1 00:00:00,040 --> 00:00:04,440 Welcome to CXO Talk. I'm Michael Krigsman, and we're 2 00:00:04,440 --> 00:00:09,640 discussing how AI can protect operational technology and 3 00:00:09,640 --> 00:00:14,200 critical infrastructure. We're speaking with Anand Oswal 4 00:00:14,200 --> 00:00:17,640 from Palo Alto Networks. Palo Alto Network is a leading 5 00:00:17,640 --> 00:00:19,440 cybersecurity company in the world. 6 00:00:20,080 --> 00:00:23,640 Our mission is to make everyday more safer than the day before. 7 00:00:23,880 --> 00:00:27,000 At Palo Alto Networks, I'm the SVP and general manager of 8 00:00:27,000 --> 00:00:29,680 Network security. Anon, we're talking about 9 00:00:29,680 --> 00:00:35,440 operational technology, OT and information technology IT. 10 00:00:35,880 --> 00:00:38,640 Give us some background here. We think of operational 11 00:00:38,640 --> 00:00:42,720 technology, think of factory flows, manufacturing facilities, 12 00:00:42,720 --> 00:00:45,440 think of utility, oil and gas mining. 13 00:00:45,880 --> 00:00:49,600 These environments have high value assets and there's a big 14 00:00:49,600 --> 00:00:52,440 difference between IT environments and OT 15 00:00:52,440 --> 00:00:55,600 environments. First, IT environments typically 16 00:00:55,600 --> 00:00:58,680 are usually always connected. OT environments are trying to 17 00:00:58,680 --> 00:01:01,680 get connected now, but they're also mission critical in nature. 18 00:01:01,800 --> 00:01:05,760 If an OT asset goes down, it can mean a big downtime for a 19 00:01:05,760 --> 00:01:07,960 factory floor, for a utility network, etcetera. 20 00:01:08,320 --> 00:01:12,160 At the same time, we're seeing over 70% of industrial 21 00:01:12,160 --> 00:01:14,960 organizations were victims of cyber attacks. 22 00:01:15,120 --> 00:01:19,840 Just in the last year, one in four organizations had to shut 23 00:01:19,840 --> 00:01:21,720 down their operations for a small amount of time. 24 00:01:21,920 --> 00:01:29,120 Anon there is a convergence between OT and IT systems. 25 00:01:29,520 --> 00:01:32,640 What's going on there? As OT environments are getting 26 00:01:32,640 --> 00:01:35,720 more and more digitized, the IT and OT environments are 27 00:01:35,720 --> 00:01:39,240 converging so that you can have consistent visibility across the 28 00:01:39,280 --> 00:01:42,560 entire infrastructure. At the same time, you're seeing 29 00:01:43,480 --> 00:01:49,320 over 3/4 of all threats on OT networks originated from the IT 30 00:01:49,320 --> 00:01:53,080 side and then percolated on to the OT environments. 31 00:01:53,240 --> 00:01:57,240 You can have these two disjoint environments operate in silos 32 00:01:57,240 --> 00:01:58,880 forever. They're converging. 33 00:01:58,880 --> 00:02:00,760 Digitization is being all these things together. 34 00:02:00,920 --> 00:02:05,680 You want to have a consistent architecture across IT and OT 35 00:02:06,040 --> 00:02:08,680 with all the controls you want which are unique to OT. 36 00:02:08,800 --> 00:02:10,320 Now digitization is amazing thing. 37 00:02:10,560 --> 00:02:13,560 It brings new opportunities, new capabilities for these factory 38 00:02:13,560 --> 00:02:17,240 floors, for these manufacturing facilities, but also brings in 39 00:02:17,400 --> 00:02:22,080 an increase attack surface. How does this increase the 40 00:02:22,080 --> 00:02:24,120 attack surface as you just mentioned? 41 00:02:24,600 --> 00:02:27,240 As you get more and more digitized, as more and more 42 00:02:27,240 --> 00:02:29,800 things get connected, the attack surface increases. 43 00:02:30,240 --> 00:02:33,640 In the past, these organizations were completely air gap or not 44 00:02:33,640 --> 00:02:37,120 connected to the outside world. As these are getting connected 45 00:02:37,120 --> 00:02:39,680 now, what's happening is that the attack surface increases. 46 00:02:40,120 --> 00:02:44,240 Also these systems or the organizations have very legacy 47 00:02:44,240 --> 00:02:46,720 and complex systems, flat layer to networks. 48 00:02:46,840 --> 00:02:49,120 Their assets have not been patched periodically. 49 00:02:49,280 --> 00:02:52,560 They are very old assets. The variety of different systems 50 00:02:52,560 --> 00:02:56,160 and stacks that have been used from last 123 decades at times. 51 00:02:56,440 --> 00:02:59,040 So modernization was not possible. 52 00:02:59,520 --> 00:03:02,720 Patching of these assets is not happening very frequently and 53 00:03:02,720 --> 00:03:05,280 now people are exploiting as these get connected. 54 00:03:05,600 --> 00:03:11,320 Can you give us some examples of exposed OT critical 55 00:03:11,320 --> 00:03:14,360 infrastructure that's therefore open to attack? 56 00:03:14,680 --> 00:03:18,880 Over 3/4 of these attacks the originate from the IT side. 57 00:03:19,600 --> 00:03:22,840 So you have infiltrated into your IT systems and then you're 58 00:03:22,840 --> 00:03:26,040 going into your OT environments. And these could be things like 59 00:03:26,040 --> 00:03:29,560 remote code execution, command and control attacks, software 60 00:03:29,560 --> 00:03:32,320 exploits happening on specific old systems. 61 00:03:32,560 --> 00:03:34,720 A variety of different attacks are happening now. 62 00:03:34,720 --> 00:03:37,160 Not all attacks of course are happening from IT and going to 63 00:03:37,160 --> 00:03:38,440 OT. There are attacks are happening 64 00:03:38,440 --> 00:03:42,000 on OT alone, but a large majority of them are are 65 00:03:42,280 --> 00:03:45,480 initially happening on the IT side and then they are going to 66 00:03:45,960 --> 00:03:49,520 move on to the OT environments. OT systems do have unique 67 00:03:49,520 --> 00:03:52,040 attributes as you were describing. 68 00:03:52,120 --> 00:03:55,720 What about traditional conventional approaches to 69 00:03:55,720 --> 00:03:57,360 security, firewalls and so forth? 70 00:03:57,800 --> 00:04:01,320 Securing the OT environments is a top, top priority. 71 00:04:01,840 --> 00:04:04,200 Most of the customers I talk to in the OT environments, whether 72 00:04:04,200 --> 00:04:07,640 the customers are manufacturing in utility, in oil and gas, in 73 00:04:07,640 --> 00:04:10,480 food production, etcetera, recognize the problem. 74 00:04:10,920 --> 00:04:14,200 They understand it's not easy because they have these legacy 75 00:04:14,200 --> 00:04:17,279 environments. They're complex, they're flat 76 00:04:17,279 --> 00:04:19,000 layered to environments. Some of them are getting 77 00:04:19,000 --> 00:04:21,079 connected and the connectivity varies. 78 00:04:21,480 --> 00:04:23,600 Some are getting connected a traditional way, some are 79 00:04:23,600 --> 00:04:25,920 getting connected directly over 5G bespoke. 80 00:04:26,400 --> 00:04:30,200 You want to give access to these factory flows and assets from 81 00:04:30,240 --> 00:04:32,320 outside. You want to ensure that you're 82 00:04:32,320 --> 00:04:36,320 giving them the least privileged access and they can only do what 83 00:04:36,320 --> 00:04:39,120 you what you want them to do. So all those environments are 84 00:04:39,120 --> 00:04:43,760 unique for OT environments. Now, the way to go about this 85 00:04:43,760 --> 00:04:47,400 holistically is on the principles of 0 trust security. 86 00:04:47,400 --> 00:04:49,960 There's power through AI visibility. 87 00:04:50,240 --> 00:04:54,400 If you think of visibility, it's not about manually understanding 88 00:04:54,400 --> 00:04:56,240 what your assets are in the environment. 89 00:04:56,840 --> 00:04:59,400 It's next to impossible to do that because you have new 90 00:04:59,400 --> 00:05:01,560 assets. I want to be able to understand 91 00:05:01,840 --> 00:05:04,600 through machine learning, what's the device, what's the type, 92 00:05:04,800 --> 00:05:06,560 what's the make, what's the model? 93 00:05:06,640 --> 00:05:08,720 What is it talking to? What is it not doing? 94 00:05:08,720 --> 00:05:11,120 What is supposed to do so I can baseline those things. 95 00:05:11,360 --> 00:05:15,320 Second, your rules for segmentation or or should also 96 00:05:15,320 --> 00:05:19,920 be machine learning power or AI, AI powered because these rules 97 00:05:19,920 --> 00:05:24,400 will may change and you have new devices coming on, which devices 98 00:05:24,400 --> 00:05:26,720 have access to which group? What's the policies you set for 99 00:05:26,720 --> 00:05:28,080 them? They cannot be done manually. 100 00:05:28,200 --> 00:05:31,520 Look, majority of breaches happen when things are 101 00:05:31,520 --> 00:05:35,400 configured manually. Once you do that, the third is 102 00:05:35,400 --> 00:05:38,840 that how do you secure all of the connections outside and 103 00:05:38,840 --> 00:05:41,960 coming from the outside world? That only happens to the power 104 00:05:41,960 --> 00:05:45,600 of what I call as precision AIA combination of machine learning, 105 00:05:45,800 --> 00:05:48,000 deep learning infused with large language models. 106 00:05:48,000 --> 00:05:51,120 Because the traditional approaches of security which are 107 00:05:51,120 --> 00:05:55,280 based on a signature or a database is not sufficient. 108 00:05:55,720 --> 00:05:58,400 Attackers are more and more sophisticated, so you cannot 109 00:05:58,400 --> 00:06:01,040 rely only on that. The only way to solve problems 110 00:06:01,040 --> 00:06:04,480 for the new world will be AI driven through your machine 111 00:06:04,480 --> 00:06:05,840 learning and deep learning models. 112 00:06:06,080 --> 00:06:13,920 You mentioned precision AI to support security on OT devices 113 00:06:13,920 --> 00:06:17,120 and environments. Can you elaborate on that? 114 00:06:17,520 --> 00:06:20,440 So if you think of a signature, it's like, you know, I had a 115 00:06:20,440 --> 00:06:23,360 given device or a person infected with a given threat. 116 00:06:23,960 --> 00:06:27,640 I understand what it is. I built a signature and then I 117 00:06:27,640 --> 00:06:30,800 give a content update on my network enforcement point so 118 00:06:30,800 --> 00:06:34,920 that nobody else is affected by the same threat that the first 119 00:06:34,920 --> 00:06:37,360 person was. In my view, that's reactive. 120 00:06:38,040 --> 00:06:41,800 It used to take us seven days to give a content, then 24 hours 121 00:06:41,800 --> 00:06:44,720 and 8 hours, and sometimes it's now it's in a matter of minutes, 122 00:06:44,840 --> 00:06:48,040 but it's still reactive. If you want to stop new threats, 123 00:06:48,200 --> 00:06:51,000 threats that that you've seen before, but also threats that 124 00:06:51,000 --> 00:06:54,360 you've never seen before, what I call as day 0 threats, then you 125 00:06:54,360 --> 00:06:57,440 need to not depend only on the signature and databases. 126 00:06:57,800 --> 00:07:00,880 You got to look at things in line in real time. 127 00:07:01,240 --> 00:07:04,320 That happens with deep learning across both structure and 128 00:07:04,320 --> 00:07:06,640 unstructured data. We were able to understand 129 00:07:06,640 --> 00:07:10,920 what's going on and protect you from threats that you've never 130 00:07:10,920 --> 00:07:13,000 seen before. And that's the power of 131 00:07:13,000 --> 00:07:15,840 precision AI, where we taking what we did with machine 132 00:07:15,840 --> 00:07:19,280 learning, we added these deep learning models and we'll infuse 133 00:07:19,280 --> 00:07:21,600 that in the last two years with all the variation that we can 134 00:07:21,600 --> 00:07:24,280 get with large language models. So combination of these three 135 00:07:24,280 --> 00:07:25,840 techniques is what we call precision AI. 136 00:07:26,240 --> 00:07:28,920 And of course, you're dealing with threat actors who have 137 00:07:28,920 --> 00:07:33,080 become very sophisticated in the use of AI and machine learning 138 00:07:33,080 --> 00:07:36,360 on their side as well. Cyber security is the only 139 00:07:36,360 --> 00:07:38,480 industry that has an active adversary. 140 00:07:38,760 --> 00:07:40,760 Our job is to be right every single time. 141 00:07:41,680 --> 00:07:43,240 The attacker's job is to be right once. 142 00:07:44,120 --> 00:07:47,760 And the amount of effort that we put into researching all of 143 00:07:47,760 --> 00:07:51,520 these various threats, models, new techniques in AI is to 144 00:07:51,520 --> 00:07:55,200 always stay ahead of the adversary and that's what we do 145 00:07:55,200 --> 00:07:57,560 with position AI. We are now stopping at Palo Alto 146 00:07:57,560 --> 00:08:02,040 Networks over 12 billion attacks every single day, and two and a 147 00:08:02,040 --> 00:08:06,720 half million of those are net new attacks that nobody has ever 148 00:08:06,720 --> 00:08:09,280 seen before. That's only possible because we 149 00:08:09,280 --> 00:08:12,840 have 4400 machine learning deep learning models running on the 150 00:08:12,840 --> 00:08:16,000 platform that is looking at these things in line in real 151 00:08:16,000 --> 00:08:18,720 time, protecting you from threats that you've seen in the 152 00:08:18,720 --> 00:08:20,600 past and threats that you've never seen before. 153 00:08:21,040 --> 00:08:25,840 Now, many of these OT systems are in legacy environments. 154 00:08:26,120 --> 00:08:29,960 They're not patched, they're a whole host of issues. 155 00:08:29,960 --> 00:08:33,720 How do you manage that? You need to have something where 156 00:08:33,840 --> 00:08:36,559 you can do what I call virtual patching where you can. 157 00:08:36,600 --> 00:08:39,360 You can build signatures of what you want, what is happening on 158 00:08:39,360 --> 00:08:42,159 the endpoints and block them on the network side because they're 159 00:08:42,200 --> 00:08:44,920 easier to patch it centrally because it's hard to update 160 00:08:44,920 --> 00:08:47,880 these devices periodically and in some cases it's not possible. 161 00:08:48,320 --> 00:08:51,080 Why is virtual patching so important? 162 00:08:51,480 --> 00:08:55,280 See Virtual Patching helps us now solve the problem where I'm 163 00:08:55,280 --> 00:08:58,880 not able to patch my endpoints with vulnerability and CVS that 164 00:08:58,880 --> 00:09:03,200 I see, but I'm having a network solution to to still make sure 165 00:09:03,200 --> 00:09:05,040 that I'm not affected by that situation. 166 00:09:05,160 --> 00:09:07,280 So I'm I'm basically solving it more creatively. 167 00:09:07,760 --> 00:09:14,360 These environments are mission critical and very often must run 168 00:09:14,560 --> 00:09:19,720 continuously. How can organizations integrate 169 00:09:20,080 --> 00:09:25,920 these kinds of solutions without causing disruption to their 170 00:09:25,920 --> 00:09:28,760 environment? If you're using OT, stick it in 171 00:09:28,760 --> 00:09:31,840 a factory floor. You can't stop production in a 172 00:09:31,840 --> 00:09:35,520 factory floor. If you're using in a utility or 173 00:09:35,560 --> 00:09:38,480 oil and gas environment, you can't stop what's happening with 174 00:09:38,480 --> 00:09:40,280 your utility and your oil and gas environment. 175 00:09:40,440 --> 00:09:45,440 So it's very important that you build your OT solutions keeping 176 00:09:45,440 --> 00:09:48,640 in mind high availability, keeping in mind how do you 177 00:09:48,640 --> 00:09:52,440 ensure that from an operational perspective they continue to 178 00:09:52,440 --> 00:09:56,040 run. Remote access is critical for 179 00:09:56,040 --> 00:10:00,600 these kinds of environments. How do you enable remote access 180 00:10:00,600 --> 00:10:05,120 while providing security? Over 50% of organizations today, 181 00:10:05,160 --> 00:10:11,120 Michael, are having technicians, contractors or employees access 182 00:10:11,120 --> 00:10:14,080 these high value critical assets remotely. 183 00:10:14,760 --> 00:10:17,280 And for that, you want to make sure that a, you're using the 184 00:10:17,280 --> 00:10:19,480 right privileges for what they have access to. 185 00:10:20,000 --> 00:10:21,480 When they get access to the system. 186 00:10:21,600 --> 00:10:24,880 They are accessed ideally from a secure enterprise browser where 187 00:10:24,880 --> 00:10:27,000 you can do just in time recording, you can look at the 188 00:10:27,000 --> 00:10:29,400 activity, you can log all things that they are doing because 189 00:10:29,400 --> 00:10:31,880 these are very critical assets. So you want to make sure that 190 00:10:31,880 --> 00:10:37,600 you are designing the solutions with least privilege of what the 191 00:10:37,680 --> 00:10:40,840 contractor, the employee, the technician accesses. 192 00:10:41,280 --> 00:10:44,320 But also ensure that you have a full ordered log of every single 193 00:10:44,320 --> 00:10:48,320 activity done by the user. Anon, you've mentioned zero 194 00:10:48,320 --> 00:10:52,160 trust several times. How does that come into play in 195 00:10:52,160 --> 00:10:56,280 this remote access scenario? It is one of the most abuse 196 00:10:56,280 --> 00:10:59,000 words in cybersecurity. You think of 0 trust. 197 00:10:59,400 --> 00:11:02,080 It means no notion of implied trust. 198 00:11:02,720 --> 00:11:06,160 So I want to understand in this case who the device or the asset 199 00:11:06,160 --> 00:11:07,640 is. Is this something that I 200 00:11:07,880 --> 00:11:11,200 understand and it's assigned to my OT environment? 201 00:11:11,840 --> 00:11:16,040 Then you want to know who is this asset talking to, talking 202 00:11:16,040 --> 00:11:19,400 to systems inside the organization and talking to 203 00:11:19,400 --> 00:11:23,480 things in the outside world? Who can access these systems 204 00:11:23,640 --> 00:11:26,320 from the outside for the example we talked about for remote 205 00:11:26,320 --> 00:11:28,600 access? And when you allow this 206 00:11:28,600 --> 00:11:32,040 connection, how do you ensure that this connection, whether it 207 00:11:32,040 --> 00:11:35,040 is from the asset to the outside world or the reverse is 208 00:11:35,040 --> 00:11:39,480 monitored for all threats, vulnerabilities, command control 209 00:11:39,480 --> 00:11:43,640 connections and so on, so forth? And four, how do you manage the 210 00:11:43,680 --> 00:11:45,720 entire life cycle of this assets? 211 00:11:46,280 --> 00:11:50,560 All this in construct helps us define zero trust for OT 212 00:11:50,560 --> 00:11:53,920 environments where we have no notion implied trust, we have 213 00:11:53,920 --> 00:11:56,920 least privilege access and I'm monitoring every single 214 00:11:56,920 --> 00:11:59,880 connection and flow from the asset or to the asset. 215 00:12:00,280 --> 00:12:06,560 I know in factory floors and other OT environments are very 216 00:12:06,560 --> 00:12:09,200 harsh. There's humidity issues, there's 217 00:12:09,200 --> 00:12:13,200 temperature. How do you handle that aspect? 218 00:12:13,640 --> 00:12:16,920 They are harsh environments. Sometimes these environments 219 00:12:16,920 --> 00:12:20,160 have vibration temperature control and you think of other 220 00:12:20,160 --> 00:12:23,240 OT environments, they could be outdoor Michael, like like your 221 00:12:23,240 --> 00:12:27,320 utility, your mining, your oil and gas which could have you 222 00:12:27,320 --> 00:12:30,320 know have to operate in temperatures which are very hot 223 00:12:30,440 --> 00:12:33,920 or really, really cold. So for those environments we 224 00:12:33,920 --> 00:12:35,640 have what we call ruggedized firewalls. 225 00:12:36,000 --> 00:12:39,120 These are network enforcement points which have all of the all 226 00:12:39,120 --> 00:12:43,200 of the ability to wither all the harsh environments, whether it's 227 00:12:43,200 --> 00:12:47,120 temperature, whether it is rain, whether it is vibration, whether 228 00:12:47,120 --> 00:12:48,720 it is sand and so on and so forth. 229 00:12:49,040 --> 00:12:50,440 And these are enforcement points. 230 00:12:50,680 --> 00:12:53,680 These are enforcement point, or these are sensors on the network 231 00:12:53,800 --> 00:12:57,320 that help identify who the devices are on the environment, 232 00:12:57,440 --> 00:13:00,920 but also help protect from threats, command control 233 00:13:00,920 --> 00:13:03,920 connections, software exploits, so on and so forth. 234 00:13:04,400 --> 00:13:11,280 And on the regulations around cybersecurity reporting are 235 00:13:11,680 --> 00:13:14,280 evolving. Can you tell us about that? 236 00:13:14,280 --> 00:13:18,080 What's going on there? Within 72 hours if you are 237 00:13:18,080 --> 00:13:20,640 having a attack you got to have you have to report that. 238 00:13:20,880 --> 00:13:23,320 For ransomware you have 24 hours to report that. 239 00:13:23,320 --> 00:13:25,440 So these are environment that are happening and this is quite 240 00:13:25,440 --> 00:13:29,400 broad. It affects large sector of 241 00:13:29,400 --> 00:13:33,800 organizations, including OT environments and that is what 242 00:13:33,840 --> 00:13:37,440 the rules and regulations are. The best thing that we are 243 00:13:37,640 --> 00:13:40,680 advising our customers is that make sure that you're building 244 00:13:40,680 --> 00:13:44,480 these systems which are highly secure so that you have the 245 00:13:44,480 --> 00:13:47,160 capability then to protect yourself from these threats. 246 00:13:47,600 --> 00:13:50,960 Do you have advice on how organizations can maintain 247 00:13:51,400 --> 00:13:57,000 operational efficiency while maintaining compliance with 248 00:13:57,000 --> 00:14:00,240 these new regulations? Most of these environments are 249 00:14:00,240 --> 00:14:02,600 highly regulated. Most of these environments have 250 00:14:02,600 --> 00:14:05,200 to do have a lot of things around audits and trails and 251 00:14:05,200 --> 00:14:08,880 logs and a lot of time is spent including this audit log 252 00:14:08,880 --> 00:14:11,600 reports. What we do with our solution of 253 00:14:11,600 --> 00:14:14,720 OT security in addition to the things I talked about which is 254 00:14:14,720 --> 00:14:19,640 visibility, segmentation and policy control, zero trust 255 00:14:19,720 --> 00:14:22,920 access and security on an ongoing basis, we also help them 256 00:14:22,920 --> 00:14:25,520 automate all the audit information because now we have 257 00:14:25,520 --> 00:14:28,240 full visibility into every individual asset in the 258 00:14:28,240 --> 00:14:31,560 organization. We know the make the model, the 259 00:14:31,560 --> 00:14:34,080 version, the vulnerabilities associated with it and we can 260 00:14:34,320 --> 00:14:37,560 now automate so as report creation from audit perspective 261 00:14:37,800 --> 00:14:42,760 and help them be more proactive in how you remediate form these 262 00:14:42,760 --> 00:14:45,920 vulnerabilities either by patching the endpoints, by 263 00:14:45,920 --> 00:14:49,240 having solutions like guided virtual patching or support on 264 00:14:49,240 --> 00:14:51,640 the network enforcement point for security threats. 265 00:14:52,000 --> 00:14:58,640 So given the complexity around these OT environments and the 266 00:14:59,440 --> 00:15:06,600 ever evolving nature of security threats, automation is the key. 267 00:15:07,040 --> 00:15:10,480 Automation and your security and your visibility needs to be 268 00:15:10,480 --> 00:15:12,800 powered by AI. You cannot do these things 269 00:15:12,800 --> 00:15:15,840 manually. AI and machine learning have 270 00:15:16,000 --> 00:15:21,480 been core themes you've touched on during our discussion. 271 00:15:21,800 --> 00:15:28,360 Why is it so important in these converged OTIT environments? 272 00:15:28,760 --> 00:15:31,440 We're talking of OT environments and IT enviros merging. 273 00:15:31,440 --> 00:15:33,560 You're talking of two systems coming together. 274 00:15:33,760 --> 00:15:36,320 We're talking of complexity, of variety of different things on 275 00:15:36,320 --> 00:15:39,640 the OT environment, many of them that can't be patched, many of 276 00:15:39,640 --> 00:15:42,720 them having vulnerabilities. And then you have to have all 277 00:15:42,720 --> 00:15:44,400 the segmentation rules and policies. 278 00:15:45,440 --> 00:15:48,160 All of this has to be powered through AI and machine learning. 279 00:15:48,360 --> 00:15:50,160 You got to be able to have full visibility. 280 00:15:50,440 --> 00:15:52,560 You got to do it on structure unstructured data. 281 00:15:52,840 --> 00:15:54,760 You got to have your segmentation rules and policies 282 00:15:54,760 --> 00:15:58,440 automatically created. But now as these assets get 283 00:15:58,440 --> 00:16:01,600 connected, you have to use the power of machine learning, deep 284 00:16:01,600 --> 00:16:05,360 learning, LLMS, what we call precision AI to secure every 285 00:16:05,360 --> 00:16:09,120 single connection across every single possible threat vector 286 00:16:09,680 --> 00:16:11,560 with this command control connections and software 287 00:16:11,560 --> 00:16:16,200 exploits and phishing attacks or malware or OT specific threats. 288 00:16:16,600 --> 00:16:20,680 All of this needs to be done to the power of AI so you can stop 289 00:16:20,800 --> 00:16:26,080 and prevent both known as well as unknown threats in real time, 290 00:16:26,280 --> 00:16:30,280 reducing any of the downtime of the assets and have full life 291 00:16:30,280 --> 00:16:33,840 cycle manageability across the entire life cycle of the OT 292 00:16:33,840 --> 00:16:35,960 assets for the factory floor of the plant. 293 00:16:36,440 --> 00:16:38,440 Anon, great talking with you. Thank you so much. 294 00:16:38,440 --> 00:16:40,480 Michael, always a pleasure. Thank you so much.