Transcript
Hi Mike Matchett Small World Big Data we are here with at RSAC 2025. There are thousands and thousands of people here. There are hundreds of cybersecurity vendors. We are here right now with SonicWall to talk to them about their particular role in the cybersecurity landscape. I have, uh, Douglas here with me today. Thank you very much for talking to us. Why don't you just start by telling us a little bit of your background? Yeah, absolutely. So I've been in the industry for about 16 years, mostly in the offensive security space, uh, researching threat actors, hackers, vulnerabilities, writing zero day exploits, uh, doing a lot of pentesting stuff. And today I come to I come to SonicWall now for a couple of years, and I run their threat research team, where we're constantly looking at what threat actors are doing and building that content into our products to ensure that our customers are protected on a daily basis. So, so your every day is pretty exciting and you get to be on the front sort of bleeding edge of threats and threat actors and the hacks that they're doing. Well, I'll tell you, it's exciting to me, but not everybody would see it that way. But yes, we're typically on the front lines, uh, on a regular basis, looking at what is the newest vulnerabilities in malware and how threat actors are leveraging that. All right. We're going to get into that just just in a minute. But tell us a little bit for our slightly more general IT audience sometimes what SonicWall does and what its role in the cybersecurity domain is. Yeah, I think that's a great question. And SonicWall has evolved over a very long history where almost 30 years old as a company and our origins are back in the firewall. Firewall. Yeah. Firewalls. Right. And so we started by that. But we're no longer just a firewall company. Over the last several years, we've made some acquisitions and some got some new products in our line to have a more complete cybersecurity tooling. So, for example, now we have something called Cloud Secure Edge, where we have a ztna solution that we're providing to our customers directly connected to our firewalls. We also have a managed services division, which is providing things like Sonic Sentry, MDR, managed detection and response to our customers as well. Again, allowing our customers and partners to really have a true partner in cybersecurity. And so what you do in that threat detection team feeds back into those solutions and services pretty directly. Yeah, absolutely. So we're doing research to ensure that our products are up to date and have the technology that they require in order to detect what the threat actors are doing, their latest techniques and tools. All right. So looking around at this, this RSA key show, what would you, uh, want to tell people about what the latest and most current and dangerous threats are that they should be aware of? Oh, I think that's that's two different questions, right. When you and that's a that's a that's a lot of topics I would say, you know, if you look around the show here, everyone's talking about AI. Right. And I think that's expected in 2025. I don't necessarily think that AI is the biggest threat to uh, to our companies these days. Believe it or not. Uh, something like 95% of all breaches are due to human error, right? And so, yeah. So why are we spending so much time on AI and recreate human intelligence? Well, I mean, there's a correlation there, right? The the concept is that I potentially can help reduce some of that human error. But at the end of the day, what we really find when we dig into the technology and where we're currently at is that we still need that expert in the loop. Uh, you should be leveraging AI to to make your defense and your offense, uh, ethical offense more, more effective. And it allows us to be more efficient. And that's fantastic. Absolutely. Should leverage that. But there's not yet a world where machines are replacing replacing humans. And I think that's the biggest misnomer. So to go back to your question a little bit on what should we what is actually the biggest threat? Um, this is going to sound a little weird, but I think the biggest threat is us forgetting about the basic threats. And let me explain that a little bit. So in our 2024 threat report that we released back in February, one of the things that we saw was that Ssrf attacks, server side request forgery attacks were up 452% year over year. That's a lot. Those attacks are not new, very, very old technique. Now, when we get back to AI, what we're seeing is AI is making that very easy to find those vulnerabilities and therefore leverage them and provide threat actors the capability to spin up that type of attack very effortlessly. Another example, and we specialize in small businesses. The majority of our customers that we protect. So I talk about the most widespread attacks. When I say widespread, it's not necessarily the most leveraged attack, but the attack that's affecting the most organizations, if that makes sense. So if we're saying around 50% of the time the top three attacks are things like Heartbleed log for J, TP link and Atlassian threats that are at sometimes decades old. Heartbleed was 2011 write log for J not quite as old, but also as old. So really what I think the largest threat to today's businesses are is getting caught up in the hype of the latest and greatest technologies, and not taking care of the fundamentals of cybersecurity. Now, I probably shouldn't do this on a short form video, but I just want to dig in one little bit. Yeah, let's do it. Are these old vulnerabilities being reintroduced, or are they just latent out there and being sort of undiscovered? Yeah, that's that's a great question. So reintroduced I would say no. They've existing in the infrastructure for quite some time. I would say when we talk about things like supply chain attacks right. Why are attackers leveraging supply chain attacks more and more? Well the ROI is pretty high. If I don't have to target just one specific piece of software, but I can target an underlying library and hit a multitude of targets, then I can get more financial gain from that. When we think of industries like the medical industry, ICS, critical infrastructure, those things, those technologies oftentimes cannot be updated on a very regular basis for very real reasons. Right. We we like to put the onus on on the organization, say, why didn't you update your software? But when we talk specifically about healthcare or critical infrastructure. There are legitimate reasons why sometimes updating is either not cost effective or not possible Or even just dangerous in the health care. Exactly. Even just dangerous. So, uh, what's what's important is that we're able to provide solutions to protect against those attacks that don't require that updating. So that's one of the things that SonicWall is doing with our firewall solution is ensuring that we're protecting against those vulnerabilities, uh, without having to update the actual device. So going back and really true sense of the word firewall, we're really going in and blocking things before they get into the system based upon what we know in the past. And keep applying those rules as, as we go forward. Absolutely. And just to take it one step further away from the firewall, when we're talking about things like cloud, secure edge and ztna solutions, also providing the proper isolation to ensure that we're not getting a lot of lateral, there's not the ability for effective lateral movement when those devices are inevitably compromised. You mentioned supply chain, which is a theme that I'm seeing coming up sort of second to the AI theme that you've all been hearing about. You know, from your perspective how far up and down a supply chain does someone really need to look and analyze to make sure they're secure? Ah, that's that's a very interesting question. So I actually I write a class for sans security. 568 which is on product security testing. And we talk about how to combat supply chain attacks through doing product security testing. So when you ask about how far should you go, we talk about breaking down these applications at a very technical level to ensure that you understand how it works. And so I think it's very important that we go to a very detailed level to understand what are the software packages included, what are the inner workings of how a system is put together? Because we like to always toe industry best practice. Oh, make sure you have MFA, make sure that you're updated. But the reality of the situation is if you're going to defend against supply chain attacks, you have to have a mitigation strategy that is tailored to the solutions in which you're deploying. And so I think it is a concept of, yeah, we need to get very detailed for our our critical applications and infrastructure. All right. We don't have a whole lot of time here. So the next question I would ask you is you mentioned a security report that you guys published. Uh, where would people be able to find that if they wanted to take a look at that? Yeah. So we published several security reports. Our annual threat threat report is on the SonicWall website, and we also publish threat briefs on a quarterly basis. And we're about to publish one on Microsoft security that will release in the next couple of weeks. That can also be found on the SonicWall website. Oh, cool. And if someone wants to learn more about SonicWall and what they've become after all this firewall heritage and the panoply of solutions they have, where would you point them at first? Uh, definitely. Sonicwall.com. All right. Thank you so much for being here. Thank you, Douglas, for explaining. Thank you. You have a good one. Take care folks.
