During this episode, David Pearson from ServiceNow joins hosts Tom Tittermary and Tom Gianelos to discuss the process of analyzing and simplifying large amounts of data, and how to make decisions based on the data collected. They also touch on the different Zero Trust Pillars. This episode is perfect for anyone interested in better understanding data management and the complexities of implementing Zero Trust in large organizations. Tune in today to discover actionable insights on leveraging data for Zero Trust and fortifying your organization's security!
Tom Tittermary
So hey everybody. This is Tom Tittermary back with another episode of Zero Trust. Given your show, serving the DOD, the system integrator community and the larger federal government, trying to provide some intelligence around Zero Trust, really trying to have interesting conversations with different people. We know around industry. There's a lot of noise around Zero Trust. Everybody you seem to talk to has a different take on it. What we're trying to do, the idea here is, at the end of an hour, there are one or two kernels that you could take away from this conversation that are really the signal from the noise of that Zero Trust conversation that in some way you might be able to implement or start a conversation with a co worker around. So my name is Tom Tittermary. I'm your host. Your other host is Tom Gianello. Say Hi, Tom, hello everybody. So that's Tom. We are super lucky today to have somebody that is a good friend of mine from industry, industry that I've been doing a lot of work with late lately. His name is David Pearson. He's from service now, and I'm super excited for the conversation today. David, why don't you
David Pearson
introduce yourself? Hey everyone. Dave Pearson, I've been at service now for about four years, I've been in industry for all of my career, which is spanning about 20 but some of that was with integrators and other resellers and the like, but, but, yeah, loving what we're doing here. And thanks for having me in. Yeah.
Tom Tittermary
So, so David, I want to dive right in. Right? Let's take a step back to take a step forward. We're always talking on the show about what is Zero Trust at the end of the day for a person or a non person entity, right? So somebody who wants to access or a thing that wants to access, das data, applications, assets and services, right? How do I collect the right amount of data, policy decision point data around that person or thing to determine if they are at the appropriate level of risk to be able to receive a thing right at the end of the day. So this gets to be a really interesting conversation. It hits all the pillars at once. Basically, it's going to hit the host pillar. It's going to hit the identity pillar. You want to look at data authorization, see what that thing, what kind of acts data it's access lately to determine its risk score. That's a lot of data. So part of the part of this problem becomes that so much data, how do I correlate that? How do I aggregate that? How do I automate some of this process around that, like, how do I simplify this and how do I make it more agile? How do I very cleanly be able to determine risk around those individuals and then cleanly grant them or deny them access from these different pieces. So if you, if you pull out your notebook and you pull out that this is Zero Trust reference architecture, v2 there's a super clean diagram in there that'll that'll draw some of this out. I'm sorry, the v1 the O, v1 for the Zero Trust reference architecture, all the way in the top right, you're going to see policy engine and automation. So from my perspective, right? All this PDP gets collected. It all goes to a sim somewhere, right? Smart Things happen. You see the line go up. That's either AI machine learning or super smart people. And there's some level of aggregation of this data that is used to influence your policy around policy enforcement, which is where me and Tom number two, Tom Jane, has come in, right? We're the policy enforcement. We're the guy with the bat. We giveth, we take it away. We're the bouncer at the door, right? So what I think is really interesting, and some deep conversations I've gotten into with Dave here is how service now can have effect in that policy engine and automation category. So David, I'll leave it to you there. Take it wherever you
David Pearson
want. There's a ton to unpack in that, and I think Lindy touched on on a lot of them, and really, like, kind of when we get to policy engine and enforcement, and we think about it from a data perspective, for me, I want all of that data. I don't care where it is, but essentially, we're talking about things that are happening on the system, right? So if we're looking at it from a security perspective and what's happening on the system. I definitely want to know that it's all there. Do I have to move on that data? And that's where it becomes how much action is happening, right? What are our critical thresholds? And how do we determine these critical thresholds? Is where all of the things come in, where we truly get to, like, what Zero Trust is. And that the simplicity of it, right? I think that to drive the policy engine, we need to collect all of that data, understand that data, and then make decisions about it. And so to do this without jumping too high on a service now standpoint, you know, or the service now angle, which is easy to do, it really is kind of like, how we're visualizing and how we start to bring the data in, and then can we pause? I feel like I'm just rambling. I think,
Tom Tittermary
yeah, it's garbage time. We're good, yeah, it was. You want to tee up the question again, well, so I think that
David Pearson
the like, yeah, like, sorry, I just got, kind of got lost in my own thoughts there. Okay, about the question so, but I guess, like, policy engine stuff is where you were going for that question, right? And sure, like,
Tom Tittermary
and probably SEC ops for service. Now, the big thing is, and the kind of the anchor around the whole Master Blaster thing that we're getting at is, yeah, you guys are a phenomenal aggregation point for most of the agencies, and middle depth that we're working with for most of the data we. Want to make those, these decisions with, right, yeah, right. So, how is, what are the, what are those things that you run into a service now? How are they all coming in? And what are some thoughts around how we might be able to cut, carve that data to make granular decisions around who gets what?
David Pearson
Yeah, I think where I kind of wanted to like, lean towards, was getting to like, how we, you know, for like, and this is for Master Blaster specifically. But the decision tree that was just like, on we it was a series of on off it was just a series of on offs. And when you meet the right on offs, then you then you get through the gate. I don't know if that kind of is like within, yeah, yeah,
Tom Tittermary
that's there for sure. But what are the so? And we'll pick up in a second right now. Again, I'll delete this part out of the middle. What are the in your be able to stop for a second, yeah? This is dude. I did this on the radio, and we recorded it at Federal News Radio. Yeah, terrifying. Yeah. Nothing like this. So like, the on, offs that are in there, even if you want to qualify out like and like association of pillar, like, I'm checking the CMDB, I'm checking the Val, the validity of the host. I guess
David Pearson
that was the other thing too, was like, I can get pretty service now specific, right? If I went, Yeah, absolutely. All right, yeah. All right, yeah, okay, cool, yeah. I think I was also like, kind of trying to like generic fire, and that wasn't working, because I never have to generic, no,
Tom Tittermary
high levels. Super good, high level. But if you're talking about and I'll ask the question again, right? So around this policy engine and automation piece, there's a ton of data that's come to service now. A large quantity of that data is data that is policy decision point, data that we would want to use around the decision process for how I enforce, does a user or a thing get access to this individual piece of data right? So from a service now perspective, from what you've seen like, what are the different types of data that you're taking in, and how can service now kind of help in that that matrix around making that individual
David Pearson
decision? Yeah, I think that it is super important that we first classify that data, right? And what that data is that's coming in? Is it data that we're venting off of, or is it data that we're interested in? We did this with an integration where we're bringing in a ton of data, and there's a lot of data that we don't care about, what we do care about, we then essentially can create flows and sub flows for decision trees that say you are a person, you are CONUS. You are allowed to access this specific area of information. You don't have that then you can. And we kind of looked at it that simply, so it really becomes more about the organization of of what the data is that we need to know and what that's based off of. So I think that, in a simplistic way, it really is just about the decisions and the foundational organization of understanding what your data is and what it means when it when there's an increase in that, yeah,
Tom Tittermary
and so, by the way, also, right. So Tom and I are broken record about at the end of the day, we are, from a Z scaler perspective, we grant the access or we take the access away. So with our with our brethren over at service now who are doing that good work on that side. When they make their way through that decision process, it's easy enough for them to kick out an API over to Z scaler to be able to enforce that that policy change based upon the data that they're getting in at their side,
David Pearson
exactly and and when we send those alerts to Z scale or get those alerts from Z scaler, that is the bringing the automation and that orchestration to it, whether it does require an approval or not, of an actual person increases the speed and security of the system 10 vol easily. I mean, just because we're we're pre approving our decisions, we're pre understanding our security situation, and we're basing that on essentially not trusting anyone until we need to trust them. Yeah.
Tom Tittermary
I mean, we get into the conversation in this, in this area all the time, and in cyber in general, right? Where it's it's almost impossible to make a decision based upon a terabyte of data as a human right? So one of the phrases I've heard that is, how do I how do I burn the hay to get to the needles? Right? But this is even more so than that, where this isn't just, I'm getting actionable intelligence from data which we've heard, or burning the hay to get to the needles. This is burning the hay to get to the needles and then an automation process to actually be able to act upon that intelligence that we've gotten through this process, through the through the, you know, the delineation of that data to a how it should affect policy on the far side. Yeah, so when we're, when you're going through that decision tree, right now, right? I think of the different things that we could kind of bring in and provide to, or that different vendors could bring and provide to that right? So you run through the pillars. So there's the host side of things you guys are managing, the CMDB, you can tell what's happening on the individual hosts. I mean, there's a far field of things that I can imagine service now. Ingesting, right? I think about the data authorization pillar and signals from people that are potentially acting outside of their swim lane. Like, I think out the door, we've talked about the integrity of the host, as well as the geography. But like, what are some other areas, just art of the possible. Why? So you think we could bring into this conversation? So,
David Pearson
you know, when we I think one of the other things we start to bring into this is, like, isolation, right? How are we kicking out people that we want to kick out? Or what are we doing to them when we when they think they've got the kitchen? Do we give them the kitchen and let them run around and watch it for a while and make decisions based on that? What data, you know, are they looking at? So, I mean, I think that when we we start to get to that, and then we start to automate that isolation, or say that we got even bigger and we automated the whole flip, right? Put them isolate the whole area, give them some transfer in some dummy data, and move everything else out. Like, if those types of things were possible, we could gain so much information just based on these decisions, right? This, these small decisions, to look at what the bigger outcome is going to be from them. Yeah, I think because of the CMDB and the, you know, the way that our platform is bringing in all of these other aspects, right? We do this transform when we get the data from Z scaler, when that data comes across, you know, we have hooked to all of that information, you know, all of that's been built in. So to that end, we kind of know what that is. And it's, again, just really about what, what the most important thing is in that environment and best practices, I guess.
Tom Tittermary
Yeah, so it's another good point, right? I talk about Z scaler being the pep the policy enforcement with, you know, Software Defined perimeter so often, right? But there's data that Z scaler is given over to service now, and we'll get into a couple of different categories. That is also super valuable, PDP, right? So anything on the, you know, the internet side of the house that's going through Z scaler, internet access, you know, suspicious websites, stuff that's going to sandbox any of their interactions with public SAS, that's also kind of on the table for you to be able to use the around making that decision,
David Pearson
yeah, and, and it's no different than those decisions that we were saying earlier, of whether you know a person is, who they are, where they are, it's just about finding out what that information is. And I think that that's where it comes back to, like with the customer truly understanding what they're doing, how they're doing it, and then where we're gonna, where we're gonna enforce upon those things. Because for us, we have to, you know, out of the box, we can do things like isolate hosts, right? But that's not the end of the story, there's specific actions that have to take place. And while we can do some of those things out of the box, I think that it really has to come down to like talking to and understanding what the customer wants to do, around their Zero Trust practices, around their principles, around their actual work that they're doing for it. You were saying about, you know, kind of the Internet facing, or, you know, things coming in. And I was thinking back to bollards right and just perimeter defense, and how that's great, and how we absolutely need perimeter defense, but there's so much that happens inside. We can stop some things, but there's, there's so much egress, you know, still with that and how bollards are the principle and the foundation and the perimeter of everything that we do, but it really is about what's happening inside at that point, right? We can watch that, but we needed to kind of see what's in there, plus
Tom Gianelos
the bollards are going to stop your big truck, right from damaging your, you know, getting into your building, let's say, for instance, right? But they're not going to stop the person, right? About the persons could walk right around them, right, right? So that level of granularity, I'm curious on, like, how deep and granular can you get on a person's attributes to a spouse, to their to their decision points there,
David Pearson
I think that we could go as green, we can go as granular as the data that's collected is there. Because really, at the end of the day, we're just simply sending like a string to it to ask information and and if they either trip that, that switch or not, then, then we can take that and act on that information. You know, I think with like, the information that's coming over, though, like, we don't have to do much all the like everybody else, all the identities and access management tools are collecting all of the information about everyone, proving who they are and what, you know, and at the point that somebody has come around that back door, and it just seems odd, that's where we could kind of take take action, right? Because at the point that it seems odd, something is happening in the environment and it's worth investigating, yeah, it's an automating that to bring attention to it is really what we're talking about.
Tom Tittermary
You know? Yeah, and we're right at the we've done a couple of cool things, but we're right at the end. To see of of what I think is going to be a really cool relationship between service now and Z scaler, right? It's like, I don't know if anybody had this experience, but it's, it's Christmas morning, and you just got a, you know, a 5000 piece Lego set, and your brain starts running around, like, what could I go build with this thing? So where I immediately go is like, Hey, what are all the things that would be useful, and what are all the the integration, by the way, like, it's, it's kind of super simple, like, we're taking a lot of the data that's going to service now already that you probably should be ingesting, that you should be using relative to your security posture. And basically we're just taking that, and it's a simple API out to Z scaler, right? So, and we're talking about network perimeters. But the real value here is, if I can collect, granular data about a user, their actions, their device, et cetera, their Geo and I want to make a wide area call on I don't trust this person or this device anymore. It gets way simpler than well, I need to figure out everything this user has access to and go hit every individual network device between this user and that thing. Change the ACLs. Make sure their firewall permissions are turned off. Make sure the VPN, it's an API for service, not a Z scaler with a name or basically a device and that person is out the front doors. Don't exist for those for those individual people anymore, there's nowhere for them to go knock on, especially as most people start with the, you know, the the crown jewels of the environment, from a from a one to one user to application perspective. But the broader you get with this, the wider the impact you can have against it, yeah,
David Pearson
you know. And I mean, even, even with with that, and thinking about what we can do with that in the non nefarious arena, right? The person who is supposed to be there, but somehow got some, gots, got infected, right? They picked up some malware. They picked something up, and now they're trying to, you know, network, and we catch that too, right? And so it's kind of, they are allowed, but we've checked the system now that they've come back, and we can see that they're not patched. They need some more stuff coming in that also is like, kind of one of the areas that we're coming in. And looking at that from an arena of, let's make sure that the network is protected.
Tom Gianelos
So they're sitting in like a purgatory sense. Then right,
David Pearson
potentially, perhaps we, all we have to do is patch the system. You know, right? To do is just send, give them some updates. And it's a, it's a pre, I don't know what the term is, but we're just, essentially, we're looking at it and saying, like, oh, it's not the end of the world, but we are better protecting the entire network when we have this person come in see that they're using old software, you know, that has vulnerabilities. So, yeah, like just decreasing risk, right? It's just about risk reduction at that point as well, when we're kind of coming in and looking at it from that perspective,
Tom Tittermary
yeah, but I got to imagine this drastically reducing that time to recovery too. If I could, if I could know exactly what needs to what action needs to take place on that system in order for them to be able to be at an appropriate risk posture to access things again. Service now has collected most of that data and has automated ways to be able to remediate that scenario versus, hey, I lost my access. We'll call the help desk. Have you turned it off and on? Okay, let's start there. The agent asked that question, right? But I mean, so so much of cyber security, I think it's like a doors and windows conversation, right? Is like, you know, a house with no doors is unusable, and a house with infinite doors is unsecurable, right? So so much of this conversation is, we become the Department of No. Like, I want to do this, but the cyber security guy said, No, we don't talk enough about, like, being able to make things more agile, right? I think automation is really a key part of that. Yeah, right. So you want to make sure that the right people have access at the right time. You have to say no sometimes in that process. But this really is it makes that no as soft as it could possibly be, because there's a clean route and a path to get back to a good state, because the end of the day, people need to do work. We need to get them back to a good state.
David Pearson
Yeah. Well, I think if we're talking when we're talking Zero Trust, too, and in that sense of, like, the No, right, it used to be that security wasn't a thought, it was just an IT guy going around doing stuff and he didn't want to do it for you. You weren't going to get that. I think that the thing about Zero Trust is everybody gets this right. People understand trust and that it has to be a trusted system, and that just makes it simple for our folks to understand. But then we kind of can get into some of the other things where, like, we've, you know, like you mentioned, DevOps, right? Well, let's call it devsec Ops. Let's put security into that, right? And then, you know, and then Zero Trust is very much can be accepted into that, because, again, it's a soft, soft landing. It's a soft term. It's about integrity, it's about availability, but really it's about trust, the thing that everybody wants to understand. So bit of a ramble there. But
Tom Gianelos
So David, so you're right. Everybody does understand sort of the word Trust. Do you think they really understand Zero Trust? Though,
David Pearson
I don't know that the layman would understand. And Zero Trust, right? I think if we explain it to him in the sense that everything is taken away to then be given back, right? And that is the safest way to ensure that we're confident in the system, I think that there's also, it seems more focus on security over time. So I think more folks understand what that is now than they used to, and that security has to be embedded in business,
Tom Gianelos
right? As opposed to an after thought, as it was 20 years ago, right? And
David Pearson
so to that end, I think that they see, they're seeing security folks as more of a partner than the Department of no than it used to be, but maybe to to a degree that's a branding issue with security from years past. And there
Tom Gianelos
are, and there are a lot more tools in security that provide that soft landing. There was no parachute before. No meant no and you're locked out, right? But now there are, there's ways to allow some access, yeah, but, but disallowing some others until you've gone through some sort of remediation process or whatever it took to get to that other, that other part, right? That's sure, because it's no longer it's no longer network based, as it was in the past, or our back, or any one of those other mechanisms that were used to secure or disallow or allow access to an application. It's much more user specific, now much more application specific. And those tools that were once the gate keepers are now just implements of getting access to these applications specifically. Right? Yeah, right,
Tom Tittermary
yeah. I think part of it, I think you put it really, really well, is I'm going to take everything away and then give it back, which sounds terrifying, if you're the end user, it's like, don't take everything but the alternative. And the way that I see a lot of things laid out today when I talk to customer environments is, here's everything, the stuff you need and the stuff you don't need, right? But that's the way I'm going to provide it to you, because I'm putting you on the network and all the stuff on the network and right? So again, Zero Trust. Reference Architecture, 2.0, hopefully we're going to have one of the authors on the on the podcast later on, looking forward to that we were changing emails today, but one of the key tenants there is assume no implicit or explicit trust in networks, which means you know you being on the network shouldn't mean anything, right? I'm not giving you everything on the network or access to everything on the network by you being on the network, so taking everything away sounds scary. However, Zero Trust really is. I'm going to give you exactly what you need, when you need it, and when you stop needing it, I'm going to take it away. Or if you're not in a position to accept it from a risk perspective, you're not going to get it right. So rather than I'm going to give you everything and trust that you're going to spend your time in the things that you're you need to actually go accomplish mission or meet objective. I'm going to give you the things you need, all of them. And by the way, if your host is pound, I'm going to get you back as quick as humanly possible. But whenever you're in the right spot, I'm going to give you everything you need to accomplish your mission in time, right? So Conrad my Reno you're going to catch him on another podcast. He put this better than I could possibly ever do. He's got a he's got a knack for that. He calls a conditional need to know, right? If you think about even, we go back to how we used to do this, comply to connect. Everybody knows the notion comply to connect. But if you look at comply to connect, it's a legacy term. Why comply to connect to what network? Right? That's what the words that aren't said at the end of comply to connect is, you have to comply. Your host needs to comply in order to get onto the network. So now that you're on the network, you have all the things and you can get your job done, right? Zero Trust is a stripping back of that. Let me know everything about the host. Let me get as many attributes as I can out of identity. Let me compile that with a bunch of other data, and let me make sure you have what you need, but in time for what you need, right?
David Pearson
Yeah, I think, you know, kind of along those lines in the in time for what you need. I think back to some of the stuff that I'd done in the past, and the idea of the like, the MAL intent, somebody with Mal intent coming in and and us giving them the kitchen when they're in the living room, letting them think that they have it, and then the idea of, kind of, some of those automations. And, you know, if we're taking it away, we're just not granting permissions, right? I can go to the service, not platform, and request an account. I can request information. You know, there's a number of things that I can do so in that to that sense, to that end, if I don't have access to something I do need access to that we can automate that process with just a couple of additional checks, you know, and if that's the requirements of the of the agency, of the customer or whomever, we can implement that and implement those checks just through those workflow orchestrations, right? And to that end, what we're doing is just further enforcing identity in some form or fashion, or further enforcing like those the checks and policies of that engine that need to. Met, where we can say we do everything that we're supposed to do as an agency organization, and just that we can empower that right, just with the information that's coming already from, from the identity tools.
Tom Tittermary
Yeah, this isn't a, you know, one size meet all sort of thing, like every individual customer I've talked to in this context, whether it be civilian, FSI, DOD, I see they're all beautiful and unique snowflakes, right? Where they have their own classifications and data, they have their own internal processes. They already, for sure, have their own, like fixed network infrastructures, right? I mean, I think what's, what's important for service now, for Z scaler is to be able to have powerful tools that we could pivot to. You know, exactly right size, bespoke. That's a funny word, right? Bespoke? That's like, the last five years, it's like, I never heard the word bespoke, and then suddenly cupcakes are bespoke. I wasn't sure. Like, it was the funniest, no, but it's so very specifically, hey, I'm gonna bring it back around. That was a fun tangent, wasn't it? But bespoke, like, it's just a very specifically tailored to your specific wants and needs, right? Like, Starbucks is a bespoke coffee experience, like, we've got the tool sets now where we can do much, much, much more of that, to dial it in and tailor it and to meet the security needs.
David Pearson
I think, by the way, it's craft cupcakes too. Craft cupcakes. You can have bespoke cupcakes or craft cupcakes. It's all it's an
Tom Tittermary
amazing time we live in when I can walk into any donut shop and have bacon on my on my donut. I mean, what a world that was just a good idea. So we'll go, we'll go from there. Hey, one thing I wanted to bring up. So we have a fun project that we gave the most ridiculous code name to ever, and then it's stuck because the image is just too powerful and it's too valuable and it's funny. Tom and I just recorded a podcast a minute ago, and all of our references were were dated, and we apologize to the audience, because a lot of them are like referencing movies from 20 years ago. Well, here we go again. So the main service now Zero Trust integration that we've we've done with Z scaler. It's called Master Blaster. So half of you, or a third of you, given the kind of age distribution of listeners, potentially, immediately went to Mad Max, right, which is where it came from. So if you remember the Mad Max Movies, there's a character in these movies where it's a smaller gentleman, that's how I'll say it, sitting atop a very large gentleman, right? And the guy that was sitting on the shoulders of the very large gentleman was master and he was the brains of the operation, and he had all the information, and he basically would just tell blaster who to go hit with a bat, right? I want this thing to go away. This person is allowed access to this door. So what we've called this integration between service now and Z scaler, from Zero Trust perspective, is Master Blaster service now, is master Z scaler. Is blaster right? So what are all these individual data components that we can provide master with? How can we compile those into all of that fun data? You know, burn the hay and get to the needles and use those needles to make actionable, actionable, intelligent decisions for master to make and again. So I broken record about this, and I'm a broken record with the term broken record if you've listened to more than one podcast, but at the end of the day, me and Tom's job at Z scale is really simple. Simple. His master tells us who to go whack with a bat, and then we give it and we take it away, but it's, it's and by the way, if we take it away, then we go right back to master, and we go, yeah, we should probably give them a way to get right and get back into the system, though, right? But, um, but Master Blaster is, is, is what we're calling it. And now that I've said it, you can't unsee it. So around Master Blaster, we've talked about, kind of the host pillar and the, you know, using the CMDB, we've talked about Geo, what are some other pieces of data, like, just art of the possible type of stuff, like, if we kind of expand our brains out, like, what are other things? There's tons of people given data to service now, what are some other things that we could use in that ingestion, that we could use to make viable decisions about risk and access
Tom Gianelos
all of the assets, is what we're looking for, I think, and as one of those avenues of data that that we can act upon, right? Because, I mean, when we really think about it like, what, where are the where are, where is our risk and where's our vulnerability, there's a lot more assets likely than there are people, so that just becomes a vector. So I think from that perspective, though, I got to back up, because the first time that I ever met Tom was at was to talk about this idea that he had for, for we, this is, this is this old master blaster. This
Tom Tittermary
was, this is, this is a join idea I take, I might take credit for the name it became, it became master blaster that day. But you ever get to talking to somebody and all of a sudden it's like, oh, no, we could. No wait, we could. And then it just keeps kind of snowballing a little bit. That's the it was almost a year ago, because it was a rocky mountain, and that was, I was just there last week, so it had been last year, right?
David Pearson
It was, it was, and the idea being like, well, let's just talk about bringing some integrations in and then having service now orchestrate on them, right? And, and. Was it and so what are the like? What do we need to do that? We need data. We need data from Z scale, or we need data from an asset management tool we integrate with all of them at service now. So, so we can certainly do that now. Getting Real live instances was the key, right? So I reached out to some of our other partners, and can we say who they are? Should I just leave it? I
Tom Tittermary
have them booked for a later show, so we'll talk about it there, so you totally can, okay,
David Pearson
so, so what we're looking at doing was actually bring and integrating with Tanium on a live instance that I believe actually is a Z scale, or on live Tanium instance, which I love, and and it had actual data, and it had live systems in it. And so what we ended up doing was taking those live systems, and some of the things that we've been talking about already, eventing off of patch management, eventing off of those. What are the rules on those, on those Windows boxes or Linux boxes, perhaps I don't want a Linux box to touch a sec A segment of my network for whatever reasons, we can get all of that information if it tries to go there. Now I just have the information. And so from that perspective, I was just looking at it from the perspective of data and the perspective of service. Now we can visualize, we can do some orchestration. So let's keep it really simple and say that we can look at Zero Trust. We're not doing the whole thing here. We're looking at it from a couple of pillars, where we can show that we can take action and that we can impact the environments that our customers, who have massive enterprises, are using so and they're already using Tanium, Tanium, and they're already using Z scaler. In a lot of cases, they're already using service now. So the real benefit was like, let's keep it really simple, but make a big impact. And we feel that that's what this this does, in the sense that the amount of data that can be processed by these integrations, and this is just one, we could do it with any of them, but the amount of data that can be processed with these integrations is just exponential, and now we can take action on them. We can automate or orchestrate that action so backing way up and thinking about it from a Zero Trust perspective, right? We're just very simply trying to start to meet the need and getting closer. And when I say Zero Trust is notional, that's what I mean, right? It's understanding like where our vulnerabilities and risks are, and then just slowly taking big actions on data to make a bigger impact than we used to be able to do when we were just looking at hordes and terabytes of data.
Tom Tittermary
Yeah, this is, I mean, this is kind of core to the show, and kind of why is the premise of it is somebody works for a vendor, and I work for a vendor, it's fine. We get so button hold into our individual technology and talking to customers about how my technology can benefit your scenario and come against mission needs and figure out and but it's, it's, it's this super rare thing in industry where it's, it's funny, I think there's, I'm confident, there's like 900 people that do federal cyber and we all work for the companies we're with today, and then we kind of high five each other on the way around, right? So maintaining these relationships through industry and having these conversations, and occasionally you get that gold nugget where me and Dave Pearson are sitting down and we go, Wait, you've got and I we could. These are things that already exist. This is data you're already pulling in, and APIs that already exist. It was out there in the ether. It just took us sitting down and having a conversation to figure out how to have broader effect.
David Pearson
Yeah. And these are the things actually, that I get excited about because, having been, I was in North bra for 10 years, and all we did was integrations, you know, so like when we you get out to industry the way that we are, you know, we're caught, we're focused on our wares. But really, it does come back to understanding that all of our customers have so many other pieces of the pie, and being able to have that bigger picture, or take, be able to look from that bigger picture, makes you a ninja.
Tom Tittermary
Yeah, it's, it's so funny too, is and I'm, I almost said broken record again. Well, I just did so if you're looking at the the big picture of things, I feel like so many of the conversations that happen in the Zero Trust space, right? Are with an individual that has a bias, right? We all, I'm a big fan of the notion that I vote with my checkbook, right? Like I'm for companies, I give them money, and if I don't, I don't as engineers, we vote with our occupation, like who we decide to work for. I can only work for people that I know have the best stuff, right? But then the bigger thing to me is you get so ingrained into your own company, and what you do, it's these are the invaluable conversations where you take a step back and it's like, no, no. We have all these other people we can work with, and there's always some level of co op petition, right? There's your other friend is in industry. There's three places you get a. Along really, really well. And there's one where it's like, well, I we, but sometimes we land on these beautiful things where there's like, there's no competition here. This is all goodness, and it's stuff that both sides are already doing. So yeah,
David Pearson
the interesting thing with the co op petition stuff is, from the service now perspective, there's a lot of times where to us, we're so agnostic that it it doesn't really matter what asset management tool we're looking at or what identity tool, no offense, but because we're integrating with all of them, so we never really even look at it that way. And I think to that end, it becomes more powerful when we're when we're together on these things. Because now, if we're looking at our customers, we're looking at what they have and how we can best serve them with what we have. And again, like, kind of coming back to, like, I love, like, bringing all of those tools together because they already have them. So let's, let's leverage all of those things and bring them in, and then, you know, take action on it. Isn't that
Tom Tittermary
the best, though, where you, you know, we've all walked into a store and they go, can I have no, I'm just looking right, like, I feel like that's, there's this natural I'm an engineer, but I work in sales, right? Like there's this notion now I'm all good. No, I'm good. I don't need a meeting. No, you already have everything. There's nothing for me to sell you. I just want to tell you can dial these things in to implement Zero Trust, like, it's a it's kind of a beautiful scenario in some ways. Oh,
Tom Gianelos
I mean to that end, I'll say specifically with Master Blaster. I was talking to a customer about it, and got so excited, because it's like, I need to see that right now. Sure, right? And the reason for that is, again, because he already has the things. Yeah, right. So for us to come and say, We want to help you use these better, use these more securely, and, oh, by the way, like with less with less effort on your part, it becomes a really strong story, you know, especially from something you know, from the perspectives of security, because a lot of times they don't know what they don't know, and they want to know, right? What that is, yeah, but, I
Tom Tittermary
mean, there's, there's just a mountain of goodness also between. So on the the track of like, hey, you've already got, you know, you got chocolate, my peanut butter, you got peanut butter, my chocolate, two great taste. Tastes great together. Z scaler service now, so this the Zero Trust integration is it was just out there, just waiting for somebody to put it together. And thank you so much for doing it. But that's one another one that is actually super meaningful. And a lot of the folks that I talk to is, I think about user experience across the area, right? So we're taking half a step back from cyber security and talking about agility again. But, you know, with so many people working from so many different places, and a lot of DOD routing and pathing, the way that it is a lot of times, if a user is having a tough time getting into an application, or it could be in a cloud, it could be in a data center, or they just can't figure out what's wrong with why they're having a bad experience or slow performance, and they file a ticket right? And I think about the way that that ticket usually goes, it's like, okay, so let's fire a ticket to figure out if it's the laptop, let's fire a ticket to figure out if it's the local network. Let's fire a ticket see if there's an outage in the SAS application. Let's fire a ticket to there's like nine tickets that people end up going and chasing down all at the same time, right? So one of the other fun integrations we do, Z scaler has a product called Z scaler digital experience. We're monitoring the path between the user and whatever they're they're going to and micro, measuring every tiny little point. And proactively, we'll be like, hey, this user is having a bad time. Let's as Z scaler file a service now ticket that's fully populated with a bunch of data on what we think the problem is and how you might be able to go fix it. Right so there's, there's another one right there on top of the Zero Trust thing. By the way, if you've got both look at ZDX, you should, you should take a peek, and then the last one. From a CIA perspective, if, let's say that there's an individual user who, in the course of their duties, needs to go to a questionable website, right? That that's always been a really interesting scenario for security ops, right? Because I don't want to let them go to that website because it's against policy. The options are, I'm either going to ban them and implement or impede what they're trying to do, or I'm going to give them a disposable laptop, because I don't care about the outputs of it, and I'm not letting that thing back on the network. So the other integration we have is, user goes to unallowable website. There's a mission need. So consider law enforcement officer in some way, case or form, has to go to some questionable websites in the course of investigation. So now user gets a message and says, Hey, you're not allowed to go to this website. Well, I could file a service now ticket to ask for conditional access for three days, and then it gives that user to that website three day access. And by the way, they can put notes in and put a case number against it. So there's all manner of goodness here, across the board from a service nowadays. E scale that perspective. You
David Pearson
know, it's interesting too. You're talking about the digital experience and the auto assigning tickets and stuff. And then I'm thinking about, you know, what we're doing with Master Blaster, and just how any threshold is a threshold that we can act on. And so. Now we take the user who needs to go to the website but all, or a user who just has an issue, and we're auto assigning the the those different tickets that are going in when we do that and we kill or we take all of the information the possibilities, let's pump that into our language model, right? And then run some AI on it, and then we could either give that to the person who's running the ticket, or we could say, make some conclusions about it, right? Because so like that auto assignment, when we start to get to like the digital experience, auto assigning, and saying, We think you're having an issue, we're going to open a ticket, and here's all the possibilities that you know from your information, and we push that into the into the model, and gather all the other information and then run that back with orchestrations. That's killer. Yeah, that is absolutely killer. Because now we're talking about experience. Now we're talking and, I mean, and even if it's just accesses, right, the person who needed the access, like, we can do all of that with the three days. And so David, with that,
Tom Gianelos
with that ability to sort of categorize a potential issue, is there a way for service now to if there are different groups that handle different types of issues, that the ticket is automatically just sent to that group like this is a 99% confidence This is a network problem. So this will go to a network team to actually resolves,
David Pearson
yeah, absolutely, and the way, and that's just predictive intelligence, so looking at the past information that we have, and so the more like when it comes back down to it, the more data, the better on that. But that could also just be based on other folks having issues and reporting issues. So then, because of those, you know, very simple, we can, we can absolutely auto route to a network group or to an applications group, or to whomever that may be,
Tom Gianelos
right? So there could be several people that are having an issue accessing this one application but anything else, and then another person just makes that same claim, and that just gets kind of put in the same bucket. Then, right? Yeah, okay. And
David Pearson
if incorrectly put in the bucket, then we just relabel it right. And somebody would go in and look at that and say, This was incorrectly put in the bucket, and now it's going to learn how it incorrectly put it in the in the right in the wrong spot or the right spot. Nice. That's cool, yeah, just tagging the labeling, and then it gets it there.
Tom Tittermary
So I hate coming up with ideas on the spot and then laying them down in a recorded manner, because then I have to actually go do, like, where this is going. So I know, right, this is always I'm gonna, I'm gonna go walk out on the tight rope a little bit also, but like with all the logs that you're pulling in, so let's say in a Zia context, so our internet access stuff, right? So it could be really valuable information around risk, around a device or a person, if I had, you know, six flagged instances of bad website access attempt in an hour. Or, by the way, I'm going to block Internet access to sites that are anchored in adversary nations, right? So you could set that threshold and say, Look, if this person tried to hit six websites in an hour that are on this device. By the way, I could do it against the person, not just the device, right? So if they have five different devices relative their context, I can go across the board and say, Hey, for this identity, we're going to put a two hour hold, an investigative hold, against this individual to get to the root of this and then we're going to restore access in two hours, provide a note out to the user, and there you go, right? But that's, that's a by the way, I just said that. I don't know if we can do any of that. We're going to go find out, but just art of the possible, type thinking around the idea,
David Pearson
yeah, no. And I don't even believe that's art of the possible. I believe that's real, because it is just again, like talking thresholds, a user who comes into the environment and is flagged and is associated to five other devices. We can run the isolation against all the devices, because we know what they own. We're we have that in the database. It's tagged to them. It's associated with them. Now, when they use their identity to try to go to another system, we've got questions there, right? And so then it becomes, do we have to isolate that user, right? And stop that user from being able to go anywhere on the network? But those are two different actions, so absolutely I can today, can see suspicious activity. They pass a threshold, and then we run the flow that's in master blast here today, working to isolate that host and and kill the access on those machines or to the entire network if we need to kill that, you know, kill that whole user. Are you ready?
Tom Tittermary
I got another one. I got another one. So zd, X, I could tell here's a fun one. So we had somebody with ZDX. We got to wrap it up soon. So I'll try to be conscious of where we're at. We had ZDX, right? So we had a user that I'm not going to say, who I might say, Who the this is a federal official who was saying Zscaler, we got them in, and it's impacting our performance, right? And this person was having performance issues, so we implied. Implemented ZDX, right? And we got to route cause of exactly what was going on, because we can see the entire transaction, end to end. This person had two different Wi Fi routers in their house. One of them was 5g one of them was 2.4 and they were bouncing around in the course of the work day, right? And they were there. There are times where they counted bad performance 100% we spotted the network switch from the 5o to the two four, right? So we were able to isolate that individual one. Now, because I'm going to think like a bad guy, what if I could use that as signal and noise data about bouncing around individual Wi Fi access points? What if instead I went to a mobile tether on the same device, right? That change of individual network access if I pin it down to the right categories, might actually, for me, determine a difference of trust, right? This is an individual Wi Fi access signal. Wi Fi access point. This person has never come in on before. I don't know if I trust this com channel, right? That's
David Pearson
a great use case. I think that I don't know how what the inputs are that we would have to gather, but again, coming back to it, because you were able to go and see that information, right, that they were bouncing back and forth, right? You have the data. So now it would just be about how to, you know, and if that's not API data that's already figured into the equation for us to bring over, it would be something that we could that we could look to go get but that's a powerful, powerful use case for a number of reasons, right? If we're just trying to see who's who's bouncing across networks, yeah, it also would give information, because where are those routers? You know, now we can see where somebody was in the building. It just becomes even crazier. Like, that's a lot of that's a lot of
Tom Tittermary
good stuff. Yeah, and, folks, we're just getting started, right? Even trying hard here. Yeah, I'm not even sweating. So, guys, that so one. Dave, thank you so much for coming in. This has been a great conversation. Tom, thanks as always. Thank you. Tom, G tom, to t squared. Well, no, I'm t squared. But anyway, folks, we got to wrap up the episode there. My name is Tom tittermary, this has been zero trusts given, and by the way, so now here's a super interesting topic and a little bit of homework for listeners. You could reach us at zero trusts given@gmail.com? Questions, emails, comments. Tom, if you could stop sniffling into the mic, that'd be great. Any of your comments or questions. Go ahead and fire them in there. But let me, I'm gonna, I'm gonna give this question, right? If you've got service now and you have z scaler, you know, you know of Z scaler? Like, what are some of the interesting integrations around Zero Trust? Like, what are the inputs that you think you could get out of service now that you could use to implement some sort of Zero Trust decision? I'll tell you what any of those ideas you fire into Zero Trust given.com We'll take some of the best ones we find, we'll read them on air. And if we do, we're going to try to get you a gift package. We're still working that thing out, but I'm confident we can get there a mug or something, something that falls below the government accepted, but it'll, it'll definitely say Zero Trust given on it. But again, Dave, thank you so much for the time today, thanks for having Tom G Thank you, as always, for joining me here, and that's Zero Trust given. Thanks. We'll see you next time you.