Home Podcast ThreatTank – Episode 4 – RSA
Applications

ThreatTank – Episode 4 – RSA

About The Author

Outline

Stay ahead of cyber threats with the latest insights from our security experts.

 

Subscribe now to receive:

An Introduction to ThreatTank – Episode 4: RSA

Tom Gorup: Welcome to Threat Tank, a podcast covering the latest threat intelligence, threat response and insights about the security landscape around the globe.
I’m your host, Tom Gorup, Vice President of Security Services here at Edgio. And joining me today is the Richard Yew, Senior Director of Product.
How you doing, Richard?

Richard Yew: Not bad, pretty good.

Tom Gorup: How are you doing, dude?

Richard Yew: Long time no speak.

Tom Gorup: Indeed. You and I have been hanging out back-to-back, and it’s good to be on the podcast today. So today we’re covering RSA. To your point, we were last week hanging out in San Francisco at the Moscone at RSA. So we’re going to jump into that.
But before we jump into that, I have to do the icebreaker question, and as usual, Richard has no idea what this question is.

Richard Yew: Here we go again…

Tom Gorup: Yeah. So here it is, man. So, for a minute, imagine your life is now a video game. Imagine that for a minute.

Richard Yew: OK

Tom Gorup: what are two cheat codes you would have and what would they do?

Richard Yew: Oh, that’s easy! Like, I mean, like, like be able to walk in like 3 XS. Well, I don’t know.
You’re saying two cheat codes, right?

First one allows me to walk through the wall and walk through the ground or walk to the sky. That’s one cheat code.
Well, what would be the other one? Well, infinite resources. So, we can no longer play the video game because, like, you got everything from up already.

Tom Gorup: The reality is, is that the only cheat code you really need is infinite resources. You’re pretty much in good shape there.

Richard Yew: I mean, I mean walking to the ground, I mean like it’s cool but you don’t you don’t need cheat codes for that because I most games nowadays like you walk in a wall and you get stuck and you walk in the ground and get stuck anyway.
So the other cheat code I’ll have as a bonus is to be able to do T poses right so in most FPS right you see you see a character this is rendered but not functional that they have a T pose so I’ll love to have that.

Tom Gorup: The broken NPC character does. So yeah, it’s good; I agree with your infinite resources. I think that’s a good cheat code to have.
The second one. Life, at this point, is a video game, so it would be equivalent to unlocking the map, except just unlocking, unlocking all knowledge, all information readily available. It’s kind of like, you know, I’m imagining the map in like Warcraft or StarCraft, like it’s all grayed out. So removing the fog of war.

Richard Yew: So you’re looking for a map pack.

Tom Gorup: That’s right.

Richard Yew: That’s cool. I mean like maybe we live in simulations anyway.

Tom Gorup: So we should go down there and maybe we’re going to pivot this podcast and let’s talk about the simulation for a minute.
No, well, actually, we are talking about RSA. So it might feel a little bit like a simulation sometimes when we were out there.
So prior to last week or and even during last week, we had some big releases.
We had ASM, Attack Surface Management, Client-Side Protection and during the event, we released our quarterly attack trends report. This is the second version of that covering all of Q1. So that was pretty exciting. What were your thoughts around that?
How do you think that went and were people interested?

Richard Yew: Oh well, I mean that that was a really busy ASM like RSA. Alright, keep saying ASM but yeah like I think it’s one of the best ever. I mean, it’s really good. I mean, I’ll definitely say, I’ll quantify that it’s definitely like at least 400% better than last year. I think I’m being very conservative when we say that it was great to have the opportunity to show the new product and features for you know, all the visitor who comes by.
We appreciate the time; we’ve done a great deal of demos, to the point the Head of Engineering, Mark Brocato, is like, how’s it physically possible to do this demo, two persons on the goof right with two SEs?

So I mean it was great. I think one of the other highlights obviously we got to spend a lot of time with like industry analysts and even media people. So, got some really nice scoops about, you know, industry trends, you know, like whether we’re on the right path or not. So that was awesome.

Tom Gorup: No, it’s great. I think those are; those are perfect starting points like, so I agree. I mean, our booth was so busy that just having the two SEs and even ourselves wasn’t enough to keep up with traffic.
What were some of the things that you were hearing from? I would call them future customers but all the people you know coming by the booth what were some common perspectives that you were getting or what were they excited about I guess specifically with Edgio or even about the I don’t want to be Edgio specific here too like even about what they were seeing on the floor.

Richard Yew: Yeah. Well, you know, it’s funny, like security industry is so big and you know, when you release a new solutions you think that people already know about, this solutions and and then we find that there’s actually well we’re actually surprised by at how much we actually take like people’s like context for granted like for examples there are their practice where like, hey do you have stuff that inventories all of your web properties, you know organizations, do you have a continuous threat exposure program, in your organization’s right management program. And we talked to large customers and small customers, right? A lot of these things that you think that we should be taken for granted of was actually not a familiar concept for a lot of organizations. So, which is great, right?

We have a lot of topic to talk to people about. There’s always good ideas to share. We’re not always selling you stuff, but what we’re talking about is there’s a bit of that thought leadership opportunity to ever provide an option, an additional option, an alternative viewpoint to customers. So that’s definitely one thing.
Obviously, you know, like the way we release ASM, right? This basically makes us the first provider in all industries in the adjacent Edge Web Application API Protections company to actually have Attack Surface Management that helps you also do manage inventories. So, this is really something that people don’t expect out of us, right?
So, surprisingly, we have to, like, we’ll have to explain hey, why does it make sense, and why is it why is there great synergies, right? And it’s not something that people naturally thought about, but you know it makes sense.

It’s kind of like an iPhone, you know? Does it make sense to have a phone that does not have a button? People are used to BlackBerry of all the buttons, but then you probably just touch screen everything. Oh, interesting. Think about that, right.

Tom Gorup: Yeah, it was actually funny. I was listening to something yesterday. I can’t remember what it was. But yeah, this guy said, what if I told you to have two dishwashers and you put one, you buy a little magnet and you put your clean dishes magnet on the one that’s been cleaned and your dirty dishes or washing dishwasher for the one that’s being cleaned where you put your dirty dishes on.
And in that case, you always have clean dishes, and you never have to take really take it out of the dishwasher or load the dishwasher. It’s kind of just a constant flow.

So that’s not a horrible idea just to have a clean and a dirty one, but it’s just introducing the world a little bit differently, right, having to look at it a little bit differently.

So, in our last podcast, we went in depth with the Attack Surface Management. So, I definitely don’t want to go too deep there.
But I agree with you. In the conversations that I had, a lot of it was like this makes that asset inventory so much easier because it’s consolidating it into a single platform. It’s not just the assets, too; it’s the underlying technology stack that’s sitting on those applications being able to do both of those at once.
So, I’d say, you know, congratulations on that release, that’s exciting, and I know we got a bunch of free trial customers that are  actively checking this out right now, and I’m excited to see even more there, and from a SOCs standpoint that’s a super power for us to have that perspective.

Richard Yew: So, so well done and Congrats on that congratulations to us all. I mean, like all of us like you and I have been working on these things together, you know, our teams like since Day 1.
So it’s amazing how fast we can turn that around, and really, it’s really great valley at enhancements. In fact, I’ll say it’s a game changer for how we do security going forward.

Tom Gorup: Agreed 100% it’s going to change for all. So from that spinning off from there stepping away from our booth and starting to just walk the floor, what did you see? What were the common themes that you picked up from all vendors at RSA this year?

Richard Yew: All right. Well, in order to describe that. Right. Tom, you and I are going to we got to pair up, and we’re going to sing a song. So, I’m going to start like, oh McDonald have a farm.

Tom Gorup: E-I-E-I-O.

Richard Yew: Yeah, yeah. OK. So it’s funny but I remember we’re doing this one minute skits, you know, during the during the show. Right. I was speaking, I was cracking a joke about how, like last year if I would get a dollar every time I see zero trust. Right. I’ll be rich after that week, right?
And then this year, I mean, I’ll apply, I’ll say the same thing, but this year is going to be like this year’s AI. So, obviously, I’m not well. I’m probably being a bit facetious here, but you’re thinking about this, right?
It makes sense because really, with AI coming in the right, it really gives the attacker a lot of capability to like even like a low-skill attacker can now generate attack scripts can now do recons, can now do pen, you know, pen tests, you are an actual attack right. So you can do a lot of things but also from defender side, it’s really help us.

You don’t like to improve security, improve the security operation, especially security operations, right? Especially every like tech industry is kind of tough nowadays. You know everybody’s trying to like figure out to cut costs.
So, then most security team has to figure out, you know, what to do, like how to do more with less because you know the amount of new CVEs that came out that they don’t care how the economy is, they don’t care what’s the interest rate, is the CVEs going to keep going up? But we care as a business, right? You know, we’re going to have to, we have to allocate resources accordingly.
So, how do we fix that problem? Old McDonald’s comes here.

Tom Gorup: Yeah, 100%, yeah, that’s what I saw. There was AI-powered, AI-driven X, right? Just kind of over and over and over again. It gets to the point was like, yeah, I got it. You use AI. What problem are you trying to solve?
For me, that was every conversation I had was like, OK, what are you solving?
Because you’re right, like AI solved some big, big problems, but your approach, your method of how you’re leveraging it, and what specific problem you can solve for me is super powerful. We are seeing attackers use AI to iterate on their attacks, right?
Because they’re able to see the response code and then use AI to adjust the payload accordingly as they’re traversing those attacks or iterating on their phishing emails, right?

Like I used to joke that the attackers weren’t getting smarter. They’re just getting better at writing English and these days like now they’re using AI, they can write it in any language and be just as effective.
So it’s allowing attackers to scale their attacks and it’s also enable us defenders to scale our capabilities as well. So exciting, but report maybe a little bit exhausting as well.

Richard Yew: One of the really, really important things that AI can help us to do, it’s really the ability to put two and two together. It’s like there’s a whole correlation engine that you can build with that. Like I mean, I always, and I don’t come up with that data. I think credit goes to our friends at Cisco there.
You know, one of the VPs in the podcast talks about how there are so many systems there, there’s a bend of sprawl, and there’s an alert flaw like sprawl nowadays.
I mean, three different low-level alerts from, say, a network firewall and IDS. Your WAF may ignore them if you treat them as individual isolated cases.
But when you have a correlation engine powered by AI, it puts two and two together, or in this case, three and three together.
These three low-level alerts might result in high-severity alerts, you know. A lot of data breaches kind of get slipped by because they don’t have; the teams are too busy and too siloed to actually be able to put two and two together and actually detect actual threats and vulnerabilities to your organizations.

Tom Gorup: Yeah, 100%. That’s what excites me about AI. I believe it lowers the barrier to entry for security as well.
When you’re able to kind of have a guided assistant that can help drive you. Not only providing guidance about what you should look at, or look at a large data set and provide you know, bullet point insights in a relatively quick manner, but also helping you guide based on internal processes. You have your documented procedures for how you manage incidents.
Why wouldn’t you be able to leverage AI for that?

I remember a buddy of mine; we were on vacation. It was probably man, like 12 years ago. And we were kind of dreaming up this security bot like a pet, like a virtual pet, that you would carry around with you from business to business as a security analyst. And then each of those businesses would have some sort of translator if you will. So they could use Splunk or they could use ARC site or whatever, SIM. They could use Palo Alto firewalls or F5 and they could use all this different technology and use the security analyst.
It wouldn’t matter because your virtual assistant would act as that intermediary, and it would learn about you, what you like to look at, what kind of questions you typically ask, what news you read, and that sort of thing.
It’s like it’s a thing now, right. You can start building these sorts of capabilities, and that’s pretty exciting. Exciting to me.

Richard Yew: Yeah, yeah, for sure. I mean, it’s really new frontiers. In this sense, even though we kind of always joke about AI, you know, now everybody loves AI.
But I really think that this is going to be something that everybody can utilize, and the market’s not wrong, right? We just need to know how to grasp that and really take the best advantage of what AI can offer.

Tom Gorup: Yeah. And you know I’ve made a joke, actually. Well, we’re at our say it’s like, yeah, we use AI as well, but we also and make it a slight pivot into the industry analysts. I remember talking with one of the analysts. You might recall this as he was actually a little excited that we didn’t lead the conversation with AI, which I thought was pretty interesting.
So, to that end, we spoke with a bunch of analysts. What’d you hear from those guys?

Richard Yew: Well, well, I think there are a couple of concepts that nowadays like getting picked up in the market.
You know, obviously, there are all the validations from analysts regarding what we’ve been doing and where we’re going.
One of those things that have been pretty hot in the market is the idea that organizations are starting to find the need for what they call a CTEMP or Continuous Threat Exposure Management, right, CTM.

Part of that is being able to change from reactive to proactive. In fact, I mean, there’s a new word to read and learn, but no, now there’s not enough to be proactive. You got to be pre-emptive to the attack, right? You got to anticipate the attack and be able to mitigate that before it even happens.
Part of that goes back to like having the ability to continuously, you know, make sure that you find, you know, deal with any exposure.
Security is not a one-time thing, right? Security, security is a continuous thing. There’s no start date and end date for a project called security, right? So, in this case, I think it’s Gartner’s right.
Gartner’s has stats, and don’t I’m just going to ballpark it right that by 2026, organizations that utilize this and adopt a continuous threat exposure management program will be anywhere between two or three times less likely to suffer a data breach. That’s really what we’re talking about. We’re not talking about 20 or 30%, we’re talking about two or three times.
That’s a step change. That’s the kind of exponential solution that we need, right, to deal with exponential problems, right?
So you got to have adopted new paradigms.

So this is really a great takeaway and really aligns with what we’re doing with our new products, like client-side protections, which inventory all of your third-party scripts and calls on your website or as well as ASM. To be able to constantly monitor and notify customers of exposure.
So we’re going to be obviously very good indications of where our company is going when it comes to the future of our security solutions.

Tom Gorup: Yeah, yeah, it’s huge continuous threat exposure management where we look at, you know, years prior something we saw like a pivot in the industry that phishing, the human was the weakest link.
But just a couple of weeks ago, Mandiant came out, and they said they saw a 50% increase in attacks in zero-days attacks and the number one threat became vulnerabilities, that’s how attackers are breaking into companies now.
So we’ve seen this kind of parallel shift go from early security, whereas, you know, hacking the Gibson. Then that was kind of over, and they started targeting human rights because people got a little bit better at vulnerability management. We had firewalls, all these protective or preventative layers that sit in front, and now that’s shifting back into leveraging zero-days.

It makes sense, too, when we see, you know, AI is starting to be more prominent and being able to iterate faster, maybe looking at it from a fuzzing standpoint but using intelligent fuzzing with AI. So it’s there’s a need for this continuous threat exposure management, this awareness and process of continuing to reach and get better at it.
Another one I think we heard, too, is the automated moving target defense. What’s that that sounded pretty, pretty interesting as well.

Richard Yew: Well I’ll just say it’s still a learning process for me. So, but I think the idea is, again, it goes back to the idea of being pre-emptive. We’re in proactive right. You like security. We’re living in the UDA loop right? Observe, Orient, decide, act, right. We’re trying to constantly get ahead of our attacker and you know this thing’s one of our endless friends.
I want him as AMTD. This is honestly the first time I heard about that, you know, during a conference, so I learned something there, and it’s something we should definitely take a look into. It is a very It’s probably on the far-left side of the hype cycles right now. But I think there’s a potential for this to become a thing.
I think the idea is to be able to create like diversion this person, you know, like countermeasures, you know, like to mislead the attackers, to minimize the probability of. So it’s not just about mitigating the attack to your system when the attack happens, but it’s to mislead the attacker so that they hit something else, that’s not the intended target in the 1st place, right? So it it sounds like an interesting space that everybody should be looking into.

Tom Gorup: What it reminded me of is like like a zigzag, like you’re getting shot at and you want a zigzag, You just want to be able to move faster than they’re able to keep, keep a target, keep a lock on you.
I think it’s an interesting concept for sure to keep an eye on, especially as we start thinking about more secure by design is that I really do think that that’s a prerequisite of a solution like this. You have to think about how can I make my solution agile and make it able to move and maneuver that way. Interesting, interesting concepts and definitely keep an eye on that.

Richard Yew: Yeah. Hey, you want you want to talk about your report, I heard we did a thing, you know.

Tom Gorup: Yeah, the quarterly attack, I appreciate that. Yeah, we spent a lot of time on that. That was a lot of work the team put into that. But yeah, our quarterly attack trends report, there’s some pretty cool stuff I was going to mention earlier too, like one of the many ways that we’re leveraging AI was kind of represented in that report.
Actually there’s a couple, right, Bot management and how we do a lot of API discovery work, a lot of that’s leveraging machine learning and AI. And then, we also had the news analysis; our AI poured through about 40,000 news articles.
And what I thought was pretty interesting that we pulled from that was the top five weaknesses that resulted in CVE’s.
So, less about the CVE themselves but more about, hey, what was the weakness that caused this product to end up in the news and talked about, and what were the top five that landed you in the news and, and that’s in the report.
So that was that was that was pretty cool. It’s good stuff, and I saw some good responses, too.
We had one printed out there at the booth, and watching people thumb through it, ask questions, and get pretty excited about it was pretty fun.

Richard Yew: Well, that’s when you get to the point where somebody says, can I just bring a copy home or like, I’m sorry, this is a display copy, you know, you want like that sorry but it’s not you don’t have to buy that just leave the audience.

Tom Gorup: We were still at the RCA Books RSA bookstore upstairs.

Richard Yew: Yeah, like $0.25 per copy. It’s going to be worth more than 250 bucks. Yeah, but I like it; congratulations on the report. I think this is amazing. I think this is our best and most comprehensive report thus far.
I, you know, I actually learned something new. I learned about the ORB network from reports, so that’s really interesting, yeah.

Tom Gorup: ORB networks, an interesting concept, an interesting shift in tactics as well, you know, makes things a lot more complicated. What do we have something? I think it was 37% of attacks were sourced from residential networks.

So home networks are, in essence, home ISPs, and it’s really breaking. You know, we knew Geofencing was dead, but this kind of doubles down on that problem when over a third of your attacks are coming from people’s homes.
You know how do you manage to that. So yeah, paradigm shift and some pretty good data in that report, and more to come.
I mean, I’m excited to start adding perspectives and unique views from an ASM standpoint as we start gathering some more intelligence there and sharing it with the world.
I mean, that’s the objective of this report, right? How do we make the Internet safer?
It’s a team sport. We all need to be working together, and any insights that we can glean from the 10.5 billion blocks that quarter or, you know, the 4% of Internet that we cover, we should be sharing that intelligence to make everybody safer.
So I appreciate that, and it’s exciting.

Richard Yew: It’s like, I love the threat intel that will be able to show it’s not just utilizing in our products, what we’re saying we’re in the information age, like information and data and new oil and it is cliche and everything but I mean it’s true though like I think it’s really part of that is really help us you know share those knowledge to our customers to everybody.

Tom Gorup: 100%, and you know, the other end of that data is power in that sense, we’re seeing a lot of, you know, nation states that are using zero-days as a commodity like it’s a resource that they see their country producing, and they don’t want other countries to take advantage of that. And that’s where this world of increased zero-days that we’ve been seeing.
It’s a result of them storing and collecting those, and at the end of the day, the world we’re in is a commodity, and it is important. So we need to share the other side of it with the defensive side to make everybody safer.
Other than that any other insights any closing thoughts about time and RSA and everything that happened

Richard Yew: I’m supposed to plug I’m supposed to plug on a new product so yeah, but we spend so much time on ASM.
I think, well, that’s the other thing that you know, we kind of know this and we got other questions because like that was the other thing that’s going on in our industry, especially more in the GRC like side of the things, right.
People are making a killing about I guess about this is obviously the new PCI DSS 4.0 I believe we’re in grace period right now.
This thing just announced and I think a lot of the new requirements from PCI so specifically around say 642 and 643 there are going to be a force starting March 2025 if I don’t get my dates wrong here. And we’re starting to see a lot of, you know, like plays and market-like marketing.

How we’re going to help customers make sure that they you know, they can fulfill all of the PCI-DSS 4.0 compliance.
You know, we’re already in mid-May, we wanted right in the middle of the second quarter. Time flies so quickly, you know, like very certain we’re going to be going to like holiday lockdown whatever. So, what do you need to do to get yourself compliant with PCI, you know, as quickly as possible?

Obviously we already have our customers cover a lot of the PCI requirements, you know, historically, but you know this year we released our first Client-Side Protections solutions and this is going to be the core of fulfilling the new requirements specifically around DSS 4.0, I think it’s called requirements 6.4.3.
It’s the need to be able to constantly inventory your scripts especially on a payment page because that the whole reason behind the needs for doing this is because a lot of the websites are being infected by you know, credit card skimmers. You know the most famous Magecart, right?
So, obviously, the PCI councils have determined that it’s critical for organizations, which I agree with, right? E-commerce sharp, to protect end users against these types of digital electronic devices, like credit card skimmers.
So you know we’ve the introduction of client-side protections from Edgio. We are able to help our customers cover this type of use case, which ultimately really helps customers stay compliant.
Well, I mean, well, it’s more like, on the surface, stay compliant with PCI compliance, right, 4.0, but ultimately make sure that the end customers, the end users, are protected because that’s all that matters.

Tom Gorup: Yeah, it’s great. Yeah, making sure that they can make transactions in a secure way.

Explain to me a little bit how does Client-Side Protection work? What, what is it doing? What does it look like under the covers?

Richard Yew: Oh yeah. Well, I mean, like, it just popped the hood open, right? I think, at a high level, you know, what we do is that we send some directive to the browser to say, hey, you know, for this particular domain, this particular website, tell me everything that’s going through the websites, right? So we’ve instructed the clients that we have technologies with clients to actually gather those data. So, we’re able to see every single request connection that’s going through, you know, a website. And you’ll be surprised every time you load a web page like, say, a car shop or a clothing store.
There are actually hundreds of soft resources, CSS, JavaScript, web font, images, you name it, right? That’s happening.
So, and a lot of times are coming from third party, there’s a steady huge amount of that resources from the typical website nowadays are loaded from a third party, right? So, so you’re susceptible to this kind of supply chain attack.
So, what the Client-Side Protection do, is to be able to get her an inventory those third party call or first part.
I mean, like all of them that need each have visibility on, and then we give customers visibility on our dashboard, and then we also give them the options to say, hey, this weird API call doesn’t look right; why is this making a call to a suspicious third party?
Is this collecting credit card information or user PII and trying to phone home to remote collectors for that?
So we give customers the ability to block those on a browser site so that the client, in this case, client, means browser right or any user agents right. We can instruct them to stop making connections and ascend, effectively blocking any vulnerable request to prevent a data breach.

Tom Gorup: Love it. Yeah, it ties right into, you know, I always say, security postures, visibility, exposures, and threats.
This gives us visibility into the end users and what’s happening to their clients, right?
Because that’s not often a gap from a protection standpoint. It’s like what’s happening way over there on the user’s machine.
Well, this is opening up, you know, shining a light, giving us visibility into that world and actually being able to stop it too, like effectively whitelisting, right? Like, here’s what it can do and can’t do.

Richard Yew: We really provide very grand layer sophisticated mixing because we recognize that we work with all types of customers, large and small. Certain customers require a lot of very granular control of what a script can and cannot do.

So with our Client-Side Protection, we really provide an extremely powerful configuration of engines for you to drill deeper into how you want to control your script, or I mean, if you’re one of those organizations which I just want to be compliant, I just don’t want bad stuff to happen.
There are basic best practices, you know, configurations, and of course, I mean, we have our soft team and our security, like enterprise security teams, here to really help our customers make the best use of disk protection and always stay on top of whatever compliance requirements that our customers need.

Tom Gorup: Yeah, 100% that that’s the challenge, right. That’s why I love that, you know, really explaining not only the PCI, the compliance requirement that comes with the Client-Side Protection but also how it works and why it’s important to use in the 1st place.
And oftentimes that’s difficult to keep up with, especially if your focus isn’t security. So, being able to lean on your security provider, your security team to provide those insights and help you make a good decision and not only that help you configure it, get it deployed and manage it for you. I mean that that’s powerful, that’s pretty powerful.
You’ve been a busy man, Richard.

Richard Yew: It’s been great. Again, going back to RSA like this has been one of the most productive years in RSA and everything we do leading up to RSA to like set us in the position to, you know, really showcase the really neat improvements we’re trying to do with market and well I’m glad you know that we we’re able to like the response to like those new hopefully innovations right resonates right.
We were able to talk to, you know, a lot of great people, customers, endless competitor colleagues, and industries.
It’s such a great time to meet up every year and see what everyone’s been going through. You know the industries, a lot of companies that we talked to aren’t here anymore. I think there are a lot of new companies popping up right every year.
This whole industry is going through a lot of change and it’s going to go through a lot of change in the future.

Tom Gorup: Yes. Yeah, there’s been a lot of consolidation, a lot of partnerships, yeah, some losses along the way.
But overall, there is a lot of moving and shaking in the security industry, and it hasn’t stopped for the last decade.
I don’t, and I don’t see it stopping anytime soon, especially now.
AI is coming into the picture, and we won’t see old MacDonald over and over again, but you know it is; it is a game changer.
It’s pretty revolutionary, you know, from that standpoint.

Richard Yew: Well, the good Old MacDonald, he, he’s going to live for a very, very long time.

Tom Gorup: Indeed, indeed. Well, Richard, I love having you on. This is a great conversation. We’re at that time.
So once again, everyone, thanks for joining us on Threat Tank.
To stay up to date with Blaze Threats and Intelligence for Edgio, subscribe online to edg.io.
You can go check us out over there, check out the quarterly attack trends that’s over on our website.
Check out & up for our free trial of the ASM. Come take a look at it, put your hands on test drive it. I think that’s the best way to really find out if something’s going to work for you.

But until next time, talk to you guys later.

Richard Yew: All right. See you guys.