Podcast Shielding your Remote Setup with Microsoft Cyber Security
By Insight Editor / 21 Dec 2021 / Topics: Hybrid workforce
By Insight Editor / 21 Dec 2021 / Topics: Hybrid workforce
As businesses settle into a hybrid model, security is top of mind. End users are no longer protected by their corporation's hardware, with hackers learning to target remote locations. Join Jacques Van Zijl, Microsoft's National Cyber Defense Specialist and Flavian Castelino from Insight's Cloud + Data Center Transformation team, for a critical discussion on how remote workers can actively protect themselves from security breaches.
To experience this week’s episode, listen on the player above, watch the conversation below or scroll down to read a complete transcript. You can also subscribe to Insight TechTalk on iTunes, Spotify, Stitcher and Google Play.
Transcript of audio:
Published December 21, 2021
FLAVIAN
Hello there, welcome to our Tech Talk. My name is Flavian Castelino. I'm a Senior Manager of a cloud and data center transformation team. We do everything network and security and hybrid IT. And I have with me Jacques van Zijl from Microsoft security team and we're going to be talking today about how do we secure our remote workers. So welcome to the show Jacques, glad to have you here.
JACQUES
Thank you very much Flavian.
FLAVIAN
So let's get with the program right away. So quick question for you Jacques, as you know, thanks to the pandemic over the last two years we are now working from home. Almost everybody was sent home in a hurry and some of us aren't coming back. It's a hybrid situation. So I'd like to know from you, from your experience in security, what can we do to secure our remote workers? What does the enterprise have to do to make sure that everything is safe?
JACQUES
Yeah, Flavian so we see a lot of new attacks. So in our cyber security team at Microsoft we see individuals used to work in offices and have all of that high-end gear. All that huge money we've been spending on hardware. And suddenly now with the pandemic we go home, we don't take that gear right? So we rely on our internal gear that we use from home like a normal router, connected internet or our VPN and you know, do our work that way. Hackers has become slightly a little bit more clever that way. So we start to see them putting up devices outside your houses or street or in public areas, and they start to actually tap into that network. And they can see when certain data are flowing. For instance they can actually see if it's a movie file or if it's a work-related or a VPN or a RDP into a network or something like that. They wouldn't be able to tap into it but, they can centrally see this device is connecting to another device. "Hmm that could be work" So what they will then do is (clears throat) they will attack that device. So we had to think right outside the box. How can we bring the "enterprise" into the home?
FLAVIAN
Mmhmm.
JACQUES
So there's a lot of products in Microsoft itself, that allows us to install that particular enterprise on your endpoint machine. And then gives you that workflow exactly like you were doing it in office, just an endpoint, but to give you that high in tech security to actually check and let your blue team in your organization know that there is something either tapping into your network or it's sniffing something or it's trying to upload or send you something that it should not. So we start to see more and more of that. It can become very complicated. So it's normally very good to get your partner involved or somebody involved that really knows this area pretty well. Also what we start to see and do is do a regular ping test in the organization, purely through this, so that they can see, so the ping tester can actually tell you what they see that you may be not being aware of-
FLAVIAN
Right, right.
JACQUES
And that would be a very good step to go. And there's a lot of global ping testers that one can sign up. Just one thing to keep in mind, when you do a ping test, just let your lead team know. (chuckles)
FLAVIAN
Right.
JACQUES
Make them aware of it because there will be certain things that will you know come into your central product and stuff like that to tell "Hey, there's somebody in the network" and maybe there isn't. On that case as well, probably what we also start to see is these physical attack forms.
FLAVIAN
Mmhmm.
JACQUES
So you get the software attack forms where people can actually take your network like I just explained and then you get other things that we start to see. Things that people could put outside your house, your home, your business. You start to see some of these devices that's coming into the network, which is called Key Crocs well this particular one is a Key Croc, but you can get like a (indistinct), Rubber Duckies. The latest one is actually a normal USB cable that you can charge an iPhone that actually went now further. You can not get one that you can charge for your Android devices and stuff like that. But those little device have a complete LTE device in it.
FLAVIAN
Wow. Okay.
JACQUES
They put it outside. Kids will be kids, they play outside, they pickup a cable like "Hey, this thing is quite expensive, so I can charge." Go inside the home, plug it into a computer or a device if it's not into a computer, good. But what are the chances? They normally plug it into like a PC at home or something when they're going to play games or so forth. Plug the cell phone in, it's got nothing to do with the cell phone.
FLAVIAN
Mmhmm.
JACQUES
What its got to do with is this device connects to what we call a C2 cloud server. And they sit all around the dark web. So this device is programmed or this device or rubber ducky is programmed to not go out of the scope is just to go straight to that C2 cloud server. And from there on, they can then send keystrokes down. They can make it go to certain places that you don't want to go. They can actually pop up like an app that's, "Hey, update your machine." But it's not really an update. It's actually a load something down. I mean these guys get extremely creative.
FLAVIAN
What you're telling me Jacques is quite, quite scary, So here's a question for you. What can I, as a lay guy working from home, What can- how does- what signs do I get to know that, "Hey, maybe I'm compromised or something else is happening on my machine." And what do I do about it?
JACQUES
It's a very loaded question because every individual acts differently to what they know is the norm. I normally say it's a very hard question because when I'm in cyber security, we are trying to see certain things. It's the assignment, you're a police officer and you go into a place you kind of know what to look for. And I'm just a normal civilian. And I would just look at two people or something happening and I won't actually pick up there's an issue, right? Behavior, make sure that every time you go into the system, that the behavior is normal for any individual that is on a computer. If you see the behavior of whatever the software you're using or something is not quite what you see on a daily basis report it to your IT instantly say, "Hi guys something is not working as I think it should work. Can you please have a look into it? It might just be the day that the internet might be slow or something like that but it gives your IT a heads up. There was something wrong. I can check into it. It's time. It's timed in. They can actually just quickly do a scan or just check out.
FLAVIAN
Right. Basically, I mean we got to behave as it is zero trust. Don't trust anything, report it to IT right away, right?
JACQUES
Yep.
FLAVIAN
Great. Now the other question I had is around cloud, we are accessing cloud applications all the time now like almost everything is in the cloud. Is it different for me working from home or from the office, or what do I do to protect my cloud activity?
JACQUES
Yeah. There's a general consensus that if something goes into the cloud, it's not kind of safe. It's out there, actually it's other way around the amount of billions of dollars that's been spent on a backing of that cloud infrastructure. Doesn't matter what cloud constructor you can use. It is so significantly to pick up different anomalies. Okay. So when a software or you or an individual or program logs into the plant system, they have a vast array of programs in the backend to check who you are, where you come from, what your IP address. There's certain information that in a backend, especially if have run the window 11 and you have our products installed that gives that handshake a lot of information to say, "I am who I am." And that consistent coexist of programs and applications as well from a cell phone, from a PC, a server, whatever you are you're working with, it will keep that information. Now, can you mimic that information? And that's just kind of where I come in from my work. So at Microsoft what I do is that I'm the national cyber defense specialist, and I actually check how we can fake almost like they say, "Fake it till you make it." So we tried to fake the system and to try to think, "Hey, I am what you think I am." And then we collect that information back into Microsoft click run about 27 trillion signals a day.
FLAVIAN
Wow.
JACQUES
And by that question, do what we call a big ML Machine learning system. And that gets sent down to our defender and other products and they're trying to make it as you know, the AI and ML so smart that exactly what you say, "How do I know that I'm safe?" And that's where that system comes in, but your security team in the backend can actually sit and have a look what's going on. And instantly if something goes wrong, it will tell them "Hey there's something that's moving around that should not move around in that particular database. So at Microsoft we do a lot of work what we call zero trust. So we don't trust anything. The second thing is we trust which is our partners and our people. And thirdly, what we're trying to also do as with AI and ML work is to actually make that signals into where it's quick and fast but also it's very accurate. And the way we do it as by something called behavior based solution. So every day the system are communicating to Azure to tell it how am I behaving? If I move out of that behavior it acts and a lot of other products or vendors out there do it in a different basis.
FLAVIAN
Right.
JACQUES
And that's worked for them. But what we do is, Windows is our product.
FLAVIAN
Right.
JACQUES
So we have certain layers of like a cake in there that we can tap into when nobody else can tap into.
FLAVIAN
Right. Right. No, I mean cyber security to me is very interesting topic. And it's so wide out there that you need all kinds of expertise and the talent is short. I mean we don't have enough talent to do this. So here's my question to you. Microsoft works everyday, guys like you are improving their products, bringing our new security features, functions. So what can you tell me about what's on the roadmap? Things are happening almost every day. What's Microsoft doing to kind of fine tune their products or maybe get some better security features. Can you tell me something about that?
JACQUES
Yeah. So Microsoft is actually sitting down and if you look about 15 to 20 years ago. We kind of put a product out there and then we waited for people to come back and you get some spec, 100 condominium. If you remember those days, suspect one, suspect two, three, and we try and do to work mostly on. We get a problem and then we fix it. Today everything with our technology we have today, we either acquire an organization or we would actually put it in our roadmap. This is what's coming up. So we try and the trends are much more faster. And because we get all these millions of signals that's coming in, trillions of signals, we can elevate it between all our products and we have data. We have data, we have knowledge. With knowledge you can make the right decision the way you want to spend it.
FLAVIAN
Right. Right. Right. So I mean, most important thing is visibility. And the fact that you said you got trillions of data points in a day that gives you that visibility and then the ability to tackle whatever problem it is. Right? So I mean thank you for that Jacques. I mean, that was a very interesting conversation. And to me I think if I take the summary of what we discussed, one is zero trust. When you don't trust anything that goes on, call your IT, keep the freight, because Microsoft is working on looking at things, you see trillions of data points a day. You can absolutely work on stuff and help us get to a safer place and at the end of the day, cyber security is everybody's responsibility. It's not just the enterprise or your IT team. You as an individual, have to take personal interest in this and make sure you're safe because not just the enterprise assets, even your personal assets can be taken from you in a minute. The tools you showed me just about scared the heck out of me.
JACQUES
And I'm not stopping anytime soon. (indistinct) actually more and more. So yeah, we need to be in top of our game all the time.
FLAVIAN
Thank you. Thank you for that, Jacques. And I hope you guys enjoyed our little conversation about securing the remote worker. Thank you.
JACQUES
Thank you Flavian. Have a good day.
FLAVIAN
You too Jacques.
Senior Manager, Cloud & Data Transformation
National Cyber Defense Specialist, Microsoft
Receive automatic notifications when new episodes are released.
