1 00:00:00,040 --> 00:00:02,320 I think that the best security products. 2 00:00:02,320 --> 00:00:06,840 Give you a Peace of Mind. I think that when I installed I 3 00:00:06,840 --> 00:00:09,200 don't know like for example any Dr. in my company. 4 00:00:09,200 --> 00:00:12,080 I had Peace of Mind that I think that my work. 5 00:00:12,480 --> 00:00:14,120 Workstations are secure, so I think. 6 00:00:14,120 --> 00:00:16,960 That a good security product? Not necessarily. 7 00:00:16,960 --> 00:00:19,960 Authorizing the background, but authorizing a way that's not by 8 00:00:19,960 --> 00:00:23,360 the Lawson for the organization. So you do have a measure that 9 00:00:23,360 --> 00:00:26,840 you can look in, but I see like that we attach ourselves to your 10 00:00:26,840 --> 00:00:28,480 organizational. Workflows. 11 00:00:29,040 --> 00:00:33,560 Whether it's a ticketing system messing also our solution, I'll 12 00:00:33,560 --> 00:00:35,840 just send you all notifications via select, but. 13 00:00:36,240 --> 00:00:38,040 First thing that we. Do is when we build an 14 00:00:38,040 --> 00:00:41,480 inventory, you can see in one place all of the non human 15 00:00:41,480 --> 00:00:44,320 identity that you have, all of their entitlements, all of the 16 00:00:44,320 --> 00:00:47,840 authentication methods, the owners of those identities and 17 00:00:47,840 --> 00:00:52,000 the usage that you do it. On top of that inventory, we 18 00:00:52,000 --> 00:00:53,640 provide multiple. Applications. 19 00:00:54,280 --> 00:00:56,120 Most popular application to start with. 20 00:00:56,320 --> 00:00:59,800 Is Toledo SIS you want to identify the top ten and most 21 00:00:59,800 --> 00:01:02,160 critical identities. You like it to call it the most 22 00:01:02,160 --> 00:01:05,960 wanted like the ideally sheriff is coming to town and trying to 23 00:01:05,960 --> 00:01:10,240 like like to catch the the biggest seminar. 24 00:01:10,240 --> 00:01:13,040 So that's like the most. Wanted Bob and Dennis share. 25 00:01:13,040 --> 00:01:15,240 Because that domain name taken because that might be 1 you want 26 00:01:15,240 --> 00:01:18,720 to jump on next. We have we have something here. 27 00:01:18,880 --> 00:01:22,200 I'll follow up like right after. This recording and check that if 28 00:01:22,200 --> 00:01:26,000 that domain is available. I think that Jim is doing it 29 00:01:26,000 --> 00:01:28,120 right now, but. Not the point seeing us. 30 00:01:33,760 --> 00:01:38,920 This is identity at the center if it has anything to do with 31 00:01:38,960 --> 00:01:43,560 IAM. This is the go to podcast now 32 00:01:43,560 --> 00:01:47,440 your hosts Jim McDonald and Jeff Stedman. 33 00:01:53,520 --> 00:01:55,200 Welcome to the Identity Center Podcast. 34 00:01:55,200 --> 00:01:56,800 I'm Jeff, and that's Jim. Hey, Jim. 35 00:01:57,320 --> 00:01:59,800 Hey, Jeff, how are you? Oh, not so bad yourself. 36 00:02:00,800 --> 00:02:02,960 Great. I'm excited for this episode. 37 00:02:03,800 --> 00:02:07,240 We're we've got a guest on to talk about machine identities. 38 00:02:07,240 --> 00:02:12,240 I think this is one of the areas of digital identity or I'll even 39 00:02:12,240 --> 00:02:14,120 call it identity and access management. 40 00:02:14,360 --> 00:02:16,720 We've been in it long enough we can call it that. 41 00:02:17,240 --> 00:02:19,680 And this has been a problem since day one. 42 00:02:19,680 --> 00:02:26,880 So I'm glad to see the industry is taking us seriously and folks 43 00:02:26,880 --> 00:02:30,000 like we're going to talk to today are building solutions. 44 00:02:30,480 --> 00:02:32,320 Yeah, I. Feel like this is like the 45 00:02:32,320 --> 00:02:35,640 Zoolander meme with the will ferry character, you know, non 46 00:02:35,640 --> 00:02:38,840 human identity. So hot right now, you know, so 47 00:02:39,000 --> 00:02:41,600 we're going to get into that. Today is a sponsored episode. 48 00:02:41,600 --> 00:02:44,040 So sponsor spotlights. These are things that we create 49 00:02:44,040 --> 00:02:47,360 with our sponsors to help understand the points of view 50 00:02:47,360 --> 00:02:49,160 that they bring to the identity space. 51 00:02:49,160 --> 00:02:51,600 So make it crystal clear. They have sponsored this episode 52 00:02:51,600 --> 00:02:54,280 in full. We're going to hear today from 53 00:02:54,280 --> 00:02:56,360 Token Security. You can visit them on the web 54 00:02:56,360 --> 00:02:59,680 with a very easy to remember Token dot Security website. 55 00:02:59,960 --> 00:03:01,960 It is a very cool website, one of the best that I've seen. 56 00:03:01,960 --> 00:03:03,720 So I would definitely encourage people go check it out. 57 00:03:04,000 --> 00:03:06,440 We're really well done on the web design, but we're not here 58 00:03:06,440 --> 00:03:08,480 to talk web design. We're here to talk about non 59 00:03:08,480 --> 00:03:10,840 human identity, machine identity. 60 00:03:10,840 --> 00:03:13,000 They have a tagline to go machine first. 61 00:03:13,040 --> 00:03:14,480 We're going to find out what that means. 62 00:03:14,760 --> 00:03:16,920 So I'd like to welcome to the show Ito Shlomo. 63 00:03:16,960 --> 00:03:19,520 He's the Co founder and CTO of Token Security. 64 00:03:19,800 --> 00:03:22,560 Welcome Ito. Thank you, Jess. 65 00:03:22,640 --> 00:03:26,000 Thank you Jim for hosting me. Definitely one of the. 66 00:03:26,000 --> 00:03:29,120 Highlights of my life. Well, you know, that's fair and 67 00:03:29,120 --> 00:03:32,280 flattery will actually get you everywhere on this podcast, so I 68 00:03:32,280 --> 00:03:34,480 appreciate that. But we like to understand a 69 00:03:34,520 --> 00:03:36,960 little bit more about yourself. How did you get into the space 70 00:03:36,960 --> 00:03:39,040 of identity? Is it something that you chose 71 00:03:39,040 --> 00:03:44,880 or did it choose you? I know, like I think that I have 72 00:03:45,520 --> 00:03:49,680 a classical nerf story that took a very, very interesting twist. 73 00:03:50,720 --> 00:03:56,280 And so in Zelzer Short I am. As a teenager, I I mastered. 74 00:03:56,280 --> 00:03:58,680 Online gaming, that was like something that I like to. 75 00:03:58,680 --> 00:04:01,320 Do one of the things. That I like to do the most. 76 00:04:01,440 --> 00:04:05,800 Actually happened until today. I started a gaming server. 77 00:04:06,160 --> 00:04:11,280 On my personal computer at home built my registration panel and 78 00:04:11,480 --> 00:04:14,800 hair care, which was probably one of my high school 79 00:04:14,800 --> 00:04:17,600 competitors. I'm headed by by passing the. 80 00:04:17,600 --> 00:04:19,920 Authentication. And then I was like, OK, there 81 00:04:19,920 --> 00:04:22,040 is something here with this authentication. 82 00:04:23,680 --> 00:04:26,960 I I was bursting into the army. When I was 18. 83 00:04:28,000 --> 00:04:30,880 And from there. I started my test, like my 84 00:04:30,880 --> 00:04:35,600 career test, in terms of that operations vulnerability 85 00:04:35,600 --> 00:04:37,560 research. Implant development and they 86 00:04:37,560 --> 00:04:41,120 learned exactly that that like the exact like the. 87 00:04:41,120 --> 00:04:44,880 Exact other side of how? Do you exploit identity? 88 00:04:44,880 --> 00:04:48,800 And while a lot of my friends had amazing talent in 89 00:04:48,800 --> 00:04:52,320 vulnerability research, I used to like just find the kid that 90 00:04:52,320 --> 00:04:54,760 was the line, get out somewhere and use it. 91 00:04:55,040 --> 00:04:58,680 And it was something that I thought it was like a cheat code 92 00:04:59,000 --> 00:05:02,760 and eventually ended up serving a short. 93 00:05:02,760 --> 00:05:06,760 Term of 13 years in in the Israeli army inside operations 94 00:05:07,160 --> 00:05:10,040 and decided that the. Military life. 95 00:05:10,040 --> 00:05:13,720 Was most of me and when I finished, my son said. 96 00:05:13,840 --> 00:05:18,160 I wanted to to do something like that would that might change the 97 00:05:18,160 --> 00:05:19,920 world, but also something that I'm good at. 98 00:05:20,280 --> 00:05:23,800 And I remember like all of those cadets that we found lying 99 00:05:23,800 --> 00:05:26,680 around. And like, then I thought that. 100 00:05:26,920 --> 00:05:30,760 A machine identity security is. A very, very important and 101 00:05:30,760 --> 00:05:32,840 decided to go and start. A company on around that 102 00:05:32,840 --> 00:05:34,240 concept. So that's how I got. 103 00:05:34,240 --> 00:05:38,560 Into into this. Space eventually, like lately 104 00:05:38,560 --> 00:05:41,040 we've seen so many breaches like the snowflake hack of 105 00:05:41,040 --> 00:05:45,920 Ticketmaster and so on that. Well, machined identity LED that 106 00:05:45,920 --> 00:05:48,960 that. Also, Make Realities is showing 107 00:05:48,960 --> 00:05:50,640 that it's a very very problem right now. 108 00:05:51,480 --> 00:05:53,600 Yeah, it seems to be everywhere and it's just going to 109 00:05:53,600 --> 00:05:56,880 proliferate, right, as more things come into the into the 110 00:05:56,880 --> 00:05:58,840 world that are doing other things, right. 111 00:05:58,840 --> 00:06:03,160 Bots, AI, right, servers, IoT, right. 112 00:06:03,160 --> 00:06:04,640 There's a whole bunch of stuff that's supposed to be out there. 113 00:06:04,920 --> 00:06:07,000 I'd like to learn more about token security because people 114 00:06:07,000 --> 00:06:08,800 may not be familiar with company itself. 115 00:06:08,800 --> 00:06:12,320 So tell us about token security. What is the problem that you 116 00:06:12,320 --> 00:06:14,800 guys are looking to solve and what do you bring to the market? 117 00:06:17,160 --> 00:06:22,520 So I think that like building software is super hard. 118 00:06:22,560 --> 00:06:23,960 And then? You want to find the. 119 00:06:23,960 --> 00:06:28,720 Right tool for for your task and you pick a certain menu of 120 00:06:28,720 --> 00:06:30,840 technology that is. Super wide like you have. 121 00:06:31,320 --> 00:06:33,360 Fast services you have database. Technologies. 122 00:06:33,360 --> 00:06:36,720 You have workloads technologies. Like containers function and 123 00:06:36,720 --> 00:06:39,800 server and what not. You are multi cloud, you work 124 00:06:39,800 --> 00:06:42,640 with Kubernetes and each one of the technologies. 125 00:06:42,640 --> 00:06:44,360 That I just said. Is. 126 00:06:44,480 --> 00:06:46,640 Implementing it's own identity mechanism. 127 00:06:47,200 --> 00:06:50,640 At least authorization but. Also a lot of times like also 128 00:06:50,640 --> 00:06:53,280 authentication and. Then what happens is that you 129 00:06:53,280 --> 00:06:58,560 have thousands of different identities that was caused by a 130 00:06:59,400 --> 00:07:01,040 huge fragmentation of that space. 131 00:07:01,040 --> 00:07:03,360 So like everybody creates it's own. 132 00:07:03,360 --> 00:07:05,920 Identical either and then. When in human. 133 00:07:05,920 --> 00:07:07,960 Identity you add. One single source of. 134 00:07:07,960 --> 00:07:10,920 Tools. So which is your SSO provider in 135 00:07:10,920 --> 00:07:12,680 machine? Identity every. 136 00:07:14,200 --> 00:07:16,560 Every asset manages its own identity. 137 00:07:16,560 --> 00:07:19,080 And that's how we we. Came up with go machine sales 138 00:07:19,080 --> 00:07:21,720 like. We want to attach the identity 139 00:07:21,720 --> 00:07:23,480 problem but. Like with the machine sales 140 00:07:23,480 --> 00:07:26,200 approach that look at the asset. That you want to protect. 141 00:07:26,200 --> 00:07:27,640 And not necessarily your identity. 142 00:07:27,640 --> 00:07:32,240 Profile And so we got into this. Space and try to understand. 143 00:07:32,240 --> 00:07:34,520 Like what's the problem here? Like why is this so? 144 00:07:35,080 --> 00:07:36,840 Problematic for organizations to. 145 00:07:36,840 --> 00:07:39,120 To solve and we saw that on top of the. 146 00:07:39,120 --> 00:07:41,440 Fermentation. That created the big scale issue 147 00:07:41,480 --> 00:07:42,960 of identities. There were two. 148 00:07:43,280 --> 00:07:45,400 Main. Problems that organizations were 149 00:07:45,400 --> 00:07:47,360 facing. One is the ability. 150 00:07:47,360 --> 00:07:51,280 To find the human owner of each identity and second one. 151 00:07:51,560 --> 00:07:54,280 Was the quiz that owner with the alternator? 152 00:07:54,280 --> 00:07:57,000 That they need and identity. Both the static. 153 00:07:57,000 --> 00:07:58,680 Parameters, but also the dynamic. 154 00:07:58,680 --> 00:08:02,360 Usage in order to solve. For example a key rotation 155 00:08:02,360 --> 00:08:05,960 problem, or a stain identity or an over permissive service 156 00:08:05,960 --> 00:08:09,000 account and so. So that's in a. 157 00:08:09,000 --> 00:08:10,640 Nuts and the problem that we're solving. 158 00:08:11,200 --> 00:08:13,880 OK, you pert my ears up here now, because when you say try to 159 00:08:13,880 --> 00:08:17,600 find the owner of a machine or a non human identity, I mean every 160 00:08:17,960 --> 00:08:20,160 every organization I've talked to struggles with that. 161 00:08:20,400 --> 00:08:24,480 Who owns this account? It was created 5/10/15 thirty 162 00:08:24,480 --> 00:08:27,760 years ago and you know who's responsible for that? 163 00:08:27,760 --> 00:08:29,600 So I'm definitely interested to learn more about this. 164 00:08:29,880 --> 00:08:32,760 I think that kind of speaks to the importance too of this area 165 00:08:32,840 --> 00:08:35,760 of who owns these accounts, because if you don't know who is 166 00:08:35,760 --> 00:08:37,480 responsible for the account, how are you supposed to secure it? 167 00:08:37,480 --> 00:08:38,520 Doesn't have the right permissions. 168 00:08:38,520 --> 00:08:40,159 Is it doing what it was intended to do? 169 00:08:40,640 --> 00:08:43,039 Has it been hijacked to be used for something else? 170 00:08:43,200 --> 00:08:45,560 That could be benign, right? Happens a lot. 171 00:08:45,560 --> 00:08:47,640 Service account might get used for something else. 172 00:08:47,920 --> 00:08:52,320 Or it could be, hey, maybe an attacker is, is piggybacking on 173 00:08:52,320 --> 00:08:54,800 a service account that they probably shouldn't be doing 174 00:08:54,800 --> 00:08:58,000 that, right? Is that make sense from a kind 175 00:08:58,000 --> 00:08:59,720 of trying to define why this is so important? 176 00:08:59,720 --> 00:09:00,920 Are there other things you want to add to that? 177 00:09:02,520 --> 00:09:06,680 Yeah, I think that it's related to two, but like, yeah, I think 178 00:09:06,680 --> 00:09:08,560 that identifying the. Internal order is super 179 00:09:08,560 --> 00:09:11,080 important for. For example, sometimes we see 180 00:09:11,080 --> 00:09:13,200 that the most critical accounts in. 181 00:09:13,200 --> 00:09:17,200 Organization were traded by individuals that already left 182 00:09:17,200 --> 00:09:19,040 the company, for example, so the ownership. 183 00:09:19,040 --> 00:09:22,360 Data is really cushion to identify which part of the 184 00:09:22,360 --> 00:09:26,680 organization is responsible. How do I assign like the the 185 00:09:26,680 --> 00:09:29,320 handling and the life cycle management process of that 186 00:09:29,320 --> 00:09:31,920 identity? Second part is really the usage 187 00:09:31,920 --> 00:09:35,480 as you said so. When an identity is spread 188 00:09:35,480 --> 00:09:38,000 across thousands of containers with one. 189 00:09:38,000 --> 00:09:40,800 Database user and password that all of those containers are. 190 00:09:40,800 --> 00:09:44,640 Using you want to expose this this level of dependencies and 191 00:09:44,640 --> 00:09:48,360 usage to find out what is the real use of. 192 00:09:48,360 --> 00:09:51,960 That service account I think that visibility in not even 193 00:09:51,960 --> 00:09:55,240 identity is one of the key. Key problems. 194 00:09:55,240 --> 00:09:57,200 So it's not only. Cause a results like. 195 00:09:58,080 --> 00:10:01,680 Integrating with all types of products, but also identifying 196 00:10:01,680 --> 00:10:03,400 the usage. Patterns of the identities 197 00:10:03,400 --> 00:10:06,960 themselves. So I want to make sure that 198 00:10:06,960 --> 00:10:11,040 we're speaking the same language when you say non human identity 199 00:10:11,040 --> 00:10:13,320 or machine identity, can you define that for me? 200 00:10:13,320 --> 00:10:15,840 Like what is your your definition of what that means? 201 00:10:16,480 --> 00:10:19,760 Yeah, there's so, so many terms. Right now like machine identity 202 00:10:20,000 --> 00:10:22,480 machine. Account service Account API key, 203 00:10:22,800 --> 00:10:25,880 everybody likes to call it. A bit differently, so let's. 204 00:10:25,880 --> 00:10:33,040 Scope where we're at, What I'm most, what I worry for the most 205 00:10:33,040 --> 00:10:35,680 is the identities that could lead to your core. 206 00:10:35,680 --> 00:10:38,680 Technology and yeah and to affect your medical resources 207 00:10:39,160 --> 00:10:39,840 and. What? 208 00:10:39,840 --> 00:10:41,680 What's not in token? Security scope. 209 00:10:42,040 --> 00:10:44,480 It's not endpoint identity. It's not your employees 210 00:10:44,480 --> 00:10:46,840 workstations or laptops. It's not IoT. 211 00:10:46,960 --> 00:10:50,040 It's not the. Voice over IP device that you 212 00:10:50,040 --> 00:10:53,440 have or the camera that you have installed, even those, those, 213 00:10:53,880 --> 00:10:57,800 even though those are machines, it's not what we're handling and 214 00:10:57,800 --> 00:11:00,800 also we are not handling public key infrastructure. 215 00:11:00,840 --> 00:11:01,960 It's not. The. 216 00:11:01,960 --> 00:11:03,800 Client to server encryption part. 217 00:11:04,160 --> 00:11:07,160 What we worry about? Is the identities that are. 218 00:11:07,160 --> 00:11:10,880 Mainly you are all. Well intended for programmatic 219 00:11:10,880 --> 00:11:13,840 use inside your core technology, inside your core assets. 220 00:11:14,080 --> 00:11:16,720 And could affect that could. Be a sense force. 221 00:11:16,720 --> 00:11:19,480 Integration API that could be. A service. 222 00:11:19,480 --> 00:11:21,080 Account in your. AWS. 223 00:11:21,080 --> 00:11:24,840 That could be an SSHT that opens all of your EC2 instances. 224 00:11:25,240 --> 00:11:28,760 Or other servers. It could be a snowflake service 225 00:11:28,760 --> 00:11:31,480 account, but that's the area and the attic that that we are 226 00:11:31,480 --> 00:11:34,560 working with. So I am always interested in how 227 00:11:34,560 --> 00:11:36,280 you come up with names for companies these days. 228 00:11:36,480 --> 00:11:38,840 How'd you come up with the name Token Security? 229 00:11:38,840 --> 00:11:43,040 What was the the driver? Behind that, OK, so let me tell 230 00:11:43,040 --> 00:11:44,600 you. A bit of a funny story. 231 00:11:45,200 --> 00:11:48,320 So we know how a lot of. Fathers in cyber security come 232 00:11:48,320 --> 00:11:50,680 from Israel. What we're known for in Israel 233 00:11:50,680 --> 00:11:53,320 is that we have extreme. Self-confidence. 234 00:11:53,560 --> 00:11:57,040 We like to really be stubborn that we lied at what we're 235 00:11:57,040 --> 00:11:59,280 doing. So my partner and I, we chose 236 00:11:59,280 --> 00:12:01,600 the name for the company. We chose a name. 237 00:12:01,600 --> 00:12:03,360 We. Already registered the domain. 238 00:12:04,520 --> 00:12:07,680 And the name was like something that was supposed to bring light 239 00:12:07,680 --> 00:12:09,680 into a doubt problem in the cloud. 240 00:12:09,680 --> 00:12:12,040 And we chose the name Moonlight Security. 241 00:12:12,360 --> 00:12:14,880 And we were certain that we it was a fantastic. 242 00:12:14,880 --> 00:12:17,840 Name we sent. Our friend and intro request. 243 00:12:17,840 --> 00:12:21,200 To one of his investors. And he asked for us like send me 244 00:12:21,200 --> 00:12:22,920 your e-mail address. And I sent him it. 245 00:12:23,000 --> 00:12:26,720 It at Moonlight security and he told me, did you look that up in 246 00:12:26,720 --> 00:12:28,800 the dictionary before you signed the domain? 247 00:12:28,800 --> 00:12:31,920 Like, what is your, why did you pick that name? 248 00:12:31,920 --> 00:12:34,760 And then I understand that moonlight has a very, very 249 00:12:34,760 --> 00:12:39,160 different meaning. That's why I and so we went back 250 00:12:39,160 --> 00:12:42,600 to the drawing board and we understood that everything. 251 00:12:42,600 --> 00:12:46,880 About machine identity and. The fact that like what happened 252 00:12:46,880 --> 00:12:50,800 in reality is that what people are looking in non even identity 253 00:12:50,800 --> 00:12:54,920 is to regain trust token is the. Symbol and basically the essence 254 00:12:54,920 --> 00:12:56,680 of trust. It's something. 255 00:12:56,680 --> 00:12:59,640 That also is the core. Of the problem that we're. 256 00:12:59,640 --> 00:13:05,040 Solving token compromise, and in very, very different ways is. 257 00:13:05,200 --> 00:13:07,520 Probably the main attack vector that attackers are using. 258 00:13:07,520 --> 00:13:13,440 Today and so it it's both. It both symbolizes the space. 259 00:13:13,520 --> 00:13:16,520 And the problem that we're looking to solve, and so that's 260 00:13:16,520 --> 00:13:19,880 how we pick the name token. And the URL token dot security 261 00:13:19,880 --> 00:13:21,760 was available, so that's even like a bonus, right? 262 00:13:22,400 --> 00:13:24,160 Yeah, everybody thinks that we're in a. 263 00:13:24,160 --> 00:13:28,320 Crypto, cryptocurrency, but you know we're building a not even 264 00:13:28,320 --> 00:13:33,240 space to take over that. So let me put my jaded CSO hat 265 00:13:33,240 --> 00:13:34,640 on. I see a lot of products out 266 00:13:34,640 --> 00:13:36,880 there. What sets you apart from others 267 00:13:36,880 --> 00:13:38,880 in the space that you're operating in? 268 00:13:38,880 --> 00:13:41,280 Like what makes you different? Yeah. 269 00:13:42,000 --> 00:13:47,080 So we another vendor that exists today in. 270 00:13:47,080 --> 00:13:49,000 NHI and they cannot even identity. 271 00:13:49,600 --> 00:13:52,040 It's important to explain. What do you need? 272 00:13:52,040 --> 00:13:54,320 In order to solve the not even identity problem and. 273 00:13:54,640 --> 00:13:57,240 Eventually that leads for. Very, very different 274 00:13:57,240 --> 00:14:00,040 applications, so I won't talk about the applications for a. 275 00:14:00,040 --> 00:14:02,360 Moment I will just. Explain like how you should. 276 00:14:02,640 --> 00:14:05,840 Look and attend NHI. Vendor What makes token special? 277 00:14:06,760 --> 00:14:10,320 So I think that we invest in in call of three main. 278 00:14:10,480 --> 00:14:15,720 Value proposition. 1 is that we want to be the only vendor that 279 00:14:15,720 --> 00:14:17,120 you need. For non human identity. 280 00:14:17,520 --> 00:14:19,360 I don't. I think. 281 00:14:19,360 --> 00:14:21,840 That too many companies are trying to. 282 00:14:21,840 --> 00:14:23,800 Nail down. They're offering to look at a 283 00:14:23,800 --> 00:14:26,760 specific technology, like only cloud providers or only SAS to 284 00:14:26,760 --> 00:14:29,640 SAS integration and so on. I want to be your non. 285 00:14:29,640 --> 00:14:32,840 Human identity providers so on Prem for self force and 286 00:14:32,840 --> 00:14:36,280 workloads for database that you can't access easily. 287 00:14:36,560 --> 00:14:38,240 I want to. Cover your cloud native 288 00:14:38,240 --> 00:14:39,680 identities. I want to cover your. 289 00:14:39,680 --> 00:14:46,240 SAS, SAS services and also eventually or casual customer. 290 00:14:46,240 --> 00:14:47,960 Integration that are done problematically. 291 00:14:47,960 --> 00:14:50,360 Which is also a type. Of non human identity. 292 00:14:52,040 --> 00:14:54,760 And are we there? It might not be there yet, but 293 00:14:54,760 --> 00:14:57,800 we are aiming to give you as full coverage as possible 294 00:14:58,320 --> 00:15:00,640 Second. Part is. 295 00:15:01,360 --> 00:15:04,960 Basically trying to solve or or starting to solve. 296 00:15:04,960 --> 00:15:07,600 Your operational efficiency problems so a lot of people can 297 00:15:07,600 --> 00:15:09,480 handle one service account handling. 298 00:15:09,480 --> 00:15:13,240 Multiple or handling the entire. Service account value that you 299 00:15:13,240 --> 00:15:18,080 have is very very hard. What you need to do is to 300 00:15:18,080 --> 00:15:20,800 harness the entire organization for that in. 301 00:15:20,800 --> 00:15:22,520 Order to harness the organization you need to 302 00:15:22,520 --> 00:15:26,400 identify internal owner or to provide ownership for service 303 00:15:26,400 --> 00:15:28,520 account connecting the non human identity. 304 00:15:28,520 --> 00:15:33,320 To a human identity, their part is to acquit those internal 305 00:15:33,320 --> 00:15:34,480 owners. With the data that. 306 00:15:34,480 --> 00:15:38,080 They need. We want to give you all of the. 307 00:15:38,080 --> 00:15:42,200 Data that you need. In order to remediate or in 308 00:15:42,200 --> 00:15:44,800 order to improve your. Security posture in non human 309 00:15:44,800 --> 00:15:48,040 identity. Because the thing that most. 310 00:15:48,040 --> 00:15:50,920 Engineer that that like is shared between engineering, 311 00:15:50,920 --> 00:15:54,520 DevOps, SRE and security is that we feel to break stuff. 312 00:15:54,880 --> 00:15:58,640 I want you to have complete. Certainty that you can take 313 00:15:58,640 --> 00:16:00,080 action. And have all of the. 314 00:16:00,080 --> 00:16:02,960 Data that you need in order to take that action and so the 315 00:16:02,960 --> 00:16:06,960 dynamic usage layer that. We put on top of our inventory 316 00:16:07,240 --> 00:16:09,320 is. One of the most crucial parts of 317 00:16:09,320 --> 00:16:11,080 anonymous identity. Solution. 318 00:16:11,640 --> 00:16:13,680 With that data layer you can do everything. 319 00:16:14,000 --> 00:16:18,520 You can reduce risk you. Can operate very very. 320 00:16:18,520 --> 00:16:21,400 Efficiently you can stand to. Compliance frameworks you can 321 00:16:21,400 --> 00:16:23,440 do. Everything that you want to, you 322 00:16:23,440 --> 00:16:27,400 can do life cycle management. Key to have coverage ownership. 323 00:16:27,760 --> 00:16:33,840 And usage. So either this is a solution 324 00:16:33,840 --> 00:16:36,760 focused on the enterprise, right? 325 00:16:36,760 --> 00:16:40,840 So it's going to be enterprise identity leaders that are going 326 00:16:40,840 --> 00:16:45,520 to look at the product, right? And I, I kind of feel like as a 327 00:16:45,520 --> 00:16:49,840 enterprise identity practitioner, they're used to 328 00:16:49,840 --> 00:16:53,880 certain lanes. So you got your IGA lane, you've 329 00:16:53,880 --> 00:16:57,360 got your access management lane, you've got your privilege access 330 00:16:57,360 --> 00:17:02,480 management lane. ITDRS certainly kind of like 331 00:17:02,480 --> 00:17:06,280 becoming a lane and I don't know that it's established itself as 332 00:17:06,280 --> 00:17:10,119 a lane yet. Is token security in one of 333 00:17:10,119 --> 00:17:14,599 those lanes or is it different? Is it Is machine identity 334 00:17:14,599 --> 00:17:18,720 becoming its own lane? That's a good question. 335 00:17:21,960 --> 00:17:25,800 I think that I don't. Like solving the same problem in 336 00:17:25,800 --> 00:17:28,840 a better way a lot of times like that's that's a part of my 337 00:17:28,840 --> 00:17:32,240 personality and what I believe when I started a company that we 338 00:17:32,240 --> 00:17:34,760 need to find a new problem. And then non of an identity 339 00:17:34,760 --> 00:17:37,920 problem. It had certain that make 340 00:17:38,360 --> 00:17:40,760 solutions that were operational on to it, for example, power 341 00:17:40,760 --> 00:17:43,920 solutions such as cyber alcohol or the linear beyond trust and 342 00:17:43,920 --> 00:17:47,120 solve them. They manage credentials right? 343 00:17:47,120 --> 00:17:49,520 Like they take service accounts and they allow you to access 344 00:17:49,520 --> 00:17:51,280 them securely. But they were mainly. 345 00:17:51,280 --> 00:17:54,600 For human beings and also they were born on plan. 346 00:17:54,600 --> 00:17:56,600 They were born. For a limited amount of server, 347 00:17:56,720 --> 00:17:58,400 they were not born for the state of the. 348 00:17:58,400 --> 00:18:03,840 Cloud and so when people ask me if I would ever if I. 349 00:18:03,880 --> 00:18:07,440 Imagine that non even identity would be in one of. 350 00:18:07,440 --> 00:18:10,240 Those lands I would. Say that it's like. 351 00:18:10,480 --> 00:18:15,400 This starting. A cloud as a very fast host, I 352 00:18:15,400 --> 00:18:17,480 don't think that like. I think that. 353 00:18:17,480 --> 00:18:20,400 It's an entirely new area that is here to. 354 00:18:20,400 --> 00:18:24,680 To last as long as people are bending software as. 355 00:18:24,680 --> 00:18:29,160 Long as they are utilizing the Internet and AB is, I think that 356 00:18:29,600 --> 00:18:33,520 not even identity would be separated from human identity 357 00:18:33,520 --> 00:18:37,000 solutions. Yeah, I, you know, I, I kind of 358 00:18:37,000 --> 00:18:41,480 feel like with non juvenile identities, they require a lot 359 00:18:41,480 --> 00:18:46,040 of the same technology or processes as human identities, 360 00:18:46,040 --> 00:18:49,280 right. But they're not always, you 361 00:18:49,280 --> 00:18:51,280 know, one for one or they don't work the same. 362 00:18:51,280 --> 00:18:56,040 So you still need to have a life cycle, you know, the creation of 363 00:18:56,040 --> 00:19:00,080 the account, the destruction of the account when it's no longer 364 00:19:00,080 --> 00:19:02,080 needed. You need to have some kind of 365 00:19:02,080 --> 00:19:04,600 governance. So there has to be some kind of 366 00:19:04,600 --> 00:19:09,240 human who is accountable for that account and needs to 367 00:19:09,240 --> 00:19:12,160 determine, yes, it has the right permissions, things like that. 368 00:19:12,600 --> 00:19:16,080 So that's kind of the identity. And then also from an excess 369 00:19:16,080 --> 00:19:19,000 measurement standpoint is authentication. 370 00:19:19,240 --> 00:19:23,880 It probably needs some kind of rotation of the credentials and 371 00:19:23,880 --> 00:19:27,560 things like that. So the first part I think of is 372 00:19:27,560 --> 00:19:31,800 like the IGA duties. The second part I think of is 373 00:19:31,800 --> 00:19:33,360 privileged access management duties. 374 00:19:33,360 --> 00:19:36,960 But all those things breakdown like, you know, we have best 375 00:19:36,960 --> 00:19:40,200 practices when it comes to dealing with humans. 376 00:19:40,200 --> 00:19:46,680 Like the humans come from the HR system and for a user, a human 377 00:19:46,680 --> 00:19:50,760 perspective, you can do multi factor authentication and you 378 00:19:50,760 --> 00:19:54,120 can have a human being change the password ever so often. 379 00:19:54,360 --> 00:19:56,360 Well, machines don't work that way, right? 380 00:19:57,800 --> 00:20:00,400 Non human accounts don't work that way so. 381 00:20:00,960 --> 00:20:05,120 I guess maybe you're rambling a little bit, but what I wanted to 382 00:20:05,120 --> 00:20:08,320 get to was, so how does token security work? 383 00:20:08,560 --> 00:20:11,000 How do you address those different areas or which of 384 00:20:11,000 --> 00:20:15,560 those areas do you address? That's a great question. 385 00:20:16,320 --> 00:20:19,280 So in order to not be. Attentive. 386 00:20:19,280 --> 00:20:20,880 I want to share an interesting story. 387 00:20:21,000 --> 00:20:23,680 I want to share something that's like the tall. 388 00:20:24,680 --> 00:20:26,800 Essence of Why not when identity? 389 00:20:26,800 --> 00:20:30,120 Is such a hard problem and it's an. 390 00:20:30,760 --> 00:20:34,440 Anonymous, anonymous case study. That we did with one of our 391 00:20:34,440 --> 00:20:37,440 customers around. About a real nice events. 392 00:20:37,520 --> 00:20:43,560 That happens for them. Luckily, that event ended up in 393 00:20:43,600 --> 00:20:45,800 a with a good result. Because we were there. 394 00:20:46,240 --> 00:20:50,040 But let's try to to visualize like the problem. 395 00:20:50,200 --> 00:20:52,240 In a very, very real story, kind of. 396 00:20:52,440 --> 00:20:57,960 So you have for example. Some kind of a service that hold 397 00:20:57,960 --> 00:21:01,040 very sensitive data. It could be one pass all, it 398 00:21:01,040 --> 00:21:05,000 could be all Google Drive what we identified. 399 00:21:05,440 --> 00:21:08,840 That on a certain. Day one of the. 400 00:21:08,960 --> 00:21:13,720 Service accounts that came from an identity provider was 401 00:21:13,720 --> 00:21:19,040 compromised, and that service account had a password and an 402 00:21:19,040 --> 00:21:22,600 MSA. It was perfectly safe. 403 00:21:23,000 --> 00:21:25,400 For human access, but it also had an API key. 404 00:21:25,840 --> 00:21:29,800 And that API key was compromised by a third party that we 405 00:21:29,800 --> 00:21:33,800 identified later and we started. Digging into the problem. 406 00:21:33,800 --> 00:21:37,280 Because like. The the people in that company 407 00:21:37,280 --> 00:21:38,680 really took care. Of that service account. 408 00:21:38,680 --> 00:21:42,160 But API key is just like a Latex credentials that you put 409 00:21:42,160 --> 00:21:44,840 somewhere and use it in order to consume a service. 410 00:21:44,840 --> 00:21:48,160 Well, when did we hear about that problem in human identity? 411 00:21:48,320 --> 00:21:50,320 15 years ago maybe. So we start. 412 00:21:50,320 --> 00:21:53,840 Taking it down, we observed all of the compute. 413 00:21:53,840 --> 00:21:57,280 Environment of that organization started to analyse the 414 00:21:57,280 --> 00:21:59,640 infrastructure. You see, we started. 415 00:21:59,640 --> 00:22:03,320 Segregating like OK, that API key usually comes on this NAV 416 00:22:03,320 --> 00:22:05,360 gateway, it comes on this account. 417 00:22:05,560 --> 00:22:08,720 OK, so we narrow it. Down to like 2. 105 hundred 418 00:22:08,720 --> 00:22:13,240 machines Saturday and we start scanning the the snapshot. 419 00:22:13,240 --> 00:22:15,800 Of all those of the. All, all of those machines, we 420 00:22:15,800 --> 00:22:20,360 identify a certain machine that we spent that, that was the 421 00:22:20,360 --> 00:22:22,680 machine that. Was called promised also a very 422 00:22:22,680 --> 00:22:24,720 very hard test that is nothing alike. 423 00:22:24,920 --> 00:22:28,360 In our human identity. We took the code from that. 424 00:22:28,360 --> 00:22:31,200 Machine and identified the Gita report that it comes from. 425 00:22:31,320 --> 00:22:33,760 We scanned the Gita. Report and we signed the API key 426 00:22:33,760 --> 00:22:36,360 there it rotated. The event is over. 427 00:22:36,520 --> 00:22:38,520 Everybody's happy. Nobody got. 428 00:22:38,520 --> 00:22:41,200 Fired. Great success for everyone. 429 00:22:41,520 --> 00:22:45,360 But you can. See a scenario like that in 430 00:22:45,360 --> 00:22:47,440 human identity? It just doesn't happen because 431 00:22:47,440 --> 00:22:50,760 like you don't have 500 much 500 humans using the same account 432 00:22:50,760 --> 00:22:52,960 sound as you have but like. It's very, very. 433 00:22:53,360 --> 00:22:56,280 In non human identity it happens all the time and. 434 00:22:56,680 --> 00:22:59,560 I can keep on and on of how the. Technology is different, but I 435 00:22:59,560 --> 00:23:02,080 think that this case study. Proves that like. 436 00:23:02,440 --> 00:23:07,680 It's a entirely bypassing attack sector that is not covered by 437 00:23:07,680 --> 00:23:11,000 ITDL, not covered by IGA, not covered by IDP, not covered by 438 00:23:11,000 --> 00:23:14,320 PUMP. Yeah, no, that, that's a really 439 00:23:14,320 --> 00:23:19,080 smart approach. Yeah, I'm always very much wired 440 00:23:19,080 --> 00:23:22,160 to think about, OK, what is it going to take to get this 441 00:23:22,160 --> 00:23:25,240 solution in place? So I'd like to talk about like, 442 00:23:25,440 --> 00:23:27,280 you know, what does a project look like? 443 00:23:27,560 --> 00:23:31,440 But also if you've got, if somebody who's listening right 444 00:23:31,440 --> 00:23:36,640 now is interested and wants to give it a try, you know, where 445 00:23:36,640 --> 00:23:39,000 did they start? And then what does this look 446 00:23:39,000 --> 00:23:43,560 like from a full implementation project effort? 447 00:23:44,600 --> 00:23:47,200 Yeah. So we have an entire. 448 00:23:47,200 --> 00:23:50,320 Philosophy for that which I will say is our the right listeners 449 00:23:50,320 --> 00:23:53,360 for my listening. Tool to me talking 3 hours about 450 00:23:53,360 --> 00:23:54,320 software. Development. 451 00:23:54,320 --> 00:23:55,800 So I'll say it very, very plainly. 452 00:23:56,200 --> 00:23:58,240 Building software is the best. Thing in the world. 453 00:23:58,640 --> 00:24:01,600 You need to do it quickly and you need to use any technology. 454 00:24:01,600 --> 00:24:03,800 That you want. And I even want to. 455 00:24:03,800 --> 00:24:07,560 Encourage everyone. To build the test there to use 456 00:24:07,560 --> 00:24:09,440 the most. Cutting edge technology that 457 00:24:09,440 --> 00:24:13,160 they that they want. What my purpose is, is. 458 00:24:13,160 --> 00:24:17,040 To allow them a framework to do it safely and safely doesn't 459 00:24:17,040 --> 00:24:19,080 mean slowly. We aim for. 460 00:24:19,080 --> 00:24:21,600 Speed. We aim for a quick deployment. 461 00:24:21,840 --> 00:24:25,960 To see the value as quick as as you can, but also to present 462 00:24:25,960 --> 00:24:28,520 ourselves for. As being in the middle, we're an 463 00:24:28,520 --> 00:24:31,560 integration based folder, so that means there are no clients, 464 00:24:31,800 --> 00:24:34,960 no agent, no central dashboard that you need to document any 465 00:24:34,960 --> 00:24:37,280 identity that you created. We operate. 466 00:24:37,280 --> 00:24:40,040 From the side and just allow your Peace of Mind that you 467 00:24:40,040 --> 00:24:43,160 could go. Sleep well, wake up tomorrow. 468 00:24:43,160 --> 00:24:44,880 And be in the best of store that you can. 469 00:24:45,400 --> 00:24:49,520 And so if you have, if you can use multiple clouds, use 470 00:24:49,520 --> 00:24:51,920 Kubernetes. They certainly use the vault. 471 00:24:51,920 --> 00:24:54,520 Because let's face it, it's. Like we're not going to. 472 00:24:54,520 --> 00:24:58,560 Have a machine identity provider anytime soon, so use the. 473 00:24:58,560 --> 00:25:05,200 Vault to vault your credentials and use database and Google 474 00:25:05,960 --> 00:25:08,000 Cloud query and. Everything that you can. 475 00:25:08,240 --> 00:25:11,520 In order to make your. Software as best as it can, and 476 00:25:11,520 --> 00:25:14,000 I'll take care of their security, at least from the 477 00:25:14,000 --> 00:25:18,800 identity path. That's really makes a lot of 478 00:25:18,800 --> 00:25:19,480 sense. Go. 479 00:25:19,480 --> 00:25:21,800 I'm sorry, Jeff. Well, I was just going to ask, 480 00:25:22,600 --> 00:25:24,760 so you've got this set up, like what's the information that 481 00:25:24,760 --> 00:25:27,480 comes out of this? Like how do I use this to do all 482 00:25:27,480 --> 00:25:30,880 those things with the speed that I need to? 483 00:25:33,400 --> 00:25:36,560 So first of all, I think. That the best security products 484 00:25:36,600 --> 00:25:41,080 give you Peace of Mind. I think that when I installed I 485 00:25:41,080 --> 00:25:43,680 don't know like for example any Dr. in my company I. 486 00:25:43,680 --> 00:25:46,320 Had Peace of Mind that I think that my work. 487 00:25:46,680 --> 00:25:48,600 Workstations are secure, so I think that. 488 00:25:48,920 --> 00:25:51,160 A good security product? Not necessarily. 489 00:25:51,160 --> 00:25:54,040 Authorizing the background, but authorizing in a way that's not 490 00:25:54,040 --> 00:25:57,560 by Lawson for the organization. So you do have a natural that 491 00:25:57,560 --> 00:26:01,120 you can look in, but I see like that we attach ourselves to your 492 00:26:01,120 --> 00:26:02,720 organizational. Workflows. 493 00:26:03,280 --> 00:26:07,760 Whether it's a ticketing system messing also our solution, I'll 494 00:26:07,760 --> 00:26:09,400 just send you all notifications via. 495 00:26:09,400 --> 00:26:12,240 Select but first thing that. We do is when we build an 496 00:26:12,240 --> 00:26:15,680 inventory, you can see in one place all of the non human 497 00:26:15,680 --> 00:26:18,560 identity that you have, all of their entitlements, all of the 498 00:26:18,560 --> 00:26:22,040 authentication methods, the owners of those identities and 499 00:26:22,040 --> 00:26:24,960 the usage that. You do it on top of that 500 00:26:24,960 --> 00:26:27,880 inventory we provide. Multiple applications. 501 00:26:28,520 --> 00:26:30,120 Most popular application to start. 502 00:26:30,120 --> 00:26:34,040 With is to widow 6, you want to identify the top ten and most 503 00:26:34,040 --> 00:26:36,400 critical identities. We like it to call it the most 504 00:26:36,400 --> 00:26:40,240 wanted like the ideally sheriff is coming to town and trying to 505 00:26:40,240 --> 00:26:44,480 like like to catch the the biggest seminar. 506 00:26:44,480 --> 00:26:47,040 So that's like the most. Wanted Bob and Dennis. 507 00:26:47,040 --> 00:26:49,320 Share 'cause that domain name taken 'cause that might be 1 you 508 00:26:49,320 --> 00:26:52,960 want to jump on next. We have we have something here. 509 00:26:53,120 --> 00:26:56,400 I'll follow up like right after. This recording and check that if 510 00:26:56,400 --> 00:27:00,120 that domain is available, I think that Jim is doing. 511 00:27:00,120 --> 00:27:02,200 It right now, but. You know, not the point seeing 512 00:27:02,200 --> 00:27:04,920 us. So first of all, you want to 513 00:27:04,920 --> 00:27:06,360 reduce. Risk You want to identify the 514 00:27:06,360 --> 00:27:10,680 top 10 identities. That you have and delegate the 515 00:27:10,880 --> 00:27:13,440 the management. Of those problems to the teams 516 00:27:13,440 --> 00:27:16,160 that are responsible for them. Second part. 517 00:27:16,160 --> 00:27:17,800 Is to start going into a life cycle. 518 00:27:17,800 --> 00:27:19,480 Process. You want to be sustainable. 519 00:27:19,720 --> 00:27:24,280 It's impossible to or only like us, do fireside. 520 00:27:24,360 --> 00:27:27,680 You want to have a place. That you can track the recently 521 00:27:27,680 --> 00:27:30,720 created identities. They use that I that. 522 00:27:31,840 --> 00:27:34,680 Machines and people. Do with not even identities? 523 00:27:35,000 --> 00:27:39,200 To track misuse. To identify compromise and the. 524 00:27:39,240 --> 00:27:41,640 Point that you need to rotate a credential or reduce. 525 00:27:41,640 --> 00:27:44,080 The. Permissions and eventually every 526 00:27:44,080 --> 00:27:45,920 software project become. Deprecated. 527 00:27:45,920 --> 00:27:49,240 You have tons of story state identities. 528 00:27:50,600 --> 00:27:52,280 And you could remove them just like by. 529 00:27:52,360 --> 00:27:57,000 Filtering out on our inventory. And start to deactivate those 530 00:27:57,240 --> 00:27:59,160 that are no longer in use, which is a big. 531 00:27:59,160 --> 00:28:02,280 Part. Of the non identify like in 532 00:28:02,280 --> 00:28:05,440 organizations. So I'm curious, I just want to 533 00:28:05,440 --> 00:28:08,160 ask a little more detail around the attribution part. 534 00:28:08,280 --> 00:28:13,000 How do you, how do you determine that responsibility or that 535 00:28:13,000 --> 00:28:16,200 ownership over an account? Are you, I guess how do you 536 00:28:16,200 --> 00:28:18,120 infer that? Is that secret sauce or is there 537 00:28:18,120 --> 00:28:20,640 something that that you can maybe explain how that works? 538 00:28:22,400 --> 00:28:24,880 Jeff, when you go to a. Magic show as the magician. 539 00:28:24,880 --> 00:28:27,920 How we got. The I do, but I should not be at 540 00:28:27,920 --> 00:28:30,200 a magic show for that very reason, yeah. 541 00:28:30,200 --> 00:28:38,240 So security should be we like like a lot of the the the. 542 00:28:38,240 --> 00:28:41,760 Companies, people and the people that I work with are people are 543 00:28:41,760 --> 00:28:45,480 coming from backgrounds such as myself but are other times more 544 00:28:45,480 --> 00:28:48,640 talented and what we. Did is that we gathered a lot. 545 00:28:48,640 --> 00:28:52,160 Of know how from both detection response phase from people that 546 00:28:52,560 --> 00:28:56,840 are well in cybersecurity start-ups in Israel and try to 547 00:28:56,840 --> 00:28:59,920 create a team like the Power Rangers of not even identity 548 00:28:59,920 --> 00:29:03,520 security. And then use that method in 549 00:29:03,520 --> 00:29:05,200 order. To collect data from different 550 00:29:05,200 --> 00:29:07,240 sources, it could be infrastructures. 551 00:29:07,240 --> 00:29:11,680 Called repositories it could. Be MDM and SSO activity. 552 00:29:11,680 --> 00:29:15,320 Logs. It could be the audit trail of 553 00:29:15,320 --> 00:29:21,680 the the services that you use. And network data and what not. 554 00:29:22,000 --> 00:29:25,360 Compile all of that. Data and use it into one model. 555 00:29:25,360 --> 00:29:28,600 That is the use the usage that is on top of the. 556 00:29:29,440 --> 00:29:34,200 Of the inventories and then use that that like identity timeline 557 00:29:34,440 --> 00:29:35,760 in order to. Identify. 558 00:29:35,760 --> 00:29:39,720 Both changes in the identity. And who was the originator of 559 00:29:39,720 --> 00:29:42,160 them? Like so who did that commit that 560 00:29:42,160 --> 00:29:44,800 eventually provisioned the telephone? 561 00:29:44,840 --> 00:29:47,720 Or example or who? Click the button of getting an 562 00:29:47,720 --> 00:29:51,160 access key and then second part is the day-to-day use of 563 00:29:51,160 --> 00:29:55,560 accessing resources and identifying like the data 564 00:29:55,560 --> 00:29:59,000 attribution piece of what do you access, Why did you access that? 565 00:29:59,160 --> 00:30:01,560 From which workload or device did you do that? 566 00:30:03,680 --> 00:30:06,400 So how do I, so I'm interested, right? 567 00:30:06,400 --> 00:30:10,280 I want to learn more about this. Is this something that are there 568 00:30:10,280 --> 00:30:12,760 videos or labs or something like that? 569 00:30:12,760 --> 00:30:14,560 Is it best kind of described in person? 570 00:30:14,560 --> 00:30:17,960 Like, what's the best way for people to actually see this in 571 00:30:17,960 --> 00:30:21,320 action? Yeah, I I think that most of 572 00:30:21,320 --> 00:30:25,160 that identity like the non human identity start today in 573 00:30:25,160 --> 00:30:27,440 organization. It's even from a lot of people. 574 00:30:27,440 --> 00:30:33,120 I think that we as a company should provide more resources 575 00:30:33,120 --> 00:30:36,400 for people to see like even open source and stuff like that to 576 00:30:36,400 --> 00:30:38,800 start to see they're not in my identity. 577 00:30:38,800 --> 00:30:41,400 Fabric, but eventually it's best. 578 00:30:41,400 --> 00:30:46,600 To like to book a demo and to say it with on data that you 579 00:30:46,640 --> 00:30:48,080 that you want to check out and like. 580 00:30:48,120 --> 00:30:50,960 Pick a sandbox environment and now we would show you that 581 00:30:50,960 --> 00:30:53,720 there's. 50 times the amount, it's not an identity that you 582 00:30:53,720 --> 00:30:57,480 thought by just like scanning and integrating into iPad. 583 00:30:57,840 --> 00:31:00,320 So I think that like, that's the best way to go. 584 00:31:01,120 --> 00:31:03,840 That sounds like a challenge, so I would encourage people go and 585 00:31:04,120 --> 00:31:06,240 go and take, take it up on that challenge. 586 00:31:06,720 --> 00:31:08,680 We'll put a link in our show notes so people can get to it 587 00:31:08,760 --> 00:31:10,800 again, easy website token dot security. 588 00:31:11,920 --> 00:31:15,400 Last question for you around this topic is, is the, is the 589 00:31:15,400 --> 00:31:18,720 idea of ROI right? People are investing money into 590 00:31:18,800 --> 00:31:22,240 security tools and they want to be able to show the ROI in it. 591 00:31:22,560 --> 00:31:27,160 How do your customers measure success with your product? 592 00:31:30,080 --> 00:31:36,160 Yeah, that's a great question. I see that we found 3 metrics 593 00:31:36,160 --> 00:31:39,320 that empirically proved that the customer has succeeded. 594 00:31:40,440 --> 00:31:42,360 And that we agreed upon, but it's still. 595 00:31:42,360 --> 00:31:45,920 Like an area that we learn. So what are the those 3 metrics 596 00:31:46,480 --> 00:31:48,480 first of all? You want to be. 597 00:31:48,480 --> 00:31:52,560 Smart. Being smart is not putting 598 00:31:52,560 --> 00:31:55,400 yourself in trouble that you don't need to and just cutting 599 00:31:55,400 --> 00:31:58,240 all of the low hanging fruits and bringing them back home. 600 00:31:58,240 --> 00:32:02,400 So for example when we see a customer. 601 00:32:03,320 --> 00:32:07,200 Deactivate all of its identities after 90 days of being stained. 602 00:32:07,280 --> 00:32:09,920 That's a very, very good. Sign of succeeding, of 603 00:32:10,000 --> 00:32:13,560 identifying like what's the biggest portion that I can take 604 00:32:13,560 --> 00:32:15,400 with the least? Amount of effort. 605 00:32:15,720 --> 00:32:17,760 So that's. One thought, second part. 606 00:32:18,120 --> 00:32:20,040 Our second metric is modernization. 607 00:32:20,320 --> 00:32:22,440 We like. To help our customers upgrade 608 00:32:22,440 --> 00:32:26,480 their non even identity stack we identify unser rated local 609 00:32:26,480 --> 00:32:29,560 identities. That said that like an anti 610 00:32:29,560 --> 00:32:32,280 pattern that has been. Around 4 years local. 611 00:32:32,280 --> 00:32:35,160 Database. Users API kids that are. 612 00:32:35,520 --> 00:32:37,680 Maintained like only locally and so on. 613 00:32:38,400 --> 00:32:40,960 And we like to help our customers move from. 614 00:32:41,120 --> 00:32:44,080 An unser rated identity. To a Federated identity. 615 00:32:44,240 --> 00:32:47,600 Because I do think socialization is is key. 616 00:32:47,600 --> 00:32:48,800 It's not. Possible for? 617 00:32:48,800 --> 00:32:51,240 All the of the technologies because a lot of vendors didn't 618 00:32:51,240 --> 00:32:53,640 build the ability to. Use Federated. 619 00:32:53,640 --> 00:32:56,200 Access, but when we see the amount of fun Federated 620 00:32:56,280 --> 00:33:00,120 identities. Decline and the the identity. 621 00:33:00,120 --> 00:33:02,480 Start getting. More and more modern. 622 00:33:02,520 --> 00:33:04,640 That's a very, very good sign for success. 623 00:33:05,000 --> 00:33:07,200 Last part. Is to take in a problem that 624 00:33:07,240 --> 00:33:10,280 everybody bashes the head in the wall. 625 00:33:10,440 --> 00:33:14,160 In order to to succeed in rotating a key, I think that the 626 00:33:14,160 --> 00:33:17,600 rotation period for keys in organization is much too long. 627 00:33:17,720 --> 00:33:20,880 I think that sense for example, public infrastructure, so 628 00:33:20,880 --> 00:33:24,560 between expiry dates. So we created a lot of efficient 629 00:33:25,240 --> 00:33:28,400 processes to make that work. And in non numenate entity you. 630 00:33:28,400 --> 00:33:30,720 Don't have that because you don't want to crush production 631 00:33:30,720 --> 00:33:33,920 because you didn't change a certificate also. 632 00:33:34,480 --> 00:33:38,280 And So what I measure success with is whether I help my 633 00:33:38,280 --> 00:33:43,080 customers improve between 60 to 80 to 90%. 634 00:33:43,800 --> 00:33:47,080 Of the the median time. To otate a key. 635 00:33:47,400 --> 00:33:48,520 Did you like? Did you? 636 00:33:48,520 --> 00:33:50,320 Identify the owner that created that. 637 00:33:50,320 --> 00:33:53,760 Key, did that owner get all of? The data that they needed. 638 00:33:53,760 --> 00:33:56,120 About who is using that key and was the. 639 00:33:56,600 --> 00:34:00,600 Process operationally efficient. That's like evolved key metric 640 00:34:00,600 --> 00:34:03,920 that we measure I think. That's gonna be very helpful for 641 00:34:03,920 --> 00:34:07,000 a lot of people trying to trying to figure things out for them. 642 00:34:07,840 --> 00:34:10,040 This has been very helpful, at least at least for me. 643 00:34:10,040 --> 00:34:14,239 I hope others got, you know, entertainment as well as 644 00:34:14,239 --> 00:34:16,880 education about this. Definitely visit the website 645 00:34:16,880 --> 00:34:21,120 token dot security. It's I mean, it looks and sounds 646 00:34:21,120 --> 00:34:24,120 like such a cool product. I'm I'm interested to learn more 647 00:34:24,120 --> 00:34:27,199 as we go along with conversations, but we want to 648 00:34:27,320 --> 00:34:30,080 pivot the conversation here a little bit to something that's 649 00:34:30,080 --> 00:34:32,520 near and dear to my heart. And you mentioned it earlier in 650 00:34:32,520 --> 00:34:34,159 the show about online video games. 651 00:34:34,480 --> 00:34:39,320 So I'm a big online gamer. World of Warcraft is my current 652 00:34:39,840 --> 00:34:41,360 poison, if you want to call it that. 653 00:34:41,800 --> 00:34:43,880 I understand you also play online. 654 00:34:44,199 --> 00:34:46,760 What's what are you up to these days when it comes to online 655 00:34:46,760 --> 00:34:52,320 gaming? So I think that I moved in so 656 00:34:52,320 --> 00:34:54,159 many. Different games because I think. 657 00:34:54,159 --> 00:34:58,680 That every game is good in its own way, but I think that I 658 00:34:58,680 --> 00:35:01,080 discovered. That my persona in online 659 00:35:01,080 --> 00:35:02,840 gaming. Has changed very, very 660 00:35:02,840 --> 00:35:05,200 dramatically. So I'll give an example. 661 00:35:05,680 --> 00:35:08,440 When I was much younger, I used to be very cautious. 662 00:35:08,760 --> 00:35:11,480 I also as a kid. And so I used to. 663 00:35:11,760 --> 00:35:13,800 Build this character of like. Majors. 664 00:35:13,800 --> 00:35:17,800 That are extremely powerful majors, but I took a lot. 665 00:35:17,800 --> 00:35:22,160 Of time to train that. Character and to build and so. 666 00:35:23,040 --> 00:35:26,280 Eventually. I used to spend a lot of time 667 00:35:26,280 --> 00:35:28,840 building and then like. Going to to fight then. 668 00:35:29,240 --> 00:35:31,520 I reached the point in my life that I had so much. 669 00:35:33,240 --> 00:35:36,480 Like. So much things to do, but I just 670 00:35:36,480 --> 00:35:40,440 became the ultimate speedrunner. I'm just starting the game and 671 00:35:40,440 --> 00:35:42,840 like heading on all the way like to the. 672 00:35:43,000 --> 00:35:45,600 Harvest LA to the artist parties. 673 00:35:45,600 --> 00:35:49,400 And just trying to like die at the least that I can, but like 674 00:35:49,720 --> 00:35:52,480 do it as quickly as I can and just became a just a plain. 675 00:35:52,480 --> 00:35:56,920 Barbarian just running into. Into the battlefield, and today 676 00:35:56,920 --> 00:35:58,800 I'm in the perfect. Zen condition. 677 00:35:58,840 --> 00:36:03,880 I became a bald, so bald is something that's like it's just 678 00:36:03,880 --> 00:36:08,600 like a comical relief of the RPG role that like is there doing 679 00:36:08,600 --> 00:36:12,440 baths and healing and what not, Because I just want to see 680 00:36:12,800 --> 00:36:17,320 people playing to be part of the the experience, but also like to 681 00:36:17,320 --> 00:36:20,440 know that there are people that would take in the monster and I 682 00:36:20,440 --> 00:36:22,720 would be there cheering them. So you're playing? 683 00:36:22,720 --> 00:36:24,760 This. That's how my yeah. 684 00:36:24,760 --> 00:36:28,200 Exactly that's how my online. Gaming persona change over 685 00:36:28,200 --> 00:36:29,840 there. So it's interesting you 686 00:36:29,840 --> 00:36:31,280 mentioned the the Bard character. 687 00:36:31,280 --> 00:36:34,120 Not many games have a Bard character. 688 00:36:34,800 --> 00:36:39,600 My first EverQuest character was a Bard and it was fantastic. 689 00:36:39,600 --> 00:36:41,960 It was the whole idea of like the support character and it 690 00:36:41,960 --> 00:36:43,480 kind of, you know, moved along over time. 691 00:36:43,480 --> 00:36:46,480 And it was very different from me in real life because I was 692 00:36:46,480 --> 00:36:49,720 not very outgoing and I was very kind of an introvert. 693 00:36:49,920 --> 00:36:52,760 But here I am playing this barge on, you know, EverQuest. 694 00:36:52,760 --> 00:36:54,440 I'm in raids. And if you're an old 695 00:36:54,440 --> 00:36:57,160 Everquester, you know, plane of fear and stuff like that, corpse 696 00:36:57,160 --> 00:37:01,200 runs that lasted like 48 hours. So I, it's similar. 697 00:37:01,200 --> 00:37:03,200 It's I, I've kind of gone backwards from there. 698 00:37:03,200 --> 00:37:06,280 And now I am, you know, more of a Jack of all trades. 699 00:37:06,280 --> 00:37:09,840 So I'm basically mainly play a druid in World of Warcraft. 700 00:37:09,840 --> 00:37:12,360 I can kind of do everything. I'm into the paladin right now. 701 00:37:12,360 --> 00:37:15,800 So I'm getting into that, but I, I mix and I mix and match a 702 00:37:15,800 --> 00:37:18,520 little bit. I'm sure that we have lost Jim 703 00:37:18,520 --> 00:37:21,080 completely here 'cause Jim is not a gamer whatsoever. 704 00:37:21,360 --> 00:37:25,480 I'm curious, Jim, when you hear when you hear me say, oh, Jeff 705 00:37:25,480 --> 00:37:30,040 was a barge or Edo was a Bard in this game, what do you think of 706 00:37:30,040 --> 00:37:34,120 what comes to your head? Leroy Jenkins. 707 00:37:34,360 --> 00:37:36,920 Yes. That's Will. 708 00:37:36,920 --> 00:37:40,640 Roll that for you, yeah. And I always say the easier than 709 00:37:40,680 --> 00:37:42,080 charge it into that Whelper room. 710 00:37:42,080 --> 00:37:45,160 I I know exactly where that took place and it it is absolutely 711 00:37:45,480 --> 00:37:46,160 what it was. Yep. 712 00:37:46,840 --> 00:37:48,680 Leon. Jenkins was. 713 00:37:48,680 --> 00:37:50,880 That's funny. Yeah, what was that? 714 00:37:51,960 --> 00:37:54,000 Leon Jenkins was Persona 2 for me. 715 00:37:54,000 --> 00:37:57,920 Like the like the middle online used to speed on things all the 716 00:37:57,920 --> 00:38:01,960 time, Yeah. So Jeff, you're right, not a 717 00:38:01,960 --> 00:38:07,440 gamer, but I do appreciate the fact that, you know, you need to 718 00:38:07,760 --> 00:38:11,320 have some kind of escape. You know, you just can't like 719 00:38:11,400 --> 00:38:15,960 just work all the time or deal with like the stresses of life. 720 00:38:15,960 --> 00:38:19,840 You have to have something that takes you out of that for a 721 00:38:19,840 --> 00:38:23,840 little bit of time and provides some relaxation, show some 722 00:38:23,840 --> 00:38:26,560 entertainment. So hopefully the Identity Center 723 00:38:26,560 --> 00:38:28,680 podcast can be that for some people. 724 00:38:30,160 --> 00:38:33,280 But if not then gaming I think is a pretty cool thing. 725 00:38:34,320 --> 00:38:38,080 So Jim, what kind of character would you want to play in a sort 726 00:38:38,080 --> 00:38:41,240 of an online role-playing game? Like what let's you know, let's 727 00:38:41,240 --> 00:38:42,680 help him out. Let's try to figure out what 728 00:38:42,680 --> 00:38:45,600 kind of class he might be like. What would you want to do? 729 00:38:46,120 --> 00:38:49,680 Look at him like this man is pure strength and power, like 730 00:38:49,680 --> 00:38:51,640 he's a classic. Billion all the way, right? 731 00:38:51,640 --> 00:38:54,040 Yeah. And they might have a soft sword 732 00:38:54,040 --> 00:38:58,640 inside, I don't know. Jim, what do you want to do you 733 00:38:58,640 --> 00:39:00,560 want a tank? Do you want to be like the guy 734 00:39:00,560 --> 00:39:03,480 in front with the shield and the sword and sort of taking the 735 00:39:03,480 --> 00:39:06,640 brother damage? Do you want to be damaged? 736 00:39:06,640 --> 00:39:08,600 I'm I'm so I'm going to get the Holy Trinity here of of 737 00:39:08,600 --> 00:39:11,000 character glasses. But you've got the tank, the 738 00:39:11,000 --> 00:39:14,800 healer, the DPS, and you might say crowd control is a force out 739 00:39:14,800 --> 00:39:16,040 there, but we'll just call it that. 740 00:39:16,560 --> 00:39:19,000 What's your What do you have an affinity towards to? 741 00:39:20,280 --> 00:39:23,960 So I, I did play Dungeons and Dragons when I was a kid, right? 742 00:39:23,960 --> 00:39:27,760 And that has you have your character with all the different 743 00:39:28,360 --> 00:39:32,840 strengths, like you could be charisma level 2 or strength 744 00:39:32,840 --> 00:39:37,160 level 5 or speed. And I always like to be like a 745 00:39:37,160 --> 00:39:41,440 good, yeah, right. But I always like to be like a, 746 00:39:41,960 --> 00:39:44,320 well, charisma, it's like a 2 out of 10, believe me. 747 00:39:44,600 --> 00:39:49,360 But as far as like, I wanted to have a character that was well 748 00:39:49,360 --> 00:39:54,040 balanced. And then the other one that was 749 00:39:54,040 --> 00:39:57,640 kind of like as far as I would go from a fantasy perspective 750 00:39:57,640 --> 00:40:00,600 was sorcerer. So you could like throw spells 751 00:40:00,600 --> 00:40:03,800 on people that seemed like totally unrealistic. 752 00:40:03,800 --> 00:40:06,800 So. You mean that's not real magic? 753 00:40:06,800 --> 00:40:08,800 Throwing fireballs and frost bolts and all that. 754 00:40:08,800 --> 00:40:10,880 And stuff. I'm sure some people believe 755 00:40:10,880 --> 00:40:13,440 it's real. Ito, I'm thinking. 756 00:40:13,440 --> 00:40:17,120 He sounds to me an awful lot like a ranged caster type of 757 00:40:17,120 --> 00:40:20,600 sort of role. A magician, a mage, a sorcerer, 758 00:40:20,600 --> 00:40:22,200 a warlock, maybe something like that. 759 00:40:22,880 --> 00:40:26,800 Look, as as long as everybody's playing and like getting their 760 00:40:26,800 --> 00:40:29,800 energy and they're into the right place, like do whatever 761 00:40:29,800 --> 00:40:33,480 you want. That's it, I'm down with that. 762 00:40:34,520 --> 00:40:36,200 All right, why don't we go ahead and wrap it up there. 763 00:40:36,200 --> 00:40:37,960 We've solved so many problems today. 764 00:40:37,960 --> 00:40:40,480 We got into the machine identity and then we also figured out 765 00:40:40,480 --> 00:40:43,640 Jim's class when it comes to playing a a role-playing game. 766 00:40:43,640 --> 00:40:46,160 So mission accomplished as far as I'm concerned. 767 00:40:46,880 --> 00:40:49,680 Definitely want to encourage people go visit token dot 768 00:40:49,680 --> 00:40:51,640 security. It's first of all hats off 769 00:40:51,840 --> 00:40:53,960 Congrats. It's such a good website, so 770 00:40:54,560 --> 00:40:56,160 definitely encourage people to go check it out. 771 00:40:56,560 --> 00:40:58,280 Loving the animations and stuff that you got on there. 772 00:40:58,280 --> 00:41:00,320 So good stuff. We'll have a link in our show 773 00:41:00,320 --> 00:41:02,600 notes to make it easy for people to find Ito. 774 00:41:02,600 --> 00:41:04,440 We'll also put a link to your LinkedIn profile. 775 00:41:04,440 --> 00:41:07,880 People have questions they want to reach out, you know, 776 00:41:07,880 --> 00:41:09,120 definitely take advantage of that. 777 00:41:09,520 --> 00:41:12,080 And then as far as Jim and I concerned, yeah. 778 00:41:12,080 --> 00:41:14,360 Visit us on the web, idacpodcast.com. 779 00:41:14,960 --> 00:41:17,080 We're on YouTube, idacpodcast.tv. 780 00:41:17,520 --> 00:41:20,440 And thanks, Token, for sponsoring this episode. 781 00:41:20,440 --> 00:41:23,440 Thanks, Ito, for joining us. And we'll talk with everyone 782 00:41:23,440 --> 00:41:26,360 else and the next time. Thank you for hosting me, I had 783 00:41:26,360 --> 00:41:32,120 the best time. You've been listening to 784 00:41:32,120 --> 00:41:36,000 Identity at the Center. We hope you've enjoyed the show. 785 00:41:36,200 --> 00:41:40,320 Make sure to like, rate and review, and we'll be back soon. 786 00:41:40,600 --> 00:41:42,840 But in the meantime, hit the website at 787 00:41:42,840 --> 00:41:49,200 identity@thecenter.com. See you next time on Identity at 788 00:41:49,200 --> 00:41:50,120 the Center.