I always try to keep on top of the
latest technology trends and threats are
a really big part of tech because I need
to protect myself I need to protect my
customers and I need to be responsible
to you my viewers and and help you to be
ready and prepared for the threats that
are coming over the horizon here as you
know here the first month of January
starts to wrap up the first month of
2020 I should say January being that my
first month
yes you're saying you knew what I meant
January does feel very long though but
we're really it does and when we're
seeing an evolution in malware we're
seeing things transition from viruses to
malware to ransomware and now even file
this attacks we're seeing Hardware
attacks and firmware infiltrations and
things that we've never ever even
encountered before but those are very
real threats here as we enter 2020 so
the opportunity arose and I spent some
time there I want to jump into an
interview with Raph bovar at ESET
headquarters in Toronto Ontario hey
sorry man
thanks for being here thanks for having
a heavy well thanks can you tell the
folks who are watching a little bit
about what you do here at ESET
headquarters so Robbie I am actually the
sibling here I am the lead engineer for
the for the attack team in Canada and I
am mostly the tech guy that will support
sales in general between the Canadian
territory so a very technical mind
you're very familiar with the inner
workings of the products yep I'm doing
that has all the geeky talk with the
other text and other customers yeah and
the main driver for that is to be able
to technically position the products and
see if we can address all the customer
requirements
sure so part of that comes from
educating end-users to understand what
the cyber security threat landscape
looks like absolutely yeah and we've
really really seen that change over the
past couple of years I think especially
was it
2017 when wanna cry dropped yes this is
like the first ransomware that really
made its way around the world and was
really really huge how did that impact
the direction of a kind like you said we
should not see any any numbers going
down whenever it comes to the ransomware
it's still the the really prevalent and
and everybody in a way is kind of
experiencing it we do have a pretty good
protection against it so I I don't
expect my existing customers that are
running updated products and everything
from being acted to those threats but
it's something that's already very very
live very very present in our day-to-day
operations something else that right
that I usually highlight on the on the
threat landscape that we have recently
is the upcoming releases of the file as
malware so if you have for example an
endpoint security product that's running
on your computer either an AV
anti-malware or whichever name you
prefer to call it yeah I still have the
need to scan files so however the idea
of a file as malware is there's no files
okay so how do you scan something if
it's it's not available in a computer so
those those malware's are in general
being running by scripts on draw
webpages malicious web pages right and
the most common one today is probably
the quaint miners so it's a script that
we run on a given computer and that
computer will start mining bitcoins for
the for the motors so you call these
file lists malware so does that mean
that it just loads right into RAM from a
website yes it will actually be it it
will be a script that will be running in
memory whenever you go to those websites
and if your existing endpoint security
product cannot scan or cannot protect
your memory in real time you will be
subset susceptible to that kind of
threat
in general so sounds to me like another
like
wanna cry as the first kind of example
of ransomware another threat where basic
like antivirus and use the absolutely
virus because here anti-malware is a
term that we in the industry use these
days because really it's not just
viruses that we are dealing with those
threats anymore so so is antivirus is it
sufficient anymore I don't I don't
believe in C virus has been sufficient
for a long time so not only we have the
viruses out there we have those files as
malware's we have the crypto actors in
general the ransom layers we have
Trojans we have back doors we have
exploits so in general is antivirus
enough you know is it better than not
having anything yes sir but if you have
the option and yes you do have the
options sometimes we're talking about
one dollar more expensive or something
like that you can go to a full suite of
an endpoint security product which will
provide you a much better protection
overall protection on your computer okay
so I don't want to I don't want to give
the impression that this is a sales
pitch that we're trying to say you know
choose ESET endpoint protection advanced
because it's a sales pitch I want to
instead kind of what what features of a
product like endpoint protection
advanced isn't it that are taking
protection to the next level for those
users so file this attacks yep
ransomware attacks like these are
threats that can take businesses and put
them out of this gifts yep then and
bankrupt their owners yeah absolutely
that's the reason saying yeah so what
what features so are those more advanced
why do I need to pay more and yeah
absolutely
it specifically tree set the modules
that we add those more advanced features
is called hips which stands for host
intrusion prevention system and that's
where we have the advanced memory
scanner which is basically protecting
your memory in real time the final and
that mostly associated to the file as
malware we have the exploit blocker so
let's say whenever a new company
releases a publicly available exploit
for a vulnerability let's say this week
we actually had a pretty severe
vulnerability with Microsoft and they
actually release the patch the next day
or something like that
we will prevent that vulnerability from
being exploited this is exactly what he
said accomplished with wanna cry
absolutely yes it was eternal it was yep
it was the summer vulnerability and yes
we were able to actually prevent that
vulnerability from being exploited in
the first place so even though wanna cry
had never been discovered or ESET was
already proactively protected absolutely
and we were actually providing that kind
of fix two weeks before when a crime
actually existed fantastic we had that
kind of preventive maintenance let's say
and you want an anti-malware product
that is going to be proactive instead of
reactive absolutely yes because in the
case of something like ransomware you
can lose everything
yep and so there is no reactive response
to that then I hope your backups are
good yes actually
going back to that initial question
about the current threat landscape you
are seeing the still you're seeing a
really prevalent presence of the res
more however now the the crypto actors
in just in this general they are not
only encrypting your data and holding
you for ransom but if you're not paying
they are actually releasing the data and
selling that data so it's going to be
even more yes well that can be even
worse yeah so Wow yeah that's scary
stuff
what else does does your product so
again to just look at why I get the
question all the time Ralph yep why
should I buy the greater product when
the antivirus has been working so well
for me for so long
so as you said it might be a couple
bucks more don't learn so more per seat
which can be a lot if you've got ten
thousand computers but in a in a small
medium business it's not that much why
would I pay more the additional features
that we have in the full endpoint
security solution from a technical
perspective and again I'm talking about
$1 more is well worth it the value is
actually there so I'm thinking of not
only adding additional layers of
protection to your computer either at
home or or
at your business but I'm also getting
additional visibility on what's
happening on your environment as well so
let's say one of the features on that
new on that bigger product let's say the
endpoint security is a personal firewall
which will potentially hit place your
Windows Firewall in my computer and not
only it will allow you to actually have
visibility on the network layer so
instead of only looking for viruses or
Trojans or ransomware
I'm also looking for duplicate IP
address and looking for DNS poisoning
that's interesting yeah yeah so now
possibly network traffic problems or
even social yes which are not
necessarily security incidents but it
can be a natural threat so for example
one of the detection that we have is a
port scanning so maybe your users is a
given actor inside your network is
scanning your servers for whatever
reason where's they're not supposed to
be doing that so yeah it gives you that
visibility so you can actually go to the
user and have a conversation to see
what's what's going on yeah I've never
really thought about that as a threat
yeah because like a duplicate IP address
you just think oh well I accidentally
assign same IP to a printer or something
but what if it's a thread actor exactly
yeah maybe someone is doing that IP
address yeah mm-hmm interesting and you
mentioned about the firewall how and I
don't want to put you too much on the
spot but yeah absolutely I mean
Microsoft Windows 10 comes with a
firewall yep so do I really need to
supplement my anti-malware with a
firewall for Mesa we do see a two main
approaches for that hit placement let's
say so the first one is ease of use so
we do provide a management console that
will allow you to have much more
user-friendly configuration and
deployment of that that's specific and
we're talking centralized management
slowly okay so all 10,000 of my
computer's yes absolutely four or five
of my computer's just create the
policies and you push it out to your
computers yes again it's fully automated
so it's it's pretty convenient to use
and the second main reason is the
visibility so you do have access to a
lot of reporting that's actually coming
on the natural fire rope component let's
say you can get a list of all the users
on your network that's had a port
scanner on your environment on a given
time frame so that's the kind of
awareness that kind of visibility that
some other vendors will not allow you to
have great so looking at now here we are
it's 2020
yep q1 2020 being that we're here at
ESET headquarters what kind of threats
are we preparing for in this new year is
is there an evolution like in 2017 we
really saw an evolution from viruses
ransomware and things are continuing to
progress the imagine file list attacks
what else our thank you for for actually
a touching based on that one and I will
actually look at the cameras a everybody
we have the depth malware's of the the
the actual evil players in the industry
every single day they are going better
and better and better so it's not only
important to hit new your license it's
imperative that you guys actually keep
your ESET product or any other product
that you might have today as updated as
possible so you have the evolution of
the restaurant where you have the
evolution of the file as a malware if
you are running your antivirus or your
anti-malware product from three years
ago you might be losing some advant
advantage in there so you might be
actually lagging behind and sometime
they will eventually win over your
computer and you might experience some
some loss or some incidents in general
so it's really important as a vendor
should be as updated as possible
whenever really is a new a new feature a
new feature a new version of the product
it's important that you actually try to
be as updated as possible work with your
vendor work with your partner and work
with your IT departments so so you you
are well protected we are seeing coming
back to your question we are seeing a
lot of the
the movements in general whenever we are
looking at the data so we are seeing a
lot of the new threats coming from two
main avenues let's say so the first one
is hardware
so whenever thinking of FEMA for example
you have a BIOS update you have a new
chipset on your computer yes it's
actually possible to in fact or true -
in fact that given a component on your
computer another point that we have and
we actually have a lot of research going
on on that specific one is the user
behavior so let's say that usually when
you think user behavior probably the
biggest example is credit card company
so you have your credit card in Canada
that credit card has been used in
somewhere in Asia and hey even though
online shopping is available everywhere
it might create a trigger hey it's
something that card is not supposed to
be used in Asia for example in Europe or
anywhere else and we are started to see
some some some efforts from different
vendors actually to try to correlate all
the incidents or all the the incidents
in general the security state that we
flag and we also try to map that to the
actual user behavior so hey that user
has just had his email access in Canada
being accessed in Europe name that's a
user that's always traveling so yeah
it's kind of expected maybe not that
user is an internal user he has no
reason to have that kind of exposure in
there so we can actually create a ticket
and we can flag that as a potential
incident so your admins can can take a
look at it interesting and we can do
that
so this is not as a third-party service
but as an internal absolutely our yeah
in mastering and again the amount of
data that's coming out of those surfaces
is so big that automation is it's
critical for that and so we do have a
lot of automation capabilities in our
products yeah
and again it's everything to make your
life easier and I've never really
thought of it outside the context of the
credit card like a perfect example if I
view it and you see it sometimes where
is it's an inconvenience but if your
credit card ever was stolen and used
maliciously then you want to know about
it and here's a service that you're
offering and evolving in 2020 that is
in-house so absolutely I have control
over that so you're thinking of your
credit card what if it's your email
access or maybe your scene number public
data basically it's private it should be
private and we are trying to make it
remain private so is that the evolution
of malware do you think is targeting
data yeah I would say so I don't see
specific data to confirm that that
application but I do believe that's
that's something that is going to happen
we are having we are three SS citizens
we are actually producing more data
every single day the amount of data that
we have associated to our profiles is
massive either from financial data
healthcare data social networking data
work data basically so we should see
more custom attacks targeting specific
users don't specifically organizations
interesting so well RAF it's been a
pleasure having you here we've learned
sorry I don't want to overwhelm the
viewers grand scheme of things
I mean 2020 is gonna be an interesting
year I think from the cybersecurity land
absolutely are we still seeing attacks
in the ransomware end of things are we
still yes we said customers are
generally protected against them yes
there's to a lot of Renison we're going
on I don't see that going down not not
not not in the near future at least it's
still evolving and the the the actual
organizations that are actually
organization on the back end that are
running with those rare somewhere they
are still making a profit
that's the same
so yeah the question for years when it
was just viruses on the landscape the
question was always what's the
motivation of a hacker yep to do this
yep and you say well money yep because
makes money ransomware is a perfect
example or it's like will there bring in
a ton of money in order to create
malware yep which you know if that's a
scary thing so thank you for working to
combat that thanks man now of course you
can find out more about the particular
protections that we were discussing
there by visiting the website endpoint
security dot CA and incidentally we've
got some more video help and and some
great educational content there that is
really geared toward businesses so that
information is there as a resource for
you to be able to to just watch videos
that help you to understand the threat
landscape and and with that at endpoint
security dot CA you're able to arm
yourself with more information and as I
kind of mentioned it and alluded to in
the interview it's not a sales pitch for
a particular product or brand but it is
an educational piece that helps you to
understand what you need to know because
things are really evolving ESET has
proven themselves to be as we talked
about with wanna cry very very proactive
being able to block a threat before it
was even known yeah it wasn't having a
thing they actually blocked the exploit
that allowed the thing to exist right so
that when the thing existed the exploit
was already blocked by ESET so so that
proactive nature of the protection to me
is like that's where it's at that's what
I want um they do have Linux services
available as well
incidentally they're centralized
management console that we discussed is
based on a Linux environment so the one
that they provide is sent OS I have a
github repository that allows you to
install it on Debian buster
that is github.com slash cat 5 TV slash
ESET you'll see the installers there if
you're interested so there's a whole lot
of support there and endpoint security
dot CA is a great place that it all
comes together with blogs
videos podcasts of course the products
themselves recommendations for what
would work in your environment so if
you're in business that's where you want
to go endpoint security dot CA
[Music]