CyberWire Daily - Commercial threat intelligence proves invaluable for the public sector. [CyberWire-X]
Episode Date: December 11, 2022Historically, the U.S. government has relied almost solely on its own intelligence analysis to inform strategic decisions. This has been especially true surrounding geopolitical events and nation-leve...l cybersecurity situations. However, the explosion of assets being connected to the internet, along with the fact that most critical infrastructure is owned by private sector organizations, means that commercially developed cyber threat intelligence is being generated at a faster pace than ever before. In the Russia/Ukraine conflict, we saw how commercially generated satellite intelligence played a critical role in alerting the public and ensuring our allies were ready for an invasion. At LookingGlass, we believe commercial threat intelligence can provide similar anticipatory insight – and that it can be shared more easily and quickly than intelligence generated solely by the U.S. government. Ultimately, the public and private sectors need to work together to protect the interests of the American people. Currently, both private industry and academia are targeted by foreign adversaries, just as are government agencies. This means that commercial entities also have access to adversary tactics, techniques, and procedures (TTPs) and indicators of compromise, and they have that access from a different perspective, which is valuable intelligence for the government. On this episode of CyberWire-X, host Rick Howard, the CyberWire’s CISO, Chief Analyst and Senior Fellow, speaks with Hash Table member Wayne Moore, CISO at Simply Business, and host Dave Bittner speaks with Bryan Ware, CEO at episode sponsor LookingGlass Cyber Solutions. They’ll discuss why the U.S. government needs commercial cyber threat intelligence now more than ever before and how both the public and private sectors will benefit from closer, trusted cyber partnerships. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Hey, everyone.
Welcome to Cyber Wire X, a series of specials where we highlight important security topics affecting security professionals worldwide.
I'm Rick Howard, the Chief Security Officer at N2K and the Chief Analyst and Senior Fellow at the CyberWire, an N2K brand.
And today's episode is called Commercial Cyber Threat Intelligence.
A program note, each CyberWx special features two segments. In the
first part, we'll hear from industry experts on the topic at hand. And in the second part, we'll
hear from our show's sponsor for their point of view. And since I brought it up, here's a word
from today's sponsor, Looking Glass Cyber, a global leader in cybersecurity.
in cybersecurity. And now a word from our sponsor, Looking Glass Cyber, a global leader in strategic intelligence. It's no secret that ransomware attacks are financially motivated. What might
be surprising, however, is how ransomware operations have started to operate like businesses
and startups. This became especially apparent in the first half of 2022 with the publication of
ContiLeaks and the release of LockBit's Bug Bounty program. The rise of ransomware as a service may
have been just the first step on the road to a more professional class of ransomware gangs,
but the revelation of Conti having an HR team
as well as other business operations teams
has put a finer point on that.
How might the professionalization of ransomware
impact your organization and sector?
Find out this and more
in the latest intelligence report from Looking Glass.
Get an update on the most prolific ransomware gangs,
their innovations,
and which sectors and countries
are most targeted. Download this research report at lookingglasscyber.com forward slash cyberwire.
In terms of cybersecurity first principles, I've made the case in my career that in order to reduce the probability of material impact due to a cyber event,
there are a handful of strategies that will have the greatest impact.
Zero trust, resilience, automation, and intrusion kill chain prevention.
That last one is the strategy that applies to this show.
Intrusion kill chain prevention is the notion
that network defenders should not simply block
the one-off tools that hackers use
to compromise their digital victims
without any relation to the overall plan.
We should instead be trying to prevent the entire plan.
We know from experience
that when cyber adversaries attack their victims,
they don't
simply do one thing. They have to accomplish a series of things to achieve their goals. Call it
their attack sequence. And according to the famous Lockheed Martin kill chain paper published in 2010,
network defenders have opportunities to defeat the attack sequence at every stage of the attack
campaign. But in order to do that, they need some kind of
cyber threat intelligence capability dedicated to tracking adversary behavior across the intrusion
kill chain and developing and deploying prevention and detection controls for their own security
stacks designed to defeat the campaign. The problem is that this is expensive, and unless
you're a medium to Fortune 500-sized company,
you probably don't have the resources in-house to do this alone.
You likely will have to supplement this effort with a commercial cyber threat intelligence service.
Wayne Moore is the chief information security officer for Simply Business,
a small-sized business growing into a medium-sized business in terms of revenue, and he had just recently contracted a
commercial threat intelligence service. I asked him what drove him to make that decision now.
We just adopted the MITRE ATT&CK framework a while ago now as part of how we design our defenses
without a way to prioritize. If you're going to take all threat actors into account
and you have to implement every possible defense in the MITRE ATT&CK framework,
that is a heck of a lot of work and a lot to maintain.
One of the reasons for getting some threat intelligence into the program was to be able
to prioritize which of the threat actors most likely to be going for us in our industry
or us specifically, and allow us to narrow down where we need to focus first.
So Wayne, explain what your business is.
What do you guys do?
You're in the financial sector, right? That's right. So we are in the business insurance sector, but we focus on
the micro businesses. So ranging from, you know, small corner shops to IT contractors, to landlords,
that kind of thing. What do you think your most likely threat is? Is it, you know,
nation state? Is it criminals it criminals is it what do
you guys worry about it's mostly cyber crime um and we're talking largely ransomware gangs we're
talking out of the you know the main the main areas where those those those those gangs operate
so that's probably our you know besides the script kiddies and you know they're not much
hacktivism um uh focused on us, but it's largely that cyber crime
group, the ones looking to get, you know, payment data or customer credentials or access to cloud
services to exploit, you know, those resources, those types of actors, largely cyber crime.
And it's twofold for you because you have customers that you service in the financial sector, but also those same cyber criminals could come after your organization specifically. So it's kind of a twofold thing, right?
Obviously, there's some free resources in that out there that we can kind of use to say, OK, well, we know that these types of actors attack the insurance industry, as an example. But the threat intelligence, the commercial threat intelligence allows us to hone that even further to say, OK, well, you know, there's also these threat actors that are likely to target you.
And we've seen that perhaps because there's some chatter on the dark web or something like that.
perhaps because there's some chatter on the dark web or something like that.
So it gives us a bit more targeted intelligence to design our defense program around.
So you guys just recently brought on board a commercial cyber threat intelligence group.
What services are you paying for them?
Are they doing that dark web kind of recon for you?
Are they providing tactics, techniques, and procedures across the kill chain?
What exactly are they doing for you?
Yeah, exactly.
A few things, actually.
So definitely one is around the threat actor stuff.
So TTPs, what sort of tooling we expect from them,
their motives, intent, that kind of thing.
Dark web monitoring is another one.
So any stuff on the forums, data leaks, or even password dumps and things like that that perhaps have a link to some of our services
and things, they're monitoring all that kind of stuff.
There's also takedown services.
So anyone trying to impersonate or typosquat any of our domains,
there's some takedown service options there.
They provide a lot more
than pure threat actor related information. There's actually a lot of other services they
tend to provide, including, like I said, the takedown services, but also brand monitoring as
well on the dark web and executive monitoring. So if people are setting up Twitter accounts
or other social media accounts that are mimicking executives in the business, you kind of get visibility of that.
So it starts to give us a nice component into a more exposure management program, which I think is something Gartner is pushing a bit terms-wise, but kind of managing that external exposure as well.
exposure as well. I have a real love-hate relationship with brand monitoring services because I used to run a commercial cyber intelligence group many years ago and we had,
we offered that as a service. And what typically happened was we'd find stuff in the first month,
you know, and then that organization, for that customer, that customer would clean their act up
and then we'd never find anything again. So when it came time for renewals, right, they said, well, this isn't very useful.
So good luck with that service then.
Yeah, exactly. Well, it's early days for us. So that might actually, it may end up being the case
for us. You don't know because there was, you know, there was a, there was a flurry of activity
in the start for sure. In order to be able to use a commercial cyber threat intelligence group, you have to have somebody on your organization, a team or a person, somebody, who has to receive that information and make something useful.
How do you guys do it at your place?
So, initially, all that information has been going into our SOC.
been going into our SOC, but we have since onboarding our commercial threat intelligence provider, we have dedicated one person in the SOC, kind of carved them out to focus on
the program. You know, how do we best set up, set ourselves up to make best use of threat
intelligence? Where's it going to be integrated? What are the response processes around alerts
that perhaps come out of that investigation processes? You know, also using that data to create, you know, reports on information
we may need for planning or strategy or things like that. So that's what we've done. We've kind
of, we've started to carve out some dedicated capacity within our SOC to look into how best to
leverage threat intelligence. So you're just beginning down the path,
dedicating one person, and as your team grows and matures, there might be more.
One of the things you kind of piqued my interest there, Wayne, was I've always said I've been
doing cyber intelligence for a long time. The difference between a journalist and a cyber intelligence analyst is the analyst has to go the
one step closer and make recommendations about what to do with the information. You know, if you don't
help leaders make decisions with that information, then you're just reporting the news, right? So
have you thought about it in that way
that we should be looking, we should be able to make some decisions based on the intelligence
coming in? Yes, absolutely. So, the person that is really dedicated has started to look at
things like intelligence requirements or priority intelligence requirements, you know, the IRs,
the PIRs, those kinds of things. In some cases, you know, being able, one might be identify the threat actors
with a motive to target us as an example.
You know, that's a kind of a common one.
There's this lexicon in cyber intelligence, in intelligence in general.
We call them IRs and PIRs and CIRs.
How do you define them in your organization?
Okay, yeah.
So we've got intelligence requirements, priority intelligence requirements, PIRs, and then specific intelligence requirements.
Now, again, this is still in active development, but how we describe the intelligence requirements, these are for more requirements for the general threat environment.
That's like what are the threat actors likely to target, et cetera? And the priority intelligence requirements, these are most critical to be answered for the organization, such as more detailed and operationally focused and aligned to the IRs.
Typically, general statements or questions that intelligence can answer, things like what types of adversaries have historically expressed an interest in our business? Or what are the emerging threats to our industry and industry peers? You know, that kind of information will
be useful for, especially emerging stuff, really helps with strategy and budgeting as well, things
like that. So that lexicon comes out of the military. It came out of World War II when
military leaders asked their intelligence folks, you know, what the hell did
they do during the war? And they came up with this CIR, PIR, IR thing, right, to describe what they
did. And so, CIRs are, in the military, are command information requirements, right? And those things
don't change that often. You know, they're big picture things like, how long will it take me to get to Berlin during World War II? For a commercial organization, these would be your ideas about what intelligence
you need to gather, right, and make decisions on. Or even better would be coming from the CEO,
right? What is the CEO worried about? You update those once a year. They're kind of general purpose
things. And then the PIRs, the priority information requirements,
they're kind of breaking the big CIRs into smaller pieces,
smaller digestible pieces.
What do I need to know to answer the boss's first question?
Just problem solving, basically.
That's how we get that lexicon.
So I'm glad to see that you guys are pursuing that.
If you have an intelligence program that you use
to support your internal intrusion
kill change strategy, the other thing you can do is share that intelligence with peers in some sort
of ISAC or ISAL. U.S. President Clinton established the first ISACs, Information Sharing and Analysis
Centers, back in 1999 for officially designated critical infrastructure verticals like finance,
officially designated critical infrastructure verticals like finance, communications,
healthcare, etc. In 2015, U.S. President Obama established the first ISAUs, Information Sharing and Analysis Organizations, to encourage intelligence sharing for everybody else.
Steve Winterfeld is the Akamai Advisory CISO and a regular visitor here at the CyberWire's
house table. Here's what he had to say about the
value of sharing organizations like ISACs and ISAUs. The value of an ISAC is twofold. One,
it gives you a chance to talk to your peers in a way that you can take the lawyers out of the loop.
I would go into FSISAC and be able to trade information and talk about proprietary things
because again, security is not the competitive advantage.
Taking care of customers is the most important thing.
And we compete in other ways.
And so I think there's a huge advantage in how you can communicate in a collaborative way.
We've been a member for the ISAC for a couple of years now, I would say.
We've gotten on a few calls and things with people and attended some of the events and things that are there to more in a
consumption manner than contribution. The hope is that now that we start to develop our capability,
we'll be able to share a bit more. So you were just down this road. Any words of wisdom for
other folks that are considering this option is bringing in commercial cyber intelligence?
I think more general purpose
advice, well, at least one of them, general purpose advice for anything before adopting
a vendor is I personally like to get the process right. Think about what is it you're trying to
achieve? What outcomes are you expecting? What would that process look like? And then find the
vendor or the tool that fits that. I think there's a tendency to, right, let's bring a tool in and
then we'll build ourselves around that. And I think the problem then is you haven't necessarily thought of the full scope of
what it is of the problem you're trying to solve. You know, there's something we did set out to
think, we did think about a bit more about what are the outcomes we expect from bringing in threat
intelligence? How are we going to use it? And then we went out and found the right vendor for that. That's perfect. The other kind of iconography in the
threat intelligence space is the threat lifecycle, the intelligence lifecycle. Basically what it is,
is you get CIRs from the boss and then the intelligence team says, okay, what do I really
need to answer to answer those big questions? And then the very next question you have to ask is, do I have that intelligence coming into my organization? If I do,
then I can answer the questions. If I don't, then I need to go get that intelligence somehow,
either open source or talking to your buddy with an ISAC, or you go buy a commercial intelligence
group. So, and then what you said is absolutely correct, I think,
is we have very specific requirements,
and then we need to see if the commercial vendor
can actually meet those requirements
so I can answer the boss's question.
You know, in a perfect world, right?
That's how it should be done,
but it's not always a perfect world, is it, Wayne?
No, no, no.
I just know from experience,
I've been down that road too many times,
bringing in the vendor, then work out the process, and it tends to be, you end up having to do a lot of rework that way is it way no no no i just know from experience i've been down that road too many times bringing
in the vendor then work out the process and it tends to be you end up having to do a lot of
rework that way because everybody thought about what it is you need you just think that this
thing is going to solve your problems yeah yeah yeah that's exactly right but the other thing i
would say about this stuff rick is that you know from an information sharing perspective which is
what the afs isex are all about is that it's, is that it's something that I think is we're getting that the industry, you know, is in cybersecurity and security in organizations, things are getting better at sharing.
But we've always been a bit hesitant, I think, in many ways to share information.
And the problem with that is we all know that our adversaries are all sharing information, right?
It's just natural for them to do all of that.
And there's power that comes with that.
And if we don't start doing that, it's going to be very, very hard for us to counter that level of sophistication if we don't find a better way of sharing with each other.
I think it's a mindset change, right?
Because I've been involved in various sharing organizations in my career. The one argument that gets people over the hump
is when you explain it like this, we are not sharing intelligence on how we were hacked
or how our customers were hacked or customer PII. That's not what we're sharing. The thing that's
valuable to share is tactics, techniques,
and procedures that the adversary uses against other organizations. Because that's the thing
that's valuable. That's the thing that if it happens to Joe down the road and he shares it
with me, that means I'm protected from that same adversary that went after him. And when you can
have that kind of conversation, then it makes it easier to share that kind of intelligence.
Are those the conversations you had when you brought those guys in?
Yes, that's right.
And, you know, I love the way that you framed that.
I think if you present it in that way, it's much more acceptable.
But, yes, that is the approach.
Yeah, palatable.
Yeah, palatable.
That's a good way.
Excellent.
So any last words, Wayne, or did we cover it all?
There's this typical adage, which I've always been quite uncomfortable with, that I've heard in industries.
Like, well, let's just make ourselves more secure than our neighbor.
You know, a bit like if we've got the alarm system on our house and our neighbor doesn't, then they'll just go after the neighbor.
Now, okay, I get that.
But it just doesn't sit well with me.
If that's the attitude we take, let's just be more secure than our neighbors or they get attacked. We still lose in the end in that way, right? Because we're
linked in some way. We all need to work on this together. I'm so glad that you said that, right?
Because most people say what you just described, right? We just need to be better than everybody
else. So it's only about me, right? That's it. I don't want to protect anybody else.
than everybody else.
So it's only about me, right? That's it.
I don't want to protect anybody else.
When we all know it's an ecosystem, right?
So, and especially in the various verticals,
if one vertical gets hammered,
if one customer in a vertical gets hammered,
then the other one's experience.
Customers lose respect for the vertical, right?
And yeah, all that stuff.
So it has that combination.
I'm so glad.
Exactly.
It just doesn't feel right, you know,
when you say, okay, well, forget the neighbor.
As long as we're secure, that's fine.
You know, it's like, no, no, no.
That's right.
That's our neighbor.
Next up is my colleague, Dave Bittner's conversation with Brian Ware, the CEO at Looking Glass Cyber.
The word threat intelligence, when people use it in a cyber context, generally means fairly specific tactical indicators.
context generally means fairly specific tactical indicators, understanding if this is a suspicious IP address or domain or something along those lines. But in the spirit of your question,
I think it's a much bigger concept than that. Intelligence should be an exquisite asset, not available to everyone, that enables the consumers of it to make better business decisions, strategic decisions, and mission decisions, right?
And so intelligence has to give you an advantage.
And I think the only way that you get an advantage from intelligence, from threat intelligence or any other kind of intelligence, is if it's unique and specific to you and what you're trying to do. And if it's not all that specific and it's
not all that useful and it's not all that unique, it's probably not actually intelligence.
And so where do we find ourselves today when it comes to the spectrum of threat intelligence
offerings that are out there? I think that
truthfully, most intelligence offerings are just data, sometimes commodity data, but just data.
And if it's something that can be seen from the internet, then that generally means that
almost anyone with the right machinery can see it from the internet. I'd say that kind of a state of cyber visibility is such that, you know, most
tools don't provide you with quite the intelligence that you need. And so there's value in data
lookups. But I think what's being missed is the opportunity to really make that data, transform
that data into unique insights and into intelligence. And we really
don't see a lot of that in the, certainly not in the product ecosystem, the traditional cyber
threat intelligence product ecosystem, but even maybe more broadly into just the practice of the
industry today. So when we think about the public sector, what has their history been in terms of
interacting or consuming or generating even their own threat intelligence? Yeah, I think mostly the
government doesn't generate a whole lot of their own threat intelligence, the public sector. I'd
say that they generally, you know, probably the most common use case, and I wish I had statistics on this. It seems like a good
research project. But the most common use case is
you're sitting in your security operations center. There's something
that's unusual is happening for some reason. That's an unusual IP address
or an unusual domain. And you
use your threat intelligence tools
to kind of see what other information you can find on that IP address
or that domain.
And that's a very common use case of our products and our users.
But I'd say that as important as that is and as necessary as that is,
even as I describe that, it's kind of
transactional, it's very human intensive, it's reactive, it's on a kind of a point-to-point
basis. And so, you know, I believe that there are significant opportunities ahead for really
building on, certainly building on that same kind of data, but assembling that data in different ways to really produce intelligence.
You mentioned it being reactive.
Can you kind of flesh out for us the difference between a proactive versus a reactive use of something like threat intelligence?
Yeah, I think that reactive really means something's already happening, right?
And you're just trying to figure out how suspicious, how concerning or not concerning that may be.
And again, in general, we see a lot of these cases where some security system has flagged something as potentially suspicious or new or novel.
Typically, a user is then responding, an analyst is responding to that and
doing a lookup. So inherently reactive because something has already happened. I think that
there are more proactive ways to use that same exact data. One of those is just by working to
take that human user out of the loop and build a machine-to-machine connection so that even though it's still reactive, it's reactive
in milliseconds and not minutes or days.
And so you've got an endpoint sensor of some sort that
sees that suspicious IP, issues an API call to a
threat intelligence service, gets back a risk score. We call them
tick scores in our platform.
That's our kind of proprietary score.
And then based on that score, automating an action.
So that's kind of moving, that's collapsing the timeline still, you know, fairly reactive,
but reactive in milliseconds.
And then, of course, more proactive is using intelligence to see how your organization looks from the internet and said differently, how it would look to an adversary, how you present to that adversary, what vulnerabilities you have to prioritize so that you can close those vulnerabilities.
And of course, one of the ways to prioritize those vulnerabilities, not only seeing them, which can be hard, and seeing them from the way that
adversaries see them, which is even harder. But one of the things that we're able to provide is
intelligence on what adversaries are doing, what kinds of companies they're targeting,
what kinds of TTPs they're using. And so I think the more proactive, more strategic is trying to close the gap between your defensive posture and
the myriad adversaries' offensive postures, trying to get
ahead of where they're likely to go. And the only reason I say this, if you go
all the way back to what we were talking about with what is intelligence really, the state
of the world is that there are way too many vulnerabilities in software
and networks to patch all of them,
certainly to patch all of them in the most timely manner.
New vulnerabilities pop up all the time. There are just too many of them
to patch, and there's consequences or business impacts of patching.
And so what intelligence can provide
is a way to prioritize the things that you're going to patch first
because there are critical vulnerabilities that are being exploited that you have connected to the internet
and that adversaries seek to exploit right now against companies like yours.
That's a proactive and intelligence-driven prioritization in this case.
What about the things that you might not know that you don't
know? I remember having a conversation once with a security person at a food processing company,
and he was saying that one of the things that he relies on threat intelligence for is to know if
maybe there's conversations going on out there about protests. Not a technical thing,
but those are dots that you need to connect.
We see a lot of this in practice and maybe a couple different kinds of things
that you don't know.
There's a fairly mature set of cybersecurity tools
to help manage your assets,
identify the assets that you have,
and a fairly mature set of tools
to scan those for
vulnerabilities and help manage your vulnerability management process of patching those and remediating
them. But what we're seeing in 100% of our hands-on customer cases is that there are internet
visible assets that the organization did not know that they had. The engineering team spun up a subdomain to test out some new software and didn't implement good security controls.
Or there's an exchange server that got left behind from a merger and acquisition that happened six months ago and it's still out there, but it has valid credentials.
or a VOIP system, a phone system that you're using and that VoIP provider also has some vulnerabilities
and your subdomains and access and credentials into your system.
Those kinds of unknowns are real risks to you
that are not visible in traditional tools.
They're not visible when you take a network-centric,
what's on my network view. You have to take a view from the internet and gleaning intelligence
from those is incredibly important. And I think in the spirit of your question has to be proactive.
And then also like just kind of following on the conversation you had with, with this guy from the
food industry, we monitor dark web forums, which oftentimes are the very
earliest indicator of targeting because we will see adversaries seeking to buy
compromised credentials for specific types of companies or even very specific companies and
government agencies. So they're looking for, do you have credentials? Do you have an access? Do
you have some infrastructure that they can leverage to accomplish whatever their objectives are?
And of course, we see them for sale there as well. And so if you're on that defensive side,
you're protecting your business, that earliest signal of your company or your sector is being
mentioned in these forums that are seeking to sell or gain access for
some future exploit, that's just invaluable information to kind of get ahead of the risk
that's coming your way.
When we talk about teaming up the public and private sectors here, how much of this is
an issue of being nimble? I mean, I would imagine
that an organization like yours can operate, pivot more quickly than a big government agency.
Well, having spent some time in government, nimble and agile are not words that we usually describe
government operations with. They're big, which oftentimes is important
with a tremendous amount of resources and knowledge and capabilities,
but not necessarily the most agile and nimble.
And you're right.
I mean, one of the advantages of being a commercial entity,
a private sector entity, and in our case,
a small business that is focused exclusively on intelligence.
And I think that's important in the sense that this isn't just another thing that we do,
where our main product might be providing some IT service,
and we happen to collect a lot of threat intelligence that we can also sell.
We are very, very focused exclusively on the state of the internet,
the vulnerabilities that are present, and then the on the state of the internet, the vulnerabilities that are
present, and then the intentions of actors and adversaries. And we are constantly seeking those
things out. But also to your point, we're reacting to them as quickly as we can. And so from the
engineering, all the way up through analysis, engineering is how fast can I see everything
that's on the internet? How current can I see what's taking place?
That guides the way that we collect data and organize data and develop machine learning to find changes and anomalies and interesting developments.
And then, of course, our analytical teams are starting oftentimes with hypothesis or standing questions from customers and kind of seeking
things proactively that, you know, that would be of interest to concern and leveraging the tools
that we provide. And so that, you know, adversaries generally, the offense generally moves faster than
the defense anyway. And so this idea of agility is essential when, you know, they've got many,
many things that they can target with fairly
low expense and very high speed.
And so we supporting, you know, defensive operations have to try to match their time
and, you know, their time advantages as closely as we can to keep them from being able to
accomplish their objectives.
We'd like to thank Brian Ware, the CEO at Looking Glass Cyber, Wayne Moore, the CISO at Simply Business, and Steve Winterfeld, the advisory CISO at Akamai, for helping us
get some clarity about the value of threat intelligence.
And we'd like to thank Looking Glass for sponsoring our show.
CyberWireX is a production of the CyberWire
and is proudly produced in Maryland at the startup studios of DataTribe,
where they are co-building the next generation of cybersecurity startups and technologies.
Our senior producer is Jennifer Iben.
Our executive editor is Peter Kilpie.
And on behalf of my colleague, Dave Bittner, this is Rick Howard signing off.
Thanks for listening.