1 00:00:00,880 --> 00:00:05,040 S1: Unsupervised Learning is a podcast about trends and ideas in cybersecurity, 2 00:00:05,080 --> 00:00:10,000 S1: national security, AI, technology and society, and how best to 3 00:00:10,039 --> 00:00:18,479 S1: upgrade ourselves to be ready for what's coming. All right, Patrick, 4 00:00:18,480 --> 00:00:20,000 S1: welcome to Unsupervised Learning. 5 00:00:20,480 --> 00:00:21,880 S2: Thanks, Daniel. Pleasure to be here. 6 00:00:23,520 --> 00:00:28,760 S1: Yeah. So, um, last time I chatted with, uh, material, um, 7 00:00:28,800 --> 00:00:33,160 S1: I spoke with Abhishek. We had a really interesting conversation, and, uh, 8 00:00:33,200 --> 00:00:35,120 S1: what I really took away from that, that I found 9 00:00:35,120 --> 00:00:38,839 S1: so interesting was like this focus on because I asked. 10 00:00:38,880 --> 00:00:41,840 S1: I asked about, uh, detective controls, and he's like, yeah, 11 00:00:41,840 --> 00:00:44,639 S1: it's not so much about detection. It's more about like 12 00:00:44,920 --> 00:00:49,479 S1: putting on the seatbelts and preventative controls, like what happens 13 00:00:49,479 --> 00:00:52,880 S1: after a breach. How do you limit the blast radius? Um, 14 00:00:53,280 --> 00:00:56,520 S1: and I thought that was a really interesting characterization. Is 15 00:00:56,520 --> 00:00:58,080 S1: that the way you think about it as well? 16 00:00:58,440 --> 00:01:01,210 S2: Yeah, that's certainly a large part of it. And, you know, 17 00:01:01,250 --> 00:01:03,090 S2: when I think about what we're doing here at material, 18 00:01:03,090 --> 00:01:06,250 S2: it's actually the the seat belts, but also the brakes 19 00:01:06,250 --> 00:01:09,170 S2: as well, and picking up on the accidents before they happen. 20 00:01:09,569 --> 00:01:11,810 S2: So that's where we're heading as a, as a company of, 21 00:01:11,970 --> 00:01:14,649 S2: you know, not only doing the threat detection, making sure 22 00:01:14,650 --> 00:01:17,770 S2: that if and when something does does go kind of sideways, 23 00:01:17,770 --> 00:01:21,010 S2: we can stop that and prevent as much impact as 24 00:01:21,010 --> 00:01:21,490 S2: we can. 25 00:01:23,490 --> 00:01:29,450 S1: Yeah. That's fantastic. Um, so before we jump into the 26 00:01:29,450 --> 00:01:32,250 S1: product more deeply, uh, what types of stuff are you 27 00:01:32,250 --> 00:01:36,850 S1: seeing out there? Like, what types of threats are you seeing? Uh, attacks. Like, 28 00:01:36,850 --> 00:01:39,130 S1: where are the attackers doing currently? 29 00:01:39,250 --> 00:01:41,610 S2: Yeah. So one of the things we're seeing, uh, you know, 30 00:01:41,770 --> 00:01:43,890 S2: not going to be surprising, I think, to your audience, 31 00:01:43,930 --> 00:01:47,170 S2: is a lot of inbound phishing threats that are hitting organizations. 32 00:01:47,170 --> 00:01:49,930 S2: We know that that is a pretty, uh, popular entry 33 00:01:49,930 --> 00:01:53,690 S2: point into a lot of the infrastructure for teams. And 34 00:01:53,690 --> 00:01:56,450 S2: so we see that pretty frequently. But also, you know, 35 00:01:56,490 --> 00:01:58,930 S2: one of the things that is, I think, Underlooked, when 36 00:01:58,930 --> 00:02:01,190 S2: it comes to the cloud office. Is that lateral movement 37 00:02:01,190 --> 00:02:04,630 S2: across the cloud office? Right. So if you think about 38 00:02:04,630 --> 00:02:08,790 S2: the credentials for Google Workspace or M365, it's a pretty 39 00:02:08,790 --> 00:02:12,669 S2: valuable piece of information for the attacker, because for any 40 00:02:12,990 --> 00:02:15,829 S2: employee at an organization, it's the first thing that they 41 00:02:15,830 --> 00:02:17,990 S2: get when they onboard and the last thing that they 42 00:02:17,990 --> 00:02:20,790 S2: have when they off right before they off board. So 43 00:02:20,950 --> 00:02:22,830 S2: that's usually the keys to the kingdom when it comes 44 00:02:22,830 --> 00:02:26,269 S2: to not only other tools, but also within the organization. 45 00:02:26,270 --> 00:02:28,630 S2: So you can move pretty freely once you have access 46 00:02:28,910 --> 00:02:32,709 S2: to somebody's email credentials, to head across the shared drives 47 00:02:32,710 --> 00:02:35,150 S2: and all that sensitive information, which can be pretty damaging 48 00:02:35,150 --> 00:02:37,030 S2: as we've seen with past breaches. 49 00:02:38,150 --> 00:02:40,550 S1: Yeah, so that makes sense. So it's not only access 50 00:02:40,550 --> 00:02:43,790 S1: to email, but like you said, it's Google Docs, it's drives. 51 00:02:43,790 --> 00:02:47,149 S1: It's um, I mean, that's the power of the ecosystem 52 00:02:47,389 --> 00:02:50,390 S1: is that you can move around, right. So that same 53 00:02:50,470 --> 00:02:52,669 S1: same advantage is for the attacker. 54 00:02:52,710 --> 00:02:53,230 S2: Yeah. And it's. 55 00:02:53,230 --> 00:02:53,590 S1: Also. 56 00:02:53,790 --> 00:02:55,910 S2: Sorry I just want to jump in as well. It's interesting. Right. 57 00:02:55,910 --> 00:02:58,590 S2: Because it's such a collaboration tool. It's also a challenge 58 00:02:58,590 --> 00:03:01,160 S2: for security teams. And one of the problems and challenges 59 00:03:01,160 --> 00:03:04,000 S2: we're seeing is trying to not be just the Department 60 00:03:04,000 --> 00:03:07,840 S2: of No, but of facilitating collaboration across security, IT and 61 00:03:07,840 --> 00:03:10,360 S2: their other colleagues. So you can't just shut down email, 62 00:03:10,360 --> 00:03:12,799 S2: you can't just shut down access to drive. You have 63 00:03:12,800 --> 00:03:16,040 S2: to rightsize who gets access to what and when. And 64 00:03:16,040 --> 00:03:17,720 S2: so we have a lot of tools to help support 65 00:03:17,720 --> 00:03:18,839 S2: that for our customers. 66 00:03:20,400 --> 00:03:23,120 S1: Okay. So what does that look like? Is that a 67 00:03:23,120 --> 00:03:26,840 S1: specific product for the Google space or what is that. 68 00:03:26,880 --> 00:03:28,840 S2: Yeah. So it's a capability that comes with our product 69 00:03:28,840 --> 00:03:31,480 S2: out of the box where we're able to enable just 70 00:03:31,480 --> 00:03:35,080 S2: in time access and toufar controls for sensitive documents and 71 00:03:35,120 --> 00:03:37,520 S2: documents that have basically aged out of a grace period. 72 00:03:37,520 --> 00:03:40,200 S2: And so you can say, you know, within two weeks, 73 00:03:40,200 --> 00:03:42,840 S2: let's put a toufar block on anything that has financial 74 00:03:42,840 --> 00:03:45,840 S2: information across the organization or for these subsets of users. 75 00:03:45,840 --> 00:03:49,480 S2: Let's put Toufar behind all historical emails in their inbox. 76 00:03:49,480 --> 00:03:52,600 S2: So if a hacker does get access to their credentials, 77 00:03:52,600 --> 00:03:56,080 S2: they can't just run wild and export data with sensitive information, 78 00:03:56,080 --> 00:04:00,330 S2: proprietary information, things that could lead to real, substantial harm 79 00:04:00,330 --> 00:04:04,490 S2: to an organization either reputationally or from a business impact perspective. 80 00:04:06,490 --> 00:04:11,330 S1: I find this whole concept really, really cool. So so again, 81 00:04:11,330 --> 00:04:13,850 S1: it's not about a sensor. It's not about, oh, I 82 00:04:13,890 --> 00:04:17,810 S1: detected this. Let me make this change. It's like, look, 83 00:04:17,810 --> 00:04:22,690 S1: we have this giant lake or ecosystem of sensitive content 84 00:04:23,450 --> 00:04:27,170 S1: and data, and there are things we could be doing 85 00:04:27,170 --> 00:04:32,570 S1: right now. Like you said, time based that are just 86 00:04:32,610 --> 00:04:37,969 S1: like tweaking the knobs for settings and lockdown and configurations. 87 00:04:38,490 --> 00:04:41,690 S1: So I guess there's if I'm thinking about this from 88 00:04:41,730 --> 00:04:46,010 S1: like a fundamental standpoint, there's like, um, things you have 89 00:04:46,010 --> 00:04:51,929 S1: to lock down. There's identity you could use, there's granular permissions. 90 00:04:52,410 --> 00:04:57,250 S1: And so the product seems to be like just deciding 91 00:04:57,250 --> 00:05:00,230 S1: what ideal might look like or something like that, and 92 00:05:00,230 --> 00:05:03,070 S1: just going in and making those tweaks kind of on 93 00:05:03,070 --> 00:05:04,870 S1: a continuous basis. Is that right? 94 00:05:04,910 --> 00:05:08,309 S2: Yeah, it's on a continuous basis. And it's also contextually aware. Right. 95 00:05:08,310 --> 00:05:10,750 S2: So you have to be able to understand where your 96 00:05:10,750 --> 00:05:13,909 S2: employees are logging in from at an individual level on 97 00:05:13,910 --> 00:05:15,990 S2: the regular, you know, on a regular basis. Because if 98 00:05:15,990 --> 00:05:18,510 S2: I'm logging in from the East coast of the United 99 00:05:18,510 --> 00:05:22,070 S2: States regularly and then you see a login from, you know, 100 00:05:22,110 --> 00:05:25,190 S2: somewhere in Western Europe or around the globe where I'm 101 00:05:25,190 --> 00:05:28,430 S2: not usually that should raise some alarms, right? And you 102 00:05:28,710 --> 00:05:31,470 S2: might have some tools that will kind of flag that, 103 00:05:31,470 --> 00:05:33,990 S2: but that might be in isolation. And same thing with 104 00:05:33,990 --> 00:05:36,750 S2: your DLP tool like oh there are some sensitive searches happening, 105 00:05:36,750 --> 00:05:39,230 S2: but that will happen in isolation. And you really need 106 00:05:39,230 --> 00:05:41,310 S2: a tool that will help connect the dots of saying, 107 00:05:41,550 --> 00:05:44,550 S2: we noticed a login and then we noticed some suspicious activity, 108 00:05:44,550 --> 00:05:47,630 S2: and then we noticed some data exfiltration happening. Or, you know, 109 00:05:47,670 --> 00:05:49,630 S2: for us, the ideal state of what we're building for 110 00:05:49,670 --> 00:05:51,950 S2: is that whole throughput of, you know, if there's a 111 00:05:51,990 --> 00:05:55,070 S2: novel attack happening via the inbox and the email threats 112 00:05:55,070 --> 00:05:58,240 S2: that we're seeing and that, you know, a user might 113 00:05:58,240 --> 00:06:00,360 S2: click through something or go to a login page that 114 00:06:00,360 --> 00:06:02,359 S2: has a credential harvester of knowing that they got a 115 00:06:02,360 --> 00:06:06,160 S2: suspicious email, and then they click through. And then we 116 00:06:06,160 --> 00:06:09,760 S2: saw the suspicious login and then the weird anomalous activity 117 00:06:09,760 --> 00:06:12,680 S2: being able to connect those dots together. Because what I've 118 00:06:12,680 --> 00:06:14,920 S2: seen in my experience is point to do a pretty 119 00:06:14,920 --> 00:06:18,080 S2: good job of picking up those individual data points. But 120 00:06:18,120 --> 00:06:21,160 S2: it's taking a step back and seeing the full mosaic, 121 00:06:21,360 --> 00:06:24,719 S2: so to speak, and having a clear understanding is that's 122 00:06:24,720 --> 00:06:27,040 S2: where there's steam. Teams are still having a lot of 123 00:06:27,040 --> 00:06:29,560 S2: trouble and, you know, doing a lot of work themselves 124 00:06:29,560 --> 00:06:31,200 S2: that they don't necessarily need to. 125 00:06:32,320 --> 00:06:36,440 S1: Okay. So let me rethink then. So so you are 126 00:06:36,440 --> 00:06:41,440 S1: doing some uh, current context analysis of like what's currently 127 00:06:41,440 --> 00:06:44,440 S1: going on. So I guess that is so what are 128 00:06:44,440 --> 00:06:47,239 S1: the sources for that. What are you able to see. 129 00:06:47,240 --> 00:06:51,120 S1: Is that all within like a Google Workspace, the logs 130 00:06:51,120 --> 00:06:53,760 S1: that you're using or is that other. Do you have 131 00:06:53,800 --> 00:06:56,280 S1: other telemetry other signal from other systems? 132 00:06:56,320 --> 00:07:00,730 S2: Yeah. So uh, Google Workspace or Microsoft 365 or certainly 133 00:07:00,770 --> 00:07:02,930 S2: it's a pretty big source of data for us. We 134 00:07:02,930 --> 00:07:07,010 S2: also do in incorporate other third party intelligence tools that 135 00:07:07,010 --> 00:07:10,330 S2: you would expect for a security product. Um, that really 136 00:07:10,330 --> 00:07:12,890 S2: allows us to say, you know, once we see something 137 00:07:12,970 --> 00:07:15,410 S2: suspicious happening, let's put things on lockdown, let's make sure 138 00:07:15,410 --> 00:07:19,090 S2: that things are, are right sized for in terms of access, 139 00:07:19,090 --> 00:07:21,490 S2: or we can revoke access if we notice that there's 140 00:07:21,490 --> 00:07:24,489 S2: an issue that's been raised of a user with a 141 00:07:24,530 --> 00:07:28,210 S2: suspicious login and a file share to a third party 142 00:07:28,210 --> 00:07:30,770 S2: that is, you know, basically unsanctioned. 143 00:07:32,010 --> 00:07:34,770 S1: Okay, so so walk me through like a scenario here. 144 00:07:34,770 --> 00:07:37,690 S1: So I think I think you were giving me an 145 00:07:37,690 --> 00:07:41,610 S1: example earlier. So it's like, um, is it a strange 146 00:07:41,610 --> 00:07:44,410 S1: time of night or a strange geo that the person 147 00:07:44,410 --> 00:07:47,090 S1: logs in with, like what are the various triggers that 148 00:07:47,090 --> 00:07:48,330 S1: could that can get this going? 149 00:07:48,370 --> 00:07:50,610 S2: Yeah, it could be, uh, you know, noticing a pattern 150 00:07:50,650 --> 00:07:53,530 S2: of successive failed logins. So if somebody's trying to brute 151 00:07:53,530 --> 00:07:55,970 S2: force a password and then they finally get in, we 152 00:07:55,970 --> 00:07:59,590 S2: might pop a notification that says, you know, user has 153 00:07:59,630 --> 00:08:02,190 S2: a login from a, you know, after a suspicious or 154 00:08:02,310 --> 00:08:06,030 S2: brute force attempt. Um, and then we saw anomalous search 155 00:08:06,030 --> 00:08:10,150 S2: activity on the drive. And then the administrators can, within 156 00:08:10,150 --> 00:08:12,750 S2: our product, have already set up some automation that will 157 00:08:12,750 --> 00:08:15,830 S2: say revoke external access to that, to those files that 158 00:08:15,830 --> 00:08:19,510 S2: are being shared after that suspicious search. And so you 159 00:08:19,510 --> 00:08:22,670 S2: can automatically with our product say, you know, once you've 160 00:08:22,670 --> 00:08:26,270 S2: seen 1 in 2, go do the third thing automatically 161 00:08:26,270 --> 00:08:28,830 S2: to revoke the access. And therefore the data shouldn't be 162 00:08:28,830 --> 00:08:33,309 S2: leaving the building. Um, for anybody outside of the registered domains. 163 00:08:33,830 --> 00:08:38,069 S1: Okay. So those are pre-set up. So those are preventative. Yep. Uh, 164 00:08:38,110 --> 00:08:41,230 S1: is there anything that's like dynamically happening uh, to like, 165 00:08:41,230 --> 00:08:43,150 S1: dynamically write some of those rules? 166 00:08:43,510 --> 00:08:45,470 S2: Um, so our team is we have a team of 167 00:08:45,470 --> 00:08:48,670 S2: three researchers, and we also use AI. As you know, 168 00:08:48,670 --> 00:08:52,230 S2: a lot of the companies are today, um, to analyze 169 00:08:52,230 --> 00:08:54,310 S2: our rule sets and make sure that we're really being 170 00:08:54,309 --> 00:08:57,640 S2: really precise with, um, the roles that we're writing, but 171 00:08:57,640 --> 00:09:00,720 S2: also our customers can come in and write the custom 172 00:09:00,720 --> 00:09:03,839 S2: rules based off of very specific threats that they're thinking about, 173 00:09:03,840 --> 00:09:07,000 S2: or wanting to be proactive around data sets that isn't 174 00:09:07,040 --> 00:09:11,320 S2: necessarily super sensitive, but important to their organization. You know, 175 00:09:11,360 --> 00:09:13,800 S2: an example that we, you know, we've seen a couple 176 00:09:13,800 --> 00:09:16,480 S2: of times is around some notes for board meetings where 177 00:09:16,720 --> 00:09:19,120 S2: there might not be sensitive information in there, per se, 178 00:09:19,160 --> 00:09:22,480 S2: but you don't want those getting out. And so customers 179 00:09:22,480 --> 00:09:24,760 S2: can set up rules for saying, you know, if it 180 00:09:24,760 --> 00:09:28,560 S2: goes to X, y, z domain or XYZ email address, 181 00:09:28,800 --> 00:09:32,120 S2: you know, let's put that behind the toufar. Um, for 182 00:09:32,120 --> 00:09:34,040 S2: any access for that document. 183 00:09:35,360 --> 00:09:39,480 S1: Yeah, that makes sense. And are there different, um, sets 184 00:09:39,520 --> 00:09:42,360 S1: of templates. So like if there's a particular customer that 185 00:09:42,360 --> 00:09:45,559 S1: comes on, is there like a threat model for that 186 00:09:45,559 --> 00:09:47,960 S1: particular kind of customer where they would want to install 187 00:09:47,960 --> 00:09:50,959 S1: a whole bunch of these preventative things, like all as, 188 00:09:51,000 --> 00:09:52,280 S1: like a group or a cluster? 189 00:09:52,640 --> 00:09:55,120 S2: Um, not today. One of the things we are thinking 190 00:09:55,120 --> 00:09:58,890 S2: about and engaging in conversations with our customers with is 191 00:09:59,090 --> 00:10:01,490 S2: really trying to rightsize what that looks like based off 192 00:10:01,490 --> 00:10:04,010 S2: of the threat plane. Um, so, you know, we work 193 00:10:04,010 --> 00:10:07,010 S2: with financial services companies and we're seeing something, but that's 194 00:10:07,010 --> 00:10:11,089 S2: also fairly similar to healthcare. Um, and so we're starting to, 195 00:10:11,130 --> 00:10:13,970 S2: to group things like that. Um, you know, if it's a, 196 00:10:14,010 --> 00:10:16,929 S2: you know, an upcoming SaaS startup with a small security 197 00:10:16,970 --> 00:10:19,090 S2: team that's a different set of profiling that they want 198 00:10:19,130 --> 00:10:21,570 S2: to do. And so, um, you know, we're starting to, 199 00:10:21,610 --> 00:10:24,170 S2: to work towards that. Um, and that's definitely an evolution 200 00:10:24,170 --> 00:10:25,250 S2: of our product that's coming. 201 00:10:26,690 --> 00:10:31,370 S1: Okay. But when somebody onboards what what all gets turned 202 00:10:31,370 --> 00:10:35,090 S1: on automatically, is it a number of. Yeah. These preventative 203 00:10:35,090 --> 00:10:38,010 S1: controls are already just by default there. Right. 204 00:10:38,050 --> 00:10:41,410 S2: Yeah. So we have, um, you know, in the hundreds 205 00:10:41,410 --> 00:10:44,450 S2: of rules at this point between our email and cloud office. 206 00:10:44,570 --> 00:10:47,370 S2: Um threat suite, um, that are on by default when 207 00:10:47,370 --> 00:10:50,130 S2: somebody signs up for material. So this includes things like 208 00:10:50,130 --> 00:10:52,689 S2: all of our inbound threat email threat detection rules, but 209 00:10:52,690 --> 00:10:56,790 S2: also suspicious file shares. um, you know, alerting to risky 210 00:10:56,790 --> 00:10:59,990 S2: configurations as well inside of the workspace. So, you know, 211 00:11:00,030 --> 00:11:01,790 S2: the way we're thinking about this in terms of an 212 00:11:01,830 --> 00:11:05,150 S2: analogy is something like EDR for the cloud office or, 213 00:11:05,470 --> 00:11:08,230 S2: you know, using an example for, you know, it's been 214 00:11:08,230 --> 00:11:11,150 S2: the headlines over the last week was for Google Workspace. 215 00:11:11,510 --> 00:11:13,270 S2: And so thinking about how do we give that full 216 00:11:13,270 --> 00:11:16,870 S2: visibility and rule set for customers and their teams to 217 00:11:16,910 --> 00:11:19,470 S2: be able to really identify where there's the most risk 218 00:11:19,470 --> 00:11:21,390 S2: and then remediate it out of the box? 219 00:11:22,750 --> 00:11:26,270 S1: Yeah, that makes sense. So it sounds like you're you're 220 00:11:26,270 --> 00:11:30,550 S1: very much focused on this, uh, type of functionality. But 221 00:11:30,550 --> 00:11:32,070 S1: what are some of the attacks that you're seeing in 222 00:11:32,070 --> 00:11:32,750 S1: that space? 223 00:11:33,190 --> 00:11:36,590 S2: Um, yeah. So it's, um, you know, some of the 224 00:11:36,590 --> 00:11:38,750 S2: malicious actors are still, you know, phishing, trying to get 225 00:11:38,750 --> 00:11:42,030 S2: the credentials, but also it's the inadvertent sharing. Um, so 226 00:11:42,030 --> 00:11:44,550 S2: it's not necessarily an attack, but it's risk to the 227 00:11:44,550 --> 00:11:48,790 S2: organization of a lot, you know, employees sharing sensitive documents 228 00:11:48,790 --> 00:11:51,430 S2: to be set to anyone with a link can see 229 00:11:51,429 --> 00:11:54,600 S2: it and just public shares where, you know, data leakage 230 00:11:54,600 --> 00:11:57,040 S2: like that can be pretty damaging for organizations. And so 231 00:11:57,080 --> 00:11:59,400 S2: that's that's an area where we've seen a surprisingly high 232 00:11:59,440 --> 00:12:02,160 S2: number of issues being raised by our product so far 233 00:12:02,200 --> 00:12:05,520 S2: of sensitive documents being shared to the entire world. 234 00:12:06,600 --> 00:12:11,719 S1: Yeah, I love that. I love the fact that it 235 00:12:11,720 --> 00:12:16,760 S1: doesn't have to be like, um, a front page news 236 00:12:16,760 --> 00:12:20,120 S1: article like Sexy Attacker that's doing the damage. It could 237 00:12:20,120 --> 00:12:24,319 S1: be the benign user who just made a mistake. And 238 00:12:24,640 --> 00:12:27,719 S1: because both of those are risks, both of those are 239 00:12:27,720 --> 00:12:29,040 S1: handled via rules, right? 240 00:12:29,080 --> 00:12:30,400 S2: Yep. Exactly. 241 00:12:31,880 --> 00:12:35,800 S1: Yeah. Awesome. What are some other, um, abuse cases? Uh, 242 00:12:35,800 --> 00:12:39,720 S1: not so much attacker based, but, um, like, what are 243 00:12:39,720 --> 00:12:41,920 S1: some of the other pieces that the rules cover? 244 00:12:41,960 --> 00:12:45,120 S2: Yeah. So it's things like, uh, best practice configuration for 245 00:12:45,120 --> 00:12:48,720 S2: the cloud office. So, you know, one example that, um, 246 00:12:49,120 --> 00:12:54,130 S2: I have is organizations that might set group moderation settings 247 00:12:54,130 --> 00:12:58,490 S2: to be able to be interacted with externally. And so 248 00:12:58,490 --> 00:13:00,130 S2: if we think about that, right. So if you have 249 00:13:00,130 --> 00:13:05,090 S2: a group of VIPs, if, if that group is externally visible, 250 00:13:05,090 --> 00:13:08,850 S2: somebody can then just email bomb campaign, their VIP team 251 00:13:08,890 --> 00:13:11,370 S2: or you know, their, their C-suite. And so that is 252 00:13:11,410 --> 00:13:13,890 S2: can be hugely disruptive to businesses. If there's all of 253 00:13:13,890 --> 00:13:17,450 S2: a sudden a DDoS campaign on the inbox because they're, 254 00:13:17,610 --> 00:13:20,250 S2: you know, a group of malicious actors is actually just 255 00:13:20,290 --> 00:13:23,170 S2: spamming the inbox and filling it up. Um, so that's, 256 00:13:23,210 --> 00:13:25,690 S2: you know, that's another thing we've seen quite a few times, actually, 257 00:13:25,690 --> 00:13:29,650 S2: where some moderation settings weren't quite, uh, optimized. And then 258 00:13:29,890 --> 00:13:33,569 S2: from there, their executives, uh, inboxes were just totally filled 259 00:13:33,570 --> 00:13:35,730 S2: up because of a harassment campaign. 260 00:13:37,730 --> 00:13:41,210 S1: Okay, so, so humor me on this. Um, I'm trying 261 00:13:41,210 --> 00:13:43,770 S1: to think of all the different granular controls you could 262 00:13:43,770 --> 00:13:48,090 S1: possibly do. Um, so, so what are some of the 263 00:13:48,490 --> 00:13:51,930 S1: some of the control points you could prompt for MFA 264 00:13:51,929 --> 00:13:57,070 S1: if you see something suspicious. Um, you could remove access via, like, 265 00:13:57,110 --> 00:14:00,390 S1: an ACL type control. You could have, like, a time 266 00:14:00,429 --> 00:14:02,950 S1: based control if, like, something is outside of a certain 267 00:14:02,950 --> 00:14:08,790 S1: time window. Yep. Um, what's another signal? Geo based signal? 268 00:14:08,830 --> 00:14:11,230 S2: Yeah. So based off of IP address where we're seeing 269 00:14:11,230 --> 00:14:14,590 S2: the logins. Um, also who they share with usually versus 270 00:14:14,670 --> 00:14:16,990 S2: who they're sharing with in frequency of shares is something 271 00:14:16,990 --> 00:14:19,350 S2: we're looking at. And so you know, we look for 272 00:14:19,350 --> 00:14:21,710 S2: not only like the anomalous search and activity within the drive, 273 00:14:21,750 --> 00:14:25,229 S2: but are you starting to email folks within your organization 274 00:14:25,230 --> 00:14:27,870 S2: that you don't normally email. Right. So those sort of pattern. 275 00:14:27,910 --> 00:14:28,510 S1: There you go. 276 00:14:28,710 --> 00:14:33,110 S2: Outside of, you know, outside of the normal, um, kind 277 00:14:33,110 --> 00:14:35,590 S2: of I would say, you know, kind of base level 278 00:14:36,510 --> 00:14:39,750 S2: data points of picking up where real anomalies that this 279 00:14:39,750 --> 00:14:42,030 S2: is unusual for a user based off of what we 280 00:14:42,030 --> 00:14:42,910 S2: usually see. 281 00:14:44,150 --> 00:14:47,590 S1: And how about like a classification or a content type. 282 00:14:47,630 --> 00:14:49,350 S1: Are you able to see anything like that? 283 00:14:49,390 --> 00:14:52,920 S2: Yeah. So we classify everything in the drive based off 284 00:14:52,920 --> 00:14:55,040 S2: of the type of information that's there. So we pick 285 00:14:55,080 --> 00:14:59,120 S2: up on things like Social Security numbers, financial information. Customers 286 00:14:59,120 --> 00:15:03,640 S2: can also add additional custom tags for things like proprietary information. 287 00:15:03,960 --> 00:15:06,640 S2: And so you know and that integrates directly with Google 288 00:15:06,640 --> 00:15:09,440 S2: Workspace where, you know, if somebody puts that tag on 289 00:15:09,440 --> 00:15:12,400 S2: a document, we'll obviously pick it up and then some. 290 00:15:12,520 --> 00:15:14,720 S2: The security team can then remediate and protect it as, 291 00:15:14,760 --> 00:15:15,480 S2: as they want. 292 00:15:16,960 --> 00:15:24,480 S1: Okay. And then you mentioned particular drives internally. What what 293 00:15:24,480 --> 00:15:28,320 S1: about threat intelligence on or at least basic threat intelligence 294 00:15:28,320 --> 00:15:32,840 S1: on like oh, it's pastebin. Uh, this very sensitive thing 295 00:15:32,840 --> 00:15:35,760 S1: is being put on pastebin, which everyone knows is like 296 00:15:35,760 --> 00:15:38,000 S1: a dump site. Is that the type of thing you 297 00:15:38,000 --> 00:15:38,920 S1: can get signal from? 298 00:15:38,960 --> 00:15:41,640 S2: Yeah, yeah, we're pulling in, um, you know, things like 299 00:15:41,640 --> 00:15:44,000 S2: that of, you know, have I been owned? Uh, sorts 300 00:15:44,000 --> 00:15:46,040 S2: of websites of being able to pull that Intel for 301 00:15:46,040 --> 00:15:48,920 S2: accounts and other sorts of information. Um, you know, we're 302 00:15:48,920 --> 00:15:54,050 S2: also looking out for, um, Impersonation campaigns on login site 303 00:15:54,090 --> 00:15:57,010 S2: login sites. So, um, you know, taking kind of the 304 00:15:57,010 --> 00:16:02,130 S2: IP and um, other information from customer, an organization profile 305 00:16:02,130 --> 00:16:03,970 S2: and how malicious actors are using it and try and 306 00:16:03,970 --> 00:16:04,890 S2: protect against that. 307 00:16:06,890 --> 00:16:10,650 S1: Yeah, that's really cool. Okay. So you said you have 308 00:16:10,650 --> 00:16:15,770 S1: like hundreds of rules. That's that's the basic, uh, magnitude there. 309 00:16:16,450 --> 00:16:19,730 S1: And that would be these various combinations of these different 310 00:16:19,730 --> 00:16:22,410 S1: signals combined with the different control point. Right. 311 00:16:22,450 --> 00:16:23,410 S2: Yep. Exactly. 312 00:16:23,490 --> 00:16:31,770 S1: Um, interesting. Yeah. Any, um, any other thoughts on, um, 313 00:16:32,090 --> 00:16:36,690 S1: the functionality here or the types of attacks that it's, uh, detecting? 314 00:16:37,210 --> 00:16:40,330 S2: Um, really the thing that I'm excited about that we're 315 00:16:40,330 --> 00:16:42,970 S2: picking up on and helping protect against is really the 316 00:16:43,090 --> 00:16:46,490 S2: lateral movement across the workspace while not getting in the 317 00:16:46,490 --> 00:16:50,210 S2: way of productivity for the organizations. Because, you know, I 318 00:16:50,250 --> 00:16:52,430 S2: you know, I've been in security for a few years now. And, 319 00:16:52,470 --> 00:16:54,350 S2: you know, one of the things that's, um, you know, 320 00:16:54,390 --> 00:16:58,630 S2: really interesting to see is how passionate security professionals are 321 00:16:58,670 --> 00:17:00,910 S2: about trying to stop the threat, but also how afraid 322 00:17:00,910 --> 00:17:03,310 S2: they are of getting in the way of business operations. 323 00:17:03,670 --> 00:17:05,230 S2: And I've seen a little bit of a gun shy 324 00:17:05,270 --> 00:17:07,229 S2: mentality at times of like, hey, should I go do 325 00:17:07,230 --> 00:17:09,869 S2: this remediation? Should I, you know, cut off this box 326 00:17:09,869 --> 00:17:12,470 S2: from the internet? Well, I know that the attacker is there, 327 00:17:12,470 --> 00:17:14,270 S2: so yes, you should. But I also know that this 328 00:17:14,270 --> 00:17:16,870 S2: is a pretty important laptop, right? And so being able 329 00:17:16,869 --> 00:17:19,350 S2: to then connect the dots of this lateral movement. And 330 00:17:19,390 --> 00:17:22,510 S2: now the office where everyone is working, uh, you know, 331 00:17:22,550 --> 00:17:24,710 S2: in the cloud, it's, it's pretty cool to be able 332 00:17:24,710 --> 00:17:26,590 S2: to then say like, hey, we are actually with pretty 333 00:17:26,590 --> 00:17:31,390 S2: high fidelity picking up the suspicious login, the suspicious drive activity, 334 00:17:31,390 --> 00:17:33,350 S2: and then shutting it down in a way that the 335 00:17:33,350 --> 00:17:36,510 S2: user might not even realize how they're being protected at 336 00:17:36,510 --> 00:17:38,030 S2: the end of the day, because we're not kicking them 337 00:17:38,030 --> 00:17:41,669 S2: out of their session immediately. We're protecting the the data first, 338 00:17:41,670 --> 00:17:43,750 S2: and then allowing the security team to then go follow 339 00:17:43,750 --> 00:17:45,149 S2: up and say with the user like, hey, just so 340 00:17:45,150 --> 00:17:47,270 S2: you know, we've been compromised, we're going to shut down, 341 00:17:47,310 --> 00:17:48,990 S2: you know, revoke access to your account for a second. 342 00:17:48,990 --> 00:17:52,119 S2: We'll do a password reset, which we can also support. 343 00:17:52,359 --> 00:17:54,440 S2: And so that's all within the realm of being able 344 00:17:54,440 --> 00:17:58,240 S2: to really work collaboratively, collaboratively with colleagues for security team 345 00:17:58,240 --> 00:18:01,360 S2: versus just coming in and being a disruptive force for 346 00:18:01,359 --> 00:18:02,320 S2: the organization. 347 00:18:03,600 --> 00:18:06,600 S1: Yeah. Interesting. So what does that interaction look like? How 348 00:18:06,640 --> 00:18:11,080 S1: do you let them know or how does that interaction 349 00:18:11,080 --> 00:18:14,720 S1: happen when you feel like you're dealing with something that's 350 00:18:14,720 --> 00:18:18,119 S1: live and like has to be dealt with right now? Um, 351 00:18:18,160 --> 00:18:21,560 S1: so are you, uh, is it a text platform? Is 352 00:18:21,560 --> 00:18:24,200 S1: it an email or like, how are they getting that? 353 00:18:24,240 --> 00:18:27,920 S2: Yeah. So our customers can integrate us into their entire workflow. 354 00:18:27,920 --> 00:18:31,000 S2: So we integrate with tools like Pagerduty, slack. You know, 355 00:18:31,040 --> 00:18:34,200 S2: we integrate with tools like tines. And so any automation 356 00:18:34,200 --> 00:18:36,919 S2: workflow that will then take that signal from us and 357 00:18:36,920 --> 00:18:39,480 S2: you can run with it automatically is something we support. 358 00:18:39,480 --> 00:18:42,080 S2: And so, you know, for security teams, they can sign 359 00:18:42,080 --> 00:18:44,560 S2: up for a slack notification when they get a high 360 00:18:44,600 --> 00:18:47,480 S2: or critical alert from us. And that'll drop into their, 361 00:18:47,520 --> 00:18:49,600 S2: you know, security team channel that they may have configured 362 00:18:49,600 --> 00:18:52,770 S2: for material inside of their workspace, inside of their slack workspace. 363 00:18:53,369 --> 00:18:55,689 S2: And then from there they can, you know, decide to 364 00:18:55,690 --> 00:18:57,850 S2: action it. They can let their automation tool take care 365 00:18:57,850 --> 00:18:59,850 S2: of it, or they can reach out out of band 366 00:18:59,850 --> 00:19:02,410 S2: for their, you know, for their colleagues, of letting them know, like, hey, like, 367 00:19:02,450 --> 00:19:05,250 S2: we know we've protected the document. That's cool. We now 368 00:19:05,250 --> 00:19:07,730 S2: need to reset, you know, the password, and we'll make 369 00:19:07,730 --> 00:19:09,330 S2: sure that you do that in a timely manner. 370 00:19:10,410 --> 00:19:13,290 S1: That makes sense. And when you talk about the lateral 371 00:19:13,290 --> 00:19:17,330 S1: movement piece, give me an example of, um, you talking 372 00:19:17,330 --> 00:19:22,730 S1: about an active attacker doing that or are you talking about. Um, yeah. Exactly. 373 00:19:22,730 --> 00:19:24,290 S1: What do you mean by the lateral movement? 374 00:19:24,330 --> 00:19:26,649 S2: Yeah. So it is an active attacker. So once, you know, 375 00:19:26,690 --> 00:19:30,050 S2: credentials have been, you know, stolen and somebody is able 376 00:19:30,050 --> 00:19:32,570 S2: to log into an organization, you know, that might not 377 00:19:32,570 --> 00:19:35,930 S2: have MFA or they've bypassed MFA. Once we start seeing 378 00:19:35,930 --> 00:19:39,770 S2: that anomalous login or the anomalous search activity, we'll be 379 00:19:39,810 --> 00:19:43,730 S2: able to then shut down the the attack by putting 380 00:19:43,730 --> 00:19:47,410 S2: everything behind the toufar for a customer at that moment. Or, um, 381 00:19:47,450 --> 00:19:49,970 S2: you know, if that's already pre-configured as a general protection, 382 00:19:50,030 --> 00:19:51,310 S2: They don't have to worry about that. 383 00:19:53,270 --> 00:19:56,230 S1: Okay. Yeah that's interesting. So normally they would have been 384 00:19:56,230 --> 00:20:00,670 S1: able to just pull up files from a given share. 385 00:20:01,109 --> 00:20:06,230 S1: But because they did this sensitive activity that looks anomalous, 386 00:20:07,150 --> 00:20:10,390 S1: it doesn't stop them, but it just puts up the 387 00:20:10,390 --> 00:20:13,870 S1: toufar to just guarantee that they're actually who they say 388 00:20:13,869 --> 00:20:14,429 S1: they are. 389 00:20:14,470 --> 00:20:17,149 S2: Yeah, yeah. And customers can also dial this in to 390 00:20:17,190 --> 00:20:19,629 S2: the severity that they wish. So you know, we have 391 00:20:19,630 --> 00:20:22,030 S2: some customers that will say, you know what. As soon 392 00:20:22,030 --> 00:20:24,949 S2: as we see this suspicious login, revoke the session, reset 393 00:20:24,950 --> 00:20:27,790 S2: the password. You know, no matter what's going on with 394 00:20:27,790 --> 00:20:31,429 S2: the okay. But other organizations will say, you know what? 395 00:20:31,470 --> 00:20:34,590 S2: Like what I really care about is the sensitive documents 396 00:20:34,590 --> 00:20:36,630 S2: and not being disruptive to my colleagues. And they have 397 00:20:36,630 --> 00:20:39,910 S2: that configurability within the product where they can really set 398 00:20:39,910 --> 00:20:41,950 S2: their threshold for how much risk they want to take 399 00:20:41,950 --> 00:20:45,070 S2: on or disruption they want to bring to the organization. Because, 400 00:20:45,230 --> 00:20:48,550 S2: you know, past lives, I've seen instances where the security 401 00:20:48,550 --> 00:20:52,080 S2: team has found ransomware on a machine, and it happened 402 00:20:52,080 --> 00:20:53,880 S2: to be for an executive who was about to give 403 00:20:53,880 --> 00:20:57,159 S2: a board presentation. And so, you know, it's one of 404 00:20:57,160 --> 00:20:59,840 S2: those like, situations where you really want to try and 405 00:20:59,840 --> 00:21:02,960 S2: think about how your organization works and rightsize the response. 406 00:21:03,280 --> 00:21:05,239 S2: And we're trying to enable that by picking up the 407 00:21:05,240 --> 00:21:08,800 S2: signal all the way across the spectrum and allowing security 408 00:21:08,800 --> 00:21:11,040 S2: teams to choose when is the right time for them 409 00:21:11,040 --> 00:21:14,359 S2: to respond for specific sorts of threats within the product. 410 00:21:15,480 --> 00:21:20,560 S1: Yeah. And like you said, to adjust the control set 411 00:21:20,560 --> 00:21:24,520 S1: according to the risk appetite for that organization. Right. Um, yeah. 412 00:21:24,520 --> 00:21:27,879 S1: I love the fact that you can switch right into 413 00:21:27,920 --> 00:21:32,600 S1: ATO if, uh, the security team wants to, but if 414 00:21:32,760 --> 00:21:35,960 S1: there's like a culture of like, no, that's too extreme. 415 00:21:36,400 --> 00:21:40,400 S1: And that would make the security team look bad or whatever. 416 00:21:40,760 --> 00:21:45,000 S1: We need a more gentle approach. Let's just prompt for, uh, MFA. 417 00:21:45,040 --> 00:21:47,760 S2: Yeah, exactly. And, you know, one of the up and 418 00:21:47,760 --> 00:21:50,530 S2: coming use cases that I've had some conversation with customers 419 00:21:50,530 --> 00:21:52,610 S2: about that I think is is also pretty interesting, is 420 00:21:52,609 --> 00:21:57,370 S2: around sharing of documents internally and starting to enable tools 421 00:21:57,369 --> 00:22:00,489 S2: like Google's Gemini inside of the workspace. And so if 422 00:22:00,490 --> 00:22:04,090 S2: there is sensitive information inside of a document that is 423 00:22:04,090 --> 00:22:07,370 S2: unknowingly shared to everyone at the organization, that also means 424 00:22:07,369 --> 00:22:09,050 S2: that Gemini can pick up on that. So that could 425 00:22:09,050 --> 00:22:13,210 S2: include things like compensation and other bits of sensitive information 426 00:22:13,210 --> 00:22:16,770 S2: that you might not want somebody to very easily query 427 00:22:16,770 --> 00:22:19,810 S2: inside of Gemini. And so yeah, it may have been 428 00:22:19,810 --> 00:22:21,570 S2: harder to find in the past, but now it becomes 429 00:22:21,609 --> 00:22:23,770 S2: a lot easier to find with gen AI entering into 430 00:22:23,770 --> 00:22:25,530 S2: the workspace a little more proactively. 431 00:22:26,450 --> 00:22:30,250 S1: Okay. And and what is the, um, the signal pickup there? Like, 432 00:22:30,290 --> 00:22:32,970 S1: how are we finding out what they're doing? 433 00:22:33,170 --> 00:22:34,970 S2: Yeah. And so with that, we have a rule where 434 00:22:34,970 --> 00:22:38,090 S2: it is, uh, document has sensitive information and it is 435 00:22:38,090 --> 00:22:39,730 S2: shared with the entire organization. 436 00:22:40,690 --> 00:22:41,050 S1: Okay. 437 00:22:41,130 --> 00:22:43,369 S2: And so, you know, even something like that, a customer 438 00:22:43,369 --> 00:22:46,690 S2: can then say, okay, you know, email the owner letting 439 00:22:46,690 --> 00:22:50,070 S2: them know that they have this pretty over permissive sharing 440 00:22:50,109 --> 00:22:53,070 S2: enabled for this file, and then give them six hours 441 00:22:53,070 --> 00:22:57,070 S2: to remediate it. Otherwise then revoke access and set it 442 00:22:57,070 --> 00:22:57,750 S2: to private. 443 00:22:58,790 --> 00:23:04,790 S1: Okay. Yeah, that makes sense. Um. Anything new coming out soon? Any, uh, 444 00:23:04,790 --> 00:23:06,550 S1: new functionality you're excited about? 445 00:23:06,630 --> 00:23:09,070 S2: Uh, yeah. One of the things we'll be, uh, unveiling 446 00:23:09,070 --> 00:23:12,550 S2: pretty soon is, uh, really more connective tissue across, you know, 447 00:23:12,550 --> 00:23:14,949 S2: and continuing to evolve the threat, uh, and detection and 448 00:23:14,950 --> 00:23:18,510 S2: response capabilities across the attack life cycle. So, um, as 449 00:23:18,550 --> 00:23:21,189 S2: we're building out and maturing the product, we're focusing really 450 00:23:21,190 --> 00:23:23,670 S2: on being able to connect the dots, you know, with 451 00:23:23,710 --> 00:23:26,990 S2: even higher fidelity, more types of, um, use cases. So 452 00:23:27,030 --> 00:23:31,150 S2: from broader DLP to inbound email threats, um, being able 453 00:23:31,150 --> 00:23:33,189 S2: to really say, hey, this really does look like a 454 00:23:33,190 --> 00:23:36,030 S2: problem and we're going to help you remediate it. So 455 00:23:36,310 --> 00:23:39,510 S2: you're not just adding tickets to a queue, but helping, um, 456 00:23:39,510 --> 00:23:41,389 S2: you know, really remediate for folks is something that we're 457 00:23:41,390 --> 00:23:42,630 S2: going to be spending a lot of time on. 458 00:23:43,510 --> 00:23:48,280 S1: Oh, nice. Remediation. So what will that flow look like? Like, 459 00:23:48,320 --> 00:23:51,639 S1: how are you tying deeper into the remediation flow? 460 00:23:51,680 --> 00:23:54,120 S2: Yeah. So that will include things like, um, you know, 461 00:23:54,119 --> 00:23:58,800 S2: individual slack notifications or out-of-band notifications for, for end users 462 00:23:58,800 --> 00:24:02,520 S2: at an organization or things. Um, you know, beyond just 463 00:24:02,520 --> 00:24:04,760 S2: revoking access, but being able to start to pull in 464 00:24:04,800 --> 00:24:09,879 S2: things like integrations with your IDP and starting to disable, um, 465 00:24:10,160 --> 00:24:12,600 S2: access not only within the workspace but beyond it. So 466 00:24:12,600 --> 00:24:15,960 S2: knowing that there has been some compromise of the identity. Um, 467 00:24:15,960 --> 00:24:17,960 S2: and we're seeing a firsthand account of somebody trying to 468 00:24:17,960 --> 00:24:19,879 S2: get across it, being able to validate that, you know, 469 00:24:19,880 --> 00:24:21,720 S2: if your IDP doesn't know about it yet, we will 470 00:24:21,720 --> 00:24:23,399 S2: help enable the remediation there. 471 00:24:24,640 --> 00:24:27,680 S1: Okay. Yeah, I'm really excited about that. So it's basically 472 00:24:27,680 --> 00:24:31,040 S1: getting additional context from other places in the organization to 473 00:24:31,080 --> 00:24:32,680 S1: be able to do the stuff you're already doing. 474 00:24:32,720 --> 00:24:35,560 S2: Yeah. Yeah, because context is everything when it comes to security, right. 475 00:24:35,600 --> 00:24:37,679 S2: Of being able to know not only what's weird and 476 00:24:37,680 --> 00:24:39,639 S2: what's not weird, but like when you should go do 477 00:24:39,640 --> 00:24:42,600 S2: something and when pausing for a moment might be the 478 00:24:42,600 --> 00:24:45,320 S2: right call. Um, you know, I've worked, you know, with 479 00:24:45,320 --> 00:24:48,170 S2: security teams where they've really been trying to be not 480 00:24:48,170 --> 00:24:51,369 S2: only good colleagues, but champions for their security organization and 481 00:24:51,369 --> 00:24:55,130 S2: getting that buy in. And one misstep in a response 482 00:24:55,130 --> 00:24:57,970 S2: action where you have, you know, either the wrong call 483 00:24:57,970 --> 00:25:00,170 S2: or at the wrong time. Um, you know, that really 484 00:25:00,170 --> 00:25:02,210 S2: sets the security team back. So we're trying to partner 485 00:25:02,210 --> 00:25:05,850 S2: with them to make sure that they're rightsizing the remediation, 486 00:25:05,890 --> 00:25:08,690 S2: you know, automatically with as much context as possible. 487 00:25:09,850 --> 00:25:13,810 S1: Nice. Well, awesome. Where can we, uh, learn more about 488 00:25:13,850 --> 00:25:15,090 S1: the the products? 489 00:25:15,130 --> 00:25:17,930 S2: Yeah. You can find us at Materials Security. Um, you'll 490 00:25:17,930 --> 00:25:20,290 S2: see everything that we have to offer there across the 491 00:25:20,330 --> 00:25:21,689 S2: protection for the whole workspace. 492 00:25:23,090 --> 00:25:25,369 S1: Sounds good. Hey, David, are you there? 493 00:25:29,410 --> 00:25:30,410 S3: Yeah. Can you hear me? 494 00:25:30,890 --> 00:25:34,609 S1: Yeah, yeah. Any modules? Um. Any other, um, pieces of 495 00:25:34,609 --> 00:25:36,530 S1: functionality we should, uh, ask about? 496 00:25:37,170 --> 00:25:39,330 S3: No, I don't think so. I think that pretty much 497 00:25:39,330 --> 00:25:42,010 S3: touches on, like, the basic stuff. I mean, we do have, like. 498 00:25:42,010 --> 00:25:44,290 S3: Like I mentioned, the cloud workspace, like, in general, that's 499 00:25:44,290 --> 00:25:49,030 S3: our general vision, um, that we're kind of releasing in a, uh, 500 00:25:49,230 --> 00:25:52,990 S3: I guess two days. Um, so I think he kind 501 00:25:53,030 --> 00:25:55,750 S3: of touched upon it. It's not really necessarily a new release. 502 00:25:55,790 --> 00:25:58,670 S3: Quote unquote. A lot of, like, our real releases have 503 00:25:58,670 --> 00:26:00,550 S3: already happened. So this is just more of like an 504 00:26:00,550 --> 00:26:03,949 S3: announcement kind of stuff that brings it all together, all 505 00:26:03,990 --> 00:26:07,310 S3: these elements. So I don't think there's anything on our 506 00:26:07,310 --> 00:26:10,190 S3: end from a feature perspective that has not been called out, 507 00:26:10,190 --> 00:26:11,189 S3: that should be called out. 508 00:26:11,910 --> 00:26:17,630 S1: Okay. Sounds good. All right, Patrick, I enjoyed the conversation 509 00:26:17,630 --> 00:26:18,629 S1: and thanks for the time. 510 00:26:18,670 --> 00:26:19,830 S2: Yeah, thanks for having me. 511 00:26:20,390 --> 00:26:21,189 S1: All right. Take care. 512 00:26:21,230 --> 00:26:21,590 S2: Bye. 513 00:26:23,190 --> 00:26:27,150 S1: Unsupervised learning is produced on Hindenburg Pro using an Sm7 514 00:26:27,190 --> 00:26:30,830 S1: B microphone. A video version of the podcast is available 515 00:26:30,830 --> 00:26:34,429 S1: on the Unsupervised Learning YouTube channel, and the text version 516 00:26:34,430 --> 00:26:38,390 S1: with full links and notes is available at Daniel Comm 517 00:26:38,550 --> 00:26:41,189 S1: Slash newsletter. We'll see you next time.