 Back to the Cyber Underground. I'm Dave Stevens, your host. This show we dig deep to find out how cybersecurity touches all of us in our everyday lives. Joining us here today, again, is our exceptional co-host, Mr. Andrew Lanning. Andrew, the security guy. Welcome back, man. Thanks. I'm good to be here, brother. And Tom. Findling? Yep. All right. From IntSites. That's correct. IntSites. Don't say Insights. You get the wrong website. Yeah, you got it right. All right. Well, hey, welcome. This is our cybersecurity show where we talk about all kinds of stuff, and you're going to tell us about in-depth security today. You were mentioning, before we got on the air, though, we're going to do Black Hat Def Con here coming up in two weeks. Not even two weeks, right? Yep. Two weeks. Almost two weeks. Black Hat starts on the 26th. Yeah, we've had the training days before. Are you going to the training? Yep. Oh, right now. What are you taking? I haven't decided yet. Oh, you get to pick at the last second? Yeah, I guess so. Your company has a good budget. Those are a little pricey. I always go in for the briefings afterwards. So this is your first Black Hat, or you've been before? This is actually going to be my first official one. Official? So you've gone unofficially? I was around there when it happened. You jumped the gates? Snuck in? So what's for you? Physical penetration? You're not going to admit anything. I don't tell all my secrets, right? Good for you. So tell us a little bit about yourself. First of all, where you're from? Because I hear the accent. So does everyone else? Yeah. So originally I'm from Israel. Oh, right. And I started... Coastal inland? North? South? Tel Aviv, right there in the middle. Right in the middle, okay. Yeah, right next to the sea shore. Like, you're in Hawaii. That's why I like it so much. Oh, yeah, right. And it feels a little bit at home. So you've found out a place like Haifa? That's like one and a half hours away. It's like for you to go to a different island, right? You're right. Okay. That's cool. From Israel. Now, when did you come over here? Approximately four years ago. So all your schooling pretty much was done in Israel? Yeah. Actually, I kind of skipped school. Skipped school? This is a hacker's story right here. Yeah. Tell us about how you did this. You just didn't need it. Yeah, so I started back in the days. I was a pretty tech-savvy kid. Okay. And then at the age of 18, after I finished high school, you get this letter. And then the letter you have tells you you need to be at this base at this time. And then they take you to the army. Then you have three years of mandatory service. Three years in Israel. I wish I did that in the U.S. You know, I like it too. As a matter of fact, I think a lot of Northern European companies does it. Sweden, I think, is two years though. Yeah. So they take your independence and you become a soldier. Did they pick your job or did they actually find a good fit for you? You don't get to pick your job. You run it for some tasks and then you put you on the right position that you will be able to maximize your skills. Wow. Thank you. Where'd you end up? I ended up in intelligence. Awesome. Yeah, some of the units that was dealing with intelligence, back in the days I remember it was almost like 10 years ago. This is all free. So you got into high school and you went right into the army intelligence. Wow. Training. And so there's a lot of training with it I'm sure. It was like, yeah, at the beginning it was basic training. So running out there in the field, you know, getting your boots dirty or hands dirty, all that. But after like approximately a month it's starting to get more, you know, civilized. So you get to sit back behind your desk and start doing a lot of interesting things. Wow. Breaking out the basic end map and then working way through Wireshark and getting some cybersecurity under your belt and all sorts of things. Wow. Yeah, it's getting pretty interesting. You did all that in high school. I bet you did. Wireshark, yeah. That's, you know, and back in the days it was much more innocent than what it is today. So I remember like 10 years ago nobody was understanding the value of cybersecurity and especially I remember back in the days in the army when we were talking about, hey, you know, the Russians can just get into Hawaiian Electric and turn off the flag on the white. People will look at me and tell me, who is this crazy person? That'll never happen. Come on. Why would they want to do this? Why not? That's a good point. Exactly. You know, in Israel because where we are, we were always under attacks. So we kind of had to build our capabilities very soon in the game because, you know, this being out there puts you under risk and you need to build yourself a safety net that will allow you first to respond to attacks but also being able to develop capability that will give you some kind of advantage, competitive advantage over the others. That's kind of what it is. So you do a little defense and a little offense maybe? A little bit of both? It was very, very early in the program so we kind of did everything. I see. You know, build a lot of capabilities and this is one of the things that, you know, kind of connected me with 14 sides just today. So after the army? After the army I left to work for a small firm then I moved to VMware. Oh, okay. And I worked for VMware for almost six years. Future of the world, man. We're utilizing everything. Everything is a virtual service. We built micro-segmentation. We did operations for micro-segmentation so see how those things are working and how they work in the real life because it's a great idea. Like, when you look at it and this is where we started back then micro-segmentation was like, wow, I can just go ahead and create those small islands and make sure that, you know, everything doesn't talk. Only the right thing can talk with the right thing. Connect your little sandboxes around here. Yeah, you have like 2,000 fireworks running across your network. All of them are virtual, getting up and down. So it looks like very good in theory but then when you have to put a rubber on the road then you can hit some challenges but I think getting through this process and, you know, being able to run through that and see how organizations maturing into it and all the information stuff off it was very pretty interesting ride. Was that the beginning of, like today you talked about these containers, right? So was micro-segmentation the beginning of that? Or is it not really? I think that we deal a lot with containers these days with Insights because we build a lot of our capabilities based on containers. So I think containers, they have a security aspect as well but I think that from an operational perspective, engineering landscape, they provide a lot of advantages beyond security. Micro-segmentation was mostly focused on security and I think that being able to virtualize it all and being able just to get a load balancer in like 3 seconds and firewall in 5 seconds. So the scalability is then the rapid deployment of devices in this virtual environment. So for our audience, virtualization is when you replicate something in main memory somewhere, there could be a physical device in the real world. Yeah, can you just take a, you know, a Windows box that used to be tied to hardware and just virtualize it and make it being able to run, you know, almost on any hardware anywhere and you can just move it around across the wire. You can take it to the cloud, you can bring it back, you can do almost whatever you want with it and with that, there are a lot of security challenges as well. So again for our audience, the cloud is not really this actual cloud in the air where things exist. It's multiple data centers around the earth where things get stored wherever you need them to and backed up to wherever you need them to. But you can access them through anywhere on the Internet. It depends on your policy. But theoretically if you stood up a server, it could be in Portland, it could be in Virginia, it could be in Canada, it could be in South America. It doesn't really matter. It depends on how fast you want to get to it, where you want to get to it from, where it's going to be, how much you pay for it, what vendor you're using, right? So this cloud virtualization that we're doing now, I think companies are just glomming onto that. They just love this being able to ramp up a whole bunch of servers. Amazon Prime Day today, I would imagine since Amazon Web Services, they virtualize almost everything. I bet they had two-thirds of their services ramped up to maximum capacity and they have backup servers upon backup servers because they're expecting more business. And tomorrow it'll go away because they don't need it. So you don't have to have a standby physical data center. You just ramp up these virtual servers and you're ready to go. And then when you don't need them, you put them back. Saving power, processing, CPU time. You can move them between on-prem and off-prem and just play with all those weird configurations. That's what my cyber students love. They like to stand up like a container on their personal computer or on their laptop. And they can go and they can play within this little sandbox and they can't harm any other devices on the network. But they can talk to all the systems that are in that sandbox. So that's what we play with Wireshark and MAP, stuff like that. So they can't harm anybody else. So you've been doing this from the very early days. I've been doing that right after the NYSERA acquisition that we had in VMware. Before that I was doing also cloud management as well. So I have a lot of background with virtualization operations security operations and just how to get it into their real-life, to their biggest customers in the states and just roll it out. You were one of those kids that saw the Matrix and went, oh yeah, that can happen. No surprise here. That can happen. That's totally real. There were a couple of other movies that I was watching back in the days when all those stars were able just to change traffic lights when they rob a bank and they drive on the train. Well, the Italian job. Exactly. That can be done. That's a little scary. You can do it from your room behind your desk. Or in your mom's basement. I'm kind of wondering since you ultimately came out to California what do you tech technology and tech savvy amongst the kids there versus the kids where you grew up? They're starting to teach at a younger age in the schools in the mainland now but it sounds like you guys started very early. Everyone had access to advanced education as much as they could handle? I think that just growing up in Israel, your sense for security is much higher than what you will get in other parts of the country. I don't think that a lot of people in California feel that on a daily basis something could happen to the state but in Israel that's a much more complex situation. So I think growing up in this environment and this is what we saw before cybersecurity became such a big thing around here. It was a big thing in Israel because Israel was under attack from day one. So I think that when you grow up with this mentality it allows you to just be more focused and aware about the tech and about the challenges about what you would like to achieve. And I think just by the culture of growing up out there you get a lot of it to be part of your DNA. Sure. I've seen this with a lot of smaller countries. The people that I know are from smaller countries and especially Europe. I have a lot of European friends. They grew up with multiple countries very nearby. So they have a very international view on multiculturalism, other languages, other ways of thinking. Where's the United States? Especially California. They think they are the country. Exactly right. Well that's so after you finished all that you came out to the United States. Did you come straight to Hawaii? No. I came straight to California. Which city that's a big state? I used to live in San Francisco. Good for you. I lived in Palo Alto. So it's a lot of commute everyday. Palo Alto. That's a nice year of been out. Palo Alto is a beautiful place. So I used to live in Oakland way back when I lived there. I'm old. Our main worries were not security. It was raccoon and deer. It's a different city now. You can take care of that pretty easily. Yeah, now you can. So Palo Alto you worked in Silicon Valley. Yeah, absolutely. Alright, so big commute everyday and then you're still there now? No. Were you there with Insights or VMware? No, I was there with VMware. So VMware located out of Palo Alto. So I spent some time over there. And then I moved to Southern California for a job opportunity. Small startup. I'm the guy, the founder of the company that I'm currently working for. Which is a good friend of mine since high school. And offered me the job. And I decided to leave my previous place and move to Insights since it's just getting back to my roots. Security, cyber, all the interesting stuff. And I think that kind of what we do is like this is what's going on these days and getting into the heart of it and understanding it and being able to help companies to protect themselves and proactively take some steps against those bad people out there. That's a big advantage that we can provide. I like to be on that side of the equation. How many offices do you have? Is it just the one and you remote to every place else or do you have actual physical locations? We actually have physical locations. Where are you guys at? So our R&D center is based out of Israel, obviously. Okay. We have a bunch of engineers there and we have the major of our security analyst based out of there. We have our New York office, heart of Manhattan. On the island. Yeah, pretty interesting what's going on there. That's a successful business when you got an office on the island. It's a good zip code. Not as good as this zip code. Not as good as this. I mean it's good for business zip code. And we have another office in Dallas. Oh, awesome. No representation in California. But I kind of think that after this visit here in Hawaii, I might recommend that instead of a California office, we should go straight to Hawaii. I think that's a great idea and I support that. Do you serve clientele in Asia? Absolutely. So this is the gateway. So this is the gateway. So this will make sense for you guys and it gets you on the beach more often. Absolutely. To do business. Well, you can't help it. It's just work here on the beach and the water's right there. You can't help it. That's right. It's a board meeting. Board meeting. I love that. Okay, we're going to take a little break. I'm going to pay some bills and when we come back, we'll continue with what your company does. And I want to hear the gritty details. Okay, we'll be right back. Aloha. My name is Raya Salter and I'm a host of Power Up Hawaii which you can see live from 1 to 130 every Tuesday at thinktechhawaii.com and then later on YouTube. I am an energy attorney, clean energy advocate and community outreach specialist and on Power Up Hawaii we come together to talk about how can Hawaii walk towards a clean, renewable and just energy future. To do that, we talk to stakeholders all over the spectrum from clean energy technology folks to community groups to politicians to regulators to the utility. So please join us Tuesdays at one o'clock for Power Up Hawaii. We all play a role in keeping our community safe. Every day we move in and out of each other's busy lives. It's easy to take for granted all the little moments that make up our everyday. Some are good, others not so much. But that's life. It's when something doesn't seem quite right that it's time to pay attention. Because only you know what's not supposed to be in your everyday. So protect your everyday. If you see something suspicious say something to local authorities. Well back here we are at the Cyber Underground. I'm your host Dave Stevens. Thanks for joining us today. Again we have Mr. Andrew Landy and with the security guy with us. And Mr. Tom Findling. Thanks for having me. We ramped up with your history, how you got here some cultural differences in your education in your three years in Army Intelligence in Israel and now we're talking about maybe you're open a location out here. I hope so. Let's find out what you do and get into the nitty gritty details. Why is in depth intelligence so important and why do you guys do it? Yeah, so if you look at a lot of companies out there, they're putting a lot of money towards protecting their internal network. So they put like great fireworks together endpoint protection tools, next gen endpoint protection tools. You know all this great devices that you put within your network. But without understanding what's going on on the outside world, you kind of live in the dark. So the idea of insight is I get you the visibility to what's going on in the half of the cap. So you know you can see the what's going on within your network. You track the bandwidth, you block some IPs but the firewall will block what you will tell him to block. But what you don't know about it's very hard to deal with. So being able and we go to the entire internet. We go to the clear deep and dark web, bring you threats and risks that are described. So for our audience again, we assume non-technical memory that they're telling what the difference between those internets are. Absolutely. So it's all start of the clear web and the clear web is basically what all of us familiar with. Everything Google indexes. Exactly the definition. So if you look at social media pages, if you look at paste sites, if you look at application stores, search engines, everything basically that can be indexed by Google, this is the clear web, which is by the way a small function of what's going on out there. It has window shopping walking down the street. Then you have the deep web and the deep web is getting a little bit more interesting. It still can be accessed through normal protocols like usually like web, but those are closed forums and closed communities that you can get in without using them or talking or whatever it is or pay yourself in, but it can be indexed by Google. And there is a lot of stuff going out there as well. Just so we take a little bit, that is usually, I think if I'm not mistaken that the websites hosts will put up like no robots text files or something like that telling the search engines don't index us. And it's also behind closed doors. So you need to get a username and passwords to get in so Google can get to those places just by nature and they don't want to be on Google as well. This could also be accidental, right? Somebody puts up some of this stuff and thinks they put a username password page up there but behind the scenes it's still open. If they did it wrong. If they did it wrong, right? That's a mistake. That appears in what we call the deep web. Not so much. That's a deep web. If it's behind closed doors and you can't access it, we need to use the username and password to get in. That's a deep web. So a lot of people and a lot of companies can access to those forums and those close communities that people just exchanging bad stuff in there. Usually tutorials about how to hack your organization. The dark web is actually going one level down. A level down. This is the bottom of the iceberg. Usually what you need, you need a special gear to get in there. Usually the full browser to browse some onion sites and the good thing about that is to provide you anonymity that you would not get through a normal web browser. So let's stop again right there. The onion networks that you're talking about instead of .com, .net, . whatever, we have .onion which is a domain that's not recognized by browsers natively. Browsers won't know what to do with .onion. So you have to use a browser like Tor, TOR. The onion router. And that's what it stands for, right? And that will recognize onion networks. But it's not like we have Google for the onion networks. It's kind of chaotic. It's kind of chaotic. So there is some search engines there but I would not trust them. But you guys search it. We search it. But you need to know. It's not like you go to google.com and say, hi, I want to find those five things and that will bring you results and probably the first one will find you what you're looking for. You need to know what you're looking for. You need to know the website's address. So just think about the internet that you know and aware of the clear web without search engines. How do you get to certain locations? And they're not nice website names, right? .net knows 1234XYZX. Imagine that people don't want you to find it. The dark web doesn't have click advertising going on. No. They don't have Google ads. But that's what evil stuff can happen, right? Weapon sales, human trafficking. No pornography. They're really bad stuff. Advertise for what you want and advertise for what you've got. Most of my life I think is probably on for sale. I don't think you died in the first day. How sad is that? So you guys will search this place in our universe. The whole internet. Do you have any responses for threat intelligence for a certain company? Yeah. So the idea was take some of the capabilities that we did for the military and just bring that into the commercial market. So we know that a lot of organizations today would not have the tools that we had back in the days just to start building all those capabilities and also maintain them up to date because those sources that we are dealing with they're changing on the go. Like, you know. You need to stay on top of it. You need to maintain your access. Sometimes you need to pay your bills because sometimes you need to pay your way in. So when you need to maintain your avatars and your reputation. So it's not an easy job to do. Just being able to go out there, search for your company name, come back and just see what is out there for you. So being able to maintain all this network and the way we do it is actually pretty interesting because we don't want to go and take your domain and just go and search it on some dark web forums, right? That would not be a smart thing to do. So we develop some capabilities that allow us to bring all the information into our servers in the cloud. And you search it there. And then provide, like, then look for the matches over there. So you actually do some big data? We do a lot of things. So there's a lot of analytics done on the data you gather, I would imagine. Oh yeah, billions of webpages on a daily basis getting for algorithms and the idea is just to provide the best protection that we can for our clients. And this is what caught my eye. So that's why I seem to come on. Because I don't know if people understand that there are clues and ways to find out that people are building tools to attack you with. And those tools may be similar to the domain that you own, just for example. And these guys may come across that. And then you get the idea of what kind of threat is actually being built to perhaps attack you with. And this is super valuable to business. Yeah, absolutely. And I think ahead of time that, for example, you're going to suffer from a phishing attack or a dittus attack can get you a competitive advantage, right? On the attacker. Being able to know that you will have five or ten employees that are going to be attacked on a certain phishing attack, that's even better. So now we don't just know that you have a phishing attack being launched on your organization. You might know where the individuals that already gave their password in the past that are on some kind of list that probably people would try to phish them again. And those people could also be high profile in your company. So they can do name searches and things like that. And people are also trading these fees. I can ask like in the University of Hawaii who are the top people that already gave their password in the past and they have access to certain information. So this is interesting. We've gone from the phishing attack from emails to spear phishing, identifying individuals with a high profile target spear phishing, wailing. That's really interesting. So you identify this up front. You can come to people and say, look, based on what we have you're probably a target. This is probably coming down the pike very soon. That's why we're very strong with the gaming community. I can tell you that. That's great. The tools even went further. In some instances they were able to show us some of the folks that they knew they recognized like the work that they do. So they kind of maybe know where this work's being done. It's just an identity, a virtual identity that you have to maintain. So sometimes in order to get your way into somewhere, you need to just have a reputation. You know, you don't just show up at the door and say, hey, I want to get in. So there are a few ways to get to those places that we try to get into. One of them is to get a recommendation from somebody. So you know me and I need to maintain our relationship for a while. So do you know me and I need to maintain our relationship for a while? So therefore you recommend me to get in and then this is how I get my way. Sounds like high school. Yeah. It happens in a little darker place. This is a college frat party. He's cool. Sometimes you have to pay your way in. You know, you maintain a Bitcoin wallet and you just pay your way in. Your monthly, weekly fee, daily fee, whatever it is. And you know, sometimes there are some other ways you need to prove yourself or do certain things in order to get into those sources. But the idea is that we maintain all of them up to date and whenever there are new ones we always get behind them and be able to provide the information. What can you tell us about this sample client and some of the successes you've had and some of the things you might have prevented? Can you share any of that? Yeah, we can take and give you some good stories that we've seen. Yeah, generalize it so we can minimize the data. I talked earlier about gaming. So the amount of money that's going on the dark web or to those like gaming programs that big casinos have in the world, it's crazy. People take stolen credit cards and move money into those accounts, game belong them and sometimes what they would do, let's say that I will use a credit card and move some of the stolen credit card and move some of it into my gaming account and I will get into a poker room with you and with you that you guys are my friends and I will lose the money and you guys will win. Oh nice. Yeah, you just lauded the money. Yeah, so that's cool, right? Brilliant. See what you learned on the show. That's awesome, right? Okay, we're almost out of time. Anything you want to tell us before we leave the show today? Audience, how to be safe? Just try to be safe, never give your password to anybody and if somebody write you an email, hey it's to help us send me my password, send me your password, never do that. Never do that. Well, thanks for being on the show, Andrew. Absolutely. Thank you for being here. I think we'll get him at Black Hat maybe. That's right, Black Hat at Defcon. We'll be at Defcon ground floor, I believe at Cesar's Palace for Defcon on the 28th, about 4 p.m. Nevada time, 1 p.m. here and we'll have somebody in the studio to Skype with us and hopefully you can stop by. Absolutely. You promised me some shots, so I'll definitely be there. We'll do some shots. Thanks everybody for joining us on the Cyber Underground. Stay safe.