CyberWire Daily - HEAT: Examining the next-class of browser-based attacks. [CyberWire-X]
Episode Date: March 6, 2022Modern enterprises have evolved drastically over the last two years as a result of the global pandemic. Due in part to organizations pivoting quickly to new business models by migrating apps and servi...ces to the cloud to enable hybrid and remote workforces, the “new” office has quickly become the web browser. Today, business users are spending an average of 75% of their workday in a browser – that’s where productivity takes place! But the digital enhancements of the last two years have ushered in widespread transformation that expanded attack surfaces and created new opportunities for cyber miscreants, giving rise to Highly Evasive Advanced Threats (HEAT). During this episode of CyberWire-X, the CyberWire's Dave Bittner speaks with Dan Prince, Senior Lecturer in Security and Protection Science at the School of Computing and Communications at Lancaster University, about the topic. Show Sponsor Menlo Security's Nick Edwards and Dave explore what HEAT attacks are, how they work, and why they’re resulting in the rise of ransomware attacks and account takeovers. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, a series of specials where we highlight important security topics
affecting organizations worldwide. I'm Dave Bittner. Today's episode is titled
Turning Up the Heat, Highly Evasive Adaptive Threats.
The global pandemic has prompted an unprecedented shift in enterprise IT and security over the last
two years. Remote and hybrid workforces and the accelerated shift to the cloud
mean that business users are spending about 75% of their workday in the browser,
and attackers have adapted their tactics, techniques, and procedures
to take advantage of the expanded attack surface this new normal provides.
In this edition of CyberWireX, we'll take a closer look at browser-based threats and vulnerabilities, and explore the notion of highly evasive adaptive threats, which our show sponsor Menlo Security refers to as HEAT.
A program note, each CyberWireX special features two segments.
In the first part of the show, we'll hear from industry experts on the topic at hand. And in the second part, we'll hear from our show sponsor for their point of view.
And speaking of sponsors, here's a word from our sponsor, Menlo Security.
Trust is a wonderful thing, except when it comes to remote access.
Back when applications were centralized with just a few remote users,
you could trust they were safe enough.
But with remote work and cloud-based applications now the norm,
trust can only go so far.
Only Menlo Private Access, or MPA,
offers true zero-trust remote access to your private applications.
With its elastic isolation core, MPA keeps users separated from applications.
To gain access, users must be authenticated through MPA, ensuring every connection is visible and secure.
Simple to deploy, scale, and manage, with MPA, remote work is both seamless and safe.
Users have full access to the tools they need, but only those tools.
And only once you trust them.
To learn more about Menlo Private Access, visit menlosecurity.com slash cyberwire.
And we thank Menlo Security for sponsoring our show.
To start things off, I speak with Daniel Prince, professor of cybersecurity at Lancaster University.
Later in the show, I'm joined by Nick Edwards from Menlo Security for his perspective on highly evasive adaptive threats and what he and his colleagues at Menlo Security believe can be done to stop them.
It's really interesting from a security perspective, looking at the way that the
landscape's really changing. So it wasn't that long ago that we were really talking about
bring your own device, and that was the big security
threat but with you know the the pandemic accelerating the move to online cloud-based
services it's you know it's for me it's really about the the bring your own browser kind of the
threat we've lost you know we're not even worried about or we've lost control of the actual device
completely and now it's the applications on the device devices that we use on a day-to-day basis,
that are providing that portal onto the work platforms that we use and we need to survive in our daily lives.
And so what's interesting there is that something that was an application is now the essential part for us to be able to do our
work.
And it was never designed for that.
And we've got a history of this all the way through from when we first started out, we
had an open internet and then we put firewalls in and then everybody kind of said, well,
firewalls are a pain, so let's just put everything over the open ports on the firewalls.
So everything became kind of based on web communication traffic.
And then we moved away from having static devices to mobile devices like laptops and tablets and phones.
And everybody then started to bring those into the office.
So we lost control of that.
And now, again, we've lost control of those, the actual physical devices.
And now we're just looking at these portals onto our work
applications. So it's a really interesting trend. In some ways, we're concentrating the risk in
more and more into smaller and smaller areas. And this is part of the latest trend, focusing the
risk of security threats into a web browser. It strikes me that it's almost as if the browser is an operating system onto itself,
where so much is coming through it,
so much is dependent on the ever-increasing capabilities of the browsers,
and of course with that comes vulnerabilities.
Yeah, it fundamentally comes down to this idea that the browser is an information retrieval tool.
I mean, that's what it was designed for fundamentally.
So we're taking a flathead screwdriver and trying to use it for a star Phillips screw or a positive drive screw.
So we've got the wrong tool in some ways for this.
And you inherently then get this issue that if you've got the wrong tool in some ways for this. And you inherently then get this issue that if you've
got the wrong tool, you're going to get security problems because people have designed it for a
completely different purpose. And another example of this that I kind of use when I'm teaching
is around GPS. I mean, GPS is a global positioning system. And to do that, it has a very accurate timing capability.
And so when these systems started to appear in ships
or wherever else they're deployed,
people went, oh, this is great.
We've got an accurate timing capability.
So let's use that for other purposes.
But if you then start to corrupt that timing signal,
then you can start to corrupt other signals.
And it's the same kind of issue here.
We've got a system, web browser, that's being used for a purpose that it was never intended.
And as you say, the purpose is to kind of act as the interface to an operating system.
And that comes with inherent problems. And then you layer on top of that, that it is
inherent problems. And then you layer on top of that, that it is around the users using it.
You know, it's not a system to system issue. It's a user interface issue. You get all of those additional problems of user security problems, user security issues that come along
with that. I suppose there's two sides to it because we talk about the shift to cloud services and so many of the things that we do in business day to day have moved to the cloud or are provided as a service.
And there are security advantages to that.
But at the same time, you're pushing things out there.
Everything's coming through this one funnel that is the browser.
So it's sort of a situation where, you know,
things giveth and things taketh away in a way.
Yeah, definitely.
And you see a lot of organizations moving to this online environment,
being able to provision once a good virtual machine
that you know is securely set up.
And if there are any issues,
you can just roll it back to a known good state.
And that comes with lots of really strong security outcomes.
But as you say, and sort of going back to some of the previous points,
it's concentrating the risk on this application,
which was designed for a purpose that was never intended.
And so you get all the potential security issues
and data compartmentalization issues
that we know how to fix in operating systems
and in fact in other applications as well,
but we've never really experienced in this way
when using a web browser.
And so those interactions now of the security issues,
the isolation, the compartmentalization, the types of things that we've seen implemented in operating systems to protect us against malicious attacks.
And now we're going to have to start thinking about how do we put those into a web browser because it is this really useful interface. And in some ways, it comes down to this classic
operational capacity versus security.
You can never have everything,
and it's depending on how much money you want to put in
and it depends on how much resource overall you want to put in.
It depends on the security and the functionality that you have.
And the reliance on these types of web browser kind of models
is that you're hoping that
whoever is providing the web browser is doing a good enough job to provide the security there.
But if you look at the plethora of web browsers that are out there, and if you talk to any web
developer, you know, they will complain bitterly about trying to support multiple web browsers to
get their web pages to work.
Now we want them to be Windows onto operating systems
and complex business processes.
So there's a real challenge there.
But fortunately, I think,
one of the things that's going to really push the security forward
is because we're going to start seeing a concentration
of using web browsers for these types of services.
Inevitably, that means that web browsers are going to have to improve
because as soon as one browser gets better with security,
the companies are going to mandate using that one for their company.
And then somebody else will leapfrog that.
And so we'll get into this almost like commercial arms race of web browser,
hopefully, web browser security increases.
What about the threat actors themselves? As they adjust and evolve and target those
vulnerabilities and in doing so become more evasive themselves?
Threat actors will go where the easiest target is generally. That's the general rule. I mean,
they're like anybody else. They don't want
to make their lives difficult to achieve what they want to achieve. And so at the moment,
the richness of the target of the web browser and because of the complexity of the services that you
can access via the web browser is driving them to target it. And that's because that's where the goal is going to
be achieved the easiest. And as I said, the underlying mechanism of the web browser was
not designed for this purpose. And so there are lots of really interesting exploitations
that you can go at. And it's almost like this is the low hanging fruit. And it is of interest
because of the way that the web browser
is now being used to access the business processes
or the interesting information that individuals have access to.
Do you suppose this is the shape of things to come,
that this trend toward everything flowing through the browser,
that's in our immediate future?
Yeah. everything flowing through the browser, that's in our immediate future?
Yeah, I mean, even at our university, we've adopted this model for access to certain university systems.
So commonly when I'm accessing student record systems, I will use a web interface to get onto a virtual machine that is built in a specific way
that provides assurances around security.
And so it's not just these critical services,
but we're starting to see an adoption of this type of approach
for broader services that perhaps you would typically in the past run locally.
And just because it's easy for the user, everything is in one place.
And the process of making it easy for the user is really important for that functionality.
And so there will be the next stage on from that.
This will force browsers and browser technology to develop and enhance.
And you will see, I'm certain we'll see things like enhancements or accelerators for accessing these types of services.
And then we'll see how the threat actors will take advantage of those enhancements.
And what's interesting around the kind of the web browser interface for me is this idea that actually, because it's just about information retrieval, and certainly
more recently, it's about that kind of separation out so that you can't get that cross-contamination
between different websites and different information, it's still very much reliant on
the underlying operating system and other applications to protect it, whether that's
network information, whether that's the network information,
whether that's detecting malware. But when everything is sitting inside that browser or
targeting a machine that might be remote from that browser, and the browser is the way in,
and the portal onto that, the network tunnel onto that, then you're going to start to see these new
types of attacks. And specifically specifically the protection mechanisms that we
had or have are not configured or not set up to really be able to detect that so it's a new way
in and so it's going to be really important to see how the underlying security mechanisms of
like the operating systems and malware services and so on adapt to be able to to pick up these
these kind of evasive attacks that are coming in
via the web browser.
That's Daniel Prince.
He's Senior Lecturer in Security and Protection Science at the School of Computing and Communications
at Lancaster University.
and Communications at Lancaster University.
Next up is my conversation with Nick Edwards.
He's VP of Product at Menlo Security, our show sponsors.
Browsers as a technology have been continuing to increase in terms of their horsepower,
their technical capabilities, what they can do for users.
And I think that's driven by a broad range of things,
not the least of which is the consumerization of what was historically
kind of high-end enterprise IT functionality to make the web more useful
and more kind of meaningful for both users and people who are kind of marketing or selling
to users. So things like dynamic creation of content that is targeted to you based off of
cookies or what kind of the, you know, vendor might be kind of aware of with your background
and your profile, all these things make it so that browser can give much more focused content.
It can change that content depending upon what the geography is or what the user is trying to do and make it more customized, you know, regardless of platform, whether you're coming in from a mobile device, whether you're coming in from a laptop, whether you're on a Windows machine or Mac machine, whatever it might be, just the browsers have become more powerful and their kind of
innovation curve is probably, you know, one of the fastest in the broader kind of IT industry.
And given where the browsers are, that means that customers and, you know, users who are
accessing enterprise technologies are able to capitalize on that to do their enterprise job.
You know, I think when you look back, let's just say 20 something years ago,
you know, in the early days of technology, so to speak, the internet,
you would go to work and everything that you would need to do for your job
is kind of located on that physical machine that you're working on.
You know, whether that is, you know, kind of the spreadsheets,
the documentation files, you know, whether that is, you know, kind of the spreadsheets, the documentation files,
you know, any kind of advanced applications, typically all that was happening on your desktop,
your PC. And now all of that stuff, you know, typically is outside of, you know, your quote unquote desktop, meaning the data that you are accessing lives somewhere outside of, you know,
your corporate, you know, boundary. The applications that you're using lives somewhere outside of your corporate boundary.
The applications that you're using are not necessarily hosted internally.
They're hosted kind of on a third-party SaaS platform, and your browser is rendering that
functionality.
So I think it's kind of the marrying of the advancements of the browser from kind of an
internet technology perspective, and then allowing that to be leveraged for,
you know, legitimate business use cases that really make kind of the browser such a central
part of our jobs and our personal lives on a regular basis. I think the last time we looked
at the data, users spend 75% of their time in the web browser on a daily basis, whether that's kind
of web conferences, whether that's using, you know, file sharing tools, whether that's kind of operating kind of a webmail interface, whatever
it may be. And, you know, historically what we've seen is bad guys go where the people are and
they're going where the browser is. Yeah. You know, I think of my own personal use and I think
it tracks exactly what you're describing here, how, you know, even things like day-to-day stuff
like email, you know, where I
used to have a dedicated email client on my machine, it's a lot easier to do it on the browser.
And also there's that convenience of being able to not have to lug a computer home. I can just
log in from my home computer or on my phone or, you know, so there's lots of upside to this. But
as you all are pointing out here, there are some security concerns as well.
Yeah, there are.
I mean, what we've seen is as the browser has become more powerful, the cyber criminals, the hackers, the bad guys are taking advantage of that.
happens that the network security stack is not designed to protect the browser in a way that it might be designed to protect kind of an end user's laptop or desktop. The way JavaScript operates,
the way HTML operates, the browser is basically another kind of almost like an OS inside of the
OS. It has the ability to execute code. It has the ability to do things that are pretty
smart. And the cyber criminals are aware of that. And that's one of the things we realized when we
talked about this notion of heat. We saw these attacks that were occurring that were very
adaptive, very advanced, and they were breezing right through really extensive security tool sets that probably every large organization in the world had.
If you think about all the ransomware attacks or whatever it may be over the past several years, when you're looking at a large fortune company, pretty sure their budget is big and pretty sure that in most cases they can buy all the tools that they need,
whether that's a firewall, a sandbox, a very high-end secure gateway, a proxy, a malware
scanner, et cetera. And somehow these attacks were getting through that. And one of the big
things that we've seen from a thread vector perspective is that they are essentially
leveraging the inherent virtues of the browser to do things like drop files or to build payloads on the browser.
Therefore, when it goes through the security stack itself, all the security stack sees is good old-fashioned JavaScript that is probably going to do what normally a good set of JavaScript would do. And so it's really harder for these tools
to keep pace with that
and to be able to prevent the ultimate rendering
and execution of code in the browser
in a way that would not disrupt the user experience
and create all these problems
from a usability point of view.
And so I think that's one of the big trends
that I think underlines what we're seeing
from kind of this highly evasive adaptive threats
is that the cyber criminals, you know, have had time to really unpack and to look for the weaknesses
in the existing security stack. And that kind of married with the advanced functionality and
capabilities of the browser, make it a really hard problem for kind of legacy approaches to solve.
So you all are using this term HEAT, which stands for Highly Evasive Adaptive Threats.
Can we break that into those sort of two component pieces as they sit in my mind,
which is you have the evasive part and then you have the adaptive part. What are you all tracking
in terms of those two angles? Sure. So the evasive part is really around its ability to evade the legacy security tools that are in customer environments.
It's like if a bank robber is going to go to rob a bank, they're going to really study the bank.
They're going to analyze what tools they have and where are the cameras, where's the security guard, what's the shift, where's the the secret button that the tower is going to push? All these sorts of things.
And they use the same approach when it comes time to trying to, you know, deliver ransomware or other things. their security profile and build capabilities that will evade these traditional tools of firewalls,
sandboxes, proxies, secure gateways, and so forth. And then the adaptive aspect is really around
its ability as a threat to adapt to the environment, to kind of leverage the capabilities
that are existing and resident on that are, you know, existing
and resident on that user's platform device, whatever it may be, to have a higher success
rate at being able to ultimately kind of land the payload to deliver the drop of malware
or ransomware, whatever it might be.
And so that's where, you know, kind of we'll see oftentimes that some of these attacks will be OS aware.
They will be technology capable aware
of whatever the browser is doing,
what kind of a browser it is,
what version of it, so to speak.
And all these things ultimately will capitalize
on this core ecosystem of the internet
that we use on a regular basis.
So it makes it really hard because you can't block, you know, all the unknown websites
in the world because you will just break the way the internet works.
And, you know, end users will complain to the IT department, hey, I'm trying to go to
my, you know, kids soccer team's, you know, registration site.
I can't go to it.
What's up?
You know, so, and the bad guys know this. So they'll
do things like squat on URLs. They'll buy URLs. They'll just wait on them. They'll allow them to
develop somewhat of a benign profile in URL filtering platforms. And then they'll strike.
And they'll use that knowing that the first couple of attacks they deliver will bypass any of that coarse URL filtering and ultimately have some success with that.
So kind of really being adaptive to the attack environment that they're operating in and the users that they're going after and whatever type of technology they may have in place, you know, from the endpoint, the browser, kind of further upstream in the network security stack.
So what are you and your colleagues there at Menlo Security advocating here? How can people best protect themselves against this sort of thing?
Well, so in general, I mean, I do think that, you know, the industry has done well with these
prior notions of defense in depth, you know, which means that, hey, look, you know, you don't want to
rely on any single tool to keep you safe. So do the smart things like multi-factor authentication.
It doesn't stop malware completely, but it's a good component to the tool.
Endpoint security, EDR, these sorts of things.
Again, good tools to have, good hygiene, being able to do anything from a threat intel perspective.
You're going to want to be able to collect telemetry and analyze that stuff. So all those things are really
relevant. But when you look at kind of the upstream set of devices that have historically
provided security, you know, when you're talking about proxies and firewalls and so forth,
there's a component of the defense in depth model that just doesn't deliver value to stop these types of attacks.
And our perspective is that, you know, kind of a platform that is focused on the browser,
focused on analyzing the content that's in the browser and delivering kind of clean data
is what's needed. And that's one of the things that we've done really well in terms of our
investments in technology and intellectual property is kind of usher forth a new approach to this using browser isolation as a key functionality.
And that's kind of our philosophy and our approach. And that's what we're able to deliver
to customers today to keep them safe from these types of heat attacks.
What exactly do you mean when we're talking about isolation here? How do you define that?
So I would say most basic in terms of a comparison would be it's, you know, if you're familiar
with some of the kind of legacy approaches to security and, you know, military environments
or federal government environments, basically you had, you know, computers that were never
allowed to be on the internet and they were never connected and they were used for a lot
of internal applications and internal communications.
And then you had a set of computers that couldn't be exposed to the Internet.
And those two kind of networks never touched, you know, so to speak.
You couldn't go from one to the other.
You had to literally, like, go to another device and log in and do whatever you needed to do.
And that created this notion of kind of an air gap.
notion of kind of an air gap. Well, isolation is kind of a similar vision of that, but much more capable and much more, you know, kind of competent in terms of what it's able to do from a security
perspective without disrupting the user's ability to do their job using the internet tools that
exist. And isolation, what it does is instead of you going to, you know, your favorite website,
your sports site, your news site, you basically
go through kind of Menlo's platform.
Our isolation core says, hey, you know, Dave's trying to go to this website.
Instead of that web content going directly to his computer, you know, we're going to
render it on our computers in our cloud.
So we basically have, you know, this platform that will render the content.
in our cloud. So we basically have, you know, this platform that will render the content. In a sense, it's kind of able to deliver a clean pipe, you know, to the end user's laptop,
end user's machine, kind of using isolation as a technology to do that.
And what about from a user's point of view? How does this sort of thing affect the types of things
they may want to do on a daily basis? So, I mean, that's a really good question. I think historically, in a kind of various attempts to deliver, you know, remote desktops or kind of
VDI infrastructure or whatever it may be, you know, usability hasn't been great, you know,
and I think as the, you know, kind of web has improved and, you know, you can watch videos,
they're highly effective and, you know and really well rendered and high fidelity.
Or if you're looking at things like gaming or this kind of stuff or maps or any of these
things, historically, these remote desktop VDI environments have really struggled to
deliver a good user experience.
So when Menlo was founded several years ago, we realized that, hey, look, what's going
in our favor?
Well, bandwidth is only
getting better. Cloud computing is only getting more powerful. And browsers are only getting more
capable. So we're able to kind of dovetail and leverage those trends to kind of take a step back,
reinvent kind of how this type of technology should be delivered to ultimately give a native
user experience. You know, we have millions of users on our platform all around the world in a varying number of capacities,
whether that's, you know, financial customers,
military users, you know, entertainment,
media, technology, et cetera.
And in these cases, you know,
when they're trying to do their job,
if you can't deliver a quality experience to the users,
then, you know, they're going to call the help desk.
You know, we all know, like when we've had problems with rendering, you know, you call IT,
hey, what's going on? I can't do this, you know, and then that will quickly get escalated. And
the only way you can scale is by taking the time to do it and build it right from the ground up and
not kind of try to bolt it onto existing functionality. And that's kind of been our approach from day one is let's try to deliver the best user experience,
whether coming from an iPad, you know, an Android device, Windows or Mac,
whether coming from a Chrome browser or an Edge browser, whatever it may be,
and make sure that we are transparent to the users.
And I think, you know, historically, IT has had challenges with delivering
effective security because it will come at the expense of friction of users. And I think kind
of this type of approach is definitely in kind of the realm of, you know, being able to deliver
high-end security to give great security outcomes without compromising the user experience and their ability to do their day job. Yeah, it strikes me as kind of, you know, being able to remotely detonate all the websites you
visit, you know, off-site, right? So, you know, they always say, don't click the links,
don't click the links. Well, some people need to click the links to do the work that they do. And this is a way to have that happen on someone else's
property, but still be able to do the things you need to do.
Yeah, exactly. Exactly. I mean, it's very much one of the core pillars of the future
world of technology, you know, in terms of safety and security is ultimately it's going to be really
hard to trust the wide range of websites and applications that exist out there. Even if
they're good websites, the software developers may make mistakes and they may get compromised.
That still happens. So you can't always even trust, you know, the websites that have historically been known to be good. So you have to have an approach that will essentially, you know, assume that bad things can
happen, you know, from websites. And if that's the case, then well, how do you want to protect
against it? Well, you probably want, you know, some technology approach that is analogous to this,
where instead of that content being delivered directly, it's kind of delivered by a vendor that can do it well and deliver secure content that doesn't disrupt the user's day-to-day existence on a professional and personal basis.
What about the actual security of this sort of thing?
If everything's being done remotely, how do I know that the folks who are handling that remote part of it don't have access to my own things that I want to keep secret?
Yeah, it's a great question.
I mean, obviously, the industry has had challenges in this area before with respect to who's watching the watchers, so to speak.
And I think a variety of factors come into play there. I mean, one is prospects
should really understand and kind of interrogate their vendors' longevity, who their customers are,
what are the security demands of their customers, and so forth. So as an example,
mental security, the Department of Defense has standardized on our approach to browser security with an
initiative that allows Menlo to be the front line
of security for this browser isolation across a variety of
our different service member organizations. I think that
is a very relevant third-party data point that organizations should
look for when they're
talking to any vendors. Who are your most demanding customers and what's their experience
been like? Then I think on the other side of the spectrum is understand the company's compliance
engagement. As a vendor, it's always a lot of work and sometimes it's non-trivial work to comply with things like FedRAMP or common criteria or any of the ISO standards and this kind of thing.
But they serve a very valuable purpose, and it allows for the broader market and industry to have a baseline of expectations.
And they can quickly filter out who's able to kind of deliver on the security expectations
from a process, procedure, and technology point of view based off of these things.
So I think kind of it's a combination of both of those things.
And hopefully the industry has evolved its approach to trying to sell things and people
are hopefully more transparent and operate with candor.
And I think that the buyers have gotten smarter and able to kind of see through that and sift through that.
So hopefully it will deliver a better outcome for everyone.
What are your recommendations for someone who's intrigued by this?
You want to see if it's the right fit for them.
How should they get started in terms of shopping around and seeing what works?
Yeah, so our overall perspective on this is obviously they should start with taking stock
of what do I have in place?
Are there any big gaps in terms of technology that I'm missing that my peers or kind of
best in breed, best in class, sister, brother companies have that I don't?
And I think that's always a good starting point is taking stock of what
capabilities we have.
And then thinking about the future and kind of where,
where is technology going and using that as kind of to help guide their
roadmap for what they're going to deploy.
We are strong believers in this notion of technology of isolation technology
to, to solve these problems. And, you know And typically when we engage with customers, we give them the ability to kind of basically
test or probe their own environment's susceptibility to these heat attacks.
We have some things we can run with customers in a consultative manner to say, okay, well,
maybe you have some of this solved.
Okay, well, good.
We'll just run these couple of tests and you can see kind of, you know, what level of security controls you have in place. And then you can also go a little
bit further and get a better understanding of, you know, how much exposure you might already
have in your network. And that's all very important because one of the things we see in these
heat is primarily kind of about some of the techniques, threats that people are doing to
kind of bypass the security stack.
But typically these attacks are often used for,
you know, kind of ransomware payloads
and that sort of thing.
So I think use the opportunity
to investigate your ransomware defenses
as a vehicle to hopefully upgrade
and try different approaches.
And I think it's Einstein who's credited
with the quote of, you know, insanity is doing the same thing over and over again, thinking that you're going to
get different results. And I think that should speak to security buyers from a way of, well,
like what we've been doing isn't quite working. What are the technologies that I haven't had that
might be maturing in a way to solve some of these problems? And I think a lot of times that will
point back to isolation of the technology.
Our thanks to Daniel Prince from Lancaster University and to Menlo Securities' Nick Edwards for joining us.
CyberWireX is a production of the CyberWire
and is proudly produced in Maryland
at the startup studios of DataTribe,
where they're co-building the next generation of cybersecurity startups and technologies. Our senior producer is Jennifer
Iben. Our executive editor is Peter Kilby. I'm Dave Bittner. Thanks for listening.