1
00:00:00,840 --> 00:00:04,960
S1: Unsupervised Learning is a podcast about trends and ideas in cybersecurity,

2
00:00:05,000 --> 00:00:09,960
S1: national security, AI, technology and society, and how best to

3
00:00:10,000 --> 00:00:18,880
S1: upgrade ourselves to be ready for what's coming. All right, well,

4
00:00:19,040 --> 00:00:24,400
S1: welcome to unsupervised learning. Ethan. Yeah. Can you give a

5
00:00:24,400 --> 00:00:27,600
S1: little bit of background about yourself and what you're working on?

6
00:00:28,440 --> 00:00:33,000
S2: Yes. So I'm Sarita Jara and project management for application security.

7
00:00:33,000 --> 00:00:36,760
S2: And SBM is part of Cortex Cloud in Palo Alto Networks.

8
00:00:38,000 --> 00:00:41,240
S2: I can kind of come from a background of engineering

9
00:00:41,400 --> 00:00:47,120
S2: and product, uh, from several, uh, different areas. Uh, mostly

10
00:00:47,120 --> 00:00:50,959
S2: in the last years, cloud security and application security. Um,

11
00:00:51,440 --> 00:00:53,600
S2: I always say that I come to the application security

12
00:00:53,600 --> 00:00:57,200
S2: space from handling or kind of using all these different

13
00:00:57,200 --> 00:01:01,190
S2: tools of application security and trying to write or have

14
00:01:01,230 --> 00:01:04,870
S2: the right experience for both developers and security people to

15
00:01:04,910 --> 00:01:07,149
S2: kind of, I don't know if to laugh, but at

16
00:01:07,150 --> 00:01:11,309
S2: least like security to be able to actually, uh, solve

17
00:01:11,350 --> 00:01:14,070
S2: the problem for the security people and not have so

18
00:01:14,069 --> 00:01:19,350
S2: much problems on the production, production, uh, sites, but also

19
00:01:19,470 --> 00:01:21,869
S2: make sure developers understand what they need to fix and

20
00:01:21,870 --> 00:01:23,070
S2: why they need to fix it.

21
00:01:23,750 --> 00:01:27,030
S1: Okay. That's great. And I was looking at the, um,

22
00:01:27,470 --> 00:01:30,750
S1: at the site in the platform prior to joining. It

23
00:01:30,750 --> 00:01:33,990
S1: seems like it's it's becoming quite cohesive with all the

24
00:01:33,990 --> 00:01:37,790
S1: different pieces. And I heard, uh, somewhere else that you're

25
00:01:37,790 --> 00:01:40,869
S1: looking to, like, unify into, like a single data lake,

26
00:01:40,870 --> 00:01:43,830
S1: which is something that I'm really excited about. I would

27
00:01:43,830 --> 00:01:45,149
S1: love to hear more about that.

28
00:01:46,150 --> 00:01:49,110
S2: So basically, uh, Palo Alto Networks had a product called

29
00:01:49,110 --> 00:01:53,270
S2: Prism Cloud, which handled cloud security or, and also application security,

30
00:01:53,550 --> 00:01:58,230
S2: another product called cortex that handled the, the Siem and

31
00:01:58,230 --> 00:02:01,570
S2: the SoC sock side of things. And, um, in the

32
00:02:01,570 --> 00:02:05,010
S2: last few months, we actually merged these two into one

33
00:02:05,010 --> 00:02:07,850
S2: data lake, in which you can do everything. All the

34
00:02:07,850 --> 00:02:10,930
S2: information you need is just residing in one data lake,

35
00:02:11,090 --> 00:02:14,530
S2: whether these are attacks coming from the SOC or, uh,

36
00:02:14,570 --> 00:02:19,089
S2: cloud posture findings or application security ones. And think about

37
00:02:19,090 --> 00:02:21,610
S2: the potential of having everything within the same data lake

38
00:02:21,650 --> 00:02:24,810
S2: like in one click. You can ask questions that in

39
00:02:24,810 --> 00:02:28,130
S2: the past, it wasn't as simple to do that because

40
00:02:28,169 --> 00:02:31,370
S2: the information reside on different systems. You don't necessarily have

41
00:02:31,370 --> 00:02:34,489
S2: the context. And if you think about application security, in

42
00:02:34,490 --> 00:02:38,370
S2: this sense, the thing that application security, uh, lacks the

43
00:02:38,370 --> 00:02:40,930
S2: most is the context. Like I see so many things,

44
00:02:41,410 --> 00:02:43,970
S2: which is not good, but I don't know if they

45
00:02:43,970 --> 00:02:47,450
S2: are really going to production or they're going to be exploitable.

46
00:02:47,650 --> 00:02:50,810
S2: Are they going to be used by my application? So

47
00:02:50,810 --> 00:02:53,530
S2: one of the things in application security is that you

48
00:02:53,530 --> 00:02:57,210
S2: have just too many issues. Usually developer just either ignore

49
00:02:57,320 --> 00:03:00,080
S2: them or they get mad. On the security people because

50
00:03:00,080 --> 00:03:02,799
S2: they block them or on an on every build or

51
00:03:02,800 --> 00:03:06,680
S2: PR and you kind of there is no balance in understanding, okay.

52
00:03:06,720 --> 00:03:09,079
S2: These are the things that need to be fixed. And

53
00:03:09,400 --> 00:03:13,399
S2: when we introduce uh, cortex cloud and then we will

54
00:03:13,400 --> 00:03:16,880
S2: introduce uh, aspm as well. We actually say we bring

55
00:03:16,880 --> 00:03:20,000
S2: everything together. You don't need to, uh, you know, look

56
00:03:20,000 --> 00:03:23,000
S2: at different things, whether you have different scanners, whether you

57
00:03:23,000 --> 00:03:27,560
S2: have different, uh, version control or different CI, CD systems. Uh,

58
00:03:27,560 --> 00:03:29,640
S2: if you want to see whether you have different clouds,

59
00:03:29,639 --> 00:03:31,520
S2: if you want to see everything, you can come to

60
00:03:31,520 --> 00:03:35,320
S2: our environment, come to our solution and have the platform

61
00:03:35,320 --> 00:03:39,360
S2: you need for, uh, um, everything within the same place,

62
00:03:39,360 --> 00:03:41,360
S2: it means that we give the context. We get, we

63
00:03:41,400 --> 00:03:43,320
S2: get from the cloud. It's not just, you see things

64
00:03:43,320 --> 00:03:46,600
S2: for application for for the code side of things, but

65
00:03:46,600 --> 00:03:49,200
S2: you see things that are code side. But then they

66
00:03:49,240 --> 00:03:51,440
S2: are connected into the cloud one and the cloud one

67
00:03:51,440 --> 00:03:54,000
S2: are being connected to the SOC one. So it's actually

68
00:03:54,040 --> 00:03:58,420
S2: one system that covers everything that a security person cares

69
00:03:58,420 --> 00:04:01,900
S2: about with regards to how you see things within, within cloud.

70
00:04:01,900 --> 00:04:05,100
S2: And we also acknowledge the fact that cloud is, uh,

71
00:04:05,140 --> 00:04:08,300
S2: is growing very fast and application to cloud is growing

72
00:04:08,300 --> 00:04:12,100
S2: very fast. AI is bringing, you know, bunch of more

73
00:04:12,100 --> 00:04:16,100
S2: code into the, into, uh, the environment. Many of our

74
00:04:16,100 --> 00:04:20,659
S2: colleagues been written by different, uh, models. All of these

75
00:04:20,660 --> 00:04:24,260
S2: things also bring security issues, and they don't solve the

76
00:04:24,260 --> 00:04:28,339
S2: problem of having a lot of problems before production. But

77
00:04:28,339 --> 00:04:31,179
S2: what we bring to this one is saying you have

78
00:04:31,180 --> 00:04:34,539
S2: a lot of risk. We will help you to prioritize them,

79
00:04:34,540 --> 00:04:37,900
S2: but not just to prioritize them, but also to prevent them.

80
00:04:38,180 --> 00:04:42,380
S2: Because most of the solutions say, I will prioritize everything

81
00:04:42,380 --> 00:04:45,900
S2: for you, which is great, but the funnel keeps growing.

82
00:04:45,940 --> 00:04:48,539
S2: You know, you cannot kind of manage it. And what

83
00:04:48,540 --> 00:04:51,820
S2: we are saying, we will allow you to actually do

84
00:04:51,860 --> 00:04:55,680
S2: a much more flexible and recommended prevention. How do I

85
00:04:55,680 --> 00:04:58,760
S2: do the right guardrails within my pull request? How do

86
00:04:58,760 --> 00:05:04,360
S2: I do the right guardrails within my build? And this

87
00:05:04,360 --> 00:05:07,080
S2: is using all the things we know from production and

88
00:05:07,080 --> 00:05:11,279
S2: from the actual runtime environment, whether it's actually deployed, whether

89
00:05:11,279 --> 00:05:15,119
S2: it's open to the internet, whether it's had an access

90
00:05:15,120 --> 00:05:18,000
S2: to sensitive data, all the questions you can think of

91
00:05:18,000 --> 00:05:21,320
S2: on how my application will go will look in production.

92
00:05:21,400 --> 00:05:24,360
S2: This is something that we have natively because we have

93
00:05:24,400 --> 00:05:28,120
S2: everything on the data lake and the potential is huge.

94
00:05:29,040 --> 00:05:33,640
S1: Yeah, that is absolutely wonderful. I'm so excited to hear this. Um,

95
00:05:34,040 --> 00:05:36,320
S1: I was wondering, like, who's going to kind of move

96
00:05:36,320 --> 00:05:39,800
S1: in this direction first? This is very exciting. So a

97
00:05:39,800 --> 00:05:43,000
S1: good example of this, um, that I always go to, um,

98
00:05:43,160 --> 00:05:47,279
S1: I was at Robinhood doing, uh, vulnerability management and, um,

99
00:05:47,320 --> 00:05:50,320
S1: application security. I was in charge of those two groups

100
00:05:50,480 --> 00:05:54,910
S1: during log4j2. And so what everyone had to do was

101
00:05:54,910 --> 00:05:59,070
S1: get their spreadsheets ready and start pulling down manual lists

102
00:05:59,070 --> 00:06:04,110
S1: and trying to cross-reference where in the actual technical infrastructure

103
00:06:04,110 --> 00:06:07,190
S1: it is. Okay, which app is that? Okay. Who actually

104
00:06:07,190 --> 00:06:09,870
S1: owns that app? Who do I actually ping to try

105
00:06:09,870 --> 00:06:12,470
S1: to go out here and I'm like, what we actually

106
00:06:12,470 --> 00:06:15,510
S1: need is a single place where this stuff is located

107
00:06:15,870 --> 00:06:20,110
S1: that actually understands. Is this live right now? Is it

108
00:06:20,270 --> 00:06:22,349
S1: is it a system that's running, or is it a

109
00:06:22,350 --> 00:06:25,710
S1: system that we could turn on? Um, what version of

110
00:06:25,710 --> 00:06:29,469
S1: the actual application or the library is enabled? Right. Because

111
00:06:29,470 --> 00:06:31,870
S1: it could be that one of the versions is vulnerable

112
00:06:31,870 --> 00:06:35,070
S1: and one of them isn't. Right. Who's the owner? All

113
00:06:35,070 --> 00:06:39,030
S1: of these things. So like asset management just being natively

114
00:06:39,029 --> 00:06:44,670
S1: built into it, understanding ownership, being natively built into it, um,

115
00:06:45,110 --> 00:06:50,150
S1: just really exciting. So so do you have also like the,

116
00:06:50,150 --> 00:06:53,580
S1: the business understanding potentially that you could bring in. So

117
00:06:53,580 --> 00:06:56,940
S1: for example, we're worried about these things because we're in

118
00:06:56,940 --> 00:07:00,740
S1: this particular industry. We're in this particular country. Um, we

119
00:07:00,779 --> 00:07:05,380
S1: are particularly concerned about the exfil of particular data because

120
00:07:05,380 --> 00:07:09,500
S1: we're in defense or something like that. Um, which to

121
00:07:09,540 --> 00:07:13,420
S1: me is really interesting because it can automatically do what

122
00:07:13,420 --> 00:07:16,260
S1: we've been trying to do in information security for so

123
00:07:16,260 --> 00:07:22,540
S1: long is prioritization of Vulns before we're using vulnerability information

124
00:07:22,540 --> 00:07:25,860
S1: to prioritize vulns. But when we should, what we should

125
00:07:25,900 --> 00:07:28,980
S1: have been doing is saying no. What are our actual assets?

126
00:07:29,020 --> 00:07:31,380
S1: What do we actually care about as a business that

127
00:07:31,380 --> 00:07:33,980
S1: automatically does it for you if you have that context?

128
00:07:35,660 --> 00:07:40,020
S2: So very good question. And just reiterating about log for J. Yes,

129
00:07:40,020 --> 00:07:42,700
S2: it usually comes at the worst case being Christmas on

130
00:07:42,700 --> 00:07:46,380
S2: the on the log for J one. Uh, and um,

131
00:07:46,420 --> 00:07:49,380
S2: it's a, it's a good example because people mostly didn't

132
00:07:49,380 --> 00:07:54,720
S2: understand where they're where they look for Jay is actually located,

133
00:07:54,720 --> 00:07:58,080
S2: like where they use the actual, uh, vulnerable, uh, package

134
00:07:58,120 --> 00:08:01,400
S2: or the version actually. And whether it's just on the

135
00:08:01,400 --> 00:08:04,600
S2: code or also in production and all of these different

136
00:08:04,600 --> 00:08:08,360
S2: things are super, uh, um, complicated when you have to

137
00:08:08,360 --> 00:08:11,360
S2: do it, um, when you have to do it in,

138
00:08:11,360 --> 00:08:13,160
S2: you know, in, uh, in a lot of stress and

139
00:08:13,160 --> 00:08:16,640
S2: you already know that there is an exploit, uh, available

140
00:08:16,640 --> 00:08:19,440
S2: and people try to exploit. So, so it's super, uh,

141
00:08:20,000 --> 00:08:21,800
S2: I would say too late in the process. And you

142
00:08:21,800 --> 00:08:24,920
S2: mentioned another thing which is super important, trying to figure

143
00:08:24,920 --> 00:08:28,640
S2: out from the cloud, uh, who is the owner.

144
00:08:29,000 --> 00:08:29,360
S1: Is.

145
00:08:30,160 --> 00:08:33,360
S2: Good, but it's, it takes too much, like it's too

146
00:08:33,360 --> 00:08:37,040
S2: much to too long to understand. Who is the owner? Uh,

147
00:08:37,040 --> 00:08:40,360
S2: you probably the developer already did like several other things

148
00:08:40,360 --> 00:08:44,400
S2: between now and then. Uh, and it's, uh, it's really

149
00:08:44,440 --> 00:08:47,040
S2: kind of, if you think about it, you try not

150
00:08:47,040 --> 00:08:50,400
S2: to block to be able to make the developer velocity, uh,

151
00:08:50,470 --> 00:08:53,310
S2: very fast, but in the end, because you kind of

152
00:08:53,350 --> 00:08:56,790
S2: bother him with problems from production, you kind of bring

153
00:08:56,790 --> 00:09:00,110
S2: him tasks that were not planned originally to be solved.

154
00:09:00,110 --> 00:09:04,710
S2: So while you try to make the developer velocity, uh, fast,

155
00:09:04,750 --> 00:09:07,550
S2: you actually make it slower by trying to figure out

156
00:09:07,550 --> 00:09:11,110
S2: who is the owner. And, uh, owners tend to not

157
00:09:11,110 --> 00:09:14,030
S2: be that simple of understanding who the one, you know,

158
00:09:14,070 --> 00:09:16,310
S2: when you see a CV within a package, like, who

159
00:09:16,309 --> 00:09:20,510
S2: is the one that's that's only the last one that changed. Uh,

160
00:09:20,790 --> 00:09:23,790
S2: the the fight may change like different version. The one

161
00:09:23,790 --> 00:09:28,189
S2: that actually added this package into the, into, uh, the code.

162
00:09:28,190 --> 00:09:30,470
S2: So it can be a lot of different owners. And

163
00:09:30,510 --> 00:09:33,070
S2: when you are close to the code, it's much easier

164
00:09:33,070 --> 00:09:34,950
S2: to understand who is the owner because he's the committer

165
00:09:34,950 --> 00:09:38,230
S2: of the things and he can block things before even

166
00:09:38,230 --> 00:09:42,590
S2: going into production. Going back to your question about the business, uh,

167
00:09:42,910 --> 00:09:45,910
S2: impact of things, and also, uh, what we can say

168
00:09:45,910 --> 00:09:50,489
S2: about the industry or the industry are in. So one. Yes.

169
00:09:50,730 --> 00:09:53,329
S2: One of the things we always say about SVM is

170
00:09:53,330 --> 00:09:55,610
S2: the is that it's kind of connect the business with

171
00:09:55,610 --> 00:09:58,250
S2: the security. If you think about all the evolution of

172
00:09:58,290 --> 00:10:03,050
S2: the different, uh, SVM stuff, it's always about infrastructure, about network,

173
00:10:03,090 --> 00:10:07,650
S2: about identity, about data, but application is about actually connecting.

174
00:10:07,650 --> 00:10:11,610
S2: What the customer knows about is application and the honoring

175
00:10:11,650 --> 00:10:14,770
S2: the business owner, the criticality of the the business, the

176
00:10:14,770 --> 00:10:18,810
S2: fact that, for example, I can later understand whether this

177
00:10:18,809 --> 00:10:24,370
S2: application is, uh, mostly vulnerable, for example, for um, for

178
00:10:24,370 --> 00:10:28,970
S2: data theft. So probably try to, uh, to harden it

179
00:10:29,210 --> 00:10:33,170
S2: based on this type of, uh, of, um, of, uh,

180
00:10:34,170 --> 00:10:36,569
S2: kind of what application is doing versus what are the

181
00:10:36,570 --> 00:10:40,810
S2: potential of being exploited within. And this is something we're

182
00:10:40,809 --> 00:10:43,929
S2: also going to add more, uh, in the future and

183
00:10:43,929 --> 00:10:47,170
S2: trying to understand what is the application inside and allow

184
00:10:47,170 --> 00:10:50,800
S2: you to bring the relevant guardrails to to help you

185
00:10:50,840 --> 00:10:54,600
S2: solve this, uh, problem. So, yes, business is a very

186
00:10:54,600 --> 00:10:57,760
S2: important part. We are going to make sure it's going

187
00:10:57,760 --> 00:11:00,800
S2: to be very, uh, aligned with what we do on

188
00:11:00,800 --> 00:11:03,480
S2: the security side. I think application is the first time

189
00:11:03,840 --> 00:11:07,160
S2: it's actually connects everything. And when we talk about application,

190
00:11:07,160 --> 00:11:09,720
S2: and this is one of the things which is super, uh,

191
00:11:10,880 --> 00:11:14,280
S2: exciting about what we are doing, is that while in

192
00:11:14,280 --> 00:11:17,000
S2: other places you can define application for the code, you

193
00:11:17,000 --> 00:11:20,640
S2: can define application for the runtime. What we do is

194
00:11:20,679 --> 00:11:23,040
S2: say we don't care what you where you start to

195
00:11:23,080 --> 00:11:25,920
S2: build your application. You can start from the runtime. You

196
00:11:25,920 --> 00:11:29,240
S2: can start from the code. The system will automatically enrich

197
00:11:29,240 --> 00:11:33,960
S2: everything up for you and actually connect all the relevant

198
00:11:33,960 --> 00:11:38,400
S2: assets into one, uh, into one application. And you mentioned

199
00:11:38,679 --> 00:11:43,600
S2: something which is also, uh, important. Um, if you think about, uh,

200
00:11:44,280 --> 00:11:46,880
S2: whether am I like, for example, you said I want

201
00:11:47,020 --> 00:11:49,620
S2: to find all, all the places I have, look for,

202
00:11:50,460 --> 00:11:55,140
S2: look for J. Think about a repository that you didn't scan.

203
00:11:55,700 --> 00:11:56,100
S1: Yeah.

204
00:11:56,140 --> 00:11:58,340
S2: So you don't even know if it's if you have

205
00:11:58,340 --> 00:12:00,860
S2: this problem or not. And one of the things we

206
00:12:00,860 --> 00:12:03,420
S2: invest in our solution is making sure that you have

207
00:12:03,420 --> 00:12:06,179
S2: a good visibility of what you are actually doing. Yeah.

208
00:12:06,220 --> 00:12:08,460
S2: Because if I see a risk and I don't know

209
00:12:08,500 --> 00:12:11,860
S2: what is the coverage, then the risk may not be correct.

210
00:12:11,860 --> 00:12:14,580
S2: So it's not it's not the right place to go.

211
00:12:15,340 --> 00:12:18,020
S1: Yeah. So so for that piece are you talking about

212
00:12:18,059 --> 00:12:24,740
S1: like continuous discovery. Continuous like, um, monitoring external attack surface

213
00:12:24,860 --> 00:12:27,819
S1: to just like be aware and then bring that into

214
00:12:27,820 --> 00:12:30,900
S1: the context into the data lake if it's not already there.

215
00:12:31,780 --> 00:12:33,740
S2: So it's already it's already there. It's part of the

216
00:12:33,740 --> 00:12:37,100
S2: solution having the attack surface as well. Um, as I mentioned,

217
00:12:37,100 --> 00:12:40,980
S2: we kind of brought all these different, all these different models,

218
00:12:41,020 --> 00:12:45,620
S2: different signals, signals into the same place. And then beside

219
00:12:45,730 --> 00:12:48,850
S2: providing insight by our self to our customers, we also

220
00:12:48,850 --> 00:12:52,210
S2: allow the customers to query things they care care about.

221
00:12:52,210 --> 00:12:54,730
S2: They can kind of do it via the graph, or

222
00:12:54,730 --> 00:12:57,570
S2: they can do it via like our query language and

223
00:12:57,570 --> 00:13:00,090
S2: they can query basically everything. You know, one of the

224
00:13:00,090 --> 00:13:04,010
S2: discussion is that if you think about the amount of

225
00:13:04,010 --> 00:13:06,610
S2: different things we have within the system, whether it's the

226
00:13:06,610 --> 00:13:10,530
S2: SOC environment, the Appsec persona, the runtime, the posture management,

227
00:13:10,770 --> 00:13:13,970
S2: they can create something that will be kind of an

228
00:13:13,970 --> 00:13:19,330
S2: overlap kind of overlay of everything. The system brings some

229
00:13:19,330 --> 00:13:22,130
S2: of its own, but it's also open for the for

230
00:13:22,130 --> 00:13:25,329
S2: everyone that wants to query it. So very exciting. And

231
00:13:25,330 --> 00:13:28,330
S2: we have a lot of, uh, uh, super cool things

232
00:13:28,330 --> 00:13:32,130
S2: that are planned as part of our SPM solution. I

233
00:13:32,130 --> 00:13:35,729
S2: really believe that if we think about the next generation

234
00:13:35,890 --> 00:13:39,370
S2: application security and how it connects within the cloud and

235
00:13:39,370 --> 00:13:42,450
S2: the fact that everything is super fast, this is the

236
00:13:42,450 --> 00:13:46,790
S2: way to go, kind of connect between the things. Bring insights. Um,

237
00:13:46,950 --> 00:13:49,429
S2: you know, I think, uh, one of the things we

238
00:13:49,429 --> 00:13:51,630
S2: see is that people don't have, like, they don't want

239
00:13:51,630 --> 00:13:54,710
S2: to search within, uh, a search engine. They prefer to

240
00:13:54,710 --> 00:13:58,150
S2: ask a question. Yes. And in my opinion, one of

241
00:13:58,150 --> 00:13:59,910
S2: the things we are doing on the ASP team is

242
00:13:59,910 --> 00:14:02,790
S2: trying to give the answers instead of kind of let

243
00:14:02,790 --> 00:14:06,830
S2: you go into different tables or different places to look

244
00:14:06,830 --> 00:14:09,750
S2: for your information, but rather give you insights on what

245
00:14:09,750 --> 00:14:12,270
S2: the things you can do and the recommendation on how

246
00:14:12,270 --> 00:14:15,590
S2: to prevent it. And you know, in theory, I would

247
00:14:15,590 --> 00:14:17,830
S2: like to make sure that we have a very good

248
00:14:17,830 --> 00:14:20,670
S2: prevention in which what you see in cloud was only

249
00:14:20,670 --> 00:14:23,750
S2: created in cloud and not something that was kind of

250
00:14:23,790 --> 00:14:24,950
S2: created by code.

251
00:14:25,390 --> 00:14:30,710
S1: Mhm. Yeah. That's really interesting. So I mean what I

252
00:14:30,710 --> 00:14:32,910
S1: see kind of happening from this is like you could

253
00:14:32,910 --> 00:14:37,150
S1: roll this out and suddenly you all of a sudden

254
00:14:37,150 --> 00:14:40,470
S1: your users are way larger than the security team. Because

255
00:14:40,470 --> 00:14:44,540
S1: this is so vastly important to the entire company because

256
00:14:44,580 --> 00:14:47,660
S1: they likely don't have a place, a universal place, to

257
00:14:47,700 --> 00:14:50,460
S1: go and ask questions. And what you what you're likely

258
00:14:50,460 --> 00:14:53,220
S1: to end up with, uh, as you know, is like,

259
00:14:53,260 --> 00:14:56,020
S1: you're going to have the best asset management in the

260
00:14:56,020 --> 00:14:59,220
S1: company is going to be this tool. So people who

261
00:14:59,220 --> 00:15:02,140
S1: aren't even thinking security necessarily, they're going to be like,

262
00:15:02,140 --> 00:15:05,180
S1: I need the current list of this. What's facing the internet?

263
00:15:05,180 --> 00:15:07,900
S1: Like lots of different users could potentially need this.

264
00:15:09,300 --> 00:15:12,100
S2: And again, in the context of the business, like, yes,

265
00:15:12,140 --> 00:15:14,540
S2: these assets that are part of my application, it's not

266
00:15:14,540 --> 00:15:17,620
S2: just an asset. I can know that this asset is

267
00:15:17,620 --> 00:15:20,580
S2: part of an application and the application is owned by someone.

268
00:15:20,580 --> 00:15:22,340
S2: This is the business owner of it. This is the

269
00:15:22,340 --> 00:15:25,500
S2: one that needs to fix things. Um, we're also talking

270
00:15:25,500 --> 00:15:28,380
S2: about the option to kind of group things based on applications.

271
00:15:28,380 --> 00:15:31,700
S2: So you can see that you can see based on

272
00:15:31,940 --> 00:15:34,380
S2: the permission you have, the application you want to see.

273
00:15:34,700 --> 00:15:37,340
S2: And all of this is is coming into the context,

274
00:15:37,380 --> 00:15:39,980
S2: the code context, the cloud context, the things we have

275
00:15:39,980 --> 00:15:43,080
S2: from the runtime and also the one we give from

276
00:15:43,120 --> 00:15:47,000
S2: a get from the business application. So yes, you are correct.

277
00:15:47,040 --> 00:15:50,160
S2: This data lake in a way is our secret for

278
00:15:50,160 --> 00:15:53,040
S2: this is and the, um, the things we do with

279
00:15:53,040 --> 00:15:55,840
S2: the data, which is based on AI and the ability

280
00:15:55,840 --> 00:15:59,320
S2: to actually learn from the data, is what will make

281
00:15:59,320 --> 00:16:03,360
S2: the what makes the, the the solution, um, to be, uh,

282
00:16:05,160 --> 00:16:08,680
S2: such an, uh, a potential for, as you mentioned, like

283
00:16:08,880 --> 00:16:12,720
S2: security people. In the end, they cannot chase, uh, risks.

284
00:16:12,720 --> 00:16:15,760
S2: They need someone to be able to, uh, fix things

285
00:16:15,760 --> 00:16:18,880
S2: before they do that. They don't do policies today because

286
00:16:18,880 --> 00:16:22,840
S2: it's hard. Because it's not because developers tend to, uh, say, no,

287
00:16:22,840 --> 00:16:25,640
S2: you just blocked us. We cannot bring velocity. We cannot

288
00:16:25,640 --> 00:16:29,560
S2: bring more, uh, um, application into, you know, more business

289
00:16:29,560 --> 00:16:32,960
S2: value to our customers. And we want to say no, if,

290
00:16:33,000 --> 00:16:35,360
S2: you know, if you do it right and you do

291
00:16:35,360 --> 00:16:38,720
S2: the right guardrails and you will do prevention in mind,

292
00:16:38,760 --> 00:16:41,510
S2: but in, in a way that you have all the context.

293
00:16:41,790 --> 00:16:46,190
S2: Then your velocity will be increased and not decreased.

294
00:16:46,430 --> 00:16:49,190
S1: Yeah, I am really excited about this. So so what

295
00:16:49,190 --> 00:16:52,910
S1: I've been telling everybody is so, um, customers or whoever

296
00:16:52,950 --> 00:16:56,310
S1: is asking, they want to know what AI is going

297
00:16:56,310 --> 00:16:59,270
S1: to do for attackers and what specifically they're going to

298
00:16:59,310 --> 00:17:02,870
S1: try to build. And what I'm telling everyone is, um,

299
00:17:02,870 --> 00:17:05,630
S1: that thing that I sent you, that USC thing is

300
00:17:05,630 --> 00:17:10,350
S1: that attackers are going to build unified context for targets.

301
00:17:10,950 --> 00:17:12,390
S1: So what they are going to do is they're going

302
00:17:12,430 --> 00:17:15,230
S1: to send out agents, they're going to find your list

303
00:17:15,230 --> 00:17:19,270
S1: of employees, they're going to pull all their social media, um,

304
00:17:19,310 --> 00:17:21,149
S1: they're going to find all your DNS, they're going to

305
00:17:21,150 --> 00:17:23,310
S1: pull all your domains and your subdomains, and they're going

306
00:17:23,350 --> 00:17:27,150
S1: to start pulling all those different assets. Um, and then

307
00:17:27,150 --> 00:17:31,030
S1: they can start interrogating them for open ports and blah, blah, blah.

308
00:17:31,030 --> 00:17:36,830
S1: So they are essentially building a unified data lake for

309
00:17:36,830 --> 00:17:40,129
S1: you as the target. And then the next time they

310
00:17:40,130 --> 00:17:42,450
S1: have a new target, they go and do the exact

311
00:17:42,450 --> 00:17:45,050
S1: same thing. And then they have agents that say, okay,

312
00:17:45,090 --> 00:17:47,929
S1: given the context that you have, how do we attack?

313
00:17:48,690 --> 00:17:52,770
S1: What social engineering campaign do we write? What, uh, you know, exploit,

314
00:17:52,810 --> 00:17:56,530
S1: do we launch on this application? So my my whole

315
00:17:56,530 --> 00:18:01,050
S1: thing to everyone is attackers are building this to attack you.

316
00:18:01,410 --> 00:18:04,890
S1: You need to have a better version for yourself. And

317
00:18:04,890 --> 00:18:10,010
S1: I just absolutely love. Yeah, I absolutely love that that,

318
00:18:10,210 --> 00:18:13,250
S1: you know, you have such a prominent company in Palo

319
00:18:13,250 --> 00:18:16,650
S1: Alto actually doing this and doing this quickly. I thought

320
00:18:16,650 --> 00:18:18,850
S1: it was going to take much longer. I'm really, really

321
00:18:18,850 --> 00:18:19,890
S1: happy to hear this.

322
00:18:20,810 --> 00:18:24,489
S2: Yes. So it's actually already available. Uh, it's already on

323
00:18:24,490 --> 00:18:28,050
S2: the same platform. Um, which is kind of the data

324
00:18:28,090 --> 00:18:31,050
S2: lake is there. We're just adding more and more content

325
00:18:31,090 --> 00:18:35,410
S2: into it. And, um, I really believe that while this

326
00:18:35,410 --> 00:18:39,510
S2: data lake improves, uh, cloud posture Posterior improves SOC. It

327
00:18:39,510 --> 00:18:43,869
S2: also improves appsec to be able to really, you know, um,

328
00:18:43,910 --> 00:18:46,710
S2: make sure you don't get into production and wait for

329
00:18:46,710 --> 00:18:48,790
S2: a lot of time to kind of get the fix,

330
00:18:48,790 --> 00:18:51,230
S2: understand who is the person, try to figure out if

331
00:18:51,230 --> 00:18:54,310
S2: it can fix the issues and deploy back and then, uh,

332
00:18:54,350 --> 00:18:57,070
S2: you know, do testing and then deploy back, kind of

333
00:18:57,109 --> 00:19:00,950
S2: shorten this, uh, cycles and making sure that, uh, we

334
00:19:00,950 --> 00:19:03,669
S2: will provide you with all the information you need to

335
00:19:03,710 --> 00:19:07,109
S2: remediate stuff, but also make sure you prevent in the

336
00:19:07,109 --> 00:19:10,630
S2: future similar, uh, similar problems.

337
00:19:11,190 --> 00:19:14,109
S1: Yeah, it's really powerful. So tell me again, all the

338
00:19:14,109 --> 00:19:18,629
S1: different controls that we have in the platform. So you

339
00:19:18,630 --> 00:19:22,550
S1: have the ability to, um, monitor incoming code and like,

340
00:19:22,990 --> 00:19:26,149
S1: inspect and reject, like, what are the other control points

341
00:19:26,150 --> 00:19:28,590
S1: that you have based on something that you see in

342
00:19:28,590 --> 00:19:29,110
S1: the lake?

343
00:19:29,710 --> 00:19:32,869
S2: Yes. So we have a lot of, uh, different controls.

344
00:19:32,910 --> 00:19:39,100
S2: We start from the ID like the developer Environment. When

345
00:19:39,100 --> 00:19:42,580
S2: it writes the code, it can see everything we know

346
00:19:42,820 --> 00:19:45,980
S2: within that. Of course, it's limited to what is currently editing,

347
00:19:45,980 --> 00:19:48,580
S2: but this is the first time you will find the

348
00:19:48,580 --> 00:19:52,060
S2: system and the inputs and the outputs and inputs. The

349
00:19:52,060 --> 00:19:54,619
S2: second one will be when you try. Well, there is

350
00:19:54,619 --> 00:19:56,939
S2: another one before the commit, but it's very special to

351
00:19:56,980 --> 00:20:00,940
S2: specific use cases. Uh, this the second one will be

352
00:20:00,940 --> 00:20:02,659
S2: when you do the pull request. This will be the

353
00:20:02,660 --> 00:20:05,859
S2: second one. We can, uh, check and kind of enforce.

354
00:20:06,260 --> 00:20:08,980
S2: The other one is just monitoring and understanding what it is.

355
00:20:08,980 --> 00:20:11,859
S2: But you can enforce things when you go into the

356
00:20:11,859 --> 00:20:15,380
S2: PR and say, I don't want to, uh, do critical

357
00:20:15,380 --> 00:20:18,500
S2: CVE for, uh, a repo that goes to production. And

358
00:20:18,500 --> 00:20:20,700
S2: I know this one is, uh, open to the network.

359
00:20:21,660 --> 00:20:26,300
S2: The third one will be around build. I can do, uh, uh,

360
00:20:26,660 --> 00:20:28,540
S2: block the builds, put it as a step in the

361
00:20:28,540 --> 00:20:31,980
S2: CI and have all the context of understanding, uh, on

362
00:20:31,980 --> 00:20:35,540
S2: what I'm actually blocking. And, of course, you have all

363
00:20:35,580 --> 00:20:39,650
S2: the different monitoring of having like the periodic scanning on

364
00:20:39,650 --> 00:20:41,490
S2: a branch and on history. So you have a lot

365
00:20:41,530 --> 00:20:44,330
S2: of things you can do and get all this information,

366
00:20:44,930 --> 00:20:47,210
S2: and you also have the option to do some of

367
00:20:47,210 --> 00:20:49,530
S2: it on the image side of things and even in

368
00:20:49,530 --> 00:20:52,649
S2: the future. Also for admission control, if you do do

369
00:20:52,690 --> 00:20:57,850
S2: it for, uh, um, this kind of, uh, of, um, uh, software.

370
00:20:58,010 --> 00:21:01,530
S2: So we have different options to guard. So put the

371
00:21:01,530 --> 00:21:06,090
S2: guardrails in place. And as mentioned before, um, we are

372
00:21:06,850 --> 00:21:09,570
S2: we are we are a great believer in platformization and

373
00:21:09,570 --> 00:21:13,090
S2: the open the option to actually, uh, pull information from

374
00:21:13,090 --> 00:21:17,489
S2: different other scanners so we don't limit ourselves to the

375
00:21:17,490 --> 00:21:20,410
S2: things that come only from our system. We actually collect

376
00:21:20,410 --> 00:21:23,850
S2: everything we have from the different, um, it can be

377
00:21:23,850 --> 00:21:28,770
S2: different application security solutions. It can be, uh, different version control.

378
00:21:28,770 --> 00:21:32,530
S2: It can be different CI, CD systems. We collect everything

379
00:21:32,530 --> 00:21:37,710
S2: in and uh, provide our enrichment. So it's very important

380
00:21:37,710 --> 00:21:40,190
S2: for us not, you know, to give the value. Even

381
00:21:40,190 --> 00:21:43,470
S2: before you use the scanners, make sure that you have

382
00:21:43,470 --> 00:21:46,909
S2: all the value in the enrichment, the option to create applications,

383
00:21:47,230 --> 00:21:50,430
S2: all this coverage, things I talked, I talked about and

384
00:21:51,270 --> 00:21:54,350
S2: give value to our to our customers, I would say

385
00:21:54,390 --> 00:21:55,390
S2: in minimal time.

386
00:21:56,070 --> 00:21:59,429
S1: Yeah that's really powerful. And then other components in the

387
00:21:59,430 --> 00:22:02,150
S1: ecosystem are also adding to the data lake. Right. So

388
00:22:02,150 --> 00:22:03,590
S1: you also have that richness.

389
00:22:04,270 --> 00:22:06,390
S2: So uh, so let's start from the beginning. The first

390
00:22:06,390 --> 00:22:09,710
S2: one will be the code that we bring into, uh, the,

391
00:22:10,310 --> 00:22:12,949
S2: the lake, the, the code finding. I would say different

392
00:22:12,950 --> 00:22:16,590
S2: code finding can be open source, first party, uh, code, uh,

393
00:22:16,590 --> 00:22:21,830
S2: secrets misconfiguration, all of these things APIs. The second one

394
00:22:21,830 --> 00:22:25,629
S2: will be, uh, everything we bring, uh, from the CI

395
00:22:25,630 --> 00:22:29,590
S2: CD systems, uh, and the version control like posture management.

396
00:22:29,630 --> 00:22:32,510
S2: Think about the fact that I see, uh, a secret

397
00:22:32,550 --> 00:22:36,060
S2: on a version control. It's not, um, it's not protected

398
00:22:36,060 --> 00:22:41,300
S2: by by, uh, let's say, um, MFA, for example. So

399
00:22:41,300 --> 00:22:44,700
S2: this also kind of where the, the code goes into

400
00:22:44,740 --> 00:22:47,580
S2: is also another signal. We have all the, the signals

401
00:22:47,580 --> 00:22:51,420
S2: of the cortex cloud, as we say, the identity, the data,

402
00:22:51,460 --> 00:22:55,100
S2: the network, the infrastructure, everything we have, which is part

403
00:22:55,100 --> 00:22:57,859
S2: of a solution for setup. And then all the things

404
00:22:57,859 --> 00:23:01,699
S2: we have from our endpoints, from our agents within the

405
00:23:01,700 --> 00:23:04,100
S2: cloud and all the things we have from the attackers

406
00:23:04,100 --> 00:23:07,940
S2: perspective for the SOC. So everything you can think of

407
00:23:07,980 --> 00:23:11,260
S2: in this area is through our to our environment. It's

408
00:23:11,260 --> 00:23:14,580
S2: a very big data lake with a lot of options

409
00:23:14,580 --> 00:23:15,500
S2: to do the query.

410
00:23:15,900 --> 00:23:18,500
S1: That's really powerful. So you can like you can build

411
00:23:18,500 --> 00:23:22,500
S1: basically an entire program off of constructing a really high

412
00:23:22,500 --> 00:23:26,940
S1: quality set of questions, and then and then basically have

413
00:23:26,940 --> 00:23:32,100
S1: the answers to those questions trigger different, uh, pipeline or workflows.

414
00:23:33,040 --> 00:23:37,960
S2: Exactly. And also kind of, uh, um, lead users to

415
00:23:38,000 --> 00:23:41,840
S2: improve their security posture by creating the right journey. Because

416
00:23:41,840 --> 00:23:44,399
S2: we have all these different information, we can kind of

417
00:23:44,440 --> 00:23:46,760
S2: guide them to say, if you want to do in

418
00:23:46,760 --> 00:23:51,359
S2: this place, do that one and then, uh, do it, uh, in,

419
00:23:51,359 --> 00:23:53,040
S2: in kind of a stages of phases.

420
00:23:53,640 --> 00:23:58,800
S1: Um, well, sorry, this is super, super exciting. I'm going

421
00:23:58,840 --> 00:24:01,680
S1: to go and actually research a lot more about this. Um,

422
00:24:01,840 --> 00:24:04,280
S1: and I can't wait to see updates. Where can people

423
00:24:04,280 --> 00:24:07,119
S1: learn more about the platform and what you're releasing and

424
00:24:07,119 --> 00:24:08,360
S1: what's already released?

425
00:24:09,520 --> 00:24:12,919
S2: So our so, uh, everything that we already released is

426
00:24:12,920 --> 00:24:15,960
S2: in our site. And the second one will be about

427
00:24:16,000 --> 00:24:19,760
S2: our announcement. Announcement of the new product, uh, going on

428
00:24:19,800 --> 00:24:22,000
S2: on the 25th July.

429
00:24:22,560 --> 00:24:26,760
S1: Oh, great. Yeah, we will, uh, look forward to that. And, uh, yeah.

430
00:24:26,800 --> 00:24:28,080
S1: Anything else you want to add?

431
00:24:29,560 --> 00:24:31,200
S2: No, I think I just want to say that I'm

432
00:24:31,200 --> 00:24:34,620
S2: super exciting. As I mentioned, kind of coming back to

433
00:24:34,660 --> 00:24:37,100
S2: my background, I feel that this is part of my

434
00:24:37,100 --> 00:24:40,740
S2: mission to make developers and security, like, more friendly to

435
00:24:40,780 --> 00:24:43,979
S2: each other and kind of make sure the developer doesn't

436
00:24:43,980 --> 00:24:47,980
S2: see security as something that they need to, uh, something

437
00:24:47,980 --> 00:24:50,340
S2: they need to do or ignore, but actually have this,

438
00:24:50,340 --> 00:24:53,180
S2: this as part of their workflow and make sure security

439
00:24:53,220 --> 00:24:55,700
S2: have all the information to be able to do the

440
00:24:55,700 --> 00:24:57,140
S2: right security decisions.

441
00:24:58,220 --> 00:25:00,979
S1: Awesome. Well, I think this will definitely move us in

442
00:25:01,020 --> 00:25:03,420
S1: that direction. Thanks for your time.

443
00:25:03,980 --> 00:25:04,900
S2: Thank you very much.

444
00:25:07,380 --> 00:25:10,980
S1: Unsupervised learning is produced on Hindenburg Pro using an SM

445
00:25:10,980 --> 00:25:14,540
S1: seven B microphone. A video version of the podcast is

446
00:25:14,540 --> 00:25:18,300
S1: available on the Unsupervised Learning YouTube channel, and the text

447
00:25:18,300 --> 00:25:23,740
S1: version with full links and notes is available at Amazon.com newsletter.

448
00:25:24,380 --> 00:25:25,379
S1: We'll see you next time.