Transcripts

This Week in Enterprise Tech Episode 551 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

Lou Maresca (00:00:00):
On this week at Enterprise Tuck, I am flying solo. But we're gonna start with the latest Verizon 2023 data breach report. And our guest is actually gonna jump in and help us navigate some of the challenges organizations are facing There. We have Ron Reer, he's co-founder and c t O of Centra as our guest, and he's a data security expert. And we're gonna go deep into how organizations can secure all types of data, including your dark data. Definitely should miss it. It's quiet on the set.

TWIT Intro (00:00:30):
Podcasts you love from people you trust. This,

Lou Maresca (00:00:43):
This is twt this week at Enterprise Tech, episode 5 51. Record July 7th, 2023. Humans the Problem in it. This episode of this weekend, enterprise Tech is brought to you by discourse. The online home for your community discourse makes it easy to have meaningful conversations and collaborate anytime, anywhere. Visit discourse.org/twit to get one month free on all self-serve plans and by Duo Protect Against Breaches with the leading access management suite, providing strong multi-layered defenses to only allow legitimate users in. For any organization concerned about being breached and in need of a solution, fast Duo quickly enables strong security and improves user productivity. Visit cs.co/twi today for free trial end by Kit Warden. Get the password manager that offers a robust and cost effective solution that drastically increases your chances of staying safe online. Get started with a free trial of a teams or enterprise plan, or get started for free across all devices as an individual user at bit warn.com/twit.

(00:02:00):
Welcome to twy this week in enterprise tech, the show that is dedicated to you, the enterprise professional, the IT pro, and that geek who just wants to know how those walls connected. I'm your host, Louis Mosca, your guide to the big world of the enterprise and what a big and busy world it's been this week. And today we have a special episode of twi. Not only are we gonna focus the entire episode on data security, we're gonna talk about the latest trends in security space, and we're also take you through maybe get some live comments and questions from the audience, both text, audio and discord. And we're gonna take some questions also and comments from irc. So definitely cue them up because we have lots to talk about and we want to get your thoughts. And now, although I'm, I'm running solo here since my co-hosts are busy relaxing on vacation, the rest of the enterprise world has definitely been moving.

(00:02:44):
So we have lots to talk about. We'll start with the latest and greatest Verizon 2023 data re breach report that's been out there. Our guest today will actually jump in and help us navigate some of the challenges organizations are facing there. Now, speaking of our guests, we have Ron Reer, he's co-founder and CTO of Centra here, and he's a data security expert. So that's great. And we're gonna talk about, maybe go, maybe go deep into data security and how organizations can secure all types of data, whether it's, you know, structured data or maybe even that dark data that we've talked about in the last episode. So lots to talk about here. Definitely stick around, make sure you queue up those questions for the bites and the guest segment coming up. But first, like we always do, let's go ahead and jump into this week's news clips.

(00:03:27):
Now let's start our news blips this week with a network appliance vulnerability that you should look out for. Researchers have discovered that a critical vulnerability in firewalls sold by Fortinet is still leaving nearly 336,000 devices exposed to the internet at risk. The reason, I bet you can't guess it, that's right, administrators have failed to install patches released by the company three weeks a ago. Now, why wouldn't you install a patch? Right? Well, the vulnerability known as CVE 20 23 27 9 97 affects FortiGate VPNs, which are included in Fortinets firewalls. And it's a remote code execution flaw caused by a heap overflow bug with a severity rating of 9.8 out of 10, which is serious. Fortinet quietly released updates to address the vulnerability on June 8th. And four days later, they disclosed it, mentioning that it may have been exploited in targeted attacks. The keyword there may have. Now, the US cybersecurity and infrastructure security administration also added to its ca catalog of known exploited vulnerabilities urging federal agencies to patch it by this week.

(00:04:33):
Surprisingly, despite the severity of the vulnerability, the availability of patches, administrations, and administrators out there have been slow to apply them. Are you surprised? Well, according to the security firm, Bishop Fox, out of the 489,337 affected devices exposed to the internet. A staggering 69% of them remained unpatched. In fact, some vulnerable devices were found to be running outdated FortiGate software dating back to 2015. That means they're open to a whole slew of other attacks that are out there as well. To highlight the risk, Bishop Fox has developed a exploit test exploit, right proof of concept that customers for their customer devices. Now, the proof of concept actually exploits, corrupts, it corrupts the heat and injects malicious code in there, connects to an attacker controlled server, and open ups actually opens up an interactive shell giving complete control to the attacker. Now, the entire exploit takes just one second to execute an improvement over the previous version released in June.

(00:05:34):
Now, while there are limited details about how active exploits for this vulnerability out there, Fortinet has worn that threat actors, including the Chinese speaking group known as Volt Typhoon, may be targeting this vulnerability. Fortinet encourages immediate ongoing mitigation through an aggressive patching campaign. Definitely start with patching, keeping software and firmware up to date involves, you know, proactive monitoring sometimes and patching from it and security teams. So get moving. Also, make sure you keep those software licenses up to date as well, because if they're not current, not gonna get those updates. Now this leads me into my next blip, a trend for the week. That's right, regarding a high severity flaw in Cisco's data center switching gear. According to the dark reading, the vulnerability known as CVE 20 23 21 85 was disclosed on July 5th, and it actually affects Cisco appliance centric infrastructure, a c i multi psci multi-site cloud SEC encryption on Nexus 9,000 series fabric switches.

(00:06:34):
That's a mouthful. Now the situation is concerning because Cisco has not yet actually released a patch to address the vulnerability. Instead, they've advised customers currently using the affected encryption feature to disable it and contact their support organization to explore alternate options. This recommendation to unplug the device and find another solution has raised some alarms out there for security and enterprise security teams. I'm not sure telling organizations who have spent a serious number of capital on serious hardware that they should just, you know, not use it well, what do you think? In fact, according to their latest security center posts, there's no workaround to address the vulnerability, but the delay in providing a fix is likely due to the complexity of this vulnerability. A cyber threat senior manager at critical start explained that addressing the vulnerabilities of this nature involved intricate processes, coordination and testing. Now the impact of the vulnerabilities actually pretty significant exploiting the flaw could actually allow threat actors to read, modify encrypted traffic transmitted between sites. An attacker with an OnPath position between ACI sites can actually intercept the encrypted traffic and use crypto analytic techniques to, to actually break the encryption. Now if you aren't familiar with those types of techniques, the things like brute force attack frequency analysis, side channel attacks, in fact, there's rainbow table attacks as well and many more. Now, given the severity of the situation, it's crucial teams follow Cisco's advice and actually disable the affected encryption feature. And unless you want hackers to decrypt all your tra your network traffic, you better do it right now.

(00:08:09):
That brings me to my next blip. Google has made a significant update to its privacy policy and it's shedding some more light on what's going to take them to get ahead in the AI world. According to Tech Spot, a particular section in the Tech Giants privacy policy talks about how they gather information from publicly accessible sources. Now they've actually adjusted this to explicitly state that this information is actually used to train their AI models and develop products like Google Translate Bard and cloud AI capabilities. Now, previously policy only mentioned training language models for Google Translate. So this is actually an expansion which reveals that training is now being done with AI Miles and Bar. That's quite an eye-opening change because it emphasizes that Google's bared AI could actually cap capture and utilize anything you post publicly online. Now let's analyze the implications of the alteration.

(00:09:01):
Now, we've already knew that Google's barred, and even Microsoft's Bing AI acts as a massive data gatherer combining their online content to enhance their knowledge on various subjects. That's what web crawling really is. They, they index the sites and then they analyze it. But this update to Google's policy brings this reality into a sharper focus because prompting some individuals to question the extent of the privacy plagiarism and other concerns that are out there. Now, it's worth noting that Bard has been in operation for quite a bit now. So the fact that Google has just decided to update its policy raises some eyebrows. Now, if you're uncomfortable with your publicly shared data on, or content being online being used to train Google's powerful AI machinery, tough luck. It's fair game once it's out there and challenging Google to the matter won't actually be easy. Now the issue extends beyond privacy concerns to include potential plagiarism when AI generated replies actually incorporate the content written by others from other sites, even your site picked up by Bard's training.

(00:10:01):
Now, policing such practices would almost be impractical, if not impossible, and more of a broader concerns surround accuracy and misinformation when data is actually scraped from web on the web on such massive scales. Now, recent worries expressed by platforms like Reddit and Twitter with Elon Musk even taking a stance against scraping public Twitter data to build AI models, highlight the limitations and frustrations that are actually involved with all this. Now, these limitations could actually end up benefiting people like Zuckerberg and Threads in the long run. They'll put it simply, the whole situation is basically, you know, a minefield and with big tech companies are making significant strides with their language models and data scraping ai. They seem to have focused on outdoing their rivals and establishing themselves as leaders without fully considering the practical qu quant consequences that may actually arise. Well, folks, that does it for, for the news blips this week, but let's go ahead and take a really great sponsor of this weekend Enterprise Tech.

(00:11:01):
And that's discourse the online home for your community. And for over a decade, discourse has made it its mission to make the internet a better place for online communities. Discourse makes it easy to have meaningful conversations and collaborate with your community anytime, anywhere by harnessing the power of discussion, realtime chat, and even ai. Now the question is, would you like to create a community? Well visit discourse.org/twitch right now in order to get one month free on all self-serve plans. Now, trusted by some of the largest companies in the world, discourse is open source. That's right. Powers more than 20,000 online communities. Whether you're starting out or just want to take your community to the next level, there's actually a plan for you no matter what. Listen to the options. You have a basic plan for a private invite only community, a standard plan if you want unlimited members and a public presence or business plan for active customer support community.

(00:11:58):
So, lots of options there. Jonathan, beloved, developer advocacy at Twitch says, discourse is the most amazing thing we've ever used. We have never experienced software so reliable ever. One of the most significant advantages of creating your own community with discourse is that you own your own data. You'll always have access to all of your conversation, history and discourse will never sell your data to advertisers. Discourse gives you everything you need in one place. So make discourse the online home for your community. Visit discourse.org/twit to get one month free on all self-serve plans. That's discourse.org/twit and we thank discourse for their support of this week in enterprise tech. Well, folks, it's time for the bytes. Now I'm gonna jump in. I'm gonna continue the theme of data security, and I wanna take you through a recent report put out there by Verizon. Now the report is released each year and it actually captures some really trendy topics for organizations to focus on.

(00:13:00):
Now, this Venture Beat article actually distills some of the report down to a set of things that people should focus on. Essentially what IT services in the report is that attackers are actually finding new ways to exploit human vulnerabilities, such as stolen credentials, privilege misuse, human error, social engineering, and even business email compromise that's out there. Now the report emphasizes the need for cybersecurity providers to actually enhance their identity, privilege, access, and endpoint security to effectively protect their users and their customers. Now, one key finding is significant rise in pretexting attacks, which have actually doubled in just a year. Tech companies are increasingly targeted with pretexting as part of an orchestrated social engineering set of attacks. And this is where actually threat actors assume a false identity in order to gain access to sensitive information. Now, this tactic is actually aimed at manipulating their victim's goodwill and, and trust as well, often involving, you know, financial assistance.

(00:13:57):
In fact, the median theft amount for those business email compromise scenarios has increased to $50,000. So they make quite a bit outta it. The report also highlights the challenge of insider threats as well, which account for one out of every five breaches, insider attacks are particularly difficult to detect and prevent making them really a nightmare for those CISOs out there. In fact, leading cybersecurity vendors are leveraging AI and machine learning to actually detect and respond to su suspicious network activity and provide real time alerts. Additionally, system intrusion, basic web application attacks and social engineering continue to be a prominent attack strategy that's out there. Basic web applications attacks have increased understory, the need for robust application security and zero trust access solutions. Now, ransomware is also in there as well. It remains a lucrative strategy for attackers, especially industries like financial services. Now, the medium cost per ransomware incident has more than doubled in the past two years to $26,000.

(00:14:59):
Ransomware attacks now account for 62% of all breaches. Now the report emphasizes the importance of prompt response to new threats, and in fact, it exemplified by the log four J vulnerability that's out there. Exploits peaks. Just 17 days after the flaw was discovered, highlighting the need for organizations to actually prioritize patching. We, in fact, we just talked about a story recently at the Fortinet to a scenario. The report also urges organizations to reassess their cybersecurity strategies and consider the evolving nature of attacks. A comprehensive approach that addresses human factors, insider threats, and rapid attack strategies is crucial. Now, building a cybersecurity culture is, you know, it promotes vigilance and also helps resilience, and then it's a constant adaption to essentially in today's threat landscape. Lots of good information that reports, so definitely check it out. But what I would like to do is get your comments, questions about it as well. So I want go ahead and post them in discord or even i g right now. We'll, we'll try to take them plus I wanna see if I can maybe queue up a couple people in the discord stage as well. And I also wanna bring my guest in here as well to get his thoughts on the report. And today we have Ron, Ron Reider, he's co-founder and CT O of Centra. Welcome to the show, Ron.

Ron Reiter (00:16:11):
Thank you. Thank you for having me.

Lou Maresca (00:16:12):
Absolutely. Now, you know, our entire focus of this, this episode is, is data security. And I wanted to start with just a couple questions. Where for you, are you, you, you probably had a chance to hear my summary even read the article. What, what's kind of jumped out at you from this particular report?

Ron Reiter (00:16:28):
I think the most obvious thing that at least relates to data security is the prevalence of ransomware attacks. I think this is something that's here to stay and it's just growing because it's just financially, it makes sense financially for the attackers to use ransomware attacks. And it's, you know, Bitcoin making it very easy for them, for the attackers to, to extort the data to the the, the organizations to pay them back so they can have the data back. And, and it's something that I think just shows how much data is at the center and then the core of, of the, the value of, you know, breaking into an organization, right? So once you, you break in it, as you can see, the number one thing that attackers do is look for the sensitive data or the data that's involves business continuity, right? So that's, that's really the thing that jumped out. The first thing

Lou Maresca (00:17:25):
The, the port actually highlights the grow, like the really, the growing prominence of pretesting attacks. You know, this is where the social engineering attacks, which are essentially doubled. Is this a common threat that you see organizations run into, is just they have gaps in their processes and they're able to be exploited in that, in that way?

Ron Reiter (00:17:46):
Yeah, I, I think in terms of, of, of these human weaknesses, of course it's, it's something that's also growing a lot and it's something that's not really, it, it, this, this type of attack is something that will, is here to stay no matter what, what will happen in the future, right? It's something that's, that the human factor is always the weakest link. So no matter how much we can find data security tools or any insecurity tools to avoid that, then this problem is, is very it's, it's a, it's a problematic problem. But I do think that in the future actually due to things like large language models there might be some new additional novel ways to actually tackle this issue.

Lou Maresca (00:18:30):
Right, right. Yeah, I do wanna, I definitely wanna talk about AI and I mean, I'm sure that we'll talk about that as well in, in the central segment as well, but I did, I think it's interesting, in fact, Gumby mentioned in our chat room the fact that human element is the growth area of these types of attacks. And it's true. In fact, we're there, were talking about a little about the pretexting attacks as well as insider threats. This is essentially a big significant challenge for organizations out there because the fact that you are, we, we like to call them the rogue admin attack or the, the fact that these, you know, people have access to this data and it's really difficult to prevent. Have you, is you, are you seeing ways that organizations are essentially protecting themselves from that type of attack?

Ron Reiter (00:19:11):
Yeah, I think first of all, it's a, it's a big problem, right? Because because of, for example, things like cryptocurrency you can never actually find or disclose the attack or even if it's an insider threat. So this problem will also continue to evolve. So in terms of the, from what I see, and from what I can think of, the only way to actually mitigate insider threats is to have zero trust data security, right? To proper access controls. Figure out where your dark data, shadow data, your sense of data is ex overexposed overprivileged. If you do security, right, and specifically data security, right? Then insider threats become much less of an issue,

Lou Maresca (00:19:55):
Right? Right. Yeah, I think the, you know, it is interesting because, you know, these types of attacks are really hard to, to detect and and obviously there are ways to do this. There's, there's obviously if you're storing data in places that can be audited, where they can be audit trails available for, you know, there, there can be tools that can essentially go out and determine if somebody's accessing something that they haven't access to for a long time, or they're essentially exporting it or downloading it. So there, there are ways to, to help mitigate this and detect this essentially, but it it means that you have to implement these solutions to get there. So that's, that's the hard part. And, and I'm sure that there's, there's other ways to mitigate it as well, but it requires additional ex, you know, experts in additional support.

(00:20:37):
Now, there was, it is interesting to this, this port report also calls out the fact that ransomware is on the rise. Now we know that, that, obviously, you know, we've seen that in fact, it says that 62% of all breaches that are out there are ransomware. What are, what are organizations doing to protect against that? Because that seems to be a combination of a little bit of social engineering, because there, there's, of course, there's business email compromise that's in there. There's obviously exploiting other things that, you know, something on your network and being able to install something, like you were saying maybe getting it onto a machine that they can then go and use as a starting point or as a vector to another machine that they can then go and compromise and then even eventually encrypt. So what the same techniques that are for protecting against the other things, you're also protecting for ransomware as well?

Ron Reiter (00:21:28):
Yeah, I think what organizations do, and we should do more to, to avoid ransomware attacks is, is mostly to effect their data security posture, but also that what does that mean? So it means first of all, making sure that if someone gets your data for the sake of business continuity, you have to make sure that it's backed up, and that's, the attacker isn't able to actually manipulate it or, or delete it in a way that's, that the business continuity is, is affected. But it doesn't completely help the issue, right? Because if ransomware, even if a good cybersecurity expert would be able to make sure that no data is, is deleted, then still you know, ransomware in, in the form of, of data leaks, right? Of people threatening to to leak data is also something that's a huge issue. So, so backing up data is one thing, but it won't really help. The only thing that could actually truly help is to mitigate the, the exposure of sensitive data.

Lou Maresca (00:22:37):
The, the, the report suggests that despite, you know, the increased cybersecurity spending breaches continue to be, you know, coming in at an alarming rate. Now, I want, I want to maybe get your opinion on this. What, what do you think some of the key factors are contributing to that? Maybe the disconnect between investment versus essentially effectiveness? What, what's going on there? <Laugh>?

Ron Reiter (00:23:01):
Yeah, that's a great question. I think, you know, insider threats or, or social engineering attacks go through your whole security budget, right? It doesn't matter how much you put your dollars on infrastructure security. Once that people have access, then, you know, that's one thing you're seeing. I I think, again, with data security and that and cent things my company, right? We realize that and we're trying to change that because putting dollars on infrastructure doesn't really change anything, right? So I think that's why we're seeing this change. And I think there's not much to do other than to really understand how to mitigate the, the, the exposure of data. It, it just doesn't matter. It doesn't matter which firewalls you buy or which application security you you try to put on SaaS security. It's, it's, it all comes down to locking your data up as much as you can.

Lou Maresca (00:23:59):
Makes sense. Now, I'm not sure if this is news, but obviously the report highlights the importance of proactive approaches to cybersecurity. So you're, the fact that you assume breach will help you essentially implement preventative measures. Can you maybe obviously maybe using tools like your company as well, but can you maybe provide some practical steps you've seen for organizations that they can take take to essentially adapt that kind of mindset and maybe even strengthen their cybersecurity defenses that are out there?

Ron Reiter (00:24:30):
Yeah, of course. So the goal to minimize the, the chances of ransomware attacks and data leaks is to protect your sense of data, the crown jewels of your company, right? So the first thing you need to do is to really understand where your sensitive the data is, right? So you have to continuously and automatically discover all of your data. So actually in the cloud, it's, it's feasible. And when you have your on-prem environments, the technology didn't really allow it to do it easily. But nowadays in cloud, you do have the APIs and the technology to actually know exactly where your sensitive data is without even relying on your developers knowing how to do that, right? So, so you, you do need a good tool to do that. Once you have full discovery of sensitive data and automatic classification then you can at least know where your sensitive data is. And then you put on top of that, you put the security context you need to understand if the data is moving somewhere. Is it someone trying to copy it? Is it overprivileged is it is it misconfigured in terms of the data store that's hosting this data, right? Once you understand the security posture of the data, you can basically reduce the chance of it leading.

Lou Maresca (00:25:41):
That's great. That's great advice. Well, I do wanna get more into this, cause obviously we want to talk a little bit about what's going on at your company, et cetera. But before we do, I think that wraps up the bytes. I want to go ahead and think another great sponsor of this week in enterprise tech, and that's duo. Now Duo protects against breaches with a leading access management suite. Now, I personally use Duo Authenticator, which actually some actually have some first class features that others do not have. In fact, strong multi-layer defenses and innovative capabilities only allow legitimate users in and keep those bad actors out. That's right. For any organization concerned about being breached, that needs protection Fast Duo enables strong security while improving user productivity. And a duo prevents unauthorized access with their multi-layered defenses and modern capabilities that stop really sophisticated malicious access attempts.

(00:26:35):
Plus, you can also increase authentication requirements in real time when risks actually arise. Duo enables high productivity only requiring authentication when needed, enabling Swift, easy and secure access. That means DUO helps your user experience as well. That's important. Duo provides an all-in-one solution for strong mfa passwordless single sign-on and trusted endpoint verification DUO also helps your Im, you actually implement Zero Trust principles by verifying users and their devices. Start your free trial and sign up today at cs.co/twit. That's CS co slash tw it, and we thank DUO for their support of this week in enterprise Tech. Well, folks, it's my favorite part of the show. We have to get to bring the guests back in, actually. And that's Ron Ryder, co-founder and CT O of Centra. Now, Ron, our audience is a complete spectrum of industry experience, whether they're entry level or CEOs or CISOs or CTOs, and some of them love to hear people's origin stories, and we didn't get to do that yet. So if you take us through a journey through tech and what brought you to Centra.

Ron Reiter (00:27:50):
Sure. so I, I started in my cyber security journal journey in the Israelis built Intelligence unit 8,000, so you probably might have heard of that. It's basically Israeli nsa. So I was a cybersecurity specialist. I was doing you know, all sorts of cybersecurity there lot of research first engineering you know, all the web stuff that is, you know, very interesting nowadays. And, and, and, and so I've been served my country for four and a half years. It was a great experience. I, I learned a lot. And then, you know, went to, to my to after, after I got dismissed from the Army I finally, I, I found out that I have a lot of friends who started companies and they can teach me how to do the same.

(00:28:40):
And, you know, what, what's their, other than you started as a new company in technology. So, so that's basically what I did. I, I, I was, I, I thought it was a good idea. I felt like I'm, I, I might be good at it. And, and I'm entrepreneur and in in nature, I, I like to build stuff. I, and so I just did it. I, I started a company in 2013 called Crosswise. And we worked for about two years. We both Dev Devi technology that bridges devices that belongs to certain same person, global Ballistically. It used, it was used both for ATech and cyber purposes but it's generally like web technology. And we sold it to a company called Oracle, which you might know. And according to the news, it was for about 50 million.

(00:29:31):
And I joined Oracle for about four years as a director of engineering and then started to invest in startups. So I invested in about 16 startups, mostly in cybersecurity and kind of built my, my network. I was, became a mentor for many entrepreneurs. I think the first and probably the most successful is the company Axon which is quite successful nowadays. They do device asset management. So, so that's kind of, you know, by 2020, I kind of realized that the next thing I should do is probably start another company in cybersecurity using all of my extensive knowledge from, you know, cyber data and startups. So, so that's what I did. And in 2021, which was a great year to start companies actually we raised so, so we basically paired up with a few friends of mine.

(00:30:29):
So y year coin, it was the, one of my friends from the unit, from from the military intelligence so he was the product manager at Datadog. I kind of convinced him to loop. I mean, it, it was, it is a great company, but I told him, listen, I know you're gonna make a lot of money. Datadog, I think you're gonna make more money starting a company with me. So he left Datadog previously at, he was also a product manager at Microsoft secure information and protection, Azure Information Protection and ade along the Microsoft mcas. And then also two other friends of mine. So yo who was the head of the cybersecurity department, and Asaf, who was the head of 8,200 it's about 10,000 people even. It's a huge company unit, right?

(00:31:18):
So they also finished their, her service in the Army, and they also wanted to start a company. So we kind of paired up all four of us and decided that we need to tackle the biggest problem in data and security in the next decade, which is data security. So we started Centro in 2021. We raised 23 million wow. From investors like Bessemer orange Dev, and then we added another 30. So total of 53 million money raised from additional investors such as standard investments V ventures more. And and we are today 50 people. We have about 10 people in the us. The rest are in Israel. And what we build is is called something called A D S P M, data Security Posture Management. Right?

(00:32:14):
so I did mention something that resembles that before. What we do is we do automatic discovery, classification and risk assessment of your sensitive data in the organization completely agentless, completely automatic you know, just connect to the cloud. We do it for infrastructure platform, and now SaaS so we just connect to your IS Pass SaaS. We discover that you automatically understand whether or not it's secure, and we give you recommendations, alerts, and recommendations on how to solve different types of risks. So we solve, yeah, go ahead. Sorry.

Lou Maresca (00:32:53):
Oh, no, I was gonna say, when you, when you say you connect to the, to the cloud, and obviously one of the biggest concerns to most companies is data leakage, data loss, and they have lots of different data storage. Now how, how do you connect to, they have to give you consent and you just go and connect to it and, and, and, and essentially start cataloging. How, how does that work?

Ron Reiter (00:33:11):
Great question. So what we do is we ask the customer to install something like a cloud formation template or Terraform that allows us to access the customer's cloud. Once he does that, of course, he can review the permission that he gives us. Once he does that, we are able to operate our scanning technology into their cloud. The nice thing about a product is that it doesn't take your sensitive data out of the environment, which is very important for two reasons for security and for compliance, right? Right. We are a data security tool. I mean, it's, it makes sense for us not to take your sensitive data out. So we operate the scanning inside the cloud and then that's how we build an automated data catalog by discovering all data, no matter where it, it is, it could be in S3 DynamoDB, for example, but it could also be in managed data stores like rds. It could be in unmanaged data stores running on e ec twos, containers, whatnot. And we will, if it's there, we will fund it.

Lou Maresca (00:34:17):
<Laugh>, no, I, no, I, I'm curious cause you did mention why you started Centra, but I know that there's probably an interesting story there around data breaches. You don't have to get the specifics, but was there, what kind of drove you to, to do this kind of discovery and analytics, essentially side of things?

Ron Reiter (00:34:37):
So it was actually from a personal experience you know, being an entrepreneur, starting my first company crosswise, I learned a lot about the cloud, right? And I also saw how easy it is to copy data and to move data around and to give access to data, right? It's, it's like, it's, it's not like the old, it's

Lou Maresca (00:34:58):
Comical sometimes. Yeah. <laugh>,

Ron Reiter (00:35:00):
Yeah, totally. So, yeah. Yeah. And, and, and then what happened was after after I, you know sold the company to Oracle, I kind of inherited a lot of, a lot of infrastructure that I didn't really know. I, I owned it. And, you know, because in, in acquisitions usually, you know, you, you get the, like, engineering teams of other teams, right? So, so that's what happened. I kind of, I, I actually took over more business that, you know, I originally had. And what happened was that day, this guy Israeli, by the way sends an email saying, listen, we, I found p i I personally information in servers that belong to Oracle. So you know, GDPR basically me tells us that, you know, if that happens, and it means that we can get fined enough for a lot of money up to 44% of the yearly annual income of specifically this company or, right?

(00:36:07):
And, and this kind of triggered a very big, you know, you know, shock, right? It was, and it was kind of something that I, I was supposed to own and I didn't know about, and how could that be, right? Like, I own infrastructure that might have sensitive data of customers. How did that happen? And that kind of trickled the, the, the, the, the thought direction that I, that started central, right? Like, I realized that you know, it doesn't matter how secure your, your infrastructure is. It doesn't matter if, if you have, like, you know, a publicly accessible S3 bucket, for example, you can't say it's, it's not, it's not okay, right? Because sometimes you want publicly accessible DA data on the other hand, I mean, it's solely fine to have sensitive data, right? But the problem is when it's both, right? When the sensitive data is public, so to understand data and to to know if it's an actual risk then you need a special tool.

(00:37:13):
And not only that, if you think about it, a lot of the risk, the, the, the alerts that CISOs are getting nowadays a lot of times don't mean much, don't matter much. Why? Because when you ask the, the five whys, right? You have eventually, the only thing you really want to protect and put your dollars on is the sensitive data, right? Any, anything that could lead you to break into some part of the organization and, and that won't lead to sensitive data being exposed is probably not as bad as as the rest, right? So you want to focus on the 1% that does matter. So we develop this data centric approach where we start from the sensitive data, and then we grow out of it and understand if, how is it secured and where is it going? And for example, if it's going somewhere, then we need to look at that place, right? We don't look at everything and start from, from the top down. We look from, from the data, from the, from the, the crown jewels, from the inside and, and look out. So, so we developed this data centric approach, and we didn't really know what we're going to build at first, but we knew that the biggest problem with data security is to be able to help organizations gain or regain control over their data

Lou Maresca (00:38:35):
Press server. I think that the, the interesting thing I find is the fact that there's some interesting technology happening there. In fact, you said you, you get yourself on the organization's cloud and then you begin cataloging the data. What happens from there? How, how are you actually classifying this in the sensitivity and all offering the remediation steps? What, what's going on there? Is this machine learning? What's, what's, what's actually going on?

Ron Reiter (00:39:01):
So that's of course our core technology, and it's actually pretty complicated. There are three pieces for for this technology, and each one is, is complicated on some. So the first piece is understanding and extracting the data, right? So you look for the data stores and you need to look for anything that might contain data. You need to, for example, connect to it. In a, in the case of an e c two, for example, you have to snapshot it. You have to run a scanner, connect the e c two, understand the data inside. Maybe if it's a database, you have to spin up a database and you have to connect to the data files, then you have to look at the tables, right? So, so the extraction is very complicated. You need to look for the different files or databases that might contain sensitive data.

(00:39:53):
So that's, and we need to do that for all the types of data stores, right? In each and every data store is a new project. Once we do that we do the second part, which is to understand take the data and then turn it into something that is either that's more structured, right? Either it's going to be a table or text. Sometimes that involves ocr, right? You need to take a PDF and turn it into words. Sometimes, you know, it's expel Excel spreadsheets within zip files somewhere on your Google Drive. So you have to take the zip file, extract that, take all the spreadsheets, take each and every portion inside that, and turn that into a table, right? That's the second part. And the third part is the actual classification, right? So, so that's where we, we have two different types of classification technologies.

(00:40:40):
We have entity recognition and we have document classification. So entity recognition means, okay, let's see, is it a person name? Is it an email address? So sometimes that could be very easy. In tabular data it could be very easy you know, names, for example, if you can just, you know, get a set of names and if you find a enough names, you know, it's a first name, but what if it's a just text? So in, in text, we have to use really more complicated machine learning models that have the N l P factor inside, right? So luckily nowadays with open source and things like hugging face, that actually becomes quite an easy problem. From a machine learning perspective, you can, you have free trained language models. You have the large language models that do this specific job of, and identifying sensitive entities and unstructured texts very easy.

(00:41:33):
So, so that's what we use there. And, and so once you do both of these, you, you basically know where all your sensitive data is. So connecting all of them together, you know, gives you the answer. The o other interesting thing that we do is document specification. So we're also able to look at the document in using these models, we're able to understand, for example, if it's a contract, a legal document, if it's tech technical documentation, right? And, and that is great for the business because once you can have more context on what document you're looking at, then you can specify amazing policies, right? You can say contracts cannot be hit put inside this place, right? And, and so that's another capability that we have using the new large language models. So altogether you know, quite complicated, but it does the job and it's we keep maintaining low false positive rates which is our, our goal.

Lou Maresca (00:42:38):
You made it sound, you made it sound easy. Doesn't sound good, <laugh>, I'm sure there's lots of stuff going on behind the scenes, but he made it sound easy. Yeah, yeah. Thanks Ron. Well, you know what we have, we have a ton more to talk about and we have, we have some great questions from our audience as well. So we'll jump into those in just a moment. But before we do, we do have to thank another great sponsor of this week in Enterprise Tech. And of course that is Bit Warden. Bit Warden is the only open source cross-platform password manager that can be used at home, at work, or on the go. And it's trusted by millions. Even our very own Steve Gibson has switched. That's right. With bit worn all of the data in your vault is n n encrypted, not just your password.

(00:43:15):
Protect your data and privacy with bit worn by adding security to your passwords with strong randomly generated passwords for each account. Go further with the username generator as I'll create unique usernames for each account, or even use any of the five integrated email Elliots services. It makes it real easy. Bit worn is open source with all the code available on GitHub for anyone to view it. And this means you don't have to trust the word their word. You can actually see it as complete, secure. Now on the top of being public to the world, bit, Warren has also has professional third party audits performed every year, and the results are also published in their, on their website. This is open source security that you can actually trust Now. Bit Warren has launched and also launched a new bit, Warren's Secrets Manager currently in beta. It's an end-to-end encrypted solution that allows teams of developers to essentially secure, manage and deploy sensitive secrets like API keys and machine credentials.

(00:44:13):
Secrets Manager keeps those sensitive developer secrets out of the source code and eliminates the risk of them being exposed to the public. Now, bit Worn needs developers to help test out the new Secrets manager and provide feedback. So learn more at bit warren.com/secrets beta. That's bit worn.com/secrets one word secrets beta. Now, share private data securely with coworkers. You can across departments or even the entire company with fully customizable and adaptable plans. Bit Warren's Teams organization option is just $3 a month per user, while their enterprise organization plan is just $5 a month per user. Individuals can always use the basic free account for an unlimited number of passwords. You can upgrade any time to the premium account for less than a dollar a month, or bring the whole family with their family organization option to give up to six users premium features for only $3 and 33 cents a month, which I actually use and it's fabulous.

(00:45:12):
At twit, we're fans of Password Managers. Bit Warn is the only open source cross-platform password manager that can be used at home or on the go or at work and is trusted by millions of individuals, teams, and organizations worldwide. Get started with a free trial of a teams or enterprise plan, or get started or free across all devices as an individual user at Bit warn.com/twit. That's bit warden.com/twit. And we thank Bit Warden for their support of this week at Enterprise Tech. Well, folks, we've been talking with Ro Reer. He is co-founder and CTO of Centra. We've talked a lot about data security today. Lots of great questions. Now I do want to go and jump into our Discord channel here, cuz we have a great question from Aunt Pruitt. He was actually fascinated by the fact that you started this company during a pandemic, and he wanted to know what was the pitch to get investors actually hooked.

Ron Reiter (00:46:09):
Oh, that's, that's an inter interesting one. So actually, you know, it, it's okay. It's, it's not the answer that you might hear. I would like to hear what I hear. So I, me, I mean, I started the company with a very high profile people. I mean, also me being a second timer knowing all the cyber ecosystem and, and, you know, going into the, the, the rah raising the money in Israel, as someone who knows a lot and know, knows everyone, it, it's, it's actually that, that's actually the easy part. It was for us 2021 was very, a very easy year to raise money. All the investors were really looking to invest, you know, all the, the, it was before the, the burst of the bubble. And it, it's people really over optimistic on Covid then. They didn't, they, they knew that the world is kind of going to recover.

(00:47:08):
They didn't really see it as a problem once all the markets jumped. And our, the team, our team was very lucrative in terms of the in in investors. We were, there was a lot of other investors who wanted to, to raise money. We actually, I mean, we raised the 23 million seed round, right? It's usually it's, it's about four times than average usually. So, so it was actually quite easy for us. And we didn't even have a presentation. We just wow. Met investors and it's studio. We told them, listen, yeah, we, we, we don't know what we're going to do. We know it's gonna be daily security, but we do not know how or we're going to solve the problem. We just know that we're going to solve it.

Lou Maresca (00:47:53):
That's amazing. It's amazing. Well, do have another question from Gumby. He actually really asked a really good one. It says that hybrid environments seem to be the most likely largest segment as enterprise migrate to the cloud more and more. Is there more risk in hybrids than fully, fully cloud or fully on-prem scenarios for especially with your product?

Ron Reiter (00:48:12):
So start, let's start with what we're only doing cloud and the, the reason that we're not, we're only doing cloud isn't because we don't think hybrid is an issue or, you know, anything about or like that. We just know that to start a company have to be very focused and, and with the cloud you can be very focused because you can solve a very specific problem for a specific type of customer. And in the cloud there are, you know, the actually data security issues, as I said before, much more immense because, you know, data can go anywhere without like you even noticing it, right? It's very, very easy to copy data and move data around. So we knew that they, the problem in, in, in the cloud is, is much more immediate and, and hard to solve than the hybrid environments.

(00:48:59):
So, so we, we just in, just in terms of how to build a company, how to build a go to market, you know, we realize that we just can't deal with hybrid right now, which is also why, you know, some enterprises just say, listen, we're right now, we're not helpful for us to, I'm sorry, but it's okay because that's how we, we have to build a company. I think that moving forward about three to five years from now, Centra will do hybrid environments and we will do it in, in three ways. So we're going to first of all, you know, have some infrastructure running on the internet, try to bring the hybrid environment close to us. Either it's, you know, something on the way to the cloud or, or we're going to extract it out for scanning or whatever. So, so we're going to do that.

(00:49:43):
We're also going to rely on things like AWS outpost or you know, the other alternatives in other clouds hoping that if the cloud native technology goes into the hybrid environments, we can activate our technologies there. And the third, I think eventually we will be, you know, on ongoing adding more and more support of different types of data stores within the on-prem. But again you know, it's, it's, we are a data security company. We, we don't know how things are going to evolve, but what we do know is, you know, we just have had to start from the cloud.

Lou Maresca (00:50:23):
That's interesting. Very interesting. Well, we have, hopefully keep, we'll keep the co coming, the questions coming from our audience, but I do have one more myself. So I'm actually interested in the fact that you said, Hey, you know, Centra provides security teams with data access graphs. So it basically gives us, gives the organization insights into who has access to what. So with specific data, could you maybe elaborate a little bit more on how this feature essentially helps organizations monitor, maybe monitor the data and the controlled data acts effectively there?

Ron Reiter (00:50:53):
Yeah. data is a huge part of what Centro does. And we are actually the only solution that has a very unique graph that allows us to know which entities, users, roles, groups have access by the way, also including within databases has access to which sensitive information. You, it's to do that you have to both analyze the access layers of the cloud and, but also the data, and you have to do both and you have to model the data, right? So, so that's a very hard problem. So we built that, and what our system does is basically it has a bunch of out of the box policies that can basically mitigate issues such as, you know, third party access to sensitive data or data that's access that's probably no longer needed.

(00:51:52):
Overprivileged access to data. So a bunch of different types of policies that just in right away I can tell the ciso if there is an issue with, you know, over privilege or, or any, any type of, of access issue that you should look at, because it allows access to sensitive data. If you basically take care of all your access issues that, you know, we, we commend you to, to do, to to look for, then we can guarantee that your data security posture is increased and there's a higher, the lower chance of a data leak.

Lou Maresca (00:52:28):
Now, you mentioned that obviously Sentra has the capability of, of labeling data assets containing proprietary information or even identifying those weak security postures. How does, how does the Centra platform assist in maybe detecting misconfigurations, maybe compliance violations and maybe other security risks that might not just be like structured in that way?

Ron Reiter (00:52:50):
So so we, we have a bunch of out of the box policies that, and that are basically sorted by compliance frameworks, right? So, so for SOC two, GDPR cpa, we, we have a bunch of of them that can help you understand how compliant are you in terms of data regulations or, or any, any compliance framework that involves data. And so we just understand them very deeply and we know how to deal with them. So that's basically how we do it.

Lou Maresca (00:53:23):
Very cool. Now obviously there's a lot of you know, there's, there's a lot of focus on increasing the speed of data to the cloud. There's obviously a demand for business agility. I know I talked a lot of organizations that are constantly saying, we need to be more agile. How, how does, how does sensor maybe strike a balance there? How do they strike a balance between protecting sensitive data but making sure that we meet that demand of being agile, essentially?

Ron Reiter (00:53:49):
So I, I think, you know, I i, if you look at that's really the core, you know, problem that we're trying to solve. If you look at the, the growth of the world in terms of what the cloud enables you it's immense, right? With, with the cloud, you can connect your data to hundreds of places and move data around and do bi and, and create new ETLs and create new products and, and just, you can do anything with the cloud, but a lot. But that in instantly, you know, if for, for the, the security owner, the data owner, like that really, really isn't a threat, right? So, so the security always wants to reduce and slow down the business because he wants to make sure that everything is going, you know, according to what he wants to, and, and, and that is unacceptable.

(00:54:43):
In the new world, the, the, you know, the cloud pretty much made it clear that, you know, the, the business needs, it goes first, security second. And, and we understood that. We understood that there's a gap there. There's a gap that is growing because the cloud is just showing the world how much you can do with data. And, and that's what we need to help. We need to go to the security people that have to deal with this problem. They cannot stop the business, right? And we need to help them do it without stopping the business, right? So that's how we built the product. We understood that what they need is to see what's going on and make sure that, you know, that's going all well to make sure that they know where all the data is without people a, asking people to tell them where it is, make sure that if there are risks data risks that they are would know about, and they would know how to take care of them, who should take care of them. And, and that's, that's how we built the product. So we're helping the security engineers and the CISOs dealing with the, the fact that data security is going to be a mess without, without something that can actually help you do it.

Lou Maresca (00:55:58):
So I have one more question. I'm just very interested in this because last week. Oliver and I talked about the concept of dark data and the fact that it's a, a huge liability for organizations. So this is data that they collect, maybe unknowingly collect and they keep and they store it. And it, sometimes it's unstructured. Some of there's logs and traces, it's stored all over the place. It could be stored on thumb drives. How can, do you see a solution for that? Is centra a solution for that, or is there, do there have to be other implementations there to essentially allow organizations to really identify and secure that type of data?

Ron Reiter (00:56:30):
Yes, Centra is the perfect solution for dealing with dark, dark data. We call it shadow data, but it's, it's the same thing. So centra also it mitigate many times suppress but shadow data, dark data is really the number one risk that we mitigate. So we do this by understanding, looking for sensitive data, and then we look for patterns for example whether or not it's not, it hasn't been accessed for a while or whether or not it doesn't have retention policy enabled on top of it. So if we see that there's no access for quite a while or you know, no retention and it's very old data and it's sensitive, then we can basically help you understand how you're collecting this dark data and how to make sure to delete it or to understand where it's coming from. So, yeah Centra is perfect for reducing shared data.

Lou Maresca (00:57:26):
I have to, I have to laugh a little bit cuz Oliver and I were discussing, we say, Hey, that's a, that's a multimillion dollar I idea right there. We had a solution to be able to classify identifying secure dark data. So, so I think I think you guys beat us in the punch. Yeah, <laugh>, yeah.

Ron Reiter (00:57:43):
Yeah, happy to help <laugh>.

Lou Maresca (00:57:46):
Appreciate it. Thanks John. Well with with great shows, time flies and we're running outta time. So Rhonda, you so much for being here. Since we're low on time, maybe you can give you the chance to tell the folks at home where they can learn more about Centra, where can they get started, that kind of thing.

Ron Reiter (00:58:02):
Of course just go into our website, Centra do io you know, you can click on contact us if you want to talk to us and you can also get a demo. So yeah, just feel free to go to cent.io and read through all of our website. We even have an interactive demo. Yeah.

Lou Maresca (00:58:21):
Cool. Very cool. Thanks again for being here, Ryan. We really appreciate.

Ron Reiter (00:58:26):
Thank you for having me.

Lou Maresca (00:58:27):
Take care. Well folks, you have done it again, you've sat through another hour, the best thing enterprise and IT podcast in the universe. So definitely tune your podcaster twy. I want to thank everyone who makes this show show possible and I wanna first start with you. That's why you, the person who drops in each and every week to watch and to listen to our show, to get your enterprise. Goodness. I wanna make it easy for you to watch and listen and catch up on your enterprise in IT news. So go to our show page right now, that's twit tv slash twy. I'll wait. There you go. They'll find all the amazing back episodes, the show notes, the co-host information, of course, the guest information of the show, and of course the links of the stories that we do during the show. But more importantly there you'll get those helpful subscribe downloads right next to the videos there.

(00:59:09):
Support the show by getting your audio version or your video version of your choice. Listen on any one of your devices or any one of your podcast applications cuz we're on all of them and I want you to subscribe and support the show. Plus, you may have also heard we also have Club Twit. That's right, it's a members only ad free podcast service. It's ad free with a bonus TWIT plus feed you can't get anywhere else. And it's only $7 a month. And not only is it ad free, but you also get some, a lot of other great things with Club Twit and that's also exclusive access to the members only Discord server, which in fact, we got some nice questions in in the chat in the, in the Discord channel this, this week. There's lots of other channels, not just the show channels, but there's, there's, you can chat with hosts and producers.

(00:59:50):
There's separate discussion channels plus there's also special events. Lots of fun stuff about an had a great interview last week. You definitely need to, to listen to if you're part of the Club twit. So definitely check that out. Lots of great stuff. Join Club Twit and be part of the movement. Go to TWIT tv slash club twit. Of course. Club Twit also offers corporate group plans as well where it's a really great way to give your entire team access to our ad-Free Tech podcast. And the plans start with five members at a discounted rate of just $6 each per month. And you can add as many seats as you like after that. And it's really a great way for your IT departments, your sales teams, your developers, your tech teams to stay up to date with access to all of our podcasts. That's right ad free.

(01:00:30):
And just like regular memberships, they can join the TWIT Discord server and get the TWIT plus bonus fee as well. Plus there's also family plans as well. Another great plan. It's $12 a month and you get two seats with that and $6 each for each additional seat. And it's a great way to get, it's just the same advantages of the single plan. So you get lots of options there. Lots of opportunities to join cl so definitely do that at twit TV slash club twit. Now, after you've subscribed, definitely impress your friends, your family members, and your coworkers with the gift of TW because we talk about some fun tech topics on the show and I guarantee they will find it fun and interesting as well. So definitely share it with them. And if you've already subscribed, you know what we do This show live at 1:30 PM Pacific Time.

(01:01:14):
That's right, we're doing it live right now. You can go to live dot twit tv and you can choose from whatever stream you want on there. You can come see how the pizzas made, all the behind the scenes, all the banter that we do before and after the show. You can even ask questions live. If you're gonna wanna ask questions, you can either jump into the Discord server as well as, or you can jump into our I IRC channel. That's right, we have an IRC channel twit live on the IRC dot twit TV website. So go to that, right? Right now you can join the TWIT live channel automatically. We love the chat room. There's lots of great characters in there each and every week and they continue to kind of keep us on our toes and give us good show titles and questions and comments.

(01:01:49):
Definitely jump in there as well. IRC twit tv. Now I want you to also hit me up. Questions, comments, I'm on, I'm on Twitter slash m there and I post all my enterprise tidbits. Of course I'm on Mastodon lu twit Do social. I'm also on pretty much everything LinkedIn, check me out on there. Louis Mosca, please hit me up there. I have lots of grace conversations on LinkedIn, so direct message me there as well. And if you wanna know what I do during my normal work week, you can always check out developers.microsoft.com/office. There. We post all the latest and raised ways for you to customize your office solution. And of course, if you have Microsoft 365 open up Excel right now, there's a new automate tab. Check that automate tab out. You can record our macro, you can edit the TypeScript and JavaScript right there and you can run it on Power Automate behind the scenes.

(01:02:37):
You run it across platforms on the desktop or in the cloud. So it's a lot of, a lot of fun. Check it out. I definitely, I guarantee you'll find it more productive for you. I want to thank everyone who do makes this show possible, especially to Leo and to Lisa. They continue to support these weekend enterprise tech each and every week and we can do the show without them. So thank you for all their support. I wanna thank all the engineers and staff at twit, of course, thank you to Mr. Brian Chee. He's not only normally our co-host, but he's also our Titleist producer as well. He does all the bookings and the plannings for the show and we really couldn't do this show without him. So thank you. I also wanna thank Anthony Ation.

(01:03:13):
He's, he's, yeah, he's on, he's a vacation, so we don't need to get Yeah, he does need a vacation <laugh>. So I also wanna thank Victor and Anthony today as well because they helped me set up all the live stuff and I appreciate that. So thank you guys for all your help there. And of course Mr. Victor's also our technical director today. So thank you Victor, for all your help as well. Problem to do the show that you. So thank you man. Appreciate it. Well, until next time, I'm Louis Moka, just reminding you, if you wanna know what's going on in the enterprise, just keep TWIET

All Transcripts posts