Dave Lewis


[ 00:00:19 ] Websites about you know 20 years ago were such that you could just stand up and you would be relatively resilient because there wasn’t a whole lot of traffic online at that time. It has progressed over time to the point now where you actually need something like a content distribution network as well as security overlay as well to make sure that your site and one can stand up and two can be resilient to attacks because if a site is even remotely popular you could have thousands upon thousands of visitors hitting your site every minute. And this was not a problem back then 20 years ago when you’d have you know that many a year. Now it has very much change so if you’re looking at the Amazons and Microsoft’s of the world where they have a lot of volume they have to have some sort of resilience in place in order to ensure that they can stand up under load not only from attacks but just from something like a sale. So they’re having a sale like Amazon has their Pi Day or Black Friday is coming out. This is a heavy traffic day so just by sheer volume of the number of people they are going to the Web site it could in some cases take it down if the site is not set up to be perfect. At this point we’ve really reached the point where it is necessary for all sites to have some sort of acceleration in front of their site. In addition to security because we have gotten to that point now we’ve tipped over to you know streaming media online. You have various companies out there like the Netflix of the world and things to that effect where they’re delivering a lot of content online to multiple devices. And you know for example if my 3 year old can’t get his wiggles on his iPad there’s going to be hell to pay. When people try to expand their size and they have to understand that there are going to be attacks it’s inevitable and it’s not because of the vertical they happened to be in it simply by virtue of the fact they have an IP address attached to the Internet at this point that time in time or that it is really gotten to that point where you know we have to look at it from the acceleration and the security to make sure that we’re looking at the security attacks that are happening so that we can pull productions for people across the board and with a service like ours you are looking at it from a cloud based offering because appliances simply don’t scale. If you go dropping appliances in every organization that needs help that will have very limited utility and you really have to look at it from a cloud based offering at this point because it gives you the scale and ability to react to not only threats but pure volume. IOS has really become the bacon of the Internet. Everything is better with bacon. IOC literally means anything with an Internet access be it a toaster. I’ve seen actually a toothbrush with IMT related toothbrush and all of these devices present a target of opportunity for an attacker. So if an attacker is able to compromise this device and either exfiltrate data or get into their network further if you are home network or your enterprise whatever it happens to be they’re always looking to see how much they can get away with. And the attackers are going to do what they do. So if you provide them more targets of opportunity the chances for them to get in rises simply because a lot of these devices to end up being shipped with deprecated libraries that reintroduce security problems that had been previously remedied. I ot is fraught with problems but it’s also fraught with opportunity. If you look at it you play on any device that you go through you will click except because you want your shiny new toy. A lot of the same problem applies for any sort of OT device. So if you’re just clicking through and just accepting it and attaching to the internet most people don’t have a firewall at their house. I’d say by and large you know 99 percent of people don’t have a firewall at home. So these devices end up being directly connected. Now for example with our organization we don’t look at the end user consumer device as we look at the infrastructure that supports it. So for example if the DNS goes down for whatever my gadget dot com not actually a Web site I don’t think. But if they if that particular DNS goes down none of those devices can communicate back to the backend systems. And these are the things you have to worry about as is your infrastructure going to be resilient. And is it going to be able to take an attack. Because you know while the device might stop working that’s one of the things you want to test with your consumer device if you have a device that you unplugged from the internet and it stops working. This is a bit of a problem. You want to make sure that if you’re paying money for these devices it still works even if it doesn’t have an internet connection. With these consumer grade iOS devices really is about time to market for a lot of these companies they want to be out before their competitors are out and a lot of time security unfortunately gets bypassed. And this is a problem that can grow from that. And I really do worry about these sort of things where you know great opportunity great devices but they have planned excuse me planned obsolescence built into them and they don’t intend for the device to have longevity whereas they worry more about their infrastructure. So. It really is a tradeoff for the end user to say you know how much of this money is really going to be well spent. My own personal home is actually IATSE able where I can walk into a room and the lights turn on and the TV turns on. I don’t have to do anything just because I have. No free time but somehow I managed to pull it off. But you know that’s the geek in me having fun with it. I ot is definitely something that we are transitioning into in a large way for primarily protecting infrastructure but there are different groups out there that are spitting out different types of efforts to better secure IOTAs So it’s not a case of all is lost. Definitely not that at all. But it’s really a case of you won’t pay a dollar upfront or ten thousand on the backend so it’s better to have security in the conversation at the beginning. That way you don’t have to worry about ending up on the front page of The Wall Street Journal the next day. I think the great thing about I ot is the opportunity that presents security can be addressed as long as manufacturers are taking it seriously as long as end users are voting with their dollars to make sure they’re driving that change. Because when I see all the types of data and how they can be used and I mean and I’m walking around with an ID device basically on my wrist every day and the amount of data that it has is absolutely fantastic and how it can be used. For example I saw a story just last week about one gentleman who saved his life because his heart rate monitor spiked and he couldn’t understand why he went to the hospital. Turned out he was having an embolism. And it saved his life literally. So the possibilities are great and I think that’s where security likes to be an overlay to make sure that devices like this are secure so we can see more good news stories like this. We are definitely working with lots of media companies because we deliver their content online and we help stream them so it is faster because we want to make sure that the consumer in India. None of it in northern and northern Canada as well as in southern Brazil are able to get the same user experience. And it’s one of those things where we want to make sure that that is driving forward and also in a secure fashion because attackers would love nothing more than to be able to hijack one of these streams and you know alter it to how they see fit. And this is a problem but this is a problem that can be addressed and is being addressed.

Thought Gallery Channel:
Backstage Conversations
Backstage Conversation Season: 2017