Expert Advice on Finding the Right Security Technology
Mike Spanbauer: “Security should never be a guessing game.”
Tim Otto and Mike Spanbauer discuss why third-party testing is critical when evaluating security vendors. Primarily, data doesn’t lie, and security should never be a guessing game. You need to know that the technology will perform as it’s deployed in the role it’s expected to before you go to production, says Spanbauer. Watch now for more sage advice from these two Juniper security experts, and learn how to protect your organization and find the right security technology.
You’ll learn
All the things you should consider when evaluating a new security vendor
Why it’s crucial that you compare objectively (security technology is not an emotional choice)
How to parse datasheets from security vendors to make sure you are not misled
Who is this for?
Host
Guest speakers
Transcript
0:06 um so tim and i are going to chat with you a bit about uh you know third-party testing you know why it's critical to
0:11 understand how your technology behaves and whether the selection that you're about to make will or won't suit the
0:18 needs right you know because candidly right security products are responsible for one thing
0:23 in particular right that's generally to identify accurately threats uh in the environment and to either
0:30 prevent them or record them to ensure that no particularly egregious harm occurs so
0:37 now really i think there's a few key things that we'll touch on here and we do encourage you know questions if you
0:42 have any uh make this session interactive but you know the organization uh you should set out
0:48 when looking to pick a particular piece of technology to ensure that the expectations and use
0:55 cases are effectively set and that the um organization understands exactly what
1:00 they're looking for technology to do as jj noted on the last session uh the you know uh role of individual work uh
1:08 components right you know as a policy enforcement point or an element of mitigation uh they're they're you know
1:14 often in line but uh wherever they're to be uh there's something that they're expected to be right that's why the
1:19 allocation the budget and the resources will be applied so building from those use cases a test
1:25 plan or methodology to accomplish that is critical and to understand what data
1:30 goes into it as well as how it was achieved there's an awful lot of uh let's say interpretation in regards to
1:38 test data that can be uh taken and that liberty or or that that stretch
1:43 can can lead one to make uh poor choices or will mislead you to make the wrong decision
1:49 at the end of the day the key is that security should never be a guessing game you need to know that the technology
1:55 performed as deployed in the role that it's expected to before you go to production because i'll tell you what
2:00 finding out that your ips your ngfw whatever control you're talking about doesn't suit the need doesn't see
2:07 threats and has a very uh let's call it porous uh surface it is not a it's not a happy
2:14 conversation with your boss after you threw you know two three four hundred thousand dollars in something to deploy it and protect your organization
2:22 that's where it leads to effective third-party tests great data saves you an enormous amount of time and
2:28 potentially more than just time uh you know it could also be the reason that you're not looking for another role when
2:33 it's you know the next quarter so to the capabilities and expectations
2:40 this is so box selection is always unique to every environment your needs are not going to be the same as another means
2:46 and make sure that the use cases as well as how the the test itself is is constructed
2:54 reflects the traffic types or the user needs of your specific deployment as i
3:00 noted yesterday in the concept discussion around uh understanding you know again what's in your environment
3:06 what the products are to be deployed as and where they're going to be flown all this influences because whether
3:12 performance key or whether the block mechanics are key put the priority and understand where
3:17 your organization places the greatest amount of uh need so that that then informs
3:23 the test and the uh the capabilities so it's crucial that you
3:29 also compare objectively right it's not an emotional choice with respect to security technologies it should be
3:35 data-driven and at the end of the day it's got to be effective right so so
3:41 efficacy through box latency practices all these factors actually both influence the test construct but also
3:48 the performance of the device and if for example it's a web uh you know traffic specific appliance then you're
3:55 not going to need to worry as much about super large packet sizes you know you're going to have an incredibly high
4:00 transaction volume with small packets which places a different load on a device that's placed in line
4:05 that actually will result in different behaviors in the security efficacy validation and the testing at the end of
4:11 it so all these factors influence the methodology or how the test is is
4:16 approached and executed really when you're selecting a new technology
4:22 requirements right the use case intestinal it must be executed and measured objectively in order for
4:29 repeatability right because inevitably somebody's going to challenge your results right somebody's going to come back and ask them uh are you sure are
4:36 you certain it's the right choice and what about this member what about x you know inevitably you'll have that
4:42 question come up having the evidence the data to support the uh decision or to to
4:48 you know reflect on whether something's missed is uh crucial that there's an objective reference so that you can do so because
4:54 you know you want to make sure that the organization's making the right choice if you're an investor if you scale up because the wrong choice well
5:00 you know one outcome is that you spend a lot of money that's gone another is that there's something that
5:06 was true and it makes a huge mess for the you know the incident guys and the gals to clean up and obviously the leak
5:12 the last is that you know brian krabs publishes your logo on his site which is never going to be a happy moment
5:19 and so that's the the test planner methodology and this gets to that third-party list
5:24 so the most reputable third-party test houses are very articulate in how they create
5:31 their test environments what they're testing against how they execute the tests and oftentimes the test tools and
5:37 versions you know they mostly document uh their their execution in order to ensure that
5:44 any organization can interpret the data sets and do that comparative assessment because
5:49 there's always corner cases where organizations ought to further that test set to
5:57 ensure that their needs specifically for the apps and use or for the user environment are tested because that's
6:03 back to that unique elements that i mentioned earlier uh you will potentially influence whether it's the
6:09 right technology for you but you can knock down ninety percent of a provo concept with a really great set
6:15 of test results from a third-party test organization so with that then i'm going to turn over
6:20 to tim here who uh has considerable experience you know in in the constructed test as an architect uh and
6:26 give you some color as to the why this third-party test material is so crucial you know how to kind of interpret this
6:32 stuff so one of the things you see a lot is a
6:37 number on the screen right i have a lot of numbers on the screen
6:43 they never really tell you what on a data sheet how they got there right and so what michael is leading to
6:49 is you know things like large packet sizes small packet sizes will reason which is 43's the number it looks like
6:55 anybody building a test can make it look good i can see really big packets with very little things that won't trigger any l7
7:02 inspection and you will go fast but you'll never see that in a normal deployment
7:08 i mean there are deployments you know if you're just between you know a bunch of backup servers you might you know maybe
7:14 that's your deployment and you're segmentation pull but if you're on the edge you're gonna see encrypted traffic you're gonna see you
7:20 know web traffic you're gonna see streaming you're gonna see all kinds of stuff and you're not gonna see these huge gdp packets that are you know
7:26 referenced in uh in testing references like rfc 2544 those were really cool for
7:31 switches back in the day but um in routers back in the day and if it's just a router yeah sure go with that but if it's an ngfw you're looking
7:38 for inspection that's not the right answer anymore you're not going to get a valid use case out of it one of the things that you know
7:44 you have to watch out for is that you also have to watch out for what they turn on and what they're using to validate them so first we're talking now
7:51 nowadays we're talking about the ngfw we're talking about anything expects web we're not actually talking about http
7:56 anymore we're talking about tls and what tls are we using
8:02 are we using 1.3 with elliptical curve are we using 1.1 those results will be drastically
8:08 different and as 1.3 and elliptical curve becomes more and more prevalent
8:14 the load on boxes is getting higher and higher to be able to decrypt if they can do it at all
8:19 so you know the normal answer for most people is tls 1.3 gets downgraded to 1.2
8:25 and then we do something with it but does it get re-encrypted on the far end back up to 1.3 or is it just left at
8:31 1.2 or is it not encrypted at all these are all things you have to ask so you need to know what your use case is
8:37 and why you're trying to do these things and where we're going to deploy it so you can build the testing you can build a test plan
8:43 some third-party testings will actually do those things they will validate that you decrypted you decrypt it correctly
8:48 you'll send attacks over tls to make sure that this still blocks it because if all the bad guys are using
8:54 tls and you're not blocking the bad guys going over to your ls then you're missing something like 70 to 80 percent of your tactics
9:01 and your clients are still decrypting because that's how the website gets loaded so your users are still in trouble and you're gonna have a bad day
9:07 um one of the things i want to point out on here is you know if you look at gigabits and megabits and all that stuff zenobits
9:15 that one um that is all of known knowledge in a second
9:20 it's not a real it's a real number but it's not anything that anybody can reach um 400 gig is pretty good terabit's insane
9:28 that's orders of magnitude bigger so just watch what we're doing right like why are we getting there how did we
9:33 get there what numbers are we using what traffic is it what is the profile you know are we validating the use case are we actually testing the way that matters
9:40 because i keep all the tests to make a box look awesome i can also make the box a test that will crush anything i'm pointing at because it's not real
9:47 the smallest packets encrypted i as i can and break them up into you know fragmentation and that will make boxes
9:53 just like thermal out they will they will be very unhappy with me very quickly
9:59 that's all i got for this life and this that's where this goes to right
10:04 you know we talk about application mixes and we talk about enterprise application control in mgfw
10:11 well you know if vendor a and vendor b's both claim application traffic mixes but what
10:16 does that mean are we talking sql http what
10:21 um often on datasheets they don't give you enough data to be very clear about it whenever you look at third-party testing
10:27 and they're not going to stuff they will tell you it is this percentage law it'll you know this is this and they will run that same
10:33 traffic mix against all of the tested states so you don't have
10:38 vendor a claiming gigabit on top mix a and you have bigger b exciting two
10:44 gigabit on big speed when epic and b are completely different and these are one of them real either
10:49 one of them really close to what you actually experience in the real world um so when when you test these things you
10:55 need to ask these questions understand where you're trying to deploy and what type of traffic you're expecting because if i get there for a testing for a data
11:02 center right it's much different than the traffic profile you'll see it in ngfw much different you'll see the whack less
11:09 difference then you'll see segmentation like you hope you never see smb go to the internet
11:15 like that's that if you have a bad day if you see somebody going to the internet but like they will test that and that's not a real book that's not a
11:21 realistic expectation also turn that port off
11:28 um next slide i think and that's where transparency comes right like you want to know
11:34 ask the questions know what you're looking for make them give you the information because that's where that's where the value really is is to know what you're
11:41 expecting it's never going to be one to one you're never going to see exactly the same thing unless you give
11:46 the test house a sample of your traffic you can get really close then but it's still going to be simulated traffic it's
11:52 still going to be from an ixia or from aspiring from a test thing which means it's going to be simulating stats but
11:58 you can get really close to reality to what you expect and that gives you room for scale you'll know what you're up
12:04 against with as for traffic increases because i don't think anybody here is expecting traffic to go down
12:10 like i don't expect anybody's having their their their you know their their forecasts to have less traffic on their network
12:16 um i mean aging myself i remember bottoms
12:21 and t once people picking up the phones yes exactly people think it's the phones and
12:26 making squiggly noises anyway so i mean we are going to give it to your health now
12:32 right i mean that that two years ago three years ago it was absolutely insane
12:39 the problem with that is as traffic increases the number of request requests will increase the threat vectors increase
12:45 because you can fit more bad stuff in the pipe now you're being exposed to more and more
12:51 so you want that stuff to be protected i mean even at my house like just me like i have an ips
12:58 my kids love it next slide
13:12 and really the pieces that go into building an environment that you believe as well as repeatedly executing sure the
13:17 device or the technology that's in line will behave and perform to level the organization's needs and the experience
13:23 for users is as invisible as possible right as an ideal security solution no one knows about it jj mentioned it
13:29 before that's that's that perfect scenario the experience is exemplary but
13:35 that it also protects against threats and there's a lot of techniques tactics
13:40 to go into this so tim you know if you can tease out sort of what uh what goes into the design of a test as well as how
13:47 a test house should think about and or what the data should reveal when somebody evaluates that data
13:52 so for looking at security right um there are open source tools that you should use as your baseline test i'm
13:58 going to pull out my display because these they're known
14:04 there's a lot of other tools like that that you can use that will uh that will help you get there but whenever you're looking at what bad guys are actually
14:10 doing you have basically two or three forms of thought you have people that just blast the internet with the latest
14:16 package bad thing and they just this fish he's not fishing but it's like fishing and we're just gonna send it to everybody and see who
14:22 bites right you have targeted attacks where they want your something and they're gonna actually do the work
14:28 it's really easy to block the the broadband splash everything because set passions and stuff like this gets
14:35 noticed like you just got ransomware um you can block a lot of that stuff with
14:40 good inspection but you have to price these pictures you have to you have to have the
14:46 signatures in the hashes have to be active and valid for really weaponized threats um
14:52 in reality i don't know who remembers this picture by the way um
15:01 um really whenever you look at it you have to make sure that the threat it actually
15:06 can't block the taxi package is only half the story this is the part that's made to stop the bad guys from getting
15:11 to you right if you didn't want that you could just buy a router and save a lot of money save a lot of time
15:17 but that's where security effectiveness comes into right you need to be able to look at the traffic encrypted or not and
15:22 actually make decisions on it you know and make sure your security profile matches what you have on your network
15:28 you know like tune if you need to tune if you can you know as much information as much data as you can do will make you much
15:34 more secure out there now the next piece is really
15:40 to ensure that again you know the data is both repeatable it's it's uh referenceable and that you can tell the
15:47 story to a colleague or to others in your organization as to uh you know the guidance you're gonna
15:52 recommend or what selections generate so so the methodology is the how to the the reference map or the legend if you
15:59 will you know looking at the compass as to you know what tests are
16:06 executed where the differences are so if you can talk just a bit tim and share with
16:12 others you know how this comes together so yeah i mentioned rfc 2544. um it's
16:17 it's still the network basis right it's multiple sizes of gdp package it's basic
16:22 packet processing routing right it's been around since before ips but it's a good
16:28 lab test right to see how your packet processing how your value works how all that stuff works right but it's never it never was
16:35 contained in the real world it was seriously to see how fast your chipset could go um so it's just basic but it's a good
16:41 start right it's very well documented it's very well known in the world of testing
16:46 in reality you want to simulate what you got you want to have voip traffic you want to have sip traffic you want to have tls
16:52 tracking you want to have all the things you will actually see in your environment and that's where you want to simulate the traffic
16:58 you're trying to simulate the use case for your app because everybody who space is different right if you have a firewall blocking
17:04 all you know poor dating why are you testing it like what what are you doing if you don't have iis why do you have that
17:11 signature turned on what are you doing so the other thing is whatever you're testing multiple products any products
17:18 and i usually like analogy to this to a race car you want the race to be the same race for
17:24 all the cars if i have one car that's a driver's car and i put it on a nascar track it's
17:29 gonna have a bad day if i put it up against the nascar it's going to have a much worse day if i swap
17:35 the conversation i put a nascar on a drag strip that's how fuel dragster is going to leave before he can ship gears
17:40 right so you want to make sure that if you think it's the same you're doing the same type of protection you're between the same configuration as much as
17:46 possible between the different tested items whatever they may be so if you have app id if you have id ips ids all
17:53 the little features and knobs and twists and all the stuff that your jpeg has make them as equitable as possible
17:58 because that'll give you the most information you're actually testing um when you use our processing
18:03 the config should be as close to possible as the same across all tests and across all of the
18:09 the tested devices right from the same traffic you want you know the same attacks the same
18:14 number of attacks the same frequency of attack everything as close as possible you'll never get to 100
18:19 that's not reality but you get as close as you can so you can get that you reduce the variance reduce
18:24 variables reduce frames on outcomes and as you reduce that you get more and more information the information is more
18:31 valuable to you as a customer because you can do better what about recently the age of the threat
18:38 depends on your network i would worry about new threats if you have stuff that is there and you want to
18:44 make sure that you have threats that are valid i mean log for j who saw that one coming
18:52 wasn't did that one start with minecraft i don't know yeah it was a minecraft explorer like somebody wrote it to mess
18:57 with their minecraft friends and then it went the worldwide like they went like weaponized and went all crazy i didn't
19:04 expect a lot for jay and like especially to wear every pink top
19:09 no attacks every day there's new stuff there's a new work uh exploit a couple of days ago um you think they patched
19:15 that thing by now every day is a videotape you want to make sure that whatever you're testing
19:21 you have the recent stuff at the same time right if you have antiquated stuff
19:27 because you can't catch you can't upgrade the operational expense for updating your mail server as an example is too high and you're running an old
19:34 version of microsoft mail or whatever it is you know have them test those two
19:40 right because some like the way that the signatures work some of them whenever they get old they get kind of left
19:45 behind and they'll be disabled by the fault because they say this is five years old
19:50 and like if you're still vulnerable you still care right like you don't want that one
19:56 signature because one signature if it's poorly written you can bring your whole box and make it have a bad day
20:02 the other thing is is it's also you know advisable to make certain you understand the topology that we used you know in
20:08 your own production or really in your own test scenario right it's always recommended to isolate
20:14 and and to you know replicate real traffic but off to a segment that's again in a lab or a
20:20 controlled environment it's as critical for any objective test to reflect what the topology was
20:26 configured like for believability to understand how the contrast device under test here
20:33 technology assessed as well as that it's sort of representative of uh you know how
20:38 traffic would flow when you're in the real world so one of the things i want to say about this is this will surprise you when this
20:44 guy fails right you see the package through you have three points of failure not one
20:50 so which one failed right did you kill the art table on your switch
20:55 or was it this guy how do you tell the difference i mean if you're monitoring all three gas like you can sometimes tell the
21:01 difference because this one stops talking to everybody and your ssh system drops but like
21:07 so then what do you do because you have stress tested this guy and not the one you're actually going to buy
21:12 right so it's just something to think about like you want to make it match your topology but you also
21:18 want to simplify and make sure that you're watching for the right mode of failure right because
21:23 if this guy dies before this guy dies you'll never see what that one can actually do right and that's just something you have
21:29 to watch out for because it will bite it will bite you you'll spend a lot of time troubleshooting speaking from experience having broken
21:35 every appliance in our test lab not importing just the 100 so
21:41 it really i mean to sum this all up right and we recognize that that testing
21:46 every technology you're considering to be able to green yourself it's it's complex it is an enormous amount of work
21:53 right i often engaged in you know year-long uh single technology consulting projects for very large
22:00 organizations because the the depth and the scope of their test needs was so extensive
22:06 but being able to leverage excellent material from third-party firms such as
22:12 cyber ratings such as icsa labs so there's there's groups that do have excellent data sets
22:19 that you can leverage to reduce the effort you need to take on yourself to test through it but it's crucial that
22:25 you have the measurement detail you know and that you understand the results right there there's no room for guessing
22:32 in the world of cyber i get you know it's always one of those you know just makes me kind of kind of be nervous and
22:39 cringe when i hear the data sheets looked good and they're meant to but
22:44 there are you know vendors like juniper networks we pride ourselves on our transparency
22:50 and all the results are all the traffic mixes that for example tim talked about earlier are noted in every individual
22:57 data sheet so you've got clear text as to how those numbers were achieved and then you can you know engage for
23:02 yourself whether they're the right mix for you but knowing exactly how the numbers on
23:07 the data sheet are achieved is also part of that great county and that's why being able to compare
23:13 objectively between vendors via a third-party test organization uh is incredibly valuable
23:19 but they're only going to get you again so far so every environment you need use this to augment and to really
23:26 supplement your own efforts so that you've got a better gauge um and again like i said the more transparent
23:33 those test organizations are pretty extensive endpoints estimate that
23:39 there are groups that do this knowing how they arrive at the results that they did will help you understand
23:45 whether their tested environment was something that you can translate into your own use
23:53 it saves you you know an unbelievable amount of time it would often shaved off uh again
23:59 three to nine months on most of the projects that i used to engage on with this effort and and you know at the end
24:06 of the day uh it's not just that it saves incredible time it also provides peace of mind because at the end of the
24:12 day security is all about trust both you know trusting the products just in in the vendors that they're doing that
24:19 constant work of updating their appliance or their technology because it's not a one-and-done it would be awesome if this was set and
24:25 forget technology but let's face it the actors aren't just sitting there with okay well this was
24:31 the last exploit i've written and i'm good so those signatures uh the discovery here
24:37 is so all the technologies that go into identifying accurately the threats
24:43 must be you know a part of this purchase decision or this acquisition and understanding how those
24:49 results are executed and executed over time uh is also valuable right and uh
24:56 you know really the testing again saves folks you know potentially
25:01 hundreds of thousands or millions of dollars and it's one of those things that i'm constantly you know champion
25:06 i'm very passionate about you know organizations making choices based on data and knowing what those products will do
25:13 in the deployment as opposed to relying on datasheets for potentially outdated or on
25:19 just really stretched truths that is all too often the case
25:25 in this space so again tim and i did this for quite a while before we joined jennifer uh have an
25:32 enormous amount of experience and third-party testing is an invaluable resource for every organization in order
25:38 to help them in selecting the right technology for their
25:44 real quick so uh this is our our research effectiveness so uh
25:50 for those who don't know me i am all about the security of my performance is pulling off the packet
25:55 want to see who can stop the bad guys i'm pretty rough about that as kate knows um we're doing well um
26:03 i'm not done but we're doing well i don't think i'll ever be done because i'm not going security uh
26:09 you know uh we have you know nss which is now cybering uh we did well in the
26:14 data center that was a pretty you know extensive test um we have a double a certification sub ratings
26:21 uh netsig open for those who don't know with an open source testing uh architecture that is being built with
26:27 a lot of people built into it um it's a lot of vendor driven testers uh the testing houses like excuse fire and also
26:32 parts of it and they're making an rfc for testing of ngfw specifically so that
26:38 everybody can test that's the whole idea is that you can anybody should be able to run this you know and get results out of it um
26:45 nets and movement is actually not tested by that organization it's tested by third-party testing houses and they certified the results so there's not
26:52 even like i couldn't influence those results if i wanted to it's another group of people out there um and then we
26:58 have icsa labs that um we keep doing really well with uh and uh
27:05 you know it's like i said i'm i don't think security's ever done you know it's like every year every day
27:11 every minute something new comes out and the fact that we can keep doing this over and over again shows that we're investing in the security we're trying
27:17 to make secure product we're trying to improve right because it's never we're never done like i'm never going to
27:23 be done i don't think i'm retired ever no security is a job that'll go long
27:28 past our four year levels so one thing of interest in particular is that the icsa test as i've mentioned
27:34 before right transparency clarity what are they doing they do a great job on for example false
27:39 positives right the bane of most office teams and frankly their headaches waiting because obviously chasing false
27:45 alerts that distract you from the rest of the job in particular right the real legitimate threats uh it is a nightmare
27:52 for every team and so uh we've achieved awesome results to touch on that a second but uh
27:58 specifically this test is composed of the threats that are actually um what support and are part of the verizon data
28:04 you know the peak dvd-ir right so that the annualized uh the breach report that
28:09 verizon writes and icsa labs is a sub-entity of verizon uh is what feeds
28:16 with threats and so these threats are run through this technology within 24 hours of receipt so they are very very
28:23 new and they really challenge the technologies deployed but tim what positives are box i can get on my
28:30 noses um okay so those of you who don't know what it is called fall positive is i'm sorry i tend to talk best um it is
28:36 whenever you block something non-malicious right so you block your ceo's email
28:43 right you killed the web server because it started blocking all of the incoming traffic because someone changed the website and didn't let you know
28:50 right all of a sudden amazon goes away uh they are the most expensive thing the bridge can be bad the next one you need
28:55 for your team can be bad but you some legitimate traffic that your company needs can be just as bad
29:01 right um so whenever we look at false positives and i csa like you said test something
29:07 well we get we don't block bad things we don't we don't block things they're not supposed to be blocked to be more
29:12 accurate right um you want the bad traffic block you know it's a good chance that you can pass by
29:17 and that is where the the strength of the security effectiveness comes in right you only want to block the bad guys so
29:24 if you like think of it like there's a police officer at the gate here like i'm blocking all guys wearing
29:29 sunglasses well that's not a realistic you know expectation right um but if you have a
29:36 very precise description of a reps and you're like okay you know six foot one his name
29:42 is tim you know he's wearing a kilt like okay well you probably got a good chance of catching the right guy um so that's
29:48 where false poses really come into play it's like you don't want to block stuff that's that's that's company impacting but you want to stop
29:54 all the bad guys from getting at the same time and balancing that the threat versus the impact on the
30:00 network the negative impact on the network is where you really want to watch yourself because security is only as good as the product
30:06 if you go to a company and you have a lot of false positives they're answering my experiences that hey they turn off
30:12 the security they pull the box out of lines and then they call the company they
30:18 bought it from and they're like you blocked my ceo's email and that is not a good conversation i did support it for a long
30:24 time so the fact that we do very good at fall positives is also like it just shows
30:30 that we are trying to make sure that the bad guys get stopped the good guys you know do what you're supposed to do keep business rolling
30:40 you know specifically the data center right so yeah just folks there's results in all these tests available for you to
30:46 review and uh you know as you can see as i build the slide right
30:53 so uh so these are not our results this is netflix open um these are all published on the
30:59 internet you can go to the website look if you want to i just pulled the numbers out um yeah so we did this first time
31:05 right we missed the next place and i was like well that's not cool so uh we went back and worked with the
31:12 engineering and we found out we had some signatures that were there they just didn't fire right and so uh
31:19 and some of them were turned i think one of them wasn't even turned on in the default for a while so we turned the signature on we fixed the ones that were
31:24 broken we added to it we fixed it and we went back here we missed one one exploit
31:32 you know we still have things to do but we're still growing we're still we're still improving we're ever ever improving um
31:38 you can see the other ones i'm not going to beat up on the guys with some screens um again here you know
31:44 4 699 effective this set of uh
31:50 of exploits is huge it's a lot of bad traffic this one's a little bit smaller this
31:56 one's huge that's a lot of numbers what is it 2300 explanations
32:02 um it's a it's a sizable amount it's not like you know um but as you can see we're constantly trying to work on
32:09 you know making the product more secure speed is cool you know i like speed packets that are cool but like stopping
32:15 the bad guys but it's got to be fast while doing the job it's supposed to you have to do the work with them
32:21 exactly all right well folks i mean clearly you know we've ran through a great deal of material here right
32:26 there's there's reference links um and we can certainly point you to this as well uh both on our website as well as
32:31 you know on the respective organizations right the the data is robust and again
32:37 you know having that confidence having the ability to look at a third-party test and look through you know how it
32:44 was configured being able to scrutinize what's in there and how well it matches your own environments that you can best
32:49 understand uh you know and how the test is how the vendors fare and how repeatable it is when you get challenged
32:56 about why did you choose x or why did you choose why then you've got you know quite a bit of
33:01 ammunition in your pocket to pull out and of course support the choice so that you know you could defend the
33:06 organization's choice to pursue that and really to to you know deliver him and of
33:11 course you know if you want to talk more about how to you know run little concepts or test yourselves if that should is that your stick but you know
33:18 tim's done this for decades so uh i would definitely talk further so any questions uh with that and uh
33:24 perhaps the slides so perfect you made it at the very end we were like you know like oh it sounds
33:30 like he's just starting let's sit down and listen to like any questions he's not just starting
33:49 you know you can just like pick uh this was third party testing and why
33:56 data shapes are not always truthful okay and so uh
34:02 i think this is gonna be you have to ask her when it's gonna be available i have no idea
34:12 i don't think they're going to go through their whole deck again but it's up to them we love to kick out of this stuff so
34:18 okay that's what have for this all right well thank you everybody certainly appreciate the time