems like they thought through it in the beginning rather than, you know, okay, we have this great piece of software, oh wait, we have to secure it. You know they also don't have like cloud service, so to speak, right, like they don't have Microsoft Azure. That you know. You know what I'm saying like Microsoft has a huge suite of products that they also have to Develop and build and secure. Apple has a product suite to what it's you know what one percent of what Microsoft actually has. It's insane.

Speaker 2: 29:44

I also think that Microsoft productivity suite, like on the office, with it's probably dominating the market and I'm not seeing that changing. I mean, someone asked me like Don't you think that the Google Docs, google sheets and that's what would you know? I would say take over, but this would buy it and I don't think that this would happen. If you think about the effort needed To shift all those enterprises, governments my mom, I mean, that's what she knows she would know how to work with Microsoft word, teaching all those companies and changing all the process, I think that it's, you know, many years to do that change and I think that Microsoft control that. This is one and of course, they also control the Azure, which is a great cloud platform, but obviously I think it's it's not easy for Microsoft. I mean, it gets the Google and Amazon, but it is. There is a dad Point where I think Microsoft controlling the market without any doubt. That's probably the productivity suite and that's, I think, why documents are gonna stay here for quite some time With very difficult to replace that. Even if I'm thinking about myself when I'm exchanging, you know, version of, like legal agreement, the lawyers with partners, I'm doing that with the track changes over word. I'm not doing that with any other thing, only when I find that's everything. Yes, now I'm sending that to and to sign off, but but yet I'm all the work, all the productivity work is being done using the same thing that probably I was doing five years ago, ten years ago and fifteen years ago, which is the Microsoft. So I think that this is the hit the state list for the next probably five, ten years.

Speaker 1: 31:27

Yeah, that is extremely interesting because now that you say it, right like, apple even has their own productivity suite, but I don't think I could tell you what it is. And I own a Mac, right like, but I have Microsoft Office installed on it and that's what I use. I probably even disabled the other stuff, you know.

Speaker 2: 31:49

Yeah, and not a lot of users know how it's called me in the numbers, know what it's called numbers, right, yeah? it's something easy to remember to, but no one uses it exactly and exactly as I mentioned, I mean, once I've installed my Mac as well, probably the third or second or third thing I thought it was installing Microsoft Office, so so I think that's that's where Microsoft still controlling the market and I think it would take some time, although from operating system perspective and hardware, think I'm in Apple, probably doing really, really good job, and I think I switched from Microsoft Intel hardware to, you know, apple Mac, probably like Like four or five years ago and, and I'm seeing more Macs than ever, definitely so when you're securing a kernel of a device, you know, just, irrespective of the device or the OS or anything like that, right, just talking about kernel security in general, how do we do that?

Speaker 1: 32:48

you know, because when we're talking about securing, let's just say, endpoint security, right, you have a EDR, you have, you know your network configurations on that device, you have patches and whatnot. But when we're talking about the kernel, is there anything of that equivalent for the kernel that you can, I guess, so to speak, install and monitor in that way, or are we relying on all the upper levels of security to protect it?

Speaker 2: 33:16

Yeah, so I think there used to be products that protect the user. From current level. To be honest, they were doing more harm than good, because if there were bugs in those products they were just killing the entire machine. That's historically what happened, and another aspect of that is that I think it was in silo. It was a company that presented in black a few years ago that showed how, by leveraging exploitation of vulnerabilities in the anti-mower or EDR products that actually lives in the kernel, they can actually take over the entire machine, Because if you can actually export stuff in the kernel, that's it game over. So what? I believe that a lot of stuff would be moving from the kernel to the user mode, and this is where it's way easier to protect using EDR, some other traditional solutions. But once you get into the kernel, it's game over. So I think that they would see more and more of those big vendors like Microsoft and Apple actually stripping stuff out of that kernel to the user land and making sure it's working there, because otherwise it would be very, very hard to protect Kernel. That would be probably the land of process management, memory management, device management, all the things that you should never be touching in the lifespan of the user and if something actually comes there, I think that's game over. That's how I see it. Obviously, there are some technologies that Microsoft and Apple are actually utilizing to protect from kernel exploitation, like back then it was called KASLR, which is the address, readalomization and that kind of stuff to make the bad guys laugh harder if something bad is going into the kernel. So at least it will be hard to exploit that. But it's just higher kernel fans. It's not something that is proven to protect like 1%. So I think that probably something got into the kernel is probably game over.

Speaker 1: 35:19

Yeah, I mean, it's basically a root kit, that's another word for infecting the kernel. I guess that's what would make your product even more valuable because, like you said, there's nothing really protecting the kernel. And if you're using a Microsoft device, like 90% of the population is, whatever it might be, everyone opens documents, everyone uses Microsoft Office. Most of us have to do it for our job. You know like we can't do our job without opening documents and clicking on links and things like that, and so it really creates an extreme importance around the security of documentation and how to secure those documents. And you know, I remember before the way to go with it was more of you know the path of sandboxing, right, and oh, it'll execute this thing in a sandbox before you executed on your device and whatnot. And I feel like there's ways to get around it. Right, Because the malware is starting to, or the malware developers are starting to learn and adapt to that, where it's like, hey, if these signals are running and they're looking for a device, you know, in these certain ways, just don't execute, you know, and then it'll pass the scan, and then you execute it and lo and behold, it's like, okay, here we go. You know, now it's game on, but your solution really eliminates all of that Exactly.

Speaker 2: 36:43

In fact, sandbox is just, you know, a sophisticated way to do that automated malware analysis. And, in fact, exactly as I mentioned, the malware creators, they know how to check whether they're living now in sandbox. And, for example, one of the coolest techniques is just, you know, if you have a Word document and, let's say, the malware just checks whether there are entries in the recent documents in the Word, like in Word in Word, you can actually open those recent documents. If that's empty, oh, probably that's a sandbox, because there's what is the chance that we know documents open that machine. So there's some cool, cool techniques to do that, as you mentioned with the signals. Again, sandbox is just exactly like the anti malware. It relies on the history, on how malware should be behaving or malicious documents should behave, and then try to block it and give that verdict. And the bad thing with sandbox, it takes a lot of time, a lot of resources. That's why we're not seeing that very popular. Actually, we've seen a significant decline in the sandbox market for the last seven years. So, yeah, so with Voteer, with constantly summoning reconstructing solutions, obviously you can do that. And when we replicate or generate those safe documents, we actually do that pretty fast because, as opposed to sandbox, we don't need to run those documents, we don't need to wait for them to do something like in sandbox, we just replicate the document and deliver that. It takes milliseconds. There is no latency in that, as opposed to some other solutions that need to check whether those documents are really behaving like. It'd be nine documents and, to be honest, after like three minutes, okay, they're done. I mean, okay, this looks fine. And on top of that, sandbox is a network security kind of thing and with the Voteer as we, an API centric platform we connect with using API to almost any ingress of documents out there. So it can be email, like Office 65, sharepoint, onedrive, but it can also be Slack and Dropbox and any other application that has an open API we can interpret with. So I think it's a different era now as it was when the sandbox was invented back then.

Speaker 1: 38:59

So your solution can even integrate with Office and Outlook and Teams and Slack, because it's just taking the text and putting it into another window, right, or whatever it might be, that is already secured and sanitized from anything that might be poisoning it. It's very interesting, that's. I mean it sounds like you know that that's kind of where security is going overall. Right from moving the user from as much of the data or you know, hands on this right of that data. It's adding a layer of abstraction between the user and that data to kind of protect the user from themselves.

Speaker 2: 39:39

Yeah, I think you're right. It's like providing data in a safe way, or a safe copy of that data so the user can open it and just do whatever it needs to do. It doesn't need to really think twice before it's actually doing the job. Because I think that's the problem. If you think about the fishing awareness campaigns that every company today runs right, so they were teaching the employees and the users, you know you need to be cautious with your open argument or playing like every quarter playing the spot the fishing game. No, it's not working. It's not really working, because a day after you have a successful fishing awareness campaign, you know send an email saying hey, there was a problem while you're a paycheck is. You know, fill in the tax form and if you send it to me, I would open the dash form because I want to have my paycheck if I'm getting that from the HR. So I think that that tension between productivity and security cannot be really sold by the traditional technology which relies on detection, on the past indicators of signals, and, on the other hand, we cannot really throw the responsibility on the user, telling them the poor user, you spot the malicious actor, you spot the fishing. It's not gonna work either, and that's why I think that maybe implementing the zero trust for data with the colleges, like what we have in material and then some others, is probably like the more proactive approach and more modern approach to solving that problem.

Speaker 1: 41:12

Yeah, that's a really good point, a really interesting way, you know, to look at this problem that everyone is dealing with. So you know, I try to be very conscious of my guest time and whatnot, and you know you're over in Israel right now so I can only imagine what time it is over by you. So, before I let you go, how about you let my audience know where they can reach out to you if they wanted to, you know, reach out and Maybe get some questions answered, and where they can find your company to learn more about it.

Speaker 2: 41:42

Perfect, yeah, so I'm encourage everyone to just log into what you're website, it's what you're dot com and force the tons of resources, demos and, of course, what your specialist would love to show the product and see how we can help you making your user more proactive and open any document without anything twice. And, of course, feel free to reach out to me via LinkedIn. I would love to hear your thoughts, your feedback on this session and your ideas about the industry. I think there's no better way of knowing the market, just know speaking peer to peer. So don't be shy and reach out.

Speaker 1: 42:22

Absolutely well, thanks to be.

Speaker 2: 42:23

I really appreciate you coming on thank you very much for the pleasure of a great day.

Speaker 1: 42:29

Absolutely. Thanks everyone for listening, see you.