WEBVTT - Security, Bookmarked: Finance (Sponsored Content)

0:00:02.240 --> 0:00:04.680
<v Speaker 1>We can go back to a quote from the Depression

0:00:04.680 --> 0:00:08.319
<v Speaker 1>era bank robber Willie Sutton. He had this infamous quote

0:00:08.360 --> 0:00:10.600
<v Speaker 1>that said, like, I rob banks because that's where the

0:00:10.600 --> 0:00:11.080
<v Speaker 1>money is.

0:00:11.920 --> 0:00:15.080
<v Speaker 2>Old fashioned bank heights aren't so common today, but modern

0:00:15.080 --> 0:00:18.919
<v Speaker 2>financial institutions protect more than just money, and finance is

0:00:19.000 --> 0:00:22.040
<v Speaker 2>consistently in the top three most targeted industries when it

0:00:22.040 --> 0:00:23.120
<v Speaker 2>comes to cyber attacks.

0:00:23.520 --> 0:00:27.560
<v Speaker 1>There's accounts, but there's also a lot of strategic information

0:00:27.760 --> 0:00:32.640
<v Speaker 1>with regards to transactions and the likes, and that's what

0:00:32.800 --> 0:00:36.560
<v Speaker 1>continues to make financial institutions a target for this.

0:00:37.120 --> 0:00:38.320
<v Speaker 2>That's JF Lego.

0:00:38.720 --> 0:00:42.320
<v Speaker 1>I'm w chief Information Security Officer at JP Morgan Chase.

0:00:42.920 --> 0:00:45.959
<v Speaker 2>As a leader of cybersecurity operations for the bank and

0:00:45.960 --> 0:00:49.680
<v Speaker 2>its clients, JF thinks constantly about every opportunity that an

0:00:49.720 --> 0:00:54.320
<v Speaker 2>attacker could exploit, from software bugs to natural disasters.

0:00:53.960 --> 0:00:57.520
<v Speaker 1>Whether the scenario will be a technology outage, whether it

0:00:57.600 --> 0:01:00.520
<v Speaker 1>be whether a threat actor could use that as a lure.

0:01:00.960 --> 0:01:05.440
<v Speaker 1>We've actually seen, you know, like fake donation sites. When

0:01:05.480 --> 0:01:08.640
<v Speaker 1>there's a natural disaster right where people are looking to

0:01:08.800 --> 0:01:13.280
<v Speaker 1>donate to earthquake relief for hurricane relief, the.

0:01:13.200 --> 0:01:16.000
<v Speaker 2>Bad guys are there and by setting up fake disaster

0:01:16.080 --> 0:01:19.399
<v Speaker 2>relief websites, the bad guys can harvest any credentials that

0:01:19.440 --> 0:01:22.800
<v Speaker 2>come with those well meaning donations. This is just one

0:01:22.800 --> 0:01:25.960
<v Speaker 2>scenario and a bigger trend that JF seeing where cyber

0:01:26.000 --> 0:01:28.479
<v Speaker 2>attackers set traps to compromise team accounts.

0:01:28.880 --> 0:01:32.800
<v Speaker 1>We're seeing more and more threat actors using you know,

0:01:32.880 --> 0:01:38.480
<v Speaker 1>search engine optimization to present fake websites. When somebody's doing

0:01:38.760 --> 0:01:42.080
<v Speaker 1>an online search, the website will come up at the

0:01:42.080 --> 0:01:44.640
<v Speaker 1>top versus a legitimate when they're looking for and then

0:01:44.680 --> 0:01:48.559
<v Speaker 1>they get the ability to deliver malicious software. So that's

0:01:48.640 --> 0:01:52.440
<v Speaker 1>like a really interesting trend that people should think about.

0:01:52.880 --> 0:01:55.680
<v Speaker 1>You know, we'll use to train people to look for

0:01:55.720 --> 0:02:00.720
<v Speaker 1>phishing based on like grammar and urgency and things like that.

0:02:00.080 --> 0:02:01.560
<v Speaker 1>That's changing.

0:02:02.480 --> 0:02:05.640
<v Speaker 2>Fishing and browser based attacks are evolving to catch us

0:02:05.640 --> 0:02:09.360
<v Speaker 2>where we spend our money, our attention, and our working hours,

0:02:09.600 --> 0:02:12.920
<v Speaker 2>and as work itself happens more consistently in web browsers.

0:02:13.160 --> 0:02:16.320
<v Speaker 2>JF sees the role of a cybersecurity leader evolving too.

0:02:16.760 --> 0:02:18.760
<v Speaker 1>I've been doing this for like twenty five years now.

0:02:19.200 --> 0:02:22.480
<v Speaker 1>That overall evolution, and we used to call it computer security.

0:02:22.560 --> 0:02:26.079
<v Speaker 1>Network security was very infrastructure focused, and then there was

0:02:26.120 --> 0:02:31.400
<v Speaker 1>an evolution to information security. You know, when I look

0:02:31.400 --> 0:02:34.120
<v Speaker 1>at the role today, a lot of it and most

0:02:34.120 --> 0:02:36.200
<v Speaker 1>of it is really how do you secure a business?

0:02:36.560 --> 0:02:41.720
<v Speaker 1>And I think that's where strong cybersecurity leaders are evolving towards,

0:02:41.840 --> 0:02:43.800
<v Speaker 1>is like how do you interface with your business? How

0:02:43.840 --> 0:02:48.280
<v Speaker 1>do you understand the practices? There's an evolution in a

0:02:48.400 --> 0:02:53.000
<v Speaker 1>variety of technologies that help bad guys sell. You also

0:02:53.160 --> 0:02:57.880
<v Speaker 1>need to adapt based on the evolution of just the world.

0:03:02.680 --> 0:03:07.560
<v Speaker 2>From Bloomberg Media Studios and Chrome Enterprise, this is Security Bookmarked.

0:03:11.400 --> 0:03:14.840
<v Speaker 2>I'm your host, Kate Fazzini. I've been a cybersecurity professional

0:03:14.880 --> 0:03:17.720
<v Speaker 2>and journalist for over twenty years, and on this podcast,

0:03:17.800 --> 0:03:22.040
<v Speaker 2>I'm talking with leaders in gaming, finance, and manufacturing about

0:03:22.080 --> 0:03:24.960
<v Speaker 2>what security looks like in a workplace that's moved to

0:03:25.000 --> 0:03:28.640
<v Speaker 2>the cloud. Much of what we think of as cybersecurity

0:03:28.760 --> 0:03:32.680
<v Speaker 2>was pioneered in financial services. In fact, a bank created

0:03:32.720 --> 0:03:35.520
<v Speaker 2>the first CISO rule, and banks invented many of the

0:03:35.560 --> 0:03:38.320
<v Speaker 2>guidelines that are now standard across a range of industries.

0:03:39.440 --> 0:03:42.680
<v Speaker 2>According to the IMF, around twenty percent of all reported

0:03:42.720 --> 0:03:45.720
<v Speaker 2>cyber incidents in the past twenty years have affected the

0:03:45.760 --> 0:03:49.640
<v Speaker 2>global financial sector. So today I'm speaking with JF about

0:03:49.640 --> 0:03:52.640
<v Speaker 2>what he's learned as a leader of cybersecurity and finance.

0:03:53.080 --> 0:03:58.000
<v Speaker 1>Really, my role is twofold. One is to represent cybersecurity

0:03:58.200 --> 0:04:02.120
<v Speaker 1>in the lines of businesses, but it's also to hear

0:04:02.600 --> 0:04:07.000
<v Speaker 1>where they're heading towards from a business strategy standpoint.

0:04:06.520 --> 0:04:08.600
<v Speaker 2>And I'll find out why he's flipping the script on

0:04:08.720 --> 0:04:13.120
<v Speaker 2>enterprise security from simply defending the perimeter to transforming whole

0:04:13.160 --> 0:04:17.040
<v Speaker 2>teams into early detection networks. Then I'll chat with David Adrian,

0:04:17.240 --> 0:04:20.799
<v Speaker 2>security product manager for Chrome, about how businesses can implement

0:04:20.839 --> 0:04:23.440
<v Speaker 2>this kind of strategy and set up a strong monitoring

0:04:23.480 --> 0:04:30.880
<v Speaker 2>system to protect their teams. Going back to the trend

0:04:30.880 --> 0:04:34.880
<v Speaker 2>of cyber attackers using fake websites as phishing lures, JF

0:04:34.880 --> 0:04:37.000
<v Speaker 2>talked me through each step of their attack path.

0:04:37.480 --> 0:04:39.440
<v Speaker 1>A lot of it starts with the endpoint. It starts

0:04:39.560 --> 0:04:45.680
<v Speaker 1>via email or web browsing. Credential theft continues to be

0:04:46.240 --> 0:04:50.040
<v Speaker 1>a driver of this and phishing phishing from two standpoints,

0:04:50.080 --> 0:04:54.240
<v Speaker 1>either the credential theft that I mentioned, but also delivery

0:04:54.279 --> 0:04:58.440
<v Speaker 1>of malwer via those channels is normally step one. What

0:04:58.520 --> 0:05:02.000
<v Speaker 1>we continue to see in terms of exploitation is things

0:05:02.080 --> 0:05:07.560
<v Speaker 1>like you know, not having multi factor authentication on remote access,

0:05:07.560 --> 0:05:11.200
<v Speaker 1>on remote log in, or an element of like push fatigue.

0:05:11.240 --> 0:05:15.240
<v Speaker 1>There are multi factor authentication solutions that send a pop

0:05:15.360 --> 0:05:18.120
<v Speaker 1>up and then people just end up hitting the yes

0:05:18.320 --> 0:05:21.240
<v Speaker 1>button somehow because they're just tired of seeing it.

0:05:21.480 --> 0:05:24.440
<v Speaker 2>But tricking someone into signing into a website is just

0:05:24.520 --> 0:05:25.680
<v Speaker 2>the first step, and.

0:05:25.680 --> 0:05:29.400
<v Speaker 1>I think what's important for organizations is that there's multiple

0:05:29.480 --> 0:05:31.960
<v Speaker 1>steps that are carried out by an actor. I think

0:05:32.120 --> 0:05:37.599
<v Speaker 1>understanding these attack paths of how actors operate and carry

0:05:37.640 --> 0:05:44.440
<v Speaker 1>out their activity is hugely important because the more you understand,

0:05:44.480 --> 0:05:47.840
<v Speaker 1>the more you can design layered control. So what if

0:05:47.880 --> 0:05:52.160
<v Speaker 1>an actor is able to obtain credentials, Well, those credentials,

0:05:52.240 --> 0:05:55.960
<v Speaker 1>if you've got multi factor, they won't work right. They

0:05:56.000 --> 0:05:57.640
<v Speaker 1>might get them part of the way, but they won't

0:05:57.680 --> 0:06:01.800
<v Speaker 1>get them logged in. Let's say they're able to get

0:06:01.839 --> 0:06:04.599
<v Speaker 1>logged in. Well, actors are going to start carrying out

0:06:04.640 --> 0:06:07.760
<v Speaker 1>some element of reconnaissance on the network. So how would

0:06:07.800 --> 0:06:10.800
<v Speaker 1>you detect that reconnaissance or how would you detect them

0:06:11.200 --> 0:06:14.600
<v Speaker 1>setting up a foothold on the network. So it's really

0:06:14.640 --> 0:06:20.200
<v Speaker 1>about as early detection as possible and understanding those early

0:06:20.360 --> 0:06:23.719
<v Speaker 1>indicators of an adversary being present on the network.

0:06:24.720 --> 0:06:26.560
<v Speaker 2>One of the biggest threats that JF and I talked

0:06:26.560 --> 0:06:30.479
<v Speaker 2>about was an ongoing rise in ransomware attacks, where attackers

0:06:30.480 --> 0:06:34.880
<v Speaker 2>don't go directly after a bank's money or even its data. Instead,

0:06:35.040 --> 0:06:38.320
<v Speaker 2>they try to paralyze the bank itself, which can have

0:06:38.440 --> 0:06:41.039
<v Speaker 2>serious consequences for the greater business world.

0:06:41.520 --> 0:06:47.520
<v Speaker 1>The financial services ecosystem interfaces with utilities, infrastructure, all of

0:06:47.560 --> 0:06:51.480
<v Speaker 1>the clearing and settlement, payment providers, the third parties that

0:06:51.560 --> 0:06:53.200
<v Speaker 1>we rely on day to day.

0:06:53.480 --> 0:06:58.200
<v Speaker 2>And protecting that entire ecosystem at a global scale that's daunting.

0:06:58.880 --> 0:07:01.120
<v Speaker 2>So I asked Ji of how to secure a high

0:07:01.120 --> 0:07:03.520
<v Speaker 2>stakes perimeter that goes way beyond the bank.

0:07:03.600 --> 0:07:03.840
<v Speaker 3>Fauld.

0:07:04.360 --> 0:07:07.560
<v Speaker 1>What's made this so interesting for bad guys is when

0:07:07.600 --> 0:07:11.840
<v Speaker 1>you look at organizations that are historically stored sensitive information

0:07:11.920 --> 0:07:16.320
<v Speaker 1>or process sensitive information, they have been highly regulated, they've

0:07:16.320 --> 0:07:19.000
<v Speaker 1>had a lot of focus in terms of building up

0:07:19.040 --> 0:07:25.440
<v Speaker 1>security controls. But by focusing on the disruption the availability

0:07:25.480 --> 0:07:30.280
<v Speaker 1>aspect right like, ransomware, operators are now able to target

0:07:30.440 --> 0:07:35.240
<v Speaker 1>a variety of organizations that don't store transactional information, that

0:07:35.360 --> 0:07:40.560
<v Speaker 1>don't store personally identifiable information, and that causes broader disruption

0:07:40.720 --> 0:07:43.680
<v Speaker 1>and I think that's why we take our role incredibly

0:07:43.720 --> 0:07:47.280
<v Speaker 1>seriously in securing the broader financial ecosystem.

0:07:47.440 --> 0:07:49.640
<v Speaker 2>That is a great answer because I think to the

0:07:49.680 --> 0:07:53.360
<v Speaker 2>consumer or the banker who needs availability, it kind of

0:07:53.360 --> 0:07:57.200
<v Speaker 2>doesn't matter if it's down because of ransomware or a hurricane.

0:07:57.400 --> 0:07:59.000
<v Speaker 2>It's just wait, is it coming back up? And what

0:07:59.480 --> 0:07:59.960
<v Speaker 2>is the alternate?

0:08:00.480 --> 0:08:03.400
<v Speaker 1>Yeah, and I still remember back in my early days,

0:08:04.000 --> 0:08:06.560
<v Speaker 1>we had one vendor that had a data center in

0:08:06.720 --> 0:08:09.720
<v Speaker 1>Florida and another women in California. So you basically have

0:08:09.800 --> 0:08:13.080
<v Speaker 1>a data center in hurricane territory and you have another

0:08:13.120 --> 0:08:17.360
<v Speaker 1>one in earthquake territory. And you might go like, why

0:08:17.440 --> 0:08:19.720
<v Speaker 1>is this part of your role to think like site

0:08:19.760 --> 0:08:23.960
<v Speaker 1>resiliency strategy with clients, Well, our clients operate in a

0:08:24.000 --> 0:08:26.440
<v Speaker 1>bunch of different industries and if they can't move money

0:08:27.040 --> 0:08:29.560
<v Speaker 1>because people can't go into the office and they can't

0:08:29.640 --> 0:08:33.360
<v Speaker 1>work from home, that has a direct impact on their

0:08:33.440 --> 0:08:36.319
<v Speaker 1>day to day operations if they can't move money. And

0:08:36.360 --> 0:08:39.360
<v Speaker 1>I think that's why ransomware has had such an impact

0:08:39.440 --> 0:08:45.520
<v Speaker 1>because it attacks confidentiality, and integrity and availability, so actually

0:08:45.640 --> 0:08:50.160
<v Speaker 1>three elements of the CIA triad, and that causes broader

0:08:50.200 --> 0:08:54.880
<v Speaker 1>disruption and I think that also gains more focus because

0:08:55.040 --> 0:08:58.320
<v Speaker 1>organizations are actually stricten as a result of these attacks.

0:08:58.520 --> 0:09:01.920
<v Speaker 2>You know, businesses are always online now, especially after COVID,

0:09:02.040 --> 0:09:04.720
<v Speaker 2>lots of people working remotely having to be on at

0:09:04.720 --> 0:09:07.600
<v Speaker 2>all times. Customers expect you to be available at all times.

0:09:08.040 --> 0:09:12.520
<v Speaker 2>Another source of constant surprises, I imagine is the third parties

0:09:12.600 --> 0:09:15.760
<v Speaker 2>that you had to work with, and the hundreds and thousands,

0:09:15.840 --> 0:09:20.000
<v Speaker 2>maybe hundreds of thousands. So how do you manage resilience

0:09:20.080 --> 0:09:23.600
<v Speaker 2>when there are all of these other factors in the

0:09:23.640 --> 0:09:26.520
<v Speaker 2>form of vendors and other companies that you're hinging your

0:09:26.520 --> 0:09:30.040
<v Speaker 2>operations on. How do you deal with that in terms

0:09:30.040 --> 0:09:30.679
<v Speaker 2>of resilience.

0:09:31.640 --> 0:09:35.120
<v Speaker 1>You know, you mentioned the pandemic. The pandemic was a

0:09:35.200 --> 0:09:39.800
<v Speaker 1>vector for adversaries. Everybody was after information for the pandemic, right,

0:09:39.840 --> 0:09:43.800
<v Speaker 1>so it became a very interesting lure for bad guys

0:09:43.800 --> 0:09:46.800
<v Speaker 1>to send like phishing emails, set up fake websites, So

0:09:46.840 --> 0:09:49.760
<v Speaker 1>it became like a lure for social engineering. And then

0:09:49.920 --> 0:09:53.560
<v Speaker 1>companies shifted very very quickly to work from home, and

0:09:53.640 --> 0:09:58.400
<v Speaker 1>by doing so, they may have exposed infrastructure that may

0:09:58.440 --> 0:10:02.040
<v Speaker 1>not has been as secure as it should to be

0:10:02.160 --> 0:10:06.360
<v Speaker 1>exposed to the Internet and that gave threat actors a

0:10:06.400 --> 0:10:11.880
<v Speaker 1>path into some organizations, but it also affected business practices.

0:10:12.640 --> 0:10:15.760
<v Speaker 1>There were organizations that were ready for it, that had

0:10:15.760 --> 0:10:19.960
<v Speaker 1>been working their resiliency plans for years for pandemics. The

0:10:20.040 --> 0:10:24.160
<v Speaker 1>financial services sector is one of those areas where it's

0:10:24.200 --> 0:10:28.320
<v Speaker 1>basically part of our DNA to build out strong resiliency

0:10:28.320 --> 0:10:32.720
<v Speaker 1>and recovery mechanisms. And our role is to work with

0:10:32.800 --> 0:10:35.560
<v Speaker 1>our business to rethink some of the controls and get

0:10:35.760 --> 0:10:39.439
<v Speaker 1>the message out, the awareness message out to our clients.

0:10:40.080 --> 0:10:43.520
<v Speaker 1>And it gets really interesting when you start to break

0:10:43.600 --> 0:10:49.200
<v Speaker 1>down resiliency and recovery for organizations as a result of

0:10:49.960 --> 0:10:52.320
<v Speaker 1>things like a ransomware event.

0:10:52.920 --> 0:10:56.080
<v Speaker 2>Then I am also thinking of vulnerability management, which we

0:10:56.200 --> 0:10:59.400
<v Speaker 2>kind of never it's not very fun to talk about.

0:11:00.080 --> 0:11:04.120
<v Speaker 1>I think vulnerable management foundational to everything, right.

0:11:04.280 --> 0:11:06.960
<v Speaker 2>The patching, the kind of day to day You know,

0:11:07.000 --> 0:11:09.720
<v Speaker 2>there's a lot of talk about alert fatigue, but you

0:11:09.800 --> 0:11:11.840
<v Speaker 2>have people who need to access the web, who are

0:11:11.880 --> 0:11:14.440
<v Speaker 2>on their browsers from wherever they are all the time.

0:11:14.520 --> 0:11:18.080
<v Speaker 2>How do you deal with web browser security? What is

0:11:18.120 --> 0:11:21.160
<v Speaker 2>sort of the best practices today versus what they were

0:11:21.200 --> 0:11:22.000
<v Speaker 2>when you first started.

0:11:22.760 --> 0:11:25.240
<v Speaker 1>That's a great question. I get the point around alert

0:11:25.280 --> 0:11:29.640
<v Speaker 1>fatigue and volumes. But it's really about thinking through the

0:11:29.800 --> 0:11:33.120
<v Speaker 1>entire life cycle of that attack. So going back to like,

0:11:33.160 --> 0:11:37.240
<v Speaker 1>how do you drive awareness for employees not to click

0:11:37.280 --> 0:11:41.559
<v Speaker 1>on links. If they do click, how are you filtering

0:11:42.400 --> 0:11:45.920
<v Speaker 1>the sites that they're going to that could be malicious.

0:11:46.320 --> 0:11:53.840
<v Speaker 1>Interestingly enough, most systems that assist in like categorization of

0:11:53.920 --> 0:12:01.400
<v Speaker 1>websites have a functionality that blocks. Uncategorized websites mean websites

0:12:01.440 --> 0:12:05.760
<v Speaker 1>that are too new to have a category associate with them,

0:12:06.080 --> 0:12:09.600
<v Speaker 1>and oftentimes these are the ones that the threat actors

0:12:09.600 --> 0:12:13.200
<v Speaker 1>have just recently set up to look like a legitimate

0:12:13.240 --> 0:12:17.680
<v Speaker 1>website that you know somebody will click on, and you

0:12:17.760 --> 0:12:23.440
<v Speaker 1>can actually see a significant reduction of that browsing risk

0:12:23.520 --> 0:12:27.320
<v Speaker 1>if you're eliminating websites that are too new, that have

0:12:27.520 --> 0:12:31.079
<v Speaker 1>just been stood up, that have like a certificate mismatch

0:12:31.200 --> 0:12:32.000
<v Speaker 1>and things like that.

0:12:32.440 --> 0:12:35.640
<v Speaker 2>When you think about enterprise security and finance, and especially

0:12:35.679 --> 0:12:38.520
<v Speaker 2>about protecting teams, what are the most critical threats that

0:12:38.520 --> 0:12:39.520
<v Speaker 2>you're watching out for.

0:12:40.080 --> 0:12:43.320
<v Speaker 1>I think there's two aspects to this. We often talk

0:12:43.400 --> 0:12:47.079
<v Speaker 1>about how do we protect the workforce, but it's also

0:12:47.200 --> 0:12:50.439
<v Speaker 1>like how do we use our workforce? As the first

0:12:50.640 --> 0:12:55.520
<v Speaker 1>indicator of an attack or of targeting. So you know,

0:12:55.720 --> 0:12:58.640
<v Speaker 1>one of the things that's like hugely important is how

0:12:58.679 --> 0:13:03.439
<v Speaker 1>do you mine the reports that you're getting from end

0:13:03.559 --> 0:13:09.520
<v Speaker 1>users around cyber issues or targeting. We test our employees

0:13:09.600 --> 0:13:13.679
<v Speaker 1>for phishing on a quarterly basis. The first thing we

0:13:13.679 --> 0:13:17.319
<v Speaker 1>were doing was we were measuring click rates and then

0:13:17.520 --> 0:13:20.920
<v Speaker 1>we thought to ourselves, well, let's start measuring the reporting

0:13:21.040 --> 0:13:25.120
<v Speaker 1>rate because what we want to know is if somebody

0:13:25.240 --> 0:13:27.400
<v Speaker 1>is going to get this, are they going to forward

0:13:27.440 --> 0:13:30.600
<v Speaker 1>it to us? But then it was also measuring the

0:13:30.640 --> 0:13:37.520
<v Speaker 1>forward rate, meaning people's reaction often with a phishing email

0:13:37.600 --> 0:13:39.600
<v Speaker 1>is they send it to their colleagues and they go,

0:13:39.720 --> 0:13:44.760
<v Speaker 1>is this legit? So they're actually amplifying the adversaries reach

0:13:44.960 --> 0:13:47.520
<v Speaker 1>by forwarding it to a bunch of people who may

0:13:47.600 --> 0:13:51.080
<v Speaker 1>click on it who would have never gotten it. So

0:13:51.280 --> 0:13:56.040
<v Speaker 1>it's really how do you think through the awareness for

0:13:56.160 --> 0:14:00.000
<v Speaker 1>people with the most common types of attacks, But also

0:14:00.000 --> 0:14:04.480
<v Speaker 1>so how do you turn your entire workforce into early

0:14:04.600 --> 0:14:08.960
<v Speaker 1>detection sensors where they're reporting what they're seeing to the

0:14:09.000 --> 0:14:14.280
<v Speaker 1>cybersecurity organization so they can promptly take action on it.

0:14:14.800 --> 0:14:18.360
<v Speaker 1>And that is a game changer in the early stages

0:14:18.400 --> 0:14:21.800
<v Speaker 1>of an attack because people will notice, hey, there's something

0:14:21.880 --> 0:14:26.800
<v Speaker 1>wrong here. I have never seen this happen before. It

0:14:26.880 --> 0:14:30.880
<v Speaker 1>might be a glitch, but it also might be a

0:14:30.920 --> 0:14:35.520
<v Speaker 1>bad guy, a threat actor that's doing something that's absolutely

0:14:36.040 --> 0:14:41.480
<v Speaker 1>unexpected that just revealed their presence on the network. Organizations

0:14:41.520 --> 0:14:46.920
<v Speaker 1>need to be ready and continuously adapting to the threat landscape.

0:14:49.080 --> 0:14:52.400
<v Speaker 2>Jf's strategy called out the importance of monitoring for potential

0:14:52.440 --> 0:14:55.840
<v Speaker 2>threats and risky activities, but when monitoring means catching a

0:14:55.840 --> 0:14:59.560
<v Speaker 2>fake disaster relief website leaders need to recognize how opening

0:14:59.560 --> 0:15:02.160
<v Speaker 2>a browser for work shapes people's behavior.

0:15:02.600 --> 0:15:05.840
<v Speaker 3>Security certainly isn't top of mind for most users. Most

0:15:05.840 --> 0:15:08.080
<v Speaker 3>of the time, they're trying to get their work done,

0:15:08.160 --> 0:15:10.680
<v Speaker 3>and they're probably also trying to get their life done.

0:15:10.880 --> 0:15:13.840
<v Speaker 2>That's David Adrian, security product manager for Chrome.

0:15:14.400 --> 0:15:17.120
<v Speaker 3>For most people, browsing the Internet may not seem like

0:15:17.160 --> 0:15:19.840
<v Speaker 3>a big deal, But if you're an administrator for a

0:15:19.880 --> 0:15:22.960
<v Speaker 3>bank or other organizations that have a lot of customer data,

0:15:23.080 --> 0:15:25.400
<v Speaker 3>then keeping your employees safe on the web should be

0:15:25.440 --> 0:15:26.480
<v Speaker 3>even more top of mind.

0:15:26.880 --> 0:15:29.360
<v Speaker 2>He told me how he would approach protecting teams from

0:15:29.440 --> 0:15:32.000
<v Speaker 2>cyber attacks that take advantage of search.

0:15:32.280 --> 0:15:36.840
<v Speaker 3>Chrome runs a feature called safe Browsing, which attempts to

0:15:36.880 --> 0:15:39.840
<v Speaker 3>warn on sites that are known to be fishing, sites

0:15:39.880 --> 0:15:42.720
<v Speaker 3>known to be malware, and it doesn't reveal what sites

0:15:42.720 --> 0:15:45.560
<v Speaker 3>that you're visiting. You can opt into a version of

0:15:45.600 --> 0:15:47.680
<v Speaker 3>it called Enhance Safe Browsing, which is able to do

0:15:47.720 --> 0:15:50.400
<v Speaker 3>the checks in real time by sending them back to

0:15:50.440 --> 0:15:53.200
<v Speaker 3>the safe browsing server. That could be a good sort

0:15:53.240 --> 0:15:56.760
<v Speaker 3>of trade off to make if you want additional protection

0:15:56.960 --> 0:16:01.040
<v Speaker 3>against malware and against phishing, regardless of they're being fished

0:16:01.040 --> 0:16:03.480
<v Speaker 3>at work or fished at home on their work device.

0:16:03.600 --> 0:16:06.480
<v Speaker 3>And in fact, safe browsing is like such a popular

0:16:06.520 --> 0:16:09.960
<v Speaker 3>feature that it's also an open API leveraged by some

0:16:10.000 --> 0:16:10.680
<v Speaker 3>other browsers.

0:16:11.000 --> 0:16:15.240
<v Speaker 2>So of course you're dealing with data on these vulnerabilities

0:16:15.280 --> 0:16:18.280
<v Speaker 2>that is at the scale of Google, So you have

0:16:18.440 --> 0:16:22.760
<v Speaker 2>access to a great deal of very relevant data about vulnerabilities.

0:16:23.160 --> 0:16:26.160
<v Speaker 2>And not only that, but what of those vulnerabilities can

0:16:26.520 --> 0:16:28.240
<v Speaker 2>actually lead to a problem.

0:16:28.560 --> 0:16:32.880
<v Speaker 3>Absolutely. Yeah, Google is crawling the web every day for

0:16:32.960 --> 0:16:35.280
<v Speaker 3>its search engine, and as part of that, it's also

0:16:35.320 --> 0:16:38.000
<v Speaker 3>seeing malware, and that sort of same crawling is powering

0:16:38.040 --> 0:16:41.640
<v Speaker 3>safe browsing, and safe browsing is something that you just

0:16:41.680 --> 0:16:43.760
<v Speaker 3>get out of the box with Chrome, among other end

0:16:43.840 --> 0:16:46.840
<v Speaker 3>user features like site isolation, then we have other features

0:16:46.880 --> 0:16:50.240
<v Speaker 3>that are built with enterprises and businesses in mind. For example,

0:16:50.520 --> 0:16:53.240
<v Speaker 3>with Chrome enter Price Premium, you can implement filters based

0:16:53.280 --> 0:16:55.800
<v Speaker 3>on website categories that you've defined, and you can get

0:16:55.800 --> 0:16:58.560
<v Speaker 3>reporting that shows how your teams are handling those filters. So,

0:16:58.600 --> 0:17:01.320
<v Speaker 3>for example, our people get fatigued by their alerts and

0:17:01.320 --> 0:17:05.240
<v Speaker 3>clicking through regardless. Having that kind of information means teams

0:17:05.240 --> 0:17:08.199
<v Speaker 3>can get visibility into what's happening in their fleet and

0:17:08.240 --> 0:17:10.120
<v Speaker 3>they can take action based on their findings.

0:17:10.480 --> 0:17:13.520
<v Speaker 2>This is great because one of the big intractable long

0:17:13.560 --> 0:17:17.600
<v Speaker 2>time problems in cybersecurity is just a lack of visibility

0:17:17.720 --> 0:17:21.800
<v Speaker 2>into process and how things are working in the web,

0:17:21.800 --> 0:17:25.120
<v Speaker 2>apps and web browsers, which is realistically how people are

0:17:25.119 --> 0:17:28.440
<v Speaker 2>actually working today in the modern office workspace.

0:17:28.720 --> 0:17:31.080
<v Speaker 3>Absolutely, And like the old way of looking at this

0:17:31.119 --> 0:17:33.120
<v Speaker 3>would just be what programs did you launch? And it'd

0:17:33.119 --> 0:17:35.000
<v Speaker 3>be like, oh, well you launched a web browser and

0:17:35.040 --> 0:17:37.399
<v Speaker 3>it's like okay, well what does that mean? Right? You

0:17:37.400 --> 0:17:39.240
<v Speaker 3>could have done anything inside of that now, So you

0:17:39.240 --> 0:17:41.119
<v Speaker 3>need to know what's happening inside.

0:17:40.760 --> 0:17:43.440
<v Speaker 2>Yeah, and thinking about where the work is actually happening right,

0:17:43.520 --> 0:17:46.760
<v Speaker 2>because too often, I think in security we've gotten used

0:17:46.800 --> 0:17:49.200
<v Speaker 2>to looking at the people in a certain way. They're

0:17:49.240 --> 0:17:52.480
<v Speaker 2>just people making mistakes, people forwarding emails, people clicking on

0:17:52.560 --> 0:17:55.280
<v Speaker 2>dangerous links. We look at people and see them as

0:17:55.320 --> 0:17:57.639
<v Speaker 2>weak points. But so we could be treating every one

0:17:57.720 --> 0:18:00.560
<v Speaker 2>of those people as a point of defense. What do

0:18:00.680 --> 0:18:03.600
<v Speaker 2>you think about this growing emphasis on resiliency and managing

0:18:03.640 --> 0:18:06.640
<v Speaker 2>threats and what is the role of teams in creating

0:18:06.640 --> 0:18:07.400
<v Speaker 2>that resiliency.

0:18:07.760 --> 0:18:11.040
<v Speaker 3>Yeah, I think this idea of cybersecurity resilience is becoming

0:18:11.280 --> 0:18:14.600
<v Speaker 3>more and more popular, especially in the financial services sector

0:18:14.600 --> 0:18:17.359
<v Speaker 3>where the stakes are really high. Breaches are going to happen,

0:18:17.440 --> 0:18:19.960
<v Speaker 3>and mitigating and responding to them should be something that

0:18:20.000 --> 0:18:24.040
<v Speaker 3>takes five minutes, not five days or five years. I

0:18:24.080 --> 0:18:27.800
<v Speaker 3>talked last time about how strong an identity is really important.

0:18:27.840 --> 0:18:30.880
<v Speaker 3>Once you have strong identity, you can start doing access

0:18:30.920 --> 0:18:33.919
<v Speaker 3>controls and authorization and limiting who has access to what

0:18:34.080 --> 0:18:37.000
<v Speaker 3>instead of everyone having access to everything. The more that

0:18:37.040 --> 0:18:39.119
<v Speaker 3>you can do that, and then you conpair that with

0:18:39.240 --> 0:18:44.200
<v Speaker 3>audit logs. Audit logs are the key to any security monitoring.

0:18:44.560 --> 0:18:47.919
<v Speaker 2>Yes, and whenever you compare different pieces of information that

0:18:47.960 --> 0:18:51.200
<v Speaker 2>you have vulnerabilities. With audit logs, for instance, you start

0:18:51.240 --> 0:18:55.120
<v Speaker 2>to get that matrixed view which allows you to take

0:18:55.160 --> 0:18:56.840
<v Speaker 2>action in a much more meaningful way.

0:18:57.800 --> 0:19:01.879
<v Speaker 3>What you want is that people regular day to day

0:19:02.160 --> 0:19:05.640
<v Speaker 3>web browsing is instrumented and understood as a baseline, so

0:19:05.680 --> 0:19:09.719
<v Speaker 3>that when something anomalist happens, it's detected as being anomalists.

0:19:09.760 --> 0:19:12.719
<v Speaker 3>You can't have an anomaly without a baseline. Ideally, you

0:19:12.760 --> 0:19:17.000
<v Speaker 3>want that detection to happen automatically, whether that's just because

0:19:17.280 --> 0:19:21.040
<v Speaker 3>you've it's something very simple like blocking a copy paste

0:19:21.080 --> 0:19:23.680
<v Speaker 3>from your CRM and it's some sort of public document,

0:19:24.359 --> 0:19:27.840
<v Speaker 3>or it's something more complicated about detecting a download from

0:19:27.880 --> 0:19:30.440
<v Speaker 3>a site that normally doesn't have a download. And then

0:19:30.560 --> 0:19:33.920
<v Speaker 3>where Chrominer price premium can really help is identifying the

0:19:34.560 --> 0:19:38.719
<v Speaker 3>non standard usage, is the anomalies and remediating those. You

0:19:38.760 --> 0:19:41.399
<v Speaker 3>can get an audit log of all of the events

0:19:41.440 --> 0:19:44.200
<v Speaker 3>that are happening in Chrome, all of the user interactions

0:19:44.560 --> 0:19:48.560
<v Speaker 3>and so on, and that is exposed through the cloud,

0:19:48.880 --> 0:19:52.840
<v Speaker 3>either directly to you via APIs, or it can integrate

0:19:53.119 --> 0:19:56.480
<v Speaker 3>with a sort of third party sim provider and hook

0:19:56.520 --> 0:19:59.360
<v Speaker 3>into your security team's workflow to look for anything out

0:19:59.359 --> 0:20:02.960
<v Speaker 3>of the ordinary, whether that's through integrating with data loss

0:20:02.960 --> 0:20:07.400
<v Speaker 3>prevention or just more specific rule sets on hey, this

0:20:07.440 --> 0:20:10.159
<v Speaker 3>thing looks different than normal. And then in that world,

0:20:10.440 --> 0:20:12.919
<v Speaker 3>you're not relying on the users to always make the

0:20:12.960 --> 0:20:16.280
<v Speaker 3>right decision, but you're trying to detect when the users

0:20:16.480 --> 0:20:18.840
<v Speaker 3>haven't made the right decision or are doing something weird.

0:20:18.960 --> 0:20:20.600
<v Speaker 3>And then if you've paired that with all of the

0:20:20.640 --> 0:20:25.159
<v Speaker 3>other best practices, then hopefully your time to mitigation is

0:20:25.280 --> 0:20:27.440
<v Speaker 3>very fast and it's actually a very low impact event

0:20:27.480 --> 0:20:28.639
<v Speaker 3>if something bad did happen.

0:20:29.200 --> 0:20:32.320
<v Speaker 2>Yeah, I know, we have so many amazing technology solutions now,

0:20:32.359 --> 0:20:35.679
<v Speaker 2>but it also reminds me of how difficult it can

0:20:35.720 --> 0:20:38.920
<v Speaker 2>be for a security team to implement the new technologies

0:20:38.960 --> 0:20:41.520
<v Speaker 2>that they want to have. And that's where again we

0:20:41.600 --> 0:20:44.080
<v Speaker 2>go back to the people involved. You really have to

0:20:44.119 --> 0:20:47.639
<v Speaker 2>have strong leadership who are listening in to their security

0:20:47.640 --> 0:20:50.200
<v Speaker 2>teams and their experts and able to make the right

0:20:50.240 --> 0:20:54.000
<v Speaker 2>decisions for the company in terms of what kind of

0:20:54.200 --> 0:20:56.680
<v Speaker 2>security measures are going to work the best for them

0:20:56.800 --> 0:20:58.680
<v Speaker 2>and the level of visibility that they want.

0:20:59.000 --> 0:21:04.800
<v Speaker 3>Absolutely, I think that's this move to management becoming something

0:21:04.840 --> 0:21:09.560
<v Speaker 3>that the security team or whoever is responsible for security,

0:21:09.720 --> 0:21:12.119
<v Speaker 3>that the management of the web browser or of a

0:21:12.160 --> 0:21:15.399
<v Speaker 3>phone or of the device is actually a security product,

0:21:15.560 --> 0:21:18.199
<v Speaker 3>like rather than just an IT product, because all of

0:21:18.680 --> 0:21:22.960
<v Speaker 3>sort of modern security operations is about identifying who's logging

0:21:23.040 --> 0:21:25.880
<v Speaker 3>in a web browser and securing that web browser, whether

0:21:26.000 --> 0:21:28.440
<v Speaker 3>that browser is on a laptop, that browser is on

0:21:28.480 --> 0:21:31.120
<v Speaker 3>a phone, it's on a company owned phone, or it's

0:21:31.119 --> 0:21:34.919
<v Speaker 3>on a personal phone. It's ensuring that whatever device the

0:21:35.000 --> 0:21:37.240
<v Speaker 3>user is going to, some browser signing it on has

0:21:37.280 --> 0:21:40.440
<v Speaker 3>some minimum security posture. You've strongly authenticated them, you can

0:21:40.480 --> 0:21:42.920
<v Speaker 3>wipe data if you need to. And all of these

0:21:42.920 --> 0:21:46.400
<v Speaker 3>things might have previously been something that you'd just been like, oh,

0:21:46.400 --> 0:21:48.639
<v Speaker 3>that's something that just it has to deal with for

0:21:48.680 --> 0:21:51.440
<v Speaker 3>IT related reasons, and it's like, you know, actually, these

0:21:51.440 --> 0:21:55.879
<v Speaker 3>problems are really deeply central to the security story of

0:21:55.920 --> 0:21:57.120
<v Speaker 3>a modern workplace as well.

0:21:59.280 --> 0:22:02.400
<v Speaker 2>To learn more about how the most trusted enterprise browser

0:22:02.440 --> 0:22:06.480
<v Speaker 2>can help protect your organization, visit Chrome Enterprise dot Google.

0:22:09.040 --> 0:22:12.000
<v Speaker 2>Next time, on security Bookmarks, i'll talk to Curtis Minder,

0:22:12.160 --> 0:22:16.120
<v Speaker 2>a renowned ransomware negotiator, about the security challenges he's tackled.

0:22:16.320 --> 0:22:17.800
<v Speaker 2>In the manufacturing industry.

0:22:18.200 --> 0:22:20.520
<v Speaker 4>We have been the manufacturer of this particular product for

0:22:20.520 --> 0:22:23.600
<v Speaker 4>almost one hundred years, and the way that we manufacture

0:22:23.600 --> 0:22:25.800
<v Speaker 4>this product and the materials we use to manufacture this

0:22:25.880 --> 0:22:29.639
<v Speaker 4>product are our trade secret. I am concerned that that

0:22:29.800 --> 0:22:32.520
<v Speaker 4>information has left the building, and I won't know about

0:22:32.520 --> 0:22:36.000
<v Speaker 4>that risk for some time until a competitor of mine

0:22:36.040 --> 0:22:38.400
<v Speaker 4>makes the exact same product in five years from now

0:22:38.760 --> 0:22:39.960
<v Speaker 4>and puts me out of business.

0:22:40.480 --> 0:22:43.919
<v Speaker 2>Security Bookmarked is a podcast from Bloomberg Media Studios and

0:22:44.000 --> 0:22:47.560
<v Speaker 2>Chrome Enterprise. Subscribing your podcast app so you don't miss

0:22:47.600 --> 0:22:51.119
<v Speaker 2>our newest episode. I'm Kate Fazzini. Thanks for listening.