Linux Security: Be Afraid. Be Very Afraid.

body copy

Cybersecurity expert, Bob Erdman, recently sat down with Linux Journal to discuss the security threats Linux users face on a daily basis. Listen to the podcast now.

 

 


 

Katherine Druckman:
Hey, Linux Journal readers. I'm Katherine Druckman, I'm talking to Doc Searls, our editor in chief. And we have a guest today, Bob Erdman, who is the Security Product Manager for HelpSystems. He works on Linux and Unix security for governments and businesses. Thanks Bob, for talking to us today, and lending us a little bit of your expertise.

Bob Erdman:
Thank you for having me.

Katherine Druckman:
As I understand it, your particular interests are in malware viruses, ransomware, as they effect Linux users. It seems to me that a lot of Linux users feel exempt from a lot of the threats that are out there. When you think of viruses, typically people are thinking, “Oh, well that mostly affects Windows users.” How are Linux users affected?

Bob Erdman:
Their affected these days just like any other operating system. In the past we've heard a lot of those same things from our user community and other people that we work with. It's open sourced, it's fundamentally more secure than stupid old Windows. Desktops are where all the hackers go, that's where they’re always targeting. I really don't need to worry about it all that much, that big open sourced brain is going to protect me. I really don't have to worry about a lot of different things. More, and more now, we are seeing targets that are not Windows. From the surveys that we do, between 30% and 35% of all of the new malware that's being discovered out there in the field is specifically targeting Linux Unix operating system types, lumping in that, some of that is Macs, some of that is Android, they're in those same flavors but not Windows anymore. Everybody is being affected. The largest ransomware payment that we publicly know of to date is actually for Linux.

Doc Searls:
Which one was that?

Bob Erdman:
That was the big payment over in Korea, that big hosting provider. They had all of their systems compromised. That's still, from what we've seen in our latest surveys, is the largest single payment that we know of was that one. That was where they compromise the backend Linux hosting servers for a lot of business websites. It took all of the systems down and they paid over a million dollars from all public reports for that breach to get the keys. The keys don't always help you, they're always going to tell you not to buy the ransom key.

There's no guarantee that it'll work. Sometimes it's false. They just want to take the money and run. Sometimes you'll get the key much like the Apex group, there was recently attack, they got their keys, they got a lot of their data back. Some of it was a little scrambled, it broke a lot of the files. It wasn't just a quick solution to apply that key and everything comes back to life but it did help them. It's really a business decision that you'll have to make with your IT professional.  You're outside consultants and your law enforcement contacts. Is it better for you to try and pay the ransom and get your data back or is it better for you to fight it and rely on your backups and your protections?

Katherine Druckman:
That is a scary story. I actually was just reading about that in preparation for this broadcast. It's more than a little unsettling. There obviously are some advantages to using an open source operating system and a lot of people feel like they keep their software up to date and they apply patches and everything there. They feel a little bit better about things. How much better off are Linux users then Windows users?

Bob Erdman:
Personally, I'm a huge believer in Linux. That's been my primary focus for the 27 years that I've been a computer professional. It's generally been on either Unix or Linux systems. One of the interesting things that you just mentioned though was patching and configuration. That is always the Achilles heel especially in a lot of businesses. They aren't patched, that vulnerability we just talked about, that ransomware, they were running old kernels, old utilities, old web hosting and they were easily broken into. A lot of times we aren't seeing people quickly applying patches. The big issue with Equifax, I think it was Equifax missing patches. Things that already been patched, the big issues with not Petya and EternalBlue. Again, that was Windows patches existed, but patches were not applied. We see that over and over. We see that happening across all the operating systems.

Linux is just as vulnerable, sometimes more, because they just don't go down that much. People got into the habit of needing to reboot Windows a lot, because in the old days a lot of the patches required reboots. People don't get in that habit so much with Linux and Unix machines because they just don't go down that often. They really don't have to be rebooted very much. Even recently now with live splicing with the kernel, you don't even have to restart it to do a kernel update anymore as often as you used to. Things can fall by the wayside. It depends on how people decide to design their patching cycles. From our commercial and the clients that we had. We generally ended at the spot that it's better for us to patch instantly and worry about any fallout from not testing against the patches. As much because we didn't usually find any issues with the patches and we had a protection rate then, holding off for three, four weeks trying to run all of these patches through all of our QA cycles.

Finally, getting them out when the attackers are usually five minutes later, they're already out the door trying to attack these things because they knew about them before we did. We try and patch much faster in our side, we've seen a lot of issues with configuration as well. By all reports, configuration is one of the major problems. We see it all the time. There's some really great graphics and some of the IBM thread exchange, their X-Force articles that have mapped out by what type of breach did we see over the last few years. By far the largest is just simple misconfigurations. You're leaving buckets exposed for your data up in the cloud, you're leaving systems open to the Internet on ports and protocols that you forgot you had open. Somebody makes a change for a quick fix that they forget to roll back.

Many times we're seeing that initial infection coming in through a misconfiguration air. They can get that initial breach, drop a little malware, they start to reach out to their command and control infrastructure. Bringing more malware, start moving laterally around and living off the land in your environment so there's a lot of different reasons that we need to worry about that. It's not always even outside hacker groups. It may be disgruntled insiders taking advantage of your configurations to get things they shouldn't have and to cause damage that you don't want them to cause.

Katherine Druckman:
That's interesting. It's a good point. We talk about, obviously a big hosting company is going to be a more appealing target but what are the threats to Linux desktop users?

Bob Erdman:
More and more we're seeing that the smaller institutions are where the majority of the attacks are occurring because they don't generally have as good of security as those larger infrastructures do.

There's definitely targeted attacks where they're doing their research and they're going to go out against the deep pocket and try and make a big score all at once. A lot of times, especially on the information stealing, where they're trying to get people's health information, get their personal information, they're building that database to use for identity theft and other things. They're attacking more of those smaller providers because they don't generally have that big infrastructure set up to protect themselves. A lot of things that we're seeing, attacks against smaller healthcare, especially. They're not going after the large hospital network that has a big IT infrastructure, there going after the outside clinic attached to that large hospital network. Because once they can get a foothold at that doctor's office in the strip mall, now they can hop back to that bigger enterprise infrastructure and all of that data is really valuable to them, especially if they can get healthcare type data. Because of the breadth of personal information that's held inside of it.

Katherine Druckman:
Sure. Health privacy is a hot topic and is a little bit of a scary topic to be honest.

Doc Searls:
If you're looking at a pie chart of the categorical types thereafter, you've just mentioned healthcare as one, I imagined financial retail. Is military or anything like that as a target. I mentioned they're fairly better secured, there's less money being spent by the federal government anyway right now on stuff. I'm wondering if there's a pie chart of what are the typical categories as those things sort out.

Bob Erdman:
There are some of those out there and available. We actually just did a fairly large survey recently about ransomware and malware and it wasn't so much getting out towards industry but the types of data that was being stolen and the number one issue that we were seeing was consumer information. Actually that was top of the list because of the so many different things they're able to do with that. Moving down from there we had financial data and then company intellectual property and that bled between commercial and government interests. Many times of intellectual property may be the plans for the next generation surface to air missile or next part of your plan. It's amazing how many small suppliers to the government actually rest.

Katherine Druckman:
Many Point of failure. Potential point of failure.

Doc Searls:
A question is that if the bad guys, who want consumer information, are they selling it? What are they doing with it?

Bob Erdman:
They are definitely selling it and then they're using it to go out and of course then do identity theft, try and compromise your banking credentials and other things. They're building that database and many little pieces. If they can get a few pieces from this person and a few pieces from another company on that person in a few more pieces from somewhere else, they suddenly have a really good record of you. It's much like the marketers are doing today, they're gathering data from all the public records, all the things you do on Facebook and Google everywhere else their building that picture of you and that picture is now really valuable because they can use that to take your identity over. We're seeing that happen a lot with minor children as well. People that are attacking education K-12, college age even.

It's much less likely that you're going to notice a new credit card open for your six-year-old because you're not watching their credit report. Then you will if they opened it up on you. That identity is just an identity to them still. If they can start to use those names, use those numbers, they're building that compromise and we see more and more that they're staying inside of this enterprise networks much longer. Average dwell time is 180 to 200 days where they're in that network moving around, living off the land and gathering data, before they launch anything that may be public facing to you where you see what's going on. Sometimes it's years.

Doc Searls:
Or they may never become public I suppose. I mean, in many cases they don't need to. If they're not doing a ransom move, they harvest the data and then sell it somewhere else.

Bob Erdman:
That's true. A lot of these teams, and they are teams, they have guys that specialize in the different areas. They have a compromised person whose job it is to get inside and then they have somebody that they're paying to install the different pieces of malware in the system. Then they'll farm that off to essentially a broker network and he's going to go out and slice up what access they have to, what systems sell that off to his threat actors. Then they're going to come in and take over and then they're going to try and stay in there, get their malware in place, get the tools that they like and then live off the land until they're ready to launch an attack.

It may be quite a while that they're in there, getting set up before they actually pull that trigger, especially with ransomware, because of course they don't want to just get your current files, they want to get your backups and your HA and everything else. The deeper they can get the more money they can try and extract from you. They're making a lot. The SamSam group, something like $6 million. They're estimating now in the last year or two, I think about 3.8 million. I think they've taken instance last August. It's big money.

Doc Searls:
These are names for bad guys. You're telling us?

Bob Erdman:
These are names for bad guy type attack groups. They are tracing cryptocurrency transactions. They're not always getting to the end and prosecuting. It's been pretty tough actually, a lot of times you can see the flow of the currency through the transaction chains. They're taking estimates based on what they know and what's publicly been released but it's millions and that's just a tiny fraction of what's really costing, because of course then you have the cost of the cleanup and the damage. The raising of insurance, the loss of your brand loyalty, all of those outside factors. It's multiples of that $10 million.

Doc Searls:
If you want to be a bad guy where do you apply? I mean, this job. Did they have to go to a certain country? Is there somewhere in the dark web I can submit an application, really wondering. There is clearly a career here.

Bob Erdman:
There are a lot of places on the dark web that you can go, if you were thinking about where you physically want to be located, I would highly suggest somewhere without an extradition treaty to the United States of course but that exists out there many times now with ransomware for example, it's more ransomware as a service. You will go out, you will buy your toolkit and the people writing your toolkit will support you, they will give you assistance and they will take a slice of that money that you're going to collect. It's not very expensive. You can go out and buy machine access. There are whole marketplaces set up where you can go in and say what kind of machine you want or maybe what company you want that machine to belong to. They will guarantee you at the time of sale that you will have access through the credential set that they give you.

They can't guarantee how long it'll last, but that is an open connection when they give it to you and you can go in and start typing in fortune 500 names and you will start seeing things come up. Usually you can go in on those as an owner of the systems, like I can go in for one from my company and they'll generally cut you a break to sell you back the access.

It does exist. It is pretty easy to get into it and those are just a few of the ways DoS attacks. You can order those up. Of course, they'd been prosecuting a lot of those lately. We've seen some recent law enforcement action there, which has been great. Taking down a few of those networks and a few of those websites that were a little sketchy. “Yeah, we're doing this for commercial, to help other IT,” but really they're doing it to sell to people that want to damage IT. So more and more they're starting to get after some of those people, but it's tough if you don't have a place where US enforcement can reach over there. Many times it's very hard to prosecute.

Doc Searls:
I would imagine there's a lot of expertise there?

Bob Erdman:
They're very good at hiding.

Katherine Druckman:
Exactly, it's very profitable and therefore you can hire the top talent. That's interesting.

Doc Searls:
Yeah, the whole state sponsored thing too. They don't really care because the state is sponsoring that. There's a lot of thoughts around places like North Korea and the issues they're having with bringing in revenue, they're using some of these attack paths to go out and try and generate revenue for the state. Other places. I think they're trying to steal secrets where it's more China wanting your factory secrets or some other country.

Doc Searls:
There's lots of reasons that the state actors are in there as well. We all know we're doing it to people too. We just don't really know what but the NSA is not sitting by lately. I'm sure.

Katherine Druckman:
We don't really know what we don't know

Bob Erdman:
Unfortunately, so much leaked from the NSA. A lot of these attack patterns are coming from things that were dropped out to WikiLeaks and other places that had been internal usage by U.S. entities that then got leaked out to the world that of course the hackers take that over, they start using it too.

Katherine Druckman:
Well and then the NSA just open sourced a bunch of their software, which was interesting.

Doc Searls:
Is that helpful when the NSA opens sources a bunch of stuff like that to you and the good guys in this thing as well, as I imagine opensource can use it to?

Bob Erdman:
Yeah, they generally aren't going to do that unless we've dealt with some of those things already and have some protections in place. It does help people like us that are working to help write protections and things because that gives us more knowledge. It lets us validate that the tools we're building are going to take care of the attacks that are being generated and coming back against us. In the long term, it's good. I think there's some short term pain to some of those things though because attackers will jump on it and if you're not keeping up, you may be susceptible to some of that.

Katherine Druckman:
Now that we've thoroughly scared everyone listening, not that our readers didn't already know a lot of this. We know what's what for the most part. What can we do about these things? How do we avoid these problems? Obviously the big companies can afford to hire experts like you and that's great but what about people like me, users and whatnot? How can we protect our data, our consumer information, all of this wonderful valuable stuff that's out there about all of us. How do we protect ourselves?

Bob Erdman:
A lot of it comes down initially to just good computer hygiene. The patching, your configurations. Many times knowing security flaws on servers and desktops are being used for that initial attack vector. You don't want to do that. You want to make sure that your patch, to make sure that you configured correctly, disabling protocols and things you don't need. Leaving things like RDP or SSH connections open to places they don't want to be open to or open to the Internet even we see sometimes. It makes it really easy to start breaking into these things. Knowing what you have on your network, knowing where your network has holes, knowing where your network is, providing services outside of your company environment or your home environment. There's a lot of free tools, there's a lot of paid tools.

That can help you determine those things. Even as a home user. A plug for one of the things we have—we have a free version of our network mapping tool. It's good for 10 connections. A lot of people use it at their house, they can plug it in, see all their little devices around the house where data's going, what data's happening but there's a lot of commercial tools available like that as well. Training your employees if you have business, understanding what a phishing email looks like. Phishing is a huge attack vectors, they are going to send you a message crafted to look like something you will open, either replicating maybe the logo of a company that you've done business with. We see a lot at the end of the quarter notes. It's the end of Q1, there'll be a whole lot of phishing attacks around, "Hey, there's a problem with my invoice. Sales help me," kind of a message and of course that's my commission.

I'm going to try and click on that and see what's going on and they'll have a malicious payload hidden in the back. Helping your employees understand what those things look like, or even you as a home user, understanding what those look like. If that link that it came from doesn't look quite right, it probably isn't quite right because they will buy web links that look very close to the link that you would have. It's not U.S. Bank, it's USB spelled wrong, a and K or something like that to try and get you to go to their site first. There's also tools out there that you can use for that domain doppelganger type tools where you can plug in. What's your legitimate website? Show me all the variations that may exist and if any of them are actually active.

Doc Searls:
It's funny, I can't count how many, spams that I get that say "Hey password," which is a password I used the 1993 or something. "I have everything on you and I'm going to take you down unless you send me some bitcoin." I always ignore those or throw those away. Should I be doing that? Should I be throwing them away? Should I actually save them and send them to law enforcement? What do you do with those things? At this point I just discovered today, as a matter of fact, my spam detection is actually putting those into spam. It just sees them as spam. There are quite a few of them. Besides ignoring them or throwing them away, is there something somebody ought to be doing with those?

Bob Erdman:
As a home user, I usually just recommend to throw them away. Don't open them, don't click on them, especially if you can recognize that it's something that's pretty old. It's most likely coming from one of those larger data dumps. It's amazing how many people in the United States now are under some form of identity protection based on all of the local breaches that have happened. I personally think I'm under four or five that had been offered because every time a big breach happens they have to offer everybody identity theft protection. They offer it for a year, those data dumps, a lot of those are fairly old data. You're seeing those weird old passwords coming from things like that. Yahoo breach, there'll be some dump where they parsing out different pieces of that huge data archive that one person on the dark web has.

A lot of it's been gleaned from years and years. Internally we usually recommend letting your internal security team know. If nothing else, they're going to want to tune their spam filters to watch out for more of this stuff. Generally, unless it's something fairly large, there's not a lot that law enforcement locally can do. The police departments just don't have the kind of expatiates. Usually, you generally have to get up to something more of a federal type thing. An email many times can pull them in. Of course, because of commerce real is going across state lines with an email. That's enough where you could genuinely get a government intervention but unless it's something big, they probably aren't going to look at it. We usually just recommend, throw it away, don't click on it.

Look and see if it looks like it makes sense. A lot of times those password ones are fake anyways. You need to be a little careful. It's like, "Hey, I'm going to release your compromising photos from your trip to Vegas," and you know, you never did that. You're probably okay if it's something you might've done. There's been a lot of attacks on those adult websites in the last few years because they know it's embarrassing if they can get to you and then try and use that to leverage you or blackmail you to do different things.

Doc Searls:
What about mobile and IoT? Those are a major concern at this point. There's a lot more variety among operating systems operating out there. For example.

Bob Erdman:
There is and there's a lot of malware these days that is Android and iPhone based. A lot of it is hiding in plain sight as sort of legitimate applications and maybe they're not out there to break your phone or steal your photos. A lot of times they're trying to use your phone CPU to do crypto mining or to do DoS attacks. The big vendors try to do a pretty good job of scrubbing and taking a look at what's on those different stores.

They don't catch everything though, of course, there's a lot of it out there that's being exposed all the time. Many of those antivirus applications that exist on those stores are literally junk. They don't do anything. If you are going to use a mobile antivirus, a reputable vendor is probably the best thing to look at. It's somebody that you recognize that does any virus for other things because a lot of those apps, they're really not looking for anything other than your data because of course they give you, "Give me access to blah, blah, blah, so that I could start up." Then they're just going to mine that data off your device.

IoT is a huge issue these days. A lot of those IoT devices from security cameras to smart TVs, to your key card system to get into your network are connected to the network, possibly connected to the internet or connected to Wi-Fi and they are being attacked at an alarming rate. There are many variants of malware out there for those. Those are generally Linux-based because it's small and lightweight. Sometimes those devices are, or that malware is even being part of now over to more of the server side. Mirai is one of the big ones. There was just a new version of that that popped in the lab the last few days with a whole bunch of new exploits. Their main targets in this one are smart TVs and presentation system. Some of those new Wi-Fi are going to get up on the camera screen on the wall without having to plug in my HDMI cord type solutions.

More and more that's happening and there's not always anything you can do about it. A lot of those devices don't have firmware. That's easy to upgrade. They change versions every three weeks on some of those things and the consumer side, they're already out of date by the time you find out there's a problem. More and more it's getting to be, you really have to understand, but that, especially in the corporate side, again gets to understanding what's on your network. Somebody's plugged in a rogue access point and it has a critical flaw in its firmware. That may be an entry point into your data center. As people can attack that as they're coming around and looking for things to do. We've even seen people going in and replace firmware to steal print jobs. A great place to get company information is getting somebody else's compromised firmware on a network connected printer. Every time you print something, it also copies to me and I can just read it at my leisure what you're sending.

Katherine Druckman:
Interesting. What about cars? I would imagine that there are a lot of security concerns now with. I mean, before we even get to self-driving cars, but cars are very connected so?

Bob Erdman:
They are and they're very often being hacked and high profile YouTube videos to show people what's being done. All of those manufacturers are working really hard to secure those systems. They are some pretty interesting videos to watch where you can get out and just take over a car and watch them sit in the backseat and take over the controls and these smart cars. It definitely exists and it's going to be a problem that they have to deal with. Just like any other device, everything that you start to connect. You can connect your refrigerator to the Internet so it can start to tell you when your milk is running low and that means now somebody can try and get to your refrigerator and take over that device. Every new piece is a new way.

Even medical devices are starting to show those. There's been some of those great spy thriller TV shows where, "Hey, I'm going to launch my attack against the guys pacemaker." It looks great on TV, but those things are starting to be seen. I haven't heard of any big proven, actual issues with them but they definitely by security research, have found that they are vulnerable to those types of attacks because now of course they're making them without wires. It's Bluetooth or NFC. You get close enough so that we can see what's going on with that internal implantable device that opens up other vectors. Again, of course that could be pretty scary.

Katherine Druckman:
Well, I'm depressed now.

Bob Erdman:
Lock your doors.

Doc Searls:
We can title this podcast, “Be afraid, be very afraid.”

Bob Erdman:
A little fear is probably good in some of these things.

Doc Searls:
Fear is your friend. Tell us a little bit about HelpSystems and what your day job is like and how that looks for you.

Bob Erdman:
I'm a Product Manager, and I think I have a great day job. I get to talk to our customers and our partners. Then I get to go back to our development teams and say, "Hey, go build this." HelpSystems is a big worldwide company. We are all over the world. We have like 20 offices and we build software for either security solutions or process automation in intelligence across from Windows to mainframes. I get to see a lot of different things. The majority of my focus is of course Linux, Unix type solutions. Beyond just antivirus, we look at a lot of that, more of defense in depth kind of thing. That's a good key for a lot of industries and all the government guys.

If any, are listening, they hear that defense in depth all the time. Having something like an endpoint solution that having something a little bit wider on the network. Building things that can see communication channels between your compromised devices and these threat actors anywhere in the world. Being able to recognize those types of things, sim solutions, multifactor authentication, more and more that's being offered from all kinds of different websites.

Something you can take advantage of to help protect yourself. It's not just that I know my password. I’m also either holding a device or I'm using my fingerprint and a biometric reader. Something you have, something you are, something that you know to make sure that it's harder for people to get into your accounts. A lot of the big web service companies now, your banks and financials, are all opening up that MFA. Definitely something to take advantage of if you can do that. We really enjoy doing the things that we're doing and be able to help protect all these different industries. I work with minimal five server installations up to Fortune 50s that have 105,000 servers in their environment. It really gives us a broad mix of people that look at and to understand and to see what's going on in the world.

Doc Searls:
You have a good window into how Linux has changed inside of the corporate world. I wouldn't say corporate America because you're an international company. What are the biggest trends you're seeing right now and we talk a lot about or think a lot about containers and a particular angle I'm looking for here is actually how far we've gone from where we were when you were starting out 27 years ago. In terms of actually respecting the need, this sort of stay true to those original, free software and open source imperatives. As we automate more and more and we program at higher levels who tend to miss some of why Linux succeeded in the first place. I'm just wondering if you have a window on some of that inside companies. I was wondering if you share some of that.

Bob Erdman:
We're seeing more and more migration towards those Linux workloads in the cloud. The cloud may be a private cloud in your premises or it may be a public cloud like Amazon or Azure or Google and some of the others. More and more we're starting to see those workloads being just in time and coming up in those cloud type environment. It's much more commodity based. You're unfortunately letting out how long you've been doing some of this. I think we had at our biggest point 11 different builds of our software because back then every hardware vendor had their own system, five Unix build. You had a compile for any one of them where now it's much more open. We can build our Linux solution that work across all the different distributions and people are spinning up servers for hours and minutes. We have some companies that we work with that spin up thousands of systems at night to do special work loads and then they tear them down when the workloads over and then they get ready in the next day they come back and they do it again.

Because of using those cost factors, I'm going to pay by the minute. I'm going to spin things up as I need them. I'm going to take them back down as I don't need them anymore. Getting that conveyor belt going just in time, updating of course it's happening a lot. As I'm spinning up fixes for applications or systems, I can push them up into the production site, let other things fall off the back. It's much more fluid than it used to be. We personally aren't working with a lot of companies that are 100% in the cloud. They generally are much more that hybrid model where there's things that are traditional IT, that are sitting in a data center, it's a much smaller data center now. Then there's things that are up being used as cloud workload and the clouds definitely can be very secure.

Just like your internal things. It's really understanding who is responsible for what. When you move up to the cloud, it's not Amazon's job to patch your Linux. It's Amazon's job to make sure that there is fire in HVAC and power and that the network connections coming into their data center are secure and then they're going to hand you the keys to run the OS and that OS is yours now and you have to make sure that you're patching those things. Looking at that shared responsibility model and understanding where that line is drawn, infrastructure as a service, that's very much you, software as a service like going into some of these big SAS provided system, maybe a Salesforce CRM. That's very much them and then you're much more needing to interact with that vendor, you're going to start to do business with and make sure that their security policies aligned with your security policies so that you're staying secure with your data.

Doc Searls:
Do you interact much with the Amazon and the Azure and the Rackspace type cloud people? Or is there enough of just because they're just handing the keys over to you? They're just bare service under there like the power company or the gas company for you?

Bob Erdman:
We interact with a lot of them just because we're partners with those big technology providers so the big Linux distribution vendors, the big cloud providers, since we're trying to help loose that backend security for the customer's consuming against those models. We actually do talk with them quite a bit. Doing things like monitoring your cloud environment, letting you see it at your desktop, at your office, what's going on and be able to automatically trigger workloads back out to your cloud environment. We work heavily with all of those partners and it's really great to do that. They're all very great to work with. Nobody can do it alone anymore. Everything has gotten so big. Amazon is definitely trying but I think they had something like 4,000 different application slash services now in their catalog. It's incredible the things that they're doing. There's always a reason for people like us to be around as well.

Katherine Druckman:
That's great. In conclusion, let's go over it again. Be a little bit afraid. Fear is your friend.

Bob Erdman:
Backups are your friend.

Katherine Druckman:
Backups, apply those patches, do those updates, be careful. Let's include a few links to some of the things you mentioned. You mentioned your network monitoring tool that's free or include a link to that on the podcast page and anything else if you'd like to send it over that'd be great. I'm sure the listeners would appreciate it.

Bob Erdman:
We'll definitely do that. We have a free security scan that I would highly recommend, works for Linux and Unix. You point it at your system. We'll do an audit against center for Internet security, CIS audit for you and just show you your reds and greens and a nice little PDF report and where you have easy things that you can go in and fix like password policies, unencrypted services, open permissions and things like that. We highly encourage that for customers, and non-customers alike. It's a great little tool and there's no obligation to use it. It's just one of those free services that we like to give back.

Katherine Druckman:
That's great.

Doc Searls:
Fantastic. One more question which has to do with 5G. One of the things I pay close attention to is where the bullshit is right now. And I'm hearing so many different stories about what 5G is going to be about because there is no single spec for 5G as there was with 3G or 4G. So Trump comes and says, "I want 6G." Because they heard about 5G. I'm just wondering, if you pay much attention to that because the whole idea is that everything's going to be much more distributed. There's going to be less centralization. There's going to be many more things to attack and they're all different and is any of this on your radar at all, or no?

Bob Erdman:
Yeah, we're starting to watch that. Minneapolis is actually supposed to be one of Verizon's first 5G locations downtown. That's not active yet but it should be coming soon. Just starting to see how that plays out. We have a carrier grade product that's a DNS tracking. It gets back to where we talk about, we can see end point to threat actor command and control and those things that are happening to show compromised devices like IoT and other things.

We do some of that same functionality for a carrier grade. We're seeing nearly 50% of the DNS traffic in the U.S. passing through our threat intelligence systems. It's going to be really interesting as they roll that out and start to distribute that 5G service, where that traffic starts to come to and where that goes from. Our threat guys are working all the time. We get 20 billion records a day into our data lake based upon this DNS traffic. Then we use that to help the carriers model their security and deal with some of those issues and more quickly be able to recognize when a malicious activity is happening on their carrier grade networks. Definitely something we're watching.

Doc Searls:
Well, that's cool. Well Thanks.

Katherine Druckman:
Awesome. Well, I think, we've thoroughly covered it. You scared me a little bit. That's okay. It's healthy for all of us.

Doc Searls:
Didn't scare me as much because Katherine actually has responsibility. I'm sitting here and suddenly it just unplug and it's gone.

Bob Erdman:
It's amazing how fast this stuff is happening. We actually did a ransomware webinar yesterday with Cybersecurity Insiders and as we're doing that, all of that Norris aluminum smelting plants, where they hadn't said it was ransomware yet but you can pretty much tell what's going on. Where they're falling back to manual mode to keep the lights on in their company. There's always something. It's crazy.

Katherine Druckman:
I will very freely admit my level of paranoia. I am very on top of security releases and I patch immediately—the middle of the night. It doesn't matter. I have no life. I'm totally fine patching. Anything, anytime, because it worries me a little bit. I don't want it to be my fault. Thank you so much again.

Bob Erdman:
Thank you for the chance to talk about security.

Katherine Druckman:
Thanks everybody for listening. We hope you've learnt a lot of things.

How does your security stack up against insider threats?

Find out where your system security currently stands, whether your system is at risk, and how to improve data protection with our free security scan.