Unsupervised Learning is a podcast about trends and ideas in cybersecurity, national security, AI, technology and society, and how best to upgrade ourselves to be ready for what's coming. All right, welcome to Unsupervised Learning. This is Daniel Miessler, and we have with us today Slava Konstantinov from Threatlocker.

Unsupervised Learning is a podcast about trends and ideas in cybersecurity, national security, AI, technology and society, and how best to upgrade ourselves to be ready for what's coming. All right, welcome to Unsupervised Learning. This is Daniel Miessler, and we have with us today Slava Konstantinov from Threatlocker.

Thanks for having me.

Thanks for having me.

Yeah, yeah, yeah. Great to have you here. So, um, wanted to just jump right into it. Um, can you start off by telling us what's going on with Threatlocker overall? Like what? What does it address? What is the, um, the main the main product and what it does?

Yeah, yeah, yeah. Great to have you here. So, um, wanted to just jump right into it. Um, can you start off by telling us what's going on with Threatlocker overall? Like what? What does it address? What is the, um, the main the main product and what it does?

Yeah. So Threatlocker were a cybersecurity company and we're protecting endpoints. And our main approach is a zero trust. Zero trust means that that we don't trust anyone Except what we trust. I mean, we have a lot of policies. We can talk about this like deep dive a little bit later. But yeah, in general we're working on a zero trust with zero trust approach.

Yeah. So Threatlocker were a cybersecurity company and we're protecting endpoints. And our main approach is a zero trust. Zero trust means that that we don't trust anyone Except what we trust. I mean, we have a lot of policies. We can talk about this like deep dive a little bit later. But yeah, in general we're working on a zero trust with zero trust approach.

Yeah. So and that means by default nothing is allowed in general. Right. And then you poke poke little holes for what's allowed.

Yeah. So and that means by default nothing is allowed in general. Right. And then you poke poke little holes for what's allowed.

Yes we we have multiple different products in thread locker. So basically we have one big thread locker machine as if I can say that. And also we have like different products. First of all like we have an application control. It's this basically is allow listing. Allow listing that we only allow to run specific software that it's basically in our list. Everything else, everything else gets denied. So what does it mean for for the enterprise it means that every company they have set of software they use. Everything else should not be allowed. And there is a lot of examples out there on the internet and in real life. Basically, when people are losing their jobs or company got hacked because someone installed something that was not supposed to be there.

Yes we we have multiple different products in thread locker. So basically we have one big thread locker machine as if I can say that. And also we have like different products. First of all like we have an application control. It's this basically is allow listing. Allow listing that we only allow to run specific software that it's basically in our list. Everything else, everything else gets denied. So what does it mean for for the enterprise it means that every company they have set of software they use. Everything else should not be allowed. And there is a lot of examples out there on the internet and in real life. Basically, when people are losing their jobs or company got hacked because someone installed something that was not supposed to be there.

Yeah, yeah, that makes sense. And so how was the what's the process look like for. And I believe we talked to someone else from your company as well. So I heard about this before, and I remember being impressed with the way that you handled it. But how do you handle that allow list.

Yeah, yeah, that makes sense. And so how was the what's the process look like for. And I believe we talked to someone else from your company as well. So I heard about this before, and I remember being impressed with the way that you handled it. But how do you handle that allow list.

So we have a set of rules. And rule can be like you can put like a path to the rule. You can. But mostly we use hashes. So basically we know what every executable in your system, every executable hash in your system. So we know that we have big database of these hashes. We also know the hashes of the apps and how we do that. If if there is unknown hash trying to execute on your computer, which is basically block it. So it's pretty straightforward and it's pretty easy, sometimes you need to maintain it because there's a we have two sets of applications we have built in applications. So basically we maintain them. We also check for updates for that applications. We update hashes. But there are sometimes specific requests from the customers. So they need to maintain it themselves. But it's not super hard. It's just it's just small inconvenience for as I would say, better security.

So we have a set of rules. And rule can be like you can put like a path to the rule. You can. But mostly we use hashes. So basically we know what every executable in your system, every executable hash in your system. So we know that we have big database of these hashes. We also know the hashes of the apps and how we do that. If if there is unknown hash trying to execute on your computer, which is basically block it. So it's pretty straightforward and it's pretty easy, sometimes you need to maintain it because there's a we have two sets of applications we have built in applications. So basically we maintain them. We also check for updates for that applications. We update hashes. But there are sometimes specific requests from the customers. So they need to maintain it themselves. But it's not super hard. It's just it's just small inconvenience for as I would say, better security.

Sure. And then like you were saying something for like a windows environment, like a very big, uh, software operating system, lots of updates coming out, lots of application updates coming out When those updates come out, I assume they come to you and you do. Hashes for those. And then you give the hashes to the customers so that. They can ensure that they can install them or.

Sure. And then like you were saying something for like a windows environment, like a very big, uh, software operating system, lots of updates coming out, lots of application updates coming out When those updates come out, I assume they come to you and you do. Hashes for those. And then you give the hashes to the customers so that. They can ensure that they can install them or.

No, no. Basically what we do. We have a portal. So it's a web website and everything managed from there. So. We the customers, they have like admin pages and all of this so they can set it up. And when the update come up we have a whole team basically looking for that updates like running them, learning the new hashes and after update. So they just basically update the existing policies when the policy got get updated, they basically after that what they do is it's automatically updated on every customer we have. So we'll and there's also new product coming out that's batch management. So we're gonna basically we're gonna see if there's an old application not patched application installed on your computer. And you can install and you can patch it on the fly basically without even asking user to do that.

No, no. Basically what we do. We have a portal. So it's a web website and everything managed from there. So. We the customers, they have like admin pages and all of this so they can set it up. And when the update come up we have a whole team basically looking for that updates like running them, learning the new hashes and after update. So they just basically update the existing policies when the policy got get updated, they basically after that what they do is it's automatically updated on every customer we have. So we'll and there's also new product coming out that's batch management. So we're gonna basically we're gonna see if there's an old application not patched application installed on your computer. And you can install and you can patch it on the fly basically without even asking user to do that.

Oh very cool, very cool. Okay, so you have the application one. You have this new one that's coming out which is patches.

Oh very cool, very cool. Okay, so you have the application one. You have this new one that's coming out which is patches.

Patch management. Yep.

Patch management. Yep.

Patch management. So what are the other products that you have. You mentioned other ones.

Patch management. So what are the other products that you have. You mentioned other ones.

Yeah. So the one we talked about it was application control. We also have storage control. So storage control is a is a product that basically can uh protect your file system from unwanted access. What I mean by that, you can stop some application from accessing your, uh, folders that may that may have some information, like a specific information that needs to be secured. We also have we can block USB devices. We also can block network shares, so this product helps users to protect their data from being accessed from unknown apps, for example, or even USB drives. So if your if your company's policy does not allow to USB drives, which can block USB drives from accessing your computer at all.

Yeah. So the one we talked about it was application control. We also have storage control. So storage control is a is a product that basically can uh protect your file system from unwanted access. What I mean by that, you can stop some application from accessing your, uh, folders that may that may have some information, like a specific information that needs to be secured. We also have we can block USB devices. We also can block network shares, so this product helps users to protect their data from being accessed from unknown apps, for example, or even USB drives. So if your if your company's policy does not allow to USB drives, which can block USB drives from accessing your computer at all.

Hmm. Interesting. Okay, so it's controlling like the media that can come in. It can handle network shares as well. Yes. You could basically you could block off things that are, uh, super sensitive. You don't want it to look at it at all.

Hmm. Interesting. Okay, so it's controlling like the media that can come in. It can handle network shares as well. Yes. You could basically you could block off things that are, uh, super sensitive. You don't want it to look at it at all.

Yes, yes. So we have for example like specific uh, folder with uh, super secret data, your company data, and you have only 1 or 2 apps that allow to access that, like for example, like Word or Excel or something like that. So and you will allow only this helps to access that folder if some other app like malicious app for example, like lurking in your system and it tried to access that folder which is going to block it. So it means like zero trust, we don't trust anyone except with the ones we trust.

Yes, yes. So we have for example like specific uh, folder with uh, super secret data, your company data, and you have only 1 or 2 apps that allow to access that, like for example, like Word or Excel or something like that. So and you will allow only this helps to access that folder if some other app like malicious app for example, like lurking in your system and it tried to access that folder which is going to block it. So it means like zero trust, we don't trust anyone except with the ones we trust.

Gotcha. Okay. So that's application control and storage control. Any others?

Gotcha. Okay. So that's application control and storage control. Any others?

Yeah. So we have ring fencing. Ring fencing basically means if we allow app to run. But we what we can do is we can say we can put this app into if we can say that sandbox. So saying like okay, you're allowed only you're not allowed to run other applications or you're allowed to run specific applications or you can you cannot access network or you can access the network, but some specific websites.

Yeah. So we have ring fencing. Ring fencing basically means if we allow app to run. But we what we can do is we can say we can put this app into if we can say that sandbox. So saying like okay, you're allowed only you're not allowed to run other applications or you're allowed to run specific applications or you can you cannot access network or you can access the network, but some specific websites.

Oh that's right. Yeah. So this is um, same.

Oh that's right. Yeah. So this is um, same.

For.

For.

The stores are round in application.

The stores are round in application.

Yes, around the specific application. So for example you have I don't know like a file zilla or I don't know or something like that. So you will you can access FTP servers, but you have specific set of FTP servers that allow that you allow to connect to or any other app. I'm honestly right now.

Yes, around the specific application. So for example you have I don't know like a file zilla or I don't know or something like that. So you will you can access FTP servers, but you have specific set of FTP servers that allow that you allow to connect to or any other app. I'm honestly right now.

Netcat or terminal or something like that.

Netcat or terminal or something like that.

Oh yeah. Yeah. Terminal for example. So you can ring fence terminal and say like oh terminal can run this, this and that and it's not allowed to run curl for example. So if it yeah, if it can't run curl if uh, some specific attacks.

Oh yeah. Yeah. Terminal for example. So you can ring fence terminal and say like oh terminal can run this, this and that and it's not allowed to run curl for example. So if it yeah, if it can't run curl if uh, some specific attacks.

Or something like yeah, a way to download additional malware or.

Or something like yeah, a way to download additional malware or.

Yes, yes.

Yes, yes.

Or outbound SSH or something.

Or outbound SSH or something.

Yeah. Or you downloaded some app and you're not sure you need this app, but you're not sure what it's doing. And you can basically put it into that sandbox and saying like, oh, you're not allowed to access internet. So even if it it will try malicious software, it will try to download some like payload from the internet like obfuscated executable and run it. First of all, even if it's downloaded, we're not going to allow it to run it because of default deny application control. But at the same time, it's even if it stole something from your computer, it will now don't have access to internet to send it over.

Yeah. Or you downloaded some app and you're not sure you need this app, but you're not sure what it's doing. And you can basically put it into that sandbox and saying like, oh, you're not allowed to access internet. So even if it it will try malicious software, it will try to download some like payload from the internet like obfuscated executable and run it. First of all, even if it's downloaded, we're not going to allow it to run it because of default deny application control. But at the same time, it's even if it stole something from your computer, it will now don't have access to internet to send it over.

Right.

Right.

Yeah. Same. Same for the. I'm sorry. Same for the storage. Uh, storage. Because we can reinvent storage access to specific apps. So storage control, we can control whole system, whole computer, different applications. But ring fencing, we can specifically say this application allowed to access that folder, that folder, that folder. Okay, so.

Yeah. Same. Same for the. I'm sorry. Same for the storage. Uh, storage. Because we can reinvent storage access to specific apps. So storage control, we can control whole system, whole computer, different applications. But ring fencing, we can specifically say this application allowed to access that folder, that folder, that folder. Okay, so.

And then can you define all these different policies in one place, or are they defined in the separate products?

And then can you define all these different policies in one place, or are they defined in the separate products?

Yeah. So it's a separate product. So application control is one product storage control. And it's all different products. But it doesn't mean you're not allowed to reuse them between products.

Yeah. So it's a separate product. So application control is one product storage control. And it's all different products. But it doesn't mean you're not allowed to reuse them between products.

Okay. Yeah that makes sense. So a lot of this has been very windows focused. Is that right.

Okay. Yeah that makes sense. So a lot of this has been very windows focused. Is that right.

Yeah yeah windows. But we also have Mac agent now for for a couple of years. And Linux we have version 1.4 I guess Linux right now. So it's pretty early stage.

Yeah yeah windows. But we also have Mac agent now for for a couple of years. And Linux we have version 1.4 I guess Linux right now. So it's pretty early stage.

Okay. So tell me tell me about the Mac agent.

Okay. So tell me tell me about the Mac agent.

Yeah. So I'm a mac lead architect. So, um, yeah, I'm basically I've been there since day one of Mac agents starting POC, and now we have version 4.2 coming out soon. So it's been quite a journey. We don't have all of the products windows has for now, but we're trying to keep up. So we don't have we don't have detect. I mean, we haven't talked about that yet, but yeah.

Yeah. So I'm a mac lead architect. So, um, yeah, I'm basically I've been there since day one of Mac agents starting POC, and now we have version 4.2 coming out soon. So it's been quite a journey. We don't have all of the products windows has for now, but we're trying to keep up. So we don't have we don't have detect. I mean, we haven't talked about that yet, but yeah.

Tell me about detect.

Tell me about detect.

Okay. So there's also multiple there's a couple more products that we haven't talked about.

Okay. So there's also multiple there's a couple more products that we haven't talked about.

Yeah yeah.

Yeah yeah.

Yeah. So first oh not first. So one of the products is elevation control. Basically it's it's in some way it's a little bit different from zero trust because we can what we can do is we can allow applications or user to elevate uh specific actions in the system. Uh, as a, as an admin user. So without asking actual admin permissions. So basically you have a standard user on your computer that is not allowed to elevate anything, but your admin wants you to install some update, and for that update you need elevation or to access some folder. That's if we're talking about Macs that protected by root, for example. And what we can do, we can set up specific rules for that application. So if application tries to, uh, install update for itself and it requires root so users user is not, uh, basically user does not enter any password. So it would just automatically elevate user for admin privileges for for that specific request not whole system. Some specific requests. We can allow for application for user interaction with a system and a windows. It's UAC in a mac world or Linux world that you can. It's pseudo or it's just privilege elevation.

Yeah. So first oh not first. So one of the products is elevation control. Basically it's it's in some way it's a little bit different from zero trust because we can what we can do is we can allow applications or user to elevate uh specific actions in the system. Uh, as a, as an admin user. So without asking actual admin permissions. So basically you have a standard user on your computer that is not allowed to elevate anything, but your admin wants you to install some update, and for that update you need elevation or to access some folder. That's if we're talking about Macs that protected by root, for example. And what we can do, we can set up specific rules for that application. So if application tries to, uh, install update for itself and it requires root so users user is not, uh, basically user does not enter any password. So it would just automatically elevate user for admin privileges for for that specific request not whole system. Some specific requests. We can allow for application for user interaction with a system and a windows. It's UAC in a mac world or Linux world that you can. It's pseudo or it's just privilege elevation.

Interesting. Okay. So that's an interesting layer. So it's basically a layer in between the actual um pseudo or admin capability. It's it's like a shim in between.

Interesting. Okay. So that's an interesting layer. So it's basically a layer in between the actual um pseudo or admin capability. It's it's like a shim in between.

Yes, yes. So basically if you're not allowed to run pseudo on your computer, for example, on Mac, any standard user. So we have admin user and a standard user, any admin standard user doesn't have access to pseudo at all. But what we can do, we can we can get this access to standard user, but just for some specific specific amount of time or a specific amount of actions. Like if you want to run pseudo uh, Linux apt get or something to update your packages.

Yes, yes. So basically if you're not allowed to run pseudo on your computer, for example, on Mac, any standard user. So we have admin user and a standard user, any admin standard user doesn't have access to pseudo at all. But what we can do, we can we can get this access to standard user, but just for some specific specific amount of time or a specific amount of actions. Like if you want to run pseudo uh, Linux apt get or something to update your packages.

Right. So so it's like a policy based granular control when that actually doesn't exist with sudo. If you have sudo, you have everything.

Right. So so it's like a policy based granular control when that actually doesn't exist with sudo. If you have sudo, you have everything.

Yeah. Yeah.

Yeah. Yeah.

If you're taking that away. Yeah.

If you're taking that away. Yeah.

Yeah. If you're admin it doesn't make sense. You can just type in a password or click like elevate privileges or something like that. It's not a problem. But if we have a yeah if user doesn't have any privileges on the computer, we allow user to have some of them if user needs to.

Yeah. If you're admin it doesn't make sense. You can just type in a password or click like elevate privileges or something like that. It's not a problem. But if we have a yeah if user doesn't have any privileges on the computer, we allow user to have some of them if user needs to.

Sure. Okay. So that's elevation. Uh, what's what's the next one. Yeah. What about detect.

Sure. Okay. So that's elevation. Uh, what's what's the next one. Yeah. What about detect.

Yeah. So there's a detect. It's not on the Mac. It's not on Linux yet. It's just windows product for now. But we're working on getting it into Mac at least. Okay, so, uh, this is our MDR solution. So we have EDR that's automated, automatically detect and block something or make any decisions. We have MDR, we have whole MDR team and Threadlocker Threatlocker headquarters they basically check for, so you can set up rules and policies for your organizations to see, like, oh, someone like scanning my entire network or doing something. So and we have alerts for that. So our MDR team, they have alert and so they can lock your computer down. If there's some suspicious activity they can lock your network down or they can notify you like call you call your admin like saying, oh there's some suspicious activity. What what what do you want it to do with with that. Because there's a lot of we it happens. There's some false positives. But and that team, they basically monitor all of these events from all of our customers. And they and they make decisions by that okay.

Yeah. So there's a detect. It's not on the Mac. It's not on Linux yet. It's just windows product for now. But we're working on getting it into Mac at least. Okay, so, uh, this is our MDR solution. So we have EDR that's automated, automatically detect and block something or make any decisions. We have MDR, we have whole MDR team and Threadlocker Threatlocker headquarters they basically check for, so you can set up rules and policies for your organizations to see, like, oh, someone like scanning my entire network or doing something. So and we have alerts for that. So our MDR team, they have alert and so they can lock your computer down. If there's some suspicious activity they can lock your network down or they can notify you like call you call your admin like saying, oh there's some suspicious activity. What what what do you want it to do with with that. Because there's a lot of we it happens. There's some false positives. But and that team, they basically monitor all of these events from all of our customers. And they and they make decisions by that okay.

Okay. Great. So so essentially the agent is talking up to a centralized location. You could see centralized alerts. Like, for example, someone scanning the entire network or something, and they can they could choose to respond to that.

Okay. Great. So so essentially the agent is talking up to a centralized location. You could see centralized alerts. Like, for example, someone scanning the entire network or something, and they can they could choose to respond to that.

Yeah. Yeah, yeah. Uh, also, the customer or our team, we can help customers with that to set up specific policies because every organization may have different policies. So we can set up their policies like in the way they want. So we can check something. We can skip something, something else.

Yeah. Yeah, yeah. Uh, also, the customer or our team, we can help customers with that to set up specific policies because every organization may have different policies. So we can set up their policies like in the way they want. So we can check something. We can skip something, something else.

Makes sense is that, um, is that all the products you still got?

Makes sense is that, um, is that all the products you still got?

Yeah. We have one more. Okay. One more old ones. We have three more new ones.

Yeah. We have one more. Okay. One more old ones. We have three more new ones.

Okay.

Okay.

So we have, uh, we have network control. Network control is basically we can, uh, and we also have default deny on the network if you want this. So basically we're not allowed and, uh, endpoint is not allowed to access anything except what you allow to do. Or you can just you can allow everything but block specific websites like even like if we're talking about protection default deny is better because you can say like, oh, you can go like to to access Microsoft.com, you can access like some other Adobe updates or something like that, uh, obviously like specific websites for your organization. But if we're talking about even controlling what your user does, like blocking Facebook or, or something like pretty simple. So we can we can do all of that with the network control. It's basically, uh, protecting your environment and your network. We also have a thing called objects and challenges. So the, uh, the multiple computers can talk to each other with specific challenges and objects and saying like, oh, this computer, I know this computer, it's allowed to access my network. Mhm. Doesn't matter where you are. So it means like because for firewall you need to set up your IP like you can, you need to like or VPN or you have to call someone like your admin. Can you allow this IP to access our network. But if you're like on on the go somewhere like basically traveling, you can your network control will send specific objects to your to your network and you will uh, and they will respond. It's, it's a double check between like if it's legit or not. And it will allow your computer from any location to access that network in this rain.

So we have, uh, we have network control. Network control is basically we can, uh, and we also have default deny on the network if you want this. So basically we're not allowed and, uh, endpoint is not allowed to access anything except what you allow to do. Or you can just you can allow everything but block specific websites like even like if we're talking about protection default deny is better because you can say like, oh, you can go like to to access Microsoft.com, you can access like some other Adobe updates or something like that, uh, obviously like specific websites for your organization. But if we're talking about even controlling what your user does, like blocking Facebook or, or something like pretty simple. So we can we can do all of that with the network control. It's basically, uh, protecting your environment and your network. We also have a thing called objects and challenges. So the, uh, the multiple computers can talk to each other with specific challenges and objects and saying like, oh, this computer, I know this computer, it's allowed to access my network. Mhm. Doesn't matter where you are. So it means like because for firewall you need to set up your IP like you can, you need to like or VPN or you have to call someone like your admin. Can you allow this IP to access our network. But if you're like on on the go somewhere like basically traveling, you can your network control will send specific objects to your to your network and you will uh, and they will respond. It's, it's a double check between like if it's legit or not. And it will allow your computer from any location to access that network in this rain.

Interesting. Okay. Okay. I have a question before you go into the new products, is is anyone thinking about I have to assume the answer is yes. Is anybody thinking about a single policy editor where you go in as an organization. And you basically define the policy of like, here's what we care about for network overall for this particular host, it's like like a more centralized single policy. Um, in that single policy, which you like, write in English, gets translated down to the specific rules that apply to the specific products. So it's still being implemented inside the separate products. But really it's like this like abstracted up.

Interesting. Okay. Okay. I have a question before you go into the new products, is is anyone thinking about I have to assume the answer is yes. Is anybody thinking about a single policy editor where you go in as an organization. And you basically define the policy of like, here's what we care about for network overall for this particular host, it's like like a more centralized single policy. Um, in that single policy, which you like, write in English, gets translated down to the specific rules that apply to the specific products. So it's still being implemented inside the separate products. But really it's like this like abstracted up.

Um, yeah.

Um, yeah.

So we need policy editor.

So we need policy editor.

So we need to, uh, implement some AI stuff for, for that obviously.

So we need to, uh, implement some AI stuff for, for that obviously.

Yeah.

Yeah.

Yeah. To translate from human language to that one. We don't have it yet. It could be our next product. We'll see.

Yeah. To translate from human language to that one. We don't have it yet. It could be our next product. We'll see.

Yeah. Yeah, that makes sense. So what are the new products?

Yeah. Yeah, that makes sense. So what are the new products?

Yeah. So there's, um, at least three new products. Uh, so there's, uh, if we're talking about agents because there's one more product called Cloud Detect, It's a little bit different kind of product. I'm working on the agent side. So it's it's not agent related products. It basically means product that can, uh, allow access to your, uh, cloud services from, like, Microsoft or like AWS or something like that, with a specific app on your phone. And it connects to same as, uh, and wherever you go with this app, it knows your IP address, and it basically can allow you access from that location to your cloud services. So it, uh, and, uh, but other three products is, uh, web control. So it's, it's not. Net so it's similar in some way to a network control still. Uh, but it only works for browsers. So if you want your organization to block like all gambling websites or poor websites or something like that. You just can choose category that you can block or allow. And we basically will do that. So this this one of the newest products, it's it's for someone who doesn't want to deal with network control. It's much more simpler and it's much more it's more uh, just uh, it's more restrictive. Not not protective, I would say.

Yeah. So there's, um, at least three new products. Uh, so there's, uh, if we're talking about agents because there's one more product called Cloud Detect, It's a little bit different kind of product. I'm working on the agent side. So it's it's not agent related products. It basically means product that can, uh, allow access to your, uh, cloud services from, like, Microsoft or like AWS or something like that, with a specific app on your phone. And it connects to same as, uh, and wherever you go with this app, it knows your IP address, and it basically can allow you access from that location to your cloud services. So it, uh, and, uh, but other three products is, uh, web control. So it's, it's not. Net so it's similar in some way to a network control still. Uh, but it only works for browsers. So if you want your organization to block like all gambling websites or poor websites or something like that. You just can choose category that you can block or allow. And we basically will do that. So this this one of the newest products, it's it's for someone who doesn't want to deal with network control. It's much more simpler and it's much more it's more uh, just uh, it's more restrictive. Not not protective, I would say.

Gotcha. Okay. And is that is that all of them? One more. Right.

Gotcha. Okay. And is that is that all of them? One more. Right.

No, no. Two more. Two more. Yeah. We have a lot of products. So we all, we all we also have patch management. It's coming soon. So this this three products coming soon. So it's in beta now and it's coming live. Uh, maybe months maybe a couple of weeks. Okay. So, uh, the patch management. So as we spoke with you about this a little bit earlier so we can patch. We can have set of policies and we can check versions of the apps that that's on your computer. And if it's if the app is outdated, we can alert your admin saying like, oh, there's a new there's a new thing, there's a new update for the app, and you can basically press the button on the portal and it's going to automatically patch your, your, your application. So, so it's, it's much easier way and simpler way of patching, especially in some cases if you want to allow or uh, some specific version to run on your computer.

No, no. Two more. Two more. Yeah. We have a lot of products. So we all, we all we also have patch management. It's coming soon. So this this three products coming soon. So it's in beta now and it's coming live. Uh, maybe months maybe a couple of weeks. Okay. So, uh, the patch management. So as we spoke with you about this a little bit earlier so we can patch. We can have set of policies and we can check versions of the apps that that's on your computer. And if it's if the app is outdated, we can alert your admin saying like, oh, there's a new there's a new thing, there's a new update for the app, and you can basically press the button on the portal and it's going to automatically patch your, your, your application. So, so it's, it's much easier way and simpler way of patching, especially in some cases if you want to allow or uh, some specific version to run on your computer.

Okay.

Okay.

There's one more called insights. The insights is basically we have, uh, a database that stores all of the applications and interactions with applications, uh, from all of our clients. It's totally anonymous. So it's it's different. It's different set of data from our customers data. But what it can do basically see every app that was allowed or denied or set of rules, specific set of rules that apply to that app. And we can show user oh, if some app got blocked on your computer and you will see the small statistics like the admin on your organization can look at the statistics saying, oh, this app got denied or got allowed. This is how many times this is how many times this domain was accessed. This how many times it was denied a lot of times. So it's like it's a small insight of like what others do. And you can create interesting set of policies, especially ringfence policies on what app. Some specific app. Oh, usually this app goes to that folder or access that website and you can automatically press like create a ring fence policies for this app so it makes life of our customers a little bit easier.

There's one more called insights. The insights is basically we have, uh, a database that stores all of the applications and interactions with applications, uh, from all of our clients. It's totally anonymous. So it's it's different. It's different set of data from our customers data. But what it can do basically see every app that was allowed or denied or set of rules, specific set of rules that apply to that app. And we can show user oh, if some app got blocked on your computer and you will see the small statistics like the admin on your organization can look at the statistics saying, oh, this app got denied or got allowed. This is how many times this is how many times this domain was accessed. This how many times it was denied a lot of times. So it's like it's a small insight of like what others do. And you can create interesting set of policies, especially ringfence policies on what app. Some specific app. Oh, usually this app goes to that folder or access that website and you can automatically press like create a ring fence policies for this app so it makes life of our customers a little bit easier.

Yeah, that's that's smart. That's smart. Because like a ring fence policy could be like 12 different rules to like 12 different things. Right?

Yeah, that's that's smart. That's smart. Because like a ring fence policy could be like 12 different rules to like 12 different things. Right?

Yes.

Yes.

And that might take a little while to figure out. And each time it's like a manual add versus somebody else. Or hundreds of other customers already figured that out. So now there's a template.

And that might take a little while to figure out. And each time it's like a manual add versus somebody else. Or hundreds of other customers already figured that out. So now there's a template.

Yes. Yeah. Exactly.

Yes. Yeah. Exactly.

Yeah. That makes sense. That makes sense. Um, well, what can you say more about the, uh, the Mac agent? Um, how how are things different, like threat wise right now with Mac versus windows? Are you seeing different threats? Like, is the installation process different the management of it? Is it different?

Yeah. That makes sense. That makes sense. Um, well, what can you say more about the, uh, the Mac agent? Um, how how are things different, like threat wise right now with Mac versus windows? Are you seeing different threats? Like, is the installation process different the management of it? Is it different?

I mean, like the threat, the attack vectors, they pretty much the same everywhere. Like, yeah, it's the same thing like Linux, Mac, windows. Most of them are social engineering. Some of them are like zero day vulnerabilities. Some of some of them is, uh, supply chain attacks. Right. But like, it's still the same, like how how Apple and Microsoft approach this is a little bit differently because Mac they I mean the windows they have Windows Defender, they have UAC. So they have their own protections. Apple goes a little bit further with that because there's a lot of more protections like uh, uh, TCC. It's uh, I forgot how it's, uh, consent and something. Consent and control. I was honestly, I forgot, but basically there's a specific set of rules for each app. It's what we do. But from from Apple standpoint, it's a little bit simpler. So they can deny access for any app to access to file system, for example. So it runs in its own small sandbox or or user have to approve if app wants to access your documents folder for example. Right.

I mean, like the threat, the attack vectors, they pretty much the same everywhere. Like, yeah, it's the same thing like Linux, Mac, windows. Most of them are social engineering. Some of them are like zero day vulnerabilities. Some of some of them is, uh, supply chain attacks. Right. But like, it's still the same, like how how Apple and Microsoft approach this is a little bit differently because Mac they I mean the windows they have Windows Defender, they have UAC. So they have their own protections. Apple goes a little bit further with that because there's a lot of more protections like uh, uh, TCC. It's uh, I forgot how it's, uh, consent and something. Consent and control. I was honestly, I forgot, but basically there's a specific set of rules for each app. It's what we do. But from from Apple standpoint, it's a little bit simpler. So they can deny access for any app to access to file system, for example. So it runs in its own small sandbox or or user have to approve if app wants to access your documents folder for example. Right.

Yep.

Yep.

And Apple has X protect. It's like Windows Defender X protect. Their probably it's built in antivirus but it also runs only for uh known malware. So it works only for it can block only known malware. It's not like it's not even reactive.

And Apple has X protect. It's like Windows Defender X protect. Their probably it's built in antivirus but it also runs only for uh known malware. So it works only for it can block only known malware. It's not like it's not even reactive.

It's not looking at behavior for all applications. Okay. So you're hooking into the the Mac functionality and doing your own functionality or.

It's not looking at behavior for all applications. Okay. So you're hooking into the the Mac functionality and doing your own functionality or.

Yeah. So what we do Apple restrict us from accessing kernel. It happened like five years ago I guess or something around that time. So and we have a lot of complications because of that. So they, they have their own driver running in and we basically see what this driver sends us events and we can apply to that events like allow or deny. But what driver can do it can access other processes memory. It can access, uh, other low level things that we can do to make protection a little bit better, I would say, but we're not allowed to do that. And there's also a lot of, uh, because they tried to make it for everyone. So there is a trade off between speed and some of the things they send to, uh, to us. So we need to approach some things differently, especially hashes. So we need to have our own cache for hashes and all of these things, because what Apple sends us is a little bit different. They call it KD hash. It's called directory. It's assigning hash. But we need to know hash for specific executable and it's a little bit different. And we need to calculate it like basically each time application runs. And there's some complications with that I would say. But it's we found workarounds for that. It's for network. The same thing. We don't have access to kernels so we don't have access to some low level packets. So we only work with Apple's gives us and we have complications with that either. So and also recently I guess it was 15.1 recent update. They broke third party firewalls. Uh not just us everyone. Yeah. If you run in built in firewall, if it's on, uh, we never got any, uh, events from the system, so it's like.

Yeah. So what we do Apple restrict us from accessing kernel. It happened like five years ago I guess or something around that time. So and we have a lot of complications because of that. So they, they have their own driver running in and we basically see what this driver sends us events and we can apply to that events like allow or deny. But what driver can do it can access other processes memory. It can access, uh, other low level things that we can do to make protection a little bit better, I would say, but we're not allowed to do that. And there's also a lot of, uh, because they tried to make it for everyone. So there is a trade off between speed and some of the things they send to, uh, to us. So we need to approach some things differently, especially hashes. So we need to have our own cache for hashes and all of these things, because what Apple sends us is a little bit different. They call it KD hash. It's called directory. It's assigning hash. But we need to know hash for specific executable and it's a little bit different. And we need to calculate it like basically each time application runs. And there's some complications with that I would say. But it's we found workarounds for that. It's for network. The same thing. We don't have access to kernels so we don't have access to some low level packets. So we only work with Apple's gives us and we have complications with that either. So and also recently I guess it was 15.1 recent update. They broke third party firewalls. Uh not just us everyone. Yeah. If you run in built in firewall, if it's on, uh, we never got any, uh, events from the system, so it's like.

Little snitch and all those.

Little snitch and all those.

Yeah, yeah, yeah, yeah, yeah. Everything was broken. Like, for one specific Apple update. They broke it. Yeah. So we get events from the macOS. Everything. Every time someone tries to connect like a two or packet to send a packet or something like that, and we never received them as if built in firewall was on. Right. So this is a downside about that. So Apple Apple broke something. We couldn't do anything about that.

Yeah, yeah, yeah, yeah, yeah. Everything was broken. Like, for one specific Apple update. They broke it. Yeah. So we get events from the macOS. Everything. Every time someone tries to connect like a two or packet to send a packet or something like that, and we never received them as if built in firewall was on. Right. So this is a downside about that. So Apple Apple broke something. We couldn't do anything about that.

Now they fixed that or it's just broken from now on.

Now they fixed that or it's just broken from now on.

No no no it's it's fixed. But I was like you see everything is in apple hands basically.

No no no it's it's fixed. But I was like you see everything is in apple hands basically.

Yeah. Yeah that's that's a good point. They do do hold all the cards there. Yes. Um, okay. So, um, so the question I have for you is it seems like the product overall is the zero trust concept, and you're simply applying it at all these different module stages because they all need something slightly different. Yeah. So it's yeah that makes sense. Yeah, that's really interesting.

Yeah. Yeah that's that's a good point. They do do hold all the cards there. Yes. Um, okay. So, um, so the question I have for you is it seems like the product overall is the zero trust concept, and you're simply applying it at all these different module stages because they all need something slightly different. Yeah. So it's yeah that makes sense. Yeah, that's really interesting.

Yeah. So, like, your system is not just simple applications. It's more complicated than that. So. And so we try to apply this to every single level to, to make better protection.

Yeah. So, like, your system is not just simple applications. It's more complicated than that. So. And so we try to apply this to every single level to, to make better protection.

Yeah that makes sense. And how different is the Mac side of it from the windows other than like the permissions and stuff that we talked about is the installation is pretty standard Mac installation. What about administration? Is it all look the same inside of the portal and everything?

Yeah that makes sense. And how different is the Mac side of it from the windows other than like the permissions and stuff that we talked about is the installation is pretty standard Mac installation. What about administration? Is it all look the same inside of the portal and everything?

Yeah. So basically we're talking about like business logic of things. It's all the same obviously like paths are different right? Like windows, Mac, Linux like like we're talking about file system or something like that. So it's all this network completely say like for for from the user perspective it's the same thing like application control ringfencing is all the same thing. You can. You need to understand Mac OS to make better policies for in some cases. But in general, we're trying to make this seamless for all of the users. So they should not distinguish oh, I have windows, I have Linux. If they have specific app like Adobe app, right. They want to install it. We have built in policy for windows. We have built in policy for Mac, and there's nothing distinguishing that from user perspective. So they just can add this policy to their system and it's going to work.

Yeah. So basically we're talking about like business logic of things. It's all the same obviously like paths are different right? Like windows, Mac, Linux like like we're talking about file system or something like that. So it's all this network completely say like for for from the user perspective it's the same thing like application control ringfencing is all the same thing. You can. You need to understand Mac OS to make better policies for in some cases. But in general, we're trying to make this seamless for all of the users. So they should not distinguish oh, I have windows, I have Linux. If they have specific app like Adobe app, right. They want to install it. We have built in policy for windows. We have built in policy for Mac, and there's nothing distinguishing that from user perspective. So they just can add this policy to their system and it's going to work.

Yeah. That makes sense. Um, so when are these new products coming out?

Yeah. That makes sense. Um, so when are these new products coming out?

Yeah. So new products they coming out like pretty soon I hope I hope in a couple of weeks. But we'll see. Okay. Yeah. It's not it's not up to me. So there's QA stage. There's also but yeah, uh, I honestly I don't know. It's not on the Mac. On the Mac. Web controls coming pretty soon. But we have a couple of problems with the Chrome to browsers except Safari, Safari, Safari and Mac works a little bit better, and it's easier to handle some things from that standpoint. But other browsers, we we need to figure some things out.

Yeah. So new products they coming out like pretty soon I hope I hope in a couple of weeks. But we'll see. Okay. Yeah. It's not it's not up to me. So there's QA stage. There's also but yeah, uh, I honestly I don't know. It's not on the Mac. On the Mac. Web controls coming pretty soon. But we have a couple of problems with the Chrome to browsers except Safari, Safari, Safari and Mac works a little bit better, and it's easier to handle some things from that standpoint. But other browsers, we we need to figure some things out.

Yeah, browsers are tough because they're always changing their security stuff. And just it seems like it moves a lot, especially with like extensions and stuff. So. Yeah, that makes sense.

Yeah, browsers are tough because they're always changing their security stuff. And just it seems like it moves a lot, especially with like extensions and stuff. So. Yeah, that makes sense.

Yeah.

Yeah.

And so um.

And so um.

But on the Mac patch management and insights will come a little bit later. Uh, because we have like Mac, it's not as huge as windows. So we have a little bit smaller team, but we're trying to keep up as fast as we can. So it's gonna come out like, I hope, until the end of this month. Web control and insights patch management. I really hope it's gonna come out, uh, at until the end of the month.

But on the Mac patch management and insights will come a little bit later. Uh, because we have like Mac, it's not as huge as windows. So we have a little bit smaller team, but we're trying to keep up as fast as we can. So it's gonna come out like, I hope, until the end of this month. Web control and insights patch management. I really hope it's gonna come out, uh, at until the end of the month.

Okay. Well. Very cool. Um, anything else you wanted to share? Uh, where can we find more information about the products?

Okay. Well. Very cool. Um, anything else you wanted to share? Uh, where can we find more information about the products?

Oh, we have we have YouTube, we have LinkedIn, we have website. So you can go anywhere. We're we're everywhere.

Oh, we have we have YouTube, we have LinkedIn, we have website. So you can go anywhere. We're we're everywhere.

Awesome. Well, it was great to chat with you and, uh, enjoy the conversation.

Awesome. Well, it was great to chat with you and, uh, enjoy the conversation.

Thank you.

Thank you.

All right. Take care.

All right. Take care.

Take care.

Take care.

Unsupervised learning is produced on Hindenburg Pro using an SM seven B microphone. A video version of the podcast is available on the Unsupervised Learning YouTube channel, and the text version with full links and notes is available at Daniel Mysa.com slash newsletter. We'll see you next time.

Unsupervised learning is produced on Hindenburg Pro using an SM seven B microphone. A video version of the podcast is available on the Unsupervised Learning YouTube channel, and the text version with full links and notes is available at Daniel Mysa.com slash newsletter. We'll see you next time.