Transcript
Hi Mike Matchett with Small World Big Data and I'm excited here today to talk about more security because we all need more of it. Uh, specifically, um, there are some edges to people's security paradigms that they're not always taking good care of, and it's often hard to recover from attacks or corruption or so on on that. And today we're going to be talking a lot about, uh, Access and Active Directory and things like that, and what happens and how do you recover when things are going wrong there. So, uh, with that, I'm going to bring on Cayosoft in just a second. So hang on. Hey, welcome, Bob. Welcome to our show. Hi. Thank you. I appreciate your time. And, uh, thanks for having me. Yeah. So let's just start a little bit about positioning Cayosoft. And maybe I'm not even getting that right. How did you get into that sort of niche of the security market? Sure, sure. Well, you did get it, right. It's soft. Yeah. Um, it's also K.O. soft. We're we're we're not. Coyote or Canyon or whatever. Um, it's the Spanish word for small island or a key. Uh, a key is in a small rock in the water, uh, with the idea, uh, that, uh, prior to cloud, all of the network infrastructure for different organizations was all disparate. It was all disconnected. It was very secure. And when people went to cloud, that opened up an opportunity for people who want to do bad things to attack your environment. So our job is to help, first of all, manage that transition to cloud for our Microsoft customers and also to help you protect your island of identity, uh, as it moves, uh, and connects into this new modern age we have. Right. So we've got this idea of identity. In the old days, we logged into a system or a server that was within a huge firewall. Uh, but today We've got edges, we've got remote workers, we've got hybrid situations, we've got SaaS tools, we've got things over there. So identity becomes a lot more amorphous and difficult. Security is wrapped around the identity. Absolutely. Yeah, yeah. And there's no single wall anymore to say, here's where we give our identity once. I mean, this brings up, I hate to say it, zero trust, but there's, there's this idea of of of proving that again. All right. So tell us a little bit about um, then more specifically, what are some of the problems people are having in your perspective? What are the sort of the big couple three problems that people have with identity today? Sure. Um, I think the first thing, it's not a problem. It's just something we need to recognize up front. That kind of sets the stage for the other things. I'll mention. Uh, Microsoft's Active Directory, uh, has been around for 25 some years. Right. Uh, it is still the number one identity, um, authoritative source in enterprise. It just is 75, 80%. Um, you will have ID in the cloud now. It's a natural progression to marry those two together. And so you have this hybrid environment that is the standard today. Um, there are smaller organizations who go with no on premise or legacy type products. Uh, but we have to face that fact that Active Directory is here, and it's going to be here for a long time. So that in itself, um, uh, causes some, some issues. Not that it's a bad system. It just wasn't designed with anticipation for cloud or for remote. Uh, and so it also because of its popularity, um, becomes the number one place where folks that are, uh, trying to attack either to deny service to the directory, the logins or to install ransomware or, or, um, attack your environment. Those threat actors, those bad actors, those bad guys, it's the number one place they go to attack an environment. Something like 97% of of malware attacks target Active Directory to begin. Okay. Yeah. Huge problem. Um, and so you have to be able to keep an eye on the directory. You have to be able to put things in place to protect it up front, to try and prevent people from getting in. And then if the worst case happens and they do get in, uh, they may be lurking around, you want to identify that as quickly as possible, those threats or those risks. And then if they execute something that, you know, like a ransomware attack in the directory, services are completely removed from your environment or completely taken down. You want to get it back as fast and reliably as possible. So we're talking about like, adding, uh, security to Active Directory itself. We're not talking about replacing Active Directory necessarily. That's right, that's right, that's right. Um, it still serves the purpose it did prior. Uh, it just needs maybe a little, little love and attention. That's one thing we saw. It became infrastructure. So I'm going to show my age here for a moment. Back in the day, we used to hear these stories about Novell servers. Uh, some hospital would be doing construction. They'd put a wall up, and then they couldn't find the Novell server for two years, right? It still worked, but then eventually somebody would tear the wall down. There's that server we've been missing. Active directory is like that. It just works. Windows server just works. And so it kind of got relegated to infrastructure. And so some of the security initiatives that have been going on over the last couple of years have kind of missed the fact that Active Directory is the place people are attacking to get in the environment. Partially because it was a little neglected and partially because, um, you know, people didn't quite understand how it should be configured for a more modern cloud and remote work world. So that rationalization, once they kind of understand that it's not will the Active Directory get attacked? It's when your Active Directory is going to get attacked is critical rationalization for it, folks. The second thing is you have to really understand from a business perspective, it's the keys to the kingdom. It's how you log in to virtually everything. Even if you log in on premise, uh, you're still granted access to that on premise ID through Entrer in the cloud or through Okta or whatever it is that you may be supplementing your security with. Um, and then once you're in Active Directory or an ID, because the model that they use to grant access is typically through groups or through some kind of policy. If you have access to that from an administrative level, you now know where all the goodies are too. We call that the treasure map. So it's the keys to the kingdom, and it's the the treasure room, right? So it's a critical infrastructure piece, and it has to be, uh, supplemented with some management, proactive management, definitely some better security monitoring and threat detection. And then finally, you need to have a really fast and reliable way to recover it should something happen. You know what? You know, what I like about your description was sort of that that you kind of went by this. That Active Directory is now a infrastructure, but I like to think of it as brick. It's not it is not the security itself necessarily. There's identity management is a brick in the infrastructure. Uh, that does get attacked. I think people could start thinking about it that way. Might do better for themselves. The second. The second thing I kind of want to ask you. So like Microsoft must know this, right? I mean, this can't be a secret. Sure. Why? Why aren't they filling this gap of security need on top of Azure Directory? Why is this requiring, uh, you know, folks like yourself to. So there are two answers to that. One is the answer that we use internally with sales and marketing and product planning. And that one's boring. It's just it's not a big enough space for it. Right? Okay. Um, or it wasn't at the time. And there are other vendors that have been doing this for a long time. Um, we would argue they haven't been doing it that effectively for a long time. Um, but that's a that's a different argument. The second piece to this is that I believe from talking to, um, the actual folks running corporate and running product teams and things at Microsoft, their future, they believe, is untried. It's not the on premise client server world which we've all left. Or let's say we have one foot in both camps. So eventually I believe their their thought is that they won't have an Active Directory on premise. It'll be untrue. There may be something that that supplements that for local authentication or something to make it speedy. Uh, but they're they're pretty pretty clear. They don't necessarily want to have two solutions that do very similar things. Um, but this is a transition period, right? This is a journey from on premise client server legacy to cloud SaaS, you know, web server. Yeah. I mean, I mean, we could talk about mainframes all day long, right? It's like, you know, they just don't go away. Right, people? Um, and I mean, the other thing that occurs to me, I mean, it's be relevant to talk about in that light is, you know, the, the, you know, Skype going away. You know, they bought Skype and they want everyone to go to Microsoft Teams, which is their future. Hard to argue with that as a roadmap item. And yet, you know, it's like it's like you know, the magnitude. I think one of the interesting things that I learned over the last 25 years doing this, the magnitude of the number of people who log into in to Active Directory on a daily basis. I don't believe very many people understand just the size of that market. I think when you see some of the statistics, you know, the billion authentications a minute or some crazy numbers Microsoft throws out there for contra, you got to realize they've already been doing that on premise for a number of years, you know, 30 years or whatever, 25 years. Um, and so I think, uh, if you understand the magnitude of the customer base that they serve, it is not an overnight move. It's a very long, methodical, um, sort of step by step. And keep in mind, this isn't the only platform they've had. They have Microsoft Exchange, they have SQL server, they have all these other SharePoint, all these other. And I heard one guy at Microsoft lovingly call them contraptions. They have all these other very complex software that were client server based. They were designed to go into a data center. Now the models changed and now they have to be very careful as they transition people through that, that that journey. I'm glad I'm here. This is a paradigm shift that we've jumped on as a company. Um, and we believe that we're a big part or can play a big part in that journey from on premise only through the hybrid transition period into your cloud only environment. Yeah, I rarely do this, but I'm just going to say I've been writing recently, uh, about, um, sort of this market evolution forces and how things get to like a commodity service, but then it causes in this Wardley mapping terms of genesis effect there. And it's huge opportunities for players such as yourself. Right. You just can look around this. Um, so just just for the folks listening here and I know we don't have, you know, the hours it might take if you were really sitting down to do this, but could you just walk us through some of the things that go that get hacked in Active Directory and then some of the specifics that you mentioned before, how you help someone get past that or recover from it or prevent that, just give us a couple of concrete examples. So there are a large number of um, let's start off with the simple thing, potential risks that are missed. There are a large number of configuration points within Active Directory. There's a group policy engine in there that that allows you to configure settings. There are security templates for assigning permissions to people to manage the directory. You know you have this concept of an administrator versus a user, right. Everybody understands that I think um, and unfortunately there are some legacy components in the windows operating system, uh, that when you're operating remotely, it's very easy to compromise a workstation. And once you compromise the workstation, you may be able to then move laterally over to Active Directory. And then you may be able to based on on incorrect settings or missed, uh, configuration settings, compromise an administrator's account. So the first thing that we kind of look at is, is what risks are in the environment that we can help find we have threat detection. Um, and that threat detection, uh, component will look and do a scan every day and then it'll, it'll alert you that, hey, there's something misconfigured that is opening a risk for you. Um, there's the second stage of that, which is a risk has already been, um, exploited. And there may be a compromise that we can recognize. So that same threat detection component will look for those compromises and warn you. Um, and then we have a layer of, of security that we wrap around. Think of it as a firewall around Active Directory. The native tools are designed to use native permissions. That means if you can compromise an account that has access to the native side, you have native permission access, which, you know, there's really no way around, uh, preventing that. So we have a firewall where we get rid of those native permissions and put a, um, I call it a traffic cop in the way to make sure that people have the correct permissions, but then they're also following all the business rules that we want. Uh, so we have a roles and rules infrastructure that helps people do that. Then we also have change auditing and change monitoring for not just, you know, what changes were made to your directory, but also your access policies. Conditional access policies and probably 250 other things, both on premise and cloud. And then finally, the big one is, let's say somebody does get in and hack the directory and they introduce ransomware. Um, we have a and I'm very happy to say we have a patented process that allows you to back up the directory every night and all your servers, and then reconstruct a virtual version of your directory. Think of it as a hot standby, uh, or a fault tolerant version of your directory. That way, you don't have to worry that your backups are going to be corrupted or contain the virus, or the malware that took the environment out in the first place. And you don't have to worry that, you know, some change to, to crowdstrike's, uh, drivers or some other thing has ruined your backups, or there have been some corruption in the backups. You find that out daily because we're creating that virtual version of your directory every night. So we virtually, you know, we've basically eliminated all the fear, uncertainty and doubt about doing just traditional backups and recovery. And then if you do get hit and your servers are wiped out. Um, we have a a running hot standby that is not going to be compromised in the cloud. And we have the threat detection to help you figure out what happened to compromise your on premise environment so you can correct that, plus a lot of tools to lock the environment down. All you have to do is change a router entry and then you're back in business. Your directory is up and running again. And the cool part about that is a lot of those apps that have moved to the cloud aren't compromised in those. It's really the on premise apps that you have to worry about in terms of restoring them. So most people now have an office 365 account. You have to have your on premise ad account to activate that account. That's what we do instantly. So you get your email back, you get your SharePoint back, your collaboration back, and then the the IT admins can worry about the big stuff like the database that might have been compromised on premise. So it literally is an instant recovery. Um, or at least as fast as you could possibly do. Fast. Right? Because you're really you're really. It occurs to me, and I was a former Air Force intelligence officer, and we had top secret access. And of course, one of the things we did was we compartmented top secret information sideways. What you're describing sounds to me a lot like that. So just because I get top secret access doesn't mean I can move into the authentication part of the solution, right? I have to have separate access to that even. That's exactly. It. That's exactly it. That's exactly it. So we look at it as a preventative measure up front. That's the rules, the rules, the automation. Then we look at it as you got to see what's going on. And people feel that they've lost some visibility when it's gone to the cloud. Um, one of the weird things that I saw right off the bat when we implemented this, uh, change monitoring solution is I was seeing Microsoft moving mailboxes around. You don't get that in any other place that I know of. Uh, but you can see them moving between servers and all sorts of crazy things to optimize their back end fabric and storage. Um, that was really an eye opener when we started seeing those types of things. And then finally that that, uh, change auditing data is actually also used to roll back unwanted changes to directory data or to your access policies or what have you. So it'll both alert you that, hey, you know, this this access policy that requires antivirus to be installed, or we put you in an isolated network that's been modified. But wait a minute, that should never be modified. So something happened automatically roll that back. I don't want that change. Right. And then finally we do the forest recovery for the legacy components on Addie as well. I mean, we could talk about forest recovery alone probably for an hour. Um, but but I want to I wanted to just ask you, uh, a little bit about how hard this is to implement. How how quickly can someone implement this? Is this require another expertise on staff or. You know. Right. If someone if someone's looking at this going like, yeah, we've got a lot of Add and it has been attacked before. What's, what's their what's their project. So the software installs in like 15 minutes. I mean it's super simple. It is a very traditional looking product. It is built for enterprises. The most secure and the fastest way to implement this is actually to actually implemented on premise. You can if you're if you have a software defined network integrated with the cloud, Azure, AWS, whatever, you can deploy it there. No problem. Um, configuration of the change auditing and the forest recovery. Again, you can do that in about an hour. And then it's almost set it and forget it. It'll alert you to the things that it sees that are changing. That might be not appropriate. You can use it more as a project tool. And we do have a number of of cybersecurity firms. The top 4 or 5 are all using it now for security assessments. That's the threat detection piece. You know what's misconfigured, what attacks have already occurred, that type of thing. Um, that is a little more I mean, it takes a couple minutes to install it and configure it and run it, but then understanding it is a big part of why we partner up with those folks. Uh, the forest recovery piece, I don't know, 15 minutes to deploy it, maybe an hour to figure out what you want to back up. You know, which domain controllers are critical to you and which domains, again, Multi forest multi-domain no problem. One server, you can get it all in one fell swoop. The backups of a single server take a couple minutes maybe ten 15 minutes. So that's not bad. So if you have 30 servers you need to to back up. You know they it does it simultaneously. So it goes pretty quick. So we're talking really we're talking like a you know hours. Less than an afternoon. Yeah. Like like this is not something that's going to take a six month project. No no. No no. Now the preventative stuff takes a little bit longer. So that's all the the change auditing. See what's going on. Look for the threats that are may already be in my environment. And then set yourself up for a fast recovery. If something happens the preventative stuff takes a little bit longer because you need to understand what the business roles are that you're going to want to use. And these are administrative roles don't, don't they're not like, you know, um, accountant, third class. It's not that kind of role. It's more like help desk operators, the day to day administrators, your your, um, recipient management guys, the exchange guys, formally unified communication guys. Um, so that takes a little bit longer. Now, the reward is also pretty heavy there as well. Um, and I say heavy, it's a good reward, um, because as you start to implement, the chances that mistakes are made or malicious changes are made, start to go out the window, they just disappear. And then you have an opportunity to do a lot of automation to even remove the human factor. So we do all that crazy stuff around automated group membership with rules. What are the rules to put people in, put people out, prevent them from ever being in the group in the in the first place. Uh, we also do office 365, license assignment automation, optimization, all that office stuff as well, plus full blown user provisioning and deprovisioning. Um, for the Microsoft stack, we don't do we're not an Oracle identity manager. We're not a Microsoft identity lifecycle manager. Great tools, but they're really designed to do non-microsoft provisioning. Um, we often find ourselves being used as a supplement to those systems because where they'll do the Microsoft stack, maybe an inch and a half deep in terms of technology. We do it like ten miles deep. And so we'll pick up from where they've created user accounts out of the HR system. And then we'll we'll determine even if you hit the reply button in outlook, does it do a reply or reply all. That's the granularity we get for. No one's ever made that mistake before. Maybe even more important. So when somebody leaves the organization, we can roll all that back in a nondestructive way. So, you know, there's always the manager who gets in an argument with an employee and terms them on Friday. And they have they have a, you know, a buddy buddy session over the weekend and the person's back on Monday. Well, you know, if you just deprovision that account, that's a problem. So we roll all that back as well. Okay. Yeah. I mean, not that that's a common scenario recently in certain sectors, but uh, yeah, we gotta we gotta leave that at that. Um, I'll leave it there. Yeah. We got a lot to talk about in the future, too, because I know I've seen some things about, uh, some of your roadmap, uh, coming along, and there's a lot of a lot of great things there. Um, but it does sound like you have a, a strong niche right there. And it's a niche that every, a lot of people have and that you've got a lot of runway in front of you. So glad for that. If but let me ask you this just to close out here if someone is interested. Now they've got Active Directory. They're looking at their, their their security of it and realizing that that is a huge gap in their, uh, in, in their, uh, cybersecurity plan or roadmap. Uh, what would you recommend they do? Would you recommend they start? Well, I would have them just go to chaos. Com it's that simple. Um, uh, the front page gives you the, the three key areas that we, um, participate in in terms of supplementing IT management solutions around the Microsoft stack. Um, you'll see the proactive sort of management components for administration, uh, the change auditing components, which is our we call it change monitoring. And then the recovery solutions. And again our solutions are all hybrid. So when you buy, uh, our solution or subscribe to our service. Um, you actually get your legacy on premise environment covered. At the same time, you get the cloud version of that in, um, in Microsoft's world, uh, at the same time for all of those. So it's kind of like, not you don't you don't really subscribe or buy one product for administration. You buy one, but you get two or 3 or 4. We also are big believers in, uh, tools consolidation. Uh, in the past, it's been pretty common for companies to get a foothold in the Microsoft management tool space, and then they just go buy a bunch of other tools that they can hand their salespeople, upsell their customers. Uh, we had the, the, um, privilege of being able to start from scratch. And so we really would probably replace 9 or 10 legacy tools, uh, okay. With one of our tools. And we only have two installs currently. So you're talking probably, you know, nine, ten, 11 tools, uh, that you can consolidate into. So and I. Mean, that's the same. I mean, I've got a friend and one of his biggest complaints is the tool proliferation aspect of something. Right. So if you can consolidate at any point he'd be happy to even. It's like pilot workload in an airplane, right? That's what we always used to talk about. You just have too many too many dials. Yeah. And if you're trading, if you're trading your security, you're trading your security people in Ooda loops, you know, that's right. You've probably gone a little too far, right? It's like, come back from the edge. Something should be a little more automated. Um, fighter. Fighter plane. All right. Uh, thank you so much for Bob for being here. I definitely, uh, hope you come back when you've got some more of this, uh, laid out for us and what's coming next. Because I know the world's always changing, so come on back around. Uh, but if that's, uh, that's where we got to stop today. We got to stop. Thank you for being here. Thanks, Mike, for having me. I appreciate the time. And, uh, take care, folks. Check out Cayosoft.com. Bye.
