Are your defenses keeping pace with evolving ransomware threats? Are you looking for a way to balance user productivity with granular data safety policies? We've got your back! In our latest episode, we dive into the heart of data security, discussing the persistent threat actors face even with investments in infrastructure security. We are joined by Moinul Khan from Zscaler & Anneka Gupta from Rubrik, who share valuable insights into transforming security perceptions and focuses on data protection.
We don't stop there - we reveal the cunning evolution of ransomware attacks, where perpetrators are not only encrypting primary systems but also targeting backups and exfiltrating data. We discuss the dangerous implications of 'double extortion' ransomware attacks, providing tips on how organizations can fortify themselves with a comprehensive security approach. We also shed light on the challenges of setting up a secure environment and how partnering with a data security provider like Rubrik can be a game-changer.
In the world of cyber threats, awareness is the key. We scrutinize how organizations are adopting URL filtering and sledgehammer approaches to protect their data and discuss the need to balance user productivity with granular policies for data safety. We highlight how AI and ML can change the game by reducing complexity in deploying data protection solutions and helping in document classification and risk insight. And finally, we celebrate the powerful partnership between Zscaler and Rubrik - a collaboration that promises to revolutionize data security. Tune into our podcast for an enlightening discussion on data security. Secure your future by securing your data: let's make it happen together!
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: Thanks, guys, for joining me today, for I believe
00:00:04
this is probably the first episode that I've ever done with
00:00:08
more than one person that I'm interviewing, so let's see how
00:00:13
this goes.
00:00:13
I think it will be a great conversation.
00:00:15
Speaker 2: Hopefully we can live up to the hype.
00:00:19
Speaker 1: I'm sure you will.
00:00:20
So you know, annika, why don't we start off with you talking
00:00:25
about rubric?
00:00:25
So you're currently at rubric.
00:00:27
Why don't you tell us about what rubric does, what you
00:00:31
specialize in, what the problem is in the space that you're
00:00:34
trying to resolve?
00:00:35
Speaker 2: Absolutely so.
00:00:36
Hi everybody, I'm the chief product officer here at rubric.
00:00:39
I've been at rubric for about two years and rubric is a data
00:00:43
security company, so our mission is to secure the world's data.
00:00:47
What is the challenge that we see today?
00:00:49
So, when we go out and talk to customers, customers have
00:00:52
invested a lot in infrastructure security so how to keep
00:00:55
attackers out of your system, but the reality is is that
00:00:59
attackers are still getting in.
00:01:00
In fact, do we did some research and learn that over 90%
00:01:05
of organizations have had in a cyber attack that has made it to
00:01:09
the attention of senior leadership at least 52 times in
00:01:13
the past year.
00:01:13
So that means one time a week.
00:01:16
So we know that even with all these investments and keeping
00:01:18
attackers out, they're still getting in.
00:01:20
So rubric's mission is really all around data security.
00:01:23
So how do we help companies secure their data such that,
00:01:26
when attackers get in, you can have cyber resilience, which
00:01:30
means really being able to recover your data and to do that
00:01:34
in a very quick manner so that you can minimize business
00:01:37
downtime.
00:01:38
Speaker 1: Hmm, it's really interesting.
00:01:40
So we're also joined by monos from Zscaler.
00:01:45
I apologize if I just butchered your name.
00:01:47
I practiced this five minutes ago, I swear.
00:01:53
Speaker 3: Yeah, not a problem, I think, I think you're good.
00:01:56
Speaker 1: Yeah, absolutely so you know.
00:01:57
How about you tell us about you know what Zscaler is
00:02:01
specializing in in the security space?
00:02:03
In case someone that is listening to this podcast has
00:02:06
been living under a rock for the past 10 years, why don't you
00:02:10
maybe even tell us where Zscaler started and where you guys are
00:02:14
going?
00:02:14
Because I know you know, even as being a current customer you
00:02:18
guys are doing a lot of different.
00:02:20
You know unique things.
00:02:21
You're integrating a lot of different areas into your
00:02:24
platform, which is very interesting, in my mind.
00:02:26
Speaker 3: Yeah, absolutely so.
00:02:28
My name is Moinul Khan.
00:02:30
I'm vice president and general manager for Zscaler's data
00:02:33
protection business been with the company a little over four
00:02:36
years.
00:02:36
Zscaler, you know.
00:02:39
We have been in the industry for last 15 years.
00:02:41
We are a cyber security company .
00:02:43
We have transformed the way organization think about
00:02:47
security.
00:02:48
We are, at the end of the day, we are a man in the middle proxy
00:02:51
.
00:02:51
On a daily basis, we are dealing with 300 billion
00:02:55
internet transactions that goes through our cloud.
00:02:57
And think of us a zero trust exchange where every single
00:03:03
connection is going through us.
00:03:04
We are inspecting the content, we are inspecting the payload
00:03:09
and we are making sure all your inbound and outbound
00:03:12
communications are secure.
00:03:13
Right from technology standpoint.
00:03:16
We expanded in in in different areas.
00:03:19
Data protection is one of the highest priorities in our
00:03:22
portfolio and, as a man in the middle proxy, we are putting a
00:03:27
lot of focus for data in motion.
00:03:29
So anything that is going out to the internet, we inspect that
00:03:33
content, we inspect that payload and we are making sure
00:03:37
that our customers crown jewels are protected.
00:03:40
Speaker 1: Hmm, so can we talk a bit about how rubric secures
00:03:46
data in the cloud, right?
00:03:47
So I'll give you a little bit of background.
00:03:50
Recently, or at least a couple years ago, I started to
00:03:53
specialize more in cloud security and as I grew in this
00:03:57
field I learned pretty quickly that if I don't have security
00:04:01
around my data in the cloud, I don't really have very much
00:04:04
right like that.
00:04:04
There's a huge risk if I'm not doing that right.
00:04:07
But then the issues start to come in when you're using SAS
00:04:12
applications and maybe you don't have the control over your data
00:04:15
like you normally would.
00:04:16
Maybe it's very dispersed throughout your cloud
00:04:20
environment.
00:04:20
You may not even know where it all resides.
00:04:23
You know I was, I was working for a large company before and
00:04:26
they asked me well, where does your data reside?
00:04:30
And I said you know well, it resides here.
00:04:33
And then another architect on the call said oh, it's also over
00:04:36
in this environment that I had never heard of before, and so
00:04:39
these things can really grow rapidly and move throughout the
00:04:43
environment in ways that you wouldn't expect.
00:04:45
How is rubric tackling that problem?
00:04:48
Because it seems it seems very complex.
00:04:50
It seems very difficult to handle.
00:04:52
Speaker 2: Absolutely, you've hit it spot on is that?
00:04:54
Visibility of what is all your infrastructure and where does
00:04:57
all your data live and what kinds of data lives where, is a
00:05:01
huge, huge challenge facing organizations today, especially
00:05:05
as data has become increasingly fragmented.
00:05:07
So you have data that's sitting on prem in your various data
00:05:10
centers, you have data sitting in your cloud infrastructure and
00:05:13
you have data sitting potentially across hundreds of
00:05:15
different SAS applications that your organization is using.
00:05:19
What rubric does is rubric protects all of this data across
00:05:23
all of these three types of environments.
00:05:25
We always make sure that you have a copy of the data that you
00:05:28
can recover to in the case of an attack.
00:05:31
We're constantly scanning that data, looking for where does
00:05:33
your sensitive data live, are there any anomalous changes to
00:05:36
that data?
00:05:36
And then, in wartime, when you have to actually recover after a
00:05:40
ransomware attack or another kind of cyber attack, we're
00:05:43
giving tools to make sure that each in each of these
00:05:45
environments, you're able to recover quickly and recover your
00:05:48
data, most importantly, successfully, without having to
00:05:52
pay the ransom.
00:05:52
And so you talk about these challenges of being able to
00:05:56
figure out where data lives, or a big piece of that is some of
00:06:00
the observability capabilities we've developed on top of taking
00:06:04
a back up and enabling recovery of the data, which is showing
00:06:08
things like sensitivity of data and being able to scan that very
00:06:11
efficiently and effectively across your entire environment,
00:06:15
and we're starting to see that data visibility concept and
00:06:20
challenge becoming increasingly important, especially when you
00:06:23
in cloud environments, where you inherently, as an IT
00:06:26
organization and security organization, have less control
00:06:29
about what infrastructure is getting spun up, what data is
00:06:33
getting a place in that infrastructure, and is this a
00:06:35
high risk or or low risk environment.
00:06:39
Speaker 1: Hmm, so that's interesting.
00:06:41
How do you handle data?
00:06:44
So you're taking a backup of the data to ensure that, in the
00:06:49
event that the data is, you know , under ransomware attack or
00:06:52
under attack in general, that the customer has a backup of
00:06:55
their data.
00:06:56
How are you protecting against you know, sensitive data like
00:07:00
PCI or HIPAA, things like that.
00:07:03
Are you encrypting this backup and putting it potentially in
00:07:06
your own cloud or in another?
00:07:07
You know, let's say, we're in AWS, right?
00:07:09
Are you putting it into another AWS account that potentially
00:07:13
rubric owns and all that good stuff?
00:07:16
So how are you doing that?
00:07:18
Speaker 2: Yeah, it's a great question because a big part of
00:07:20
what we're doing and how we're differentiated is really around
00:07:24
maintaining that secure copy of the data, and we do that across
00:07:28
many different ways.
00:07:29
One of the ways is through air gaps, so really making sure that
00:07:33
there's a totally separate copy and a separate tenant with
00:07:37
separate credentials.
00:07:37
We have the option, we have a cyber vault capability where it
00:07:42
can be completely out of your own environment, not just in a
00:07:44
different tenant within your environment with potentially
00:07:47
different credentials, but in one where no one in your
00:07:50
organization has access.
00:07:51
We make sure that when we write the data, it's immutable.
00:07:55
That means that it can't be edited or changed once the data
00:07:58
is written.
00:07:59
This is big, because what ransomware attackers tend to do
00:08:02
is they come in and encrypt the environment and they encrypt the
00:08:05
backups as well to make sure that you can't recover.
00:08:08
So you can do that in rubric you can't change the data once
00:08:11
it's been written.
00:08:12
Then we create many other controls, such as multi factor
00:08:16
authentication or a quorum or otherwise called two person rule
00:08:20
, where you can't change the retention policies around how
00:08:24
long your backups are retained without these additional checks
00:08:27
points to make sure that someone doesn't just come in and set
00:08:30
your retention policy from 30 days to 30 minutes and wipes all
00:08:34
of your backups.
00:08:35
So we do all of these different kinds of capabilities and we're
00:08:38
constantly innovating and coming up with new ways in order
00:08:41
to create confidence that you will always have a copy of the
00:08:44
data to recover to.
00:08:46
Speaker 1: Hmm.
00:08:46
So, mono, why don't we talk a bit about how Zscaler is
00:08:52
protecting the data in transit?
00:08:53
Right, because we talked about data at rest and the security
00:08:58
protections around that a little bit.
00:09:00
But you know, ruberton, zscaler partnered recently I believe it
00:09:05
was announced just before RSA.
00:09:07
But you know, you guys partnered recently and I think
00:09:10
it's because you guys have some some common synergies that you
00:09:14
could potentially have, you know , a unique solution that covers
00:09:18
someone's data end to end, which is actually pretty rare in the
00:09:21
security space, to be able to offer a singular solution or
00:09:25
maybe not a singular solution, but a singular point of contact
00:09:28
right that owns the security of the data in the environment end
00:09:32
to end.
00:09:33
Speaker 3: Yeah.
00:09:33
So if you look at the industry, I would say for the last two
00:09:37
decades, the traditional DLP solution everybody tried to
00:09:42
protect the data with the lens of incident and compliance.
00:09:45
But, as you mentioned, with the migration to the cloud we saw a
00:09:50
huge opportunity to really drive business-driven data
00:09:54
security.
00:09:54
So, if you kind of like, look at our journey.
00:09:56
When we started, we were monitoring Web DLP.
00:10:00
We are monitoring web traffic with our classification engine,
00:10:04
what, quote-unquote, is called Web DLP.
00:10:06
We built a stack, a classification stack, with
00:10:10
hundreds of predefined dictionaries engines.
00:10:12
We have a very flexible custom regular expression engine.
00:10:16
But at the same time, on the advanced data classification
00:10:19
side, we did exact data match, index document matching,
00:10:23
fingerprinting, ocr, right.
00:10:25
So all of that stack that we built.
00:10:27
First we started monitoring web traffic and then we took that
00:10:31
same stack and we started offering a multi-mode CASB in
00:10:34
both forward proxy mode with out-of-pan API.
00:10:37
We used that same classification engine for public
00:10:40
cloud infrastructure, which is AWS, azure and GCP, and then now
00:10:45
we are leveraging that same engine for endpoint to deliver
00:10:49
endpoint DLP as well as email DLP, right?
00:10:51
If you kind of like, look at our journey.
00:10:53
What we try to achieve is business-driven data security
00:10:56
but at the end of the day, we were trying to reduce complexity
00:10:59
.
00:10:59
If you talk to large enterprise customers that are very serious
00:11:03
about data protection program, they will say they are running
00:11:06
with five different DLP classification engine and that's
00:11:09
massive complexity and we really kind of like try to
00:11:13
reduce that complexity.
00:11:14
As far as mobility and cloud is concerned, now, when you think
00:11:19
about rubric, we are very, very complimentary because rubric is
00:11:23
focusing a lot on the data at rest piece and we are not really
00:11:28
there.
00:11:28
Like I said, we are man in the middle proxy.
00:11:30
We are monitoring all data in transition.
00:11:35
So together we are bringing a lot of value.
00:11:40
Like you said, end-to-end data security for data at rest as
00:11:43
well as data in motion.
00:11:45
Speaker 1: You know, something you don't see too often in this
00:11:48
space is a partnership like this right.
00:11:51
Most of the times you see other companies purchasing smaller
00:11:56
companies that are prevalent in a certain space that this larger
00:12:00
company is not currently in right and, from the end-user's
00:12:05
perspective, the quality of that product pretty fairly slowly
00:12:10
but consistently starts to decline.
00:12:12
Right, I've experienced this with probably three or four
00:12:15
products at this time and it's just.
00:12:17
It's disappointing, right, because a company may have a
00:12:20
really great niche product that works perfectly they're doing
00:12:24
great things and then a larger company comes in and doesn't
00:12:27
keep investing in it like they should.
00:12:29
I feel like this is very unique .
00:12:31
You know, we don't see it very often where two security
00:12:34
companies are saying you know what?
00:12:36
You do this fantastic, we do this fantastic.
00:12:38
Why don't we just work together rather than one of us buy each
00:12:42
other out?
00:12:42
Right, let's just work together to fix this problem.
00:12:45
And I think the title of the article that came out was the
00:12:50
industry's first double extortion ransomware solution.
00:12:54
So, anika, you know why don't we talk a little bit about that?
00:12:58
We already kind of touched on ransomware, but what would a
00:13:01
double extortion ransomware attack look like and how are you
00:13:06
guys able to protect your customers against this.
00:13:10
Speaker 2: Yeah, it's a great question.
00:13:11
So I think many people are familiar with the first part of
00:13:16
what happens during a ransomware attack, which is a ransomware
00:13:19
attacker comes in and encrypts your systems such that you no
00:13:23
longer have access to them.
00:13:24
And then they come to you, they give you the ransom note, they
00:13:26
say, hey, pay me $8 million and I will give you the decryption
00:13:30
keys so that you can decrypt your systems.
00:13:33
Well, that was how ransomware attacks started.
00:13:35
As attackers got smarter, they started to do multiple different
00:13:39
actions.
00:13:39
Not only did they start encrypting the primary systems,
00:13:42
but they started to go after the backups as well, because they
00:13:45
said, hey, if you can recover from the backups, you're not
00:13:47
going to pay the ransom, right, and so they started going after
00:13:51
that.
00:13:51
We're seeing that now 75% of successful ransomware attacks
00:13:56
are going after the backups and are successfully encrypting the
00:13:59
backups.
00:14:00
Rubrik is not involved in those cases.
00:14:03
And then the third tactic that we've seen ransomware attackers
00:14:06
do in the past couple of years is not only did they go in and
00:14:11
encrypt the primary systems, encrypt the backups, they
00:14:14
actually also exfiltrate the data and threaten to put it on
00:14:17
the dark web if you don't pay the ransom.
00:14:20
And so this is becoming an increasingly large problem.
00:14:23
Over 50% of ransomware attacks now are double extortion
00:14:28
ransomware attacks and actually in some cases, attackers are not
00:14:32
even encrypting the system anymore.
00:14:33
They're just going in and exfiltrating the data because
00:14:36
they know how invaluable this data could be to an organization
00:14:40
.
00:14:40
And if you're a health care provider, if you're financial
00:14:43
services, the implications of your data getting out on the
00:14:46
dark web could be incredibly impactful to your business.
00:14:50
So that's what a double extortion ransomware attack is
00:14:54
is encrypting with the systems and exfiltrating the data and
00:14:58
charging the ransom to ensure that that data doesn't get on
00:15:00
the dark web, in addition to getting your decryption keys
00:15:03
back.
00:15:04
Speaker 1: Huh, you know, this reminds me of when I started
00:15:08
working for a credit bureau and I won't name them, but the
00:15:13
Equifax breach happened probably the same month that I was there
00:15:17
, that I started, and it was.
00:15:21
I mean, it was not just hectic, but for the first time ever,
00:15:25
security had a blank check to do whatever, because we saw the
00:15:29
impact, we saw how difficult it was to even just put a number to
00:15:35
the data that they lost.
00:15:37
I mean, I think that there's still actually some debate
00:15:40
around the actual number, you know, because there's so many
00:15:43
different sources that want to underplay it or overplay it, and
00:15:47
they're still probably even recovering from it, to be honest
00:15:50
, recovering their reputation, and so, at the end of the day,
00:15:54
for companies to lose their data , to lose what they're in
00:15:58
business for, I mean, that's an apocalyptic scenario, right when
00:16:02
?
00:16:02
Hey, we may not exist tomorrow if this keeps on going.
00:16:06
Speaker 2: Absolutely, absolutely, which is why we were
00:16:09
so excited to partner with Zscaler to provide this solution
00:16:13
, where we could bring insights, since we scan all of a
00:16:17
company's most critical assets all the time, can identify that
00:16:21
sensitive data, marrying that with Zscaler's data and motion
00:16:25
technology and DLP technology to actually prevent the movement
00:16:29
of sensitive data and enforce the data policies that an
00:16:32
organization has.
00:16:33
It's the first of the kind to be able to do that.
00:16:35
Previously, it would be a very complex and very arduous to
00:16:39
actually implement something like this.
00:16:40
So we just saw this incredible complimentary opportunity in
00:16:44
JumpData to provide a real solution to these kinds of
00:16:47
attacks.
00:16:49
Speaker 1: Yeah, I've actually tried to deploy solutions across
00:16:52
all of these different areas and it takes about four
00:16:56
different solutions to actually do it properly.
00:17:00
It's four different vendors, so you're dealing with four
00:17:02
different support teams, four different of everything.
00:17:06
It can be very complex.
00:17:08
I've always found that going to one or two support teams or
00:17:13
companies to resolve an issue is by far the easiest.
00:17:17
So, mono, I have a question, because it looks like we
00:17:23
potentially have a new acronym or a new title for an attack.
00:17:27
It's called adversary in the middle attacks.
00:17:30
So I guess maybe I'm a little bit old school.
00:17:33
I think of this as man in the middle.
00:17:34
Is there any difference to man in the middle attacks or are we
00:17:39
talking about something different here?
00:17:41
Speaker 3: Yeah, so again, the man in the middle attack.
00:17:45
I think one of the things that is very important from data
00:17:47
protection perspective is how much of the traffic that you are
00:17:52
seeing.
00:17:53
So when you look at an organization, their users,
00:17:56
they're not just using Office 365 and Google Drive, but at the
00:18:00
same time, they're probably using ZP, share and Prezzi and
00:18:04
chat, gpt and everything else.
00:18:07
So architecture actually makes a big difference.
00:18:11
Right, are you at the right path?
00:18:13
Are you being able to see all the web traffic?
00:18:16
It could be a random web application, it could be a
00:18:20
sanctions as based services, it could be an unsanctioned
00:18:23
application.
00:18:23
So that's really step number one.
00:18:26
Step number one is today, when you look at your internet bound
00:18:30
traffic, I would say more than 90% traffic is encrypted.
00:18:33
These are all HTTPS.
00:18:34
So you need to have the right architecture to really crack
00:18:39
open the SSL connection, otherwise no content inspection,
00:18:42
no features will ever kick in.
00:18:44
Right.
00:18:45
So that's absolutely important is that do you have that right
00:18:49
architecture, right compute resources to really look at this
00:18:53
300 billion transactions a day that we see every day?
00:18:55
And then the third part is obviously, when you are trying
00:19:00
to protect data, what is your classification engine?
00:19:04
What is the depth and what is the breadth.
00:19:05
These are all very, very important and that's exactly you
00:19:10
know we try to focus on with Rubrik's integration.
00:19:13
So Rubrik will start with the data at rest.
00:19:16
It will classify the sensitive data.
00:19:18
That sensitive data is being fed to us, and we use our exact
00:19:23
data match and index document matching technology.
00:19:26
Whatever we are ingesting from rubric, we know what is
00:19:31
important for that specific organization.
00:19:33
And then we are monitoring all web transaction.
00:19:36
Right, it's not just your office 365 and Google we are
00:19:40
monitoring, but we are essentially looking at every
00:19:44
single application that your users are potentially using and
00:19:47
trying to protect that data, right.
00:19:49
So so, again, I think the value that we are really providing is
00:19:53
the comprehensive mess of the data security.
00:19:56
It's not just, hey, let's try to protect one channel and we
00:20:00
will just talk about this one channel, and if the 10 other
00:20:04
channels are not protected, then then you are not really doing
00:20:08
data security.
00:20:10
Speaker 1: That sounds leaps and bounds different from what I'm
00:20:15
used to with data security and protecting an organization's
00:20:20
data.
00:20:20
To be quite honest, you know I'm wondering.
00:20:23
You kind of brought up AI tools and chat GPT a bit.
00:20:27
Did you see attacks change or kind of reconstruct themselves
00:20:33
when chat GPT became more mainstream, and did you have
00:20:38
different or new challenges of how to protect your customers
00:20:42
with this new tool coming out?
00:20:44
Speaker 3: Yeah, so.
00:20:45
So chat, GPT and generative AI all these applications are kind
00:20:48
of like very new in the industry .
00:20:50
Now the likes of concerns that we have seen from organization
00:20:54
is really the insider threats, at least as of today.
00:20:58
Because you know your users are naive.
00:21:00
They don't they don't really understand how they're putting
00:21:04
that data at risk.
00:21:05
So the typical approach that we have seen over the last six
00:21:08
months is like, hey, let's use a URL filtering and block all
00:21:12
these applications, Right.
00:21:13
But at the same time, the sledgehammer approach really
00:21:16
doesn't work, because if you block users today, they will
00:21:19
always find a way, Right.
00:21:21
So the desire state from organization is we would like to
00:21:25
allow these applications, but we would like to allow them such
00:21:28
a way where our data and crown jewels are always protected, and
00:21:32
that's exactly what we have delivered, Right, so?
00:21:34
So again, you know, if you want to be a sledgehammer, Z skiller
00:21:38
will help you to be a sledgehammer, because again, we
00:21:41
are man in the middle proxy and we can just block everything.
00:21:43
But the better approach is how do you enable users to be
00:21:48
productive but do the data security such a way where
00:21:53
certain activities are not allowed?
00:21:55
Perhaps developers uploading source code to chat GPT is not a
00:21:59
good idea, so so again, that's exactly how we are empowering
00:22:03
our customers like enforce very granular policy for data in
00:22:07
motion.
00:22:07
Don't try to be a sledgehammer.
00:22:09
Allow them to use it, but use it such a way where the data is
00:22:14
always protected.
00:22:16
Speaker 1: You know, I'm sure there's some people out there
00:22:19
that that laugh a bit, right, when you say, oh, it's probably
00:22:22
a bad idea for developers to put source code in and chat GPT,
00:22:26
and it seems like that's such a far fetch thing, like, oh,
00:22:30
everyone you know has a brain, right, they can work through
00:22:33
this problem.
00:22:33
They should know better.
00:22:34
But you would be so surprised as to how many times I've had to
00:22:39
sit down with a developer and say, hey, maybe this public
00:22:43
repository is not a great idea or a great place for you to put
00:22:48
our proprietary data in it.
00:22:50
And you know, they're confused, right, maybe they didn't
00:22:53
realize the security implications of it and whatnot.
00:22:56
And I feel like the part of this cybersecurity role that a
00:23:02
lot of people don't like doing is the actual training part.
00:23:05
Right, it's actually talking to your users, your engineers,
00:23:09
your developers, getting them to do things correctly, changing
00:23:13
their workflows and processes.
00:23:15
That's, that's always, you know , the most difficult challenge
00:23:19
by far.
00:23:20
Speaker 2: Yep, and I think generative AI is only making
00:23:23
those challenges more acute.
00:23:25
For the reasons you talked about of, you have to train
00:23:27
people around what data they can and can't put into these models
00:23:31
.
00:23:31
Or, if you do put them in, like , how do you protect that and
00:23:35
not just use the models publicly available to everyone?
00:23:38
There's also challenges around we're starting to see this too
00:23:41
around phishing attacks getting a lot more sophisticated,
00:23:44
because you could make a phishing attack email look so
00:23:48
real with generative AI Right that you can fool even people
00:23:52
that have been trained to look for this.
00:23:54
You can fool people a lot more easily or people using
00:23:57
generative AI to actually like look at the models and figure
00:24:01
out what are ways to evade common detection of attacks.
00:24:05
We're still in the early days.
00:24:06
Like chat, you can only came out in November and, yeah, I
00:24:09
think this is going to transform the landscape from a threat
00:24:12
perspective, from an IP perspective, all of these things
00:24:15
that we're going to have to change quite quickly and retrain
00:24:18
our workforces very quickly, and we're going to have to
00:24:20
change that in response to yeah, absolutely.
00:24:23
Speaker 1: You know, you bring up a really good point with the
00:24:25
fishing attacks.
00:24:25
So when I got into security, you know, one of my first
00:24:30
projects was to stand up this fishing solution and, you know,
00:24:33
create a whole campaign around it and whatnot.
00:24:35
Right, my goal was to make it as difficult as possible.
00:24:40
Right, because the attackers that are doing it for real,
00:24:43
they're not going to give you any leeway, they're going to
00:24:46
throw their best email at you to fool you, to give over
00:24:49
everything that you can, right?
00:24:51
So I had that mentality and I would get a lot of complaints
00:24:54
saying, oh, these fishing campaigns are unfair.
00:24:57
Who would ever send me, you know, requests like this other
00:25:01
than an internal employee?
00:25:03
And it took a little bit, right .
00:25:05
But a couple of years later they actually got hit by a
00:25:10
fishing attack that was crafted just like an internal employee,
00:25:14
straight from the CEO's advisor or assistant.
00:25:18
It was someone very close to the CEO and they got you know,
00:25:23
it was millions of dollars from this one fishing attack, right.
00:25:27
And that only amps the attacks.
00:25:30
Because now they're saying, oh, these people are probably not
00:25:33
that well trained, you know, let's attack them more, let's
00:25:36
hit them more.
00:25:38
And even fairly recently, I experienced this personally,
00:25:42
where there was a fishing attack that came into my email and I
00:25:45
have a personal policy I don't click on any links, nothing like
00:25:48
that.
00:25:49
You know like, if you want to send me a link, like guess again
00:25:53
, just get on a meeting with me and show me what you want, right
00:25:55
.
00:25:55
But I was looking at this fishing email and it almost
00:26:01
fooled me.
00:26:01
It almost got me and I had to think about it for like 30
00:26:05
minutes and say to myself is this actually a real thing?
00:26:09
Because the timing of it was just so I don't know.
00:26:14
The timing of it was perfect, right.
00:26:16
It had something to do with like the 401k, right, and
00:26:20
something that I had like just signed up for as well with the
00:26:24
company you know, and so like it was just like perfect timing.
00:26:27
It's like I don't know.
00:26:29
You know this is getting a little, a little too advanced,
00:26:33
and I think I even put a post on LinkedIn about it.
00:26:35
Like these fishing attacks are getting a little bit too good,
00:26:39
because I almost just got fooled .
00:26:41
Speaker 2: Yeah, I mean and bringing it back to this
00:26:43
conversation right, it's, you know, what are the attackers
00:26:46
doing?
00:26:46
They're trying to get compromise your credentials, and
00:26:49
then the next thing they're going to try to do is exfiltrate
00:26:52
data, and so that's, that's what we have to all be on high
00:26:56
alert for.
00:26:56
That's what we need better and more solutions to help solve is,
00:27:00
first of all, making sure that least privileged access is
00:27:04
actually implemented within your organization.
00:27:06
So much easier said than done, right, we all know that.
00:27:10
And then you know, being able to detect and prevent data
00:27:14
movement, and especially if it's , if it's data that's very
00:27:18
sensitive.
00:27:18
These are the tools that we're going to need to be just
00:27:21
continuing to develop out to prevent against this, because we
00:27:24
only know that, like, the attackers are going to get much
00:27:27
more sophisticated with generative AI technology and all
00:27:30
the other technology that exists out there.
00:27:33
Speaker 1: So I I'm trying to think of a synergy between
00:27:39
rubric and Zscaler in this way.
00:27:42
So we talked about categorizing the data, which is essentially
00:27:46
tagging the data and whatnot, and then there's an AI or ML
00:27:50
built into it to where it starts looking for other data that
00:27:54
looks like it Maybe it wasn't tagged, maybe it was and it
00:27:58
starts building a knowledge base .
00:27:59
Right, is that?
00:28:01
Is that what's going on, right?
00:28:03
And I feel like Zscaler kind of gives you that insight
00:28:08
throughout the entire environment, because where
00:28:10
rubric might only be in one area of the cloud, right, zscaler is
00:28:15
, is everywhere.
00:28:16
To be quite honest, I mean, you turn that thing on, I get into
00:28:20
my on-prem data centers, I can get into resources in the cloud,
00:28:24
I go wherever I need to, and so you know Mono.
00:28:28
Is that?
00:28:28
Is that accurate?
00:28:30
Am I missing a piece?
00:28:32
Where is the synergy with this?
00:28:37
Speaker 3: Yeah, so again, the synergy is, as you said, being a
00:28:42
man in the middle proxy.
00:28:43
We are seeing all the transactions that are going in
00:28:45
and out.
00:28:46
The value that we are getting from Rubrik is the visibility
00:28:50
for the data at rest piece that we are not paying attention to.
00:28:53
So if you look at the flow, how the integration work, it starts
00:28:58
at the data at rest.
00:28:59
Rubrik's backup system is probably storing zetabytes of
00:29:08
data, like it's pretty much every single data.
00:29:11
Now do you need to protect every single piece of the data?
00:29:14
Probably not, because there are some crown jewels, there are
00:29:18
some sensitive data.
00:29:19
So they do first level of data classification when they are
00:29:23
sharing that sensitive data.
00:29:26
We are indexing the data.
00:29:28
We are essentially learning from customers data so that we
00:29:32
know what exact data that we need to protect when we see the
00:29:36
data in motion action.
00:29:37
So the simple action is we understand that for this
00:29:42
organization, the most critical asset is their PHI data.
00:29:45
We learn it from Rubrik and then we are monitoring every
00:29:48
single web transactions and then either we are running it in
00:29:53
monitor and allow mode.
00:29:55
If it's monitor and allow mode, we are trying to coach the user
00:29:58
hey, don't do this, don't do that.
00:30:00
If it's a block mode, we are basically flat out blocking the
00:30:04
transaction.
00:30:04
So that's kind of like one part of data protection.
00:30:07
But also think about anomalies, right?
00:30:10
Like when we are doing our own AI and ML and we are trying to
00:30:15
understand users behavior.
00:30:17
We are always looking for normal behavior.
00:30:20
So Anika talked about credential theft and someone is
00:30:25
getting in now they are trying to exfiltrate that data.
00:30:28
Most likely we are gonna see an abnormal behavior.
00:30:31
So that's when our UEBA will kick in and our adaptive access
00:30:36
will kick in and challenge the user.
00:30:38
When we see a huge amount of data, that is leaving the
00:30:41
premise, right.
00:30:42
So, and then when you think about UEBA and adaptive access,
00:30:46
that equally applies for the data at rest piece, right.
00:30:49
So again it's how do you merge that all aspects of data at rest
00:30:55
security with data in motion?
00:30:57
Security is what we try to achieve with this integration.
00:31:02
Speaker 2: Yeah, and from our end, we are classifying data,
00:31:05
whether it's sitting on-prem, in cloud or in SaaS environments,
00:31:10
and we have both have our own built-in classifiers to look for
00:31:14
things like PHI, pci data, things like that that are pretty
00:31:17
common.
00:31:17
But then people can write their own classifiers too and say
00:31:20
this is what constitutes sensitive data in our
00:31:22
environments, and we continue to adapt our models, make them
00:31:25
more sophisticated, cover more and more of the surface area
00:31:30
that we're already backing up and that holistic nature of the
00:31:35
visibility that we can provide back into Cscaler.
00:31:39
That's very unique because most people have to, as you were
00:31:42
talking about, implement a different data classification
00:31:45
tool for their SaaS app, for each SaaS app, for their cloud
00:31:48
environment, for their on-prem environment, and those tend to
00:31:51
be pretty expensive to run, pretty expensive to implement
00:31:56
and difficult to maintain as well, and end up leaving data
00:31:59
that's critical or systems are critical that they can't see on
00:32:02
the side.
00:32:05
Speaker 3: One of the Joe, one of the use cases that I should
00:32:08
talk about here before the integration.
00:32:10
When you think about our existing data protection
00:32:14
customer, cscaler customer, as you know, you probably know we
00:32:18
have 7 global customers.
00:32:20
Thousands of these customers are using our EDM-IDM technology
00:32:24
.
00:32:24
Now, when you think about EDM and IDM Exact Data Match
00:32:29
customers are basically feeding their crown jewels, their exact
00:32:32
data.
00:32:32
They're not interested to get an alert based on a generic
00:32:37
credit card number or social security number.
00:32:39
They're saying, hey, I have these crown jewels and can you
00:32:43
protect these exact data?
00:32:45
Now, in the past, before the integration, we had to tell our
00:32:49
customer is that, hey, we are going to give you an on-prem VM,
00:32:53
you are gonna deploy it on-prem and you are going to feed your
00:32:56
data to this on-prem VM too.
00:32:58
Now there is a challenge with that because the guy who is
00:33:03
deploying the VM, they need to know where the sensitive data is
00:33:06
and they need to try all of that process at the back end.
00:33:11
All of that complexity we have addressed with the integration
00:33:15
because there is no manual process here.
00:33:18
We know all the data is sitting in one system, which is rubric,
00:33:22
and we are just getting that feed from that centralized
00:33:26
system and we automated that whole process right.
00:33:30
So this particular use case is all about how do you reduce the
00:33:34
complexity of the data protection program, and I'm sure
00:33:37
you heard this from organization is that data
00:33:40
protection is a complex program and we try to simplify it With
00:33:44
this integration.
00:33:47
Speaker 1: So you bring up a lot of really interesting points
00:33:51
and I feel like legacy DLP is very cumbersome to create.
00:33:58
I mean, you have to create so many policies for that solution
00:34:02
to work and for it to actually do the protections that you want
00:34:06
it to have and whatnot.
00:34:07
And I feel like in the cloud, that scale just dramatically
00:34:11
increases and so is there any like AI or MO in the background
00:34:16
that is informing users of you know, hey, this is the policy
00:34:21
that we recommend you deploy, or is it potentially just
00:34:24
deploying it on its own in the background to enable a Zscaler
00:34:29
to have that zero trust throughout the environment?
00:34:31
I guess let's talk about a little bit about the, that
00:34:35
legacy model and how you guys are improving it.
00:34:37
Yes, okay.
00:34:41
Speaker 3: So you are absolutely right.
00:34:42
The data protection, the perception is it just too
00:34:46
complex or it requires me to build a 30 people organization
00:34:50
who can walk around with a badge called I'm a regex expert,
00:34:54
right?
00:34:54
So we were very aware of those complexity.
00:34:58
I will give you two things that we have done to significantly
00:35:02
we were able to reduce that complexity.
00:35:04
The first part is that when you think about the initial
00:35:08
deployment of DLP the traditional DLP solution will
00:35:12
require you to hire people who can write regex and can build
00:35:16
hundreds of policies.
00:35:17
You have to first tell the DLP engine what is sensitive data
00:35:21
for you.
00:35:22
And people struggle with it, right?
00:35:24
Because if you are talking to an admin in target and if you
00:35:29
ask him what is it that you are trying to protect, they will say
00:35:32
I'm trying to protect my customer credit card information
00:35:34
.
00:35:34
But guess what?
00:35:36
The same company has a legal team, the same company has an HR
00:35:39
team and they don't know what is that extent of that
00:35:43
sensitivity, right?
00:35:43
So that's one challenge.
00:35:45
So what we did?
00:35:46
We said look, people are already pumping all their
00:35:50
internet bound traffic.
00:35:51
We are seeing millions and millions of files on the wire.
00:35:55
They don't have to tell us what is sensitive.
00:35:58
And we used heavy AI and ML behind the scene to auto
00:36:03
classify all their documents, right?
00:36:05
So behind the scene, we use some very soft-skated ML
00:36:09
algorithms like limitization and natural language processing and
00:36:13
clustering and so on and so forth.
00:36:15
But the benefit of that is, in order for you to deploy Zscaler
00:36:19
data protection, you do not have to build a single policy.
00:36:23
Whatever we see on the wire, we will automatically classify
00:36:27
them and we are putting them into different thematic document
00:36:30
categories.
00:36:31
So we will tell you.
00:36:32
In the last eight days, I have seen 8 documents went up.
00:36:37
Some of them are 1040, some of them are tags documents, some of
00:36:41
them are litigation documents.
00:36:42
Guess what?
00:36:43
In the last week, your employees uploaded 2 resumes
00:36:47
.
00:36:47
You might have a potential retention issue, who knows right
00:36:50
?
00:36:50
So that was received extremely well within our existing install
00:36:54
base and that really gave us a huge boost in our data
00:36:57
protection deployment, so that auto classification based on AI
00:37:01
and ML really paid off.
00:37:04
Speaker 1: Yeah, really, that's the only way to do it nowadays,
00:37:08
right, like that's the only way that you're going to stay on top
00:37:11
of this, because the legacy way is really on the end user, the
00:37:16
data creator, so to speak, the data owner, to actually classify
00:37:21
that data, and then it falls within whatever policy the
00:37:25
security team has set up and whatnot.
00:37:27
So we're coming up on the end of our time, but before I let
00:37:31
you guys go, you know why don't you tell us where you think this
00:37:37
space is going right?
00:37:38
Because right when I think that data protection is stagnant,
00:37:43
right when I think that the field isn't isn't evolving right
00:37:47
, you guys come up with this fantastic partnership and these
00:37:52
really interesting and fascinating ways of how you're
00:37:55
adapting to protect organizations data.
00:37:57
So where do you see it going within the next 12 to 18 months?
00:38:02
Speaker 2: Well, I would definitely say that I think
00:38:04
there's going to be massive acceleration of change and of
00:38:08
innovation, and that's being driven by a few different things
00:38:11
.
00:38:11
One is just the threat landscape and the importance of
00:38:16
data and how much this threat landscape I mean the bad actors
00:38:20
are finding new things to do, new ways to impact organizations
00:38:24
, and we're all running to catch up.
00:38:26
So that's one aspect of it.
00:38:28
And then I think this whole generative AI piece that we
00:38:31
talked about is another aspect.
00:38:32
And then, third, is we're finally in this place where we
00:38:38
have technologies that can bring visibility into the security
00:38:41
world.
00:38:42
You know, five years ago, six years ago, even though Rupert
00:38:45
considered itself a data security company, we weren't
00:38:47
calling ourselves a data security company.
00:38:49
But now what we're realizing is that we can partner with the
00:38:53
likes of Zscaler and we can partner with the likes of
00:38:55
Microsoft.
00:38:55
We can partner all over the place because we're able.
00:38:59
We have an asset that, historically, no one has been
00:39:02
able to bring to the table Everyone is struggling with how
00:39:05
do you get a complete view into the critical data of an
00:39:08
organization and, once you have that complete view, the amount
00:39:12
of like analytics, the amount of AI that you can apply on top of
00:39:15
that, the amount of insights that you can provide to do
00:39:19
everything from identify threats all the way to recovering from
00:39:22
them quickly.
00:39:22
You can start to automate more and you can start to bring the
00:39:26
IT ops and security ops organizations together even
00:39:29
closer and you can really revolutionize the way that we
00:39:34
react and also be proactive against preventing cyber threats
00:39:38
.
00:39:41
Speaker 1: Yeah, it's a really fascinating area.
00:39:42
Well before I let you guys go, anika, why don't we tell my
00:39:47
audience you know where they can find you, where they can find
00:39:50
Rupert if they want to learn more, and where they could
00:39:53
potentially even go specifically to learn more about this
00:39:56
Zscaler rubric partnership?
00:39:58
Absolutely.
00:39:59
Speaker 2: So you can find rubric.
00:40:01
You can go to our website, wwwrubriccom R-U-B-R-I-K.
00:40:05
You can find me on LinkedIn.
00:40:07
You can find me on Twitter.
00:40:08
I'm always happy to respond to messages, so feel free to shoot
00:40:12
me a message and then you can find out about our partnership
00:40:15
on both of the Zscaler and and rubric website.
00:40:18
We have a lot of materials going.
00:40:21
We have some press releases, we have blog posts, so there's a
00:40:24
lot there and we're really hoping that if you're listening
00:40:27
and you're a rubric and Zscaler customer, that you'll come talk
00:40:31
to us about this integration, because we do think it's very
00:40:34
unique and very valuable asset for security and IT teams
00:40:38
Awesome.
00:40:39
Speaker 1: And Monal you know.
00:40:40
Before I let you go as well, why don't you tell my audience
00:40:43
where they can find you?
00:40:44
Everyone should know where Zscaler is.
00:40:47
Speaker 3: Yeah, well, everything Anika said it goes.
00:40:49
You can come to our website, zscalercom.
00:40:52
What I would recommend is, when you go to Zscalercom, there are
00:40:56
some specific track sessions that we have recorded during
00:41:01
Zenit Live.
00:41:01
You know, we had Zenit Live for the US, we had Zenit Live in
00:41:06
Berlin and we have captured a couple of track sessions that
00:41:09
talks about that integration, so you will be able to find more
00:41:12
in-depth information about the integration when you go there.
00:41:16
Speaker 1: Awesome.
00:41:17
Well, this was a really fascinating and fantastic
00:41:19
conversation.
00:41:20
I really enjoyed it and I thank you guys for for coming on.
00:41:23
Speaker 2: Thanks for having us, Joe.
00:41:25
Thank you, Joe.
00:41:26
Speaker 1: Thanks for having us.
00:41:26
Yeah, absolutely, absolutely, and I hope everyone listening
00:41:30
enjoyed this episode.