Cybersecurity and Conflict 

0:00 [Music]

0:00 welcome to networking for change with

0:02 crisis in ukraine cyber warfare is on

0:05 full display and demonstrates a reliance

0:08 on network technology in today's world

0:10 our networks keep communication up the

0:12 power on banks connected our water safe

0:15 and businesses running just to name a

0:17 few if they go down or compromised it

0:20 spells trouble

0:21 i'm your host rick rutter and joining me

0:23 today are two of juniper security

0:25 experts kate adam and jose porto to

0:28 share how cyber warfare has security

0:30 concerns in everyone's mind let's start

0:33 with kate since the conflict began what

0:35 have you and your team noticed

0:38 well we've seen you know a tax increase

0:41 every year but specifically um since the

0:44 start of this conflict they've risen

0:46 even more so

0:47 and it's interesting because we have

0:50 seen

0:50 um a lot of

0:52 uh

0:53 very different targets

0:56 a lot more attacks targeting critical

0:58 infrastructure

1:00 uh government

1:01 internet service providers uh health

1:03 care

1:04 hospitals um basically the attacks on

1:08 these services that

1:10 um

1:11 these yeah that country is not just

1:13 those involved in the conflict but just

1:15 countries in general rely on to

1:18 you know maintain

1:20 their ways of everyday life keep people

1:22 safe keep people healthy all of the

1:24 services that we i think you know

1:26 i think it take for granted which you

1:29 know might be a good thing but you know

1:31 it's um

1:32 we see a lot more targeting attacks

1:34 targeting those services um and you know

1:37 a lot more businesses

1:40 shifting their focuses to

1:42 security how can they secure their

1:44 networks their data the things that make

1:47 their businesses run the things that

1:48 provide those critical services

1:51 that makes a lot of sense and so would

1:53 you classify these like

1:55 increases in attacks is it like crime of

1:59 opportunity in a sense is that do you

2:01 see things on in certain businesses or

2:04 does everybody really have to pay more

2:06 attention well you know it's interesting

2:09 because attackers just

2:11 are creatures of opportunity right where

2:14 there's chaos there's opportunity and

2:16 you'll see attacks increase regardless

2:19 of where that target is um and this

2:22 crisis in ukraine um this conflict is no

2:25 different so in addition to

2:28 nation-state attacks

2:30 um you know attacks coming from

2:33 uh the aggressors in this conflict uh

2:36 attacks coming from you know kind of

2:38 these these

2:40 both sides but government sanctions

2:43 we also see a lot more opportunistic

2:45 attacks again because where there's

2:48 chaos and where there's crisis there's

2:50 unfortunately also opportunity

2:53 that makes a lot of sense and so it kind

2:54 of answers like why this is happening

2:56 jose i'd be very curious to know from

2:58 your perspective too

3:00 is is this a reason for businesses to be

3:02 more concerned

3:04 yeah i mean definitely it's a reason for

3:07 for businesses to be concerned there are

3:08 some really interesting things that are

3:10 that we're seeing that are happening

3:12 first of all

3:14 you see that the ukrainian government

3:16 that is battling russia they're not only

3:18 do it in on air land sea but they're

3:20 using

3:21 the cyber front um

3:24 as part of the the cyber attacks

3:26 and uh they're using

3:30 this as an integrated part of their

3:31 other arsenals just as they

3:33 use troops and tanks to attack they're

3:36 used in cyber attacks and you know

3:38 russia has an established history of use

3:40 in cyber attacks in fact in ukraine they

3:44 they've done it in the past in 2017

3:47 they knocked down

3:48 federal agencies transport systems and

3:51 even the radiation monitors of the

3:53 chernobyl site

3:55 so there's a lot of concern in the

3:57 global community

3:58 that they can now that other countries

4:01 are sanctioning what is happening in the

4:04 war that they could actually be attacked

4:06 so

4:07 um you know in the recent months we've

4:10 seen multiple global agencies that have

4:14 advised enterprises of all sizes really

4:17 to see how they can improve their

4:19 security infrastructure

4:22 in february for instance the cyber

4:24 security and infrastructure security

4:26 agency in conjunction with the fbi

4:29 issued a joint um advisory basically

4:32 providing some details on the type of

4:35 attacks that ukraine is doing and

4:37 warning

4:38 um the the risk of

4:40 attacks from from russia

4:43 in march we also saw president joe biden

4:46 issue an urgent statement

4:48 warning that in response to the

4:51 sanctions

4:52 russia could retaliate with cyber threat

4:55 activity

4:56 so you know this for these reasons that

4:59 organizations really need to to take a

5:01 hard look be vigilant and and see how

5:04 they can protect themselves

5:06 makes a lot of sense and so are there

5:08 certain or specific attacks or kinds of

5:11 attacks that people should

5:13 be focused on

5:15 well the attack surface has increased

5:20 significantly over the past couple of

5:21 years right it's been

5:23 really uh exacerbated by the explosion

5:26 of remote working the adoption of cloud

5:29 deliver

5:30 services during the pandemic and now

5:31 with the with the war happening

5:34 this is uh you know it's it's becoming

5:36 more complex but at the end of the day

5:39 you know there are some traditional

5:40 types of attacks that

5:42 the organization should be looking at um

5:45 for instance email continues to be the

5:47 the main vector of attack so

5:49 phishing attacks and uh you know where

5:52 where the the

5:55 the bad guys are leveraging the you know

5:57 charity scouts fake news or they they

6:00 have a url that

6:02 is in fact they're infected so those are

6:05 definitely areas that that organizations

6:08 need to be

6:09 looking at ransomware attacks is another

6:12 um

6:13 a type of attack that is

6:15 extremely dangerous right they

6:17 they can encrypt the data they can

6:19 demand a high ransom and

6:22 the the files can be locked or

6:25 they can even threaten to release the

6:28 files to the web so this is an area

6:30 that also organizations need to to be

6:33 aware of

6:34 from an availability perspective

6:36 denial of service attacks are also

6:39 very important and something that

6:42 we've seen a spike and they can have a

6:44 big impact because they can disrupt the

6:46 business and they can just disrupt

6:49 websites email servers and can really uh

6:52 you know bring uh businesses to uh to a

6:54 complete halt

6:56 and um you know the the final one that i

6:58 i'll talk a little bit about it it's

7:00 really a combination of all of these but

7:02 it's really advanced persistent threat

7:04 attacks because

7:06 they um you know they can

7:08 they can be involved in multiple stages

7:11 variety of attack techniques and they

7:13 can be very difficult

7:15 to be

7:16 identified right once they they get into

7:18 the network they can stay dormant they

7:20 can stay on stealth mode and can be

7:23 undetected for a long time before they

7:25 actually go and and have an attack and a

7:27 lot of the um you know the the big

7:30 bridges in the in the last years um

7:33 started with a apt attack so those i

7:36 would say are some of the

7:38 the main types of attacks that um

7:40 that organizations need to to be aware

7:42 of yeah i'd also like to add in there

7:45 too i mean

7:46 not just as a result of this conflict

7:49 and just the general chaos there is in

7:50 the world but you know also especially

7:53 in the us it's tax season and so

7:56 that also breeds a lot of opportunity

7:58 for attackers to scan and scam

8:01 unsuspecting victims so we are also

8:04 seeing um a lot of uh like usb drives um

8:08 in very professional packages being

8:11 delivered to offices

8:13 with specific names to a specific person

8:16 and so

8:17 you get this it has a logo on it you you

8:19 think it's legitimate you plug it in and

8:21 now your computer is compromised and

8:23 that attacker can move laterally in

8:25 addition you know there's also a lot of

8:27 these um

8:29 uh there are a lot of crypto scams out

8:31 there so going back to targets on

8:32 financial services

8:34 getting to these you know massive crypto

8:36 wallets that are out there and

8:39 are untraceable right because of of

8:42 blockchain and how private the world of

8:44 crypto is um that also creates a lot of

8:48 opportunity um and then last but

8:51 certainly not least are a lot of the

8:53 scams and a talks going on via social

8:56 media whereby someone will reach out

8:58 you know

8:59 under some guys hey you know i'm trying

9:02 to get verified i just need you to send

9:04 me a screenshot of this of this code to

9:07 know that you know something along those

9:08 lines or you know hey you know i'm i'm

9:11 in a contest you know i just need you to

9:14 send me this that's going to be sent to

9:16 your phone it'll help me out and then

9:18 their social media accounts get

9:20 taken over and a lot of them from

9:22 misinformation can spread that way

9:24 because you know it's coming from a a

9:27 you know an account that is seemingly

9:29 trusted to those

9:30 uh who are following it so there's just

9:33 there's a lot to be aware of and as jose

9:36 said the attack surfaces is absolutely

9:39 massive but i think that also

9:41 underscores

9:43 you know just a hyper sense of vigilance

9:46 not just on the part of organizations

9:48 but on the part of individuals

9:50 themselves

9:51 alright so you brought up some really

9:53 good points in terms of all the various

9:55 ways that security can be compromised i

9:58 want to give our audience some good

10:00 advice and recommendations on how they

10:02 can stay safe and let's start with email

10:05 what are the best ways that companies

10:07 and organizations can protect themselves

10:09 from fishing

10:11 okay so it all comes down to making sure

10:14 that there is

10:15 a security mindset with employees right

10:18 that they understand

10:20 what are some of the risks that they

10:22 have to be aware of and this can be

10:25 addressed with security training

10:27 security awareness program but in those

10:30 programs they can learn about

10:32 the dangers of of fishing um and how uh

10:36 you know what what type of possible

10:37 phishing attacks they could get

10:39 a malware

10:41 that is embedded into the emails links

10:43 attachments right so i think that's one

10:46 one area that can that can help for

10:49 those um for those users now

10:52 from a technical perspective right we

10:54 can use spam filters we can use also

10:59 technology

11:00 technology to

11:02 scan through the through the attachment

11:04 and realize that it's a malicious

11:05 attachment or we can actually go through

11:07 the url

11:09 and

11:11 be able to

11:12 detect if that url is taking you to

11:16 a

11:17 bot that could have an in infection

11:20 malware

11:21 so those are some of the things that we

11:22 can do from an from an evil perspective

11:26 now

11:26 the other um

11:28 thing that this awareness or security

11:31 training can do for the employees is to

11:33 make sure that for instance they have

11:35 strong um

11:37 alphanumeric passwords right that

11:39 they're they're this is it looks very

11:41 basic but it's probably one of the the

11:44 the most um

11:46 easy ways for for these bridges to

11:48 happen so um strong and passwords

11:52 uh from a technical perspective we can

11:54 look at enabling things like

11:56 multi-factor authentication

11:58 both for internal and

12:01 external stakeholders of the

12:02 organization and what it does is it

12:05 requires the users to

12:07 basically use different pieces of

12:09 information a user password they may

12:12 have to use a token as well or biometric

12:15 so that's something that also helps a

12:17 lot in terms of access to the network

12:20 um

12:22 other recommendations that we that we

12:24 have as well is to make sure that

12:27 all of the the traffic of the network is

12:30 filtered both the ingress and the egress

12:33 traffic

12:34 and that we're basically performing

12:36 protocol-based filtering and this is an

12:38 area where juniper

12:40 specifically has been investing a lot in

12:43 the past years to make sure that we have

12:45 the best detection rate

12:47 we've done a lot of work with

12:48 third-party testing like ixa cyber

12:50 ratings netsec open showing that we have

12:53 the best

12:55 efficacy and detection rate so that's

12:57 definitely something that can help

12:59 these days with known attacks as well as

13:02 zero-day attacks so

13:04 you know filtering the network is

13:05 important

13:07 another area which i think can help

13:09 immediately customers organizations is

13:12 to

13:13 do network segmentation so the usage of

13:16 physical and logical

13:18 network segmentation to prevent access

13:20 from critical systems resources and

13:23 one of the most common ways or things to

13:25 do is to have a dmz or a demo

13:28 demilitarized zone where you can contain

13:31 the internet facing services so that

13:34 they're not exposed from the internal

13:36 network so these are some of the things

13:39 that we can do

13:40 one thing that i would also

13:43 maybe

13:44 recommend would be

13:45 to make sure that all the applications

13:47 and all the software is patched and

13:49 updated on all the devices because a lot

13:51 of the attacks will will use

13:53 vulnerability

13:55 and probably the last thing that i would

13:57 say is

13:59 despite all these protections the bridge

14:01 may happen so it's important that

14:04 we have incident response and we have

14:06 business continuity plans so that in

14:09 case that there is a bridge

14:11 that we have a way to get the big the

14:13 the business operations back to the

14:16 normal conditions i think those are some

14:17 of the areas there's many more but those

14:20 are some of the things that that i think

14:22 organizations can do today to help

14:24 to help them improve their security

14:26 posture

14:27 yeah and i you know i think it all

14:29 starts with

14:30 planning for the worst right plan for

14:32 that breach to happen have a disaster

14:35 recovery plan have backups in place

14:37 especially when ransomware is involved

14:40 um you know

14:42 have a you know have an incident

14:43 response plan

14:45 know you know so you can act quickly get

14:47 the right stakeholders in the room begin

14:49 that process asap because literally

14:51 every minute counts um

14:53 there are you know especially when we're

14:55 talking about

14:56 uh critical infrastructure patching may

14:58 not always be an option right um you

15:01 know downtime sometimes is worse than

15:04 being compromised and so

15:06 having an idea of what assets you have

15:09 and which are

15:11 you know which are which are more

15:13 important to have up which are more

15:15 important to have protected and then

15:17 having a plan in place kind of working

15:19 backwards from that incident response

15:21 plan plan for a breach but

15:23 you know implement protections to

15:26 minimize that likelihood making sure

15:29 that you're able to detect making sure

15:31 that you've got some automation in place

15:33 so that if a system

15:35 a critical system that you know needs to

15:38 be taken offline asap can be and it

15:41 doesn't have to wait for manual approval

15:43 if if you know one isn't necessary

15:46 um similarly you know going back to

15:48 jose's recommendation for multi-factor

15:50 authentication slight slight nuances you

15:54 know when you're doing multi-factor

15:55 authentication

15:56 don't settle for just a text message

15:58 code because someone can sim swap

16:02 someone can grab that code it's it's

16:05 probably the least safe

16:07 uh

16:09 you know way to do mfa but if you've got

16:11 like an authenticator app um that will

16:14 send that code that is much better than

16:16 just an sms code so

16:18 slight nuance there multi-factor is

16:20 super important um but you know if you

16:23 can do it through an authenticator

16:25 even better even safer

16:27 and then also back to the passwords

16:30 we have i mean there's a lot of password

16:32 managers out there that are amazing that

16:33 are super easy to use that can recommend

16:36 very strong passwords store them all

16:40 um and

16:41 you know i highly recommend that there

16:43 are some out there that even will tell

16:45 you hey you have a duplicate password

16:46 you need to go change one we'll monitor

16:49 any um

16:50 we'll monitor the dark web for any

16:52 usernames and passwords that may have

16:55 been leaked and let you know so you can

16:56 go change them you know going back to

16:58 the phishing

16:59 it definitely you know having that

17:02 security mindset throughout the

17:03 organization is important then also um

17:06 incentivizing it right so you know

17:09 making sure that you know people are are

17:12 recognized when they

17:14 you know right when they actually

17:16 recognize a fishing attempt or you know

17:19 make it make it a a team sport almost um

17:23 and then i would say also

17:25 if you're going to train people to

17:26 recognize phishing email and and use

17:29 your you know use uh what we call kind

17:32 of like cyber common sense

17:34 also disincentivize people from sending

17:37 legitimate email that looks like a

17:39 phishing email

17:40 um right so you know making sure that

17:44 the right email from address is used

17:46 making sure that you're not just sending

17:48 a link with no context or that it's not

17:51 just an unexpected email and you know

17:54 hey click on this attachment well why

17:56 you know just

17:58 it kind of goes both ways so i mean i

18:00 know it's a lot

18:01 um there's a lot of of recommendations

18:04 out there and they're really difficult

18:06 to implement all at once

18:08 but i think the most important step here

18:10 is one step at a time

18:12 make progress

18:13 any progress any any

18:15 thing that you can do today that's

18:18 different and better than you were doing

18:19 yesterday is a step in the right

18:21 direction so i would say don't get

18:24 caught up in

18:26 in

18:27 you know not being able to be perfect

18:29 and therefore not doing anything you

18:31 know what is that what is that phrase

18:33 the the per don't let perfect be the

18:35 enemy of the good start somewhere

18:37 because it's better it's better than

18:38 nothing so just keep one step in front

18:40 of the other keep making progress

18:42 to add to what you what you uh mentioned

18:45 um kate uh i mean cyber defense is a

18:48 long game right so it requires sustained

18:50 strategic investment it's not just a

18:53 last-minute bolt-on right so

18:55 we made some recommendations um

18:58 but i think you know ultimately

19:01 you know long term um i think

19:03 organizations should be striving to

19:05 implement um zero trust architecture

19:08 right this is uh

19:09 something it's a security model that has

19:12 been out there for some time now it's

19:13 probably started talking about this in

19:15 the early 2010s right but it's become

19:19 more prevalent uh recently

19:22 and um especially with uh some of the

19:24 guidance from the nist special

19:26 publication 800 207

19:28 and um this is really something that you

19:31 know if you implement all of the

19:33 recommendations those are parts of the

19:35 xero trust architecture that zero trust

19:37 architecture

19:38 it's um basically it's a really drastic

19:41 departure from the previous models where

19:43 you you know trust but verify

19:46 before that it involved really defending

19:48 the perimeter and assuming that anything

19:50 inside the network it was saved with the

19:53 zera trust

19:54 the idea here is that

19:57 you basically

19:58 you know you shouldn't automatically

20:00 trust anything outside or inside

20:03 and the perimeter

20:05 so instead you have to really make sure

20:08 that you authenticate before you make

20:10 any connection to any of the

20:12 applications i think this is a a radical

20:14 uh kind of shift but it's something that

20:18 if organizations can strive towards that

20:21 it will make their remote workers it

20:23 will make their cloud um applications

20:26 uh much safer and uh you know so this is

20:28 something that we also recommend moving

20:31 forward you explained a lot about all of

20:33 these recommendations and

20:36 so what i would like to understand too

20:38 is how should companies and teams be

20:41 working on a support system or a support

20:44 structure i can't imagine you know a it

20:47 team is able to do all of this who do

20:50 they need to have as part of their

20:52 support structure

20:53 yeah i mean

20:54 it's not just it teams right any it

20:58 theme also obviously includes the

21:00 infosec counterpart

21:02 um you know executives being able to

21:05 communicate to executives is very

21:07 important especially in the midst of a

21:09 potential breach

21:10 legal having legal involved having hr

21:13 involved right um but then

21:16 back to what jose said having employees

21:18 involved too right there's there are

21:20 certain things that employees need to be

21:22 made aware of um to better protect

21:24 themselves to better protect the

21:27 applications and the data that they may

21:29 be accessing on the network that they're

21:31 accessing

21:33 that they are using to access those

21:35 things

21:36 but then also i mean there are any it

21:39 team has a multitude of vendor

21:42 technology that makes up their networks

21:44 and especially where

21:47 security vendors are involved

21:49 security vendors are a great support

21:50 system as well right because

21:54 sometimes there are

21:56 incident response uh

21:59 uh services that can be utilized

22:01 sometimes there are

22:02 um

22:03 uh

22:04 uh

22:05 version there's version control and and

22:07 patching that can happen upgrades to

22:10 systems that may not have may have been

22:12 overlooked when uh you know the last

22:15 change management came through um

22:18 and so those support teams those vendors

22:20 can certainly help

22:22 um and they have expertise as well

22:25 um and then also peer organizations

22:28 right so

22:29 no one no one organization is in this by

22:32 themselves regardless of the industry

22:34 that they're in

22:35 um you know really work

22:37 as a as a just

22:39 a society you were kind of all in this

22:42 whole

22:43 you know cyber defense

22:45 thing together and so you know

22:48 going to peers asking what they've done

22:51 lessons that they've learned

22:53 um sharing that intelligence um sharing

22:56 indicators of compromise

22:58 that goes so far in helping not just

23:02 protect that individual organization but

23:03 keeping us all safe it's it's kind of

23:06 like uh it's kind of like herd immunity

23:08 um you know when it comes to to attacks

23:11 right we're we're all in this together

23:13 we're all trying our best and so we all

23:16 have to work as a team and and not as

23:18 individuals

23:19 so as we talk about resources i've read

23:22 a lot about threat labs and used that

23:24 could you tell me a little bit more

23:26 juniper a has invested considerably in

23:30 our thread labs team we have a

23:33 team of specialists that are constantly

23:36 monitoring the threat uh landscape

23:38 and they're actually have a direct

23:41 engagement in terms of developing our

23:43 security functionality and features so

23:46 uh the thread labs has blocks and and is

23:50 constantly

23:52 generating new reports so we would

23:54 definitely

23:55 recommend that uh that folks that are

23:57 listening to this would would would um

24:00 join the conversation with us and check

24:02 out

24:03 the blogs that uh that they're

24:04 developing

24:06 uh to add on to that jose too i mean um

24:09 not only does our juniper threat labs do

24:12 research and you know put that research

24:14 back into the detection models that we

24:16 have within the juniper security

24:18 products

24:19 but also juniper threat labs is part of

24:22 larger organizations um

24:24 such as the cyber threat alliance

24:27 um the cloud security alliance um who

24:29 you know they all share

24:31 inform threat information with other

24:33 vendors who are also members um making

24:36 sure that you know there's some there's

24:39 some level of you know

24:41 group protection um regardless of the

24:44 security vendor you go through um but

24:47 but what's important i think is just you

24:49 know

24:50 leveraging the research that's out there

24:52 you know keeping a pulse on

24:55 what's going on uh in you know in the

24:57 threat landscape what are attackers

24:59 doing how have they evolved because it

25:01 really is

25:03 unfortunately um a very complicated game

25:06 of chess between the defenders and the

25:08 attackers and so as much as you can

25:10 learn about who you are protecting

25:12 against that's going to benefit you and

25:14 how you protect against them

25:17 from a technology perspective i've heard

25:20 a lot about our artificial intelligence

25:22 machine learning automation

25:24 how should we be

25:26 how should our teams be thinking about

25:28 implementing those types of technologies

25:30 to improve security

25:33 well um

25:34 if you think about it

25:36 we talked we talked a little bit about

25:38 this the

25:39 attack surface is expanding the uh and

25:43 what's

25:44 really having a huge impact is also the

25:46 volume of the attacks we have a

25:49 thousand millions of attacks daily that

25:52 are happening and it's

25:54 impossible to be able to analyze this by

25:58 the humans so

25:59 ai plays a

26:01 a a pivotal role in terms of

26:03 analyzing correlating the information

26:06 and help

26:07 uh incident responders and information

26:10 security

26:12 experts and be able to make a decision

26:15 around you know whether a

26:18 a particular

26:20 incident might be a malicious

26:22 incidents so and that's where ai

26:25 plays a very important role

26:28 at the same time automation is um

26:31 it's another critical factor

26:33 and there's a couple of areas where

26:35 automation we think has

26:37 has uh can can can help one of them is

26:40 in terms of

26:41 uh digesting ingesting uh telemetry

26:45 uh and then

26:46 being able to make a decision and be

26:49 able to enforce a policy automatically

26:52 to to block

26:54 a an infected host for instance uh

26:57 without a human intervention so this is

26:59 very important

27:00 uh because we just don't have

27:04 enough speed for from a human

27:06 perspective to be able to react so

27:09 um automation is is very important and

27:11 also

27:12 the other thing is that the bad guys

27:14 they're also using automation so we need

27:15 to we need to combat the automation of

27:18 the attacks with the automation of the

27:20 protection so

27:22 that's where we see it

27:23 kate

27:24 jose

27:25 thank you both for sharing your insights

27:27 your recommendations

27:29 for everyone out there i hope this was

27:30 helpful

27:31 now more than ever network security

27:33 should be top of mind for all of us

27:36 and if you have any questions or would

27:37 like to learn more we're here to help

27:40 thank you

27:42 thank you thanks

27:44 [Music]