[Music]
I'm here at ESET head office in Toronto
Ontario Canada with Rafa VAR hey how are
you man
thanks for being here thanks for have
not heavy well thanks can you tell the
folks who are watching a little bit
about what you do here at ESET
headquarters so Robbie I am actually the
civil engineer I am the lead says
engineer for the for the ASAC team in
Canada and I am mostly the tech guy that
will support sales in general
between the Canadian territory so a very
technical mind you very familiar with
the inner workings of the products yep I
am doing that has all the geeky talk
with the other texts and I reflect
customers yeah and the main driver for
that is to be able to technically
position the products and see if we can
address all the customer requirements
sure so part of that comes from
educating and users to understand what
the cybersecurity threat landscape looks
like absolutely yeah and we've really
really seen that change over the past
couple of years I think especially was
it 2017 when wanna cry dropped yes this
is like the first ransomware
that really made its way around the
world and was really really huge how did
that impact the direction of a kind like
you said we should not see any any
numbers going down whenever it comes to
the ransomware it's still the the really
prevalent and we're and and everybody in
a way is kind of experiencing it we do
have a pretty good protection against it
so I I don't expect my existing
customers that are running updated
products and everything from being
active to those threats but it's
something that's already very very live
very very present in our day-to-day
operations something else that I that I
usually highlight on the on the threat
landscape that we have recently is the
upcoming releases of the file as malware
so if you have for example an endpoint
security product that's running on your
computer and AV anti-malware or
whichever name you prefer to call it
yeah I still have the need to scan files
so however the idea of a file as malware
there's no files okay so how do you scan
something if it's it's not available in
a computer so those those malware's are
in general being running by script on
draw webpages malicious web pages right
and the most common one today is
probably the quaint miners so it's a
script that we run on a given computer
and that computer will start mining
bitcoins for the for the mowers so you
call these file lists malware so does
that mean that it just loads right into
RAM from a website yes it will actually
be it it will be a script that will be
running in memory whenever you go to
those websites and if your existing
endpoint security product cannot scan or
cannot protect your memory in real time
you will be subset susceptible to that
kind of threat in general so sounds to
me like another like wanna cry as the
first kind of example of ransomware yeah
another threat where basic like
antivirus and you lose the absolutely
virus because your anti-malware is a
term that we in the industry use these
days because really it's not just
viruses that we are dealing with as
threats anymore so
so is antivirus is it sufficient anymore
I don't I don't believe in C virus has
been sufficient for a long time so not
only we have the viruses out there we
have those files as malware's we have
the crypto actors in general the ransom
layers we have Trojans we have back
doors we have exploits so in general
antivirus enough you know is it better
than not having anything yes but if you
have the option and yes you do have the
options sometimes we are talking about
one dollar more expensive or something
like that you can go to a full suite of
an endpoint security product which will
provide you a much better protection
overall protection on your computer ok
so I don't want to I don't want to give
the impression that this is a sales
pitch that we're trying to say you know
choose ESET endpoint protection advanced
because it's a sales pitch I want to
instead
kind of
what what features of a product like
endpoint protection advanced isn't it
that are taking protection to the next
level for those users so file this
attacks yep ransomware attacks like
these are threats that can take
businesses and put them out of this yes
yep then and bankrupt their owners yeah
absolutely that's the reason saying yeah
so what what features so are those more
advanced why do I need to pay Morris and
yeah absolutely
specifically to reset the modules that
we add those more advanced features is
called hips which stands for host
intrusion prevention system and that's
where we have the advanced memory
scanner which is basically protecting
your memory in real time the final and
that mostly associated to the file as
malware we have the exploit blocker so
let's say whenever a new company
releases a publicly available exploit
for a vulnerability let's say this week
we actually had a pretty severe
vulnerability with Microsoft and they
actually release the patch the next day
or something like that
we will prevent that vulnerability from
being exploited earlier this is exactly
what he said accomplished with wanna cry
absolutely yes it was eternal it was
yeah it was the summer vulnerability and
yes we were able to actually prevent
that vulnerability from being exploited
in the first place so even though one
cry had never been discovered before
ESET was already proactively protected
absolutely and we were actually
providing that kind of fix two weeks
before when a crime actually existed
fantastic we had that kind of preventive
maintenance like the Oprah and you want
an anti-malware product that is going to
be proactive instead of reactive
absolutely yes because in the case of
something like ransomware you can lose
everything
yep and so there is no reactive response
to that then I hope your backups are
good yes actually
going back to that initial question
about the current threat landscape you
are seeing the still you're seeing a
really prevalent presence of the rest
we're however now the the crypto actors
in just in this general they are not
only encrypting your data and holding
you for ransom but if you're not paying
they are actually releasing the data and
selling that
oh so he's going to be left yes well
that's gonna be even worse yeah so Wow
yeah that's scary stuff what else does
does your product so again to just look
at why I get the question all the time
RAF
yep why should I buy the greater product
when the antivirus has been working so
well for me for so long so as you said
it might be a couple bucks more dollars
so more per seat which can be a lot if
you've got ten thousand computers but in
a in a small medium business it's not
that much why would I pay more the
additional features that we have in the
full endpoint security solution from a
technical perspective and again I'm
talking about one does more is well
worth it the value is actually there so
I'm thinking of not only adding
additional layers of protection to your
computer either at home or at your
business but I'm also getting additional
visibility on what's happening on your
environment as well so let's say one of
the features on that new on that bigger
product let's say the endpoint security
is a personal firewall which will
potentially hit place your Windows
Firewall
in my computer and not only it will
allow you to actually have visibility on
the network layer so instead of only
looking for viruses or Trojans or
ransomware yeah I'm also looking for
duplicate IP address I'm looking for DNS
poisoning that's interesting yeah yeah
yeah so now possibly network traffic
problems or even social yes which are
not necessarily security incidents but
it can be a natural threat so for
example one of the detection that we
have is a port scanning so maybe your
users is a given actor inside your
network is scanning your servers for
whatever reason where's they're not
supposed to be doing that so yeah it
gives you that visibility so you can
actually go to the user and have a
conversation to see what's what's going
on yeah I've never really thought about
that as a threat yeah because like a
duplicate IP address you just think oh
well I accident
the same IP to a printer or something
but what if it's a threat actor exactly
yeah maybe someone is moving there that
IP address yeah mm-hmm interesting and
you mentioned about the firewall how and
I don't want to put you too much on the
spot but absolutely I mean Microsoft
Windows 10 comes with a firewall yep so
do I really need to supplement my
anti-malware with a firewall for Mesa we
do see a two main approaches for that
replacement let's say so the first one
is ease of use so we do provide a
management console that will allow you
to have much more user-friendly
configuration and deployment of that
that's specific and we're talking
centralized manner not certainly yeah
okay so all 10,000 of my computer's yeah
absolutely four or five of my computer's
just create the policies and push it out
to your computers yes again it's fully
automated so it's it's pretty convenient
to use and the second reason is the
visibility so you do have access to a
lot of reporting that's actually coming
from the main the natural fire road
component let's say you can get a list
of all the users on your network that's
had a port scanner on your environment
on a given time frame so that's the kind
of awareness the kind of visibility that
some other vendors will not allow you to
have great so looking at now here we are
it's 2020 yep q1 2020 being that we're
here at ease at headquarters what kind
of threats are we preparing for in this
new year is is there an evolution like
in 2017 we really saw an evolution from
viruses we ransomware and things are
continuing to progress yep mansion file
list attacks what else thank you for
actually a touching based on that one
and I will actually look at the camera
say everybody we have the demo where's
of the the the actual evil players in
the industry every single day they are
going better and better and better so
it's not only important to hit new your
license it's imperative that you guys
actually keep your ESET product or any
other product that you might have today
as updated as possible so you have the
evolution of the rest
you have the evolution of the file as a
malware if you are running your
antivirus or your anti-malware products
from three years ago you might be losing
some advanced advanced features in there
so you might be actually lagging behind
and sometimes they will eventually win
over your computer and you might
experience some some laws or some
incidents in general so it's really
important as a vendor to be as updated
as possible whenever we release a new a
new feature a new feature or a new
version of the product it's important
that you actually try to be as updated
as possible work with your vendor work
with your partner work with your IT
department so so you you are well
protected we are seeing coming back to a
question we are seeing a lot of the the
movements in general whenever we are
looking at the data so we are seeing a
lot of the new threats coming from two
main avenues let's say so the first one
is hardware
so whenever thinking of FEMA for example
you have a BIOS update you have a new
chipset on your computer yes it's
actually possible to in fact or to - in
fact that given a component on your
computer another point that we have and
we actually have a lot of research going
on on that specific one is the user
behavior so let's say that usually when
you think user behavior probably the
biggest example is credit card company
so you have your credit card in Canada
that credit card has been used in
somewhere in Asia and hey even though
online shopping is available everywhere
it might create a trigger hey it's
something that that card is not supposed
to be used in Asia for example in Europe
or anywhere else and we are started to
see some some some efforts from
different vendors actually to try to
correlate all the incidents or all the
the the incidents in general the
security stance that we flag we also try
to map that to the actual user behavior
so hey that user has just had his email
access in Canada
being accessed in Europe nape that to
you that that's always traveling so yeah
it's kind of expected maybe not that
user is an internal user he has no
reason to have that kind of exposure in
there so we can actually create a ticket
and we can't flag that as a potential
incident so your admins can can take a
look at it interesting and we can do
that so this is not as a third-party
service but as an internal absolutely
powerful TR in mastering and again the
amount of data that's coming out of
those surfaces is so big that automation
is it's critical for that and so we do
have a lot of automation capabilities in
our products yeah
and again it's everything to make your
life easier and I've never really
thought of it outside the context of the
credit card like a perfect example if I
view it and you see it sometimes where
is it's an inconvenience but if your
credit card ever was stolen and used
maliciously then you want to know about
it and here's a service that you're
offering and evolving in 2020 that is
in-house so absolutely I have control
over that so you're thinking of your
credit card what if it's your email
access or maybe your scene number public
data basically its private it should be
private and we are trying to make it
remain private so is that the evolution
of malware do you think is targeting
data
yeah I would say so I don't see specific
data to confirm that that application
but I do believe that's that's something
that is going to happen we are having we
are we as citizens we are actually
producing more data every single day the
amount of data that we have associated
to our profiles is massive either from
financial data healthcare data social
networking data work data basically so
we should see more custom attacks
targeting specific users or specifically
organizations
interesting so well raff it's been a
pleasure having you here we've learned
sorry I don't want to overwhelm the
viewers grand scheme of things
I mean 2020 is gonna be an interesting
year I think from the cybersecurity land
absolutely are we still seeing attacks
in the ransomware end of things are we
still yes that customers are generally
protected against them yes there is - a
lot of ransomware going on I don't see
that going down not not not not in the
near future at least it's still evolving
and the the actual organizations that
actually organization the backend that
are running with those rare somewhere
they are still making a profit that's
the same yeah so yeah the question for
years when it was just viruses on the
landscape the question was always what's
the motivation of a hacker yep to do
this
yeah and you say well money yep because
makes money ransomware is a perfect
example or it's like will there bring in
a ton of money in order to create
malware yep which you know if that's a
scary thing so thank you for working to
combat that thanks that
big thanks to wrap the bar
entire team of ESET Canada for hosting
me for the day learn more about the
protections that we discussed here by
visiting endpoint security dot CA and
you'll find more free educational
content to help keep you and your staff
safe from the modern threats we face in
2024 endpoint security dossier from
positive new solutions and broadcasting
from ESET Canada in the heart of
downtown Toronto
I'm Bobby Furguson see you next time