June 4, 2025 • 25 mins
Tim and Chris discuss major cybersecurity acquisitions and innovations, examining how these changes will impact enterprise security and cloud architecture.
• Zscaler acquires Red Canary MDR (Managed Detection and Response) to fill gaps in their platform despite potential integration challenges
• AWS Network Firewall now supports multiple VPC endpoints without requiring Transit Gateway deployment
• AWS exits the private 5G market, pivoting to partnerships with established telecommunications providers
• CheckPoint acquires Veritai Cybersecurity to enhance their Infinity platform with "virtual patching" capabilities
• North Korean IT workers using sophisticated techniques to infiltrate Western companies by posing as legitimate remote employees
Check the news document for additional stories we didn't have time to cover, including a project called MPIC focused on preventing BGP attacks with certificate validation.
Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/
Check out the Fortnightly Cloud Networking News
https://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/
Visit our website and subscribe: https://www.cables2clouds.com/
Follow us on BlueSky: https://bsky.app/profile/cables2clouds.com
Follow us on YouTube: https://www.youtube.com/@cables2clouds/
Follow us on TikTok: https://www.tiktok.com/@cables2clouds
Merch Store: https://store.cables2clouds.com/
Join the Discord Study group: https://artofneteng.com/iaatj
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Tim (00:13):
Hello and welcome back to another episode of the Cables to
Clouds Fortnightly News.
I'll be your host this week,tim.
With me, as usual, is Chris,the other guy.
We go back and forth.
I don't know if you noticed, soit's my turn.
I, chris, the other guy.
We go back and forth.
I don't know if you noticed, sothis is my turn.
I like being the other guy.
Yeah, that's the other guy.
So, um, okay, so let's just uhjump right into the news.
We got some good, uh, good onesthis week, uh, and a decent
(00:36):
number, so we'll just roll outinto it.
The first one comes to us fromforester and, uh, it's called
zscaler, snatches up red canary,the good, the bad and the.
So Red Canary is an MDR, whichI actually had to go look up
what MDR meant.
I know what some of the otherDRs are, like N, like November
DR, network Detection Response.
(00:57):
The MDR means Managed Detectionand response.
So Zscaler, the you know SASESSE company, zero Trust, you
know the Zero Trust modelcompany has acquired Red Canary.
Red Canary is managed detectionand response, which is a fancy
way of saying outsourcedsecurity operations, basically
(01:20):
like cybersecurity for hire, andthey do a lot of platform
integration, like you know,getting telemetry and threat
detection and then actuallymobilizing response against it
via managed, like they haveactual humans, but essentially
that you're retaining to do work.
So this is kind of and thearticle points out kind of what
(01:40):
I was thinking when I read aboutthis, which is, first of all,
it's a good Zscaler doesn't haveanything like this right now.
Right, so it's a big hole inZscalers and, you know, with the
trend towards platformization,which is, which is to kind of
try to for enterprises to arenow trying to acquire single
(02:00):
vendor products that cover thespread rather than having a
bunch of multiple vendorsolutions, from that perspective
this kind of makes sense.
You know, you've got an MDR andyou've got the SASE company and
they both do literally nothingthat the other one does, and you
know.
So they're fillingfunctionality gaps between each
(02:22):
other.
However, it does go on to pointout that, while they cover each
other's gaps, they also donothing really to complement
each other.
If you take Zscaler, which is aSASE company, sse, zero, trust
this is something thatenterprises have been running
for a long time and outsourcesecurity to the cloud or
(02:45):
whatever and then you have thisMDR, which is essentially a
manned outsourced SOC and, yeah,there doesn't seem to be any
good way to do integrationbetween these two products.
So interesting acquisition fromZscaler.
I know they're trying toplatform themselves, basically
give themselves a full suite ofsecurity offers, but yeah, so
(03:09):
yeah, I don't know.
What do you think about thisone?
Chris (03:15):
Yeah, like you said, there's obviously a gap there in
what Zscaler offers today thatdoesn't do anything like this.
So there's definitely whitespace there for them, which is
good.
But the idea here is, you know,they currently have an existing
you know, saas offered typeplatform and this is another
(03:36):
platform that has a lot ofintegrations built in for things
like, you know, even someborderline competitors with
C-Scaler, which makes this a bitinteresting.
You know even some borderlinecompetitors with C-Scaler, which
makes this a bit interesting.
You know they have integrationson the site today for things
(03:56):
like Microsoft, crowdstrike,sentinelone, even the other
major cloud providers as well.
So yeah, it's.
I mean, we've kind of seen thisin the past when company A
acquires company B and they bothoffer platforms, integrating
those platforms can be a veryrocky road and a very difficult
process.
Yeah, I wasn't going to you hitit, um, but uh, yeah, so that's
(04:17):
uh, hopefully this doesn't turnout to be something like that Um
, but it's um it, like you said,it's like it's a when you, when
you hear about the acquisitionand you're like, ok, well, now
that I know what Red Canary does, that seems, you know, that
doesn't compete with any ofZscaler's existing product set,
which is good.
But at the same time, like yousaid, I don't understand how
this meshes very much, unlessthey just, you know, kind of
(04:37):
fold in Zscaler's kind of threatdetection type or enforcement
into the platform from RedCanary.
But I don't know, I don't, Iwouldn't necessarily see them
just doing that.
I feel like it would have to besomething much bigger than that
.
So I don't know, maybe, maybesoon this will get rebranded as
a, you know, zero trust sock.
(05:00):
As a service type thing, Idon't know, we'll see what
happens.
All right.
As a service type thing, Idon't know, we'll see what
happens, All right.
And next up we have a somewhatsmaller of announcement.
But we have an article herefrom the AWS blog, the AWS
Networking blog, that the AWSNetwork Firewall has added
support for multiple VPCendpoints.
So now AWS Network Firewall nowsupports enabling multiple VPC
(05:24):
endpoints for a single firewall,and I know that might sound
kind of basic, but the basic,the communication that we've
seen from AWS employees aboutthis is that it's basically a
way to consume and use AWSNetwork Firewall without having
to actually deploy and usesomething like AWS TGW.
(05:45):
I'd say, if you're an AWSNetwork Firewall customer, odds
are you're also a TGW customer.
I wouldn't see there's a ton ofcustomers that need this today
that don't already use TGW.
But you know, there is theconcept of things like island
(06:05):
VPCs that aren't connected tothe corporate network in some
sense, right.
So this could be something justto alleviate those island ones
that sit off to the side, ormaybe just growing organizations
that haven't yet got to thepoint where they need a transit
gateway.
I think this, like we said, thisis a small announcement, but I
(06:27):
feel like this is probably kindof a bit of smoke to kind of
lean towards where AWS may begoing with network firewall.
We've heard some rumblings inthe market necessarily about how
AWS is looking to make AWSnetwork firewall more consumable
(06:48):
for customers.
Most of the time what we see isit's very cost prohibitive for
a lot of customers, and thatseems to be kind of one of the
major sticks in the mud, so tosay.
But if this is a way to kind oflet you get more out of less
with a single firewall ratherthan having to deploy a network
(07:08):
firewall in every single VPC,maybe this is the first step in
that direction.
I don't know, but that would becool to see.
What do you think, tim?
Tim (07:17):
I think island VPCs is the play.
Yeah, because.
So Gateway Load Balanceralready you know they have
Gateway Load Balancer.
So Gateway Load Balanceralready you know they have
Gateway Load Balancer.
It's already kind of normallydeployed for AWS Firewall, for
kind of this purpose.
Using VPC endpoints insteadmakes it probably cheaper.
First of all, I think, like yousaid, one of the big things was
(07:44):
to make a firewall, or needs afirewall, or has enough VPCs to
need firewalling, probablyalready has some kind of cloud
networking in place, except forthe case of something like
island VPCs or you know wherethey don't have a need for east
west and they really only needto worry about egress traffic,
right.
So so this seems like, honestly, this feels like a stepping
(08:06):
stone on the way to somethingelse.
Also, like you know, just doingVPC endpoints is okay and, like
you said, it fills a niche thatprobably not a large percentage
of customers have or need rightnow, but it does feel like it's
a stepping stone towardsanother bigger you know,
expansion of how networkfirewall is going to work in AWS
(08:28):
, all right.
Next one is AWS is now bowingout of the 5G market.
This article from Network Worldsays AWS no longer offers
private 5G seeds the fields toestablish industry players and
carriers and honestly, I'mamazed that it lasted as long as
it did.
You know it was always going tobe.
(08:50):
Aws is very interested inowning the roads, as it were,
because that helps it deliverthe service right.
So you know, like, look at aKuiper, like the satellite
constellation satellite thatthey've been deploying, right,
what does that do?
It gives connectivity to a lotof places.
Anywhere you can putconnectivity, you can deliver
services right, and that'sreally what AWS is after.
(09:11):
So this was originally, I think, another method by which AWS
could deliver privateconnectivity for its services.
The thing is that it neverreally I don't think it was ever
really able to break into thetelco market Like AWS obviously
doesn't.
They're not a telco, they arekind of a telco provider, but
they're not really a telcoprovider.
And so the technologiesassociated with telco,
(09:35):
especially with like 5G, right,there's a very specific
technologies and unless AWSwants to create them out of
whole cloth, you know they'rekind of bound by third party,
and the article actually goes topoint out that that was one of
the biggest challenges that AWShad was third-party hardware and
of course, also the bands.
(09:56):
Right, like 5G is not aninfinite.
You have to license the radio,essentially the radio waves, and
all that for the 5G.
So a lot of the establishedtelco providers already have it.
So this does go on to point outwhich is what they probably
should have all had done fromthe beginning, which is AWS will
be partnering with Verizon,at&t, other 5G providers to
(10:21):
provide the actual 5G serviceand essentially be a
pass-through for their customersto do that.
So I would say end of an era.
But it's not quite, it's noteven that critical, you know
what I mean.
Like it's just to me it'ssomething that makes sense and I
always thought it was ambitiousfor them to go after 5G.
But remember when 5G firstlaunched what, three, four years
(10:41):
ago now or something like thatthere was a.
You know that was somethingthat was supposed to be the case
.
It was supposed to be kind of awide, open new band to go after
and everybody was going to, youknow, had their chance.
But anyway, but any anything toadd here.
Chris (10:55):
Yeah, um, kind of kind of , like you said, end of an era
that we didn't even, uh know waswas coming to an end or what it
wasn't.
We didn't even know if the erawas existing, to be honest.
But uh, um, yeah, but uh, um,yeah, like you said, is the way
aws works, is, like you said,they like to own the roads.
So, to say, um, and the reasonpeople consume those services
(11:16):
when they own the roads isusually aws has has put on top
of it enough value, um, in thatownership to make it, you know,
consumable and, um, you knowbetter for the, for their
customers.
It seems like in this case theycouldn't get over that hump
right.
I wonder if it was more.
(11:36):
You know, there's kind of somedetails in this article leaning
towards, you know, reliance onthird-party hardware and things
like that, which doesn't reallysound like Amazon's typical
approach.
It seems like they'd want, likeyou said, they want to own
everything.
So maybe they just didn't seethe reward there.
But also, telco is a veryestablished market and has some
(12:01):
nuance to it.
So I almost wonder if some ofthe telco providers were just
basically like nah, fuck you,and just kind of put their foot
down, just frozen out Like andjust kind of put their foot down
Just frozen out?
Yeah, exactly, but I mean, atthe end of the day, I think this
is probably the right way to go.
Let let the you know dominantpartners that do that for their
end customers remain in thatspace.
(12:21):
And then you have this, thisservice you're talking about,
which is the integrated privatewireless, which basically just
sounds like they have some kindof back-to-back pairing with
those partners that offer theprivate 5G and 4G LTE services.
So, overall, it seems likethat's.
It does seem weird that there'sprobably going to be an
intermediary now in between AWSbeing on-prem versus AWS in the
(12:46):
cloud.
So you know, like, if you'reusing something like what is the
product set?
Now it's not Snowfall, I thinkthat might be the full product
set.
Now, I can't remember, there'sSnow something, aws Outposts and
things like that.
So I think that I don'tremember if they changed the
name of it.
Tim (13:05):
Yeah, I'm trying to think if they yeah, what is it now?
Chris (13:08):
Yeah, nonetheless Snow something Snow of it.
But yeah, I'm trying to think,if they, yeah, what is it now?
Yeah, nonetheless snowsomething um snow family, we'll
call it that.
Um, but yeah, interesting,interesting stuff, all right, um
, and last, no, not last one.
Is this last one?
This is the last one, okay, solast up, we have a, uh, an
article from securitybriefcomau.
Yeah, we gotta say the au everytime in Australia.
(13:30):
It really annoys me.
But just so you guys knowsecuritybriefcomau that
checkpoint has made a motion toacquire a company called.
We don't know how exactly topronounce this, so if we get it
wrong we apologize, but I thinkit's Veritai.
Tim said Veriti earlier.
That would also work.
So I don't know which one thisis, but I'm going to go with
(13:50):
Veritai.
Tim said Veriti earlier.
That would also work.
So I don't know which one thisis, but I'm going to go with
Veritai.
But basically they're acquiringVeritai Cybersecurity to expand
their offer for threat exposureand risk management.
So it sounds like Veritai is anautomated multi-vendor platform
for preemptive threat exposureand mitigation per the article,
multi-vendor platform forpreemptive threat exposure and
mitigation per the article andthis is something that's going
(14:11):
to automatically integrate intotheir Infinity platform, which
you know Checkpoint's Infinityplatform, I think, is kind of
this.
Again back to platformization,it's all over the place.
This is kind of it seems likeit incorporates their quantum
line, which is their newAI-powered physical firewalls,
(14:31):
their CloudGuard firewalls,which obviously run in the
public cloud, and their Harmonyservice, which I believe is
their SSE or SASE-type offering.
So it looks like this is yetanother AI-powered platform
(14:52):
which has.
One thing that was called outhere was they offer this thing
called virtual patching, whichTim actually made me aware of
this.
I wasn't aware of what this was.
So virtual patching essentiallyis a way for, you know, threats
could come in from a certainfeed or from some type of
platform they mentioned.
(15:12):
They have integrations withCrowdStrike, tenable, rapid7,
etc.
So basically, information abouta threat could come into this
platform and you can enforcesomething called virtual
patching where, instead ofactually going and patching the
systems that are made vulnerableby the CVE, of actually going
and patching the systems thatare made vulnerable by the CVE,
um, you could automaticallyenforce a security rule or a
(15:34):
firewall rule that essentiallyblocks traffic.
That would relate to that CVE,right?
Um so, um, that seems to besomething that is offered here.
Um so, yeah, interesting stuff.
Um, I don't know exactly whatthis will mean for Checkpoint.
It seems like it'll just beanother kind of ingestion point
for threat information, threatdetection, and they will have to
(15:58):
kind of essentially put thatenforcement into the Infinity
platform in some capacity.
Anything to add to?
Tim (16:05):
Not a lot.
So basically Veritai orwhatever ends up being the
aggregation platform, and thenthey were always integrating
with some kind of enforcementmodel right On the back end.
They were integrating with thethreat detection feeds, you know
, wiz or the ones that youmentioned private, set,
(16:26):
untenable and then they had toessentially talk to the
enforcement layer to actually dosomething with that.
Quote unquote virtual patching,and virtual patching, I mean,
it's such a marketing term,isn't it?
This idea of virtual patchingwhere we're literally, I mean,
don't be wrong.
Chris (16:43):
It's a firewall rule.
That's what it is.
It's a firewall rule.
Tim (16:46):
Right At the end of the day we're saying, oh well, we've
detected that this host orwhatever this device is
vulnerable to a certain type ofattack, and then we translate
that into a firewall rule thatmakes the CVE unexploitable in
some fashion.
Right, until you can.
Actually it's not a replacementfor actually patching the thing
(17:09):
, right, but it's supposed tobuy you time, essentially Make
it unexploitable so you can waitto patch if you need to patch.
But yeah, so from anacquisition perspective, this
makes sense for Checkpoint,since I'm sure you know
essentially okay, well, now I,as the Checkpoint enforcement
layer, gain the ability to dothis virtual patching, because
(17:31):
now I have this new capability.
And then maybe I'm curious tosee, because it said
multi-vendor, I'm curious to seeafter the acquisition, does it
remain multi-vendor or doescheckpoint just like close shop
on the other vendors, or what'sgoing to happen?
Yeah, I agree, probably not.
Checkpoint's not big enough tothrow its weight around like
that, I think.
But anyway, yeah, so that'sinteresting.
(17:53):
I love the marketing termvirtual patching, but other than
that, that's it All right.
So Chris said that was the laststory, but actually we do have
one more, not only did I saythat you agreed with me?
Chris (18:07):
I didn't agree with you.
Tim (18:08):
I just didn't say anything because I didn't want to be an
asshole and be like Chris.
Chris (18:12):
You're fucking wrong again, look if you're watching
on YouTube, watch.
When I say it's the lastarticle and go back and check
Tim's face.
He goes.
Tim (18:18):
I was like, yep, last one, even mouth last one it's yeah,
whatever, whatever, all right,so this one actually, I don't
have the.
We didn't add the link to thehold on.
Let me open it up.
Okay, sorry, it's fromcybersecuritynewscom.
So North Korean IT workersleverage legitimate software and
(18:40):
network behaviors to bypass EDR, which is a weird title for
what this actually is.
You know, isn't that strange?
So let's talk about what theactual attack the EDR is in this
case.
So who was it that broke thisup?
There was an operation federallaw, us federal law enforcement
(19:01):
agencies raided a suspectedlaptop farm used to facilitate
fraudulent employment andschemes where North Korean
nationals posed as legitimateAmerican workers to gain remote
access to Western companies.
Used to facilitate fraudulentemployment and schemes where
North Korean nationals, posed aslegitimate American workers to
gain remote access to Westerncompanies.
So they would essentially likeforge their credentials and
actually go get a job at anAmerican company, get a company
(19:23):
issued laptop for this newremote worker and then connect
it to this you know, essentiallythis laptop farm, and then
these nationals would exploitthe fact that, hey, I've got a
backdoor into you know thiscompany, you know this, this
company.
And all I can think of as I'mthinking about this is the key
and peace, the, the, the key andpeel skillet, where they're
(19:46):
like, where they, where they'replaying in the bank, heist.
And he's like no, I got abetter idea.
We're going to go in and we'regoing to, we're going to walk in
and every week we're going tocome out with some money and 30,
40 years later, 40 years later,we walk out, happened.
He's like that's a job, um,anyway, but no, this is legit.
So these, uh, these back doors,uh, I say back doors, I mean
(20:10):
they're freaking remote accessvpns for employees, right, this
is ridiculous, uh, but they were, they're being used like these,
these, these, these nationalswere pretending to be american
workers and getting back door,you know, via company issued
laptop into the backdoor and theVPN.
And then, and then you know, atthat point you just hope that
either they, you know, didn'thave a role within the
(20:34):
organization that could accessanything sensitive, or that you
know that you had good zerotrust capabilities inside your
network to stop lateral movement.
So this is really just crazy,this story.
It's, I don't know.
The system's crown jewel wasits Zoom client automation
(20:55):
module, which manipulated videoconferencing sessions to
establish remote desktop access,automatically launched Zoom
meetings, joined sessions andapproved remote control prompts
through simulated keyboardinputs, transferring legitimate
collab platform into a remoteadministration tool.
So yeah, this is nuts, like the.
The level of sophisticationhere amazing, I don't know what
to say, just amazing.
(21:15):
Anyway, what, uh?
Chris (21:17):
do you have anything to add to this one, chris, because
I think this is just nuts yeah,uh, I mean, you pretty much
covered it, but it's just thisone's just like so funny, how,
like I mean, maybe this is aprominent thing, but I've never
seen this before where, like,they go to the point of actually
, you know, getting employed bythe company that they want to
steal from.
And it's funny because you knowwe talked about this before we
(21:41):
hit record but essentially, thatmeans you're paying someone to
steal your own data Because ifthey're an employee, they have
to be cutting a paycheck to them.
And albeit they are literallyjust a laptop that exists in
some farm in Korea.
You know kind of they touch onthese points about how they have
these very simple scripts setup to maintain a persistent
(22:03):
connection to the um corporateassets, um, while being located
in Asia.
Um, it's really like I don'tknow if it touched on it in here
, but it's like that makes melike so many things are going
through my head Like were they?
Like under they?
Were they under the impressionthat the employee was going to
be working out of Korea?
(22:26):
Because it seems like there'ssome very simple things in
endpoint detection services thatwould pick up on some of this
stuff.
I mean, it's very possible thatthis company was just not using
a kind of modern stack in thatcapacity which is probably where
they will be moving towards nowwhich something that does
posture checks and DLP andthings like that.
(22:49):
But even, like you said, ifthey were using these kind of
like sophisticated things to dolike a remote access control
prompt and do this all throughzoom, like I don't even know if
that would get picked up bysomething like dlp because, like
it, yeah there's so many layersto this where things are going
to get encrypted and like Idon't I don't know exactly how
(23:10):
you would detect this or planfor a detection like this.
Like this is like, like how doyou, how do you like tell
company a bc to to protectagainst something like this?
Like don't hire fake people.
Tim (23:24):
Like I don't look, it's crazy, because they were going
as far as capturing uh artpackets and sending them over
web sockets and stuff like thisis, this is nuts.
This is so sophisticated um,and I don't know how a dlp or an
edr, you know, could havenecessarily known to look for
this.
Chris (23:42):
Right, Very, very I mean to be honest, pretty cool,
Pretty cool that they were ableto do this.
Tim (23:48):
Yeah, I got to say I'm actually mad respect actually
for this type of cyber attack.
That's impressive.
Chris (23:54):
Yeah.
Tim (23:55):
It's like the True social engineering.
Chris (23:57):
It's like the Baxter eating the.
What is it?
What is it from Anchormanorman?
He's like you ate an entirewheel of cheese that's
impressive.
Tim (24:08):
Yeah, oh man, okay.
So yeah, with that, we'll goahead and uh and close up shop
here.
I hope you uh all enjoyed thisweek's news.
If you did, please leave us acomment.
Share it with a friend.
Chris (24:21):
That being said, do check the if you want more.
Check the news doc, becausethere was actually quite a bit
this week that we didn't get tocover.
There was actually a coolarticle in there about a project
called MPIC, which is focusedon preventing BGP attacks with
(24:44):
their certificate validationSomething that Tim and I did not
have time to become experts onto talk about before this, but I
thought it was superinteresting and I will be
looking at it after the show.
But yeah, definitely take alook, there's plenty in there
for this week.
Tim (24:56):
Yeah, there's more than usual articles, Some funny ones
too.
But yeah, take a look at thearticle.
Sorry, the news, my God, I justlost it.
News article and news articles,I guess.
The document, the document, yes, Thank you, All right, and with
that we'll go ahead and uh endit here and uh we'll see you
next time.
Hello and welcome back to another episode of the Cables to
Clouds Fortnightly News.
I'll be your host this week,tim.
With me, as usual, is Chris,the other guy.
We go back and forth.
I don't know if you noticed, soit's my turn.
I, chris, the other guy.
We go back and forth.
I don't know if you noticed, sothis is my turn.
I like being the other guy.
Yeah, that's the other guy.
So, um, okay, so let's just uhjump right into the news.
We got some good, uh, good onesthis week, uh, and a decent
(00:36):
number, so we'll just roll outinto it.
The first one comes to us fromforester and, uh, it's called
zscaler, snatches up red canary,the good, the bad and the.
So Red Canary is an MDR, whichI actually had to go look up
what MDR meant.
I know what some of the otherDRs are, like N, like November
DR, network Detection Response.
(00:57):
The MDR means Managed Detectionand response.
So Zscaler, the you know SASESSE company, zero Trust, you
know the Zero Trust modelcompany has acquired Red Canary.
Red Canary is managed detectionand response, which is a fancy
way of saying outsourcedsecurity operations, basically
(01:20):
like cybersecurity for hire, andthey do a lot of platform
integration, like you know,getting telemetry and threat
detection and then actuallymobilizing response against it
via managed, like they haveactual humans, but essentially
that you're retaining to do work.
So this is kind of and thearticle points out kind of what
(01:40):
I was thinking when I read aboutthis, which is, first of all,
it's a good Zscaler doesn't haveanything like this right now.
Right, so it's a big hole inZscalers and, you know, with the
trend towards platformization,which is, which is to kind of
try to for enterprises to arenow trying to acquire single
(02:00):
vendor products that cover thespread rather than having a
bunch of multiple vendorsolutions, from that perspective
this kind of makes sense.
You know, you've got an MDR andyou've got the SASE company and
they both do literally nothingthat the other one does, and you
know.
So they're fillingfunctionality gaps between each
(02:22):
other.
However, it does go on to pointout that, while they cover each
other's gaps, they also donothing really to complement
each other.
If you take Zscaler, which is aSASE company, sse, zero, trust
this is something thatenterprises have been running
for a long time and outsourcesecurity to the cloud or
(02:45):
whatever and then you have thisMDR, which is essentially a
manned outsourced SOC and, yeah,there doesn't seem to be any
good way to do integrationbetween these two products.
So interesting acquisition fromZscaler.
I know they're trying toplatform themselves, basically
give themselves a full suite ofsecurity offers, but yeah, so
(03:09):
yeah, I don't know.
What do you think about thisone?
Chris (03:15):
Yeah, like you said, there's obviously a gap there in
what Zscaler offers today thatdoesn't do anything like this.
So there's definitely whitespace there for them, which is
good.
But the idea here is, you know,they currently have an existing
you know, saas offered typeplatform and this is another
(03:36):
platform that has a lot ofintegrations built in for things
like, you know, even someborderline competitors with
C-Scaler, which makes this a bitinteresting.
You know even some borderlinecompetitors with C-Scaler, which
makes this a bit interesting.
You know they have integrationson the site today for things
(03:56):
like Microsoft, crowdstrike,sentinelone, even the other
major cloud providers as well.
So yeah, it's.
I mean, we've kind of seen thisin the past when company A
acquires company B and they bothoffer platforms, integrating
those platforms can be a veryrocky road and a very difficult
process.
Yeah, I wasn't going to you hitit, um, but uh, yeah, so that's
(04:17):
uh, hopefully this doesn't turnout to be something like that Um
, but it's um it, like you said,it's like it's a when you, when
you hear about the acquisitionand you're like, ok, well, now
that I know what Red Canary does, that seems, you know, that
doesn't compete with any ofZscaler's existing product set,
which is good.
But at the same time, like yousaid, I don't understand how
this meshes very much, unlessthey just, you know, kind of
(04:37):
fold in Zscaler's kind of threatdetection type or enforcement
into the platform from RedCanary.
But I don't know, I don't, Iwouldn't necessarily see them
just doing that.
I feel like it would have to besomething much bigger than that
.
So I don't know, maybe, maybesoon this will get rebranded as
a, you know, zero trust sock.
(05:00):
As a service type thing, Idon't know, we'll see what
happens.
All right.
As a service type thing, Idon't know, we'll see what
happens, All right.
And next up we have a somewhatsmaller of announcement.
But we have an article herefrom the AWS blog, the AWS
Networking blog, that the AWSNetwork Firewall has added
support for multiple VPCendpoints.
So now AWS Network Firewall nowsupports enabling multiple VPC
(05:24):
endpoints for a single firewall,and I know that might sound
kind of basic, but the basic,the communication that we've
seen from AWS employees aboutthis is that it's basically a
way to consume and use AWSNetwork Firewall without having
to actually deploy and usesomething like AWS TGW.
(05:45):
I'd say, if you're an AWSNetwork Firewall customer, odds
are you're also a TGW customer.
I wouldn't see there's a ton ofcustomers that need this today
that don't already use TGW.
But you know, there is theconcept of things like island
(06:05):
VPCs that aren't connected tothe corporate network in some
sense, right.
So this could be something justto alleviate those island ones
that sit off to the side, ormaybe just growing organizations
that haven't yet got to thepoint where they need a transit
gateway.
I think this, like we said, thisis a small announcement, but I
(06:27):
feel like this is probably kindof a bit of smoke to kind of
lean towards where AWS may begoing with network firewall.
We've heard some rumblings inthe market necessarily about how
AWS is looking to make AWSnetwork firewall more consumable
(06:48):
for customers.
Most of the time what we see isit's very cost prohibitive for
a lot of customers, and thatseems to be kind of one of the
major sticks in the mud, so tosay.
But if this is a way to kind oflet you get more out of less
with a single firewall ratherthan having to deploy a network
(07:08):
firewall in every single VPC,maybe this is the first step in
that direction.
I don't know, but that would becool to see.
What do you think, tim?
Tim (07:17):
I think island VPCs is the play.
Yeah, because.
So Gateway Load Balanceralready you know they have
Gateway Load Balancer.
So Gateway Load Balanceralready you know they have
Gateway Load Balancer.
It's already kind of normallydeployed for AWS Firewall, for
kind of this purpose.
Using VPC endpoints insteadmakes it probably cheaper.
First of all, I think, like yousaid, one of the big things was
(07:44):
to make a firewall, or needs afirewall, or has enough VPCs to
need firewalling, probablyalready has some kind of cloud
networking in place, except forthe case of something like
island VPCs or you know wherethey don't have a need for east
west and they really only needto worry about egress traffic,
right.
So so this seems like, honestly, this feels like a stepping
(08:06):
stone on the way to somethingelse.
Also, like you know, just doingVPC endpoints is okay and, like
you said, it fills a niche thatprobably not a large percentage
of customers have or need rightnow, but it does feel like it's
a stepping stone towardsanother bigger you know,
expansion of how networkfirewall is going to work in AWS
(08:28):
, all right.
Next one is AWS is now bowingout of the 5G market.
This article from Network Worldsays AWS no longer offers
private 5G seeds the fields toestablish industry players and
carriers and honestly, I'mamazed that it lasted as long as
it did.
You know it was always going tobe.
(08:50):
Aws is very interested inowning the roads, as it were,
because that helps it deliverthe service right.
So you know, like, look at aKuiper, like the satellite
constellation satellite thatthey've been deploying, right,
what does that do?
It gives connectivity to a lotof places.
Anywhere you can putconnectivity, you can deliver
services right, and that'sreally what AWS is after.
(09:11):
So this was originally, I think, another method by which AWS
could deliver privateconnectivity for its services.
The thing is that it neverreally I don't think it was ever
really able to break into thetelco market Like AWS obviously
doesn't.
They're not a telco, they arekind of a telco provider, but
they're not really a telcoprovider.
And so the technologiesassociated with telco,
(09:35):
especially with like 5G, right,there's a very specific
technologies and unless AWSwants to create them out of
whole cloth, you know they'rekind of bound by third party,
and the article actually goes topoint out that that was one of
the biggest challenges that AWShad was third-party hardware and
of course, also the bands.
(09:56):
Right, like 5G is not aninfinite.
You have to license the radio,essentially the radio waves, and
all that for the 5G.
So a lot of the establishedtelco providers already have it.
So this does go on to point outwhich is what they probably
should have all had done fromthe beginning, which is AWS will
be partnering with Verizon,at&t, other 5G providers to
(10:21):
provide the actual 5G serviceand essentially be a
pass-through for their customersto do that.
So I would say end of an era.
But it's not quite, it's noteven that critical, you know
what I mean.
Like it's just to me it'ssomething that makes sense and I
always thought it was ambitiousfor them to go after 5G.
But remember when 5G firstlaunched what, three, four years
(10:41):
ago now or something like thatthere was a.
You know that was somethingthat was supposed to be the case
.
It was supposed to be kind of awide, open new band to go after
and everybody was going to, youknow, had their chance.
But anyway, but any anything toadd here.
Chris (10:55):
Yeah, um, kind of kind of , like you said, end of an era
that we didn't even, uh know waswas coming to an end or what it
wasn't.
We didn't even know if the erawas existing, to be honest.
But uh, um, yeah, but uh, um,yeah, like you said, is the way
aws works, is, like you said,they like to own the roads.
So, to say, um, and the reasonpeople consume those services
(11:16):
when they own the roads isusually aws has has put on top
of it enough value, um, in thatownership to make it, you know,
consumable and, um, you knowbetter for the, for their
customers.
It seems like in this case theycouldn't get over that hump
right.
I wonder if it was more.
(11:36):
You know, there's kind of somedetails in this article leaning
towards, you know, reliance onthird-party hardware and things
like that, which doesn't reallysound like Amazon's typical
approach.
It seems like they'd want, likeyou said, they want to own
everything.
So maybe they just didn't seethe reward there.
But also, telco is a veryestablished market and has some
(12:01):
nuance to it.
So I almost wonder if some ofthe telco providers were just
basically like nah, fuck you,and just kind of put their foot
down, just frozen out Like andjust kind of put their foot down
Just frozen out?
Yeah, exactly, but I mean, atthe end of the day, I think this
is probably the right way to go.
Let let the you know dominantpartners that do that for their
end customers remain in thatspace.
(12:21):
And then you have this, thisservice you're talking about,
which is the integrated privatewireless, which basically just
sounds like they have some kindof back-to-back pairing with
those partners that offer theprivate 5G and 4G LTE services.
So, overall, it seems likethat's.
It does seem weird that there'sprobably going to be an
intermediary now in between AWSbeing on-prem versus AWS in the
(12:46):
cloud.
So you know, like, if you'reusing something like what is the
product set?
Now it's not Snowfall, I thinkthat might be the full product
set.
Now, I can't remember, there'sSnow something, aws Outposts and
things like that.
So I think that I don'tremember if they changed the
name of it.
Tim (13:05):
Yeah, I'm trying to think if they yeah, what is it now?
Chris (13:08):
Yeah, nonetheless Snow something Snow of it.
But yeah, I'm trying to think,if they, yeah, what is it now?
Yeah, nonetheless snowsomething um snow family, we'll
call it that.
Um, but yeah, interesting,interesting stuff, all right, um
, and last, no, not last one.
Is this last one?
This is the last one, okay, solast up, we have a, uh, an
article from securitybriefcomau.
Yeah, we gotta say the au everytime in Australia.
(13:30):
It really annoys me.
But just so you guys knowsecuritybriefcomau that
checkpoint has made a motion toacquire a company called.
We don't know how exactly topronounce this, so if we get it
wrong we apologize, but I thinkit's Veritai.
Tim said Veriti earlier.
That would also work.
So I don't know which one thisis, but I'm going to go with
(13:50):
Veritai.
Tim said Veriti earlier.
That would also work.
So I don't know which one thisis, but I'm going to go with
Veritai.
But basically they're acquiringVeritai Cybersecurity to expand
their offer for threat exposureand risk management.
So it sounds like Veritai is anautomated multi-vendor platform
for preemptive threat exposureand mitigation per the article,
multi-vendor platform forpreemptive threat exposure and
mitigation per the article andthis is something that's going
(14:11):
to automatically integrate intotheir Infinity platform, which
you know Checkpoint's Infinityplatform, I think, is kind of
this.
Again back to platformization,it's all over the place.
This is kind of it seems likeit incorporates their quantum
line, which is their newAI-powered physical firewalls,
(14:31):
their CloudGuard firewalls,which obviously run in the
public cloud, and their Harmonyservice, which I believe is
their SSE or SASE-type offering.
So it looks like this is yetanother AI-powered platform
(14:52):
which has.
One thing that was called outhere was they offer this thing
called virtual patching, whichTim actually made me aware of
this.
I wasn't aware of what this was.
So virtual patching essentiallyis a way for, you know, threats
could come in from a certainfeed or from some type of
platform they mentioned.
(15:12):
They have integrations withCrowdStrike, tenable, rapid7,
etc.
So basically, information abouta threat could come into this
platform and you can enforcesomething called virtual
patching where, instead ofactually going and patching the
systems that are made vulnerableby the CVE, of actually going
and patching the systems thatare made vulnerable by the CVE,
um, you could automaticallyenforce a security rule or a
(15:34):
firewall rule that essentiallyblocks traffic.
That would relate to that CVE,right?
Um so, um, that seems to besomething that is offered here.
Um so, yeah, interesting stuff.
Um, I don't know exactly whatthis will mean for Checkpoint.
It seems like it'll just beanother kind of ingestion point
for threat information, threatdetection, and they will have to
(15:58):
kind of essentially put thatenforcement into the Infinity
platform in some capacity.
Anything to add to?
Tim (16:05):
Not a lot.
So basically Veritai orwhatever ends up being the
aggregation platform, and thenthey were always integrating
with some kind of enforcementmodel right On the back end.
They were integrating with thethreat detection feeds, you know
, wiz or the ones that youmentioned private, set,
(16:26):
untenable and then they had toessentially talk to the
enforcement layer to actually dosomething with that.
Quote unquote virtual patching,and virtual patching, I mean,
it's such a marketing term,isn't it?
This idea of virtual patchingwhere we're literally, I mean,
don't be wrong.
Chris (16:43):
It's a firewall rule.
That's what it is.
It's a firewall rule.
Tim (16:46):
Right At the end of the day we're saying, oh well, we've
detected that this host orwhatever this device is
vulnerable to a certain type ofattack, and then we translate
that into a firewall rule thatmakes the CVE unexploitable in
some fashion.
Right, until you can.
Actually it's not a replacementfor actually patching the thing
(17:09):
, right, but it's supposed tobuy you time, essentially Make
it unexploitable so you can waitto patch if you need to patch.
But yeah, so from anacquisition perspective, this
makes sense for Checkpoint,since I'm sure you know
essentially okay, well, now I,as the Checkpoint enforcement
layer, gain the ability to dothis virtual patching, because
(17:31):
now I have this new capability.
And then maybe I'm curious tosee, because it said
multi-vendor, I'm curious to seeafter the acquisition, does it
remain multi-vendor or doescheckpoint just like close shop
on the other vendors, or what'sgoing to happen?
Yeah, I agree, probably not.
Checkpoint's not big enough tothrow its weight around like
that, I think.
But anyway, yeah, so that'sinteresting.
(17:53):
I love the marketing termvirtual patching, but other than
that, that's it All right.
So Chris said that was the laststory, but actually we do have
one more, not only did I saythat you agreed with me?
Chris (18:07):
I didn't agree with you.
Tim (18:08):
I just didn't say anything because I didn't want to be an
asshole and be like Chris.
Chris (18:12):
You're fucking wrong again, look if you're watching
on YouTube, watch.
When I say it's the lastarticle and go back and check
Tim's face.
He goes.
Tim (18:18):
I was like, yep, last one, even mouth last one it's yeah,
whatever, whatever, all right,so this one actually, I don't
have the.
We didn't add the link to thehold on.
Let me open it up.
Okay, sorry, it's fromcybersecuritynewscom.
So North Korean IT workersleverage legitimate software and
(18:40):
network behaviors to bypass EDR, which is a weird title for
what this actually is.
You know, isn't that strange?
So let's talk about what theactual attack the EDR is in this
case.
So who was it that broke thisup?
There was an operation federallaw, us federal law enforcement
(19:01):
agencies raided a suspectedlaptop farm used to facilitate
fraudulent employment andschemes where North Korean
nationals posed as legitimateAmerican workers to gain remote
access to Western companies.
Used to facilitate fraudulentemployment and schemes where
North Korean nationals, posed aslegitimate American workers to
gain remote access to Westerncompanies.
So they would essentially likeforge their credentials and
actually go get a job at anAmerican company, get a company
(19:23):
issued laptop for this newremote worker and then connect
it to this you know, essentiallythis laptop farm, and then
these nationals would exploitthe fact that, hey, I've got a
backdoor into you know thiscompany, you know this, this
company.
And all I can think of as I'mthinking about this is the key
and peace, the, the, the key andpeel skillet, where they're
(19:46):
like, where they, where they'replaying in the bank, heist.
And he's like no, I got abetter idea.
We're going to go in and we'regoing to, we're going to walk in
and every week we're going tocome out with some money and 30,
40 years later, 40 years later,we walk out, happened.
He's like that's a job, um,anyway, but no, this is legit.
So these, uh, these back doors,uh, I say back doors, I mean
(20:10):
they're freaking remote accessvpns for employees, right, this
is ridiculous, uh, but they were, they're being used like these,
these, these, these nationalswere pretending to be american
workers and getting back door,you know, via company issued
laptop into the backdoor and theVPN.
And then, and then you know, atthat point you just hope that
either they, you know, didn'thave a role within the
(20:34):
organization that could accessanything sensitive, or that you
know that you had good zerotrust capabilities inside your
network to stop lateral movement.
So this is really just crazy,this story.
It's, I don't know.
The system's crown jewel wasits Zoom client automation
(20:55):
module, which manipulated videoconferencing sessions to
establish remote desktop access,automatically launched Zoom
meetings, joined sessions andapproved remote control prompts
through simulated keyboardinputs, transferring legitimate
collab platform into a remoteadministration tool.
So yeah, this is nuts, like the.
The level of sophisticationhere amazing, I don't know what
to say, just amazing.
(21:15):
Anyway, what, uh?
Chris (21:17):
do you have anything to add to this one, chris, because
I think this is just nuts yeah,uh, I mean, you pretty much
covered it, but it's just thisone's just like so funny, how,
like I mean, maybe this is aprominent thing, but I've never
seen this before where, like,they go to the point of actually
, you know, getting employed bythe company that they want to
steal from.
And it's funny because you knowwe talked about this before we
(21:41):
hit record but essentially, thatmeans you're paying someone to
steal your own data Because ifthey're an employee, they have
to be cutting a paycheck to them.
And albeit they are literallyjust a laptop that exists in
some farm in Korea.
You know kind of they touch onthese points about how they have
these very simple scripts setup to maintain a persistent
(22:03):
connection to the um corporateassets, um, while being located
in Asia.
Um, it's really like I don'tknow if it touched on it in here
, but it's like that makes melike so many things are going
through my head Like were they?
Like under they?
Were they under the impressionthat the employee was going to
be working out of Korea?
(22:26):
Because it seems like there'ssome very simple things in
endpoint detection services thatwould pick up on some of this
stuff.
I mean, it's very possible thatthis company was just not using
a kind of modern stack in thatcapacity which is probably where
they will be moving towards nowwhich something that does
posture checks and DLP andthings like that.
(22:49):
But even, like you said, ifthey were using these kind of
like sophisticated things to dolike a remote access control
prompt and do this all throughzoom, like I don't even know if
that would get picked up bysomething like dlp because, like
it, yeah there's so many layersto this where things are going
to get encrypted and like Idon't I don't know exactly how
(23:10):
you would detect this or planfor a detection like this.
Like this is like, like how doyou, how do you like tell
company a bc to to protectagainst something like this?
Like don't hire fake people.
Tim (23:24):
Like I don't look, it's crazy, because they were going
as far as capturing uh artpackets and sending them over
web sockets and stuff like thisis, this is nuts.
This is so sophisticated um,and I don't know how a dlp or an
edr, you know, could havenecessarily known to look for
this.
Chris (23:42):
Right, Very, very I mean to be honest, pretty cool,
Pretty cool that they were ableto do this.
Tim (23:48):
Yeah, I got to say I'm actually mad respect actually
for this type of cyber attack.
That's impressive.
Chris (23:54):
Yeah.
Tim (23:55):
It's like the True social engineering.
Chris (23:57):
It's like the Baxter eating the.
What is it?
What is it from Anchormanorman?
He's like you ate an entirewheel of cheese that's
impressive.
Tim (24:08):
Yeah, oh man, okay.
So yeah, with that, we'll goahead and uh and close up shop
here.
I hope you uh all enjoyed thisweek's news.
If you did, please leave us acomment.
Share it with a friend.
Chris (24:21):
That being said, do check the if you want more.
Check the news doc, becausethere was actually quite a bit
this week that we didn't get tocover.
There was actually a coolarticle in there about a project
called MPIC, which is focusedon preventing BGP attacks with
(24:44):
their certificate validationSomething that Tim and I did not
have time to become experts onto talk about before this, but I
thought it was superinteresting and I will be
looking at it after the show.
But yeah, definitely take alook, there's plenty in there
for this week.
Tim (24:56):
Yeah, there's more than usual articles, Some funny ones
too.
But yeah, take a look at thearticle.
Sorry, the news, my God, I justlost it.
News article and news articles,I guess.
The document, the document, yes, Thank you, All right, and with
that we'll go ahead and uh endit here and uh we'll see you
next time.
Popular Podcasts
Cold Case Files: Miami
Joyce Sapp, 76; Bryan Herrera, 16; and Laurance Webb, 32—three Miami residents whose lives were stolen in brutal, unsolved homicides. Cold Case Files: Miami follows award‑winning radio host and City of Miami Police reserve officer Enrique Santos as he partners with the department’s Cold Case Homicide Unit, determined family members, and the advocates who spend their lives fighting for justice for the victims who can no longer fight for themselves.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.