Could you stop an Edward Snowden on your network?

Truth in IT
04/05/2018
556
Report Favorite
Embed

Video Summary: The concept is to record every network packet movement associated with your privlieged users so you can replay it at a later date. This is a Privileged Access Management (PAM) system that serves as a deterrent as well as a forensic tool. You can also trigger notifications if suspicious network behavior is detected. Learn more at www. wheelsystems.com. Transcript below:

 

 

 

 

Mike Matchett:                  Hi. I'm Mike Matchett with Small World Big Data, and I'm here with Mike Malanowicz of Wheel Systems who's gonna tell us a little bit about network and security. Welcome to the show, Mike.

Mike Malaowicz:               Hello. Welcome everyone.

Mike Matchett:                  First, just explain a little bit about Poland and Wheel Systems and how you guys got started.

Mike Malaowicz:               So, yeah, Wheel Systems is located in Poland right now. We are just in the middle of the process moving to California, but you asked about Poland. Poland is a small country, well, it's one of the biggest countries actually in the European Union but compared to the US it's a small country located somewhere between Germany and Russia. So the country was destroyed during World War II. We are famous for having very beautiful women and extremely good programmers. We have some of them on board actually and what we do is we try to make the world more secure.

Mike Matchett:                  So making the world more secure, and as we were talking a little bit earlier, you really, guys, focus on privileged users and making sure that privileged users, those would be the users of a banking system or critical infrastructure that have like group passwords and things, that those users are behaving well and they don't go and try to, I guess, steal things, right? So tell me what are some of the things that privileged users can do badly, or can [crosstalk 00:01:42].

Mike Malaowicz:               You probably know Edward Snowden, right?

Mike Matchett:                  Yep.

Mike Malaowicz:               He wasn't even a hacker and he was able to steal very valuable data from a notable company, so what we do is we try to prevent those things to happen again. And we put our appliances or virtual machines into our clients' infrastructure and what they do is they record every single packet which wends through our appliances so it can be recorded first and analyzed later on. Therefore it can prevent wrong things happening, because if you do have in mind that you're recorded all the time, you, there is much less possibility that you do something stupid.

Mike Matchett:                  So if you know someone's watching you and can prove that you did what you did, you're gonna behave better. But in any case, you can go back and replay a privileged user session and tell what someone did and it's outside what that privileged user can go modify or change, right? This is a system that sits in the network and really secures what happens at that privileged level.

Mike Malaowicz:               Exactly, this is what we do. We record every single packet and from that we're building the movies so you can see how a privileged user's session went, actually. So this can be proved in court or it can be by implementing the real-time on the [leases 00:03:17], it can be also be something that will trigger a notification for this user's supervisor. That something is, you know, very suspicious about this session.

Mike Matchett:                  Adm I understand that you've also got some machine learning and some ways to recognize patterns and you're growing that capability some more and more, but what I found really interesting was that you've even got some ways to look inside of SSL, TLS protocols and so you can't even, a privileged user can't even hide behind that once they're within a company, right?

Mike Malaowicz:               Yes, we have Fudo which as I told you records privileged users' data and to do that it has to actually decrypt privileged user's session because it's always encrypted. When we are talking about SSH or RDB protocol which are the most common, they had to be decrypted first to be analyzed later on. And Fudo does that in the real time of course. It also changes user credentials, so the user even doesn't know the credentials he's using on the destination server and ... we also can trigger some sort of predefined alarms. For example, we can set up a command which will trigger an alarm. Let's say we are working with database and we want to delete something and the session will be put on hold and the supervisor will be notified that me, as a user, for example, I was trying to delete some of tables in some of [inaudible 00:05:10] a table. Or dropped a table in a database. This is one example.

                                                      The second example is, as you said, we use some machine learning so we also do have behavior analyzers and every single time I'm using Fudo it learns, actually, my typical behavior and if I'm stressed or if I left my PC without locking the screen, and for example, my wife or my kids want to play with [Buxom 00:05:42] banking system, it will also trigger an alarm and put my session on hold.

Mike Matchett:                  And that's, you know, that's actually probably something that has happened. I know my son comes in and plays my computer all the time when I'm not looking. Luckily I don't have control of any weaponry or financial bank accounts across the world, but I can understand how some people would. Very interesting. So you guys are going to RSA next, soon?

Mike Malaowicz:               Next month.

Mike Matchett:                  Next month you'll be there. Where else can someone find out some information about Fudo and Wheel Systems and Cerb and some of the products you've been talking about?

Mike Malaowicz:               Well you find every information I think on our webpage. It's wheelsystems.com and yeah, that's it.

Mike Matchett:                  And you guys have a long history of experience. Definitely, definitely interesting product to dive into, especially if you've got that secure, critical infrastructure that you really need protected and privileged admins all over the place and want to keep, make sure, keep tabs on them. Well, thank you Mike for being here today and talking with us. I look forward to talking to you again soon.

Mike Malaowicz:               Thank you very much.

Mike Matchett:                  Yep, this is Mike Matchett from Small World Big Data. Thank you for watching.

Categories:
Channels:
Tags: