Transcript
Hi Mike Matchett Small World Big Data and I am here today talking with Leostream again, and we're talking about something interesting. Uh, it's about how you might give access to everyone who needs access to your network, but they might not necessarily all be employees. You know a lot about your employees, but what about those vendors? What about those providers? What about those people trying to do integration tasks for you? Maybe you've got some remote admins. Maybe you've got some some other people who need temporary access to your network. How do you manage that in a zero trust way? Hang on and we'll get right into it. Oh, hey, Karen, welcome back to our show. We've talked to Leostream in the past, but it's been a while. What's what's going on? Okay, well, first, Mike, let me say thank you for having me. It's always a pleasure to talk with you and. Well, what's going on? There's some big and exciting things happening at Leostream. You know, we've been around for around for 20 plus years, and we've always been focusing on these remote desktop access use cases for corporate environments and their employees. And now we're taking all that knowledge and we're simplifying it. And we're really going laser focused on vendor privileged access management all about making sure that organizations can have really secure lock down access for third parties without sharing credentials and without plugging a hole or opening a hole, I should say, in your corporate VPN. All right. Let's talk about let's talk about third party vendors. Because, you know, there's there's lots of parties involved here. I just want to be clear for the folks involved, since we're we're doing this with, with, uh, words, uh, we've got, uh, a company who might use leostream and might have gateways to get from one site to another, from one part of their enterprise to another part of their enterprise, out to where their employees are and their, uh, that's sort of the normal use of your product, the remote desktop kind of, uh, ability to avoid using VPNs and avoid doing security holes and doing all that great Joe Trust stuff. What we're talking about here, when you say vendor, you're talking about for that company, their vendors. Right. Right, right. So if I let's take a media and entertainment company. Right. I've got production engineers who are part of my organization, and they authenticate through my corporate identity provider. I know who they are. I know which resources they have access to. You can use our gateway to give them secure access even while they're remote. But it's still it's still my employee. So they are they're allowed to navigate through the data files and do their jobs. But now let's say I have a contractor. I've got so much work. I need to have a contractor who's a video production editor, and I need to give them access to the editing system so they can help collaborate on products. But I don't want to wrap them in necessarily to my corporate identity providers. I don't want to give to give them access to all the different systems and data. I don't want to have VPN connections, and maybe I want to make sure they're going into a different cloud region. I need to manage that person differently than I do my employee. All right. So you've got you've got what you might call a supply chain of IT vendors going on there sometimes. So you've got people who might have provided you hardware needing to come in and do something, people who might do tasks for you occasionally, people who might do support things for you. But more and more, we're using remote workers. We're using contractors. We're offloading a lot of that from our own staff. But managing that can be really hard. And we talk about security and access. That's really a problem, right? I can't just give everyone the VPN and the secure keys to everything. I certainly don't want to give them the passwords to everything. Right. And that's kind of one of the keys right? There is you need to make sure that your secure credentials, an organization's secure credentials, need to not leak out of that organization. If you remember from I think it was 2013, there was target got hacked. Target got hacked because their vendor, an HVAC vendor, got hacked. And that hack of the HVAC vendor allowed target a malicious actor to actually hack into target. And so if that HVAC vendor had been more properly managed as far as what their access is into the target environment, that wouldn't have happened in the first place. Yeah. We can talk about similar incidents that have happened, especially with MSPs and things where, you know, there's there's a central point among lots of third parties. And if you give one third party access, then the world might have it if they get hacked. And that's the key, is just to not then give out those credentials to not expose them. So how do we so I mean, that just sort of presupposes so how do we use Leostream then what are you guys working up with your your IP here to to address this problem of folding in third party vendors into the security domain without giving them the The keys. So what we're working on is what we're calling the Leostream Privileged Remote Access Service. And in its first incarnation here, we're focusing on that vendor, privileged Access management, which is is really, in many cases, a very simplified workflow for remote access. I just need to make sure that the vendors can request access to the specific resources they need to maintain or operate on, and I need to make sure that the credentials for those resources never leak out to the vendor. And then I need to audit everything that the vendor is doing. So things like session recording, audit level tracking of when they log in, things like that. So that's what Leostream is providing, is a service that makes those three things very easy to do. And we're doing it in a in a unique way, which is we're taking the gateway, the Leostream gateway, that's part of our desktop access platform, and we retooled it so that organizations can use that, that leostream gateway now for their vendor remote access. So this means that they can use the Leostream service to really lock down authentication and the requesting and the approving and denying of access. And then the access itself, the desktop traffic, the server traffic, whatever it happens to be, goes through the customer's hosted gateway, never through the Leostream network. So the customer is always in control of their data. All right. So security control and visibility. We've got the kind of pillars that you're building there for vGPU. And just to be clear, uh, if I am a I'm a I'm an enterprise and I have leostream leostream gateways already for what I'm normally doing. This looks like another leostream gateway in some respects, but it's external to, uh, to, for vendors to use and but but how do how do vendors find that. How do they get how do they. Well, they don't need to know anything about it. So a leostream customer gets their own vanity URL. You know my company.com and the their vendors then go to that URL and they don't they don't know what gateway they're going through. They don't know where the resource they're connecting to lives. If it's data center, if it's in the cloud, they don't know the credentials for it. They simply click a little view button on it, and then they have an in-browser connection. And that could be SSH to a Linux server. It could be VNC to a mac, it could be RDP to a windows machine. But they have an in-browser connection where they can do their work. And that work is recorded so that the leostream customer, they always know what's going on. So yeah, it's transparency for the vendor, it's audit level tracking for the organization, and it's securing the credentials and data. All right. So and this is interesting too because there's a little subtle shift here. Like the the clients that are deploying this that want their vendors to come in and work. They're they're not having to stand up a service for the vendors to broker through to find this. You're providing that part of the The service where the third party vendors can connect to one URL using vanity URLs, but this one one place and that you'll point them to that, that customers thing. So you kind of front door this in a way that's kind of nice, but you're not interjecting yourself in the data stream at all. That remote desktop gets served directly back. Correct? That's exactly correct. Yeah. The one key for us was to keep it simple. You really want to simplify its task of onboarding vendors, indicating who can access what, making it easy for them to reject connections and track everything that's going on. And that's all done through the hosted platform that we provide. All right. This is a remote desktop. So when you say you can record all this and play it back at a later date, if there's security problems, you're actually not. You're not just getting the keystrokes going across, you're actually seeing the desktop that that person was using while they're doing it. So yeah, it is essentially a recording of the console. So if you let someone ssh into it? Then it's a recording of the SSH console. If it's an RDP connection, it's whatever's going on on their virtual screen there. Yeah. And to be clear, the RDP credentials, the SSH credentials never end up in the vendor's hands. That's something that that's handled by leostream within that connection. So it keeps it hands off. And you're not exposing those to be hacked or passed on in any way. Correct, correct. And but the recordings never end up in our hands. You know, they're sensitive data. And the recordings also don't end up in your hands. Okay. Yeah, the recordings aren't in your hands. The recordings aren't in the vendor's hands. They belong to the Leostream customer who's signed up, as you know, wants to use this service. So very secure, probably very compliant all around. And everything you make, you be able to check off those things. You know, lots of people have this, this third party vendor challenge, and they end up treating them either as temporary employees or giving them almost the equivalent of root privileges for a short time, and then forgetting about cleaning up afterwards. And, you know, I you know, from my experience, having looked at it, you can you can actually set windows of time that those, those uh, permissions that you're granting are good for. So someone can only have them for, to have that connection for only two days or a day or whatever it is. Uh, there are other things that people could, could sort of manipulate there as well. Um, yeah. Yeah. No, it's, um, definitely time of day access. That's very important. You know, vendors have a the the leostream customer indicates which resources vendors are allowed to access, but then the vendor can only access it during the specific window that they requested. And the Leostream customer, the IT admin for that organization can edit the windows. They can shorten it if they want. They can kick somebody out if they think that the user, the vendor should be done. All right. So you got a lot a lot of control. It's really some interesting stuff uh, in where that's going. Um, and uh, this, just really augments the larger set of gateways that you already have for remote desktop access, which, you know, I hear a lot, just just as a side, you know, I hear a lot of people saying, hey, VPNs are not something we should be using anymore in that sense, right? We should be we should be doing something much stronger than that. And so when we come to vendors, we probably shouldn't be giving them VPNs either, right? We should be doing something. Definitely not. Definitely not. And the thing too, like our our remote desktop access platform, it is it is very feature rich, which means it satisfies a lot of use cases. And you could use it for vendor privileged access management. But it it's going to take you a little time to set up and manage. And why do that when you now have this hosted service which within, you know, an hour minutes, you can have your vendors onboarded and your VPN or your VPN replaced with our security gateway. And your vendors are up and running. And doing very and doing very targeted tactical things, rather than spending a lot of time setting up the the whole strategy of how you want to deal with deal with vendors in the larger sense. Right? Right, right. Turnkey kind of way to say I can enable vendors. I won't even say tomorrow. I can enable vendors in an hour by deploying just this external VPN gateway, in addition to my other leostream gateways in my environment. So exactly. Very cool. Uh, Karen, uh, I'm sure you've got some more things coming along. You want to. You want to tell us? Uh, anything about the future? What do you predict is going to happen with this year? With that? Oh, so much stuff. So much stuff. Um, no, it's very exciting. We are getting ready to introduce the service to the world, and once it's out there, we want to start gathering feedback and adding in functionality that the market tells us is what they need in there. But one of the things that we already know we want to do is once we have these recordings, is look for ways to leverage AI to analyze the recordings and train it to look for malicious behavior and make automated alerts if it notices something that's going on that shouldn't be going on, and that way you have that extra security. We weren't going to get out of this conversation without mentioning I opportunities at least once in here. So yeah, definitely, definitely a lot going on in the AI space. I definitely see if you've got this full log, this full recording session, you know, this can be parsed any number of ways and it wouldn't actually take all that much. And I'm not putting this burden on you to start identifying malicious patterns and behavior and doing some proactive alerting with with AI on top of that as it goes. It's not my burden, it's my developer's burden. So I'll let. Them. So we'll have to have to have you come back and show us that here. Show us that here pretty soon. Uh, so tell us if someone wants if someone's now got their interest piqued, they've got this challenge. Everyone has this challenge. I don't know if they realize it. Uh, how do I give my supply chain of it? People? You know, my suppliers and vendors of my stuff that I normally have to give access to, uh, the right access and limited access and compliant access. Uh, where would you have them look? What would you have? What would you have them start researching into or getting? How would they take the next steps here? Well, I think the best thing to do would be to drop us a line. You can just email us at info@leostream.com. I see the emails that go to info leostream.com. Even so, I will. I will point you to the right people and we'll we'll get you started. All right, all right. Thank you so much. Uh, hope to have you back soon. Show us some some more of this, uh, gateway stuff. It's very thought provoking. You know, it just starts to wrap up all the corner cases of of zero trust. Because I think people have been saying zero trust, but they haven't really gone through their entire list of everything that needs to be handled. And one of these things is third party vendors. So this is good to see a solution for that. So thank you so much for being here today. Thank you. It was a pleasure. All right take care folks and check out Leostream.
