Tip:
Highlight text to annotate it
X
How do hackers exploit vulnerabilities?
Every system has the ability to be managed remotely
and controlled remotely. Now, what hackers do is they take advantage
of bad settings or simply settings that have been ignored
in order to work their way in and collect information
or data from your organization or about your organization.
The way that they do this
is by either exploiting the user directly through something
like an email
"click here" to do whatever like you'll "save something" that actually runs a back
end piece of code that takes advantage of that users permissions
in order to gain access to your system.
Good hackers typically do this invisibly
so that you really cannot tell that they're there, so
you get an email that says" click here" and
it takes you to what looks like a legitimate site but what it's actually
done in the background is deployed a script or some piece of code
that is designed to open a hole for that hacker to get more information
out of your network or to steal data from
either that employee or from other systems on your network.
The way that our system operates is under an environment that's called
authorize only
so instead of having large communication holes where
pretty much any kind of traffic can transit between a user or an application
and the rest of the network we have very stringent requirements that
detect whether or not the application has been modified,
that detect whether or not the application is allowed to communicate to
a particular other device
so if you open Internet Explorer and you attempt to talk to a database it's
simply not going to be allowed.
What this allows us to do is lock the environment down
and harden and respond to any kind of circumstances
where an application or a user is attempting to do something that is not
explicitly authorized.
The reason we're able to do that is because
we use the artificial intelligence to ensure that all of the settings and all of our
systems are absolutely correct
and we're able to use the AI in order to monitor
what level of communication an application needs
before we actually deploy it. Once that application is in a production
environment
it's not generating tons of false positives that we as people have to
respond to and say
"yeah that's not a legitimate response". A good comparison of
how this is actually operating is
like the locks that you tend to put in your office.
Most individuals will put locks on the outside of their office and if they're
dealing with highly secure data they'll put locks on the inside their office so
that certain employees can only have access to certain kinds of information.
Now a firewall is just the lock on the outside of the organization
and it doesn't stop someone from leaving. What our system is like is like having
security guards standing at every door within your organization
making sure that anything that comes in and anything that goes out
is absolutely allowed and if it detects
any component that is not explicitly allowed
it responds to that automatically by
initially blocking that traffic and then
asking either a more advanced user such as
a business director whether or not that information should be allowed to
exit the organization.