1 00:00:04,880 --> 00:00:11,160 This is identity at the center. Welcome to the Identity at the 2 00:00:11,160 --> 00:00:12,840 Center podcast. I'm Jeff, and that's Jim. 3 00:00:12,840 --> 00:00:14,680 Hey, Jim. Hey, Jeff, how are you? 4 00:00:15,120 --> 00:00:17,200 Oh, not so bad herself. I'm doing great. 5 00:00:17,200 --> 00:00:19,520 I'm so excited about today's episode. 6 00:00:19,720 --> 00:00:23,200 Every once in a while you get a founder who really takes 7 00:00:23,200 --> 00:00:26,320 technology and solves a real world problem. 8 00:00:26,520 --> 00:00:29,880 I mean, you and I have been doing identity strategy for a 9 00:00:29,880 --> 00:00:32,520 long time. And one of the things we always 10 00:00:32,520 --> 00:00:36,120 say, how do you know who's calling the help desk actually 11 00:00:36,120 --> 00:00:40,640 is who they say they are, right. And like, it's how often do we 12 00:00:40,640 --> 00:00:42,960 get a good answer? Hardly ever. 13 00:00:43,640 --> 00:00:47,040 I think we'll talk about technology today that, you know, 14 00:00:47,080 --> 00:00:50,200 could turn that on his head. Yeah, exactly. 15 00:00:50,200 --> 00:00:52,480 And I think this is a, a question that typically comes up 16 00:00:52,480 --> 00:00:56,200 is it's, it's, I've asked it so many times in our, you know, 17 00:00:56,200 --> 00:00:58,480 client engagement, things like that and has never really been a 18 00:00:58,480 --> 00:01:00,320 good answer, but. This is a. 19 00:01:00,560 --> 00:01:03,480 A a sponsored episode that I am actually very happy about 20 00:01:03,480 --> 00:01:06,040 because not that I'm not happy about the other ones, but this 21 00:01:06,040 --> 00:01:09,800 is one that solves a real world problem that I have seen come up 22 00:01:09,880 --> 00:01:12,240 multiple times. How do you know someone is 23 00:01:12,240 --> 00:01:15,200 calling the help desk? And so to that end, we do have a 24 00:01:15,200 --> 00:01:18,000 sponsored episode today. It is with Trusona. 25 00:01:18,000 --> 00:01:21,640 It is with the founder and CEO of Trusona, Ori Eisen. 26 00:01:21,640 --> 00:01:24,080 So welcome back to the show, Ori, because this is actually 27 00:01:24,080 --> 00:01:27,440 your second time being with us. Thank you for having me again. 28 00:01:27,440 --> 00:01:29,680 I'm super honored and excited to be here. 29 00:01:30,600 --> 00:01:31,800 Yeah. So we're excited to have you 30 00:01:31,800 --> 00:01:35,360 here, trusona.com/IDAC. We're going to have some content 31 00:01:35,360 --> 00:01:37,200 there that we're going to kind of talk about through this. 32 00:01:37,440 --> 00:01:39,920 You were kind enough to give us a demo, So we might refer to 33 00:01:39,920 --> 00:01:42,240 that as we go through the conversation here and it's 34 00:01:42,240 --> 00:01:44,080 recorded there. So we have kind of our own 35 00:01:44,080 --> 00:01:48,280 little IDAC spin on that into into the demo world that people 36 00:01:48,280 --> 00:01:50,800 will be able to visit there. But I'm not going to ask you how 37 00:01:50,800 --> 00:01:53,280 you got into identity because we already asked you that question 38 00:01:53,280 --> 00:01:56,600 back in 2023, believe it or not. So about a year and a half, 39 00:01:56,600 --> 00:01:58,800 maybe almost two years ago, we were at the Authenticate 40 00:01:58,800 --> 00:02:00,880 conference and he came in and sat down with us. 41 00:02:01,520 --> 00:02:05,360 So what I want to find out is what's been happening since 42 00:02:05,360 --> 00:02:07,800 2023. Tell us a little about Trusona 43 00:02:07,800 --> 00:02:09,280 and then we're going to definitely we're going to get 44 00:02:09,280 --> 00:02:10,479 into ATL Protect here in a minute. 45 00:02:12,000 --> 00:02:15,640 What happened is after eight years of developing the no 46 00:02:15,640 --> 00:02:19,480 passwords solution, as you can see, even my shirt is still 47 00:02:19,480 --> 00:02:23,320 saying that many customers asked a simple question. 48 00:02:24,160 --> 00:02:28,480 What happens when someone calls in and says I lost my hardware 49 00:02:28,520 --> 00:02:35,320 key, I lost my MFAI don't have a device with the password list? 50 00:02:36,000 --> 00:02:40,840 Let me in, hear me out. Even if you take every single 51 00:02:40,840 --> 00:02:44,280 employee in a company and you completely retrofit them with 52 00:02:44,280 --> 00:02:47,080 password less authentication, which I think is an amazing 53 00:02:47,080 --> 00:02:50,720 idea. The problem that still exists is 54 00:02:50,720 --> 00:02:53,400 when hackers call in and say I don't have that thing you want 55 00:02:53,400 --> 00:02:55,200 me to have. Now what? 56 00:02:56,520 --> 00:03:00,600 So by talking to customers, we realize at your Sona that the 57 00:03:00,600 --> 00:03:05,680 last hole, the last gaping hole in the hole password less 58 00:03:05,680 --> 00:03:09,480 strategy is I don't have it. Help me. 59 00:03:10,440 --> 00:03:14,200 And you can see that the call quickly turns to an identity 60 00:03:14,200 --> 00:03:20,000 verification effort as opposed to authentication to be crisp 61 00:03:20,000 --> 00:03:23,520 about that. If MFA works perfectly, you 62 00:03:23,520 --> 00:03:27,200 don't need what I'm we're about to talk about because people get 63 00:03:27,200 --> 00:03:28,760 in and out of systems all day long. 64 00:03:29,320 --> 00:03:32,720 But if you're on vacation and your phone falls in the ocean, 65 00:03:33,520 --> 00:03:36,120 you just go to, let's just say, the Apple Store and you get a 66 00:03:36,120 --> 00:03:39,720 new iPhone. You now need to get back to your 67 00:03:39,840 --> 00:03:42,680 business. However, you don't have that 68 00:03:42,680 --> 00:03:44,760 thing that you need in order to get back in there. 69 00:03:45,720 --> 00:03:48,320 Why would they give you access? How would you prove to them that 70 00:03:48,320 --> 00:03:52,280 it is you, Jeff or Jim or one of our listeners here on the other 71 00:03:52,280 --> 00:03:55,920 end? And when you add to it, what 72 00:03:55,920 --> 00:03:59,200 happened two years ago that we have to insert into this 73 00:03:59,200 --> 00:04:04,640 conversation is the word Jen AI. When we sat at authenticate 2 74 00:04:04,640 --> 00:04:08,560 years ago, I guess ChatGPT just started and people kind of 75 00:04:08,560 --> 00:04:11,040 thought about it as a textual tool. 76 00:04:11,720 --> 00:04:14,800 If you look at what Scattered Spider doing as we speak here, 77 00:04:14,800 --> 00:04:18,320 as we're recording this episode, simply are calling your IT help 78 00:04:18,320 --> 00:04:22,920 desk, claiming to be the CSO even with your voice or your CEO 79 00:04:22,920 --> 00:04:25,640 with their own voice that they have sampled. 80 00:04:25,680 --> 00:04:28,600 And good luck to the IT help desk agent to know is this the 81 00:04:28,600 --> 00:04:32,400 CEO berating to reset their password or not? 82 00:04:32,760 --> 00:04:34,040 That is what's new and different. 83 00:04:35,040 --> 00:04:37,600 Well, as someone who's been on that call where, you know, 84 00:04:37,600 --> 00:04:39,800 you've got people calling and it's like, OK, read it. 85 00:04:39,800 --> 00:04:41,760 You're, you're trying to authenticate callers, etcetera. 86 00:04:42,240 --> 00:04:44,480 I remember when you showed this to me and, and this is something 87 00:04:44,480 --> 00:04:46,600 you've actually been working on for I think maybe a year and a 88 00:04:46,600 --> 00:04:50,160 half or, or something like that. But I was kind of like, oh, this 89 00:04:50,160 --> 00:04:53,360 is kind of cool. So tell me a little bit about 90 00:04:53,360 --> 00:04:56,080 what it is about Ato Protect. And when we say Ato, we're 91 00:04:56,080 --> 00:04:59,760 talking about account takeover. And so the goal here is to yeah, 92 00:04:59,760 --> 00:05:02,320 know that it is Jim calling me and not someone to pretend to be 93 00:05:02,320 --> 00:05:07,120 Jim, etcetera. So my, my, my, my jaded See, so 94 00:05:07,120 --> 00:05:10,120 hat tells me I've got so many security tools out there. 95 00:05:10,800 --> 00:05:13,720 Cool Ori, like, why do I need another tool in my stack? 96 00:05:14,200 --> 00:05:16,520 So tell me a little bit about more about Ato Protect 97 00:05:16,520 --> 00:05:19,400 specifically and what do you think makes it different from 98 00:05:19,400 --> 00:05:21,440 other solutions that are, you know, kind of trying to do the 99 00:05:21,440 --> 00:05:24,200 same thing? Yeah, I, I love this and I love 100 00:05:24,200 --> 00:05:27,400 this conversation as a practitioners talk, because you 101 00:05:27,400 --> 00:05:30,120 should ask me and everybody else who come on the show, do I 102 00:05:30,120 --> 00:05:33,520 really need another tool? I mean, we have a toolarama 103 00:05:33,520 --> 00:05:37,760 everywhere you go with so many beeps and bops and reports, it's 104 00:05:37,760 --> 00:05:40,400 actually becoming harder to know what's going on because of all 105 00:05:40,400 --> 00:05:42,560 the chaff, right, As opposed to the signal. 106 00:05:43,920 --> 00:05:45,760 To answer your question, I'll say this. 107 00:05:46,680 --> 00:05:50,680 Identity and authentication have been close Friends, enemies, 108 00:05:50,680 --> 00:05:54,480 frenemies, cousins. They were never thought of as 109 00:05:54,480 --> 00:05:56,640 the same thing. Let me prove it to you. 110 00:05:57,480 --> 00:06:01,440 You can sign up for a Gmail account today without them 111 00:06:01,440 --> 00:06:03,240 really knowing if it's you or Jim. 112 00:06:03,240 --> 00:06:04,880 They they just don't care to know. 113 00:06:04,880 --> 00:06:08,480 As long as you have a unique handle, you can stay anonymous. 114 00:06:09,000 --> 00:06:13,040 There's zero identity proofing or identity verification in 115 00:06:13,040 --> 00:06:16,080 those kind of processes. Think about your net Netflix 116 00:06:16,080 --> 00:06:18,600 account. If you paid with a credit card 117 00:06:18,600 --> 00:06:21,280 that was prepaid and was anonymous, they would also not 118 00:06:21,280 --> 00:06:25,560 know who you are. However, when you call an IT 119 00:06:25,560 --> 00:06:28,600 help desk or we'll talk about other use cases that a company 120 00:06:28,600 --> 00:06:30,360 could have. For example, you're interviewing 121 00:06:30,360 --> 00:06:32,840 somebody to come work for you. You want to make sure they are 122 00:06:32,840 --> 00:06:37,320 who they say they are when a vendor calls your accounts 123 00:06:37,320 --> 00:06:40,600 payable and say we changed the bank account, so send us the 124 00:06:40,600 --> 00:06:43,960 next invoice to this new bank. Now it's not about 125 00:06:43,960 --> 00:06:46,800 authentication, it's about, wait, who is telling me to do 126 00:06:46,800 --> 00:06:49,280 this? Who is the true identity on the 127 00:06:49,280 --> 00:06:52,880 other side? So the reason you might need 128 00:06:52,880 --> 00:06:57,400 another tool is if we'll focus on the IT helpdesk, even though 129 00:06:57,400 --> 00:06:59,600 you can see that there's other things around it. 130 00:07:00,240 --> 00:07:03,960 When someone calls and they cannot authenticate perfectly, 131 00:07:04,720 --> 00:07:08,640 you are turning the problem from, do you have the 132 00:07:08,640 --> 00:07:11,880 credentials I gave you to? I need to know who you are 133 00:07:11,880 --> 00:07:14,440 before I do anything. Anything could be reset that 134 00:07:14,440 --> 00:07:18,920 password, reset your MFA, give you privilege access, or do 135 00:07:19,200 --> 00:07:24,800 anything that is seriously risky because I can't really tell 136 00:07:24,800 --> 00:07:30,640 who's calling me. We have in our industry all 137 00:07:30,640 --> 00:07:34,160 kinds of tools for account verification for our customers. 138 00:07:34,600 --> 00:07:37,720 For example, if you're a bank and you open credit card 139 00:07:37,720 --> 00:07:42,080 accounts or a DDA account, yeah, you scan documents and you do 140 00:07:42,080 --> 00:07:45,400 checks and liveness that you do all those things when you open a 141 00:07:45,400 --> 00:07:48,960 consumer account. I doubt that you do the same 142 00:07:48,960 --> 00:07:52,560 things today with your employees, and I doubt that you 143 00:07:52,560 --> 00:07:55,360 do the same thing when an employee comes in without MFA. 144 00:07:55,800 --> 00:08:01,040 Yeah, it feels like I'm so interested to get your take on 145 00:08:01,040 --> 00:08:04,040 this, but it feels like when Jeff and I would ask this 146 00:08:04,040 --> 00:08:09,840 question 10 years ago in that workforce identity situation, it 147 00:08:09,840 --> 00:08:13,080 was something like, OK, how are you verifying people? 148 00:08:13,360 --> 00:08:18,080 And it'd be like, well, we asked them their badge number and then 149 00:08:18,080 --> 00:08:21,320 who did they sit next to? Like, like knowledge base. 150 00:08:21,320 --> 00:08:23,320 So we say, OK, well, that's a big Rev X. 151 00:08:23,320 --> 00:08:27,640 That's not good. But then you see organizations 152 00:08:27,640 --> 00:08:32,039 that, well, we text them a special number, then ask them to 153 00:08:32,039 --> 00:08:37,799 read it off to us, or we e-mail that code to the e-mail address 154 00:08:37,799 --> 00:08:40,320 we have on file in their HR system. 155 00:08:40,640 --> 00:08:43,360 And so you say, OK, that's out of band. 156 00:08:43,760 --> 00:08:50,160 It couldn't be broken probably. But you know, you'd have to be a 157 00:08:50,160 --> 00:08:54,480 super hacker today. I'm not Even so sure that that's 158 00:08:54,480 --> 00:08:57,240 true. Like give us give us your 159 00:08:57,240 --> 00:09:02,520 perspective on that e-mail to or SMS kind of scenario. 160 00:09:02,520 --> 00:09:05,840 Is that good enough? Well, let's do this. 161 00:09:07,480 --> 00:09:10,840 Anybody who listens to this podcast, I assume reads the news 162 00:09:10,840 --> 00:09:14,320 from the security world. If you don't just open your 163 00:09:14,320 --> 00:09:18,280 favorite search engine, put in these two words Scattered Spider 164 00:09:18,280 --> 00:09:20,400 together to name off a Cybergang. 165 00:09:21,000 --> 00:09:25,080 Pick up any article and go read their MO, their modus operandi, 166 00:09:26,400 --> 00:09:29,080 and the answer will be there. Let me tell you what they're 167 00:09:29,080 --> 00:09:31,560 doing and why the answer is absolutely not Jim. 168 00:09:33,000 --> 00:09:36,320 Their favorite tactic is what's called SIM swap. 169 00:09:36,640 --> 00:09:40,000 And what that means is they would call your telephone 170 00:09:40,000 --> 00:09:42,920 company and and again, if there's no hackers in the 171 00:09:42,920 --> 00:09:46,880 audience, you can derive who my telephone company is by the 1st 172 00:09:46,880 --> 00:09:49,440 6 digits of my phone. It's not a secret. 173 00:09:49,440 --> 00:09:52,840 You can tell if I'm with Verizon or AT&T, Not a problem. 174 00:09:53,800 --> 00:09:57,600 You would call my telephone company as a precursor to the 175 00:09:57,600 --> 00:10:01,480 attack and basically tell them that you are me and you got a 176 00:10:01,480 --> 00:10:06,600 new phone and you want to port the scene, you want to SIM swap 177 00:10:06,600 --> 00:10:10,240 the phone. And what happens if they fall 178 00:10:10,240 --> 00:10:11,720 for this? And let me explain to you why 179 00:10:11,720 --> 00:10:14,800 they do all the time. All the text messages you're 180 00:10:14,800 --> 00:10:17,960 about to send me, Jim will actually go to the bad guy, not 181 00:10:17,960 --> 00:10:21,000 to me anymore. Let's take it slow. 182 00:10:21,040 --> 00:10:25,720 The first step is to snip out the real customer from the 183 00:10:25,720 --> 00:10:30,360 traffic so they're not even aware that the OTP, the one time 184 00:10:30,360 --> 00:10:32,880 passcode you just sent me did not reach them. 185 00:10:33,840 --> 00:10:35,160 Now I'm going to take a step backward. 186 00:10:35,160 --> 00:10:37,160 This is not, you know, don't try this at home, kids. 187 00:10:37,160 --> 00:10:39,800 I'm not teaching you how to hack, but I just want you to 188 00:10:39,800 --> 00:10:43,680 know why this happens and why you have 0 control over it. 189 00:10:43,680 --> 00:10:47,080 If you're a CSO listening, you can't control AT and TS 190 00:10:47,080 --> 00:10:49,800 processes. You can't control Verizon. 191 00:10:50,320 --> 00:10:54,480 They will do whatever their script says in the call center 192 00:10:54,600 --> 00:10:58,800 and unfortunately they might ask me things like my mother's 193 00:10:58,800 --> 00:11:02,120 maiden name and my last four of my social and my date of birth 194 00:11:02,560 --> 00:11:06,720 to prove to them that I am Ori the telephone owner before they 195 00:11:06,720 --> 00:11:08,880 SIM swap me. So good luck with that. 196 00:11:09,720 --> 00:11:13,240 This is step one in how Scattered Spider get you to 197 00:11:14,480 --> 00:11:17,840 operate as if you are sending it to the real employee. 198 00:11:18,160 --> 00:11:20,120 But you if you're not checking first. 199 00:11:20,120 --> 00:11:22,840 Is this phone recently SIM swapped? 200 00:11:23,360 --> 00:11:24,920 You're duped. You're none the wiser. 201 00:11:24,920 --> 00:11:28,440 You're now sending all the stuff directly to the bad guy. 202 00:11:28,640 --> 00:11:32,400 I'll pause here. No, it's that's exactly. 203 00:11:32,400 --> 00:11:37,680 And to think that that is that uncommon, I mean, when you hear 204 00:11:37,680 --> 00:11:40,640 about these scattered spudger attacks, that's the exact 205 00:11:41,120 --> 00:11:45,800 pattern that's used. And at least there's some really 206 00:11:46,160 --> 00:11:51,080 catastrophic data breaches and and beyond data breaches where 207 00:11:51,080 --> 00:11:55,280 you get to the point where you can really have an operational 208 00:11:55,280 --> 00:12:01,920 impact on a company. You know this, you know, given 209 00:12:01,920 --> 00:12:05,800 that given that that kind of backdrop, because I'm not a true 210 00:12:05,800 --> 00:12:10,360 believer, this is not something that is some kind of far out, 211 00:12:10,640 --> 00:12:13,560 yeah, that's never going to happen to me kind of scenario. 212 00:12:13,560 --> 00:12:16,400 It very well could if you don't have the right projections. 213 00:12:16,560 --> 00:12:19,000 And look, I don't want to say company names, but some of the 214 00:12:19,400 --> 00:12:23,800 the household name breaches that you've heard of, they started 215 00:12:23,880 --> 00:12:26,480 very much in that way. Exactly. 216 00:12:26,600 --> 00:12:31,000 I guess we have what I really want to ask you Ori is like how 217 00:12:31,000 --> 00:12:36,120 does your Ato product, Ato protect product prevent that? 218 00:12:36,120 --> 00:12:38,000 I mean, what can what can you guys do? 219 00:12:38,640 --> 00:12:41,440 Let let me just go back a second to answer your question about 220 00:12:41,440 --> 00:12:43,040 e-mail. I just want to see what is the 221 00:12:43,040 --> 00:12:45,520 pre step there. I already explained in the phone 222 00:12:45,520 --> 00:12:48,360 world, you do a SIM swap in the e-mail. 223 00:12:48,360 --> 00:12:51,760 There's an easier path. If I imagine a bank that has 224 00:12:51,760 --> 00:12:55,920 40,000 employees, I call one of them and say, hey, I'm calling 225 00:12:55,920 --> 00:12:58,880 you from the IT department at the bank, I need to install 226 00:12:58,880 --> 00:13:00,520 something so we can help you next time. 227 00:13:01,760 --> 00:13:04,880 Now how will the employee ever know if I'm really working at 228 00:13:04,880 --> 00:13:08,200 the bank or not? So unfortunately, some people 229 00:13:08,200 --> 00:13:11,320 take the lure, allow me to get complete access to their 230 00:13:11,320 --> 00:13:14,320 computer and now I can get their emails. 231 00:13:14,360 --> 00:13:18,080 So if you sent me the e-mail in the chain we talked about 232 00:13:18,080 --> 00:13:19,640 before, I'm now getting that as well. 233 00:13:19,640 --> 00:13:22,600 I just want you to know how it's done, Yes. 234 00:13:22,600 --> 00:13:25,280 Am I foreshadowing what the Ato Protect does? 235 00:13:25,280 --> 00:13:27,400 Yes. But I want you to understand the 236 00:13:27,400 --> 00:13:31,640 why because we've spoken to enough Csos and enough customers 237 00:13:31,640 --> 00:13:34,720 that told us all the different ways they were taken down. 238 00:13:35,720 --> 00:13:40,400 And we've done a thing that is a little bit to our detriment. 239 00:13:40,400 --> 00:13:42,640 So I want to be very upfront about that. 240 00:13:42,760 --> 00:13:46,520 When I speak to some of the analysts in our field, without 241 00:13:46,520 --> 00:13:50,560 mentioning company names, they basically said you've created 242 00:13:50,560 --> 00:13:54,440 something that is a Franken solution in the sense that it is 243 00:13:54,440 --> 00:13:58,160 not focused in any specific domain or expertise. 244 00:13:58,520 --> 00:14:01,560 It is by taking five different domains and putting them 245 00:14:01,560 --> 00:14:06,320 together that we are not really a fit to any Magic Quadrant, if 246 00:14:06,320 --> 00:14:08,840 you want to think about it that way, because we're not like this 247 00:14:08,840 --> 00:14:11,800 one thing. So I'll go, I'll explain how we 248 00:14:11,800 --> 00:14:15,520 do what we do, but the key is that we did not start with like, 249 00:14:15,520 --> 00:14:17,720 what are we good at? And let's try to convince you to 250 00:14:17,720 --> 00:14:20,800 buy that, which is unfortunately how our world is. 251 00:14:21,400 --> 00:14:24,320 It is taking 2 steps back. It was about 18 months ago. 252 00:14:24,320 --> 00:14:28,360 Jim, listen to all the MOS, all the attack vectors that are 253 00:14:28,360 --> 00:14:33,400 happening after The MGM breach and say if you were to sell the 254 00:14:33,400 --> 00:14:37,200 solution to the Cecil, not a point of I can do this or that, 255 00:14:37,200 --> 00:14:40,280 What would that look like? It forced us to be good at 256 00:14:40,280 --> 00:14:46,280 document scanning telcos, DMVS, different data brokers, 257 00:14:46,480 --> 00:14:49,440 realizing that there was a man in the middle attack perpetrated 258 00:14:49,440 --> 00:14:52,480 a second ago. All these things together. 259 00:14:52,480 --> 00:14:55,200 Plus, did somebody call your employee without you even 260 00:14:55,200 --> 00:14:59,240 knowing right? Have amalgam into this Ato 261 00:14:59,480 --> 00:15:02,720 protect because it really protects from AT OS in the 262 00:15:02,720 --> 00:15:04,800 different permutations they can take. 263 00:15:05,760 --> 00:15:10,840 So I'll let you ask the next question, but the key is that if 264 00:15:10,840 --> 00:15:13,880 Trusona started its journey by saying we need to go password 265 00:15:13,880 --> 00:15:17,240 less, and I still think the world should, and at the end of 266 00:15:17,240 --> 00:15:19,840 that journey realized, Oh my God, if everybody had password 267 00:15:19,840 --> 00:15:21,960 less, but the bad guy just needs to say it. 268 00:15:21,960 --> 00:15:23,200 Well, I don't have the password less. 269 00:15:23,200 --> 00:15:26,480 Let me in. We are now solving that issue. 270 00:15:26,920 --> 00:15:30,560 But I want you to realize that it's not a single disciplined 271 00:15:30,560 --> 00:15:34,440 area to focus because scattered Spider and the calm and black 272 00:15:34,440 --> 00:15:37,880 Cat are so well organized. I don't want to say 273 00:15:37,880 --> 00:15:41,880 sophisticated because deep, deep down, everybody who listens to 274 00:15:41,880 --> 00:15:43,440 this call can commit these crimes. 275 00:15:43,760 --> 00:15:45,560 It's not like you need to be a rocket scientist. 276 00:15:45,560 --> 00:15:50,320 You just need to have your moral compass at the set wrong because 277 00:15:50,320 --> 00:15:52,760 they can come to you at all these different angles. 278 00:15:52,760 --> 00:15:56,520 We have to be good at all these different angles to protect. 279 00:15:56,880 --> 00:16:00,760 I'll pause here. So I think that idea of the man 280 00:16:00,760 --> 00:16:03,640 and middle attack is sort of how things kind of get started. 281 00:16:03,640 --> 00:16:06,120 I don't want to get too far along here because I don't know 282 00:16:06,120 --> 00:16:08,680 if we have really talked about how this works. 283 00:16:09,200 --> 00:16:12,840 So I'm curious or if you could just take me step by step if, if 284 00:16:12,840 --> 00:16:16,120 someone's, if I'm a security analyst, a help desk person, 285 00:16:16,120 --> 00:16:17,600 whatever it is. And I might be responsible for 286 00:16:17,600 --> 00:16:19,920 taking a phone call. And we'll just pick on Jim here. 287 00:16:19,920 --> 00:16:22,480 So Jim calls me, but it's not really Jim, right? 288 00:16:22,480 --> 00:16:24,800 It's bizarro Jim. We'll call him. 289 00:16:26,200 --> 00:16:30,240 How does Ato protect work? So I, I go to the website and 290 00:16:30,240 --> 00:16:32,080 then what? Take me step by step because I 291 00:16:32,080 --> 00:16:34,240 think that'll help maybe make it a little bit clearer as to what 292 00:16:34,240 --> 00:16:36,480 we're going to get into next. Cool. 293 00:16:37,080 --> 00:16:39,920 I'll, I'll start by saying for those of you who will stick 294 00:16:39,920 --> 00:16:43,200 around until the end of this episode, there is a page that 295 00:16:43,200 --> 00:16:46,640 the Jeff and Jim were very kind to record me show how this 296 00:16:46,640 --> 00:16:48,440 works. So if it interests you after 297 00:16:48,440 --> 00:16:52,360 you're done with your job, there is a video that you can go watch 298 00:16:52,360 --> 00:16:54,080 all this. I'll try to describe it 299 00:16:54,080 --> 00:16:58,880 verbally. Let's call the actors by their 300 00:16:58,880 --> 00:17:00,800 name. Jeff, you would be the agent 301 00:17:00,800 --> 00:17:03,880 like the IT help desk agent and Jim will be the caller. 302 00:17:04,440 --> 00:17:07,720 And of course you can replace IT help desk with HR department, 303 00:17:07,720 --> 00:17:10,000 finance department, whoever gets the call. 304 00:17:11,000 --> 00:17:13,680 The way it works is this. There are two modalities. 305 00:17:13,680 --> 00:17:16,480 One of them when there is a human taking call, that is the 306 00:17:16,480 --> 00:17:19,200 most common thing we do. The other modality is when 307 00:17:19,200 --> 00:17:21,680 there's self-service. You call an IVR or you go to a 308 00:17:21,680 --> 00:17:24,760 web page and you say I need to change my password. 309 00:17:24,760 --> 00:17:27,599 We can do exactly the same thing without a call. 310 00:17:28,880 --> 00:17:34,320 When I call or Jim calls you rather, Jeff, you will tell them 311 00:17:34,320 --> 00:17:38,240 first, please get your ID ready, literally just like if you were 312 00:17:38,240 --> 00:17:41,960 stopped by a policeman and say, OK, show me your driver license 313 00:17:41,960 --> 00:17:45,600 and you know, insurance. We believe that in most 314 00:17:45,600 --> 00:17:49,080 countries that need to do this, you have access to your ID even 315 00:17:49,080 --> 00:17:51,360 though you might not carry it like in the United States, but 316 00:17:51,360 --> 00:17:55,960 you have access to it when you need to do something risky or if 317 00:17:55,960 --> 00:17:58,280 you're traveling, you should have your passport or something 318 00:17:58,280 --> 00:18:00,360 else. You've shown the border control, 319 00:18:00,360 --> 00:18:02,000 so you should have something like that. 320 00:18:03,000 --> 00:18:06,160 The second thing is you would tell the caller that none of 321 00:18:06,160 --> 00:18:09,560 this data will be stored. Pretty important because we 322 00:18:09,560 --> 00:18:11,160 don't want to become part of the problem. 323 00:18:12,200 --> 00:18:14,640 And the third thing is you'll ask the caller how would you 324 00:18:14,640 --> 00:18:17,360 like to get this URL? That will help you with your 325 00:18:17,400 --> 00:18:19,680 mobile browser begin the journey. 326 00:18:20,680 --> 00:18:23,720 You can ask why. Why reduce it all to a URL? 327 00:18:23,960 --> 00:18:26,080 I'll go back to what I said 5 minutes ago. 328 00:18:26,400 --> 00:18:29,240 If you're on a vacation somewhere in the world and your 329 00:18:29,240 --> 00:18:33,240 phone drowned in the ocean, what we can expect you to have is a 330 00:18:33,240 --> 00:18:36,920 new phone out-of-the-box with Wi-Fi connected to it. 331 00:18:37,680 --> 00:18:42,000 And if you can get an e-mail to it or a URL to it, you should be 332 00:18:42,000 --> 00:18:46,360 able to do this. It is specifically designed to 333 00:18:46,360 --> 00:18:49,840 have the minimum viable technical know how or ability 334 00:18:50,120 --> 00:18:53,600 because if I'll require you to log into our network to do this, 335 00:18:54,000 --> 00:18:56,360 it's a catch 22. You don't have the very thing 336 00:18:56,360 --> 00:18:58,880 you need to get it and that is what causes the issue to begin 337 00:18:58,880 --> 00:19:01,720 with. So you would ask me, do I want 338 00:19:01,720 --> 00:19:05,520 to get an SMS, an e-mail or literally just like in a video 339 00:19:05,520 --> 00:19:08,600 call like this? You can paste the link into chat 340 00:19:09,000 --> 00:19:12,560 or if there is a video call you can show me AQR code that I will 341 00:19:12,560 --> 00:19:16,240 scan with any camera and essentially bring the caller, 342 00:19:16,400 --> 00:19:19,520 Jim in this example to a page that will allow him to 343 00:19:19,520 --> 00:19:23,000 self-service himself. Scan the document. 344 00:19:23,000 --> 00:19:26,760 What your Sona will do there is verify, for example, if you sent 345 00:19:26,760 --> 00:19:29,480 him a text that the phone has not recently since swapped. 346 00:19:30,160 --> 00:19:33,160 If you sent him a text that he is really the owner of this 347 00:19:33,160 --> 00:19:35,120 number and not just lying to you about it. 348 00:19:35,600 --> 00:19:38,200 When they scanned their document, we would go to 349 00:19:38,320 --> 00:19:42,680 numerous authoritative databases such as in the United States. 350 00:19:42,680 --> 00:19:47,080 We can ping the DMVS to ask did you issue this document as 351 00:19:47,080 --> 00:19:51,600 opposed to is the font looking good or is the template correct? 352 00:19:52,480 --> 00:19:54,800 I'll state the obvious. I'm sorry for everybody who 353 00:19:54,800 --> 00:19:59,280 might get hurt, but Jenny I deepfake have robbed us as an 354 00:19:59,280 --> 00:20:03,160 industry from the ability to look at documents and say oh 355 00:20:03,160 --> 00:20:06,040 this looks fishy now. When I used to be the head of 356 00:20:06,040 --> 00:20:09,400 Frisk in the large credit card company, I relied on this tool. 357 00:20:10,920 --> 00:20:15,160 But that was a world before chat GPD and before mid journey. 358 00:20:16,600 --> 00:20:20,760 Today I can mimic your voice, your video image to that effect 359 00:20:20,800 --> 00:20:25,440 that unfortunately it is not simple for AI to detect it and 360 00:20:25,440 --> 00:20:27,320 definitely not for the human eye. 361 00:20:27,880 --> 00:20:29,920 That was Orion, just so you know, I'm starting to get the 362 00:20:29,920 --> 00:20:33,000 hang of this. So all this to say, Jeff and 363 00:20:33,000 --> 00:20:38,800 Jim, when a call comes in, you ask the person to get ready to 364 00:20:38,840 --> 00:20:43,000 identify themselves and you simply share with them a URL. 365 00:20:43,280 --> 00:20:47,640 And from there on, the tool does what it does, including checking 366 00:20:48,120 --> 00:20:50,520 if the link has been forwarded. But I'll pause here. 367 00:20:50,520 --> 00:20:53,800 We'll get into that later on because that's another MO of the 368 00:20:53,800 --> 00:20:55,720 bad guy, which is man in the middle attacks. 369 00:20:56,760 --> 00:21:00,520 So when I log into this thing, I, I have two options, right? 370 00:21:00,560 --> 00:21:03,280 Or a couple options I could say. So I can send it, SMSI can send 371 00:21:03,280 --> 00:21:05,920 an e-mail, I can send a link. What are the IDs that work? 372 00:21:05,920 --> 00:21:08,760 Because I see options here for driver's license and for 373 00:21:08,760 --> 00:21:11,200 passport. So I think that covers most 374 00:21:11,200 --> 00:21:13,120 government documents. And then what you're doing 375 00:21:13,120 --> 00:21:15,240 behind the scenes, as I understand, is you're querying 376 00:21:15,360 --> 00:21:18,960 DMVS in the United States or other, you know, I guess 377 00:21:19,280 --> 00:21:21,600 registries of that sort of data around the world. 378 00:21:22,000 --> 00:21:24,560 What are the limitations when it comes to driver's license and 379 00:21:24,560 --> 00:21:25,880 passport? Like where? 380 00:21:26,920 --> 00:21:28,720 What doesn't work? Yes. 381 00:21:28,760 --> 00:21:33,840 So if after this podcast you will take our challenge which 382 00:21:33,840 --> 00:21:37,400 again we will unveil at the end of going to try that trusona.com 383 00:21:37,400 --> 00:21:44,400 or trusona.com/identity at the center IDAC, we will invite you 384 00:21:44,400 --> 00:21:46,400 to play with the demo. The demo has the following 385 00:21:46,400 --> 00:21:48,720 options. A driver license in the US and 386 00:21:48,720 --> 00:21:52,360 Canada, a passport from any country in the world. 387 00:21:52,360 --> 00:21:55,760 So that covers every country. And then a few documents from 388 00:21:55,760 --> 00:21:58,400 India, that is what we give people to play with for free 389 00:21:58,400 --> 00:22:00,600 because those are the most common in the UK. 390 00:22:00,600 --> 00:22:04,920 Driver license we have that. We have 2500 additional 391 00:22:04,920 --> 00:22:06,920 documents from many different countries. 392 00:22:06,920 --> 00:22:08,840 So Philippines, China, Costa Rica. 393 00:22:09,200 --> 00:22:13,000 We just don't put it in the default demo because then the 394 00:22:13,000 --> 00:22:15,160 combo box will just be, you know, endless. 395 00:22:15,560 --> 00:22:18,920 We have customers who are using up to 20 countries at the same 396 00:22:18,920 --> 00:22:22,120 time. The question is, Jeff, not where 397 00:22:22,120 --> 00:22:25,320 we can scan a document that we can do in any country because 398 00:22:25,320 --> 00:22:27,040 passwords by design are in any country. 399 00:22:27,600 --> 00:22:31,320 The question is, where can you verify that this is legit? 400 00:22:31,320 --> 00:22:35,320 So I'll go slow. Let's take the United States, 401 00:22:35,320 --> 00:22:37,440 which is the best country to do this in. 402 00:22:37,720 --> 00:22:40,000 It is still not perfect. Why? 403 00:22:41,000 --> 00:22:44,320 For all kinds of reasons, states like California and New York 404 00:22:44,640 --> 00:22:49,880 have decided not to allow vendors like Trisona to ping 405 00:22:49,880 --> 00:22:54,320 them and verify identities. They allow the Social Security 406 00:22:54,320 --> 00:22:57,520 Administration to do it. So the data is there, but they 407 00:22:57,520 --> 00:22:59,280 don't allow it for commercial use. 408 00:22:59,400 --> 00:23:03,800 So in the United States, we can verify literally with the, with 409 00:23:03,800 --> 00:23:07,760 the authoritative data sources, about 80% of the population. 410 00:23:07,960 --> 00:23:11,440 Pretty good what we do for the other 20. 411 00:23:11,440 --> 00:23:14,560 So if you do come to us with a driver license from California, 412 00:23:15,240 --> 00:23:18,600 we triangulate it differently. We still scan the document 413 00:23:18,600 --> 00:23:23,040 because it's hard to mimic the PDF 417. 414 00:23:23,040 --> 00:23:27,560 And for the uninitiated it is the 2D barcode on the back of 415 00:23:27,560 --> 00:23:30,800 your driver license that has a machine readable payload. 416 00:23:31,760 --> 00:23:35,200 And instead of asking the California DMV, hey did you 417 00:23:35,200 --> 00:23:36,680 issue this? Is this real? 418 00:23:37,200 --> 00:23:39,960 We would ask you for your mobile number and then ask the 419 00:23:39,960 --> 00:23:43,960 telephone company. Is this identity of Jim Stedman 420 00:23:43,960 --> 00:23:47,640 with this date of birth and address matching whoever owns 421 00:23:47,640 --> 00:23:50,000 this phone? So we're replacing the 422 00:23:50,000 --> 00:23:53,240 authoritative source with the next best thing. 423 00:23:53,240 --> 00:23:57,320 In India or the UK. We replace the DMV with 424 00:23:57,480 --> 00:24:00,560 LexisNexis with one of our data providers. 425 00:24:00,560 --> 00:24:03,720 And of course, we can add more. In India, you can go to some 426 00:24:03,720 --> 00:24:06,560 government databases. In Costa Rica you can query the 427 00:24:06,560 --> 00:24:08,840 voter ID database. There are different 428 00:24:08,840 --> 00:24:13,080 configurations. The key is that you will not be 429 00:24:13,080 --> 00:24:14,560 blind. Meaning what? 430 00:24:14,880 --> 00:24:18,760 When Jim calls you today before you have Ato protect, he can 431 00:24:18,760 --> 00:24:21,960 just social engineer you and tell you I am who I say I am 432 00:24:22,560 --> 00:24:26,920 because you have no semblance of control as to is he telling me 433 00:24:26,920 --> 00:24:29,920 the truth. But when you start scanning 434 00:24:29,920 --> 00:24:32,600 documents and you have the triangulation and then we have 435 00:24:32,600 --> 00:24:36,320 the device information telling us what time zone this device is 436 00:24:36,320 --> 00:24:39,760 configured in, and I can ask Jim to click on a button we added 437 00:24:39,760 --> 00:24:42,200 that gives his GPS location with permission. 438 00:24:42,840 --> 00:24:47,080 All these pixels create a picture of is it likely to be 439 00:24:47,080 --> 00:24:51,320 Jim at his house begging me to get him in, or it's somebody all 440 00:24:51,320 --> 00:24:55,160 over the world who's just trying to masquerade who they really 441 00:24:55,160 --> 00:24:57,840 are. So I see as an admin or whoever 442 00:24:57,840 --> 00:25:00,600 logged into this, I see a bunch of these pieces of information. 443 00:25:00,600 --> 00:25:03,040 The goal here is to give me enough pieces of information to 444 00:25:03,040 --> 00:25:08,560 say, do I think this is really Ori or Jim calling versus maybe 445 00:25:08,560 --> 00:25:10,480 someone else? And so as I have these 446 00:25:10,480 --> 00:25:11,960 combinations of pieces of data, right? 447 00:25:12,000 --> 00:25:14,720 So I'm looking at the screen right now and it's, you know, 448 00:25:14,720 --> 00:25:18,080 the IP address, the country, the IP region, you know, the 449 00:25:18,080 --> 00:25:20,080 browser. But in addition to that, I see 450 00:25:20,400 --> 00:25:24,040 literally a map that shows me where things are coming from. 451 00:25:24,520 --> 00:25:28,880 And then I see, you know, different parts of the data that 452 00:25:28,880 --> 00:25:33,120 you've checked from either DMV or LexisNexis or even the MVO, 453 00:25:33,120 --> 00:25:35,400 the mobile network operator, right, MMVO. 454 00:25:36,640 --> 00:25:39,760 So all of this combined kind of gives me a picture to say, oh, 455 00:25:39,760 --> 00:25:44,720 OK, I have pretty reasonable assurance based on this that I 456 00:25:44,720 --> 00:25:48,240 have the right person on the phone that I'm transacting in a 457 00:25:48,560 --> 00:25:52,400 relatively secure way. The man in the middle, if I was 458 00:25:52,480 --> 00:25:55,640 outside of that. So let's say I, you know, did 459 00:25:55,640 --> 00:25:58,120 something and I am got two people on the phone. 460 00:25:58,120 --> 00:26:00,080 We're going to try and trick Ori out of his money. 461 00:26:00,520 --> 00:26:02,800 You know, I call Ori up and I say, hey, I'm the help desk. 462 00:26:02,800 --> 00:26:06,240 And then maybe Jim's got something else on the line and 463 00:26:06,240 --> 00:26:08,000 I'm just like, give me the code, right? 464 00:26:08,000 --> 00:26:09,840 That I'm going to send you 'cause this is the common way 465 00:26:09,840 --> 00:26:12,760 they do it is they say I'm going to send you a code and then you 466 00:26:12,760 --> 00:26:15,080 read the code. And then despite every single 467 00:26:15,080 --> 00:26:18,160 SMS and vendor out there saying we will never ask if your code, 468 00:26:18,160 --> 00:26:21,040 what do people do? They read the code to the person 469 00:26:21,040 --> 00:26:22,760 that's going to, you know, take their money. 470 00:26:23,240 --> 00:26:27,200 So when I read that code in now, it's coming in from a different 471 00:26:27,200 --> 00:26:30,160 IP source, right? Or a different Geo location. 472 00:26:30,160 --> 00:26:33,120 And so I see this on the map and this is something again, 473 00:26:33,400 --> 00:26:37,400 trisona.com/idac, go watch the demo there that I see that 474 00:26:37,400 --> 00:26:41,200 information and now I can start to raise some reasonable doubt 475 00:26:41,480 --> 00:26:44,120 around whether this is legitimate or not. 476 00:26:44,200 --> 00:26:47,560 Is that a fairway to put this? It's absolutely a fairway. 477 00:26:47,560 --> 00:26:52,720 I'll give you 2 more anecdotes. 1 is iPhones use what's called 478 00:26:52,720 --> 00:26:55,080 private relay. It's a type of AVPN. 479 00:26:55,640 --> 00:26:58,400 And even though Jim called you and say, hey, I'm at my house, 480 00:26:58,400 --> 00:27:00,480 his phone will tell you he's not at his house. 481 00:27:01,160 --> 00:27:05,240 So for cases like that, even though the IP, you know, a la 482 00:27:05,240 --> 00:27:09,120 carte would not reveal the truth, you can ask Jim to click 483 00:27:09,120 --> 00:27:11,480 on this extra button with permission to say, hey, tell me 484 00:27:11,480 --> 00:27:15,040 where your phone really is. And then if that is within 100 485 00:27:15,040 --> 00:27:18,320 feet of where the driver license of your home address is, let me 486 00:27:18,320 --> 00:27:21,400 tell you, Jeff, he is at his house because you can't be 487 00:27:21,600 --> 00:27:26,680 elsewhere doing this. The second is the man in the 488 00:27:26,680 --> 00:27:30,920 middle works when people get the payload, let's just say from the 489 00:27:30,920 --> 00:27:33,960 bank and they cannot respond to it because they're not the real 490 00:27:33,960 --> 00:27:36,560 customer. Now, they put the bank on hold. 491 00:27:36,560 --> 00:27:39,400 Let me give you the most common. I use that in the demo. 492 00:27:39,400 --> 00:27:41,600 The most common excuses we hear on calls. 493 00:27:42,000 --> 00:27:44,720 My baby is crying. I, I, I, I'll be back. 494 00:27:44,960 --> 00:27:47,600 My dog is barking like always play something else. 495 00:27:47,920 --> 00:27:50,360 And the latest one is Amazon is knocking at my door. 496 00:27:50,360 --> 00:27:53,480 I'll be right back. But all these are just excuses 497 00:27:53,480 --> 00:27:58,280 to put the call on mute so the bank or the IT help desk doesn't 498 00:27:58,280 --> 00:28:01,240 hear that you are now puppeteering someone else. 499 00:28:01,720 --> 00:28:04,160 And you basically call the victim and say hi, I'm calling 500 00:28:04,160 --> 00:28:06,440 you from the bank. We think there's fraud in your 501 00:28:06,440 --> 00:28:08,960 account. I'm going to forward you this 502 00:28:08,960 --> 00:28:11,840 link that you got. It's just that you can't act on 503 00:28:11,840 --> 00:28:13,520 it. Could you please load it in your 504 00:28:13,520 --> 00:28:16,840 browser and scan your ID? Because then I will know it's 505 00:28:16,840 --> 00:28:19,280 you and Wilkin and the people are freaking out. 506 00:28:19,280 --> 00:28:22,080 The bank is calling them. Sounds really serious. 507 00:28:22,400 --> 00:28:24,120 You don't even know you're being puppeteered. 508 00:28:24,760 --> 00:28:28,640 So what our tool does based on knowing how the bad guys operate 509 00:28:28,640 --> 00:28:32,080 is it takes a fingerprint every time the link is loaded. 510 00:28:32,800 --> 00:28:36,160 And then you, even though you're on mute because the person gave 511 00:28:36,160 --> 00:28:39,440 you and you see on the map all these different houses, holds 512 00:28:39,440 --> 00:28:42,880 and devices pop up. You say, OK, I know one thing 513 00:28:42,880 --> 00:28:44,920 for sure. I'm not talking to Jim McDonald 514 00:28:44,920 --> 00:28:47,760 on his own. There's he, he is not in five 515 00:28:47,760 --> 00:28:50,320 different location. There is quantum stuff happening 516 00:28:50,320 --> 00:28:52,000 in entanglement, but this ain't it. 517 00:28:54,280 --> 00:28:58,000 Not yet anyway. And and so this is the part that 518 00:28:58,000 --> 00:29:01,160 kind of really kind of sold it for me as I kind of looked at it 519 00:29:01,160 --> 00:29:05,320 was, OK, I'm looking and this is not this is naughty, you know, 520 00:29:05,320 --> 00:29:08,000 very hard thing to do for me as an admin. 521 00:29:08,160 --> 00:29:10,960 I see it as very easy. It's showing me literally a map. 522 00:29:10,960 --> 00:29:14,040 And when we tested this out the other day, you know, we had your 523 00:29:14,040 --> 00:29:15,880 information and you were kind enough to kind of go through US 524 00:29:15,880 --> 00:29:17,440 with us. And that's where that demo is, 525 00:29:17,720 --> 00:29:21,080 is we see your information. And then we had OK, well, Jim, 526 00:29:21,080 --> 00:29:22,920 go ahead and click, you know the link again. 527 00:29:22,920 --> 00:29:25,680 And all of a sudden across the world, right, the map zooms out 528 00:29:25,680 --> 00:29:27,080 and says, OK, well, wait a second. 529 00:29:27,080 --> 00:29:30,920 Why is why did we start in Arizona and then end up in South 530 00:29:30,920 --> 00:29:32,920 Dakota? Well, that's, that's a flag 531 00:29:32,920 --> 00:29:34,640 right there. And so I think this kind of 532 00:29:34,640 --> 00:29:36,480 brings home a little bit some of that man in the middle because 533 00:29:36,480 --> 00:29:39,080 we thought of ways. OK, well, and, and, or you were 534 00:29:39,080 --> 00:29:40,440 very gracious, like try and break it. 535 00:29:40,680 --> 00:29:42,440 Like, OK, well, let me think of ways to do it. 536 00:29:42,440 --> 00:29:44,320 Now, I'm not a professional penetration tester. 537 00:29:44,320 --> 00:29:46,840 So that's where we'll talk about maybe later. 538 00:29:46,840 --> 00:29:49,040 People can kind of, you know, help with that. 539 00:29:49,040 --> 00:29:52,840 But the first thing I thought it was, OK, well, what happens if I 540 00:29:52,840 --> 00:29:54,840 intercept the man in the middle type of thing, right? 541 00:29:54,840 --> 00:29:58,280 E-mail, text, whatever may be another one was OK, well, the 542 00:29:58,280 --> 00:30:01,000 whole liveness check, right? There's been, well, I can just 543 00:30:01,000 --> 00:30:02,640 hold my picture to my camera, right? 544 00:30:02,640 --> 00:30:05,480 And it will do that. Well, if you blink, that must be 545 00:30:05,480 --> 00:30:07,840 enough liveness. OK, well, that's not, you know, 546 00:30:07,840 --> 00:30:09,600 good enough. And so now we're saying, OK, 547 00:30:09,840 --> 00:30:12,600 you're scanning the document. You're saying, OK, you're 548 00:30:12,600 --> 00:30:14,840 checking it against known sources of good information. 549 00:30:14,840 --> 00:30:17,720 You're combining pieces of information from multiple 550 00:30:17,720 --> 00:30:20,960 sources. So if I were to tamper with one, 551 00:30:21,440 --> 00:30:24,360 the odds of being able to do both become less and less. 552 00:30:24,360 --> 00:30:28,320 Now they're never 0, right? And without being suspected as 553 00:30:28,320 --> 00:30:32,800 SIM swapping, yes, let me reverse it and tell you, here's 554 00:30:32,800 --> 00:30:35,040 how you can beat it. Like, let me give all the 555 00:30:35,040 --> 00:30:38,000 listeners the recipe just so you understand what your task is. 556 00:30:38,360 --> 00:30:40,080 And then you'll see how monumental it is. 557 00:30:41,280 --> 00:30:43,480 You'll hear at the end of this podcast that we're going to give 558 00:30:43,480 --> 00:30:48,320 you a challenge hack the box. And it's a very simple ask. 559 00:30:48,440 --> 00:30:51,320 You need to log into our tool, play with it. 560 00:30:52,080 --> 00:30:55,840 And if the tool will say that it is me, meaning you can scan a 561 00:30:55,840 --> 00:30:58,640 document that would pass all the checks with the DMV to say, 562 00:30:58,640 --> 00:31:02,760 yeah, yeah, this is Ori's real driver license and you will not 563 00:31:02,760 --> 00:31:06,720 trip a we just SIM swapped his phone and my telephone company 564 00:31:06,720 --> 00:31:10,400 will say that this if it all matches and there is no SIM swap 565 00:31:10,400 --> 00:31:12,920 and no man in the middle, you have beaten it. 566 00:31:13,200 --> 00:31:15,000 OK. And we can talk about how to 567 00:31:15,000 --> 00:31:19,600 claim your prize. What you can't do easily, Jeff 568 00:31:19,600 --> 00:31:22,800 and Jim, is plant records in official databases. 569 00:31:23,440 --> 00:31:26,400 You can clone my ID. You can do that if you know what 570 00:31:26,400 --> 00:31:28,800 to do because my record is there. 571 00:31:29,640 --> 00:31:33,320 Who have to be able to do it in a way that is not caught. 572 00:31:33,880 --> 00:31:37,200 This is really the hurdle. The next level is exactly what 573 00:31:37,200 --> 00:31:39,840 you said is how do I do it without SIM swapping or man in 574 00:31:39,840 --> 00:31:42,600 the middle, which really are trying to puppeteer somebody 575 00:31:42,600 --> 00:31:44,480 with social engineering to do it for me. 576 00:31:45,120 --> 00:31:47,920 And the last leg of the stool is this. 577 00:31:48,520 --> 00:31:52,400 There is 5% of the listeners who at this point are thinking a 578 00:31:52,400 --> 00:31:54,200 thought. So let me just tell you what 579 00:31:54,200 --> 00:31:55,680 they're thinking. Wait a second. 580 00:31:55,880 --> 00:31:59,040 I know how to break this. Didn't you say that you need to 581 00:31:59,040 --> 00:32:01,960 send the link and then I will see that multiple people. 582 00:32:01,960 --> 00:32:03,840 Yeah, I'm. I'm revealing to you a method. 583 00:32:04,320 --> 00:32:05,840 But here's what I'm not going to reveal. 584 00:32:05,840 --> 00:32:07,280 Just so you know, we thought about it. 585 00:32:07,400 --> 00:32:09,800 And you will only learn about this if you're a customer in our 586 00:32:09,800 --> 00:32:11,920 training. What happens if the bad guy 587 00:32:11,920 --> 00:32:15,160 doesn't click the link and only send it to you? 588 00:32:15,520 --> 00:32:17,680 I just say the words. So you know, we thought about 589 00:32:17,680 --> 00:32:19,960 it. Yo did you did not find the 590 00:32:19,960 --> 00:32:21,400 gaping hole? Not yet. 591 00:32:22,200 --> 00:32:24,920 But that we only train customers because we do want to stay in 592 00:32:24,920 --> 00:32:26,960 business. Or you can just tell Jeff and I 593 00:32:26,960 --> 00:32:30,160 that way we can go ahead and steal your idea. 594 00:32:30,520 --> 00:32:35,800 And I mean, I think this is a genius because I think the 595 00:32:35,800 --> 00:32:41,040 industry's answer for identity verification is the document 596 00:32:41,720 --> 00:32:44,440 verification, the liveness testing. 597 00:32:44,440 --> 00:32:49,640 And I mean, that's built into your product, but it's more than 598 00:32:49,640 --> 00:32:52,480 that, right? Just stay in the geolocation 599 00:32:52,560 --> 00:32:55,600 angle as well. So there's two forms of 600 00:32:55,600 --> 00:32:59,120 assurance that go into kind of this risk modelling. 601 00:32:59,760 --> 00:33:05,560 Yeah, we, we think about it as 5 disparate sets of signals. 602 00:33:05,840 --> 00:33:08,560 Some of them come from the device itself, Jim. 603 00:33:09,000 --> 00:33:11,840 So your browser can tell me what language it's configured in. 604 00:33:11,840 --> 00:33:14,720 And if it says Russian, you can tell me all day long that you 605 00:33:14,720 --> 00:33:17,880 live not there, right? So that's one set of signals. 606 00:33:18,240 --> 00:33:21,800 The second is, as you said, from the scan of the document itself. 607 00:33:22,840 --> 00:33:24,960 The third is from the data verifiers. 608 00:33:24,960 --> 00:33:28,960 So even if you fake the document pretty good visually, the 609 00:33:28,960 --> 00:33:32,040 verifier will say, well, I don't have this document in my records 610 00:33:32,040 --> 00:33:33,680 because it's a synthetic identity. 611 00:33:34,800 --> 00:33:37,800 The third will be all the man in the middle detection to know, 612 00:33:37,920 --> 00:33:42,040 did you forward something else? And the 5th, I know we didn't 613 00:33:42,040 --> 00:33:44,360 talk about it much, but it's what we said before. 614 00:33:44,360 --> 00:33:47,760 How would you know if somebody's calling your employee and tell 615 00:33:47,760 --> 00:33:50,320 them, hey, I'm calling you from ITI need you to do something. 616 00:33:50,800 --> 00:33:55,920 So that is again another module in the Ato Protect suite that 617 00:33:55,920 --> 00:33:59,440 companies can advertise either to their customers or to their 618 00:33:59,440 --> 00:34:03,440 employees on an intranet and say, if ever you get a call from 619 00:34:03,440 --> 00:34:07,160 us, this is how you would know it's really coming from the 620 00:34:07,160 --> 00:34:09,719 company as opposed to believing somebody who's done social 621 00:34:09,719 --> 00:34:11,719 engineering. I'll talk us through that 622 00:34:11,719 --> 00:34:14,480 because that's actually something that was on my mind. 623 00:34:14,880 --> 00:34:18,639 I had my bank, I know we're talking about the workforce 624 00:34:18,639 --> 00:34:21,719 example, but I had my bank call me the other day and they kind 625 00:34:21,719 --> 00:34:24,880 of wanted to jump right into the details of them. 626 00:34:25,280 --> 00:34:27,600 I. I believe it was them because I 627 00:34:27,880 --> 00:34:29,760 was just interacting with them, right? 628 00:34:30,120 --> 00:34:34,239 But the scenario was they called me, so it could have been 629 00:34:34,239 --> 00:34:38,600 anybody calling me. Imagine if someone calls you Ori 630 00:34:38,600 --> 00:34:41,679 and says, you know, I'm calling from the help desk and you're 631 00:34:41,679 --> 00:34:44,960 like, OK, that that is my company's help desk now. 632 00:34:45,520 --> 00:34:49,000 And they start asking you for information. 633 00:34:49,639 --> 00:34:54,440 I mean, how can you how how as the person who received that 634 00:34:54,440 --> 00:35:00,960 call use your product to verify that you know this legit? 635 00:35:01,600 --> 00:35:03,840 Yep. I'll, I'll take a second to give 636 00:35:03,840 --> 00:35:07,480 some kudos to our we call them the ninjas at Trusonas. 637 00:35:07,480 --> 00:35:10,480 Those are the engineers that sit with me and the product 638 00:35:10,480 --> 00:35:14,480 management team and say, listen, the problem is thus how do you 639 00:35:14,480 --> 00:35:16,280 solve it? I'll be honest with you. 640 00:35:16,280 --> 00:35:18,320 I've been in this industry for 24 years. 641 00:35:19,040 --> 00:35:21,080 I did not think there's a solution to this. 642 00:35:21,080 --> 00:35:23,040 I honestly did not. Actually, I didn't even spend 643 00:35:23,040 --> 00:35:26,320 time figuring this out because it seems so well, how could you? 644 00:35:27,480 --> 00:35:29,480 Thank God we thought of something. 645 00:35:29,480 --> 00:35:32,080 It's now patent pending, so I can talk about it freely. 646 00:35:32,720 --> 00:35:35,760 If you'll have time to see the demo, we're demonstrating it 647 00:35:35,760 --> 00:35:39,240 there. But it works like this, Jim, if 648 00:35:39,240 --> 00:35:42,720 you went to the trusona.com website right now and scrolled 649 00:35:42,720 --> 00:35:45,480 all the way to the bottom of it, on the right hand side, there's 650 00:35:45,480 --> 00:35:49,360 a link called Agent Verify. And we would recommend companies 651 00:35:49,360 --> 00:35:53,120 that have consumers and employees have a similar link on 652 00:35:53,120 --> 00:35:56,800 their homepage so everybody knows it's there, both the bad 653 00:35:56,800 --> 00:36:00,760 guys and the good guys. And the law or the rule would be 654 00:36:00,760 --> 00:36:02,440 simple. If you get a phone call that 655 00:36:02,440 --> 00:36:05,720 claims to be from the company, whether you're working here or 656 00:36:05,720 --> 00:36:09,120 you're a customer, go there, click it and ask the person on 657 00:36:09,120 --> 00:36:12,200 the phone for a simple thing. Give me your agent verify code. 658 00:36:13,000 --> 00:36:16,320 If truly they are calling you from the company, our tool will 659 00:36:16,320 --> 00:36:19,400 give him a six digit code that is a one time thing. 660 00:36:19,400 --> 00:36:22,240 And then they can see I am talking to Jeff. 661 00:36:23,160 --> 00:36:25,600 And after that this code will not work again. 662 00:36:26,360 --> 00:36:30,280 And it's the first time that we can give a simple instruction 663 00:36:30,880 --> 00:36:34,560 without any technical know how or buying something for the 664 00:36:34,560 --> 00:36:37,720 consumer to do that. You have a tool to fight this. 665 00:36:38,840 --> 00:36:40,800 And unfortunately this is the only thing we know of. 666 00:36:40,800 --> 00:36:44,840 Everybody else who buys this and understand how it works knows 667 00:36:45,080 --> 00:36:46,880 that my employee can forget to do it. 668 00:36:47,360 --> 00:36:51,120 I, I will tell you that as well. My mom may not remember to go do 669 00:36:51,120 --> 00:36:52,200 it. I get that. 670 00:36:52,720 --> 00:36:57,560 But at least now you have a way to prove to somebody that you're 671 00:36:57,560 --> 00:37:01,040 calling them, especially if you have a personal banker that 672 00:37:01,040 --> 00:37:03,680 wants to help you with a wire and they are calling to help 673 00:37:03,680 --> 00:37:06,800 you, but at the same time, they need to identify themselves. 674 00:37:08,000 --> 00:37:12,000 If IT wants to call you and help you while you're stuck, you want 675 00:37:12,000 --> 00:37:14,600 to get that help, but you also want to make sure that it is 676 00:37:14,600 --> 00:37:18,640 really them calling you. So this will be the way to prove 677 00:37:18,640 --> 00:37:21,920 to both sides that you're talking to the right person with 678 00:37:21,920 --> 00:37:25,920 this feature that is included in the umbrella of Ato Protect. 679 00:37:26,200 --> 00:37:30,000 Oh, it's really great actually how to quit. 680 00:37:30,000 --> 00:37:35,000 You brought up that topic and I did have a follow up there, but 681 00:37:35,000 --> 00:37:39,720 you when you're talking earlier about the geolocation, I wanted 682 00:37:39,720 --> 00:37:43,720 to get this question in. So if somebody is say the 683 00:37:43,720 --> 00:37:48,880 hacker, the man in the middle is using VPN software, do you 684 00:37:48,880 --> 00:37:51,960 accommodate for that? Yeah, I, I mean, Ori, what I 685 00:37:51,960 --> 00:37:57,160 think is cool was like coming into this session, you said 686 00:37:58,640 --> 00:38:02,400 throw away the script, go ahead and like try to stump me. 687 00:38:02,760 --> 00:38:09,440 This is my attempt, you know now like I I'm not based on my I 688 00:38:09,440 --> 00:38:14,680 could be calling you from Russia using AVPN voice over IP. 689 00:38:15,440 --> 00:38:17,560 How did your software stop that? Great. 690 00:38:17,680 --> 00:38:24,000 So you can't stop somebody from using AVPN, but we do help you 691 00:38:24,000 --> 00:38:25,960 uncover it and solve it two ways. 692 00:38:25,960 --> 00:38:29,400 One of them, we have a list of VPNs, either they're, they're 693 00:38:29,400 --> 00:38:32,760 beautiful ones from Apple. There's AIP range that you can 694 00:38:32,760 --> 00:38:36,200 say, OK, you're using iCloud relay and that's just a toggle. 695 00:38:36,760 --> 00:38:39,080 If it's one of your employees and you really wanted to know 696 00:38:39,080 --> 00:38:40,760 where they are, you just tell them, hey, can I give you 697 00:38:40,760 --> 00:38:43,800 instructions of how to turn it off momentarily because I want 698 00:38:43,800 --> 00:38:47,080 to make and no employee should argue about that because they 699 00:38:47,080 --> 00:38:48,920 really want to make sure the company's safe. 700 00:38:49,760 --> 00:38:52,960 The other one is AVPN, like a Nord VPN that you can come from 701 00:38:52,960 --> 00:38:56,640 any country in the world. But hear me out, Jim, if you 702 00:38:56,640 --> 00:39:00,920 wanted to get privileged access and you called in and says, hey, 703 00:39:00,920 --> 00:39:06,000 I'm working from our whatever office or from my home, once you 704 00:39:06,000 --> 00:39:08,760 scan your driver license, it has your home address. 705 00:39:09,360 --> 00:39:12,760 So if I now ask you to click on a reveal your GPS location and 706 00:39:12,760 --> 00:39:15,880 that is like 20 miles from that address, there's a problem. 707 00:39:16,600 --> 00:39:20,880 Our tool can show you those, the driver license address and the 708 00:39:20,880 --> 00:39:23,160 GPS within 100 feet of each other. 709 00:39:23,640 --> 00:39:26,440 And you have every reason to think that the person is there. 710 00:39:27,480 --> 00:39:29,360 I'll give you one more thing that we do. 711 00:39:29,480 --> 00:39:32,320 And again, not revealing any methods that will help the bad 712 00:39:32,320 --> 00:39:35,360 guys. Some companies are so large that 713 00:39:35,360 --> 00:39:38,960 they have 5 different IT help desks in different countries. 714 00:39:39,320 --> 00:39:44,240 So what do you do then? We allow them to associate the C 715 00:39:44,240 --> 00:39:48,680 blocks of those different areas so that you can tell, hey, this 716 00:39:48,680 --> 00:39:51,840 person was asking for help is coming from an internal IP 717 00:39:51,840 --> 00:39:55,320 address of the company, which again, would lower the guard, 718 00:39:55,320 --> 00:39:58,160 not completely, but give you reason to think that you're not 719 00:39:58,160 --> 00:40:00,720 talking to somebody who's just talking to you out of the blue. 720 00:40:01,720 --> 00:40:05,200 And lastly, if somebody at the company does use VPN because 721 00:40:05,200 --> 00:40:07,960 they want to stream some stuff, hey, we all do it, it's fine. 722 00:40:08,640 --> 00:40:11,320 You can simply tell them for this call, I'm asking to turn it 723 00:40:11,320 --> 00:40:13,080 off. And if they give you any 724 00:40:13,080 --> 00:40:16,840 resistance, that is immediate reason for you to pause and say, 725 00:40:16,840 --> 00:40:21,280 OK, I need to use more security on this call versus less. 726 00:40:21,440 --> 00:40:24,160 Because if somebody really works here and they don't want to 727 00:40:24,320 --> 00:40:27,520 masquerade at somebody else, there's no reason for them to 728 00:40:27,520 --> 00:40:30,640 not listen to your asks so that you can give them service. 729 00:40:32,880 --> 00:40:36,040 I think it's such a fascinating approach to this is you're 730 00:40:36,040 --> 00:40:37,960 collecting all these signals, you know, from all these 731 00:40:37,960 --> 00:40:40,040 different areas and kind of combining to it. 732 00:40:40,040 --> 00:40:42,800 You know, Jim and I have been consulting now together for 10 733 00:40:42,800 --> 00:40:45,080 years, him him much longer in his advanced age. 734 00:40:45,480 --> 00:40:48,920 But this is a question that, you know, has constantly come up is 735 00:40:48,920 --> 00:40:51,240 how do you validate people calling the help desk? 736 00:40:51,240 --> 00:40:55,680 And, you know, for the last eight years or so, there hasn't 737 00:40:55,680 --> 00:40:57,400 been really the last 10 years, there hasn't really been an 738 00:40:57,400 --> 00:40:58,880 answer. I remember being on these calls 739 00:40:58,880 --> 00:41:03,200 before as a help desk agent doing password resets and this 740 00:41:03,200 --> 00:41:05,240 is a very interesting solution. So I would definitely encourage 741 00:41:05,240 --> 00:41:08,720 people go check it out. trusoda.com/IDAC. 742 00:41:08,720 --> 00:41:11,360 There's a whole demo there. And you know, we're, we're, most 743 00:41:11,360 --> 00:41:12,800 of our listeners are listeners, right? 744 00:41:12,800 --> 00:41:14,920 They're, they're not seeing things happening and stuff like 745 00:41:14,920 --> 00:41:16,680 that. So we're trying to describe it 746 00:41:16,680 --> 00:41:20,120 as we go along, but it, it is a very, very cool solution. 747 00:41:20,480 --> 00:41:23,040 I want to kind of take us into the future here a little bit 748 00:41:23,040 --> 00:41:24,560 with a little bit of time that you've got left. 749 00:41:24,840 --> 00:41:28,240 What do you think is the next battleground when it comes to 750 00:41:29,080 --> 00:41:30,360 this type of thing? Right? 751 00:41:30,360 --> 00:41:32,840 Is it's it's really identity verification. 752 00:41:32,840 --> 00:41:36,640 It's how do I make sure this is really Ori and not, you know, 753 00:41:36,640 --> 00:41:40,360 the the Google VO2 or the meta. What do they call it? 754 00:41:40,360 --> 00:41:44,240 Emu model, right? Whatever AVAI thing that I can 755 00:41:44,240 --> 00:41:48,000 create that would say Oh yeah, that sure looks and sounds like 756 00:41:48,000 --> 00:41:49,840 Ori. Let me go ahead and do it for 757 00:41:49,840 --> 00:41:52,520 him and take care of his his account for him. 758 00:41:52,760 --> 00:41:53,920 What like what do you see as next? 759 00:41:53,920 --> 00:41:56,640 So. Jeff and Jim, I, I told you that 760 00:41:56,640 --> 00:42:00,040 I brought my special effects here just in case the 761 00:42:00,040 --> 00:42:02,960 opportunity will arise. So it is you just ask the 762 00:42:02,960 --> 00:42:05,640 question that merits this. So I'm going to have a 763 00:42:05,640 --> 00:42:08,680 contrarian view. It's, it's not fun news, but I 764 00:42:08,680 --> 00:42:11,080 will share it with your audience of what I think comes next. 765 00:42:11,080 --> 00:42:13,480 So unfortunately, it will begin with this sound. 766 00:42:17,760 --> 00:42:20,320 I'm happy that I'm at the end of my security career. 767 00:42:20,320 --> 00:42:21,800 That's the beginning of the answer. 768 00:42:23,640 --> 00:42:27,640 I have a son who's 22 years old, just finished computer science 769 00:42:27,640 --> 00:42:29,680 and forensic accounting. He's just getting into this 770 00:42:29,680 --> 00:42:34,800 world and I tell him I don't know how your generation will 771 00:42:34,800 --> 00:42:37,600 handle what comes next. And next is not 20 years. 772 00:42:37,960 --> 00:42:43,200 Next is 2 years, five years. Here's what I think would happen 773 00:42:43,200 --> 00:42:48,960 next. Video Gen. 774 00:42:48,960 --> 00:42:54,840 AI will become so good that for most people it will be 775 00:42:54,840 --> 00:42:57,080 indistinguishable from live video. 776 00:42:58,880 --> 00:43:02,520 That includes sound, which is very important for this topic 777 00:43:02,520 --> 00:43:05,920 today. Without mentioning company 778 00:43:05,920 --> 00:43:09,440 names, I can tell you I've listened to recordings of CEOs 779 00:43:09,440 --> 00:43:13,320 of company because they were interviewed on the TV being 780 00:43:13,320 --> 00:43:16,040 voice modulated. And now you can have this voice 781 00:43:16,040 --> 00:43:20,120 say anything you want, berating the IT help desk to reset the 782 00:43:20,120 --> 00:43:23,960 password. That will only get better with 783 00:43:23,960 --> 00:43:27,560 time, not worse. So you won't be able to trust 784 00:43:27,560 --> 00:43:29,800 your ears. You won't be able to trust your 785 00:43:29,800 --> 00:43:35,720 eyes, you won't be able to trust images that I show you because 786 00:43:36,160 --> 00:43:40,920 who knows? So it will again rob us as an 787 00:43:40,920 --> 00:43:44,600 industry from all those senses, if you want to think about it, 788 00:43:44,600 --> 00:43:51,120 that we had for so, so long. And the next thing again that 789 00:43:51,120 --> 00:43:54,760 that could come, I hope it won't is any breach of the 790 00:43:54,760 --> 00:43:57,640 authoritative data sources. So if you told me today, all the 791 00:43:57,920 --> 00:44:02,320 DM VS data has been spilled out. We are now going to be in a 792 00:44:02,720 --> 00:44:06,240 period of time of just not knowing blind, leave it leading 793 00:44:06,240 --> 00:44:09,960 the blind until it would be so bad that governments will say, 794 00:44:09,960 --> 00:44:13,120 OK, now we need the self sovereign identity and all the 795 00:44:13,120 --> 00:44:16,840 things that we're talking about in futuristic world. 796 00:44:17,680 --> 00:44:19,560 I believe we're not there for a simple reason. 797 00:44:19,560 --> 00:44:23,080 We did not experience enough pain as a society to say enough 798 00:44:23,080 --> 00:44:26,760 with this, we're doing it. Heck, 50 states in the United 799 00:44:26,760 --> 00:44:29,760 States cannot agree on what's secure between them. 800 00:44:29,760 --> 00:44:31,320 So what? What do you want the world to 801 00:44:31,320 --> 00:44:31,760 do? Right? 802 00:44:33,200 --> 00:44:37,360 I think we still have more time. We can still do some work, but 803 00:44:37,520 --> 00:44:43,840 AI will be the breaking weapon of the bad guys if they use it 804 00:44:44,080 --> 00:44:48,760 well, including writing emails and persuading people with, you 805 00:44:48,760 --> 00:44:52,360 know, agents that know how to do that, man, they will have the 806 00:44:52,360 --> 00:44:54,240 upper hand. It's just nature of the beast. 807 00:44:54,240 --> 00:44:56,920 I don't like saying it. I know people don't like hearing 808 00:44:56,920 --> 00:44:59,080 it. But as a defender, as a 809 00:44:59,080 --> 00:45:02,680 practitioner, I'm happy that I'm towards the end of my career 810 00:45:02,680 --> 00:45:05,680 because I I have no idea what comes next and how we will solve 811 00:45:05,680 --> 00:45:08,080 it. Because things that we held near 812 00:45:08,080 --> 00:45:12,760 and dear as sacred will not be with us as the gold standard 813 00:45:12,760 --> 00:45:14,880 anymore. Well, that's a very positive way 814 00:45:14,880 --> 00:45:17,800 to to end the conversation. But I think this is the 815 00:45:17,800 --> 00:45:22,040 realistic way, right Is this is has always been a cat and mouse 816 00:45:22,360 --> 00:45:25,800 game with attacker versus defender and trying to figure 817 00:45:25,800 --> 00:45:28,320 out how can we stop one or the other. 818 00:45:28,360 --> 00:45:31,480 And it happens on both sides. So it's as hard as we are trying 819 00:45:31,480 --> 00:45:36,280 to defend the other side, just as much is trying to poke holes 820 00:45:36,280 --> 00:45:39,080 into that. And there will be new creative 821 00:45:39,080 --> 00:45:41,240 ways to do it. AI is just the latest version of 822 00:45:41,240 --> 00:45:43,000 it. I mean, we did an entire episode 823 00:45:43,000 --> 00:45:45,960 that was all AI like for us on April 1st. 824 00:45:46,360 --> 00:45:50,680 And, you know, it was fine. It sounded OK. 825 00:45:50,680 --> 00:45:53,480 And that's me as an amateur spending a little bit of time, 826 00:45:53,520 --> 00:45:56,440 you know, training models on my voice and Jim's voice and, and 827 00:45:56,440 --> 00:45:59,400 me telling Jim, no, you got to do it more demonstrably, right? 828 00:45:59,960 --> 00:46:03,640 If I have motivation, the tools are absolutely there. 829 00:46:03,680 --> 00:46:06,320 The accessibility to be able to do Gen. 830 00:46:06,360 --> 00:46:12,080 AI to create video, audio images is, is so good right now. 831 00:46:12,080 --> 00:46:15,000 And it's absolutely scary because what does this lead back 832 00:46:15,000 --> 00:46:17,240 to? It's social engineering again. 833 00:46:17,760 --> 00:46:20,840 The unhappy path, as we've called it for a long time, is 834 00:46:21,120 --> 00:46:22,680 that's what people are going to take advantage of. 835 00:46:22,680 --> 00:46:26,480 It's usually the way that people get breached or popped or 836 00:46:26,480 --> 00:46:28,760 whatever word you want to use to say that bad things have 837 00:46:28,760 --> 00:46:30,920 happened. And these are just tools that 838 00:46:30,920 --> 00:46:31,920 people are going to use to do that. 839 00:46:31,960 --> 00:46:35,240 And so another arrow in that quiver might be something like 840 00:46:35,240 --> 00:46:38,320 this is how do you stop account takeovers as well? 841 00:46:38,320 --> 00:46:40,240 Take a look at something like Trisona's ATL protect. 842 00:46:40,240 --> 00:46:43,520 So I'm a big fan of it. I remember when you, when you 843 00:46:43,520 --> 00:46:45,680 called me or I think you shot me a LinkedIn message like a year 844 00:46:45,680 --> 00:46:47,000 and a half ago, it was like, oh, this is kind of cool. 845 00:46:47,000 --> 00:46:50,080 Like what is this thing? And to see it evolve over the 846 00:46:50,080 --> 00:46:53,560 last, like I said, year and a half and see the value of it has 847 00:46:53,560 --> 00:46:56,160 been really interesting. So like typical cap to you, Sir. 848 00:46:57,320 --> 00:46:58,720 Thank you. I appreciate it. 849 00:46:58,720 --> 00:47:02,480 But as I asked you and Jim, I want today to be all about 850 00:47:03,480 --> 00:47:06,920 trying to break this because I feel for everybody who listens 851 00:47:06,920 --> 00:47:09,600 to this podcast on the defender side. 852 00:47:09,600 --> 00:47:13,120 I would not want to be doing this job today because it's we 853 00:47:13,120 --> 00:47:14,840 don't get paid enough for doing it. 854 00:47:15,360 --> 00:47:18,560 But I do have a positive endnote if you don't mind, and I'll use 855 00:47:18,560 --> 00:47:22,120 my slide whistle in the in the fun way just to say this. 856 00:47:25,480 --> 00:47:29,400 I believe that some of us will try to fight AI with AII, 857 00:47:29,400 --> 00:47:31,280 already see startups trying to do that. 858 00:47:31,960 --> 00:47:34,600 I personally don't believe that that will be the solution 859 00:47:34,600 --> 00:47:38,160 because of the cat and mouse issue. 25 years ago when you 860 00:47:38,160 --> 00:47:41,400 bought Norton Virus, you were defended from what he knew 861 00:47:41,400 --> 00:47:43,120 about, but not from the next thing, right? 862 00:47:43,120 --> 00:47:48,080 So unfortunately, it is a way to give you some cover from what's 863 00:47:48,080 --> 00:47:50,080 known. But in this world of AI 864 00:47:50,080 --> 00:47:52,000 deepfakes, you just don't know what's coming tomorrow. 865 00:47:52,000 --> 00:47:54,760 So I just don't know that overall that's the strategy. 866 00:47:56,000 --> 00:48:00,120 A way to finish this episode is to think about what we described 867 00:48:00,120 --> 00:48:03,560 today and what this tool does as a sort of a Turing test. 868 00:48:05,440 --> 00:48:08,760 Hear me out. If we try to fight AI with AI, 869 00:48:09,000 --> 00:48:12,560 we're now just fighting CPU with CPU and capacity with capacity. 870 00:48:12,560 --> 00:48:15,240 And unfortunately, the bad guys have more money than most 871 00:48:15,240 --> 00:48:18,080 companies to do this. What we're trying to do with 872 00:48:18,080 --> 00:48:21,800 this tool is to take you out of your comfort zone, Mr. AI, and 873 00:48:21,800 --> 00:48:24,720 have you hold the phone in the air and scan something. 874 00:48:24,720 --> 00:48:27,440 In real life, no AI model can do that. 875 00:48:28,120 --> 00:48:31,120 No AI model can generate the record for me in the phone 876 00:48:31,120 --> 00:48:33,680 company. No AI model can do a lot of 877 00:48:33,680 --> 00:48:37,080 things that we're testing for because it simply doesn't know. 878 00:48:37,120 --> 00:48:40,440 It knows how to do a lot of things, but we're forcing it to 879 00:48:40,440 --> 00:48:42,360 do things that human can do easily. 880 00:48:42,360 --> 00:48:47,640 So here's the positive sound. But AI will fail miserably. 881 00:48:48,440 --> 00:48:51,320 So I don't want people listening to this thinking, Oh my God, 882 00:48:51,320 --> 00:48:53,520 we're doomed. AI will take over the world. 883 00:48:53,520 --> 00:48:56,720 That is not what I'm saying. I'm saying if you put in front 884 00:48:56,720 --> 00:48:59,400 of AI the things that it knows how to defend from, just with 885 00:48:59,400 --> 00:49:02,200 more training, that is not a great strategy. 886 00:49:02,760 --> 00:49:06,800 Force it to do the thing it cannot and now you have a leg to 887 00:49:06,800 --> 00:49:09,720 stand on. OK, well you've been teasing us 888 00:49:09,720 --> 00:49:13,280 the whole conversation and so let's talk about how do we break 889 00:49:13,280 --> 00:49:15,240 this? And so you've you're issuing a 890 00:49:15,240 --> 00:49:17,040 challenge to whoever is listening. 891 00:49:17,760 --> 00:49:19,320 Tell us more about this hack the box. 892 00:49:19,560 --> 00:49:21,680 What is it? How is it going to work? 893 00:49:21,720 --> 00:49:23,960 And I guess just give the details on it. 894 00:49:24,640 --> 00:49:30,640 So we will go to the website of Trusona forward slash idac at 895 00:49:30,640 --> 00:49:34,720 empty at the center. There you will read a little bit 896 00:49:34,720 --> 00:49:37,160 about this demo. You can see a video of it. 897 00:49:37,160 --> 00:49:41,160 If you don't want to go do it yourself to hack the box, I'm 898 00:49:41,160 --> 00:49:45,000 offering the following thing. Go to our demo and send us a 899 00:49:45,000 --> 00:49:48,360 screenshot of the entire screen that it would also have a GUID 900 00:49:48,360 --> 00:49:50,600 of the transaction you're on because we need to find it in 901 00:49:50,600 --> 00:49:53,560 our systems to see that you did not manufacture one. 902 00:49:54,600 --> 00:49:58,200 How's that for thinking like a hacker where the DMV and the 903 00:49:58,200 --> 00:50:01,080 phone company and all those things do not suspect that it's 904 00:50:01,080 --> 00:50:03,760 not my document. And again, I have one. 905 00:50:04,720 --> 00:50:07,240 I'm not going to hold it too close to the camera. 906 00:50:07,240 --> 00:50:09,040 I'm not going to do that, but I have one. 907 00:50:09,760 --> 00:50:13,320 I've done this demo as you'll see there, but the net net of it 908 00:50:13,320 --> 00:50:17,720 is if you can generate a screenshot from our tool that we 909 00:50:17,720 --> 00:50:20,720 can verify was a real transaction on our end and it 910 00:50:20,720 --> 00:50:23,720 will say, yeah, this is Ori Eisen, it was not me. 911 00:50:24,280 --> 00:50:27,720 You get the prize now, Jeff, Jeff and Jim, you can help me 912 00:50:27,720 --> 00:50:30,680 pick what the prize will be. I don't want it to be like a 913 00:50:30,800 --> 00:50:33,160 gift card or something. Should be something cool. 914 00:50:33,440 --> 00:50:36,440 So we will by the time this episode will pause post, we'll 915 00:50:36,440 --> 00:50:40,080 decide what the prizes. I think it's such a cool thing 916 00:50:40,120 --> 00:50:43,080 and, you know, being able and open to be able to say, hey, 917 00:50:43,400 --> 00:50:45,840 let's figure out better ways to poke a hole in this is great. 918 00:50:45,840 --> 00:50:49,880 And I guess be prepared because I think, you know, hopefully 919 00:50:49,880 --> 00:50:52,560 people will check this out and really want to try to figure out 920 00:50:52,560 --> 00:50:55,160 how it gets. I will let me say it again. 921 00:50:55,160 --> 00:50:57,480 I'm not afraid. Most vendors are afraid to be. 922 00:50:58,000 --> 00:51:02,040 It's OK if you ever listen to Karen and Lazari's Ted talk that 923 00:51:02,040 --> 00:51:04,160 hackers are the immune system of the Internet. 924 00:51:04,160 --> 00:51:06,920 I believe in that. So if you're listening to this 925 00:51:06,920 --> 00:51:10,480 podcast, I'm not afraid. I want you to show me where the 926 00:51:10,480 --> 00:51:14,080 holes are because I'd rather fix them if there are and protect 927 00:51:14,080 --> 00:51:16,880 the world then not allowing you to test it. 928 00:51:16,880 --> 00:51:19,120 I mean, that is not security. There's no security and 929 00:51:19,120 --> 00:51:20,160 obscurity. Sorry. 930 00:51:20,640 --> 00:51:24,520 I'm asking you help us see how it can be broken. 931 00:51:24,520 --> 00:51:26,960 And if you can't break it, at least be like Jeff and Jim, they 932 00:51:26,960 --> 00:51:29,920 were very honorable and say, hey, we couldn't break it 933 00:51:29,920 --> 00:51:31,560 easily. Let us at least share it with 934 00:51:31,560 --> 00:51:34,960 more people because if this can help the companies to not be 935 00:51:34,960 --> 00:51:38,200 broken into, so be it. I think the other cool thing is, 936 00:51:38,520 --> 00:51:42,560 well, first of all, famous last words, I'm not afraid so I'm not 937 00:51:42,560 --> 00:51:45,160 that. I'm not that courageous, so I 938 00:51:45,160 --> 00:51:47,560 will not say that myself. But the other thing I think 939 00:51:47,560 --> 00:51:50,160 people should know is if they go to trusoda.com and they click on 940 00:51:50,160 --> 00:51:52,200 the try now you actually get what, six of these? 941 00:51:52,200 --> 00:51:54,120 I think 3 per month. Per month? 942 00:51:54,240 --> 00:51:56,200 Yep. And so people can actually try 943 00:51:56,200 --> 00:51:58,400 this, try that in an environment, see how it. 944 00:51:58,400 --> 00:52:00,520 Works on their own ideas. You can just see what it would 945 00:52:00,520 --> 00:52:03,280 do for you. Literally it's like a Gray box 946 00:52:03,280 --> 00:52:05,920 as opposed to a black box. You can see what would happen, 947 00:52:06,400 --> 00:52:11,080 but to break it, you need to be me with a real transaction. 948 00:52:11,400 --> 00:52:14,200 Then we can chat about the prize so far. 949 00:52:14,200 --> 00:52:16,440 Just so you know, no one has been successful trying to do 950 00:52:16,440 --> 00:52:18,720 this. OK, the challenge has been 951 00:52:18,720 --> 00:52:21,440 tossed out there. The gulp has been tossed down. 952 00:52:21,440 --> 00:52:25,280 Whatever analogy you want to use, Ori, I'm I'm a big fan of 953 00:52:25,280 --> 00:52:27,880 what you've built here. Very impressed to see how it 954 00:52:27,880 --> 00:52:30,120 goes out there. Definitely encourage people 955 00:52:30,200 --> 00:52:34,040 visit trisona.com/idac and we'll have links in our show notes for 956 00:52:34,040 --> 00:52:38,320 people to find that easily, as well as a LinkedIn link for you 957 00:52:38,320 --> 00:52:41,440 as well or for people to reach out and maybe send those 958 00:52:41,440 --> 00:52:43,960 screenshots or whatever it may be to say, hey, I got you. 959 00:52:44,520 --> 00:52:47,120 But hopefully not. So with that, we'll go ahead and 960 00:52:47,120 --> 00:52:49,240 leave it for this week. Ori, thank you so much for your 961 00:52:49,240 --> 00:52:50,760 time. Really appreciate you being a 962 00:52:50,760 --> 00:52:53,800 supporter of the podcast and encourage people to visit the 963 00:52:53,800 --> 00:52:57,120 website, visit us on the web, idscpodcast.com, do all those 964 00:52:57,120 --> 00:52:58,960 fun, cool things like and subscribe, share those with 965 00:52:58,960 --> 00:53:01,280 people. And yeah, we appreciate it. 966 00:53:01,280 --> 00:53:03,400 So we'll go ahead and leave it there for this week. 967 00:53:03,640 --> 00:53:06,440 Thanks everyone for watching and or listening and we'll talk with 968 00:53:06,440 --> 00:53:10,880 you all in the next one. You've been listening to 969 00:53:10,880 --> 00:53:14,800 Identity at the Center. We hope you've enjoyed the show. 970 00:53:15,000 --> 00:53:19,080 Make sure to like, rate and review, and we'll be back soon. 971 00:53:19,360 --> 00:53:21,640 But in the meantime, hit the website at 972 00:53:21,640 --> 00:53:28,000 identity@thecenter.com. See you next time on Identity at 973 00:53:28,000 --> 00:53:28,920 the Center.