We sat down with Liviu Arsene, a Global Cybersecurity Researcher for Bitdefender, Liviu has a strong background in security and technology and talked with us about both the Bitdefender Box and Bitdefender Premium VPN as well as some general Cyber security topics. Get more information about Bitdefender at https://bitdefender.com.
Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future! Christian Johnson will bring fresh and relevant topics to the show based on the current work he does.
Support the Average Guy: https://www.patreon.com/theaverageguy
You can contact us via email at firstname.lastname@example.org
Full show notes and video at http://theAverageGuy.tv/cf064
Podcast, Cyber Frontiers, Liviu Arsene, Bitdefender, VPN, Bitdefender Box, iot device, vulnerability, security, home network, router, connected, IOT, update, solution, internet, access
Find out more about Bitdefender at https://bitdefender.com
Jim Collison [0:12]
So we are here with Liviu Arsene. He’s the global cyber security researcher for bitdefender. And Liviu thanks for joining us on the show.
Liviu Arsene [0:21]
Thank you for having me.
Jim Collison [0:23]
Give us a little bit of background on you just a little bit about who you are, what you do, how long you’ve been at bitdefender. Let’s just get to know you a little bit.
Liviu Arsene [0:31]
All right, so as you already said, I’m a global cyber security researcher for bitdefender. I’ve been with the company for the better part of a decade now and close to celebrating my 10 year anniversary with bit defender. my current role is actually interfacing with research and investigation teams, and do malware forensic analysis. So basically, what I do is try to, if you will interpret the really technical language and the really detailed, researched investigations that comes from our forensics team, and try to present them in a way that even our marketing guys can understand what to do with them. So if you even look like me, right? I was kind of, I’m kind of like an interface between these two, two branches, two worlds. So this is kind of like my main focus. My main focus right now.
Jim Collison [1:22]
And so it’s a pretty boring space right now. Right? Not a lot going on in that area. And not a lot of things happening. I imagine you talking about?
Liviu Arsene [1:30]
Well, that’s not true.
Jim Collison [1:32]
Yeah, I imagine every day is is a firefight. Right? Is that in cybersecurity?
Liviu Arsene [1:37]
Exactly. So there because, you know, nobody ever sleeps, you know, Stay Stay Foolish, stay hungry, stay awake. And pretty much everybody stays awake all the time. Both security researchers and the bad guys. And I have to say that sometimes the bad guys give us a run for their money. You know, they, they are, have begun to be just as skilled as knowledgeable and as if you will organized if you will, as you know, security companies or security teams, they they begin to act as outsourcing companies. But you know, if you go to the dark web, for example, you can just contract these guys. Give them the technical specification, the brief of what you want to do and how you want it to be done. And they will get it done for you. For the right price. Of course,
Jim Collison [2:19]
sure, we’re keeping them plenty, plenty busy with an election coming up here in the US. And it seems like everybody wants to have be a player in that whether it’s legitimate or, or not. And so we’ll get we’ll talk a little bit more about that your cyber security and some more of that here a little bit later. We we brought you on initially to talk a little bit about because there’s two appliances that shouldn’t say it that way. There’s one appliance and one service that you guys have that that I’ve been using for a long time. You know, it on Home Gadget Geeks, we often try to talk about or I try to be bringing some of these complicated projects or complicated services down for the average guy, right? That’s kind of the whole idea what we do. And I’ve I’ve we’ve been using pf sense and some of those kind of more robust internet filtering and and you know, kind of services. A couple years ago, four or five years ago, I came across the bitdefender box and was a box or a you know, it was a box, one user that came out and then a couple Yeah, exactly a little one, the small box, and then kind of redesigned and re engineered. The box two came out a couple years ago, and I want to add those box you purchase. It’s a router. And so it’s a Wi Fi router, it kind of takes it will serve its purpose is serving the whole home as far as giving out IP addresses and guarding the home, so to speak. So So I’ve had that for a couple years. Can you talk a little bit about the appliance? What you know, from that perspective? And why did bitdefender kind of try to get into that space to actually be on hardware to help individuals with kind of protecting now?
Liviu Arsene [4:03]
That is an excellent question. You know, I was planning to do a little bit of history, one on one on the bitdefender box. So it all started about, if I remember correctly, about five years ago, so it was 2015 when we had that little box that you mentioned, like the little coaster. That was interesting to see. Because at the time, you know, people were talking a lot about IoT, but they weren’t really aware that IoT will have such huge market penetration that we will see connected devices, so many connected devices in our homes in the next couple of years. So we thought maybe we could, you know, get ahead of that problem. Know, the problem that IoT devices connected to the internet are inherently insecure and that nobody was actually building any security capabilities into these by coming up with this bitdefender bitdefender box, the v1 as we call it.
That was ahead of its game. We learned a lot from it. Especially the fact that you know not a lot of people were aware of They need such a thing. But in the next couple of years, as it turns out, you know, you, you simply just cannot walk into an appliance store without getting something that’s connected to the internet, whether it’s a TV, whether it’s a, you know, smart vacuum cleaner, cleaner, or even, you know, a food dispenser for your pet, pretty much everything’s connected to the internet these days. And that’s how we, you know, it was a natural transition from the v1 to the box v2, which brings a lot of muscle compared to the v1, for example, it’s, it’s not, it’s now capable to support gigabit connection, it has a little bit more more power in terms of processing power, I think it has a cortex k nine processor, it’s a dual core processor, it also has a little bit more RAM it has, it has support for I think it was AC, Wi Fi.
So you know, it supports, it allows you to even do 4k streaming. So if you want to do that in your home and still download some applications, that’s fine. That’s okay, you can do that. So it has all that mo MIMO application. So it’s it’s pretty, it’s pretty intense in terms of hardware, just as you mentioned, you can use it as a standalone or Wi Fi router if you want to. So that’s the natural evolution of how we went from the v1 to the v2. And now if you take a look at stats, you’ll see that they’re about if I’m not mistaken, 35 billion IoT devices connected to the internet. And I remember recently looking at some of our telemetry for honeypots. Because we have these, we call them deceptive networks, where we tried to emulate most of these protocols for IoT devices. There we go. And we we found out that everything that we exposed online gets pretty much hacked in about five to 15 minutes. So we’ve got about 8000 SSH sessions, I think, within 24 hours and about if I’m not mistaken, 5000 telnet sessions, constantly knocking it at that deceptive network every 24 hours.
So it means that you know, these guys are constantly probe probing for IoT IoT devices to to remotely control. And I was asked at some point, okay, so what’s the point? Okay, you you want to tap into my pets food dispenser? Or you know, my thermostat? Well, what’s the deal with that? I mean, you can’t use that to do anything. Well, actually, you can, there are services, the bad guys out there that rent out huge botnets. And they rent them out, and whoever gets access to them can do denial of service attacks on let’s say, an online retailer. So for instance, let’s say it’s Black Friday, or it’s some it’s the holiday season. And you do you’re expecting a lot of traffic, a lot of customers to your websites. Now these guys use this, this huge army of compromised IoT devices to do a denial of service on your website. And then they call you up and say, hey, how much customers here how much business you’re losing? Because of this one, our denial of service attack? Wouldn’t you like to give us the money so that we can take down the botnet off your website, and then you can, you know, start making profit again. So this it’s a it’s an extortion scheme. And it’s pretty much fueled by vulnerable IoT devices that unfortunately, we plug and play just in our Wi Fi networks.
Jim Collison [8:17]
So if I’m, if I’m, if I have a box, and I’m attaching, so I, you know, I put in some switches or I put in some, some remote light sensors that do some things for me, and I attach those to the bitdefender. Box, what’s the what layer in there is making sure that those aren’t those are being protected as well.
Liviu Arsene [8:39]
So yeah, we have something that’s, that works at the network layer. It’s kind of like a network attack defense thing. Basically, it scans for packets, data packets that contain headers, which tell the device the box, what type of IoT appliance you’ve connected to the Wi Fi, and from that we can say, okay, so you’ve got a new smart plug, for example. What type of what type of device? Is it? What’s the manufacturer, is there a new firmware update that you should be installing because maybe it’s not updated? It also does. Again, from a network standpoint, it’s tries to block any incoming brute forcing attacks on anything that’s exposed online, either through telnet or SSH, or even guys that just do port knocking to see what what port tries to tries to listen or tries to communicate to the internet. So it kind of works like an IDS, IPS solution, but except it’s in your home. So anything that’s connected to it, it will somehow be some, most of the time be protected by these guys trying to probe your network.
Jim Collison [9:48]
Who Shouldn’t we as a community have spent a bunch of time I think pf sense is probably the most common kind of router protection type we’ve done as you think in that that is an endless amount of options. When I you know, as a home user, how do you think Christian? How important is it to make this simpler and bitdefender has made this a pretty? I mean, I’ve set it up. So it’s a pretty easy setup to go in there. From your, from your perspective, how important is it to make that part easier? And for the average user is this enough?
Christian Johnson [10:21]
Definitely, I mean, one of the big limitations or drawbacks of the PF sense solution is you need to have some type of it background to deploy it and deploy it correctly. And while there are plugins and other mechanisms for setting up intrusion detection, prevention, and providing a security posture at the perimeter of your home network, it’s not a drop and go type of solution. Whereas at least with the bit defender offering, it really is getting down to that consumer level of like, here’s the mobile device app, you can see what’s going on, like, you’re not going to have that level visibility at the PF sense layer of solutions for the home. So it’s, for me, it’s it kind of sets that boundary between technical, enthusiastic and average consumer looking for some of the same types of protections. Liviu the bitdefender box comes with both an app and you can access it via the web. But actually I like the the app a little bit better. It’s a little it has a little more function to it. Are you guys monitoring? Is my box getting smarter? I mean, are there things happening inside of that, that I’m not aware of that are protecting me on a daily basis, even while I sleep?
Liviu Arsene [11:31]
Well, I’ll tell you, I’ll let you in on a little secret, when you bought the box, you basically bought the entire bitdefender technology stack. So everything that we’ve developed in terms of technologies for the past 20 years, it’s pretty much bundled into the box, okay, it’s not running on the box, because you can’t run on it. But it’s cloud based, and the box is constantly receiving updates. So everything that we do, on the server side on the cloud side is immediately reflected into the capabilities of the box. Sure, we do occasionally release firmware updates, to you know, fix potential vulnerabilities or, you know, increase performance of the box.
But everything is cloud based. So you’re basically gaining access to the best telemetry in real time, as soon as we find it. Now, you said something a little earlier that, you know, it makes it easier for users to to, to secure their devices. And that was the whole plan, actually, when we develop the box, because whatever, you know, if you think about the reasoning, when you buy a smart device, a smart, you know, connected, smart IoT device, you don’t usually think about it in the way that you would, when you buy a computer or when you buy a smartphone, in the sense that you consider updating it every once in a while you consider installing a security solution on it, you consider changing your password to that device or stuff like that, you just you know, you just want to plug it and play it and play with it. That’s it. And from my experience, I mean, from our experience, actually, we’ve tested tons of these IoT devices for vulnerabilities. And sadly, sometimes when we found quite a few in these devices, whenever we tried to report them to the manufacturer, the manufacturer was long gone. So that means sometimes it happens that you buy one of these devices, you plug it into your network. And if we find a vulnerability or somebody else finds one, the chances chances are you’re going to be stuck with a vulnerable device in your network that, you know, there’s a risk, that device might expose your entire infrastructure.
Jim Collison [13:27]
I think bitdefender also has released like a standalone network scanner that you can run. Are you familiar with that?
Liviu Arsene [13:35]
Yeah, we we have a client that you can install on your laptop, basically. And it scans your network to see whether you have devices connected to the internet, basically that share the same network, the same do the same network and whether or not those devices have patches that you haven’t installed, for example. So whether or not there are patches available that you forgot to install, or didn’t even know that you can install. And the funny another funny funny story is, at one point, we found a vulnerability I believe in a smart wall plug while electrical socket, basically, we contacted the manufacturer, we told them about it, we actually even provided a patch for it. And he was like, Okay, this is all nice, thank you for contacting us. But there is no way that we can roll out the update. Like why? Because we have no update mechanism. Excuse me. So how do you how would How would you update this? Now that you have the patch? Well, the user has to manually, you know, get a USB cable connected to the laptop, download the zip file and flash the device itself. Really? Wow. So you run into all these scenarios in which most IoT devices weren’t even designed by default to accept updates, not even security updates, but updates by design?
Jim Collison [14:47]
I think that was really common a couple years ago. Christian, do you think that’s getting better in the space? In other words, are we getting more IoT smart devices that have that ability to update or they’re at least taking some protection or We in the same boat we were a couple years ago,
Christian Johnson [15:03]
depends on the scope of the device, right? If I’m asking a consumer to pay $10, to have something be plugged into a wall, chances are the update mechanism is non existent and won’t be getting better for the foreseeable future. But if I’ve paid maybe north of $50, for an IoT device, chances are it has some type of Wi Fi or other mechanism where it is regularly getting connected on the internet. And so I think one of the common arguments you would hear from an IoT vendor is well, it’s connected locally, but it’s not really going out to the internet. So the vulnerability is, you know, within your network, it’s it’s not something that can be a method of privilege escalation or a method of compromise in and of itself. And so there’s going to be a conflict for quite some time that as IoT, kind of eats up and consumes the market, especially at the lower end, where it’s like 510 $15 gadgets, those are your most likely gadgets to be a persistent problem to secure and get a regular update cadence on. And and I have a counter counter argument argument for the manufacturer that says, you know, it’s connected to your local Wi Fi network, that’s not a problem. Well, we also found
Liviu Arsene [16:15]
a certain type of attack in which it’s called the proximity attack. You know, whenever you try to connect your device to the IoT device, basically, you’re allowing it to connect through your mobile phone to the Wi Fi network. But if somebody within proximity, he can force a repairing between the phone and the the IoT device, and that’s when when you do the, again, the pairing the setup, you usually have to input your Wi Fi username and password. And that if somebody’s doing this kind of proximity, proximity attack, they will absolutely 100% of the time get your Wi Fi password and Wi Fi credentials, and they can connect to your internal Wi Fi network. So you know, that’s not really an argument saying that it’s a proximity attack. It’s not connected to the internet. So it works. But the biggest problem if, if I may now in the context that everybody’s just working from home, just look at us right now we’re working from home, for example, is that a lot of CIOs and cisos actually believe that these vulnerable IoT devices can be, can be or can pose a security risk for the organization. And actually, I think I read a survey just a couple of days ago that about 50% of IoT CIOs and cisos believe that employees owning vulnerable IoT devices could be a potential liability for the corporate infrastructure. Now, if in case somebody hacks into those compromises their Wi Fi network, and then pivots through their work laptop into the corporate infrastructure, you know, it’s it’s a wild scenario, but we’ve seen it, we’ve seen it happen. And I’ve got another story about that. If you if you’re interested in learning about it,
Jim Collison [17:54]
go ahead and go and set.
Liviu Arsene [17:56]
Okay, so I think it was early, early March or April, we found an interesting attack. Basically, a client of ours actually called in and said, Hey, I got the defender installed, and I got infected. You can imagine the surprise and the support guys, and I go, Okay, so run us through the incident what happened so we can fix the problem. He was like, Look, I got it, I got an email from one of my friends. It had an attachment bitdefender said it’s infected. You know, it’s one of my friends, why would the defender effect would block a file that’s from one of my friends. So I disabled the application. And then I ran the the file, all of a sudden, it was infected. And I tried to boot up with the bitdefender. Again, and what do you know, it couldn’t disinfect my computer? Like, sir, security doesn’t work like that. You know, sometimes, you know, the biggest problem is between, you know, the chair and the keyboard. And in the work from home context, we got another incident in which users users actually called us in saying that the different blocks amazon.com and other, you know, GitHub and other popular websites like that. As it turns out, they apparently installed a piece of malware that hijacked their routers, DNS settings. So whenever they visited, they typed in amazon.com, you know, the DNS settings will actually redirect them to an attacker controlled IP address, and they would get a pop up saying if you want to learn more about the coronavirus outbreak, download this application from the World Health Organization bitdefender block that application, they were like why would defender block an application from the World Health Organization. But it turns out the DNS settings on the router were were altered. So this is another example where a work from home scenario can potentially cause a security risk for an organization imagine bad guys having access to your banner.
Jim Collison [19:46]
Yeah, I spent when we came home, I spent a bunch of time well I’m here right now all the time. So I spent a bunch of time kind of looking at the network and you know, getting some pieces pulled together like what am I doing? How is it set up? How can I help And how can I keep track of it? The the bitdefender box for the for I think I pay $100 a year to have to access to it. And it comes with an unlimited number of antivirus. And I think Internet Security or whatever the product, total security. I think Internet Security SEO is the competitor. And but if the box is protecting me, why do I need the antivirus? Right? I mean, if I if I’ve got a box on the front end, and it’s smart and doing some things, do I really need the antivirus?
Liviu Arsene [20:31]
The short answer is yes. And here comes the long answer. IoT devices, you know, don’t traditionally support security clients. So their operating system don’t doesn’t allow you to have a client in within within it with within the thermostat for example. But there are a huge number of threats out there that are designed specifically for iOS for Mac for for Android. And you know, for Windows operating system, they’re about AV comparatives, or AV test has a list of about 1 billion, I mean estimates, they’re about a billion pieces of malware out there just running around the internet. So for these mature operating systems, you know, Windows, Mac, and so on, you need a lot more protection, because you use them for business purposes, you use them for personal purposes, you download apps, you install applications, they’re they’re far more complex from an operating system perspective. So that’s why you need something locally deployed on that machine. For for the rest, you know, those IoT devices, those smart devices that connect to the internet network security capable solution is the answer, you know that that that’s the only way that you can secure them, it doesn’t make sense to build security agents for each individual operating system, you know, that these IoT devices have? And we have to say that, let’s just see it as is the the the operating system market is really fragmented. When it comes to IoT devices, there’s no really no standard not even for security or, you know, best practices. Actually.
Jim Collison [22:01]
Christian, would you add anything to that?
Christian Johnson [22:05]
Yeah, I mean, one of the things that pretty evident is, even when you have such a largely fragmented mobile device industry, where everyone is picking, you know, Android versus Apple, and then on top of that everyone is on their own version of the operating system. So you might be hesitant to go roll into the trailblazing iOS 14, or you might be hesitant to get that latest patch from Google, you now have this bifurcated attack surface where it doesn’t matter necessarily that you compromised. Or you responded to a given compromise against a version of a phone, because chances are 80% of the people still haven’t updated. And so having something else that’s keeping that in check, when you’re making choices that the consumer about what new features you do and don’t want. I think that’s pretty important. A really good example is when the COVID-19 kind of got in full swing, both Apple and Google started moving really fast on this contact tracing.
Jim Collison [23:15]
Oops, hold on, tap your mic for me, I just I just last There we go. Keep going.
Christian Johnson [23:20]
Until they were able to do any type of public policy position around it to get folks to see like, here’s how we, here’s how we’ve anonymized your data, here’s exactly how the Bluetooth radio is or isn’t talking and using your device. Until all of that came out. There are a lot of folks who probably looked at that saw that in their update and was like, Nope, I’m not going to that release, I’m going to wait it out. And then you know, interestingly enough, even though there was no problems with the original version of it, they ended up redoing the implementation and getting it cleaner. And it was like only two to three months before the next major version of contract tracing, contact tracing showed up. And so just gives you a really good example how it’s not always about the phobia of upgrading so much as it is consumers actually making decisions about what they do and don’t want on their device. Unfortunately, that also places an expectation on the consumer that they’re fully aware of what vulnerabilities may exist on the particular version that they’re at. And it’s not like, if I’m on my Apple phone, and I want to go to my next point release. I don’t get to choose some release between where I’m at currently and what the most recent version is no, like Apple is only going to give you the latest thing that’s available from upstream. There’s no incremental, I want to inch my way towards the top of the mountain. And I think that in and of itself is one of the big reasons why. For a lot of people, it’s all or nothing I either am I’m either patched to the latest version, and I’m secure because we don’t know what the vulnerabilities are yet in that version. Or I’m several iterations behind and I’m probably exposed to either manner major or minor vulnerabilities
Jim Collison [25:02]
Liviu one of the early you know, 10 years ago, 15 years ago, antivirus solutions tended to be bulky, heavy, you know, CPU intensive, Ram intensive, like they there was a big concern they get, they just got they got bloated. How is bitdefender? Working with working on the PC or on the Mac or on the phone? How are you guys working to make sure those are kind of light in the background? They’re doing their job, they’re powerful, but they’re still doing their job? How are you guys doing that? Because I run the defender on a lot of the boxes now and it seems it seems to stand in the way.
Liviu Arsene [25:40]
Okay, so this is actually an issue that it’s not just definitive that tackled, you know, everybody in the security industry had the same problem 15 years ago, 1520 years ago? Well, a lot of a lot of a lot has changed. Actually, for example, if 1015 years ago, you relied on signature detections, basically, you had to have a fingerprint, if you will, for each malicious file, and you basically ran it against the database that took time it was you know, in, it involved a lot of operations on your disk, for example. Fortunately, we’ve stumbled across machine learning, that helped a lot. For example, we’ve managed to create a machine learning model, basically machine learning it. For those of us I’m pretty sure that everybody knows what machine learning is. But basically, we’ve managed to create a model that was that had about 99.9 99 point 99 nine, so three nines confidence rate, that it can detect specific family of ransomware. You know, it didn’t matter if the sample was known or unknown. So a single model that was about one key one KB, one kilobyte in size was capable of detecting an entire ransomware family that says a lot about performance, for example. So tweaks like that have been constantly made in terms of how to spot malware, you know, how to rapidly identify unknown samples. So that’s, that’s one side of the story. And the other side of the story is that, you know, to our benefit, hardware improved, as well. So I don’t see a lot of people using relying old HD on all hdds most, most current generation laptops usually have STDs, which does a lot in terms of performance, it allows you to do a lot more stuff.
Jim Collison [27:26]
Well, that new hardware has not always meant that software has been more efficient or has run better, right. I mean, it’s it was kind of an arms race for a while we get better hardware, they do add more into the into the you know, software, we have more, if you look at the antivirus I mean, now in bitdefender, the antivirus product that we have in the internet suite that I have, it’s got a lot of capabilities other than just antivirus, right? It’ll notify me if my microphone is access, it’ll notify me if my camera gets asked accessed, I have I have the ability to create a vault of information that’s kind of locked up with a with a password, right? I’ve got some I’ve got more and more capabilities. So it’s but however, it runs running on this box right here, and I don’t seem to have any problems.
Liviu Arsene [28:08]
Bless you, we need to consider most of these technologies are now cloud based. So nothing actually is fully deployed on your machine, you don’t see scanning engines deployed on machines for even anti spam solutions don’t necessarily use or have OCR scanning engines deployed locally, they simply use metadata, for example, they just trip the content apart for him from images from the body of the email, and do everything. The Magic always happens in the cloud. So that’s one one reason why performance has improved so much over the years. And yes, the fact that you now have so many features isn’t necessarily because we wanted to give you so many features. But because you know, there’s been a lot of attempts from bad guys, if you’re cyber criminals to exploit all of these sensors that come attached to the device that you’re buying, whether it’s a smartphone, whether it’s a tablet, or laptop device, if you think about it. your smartphone is actually your own little spy, and you keep it with you at all times when you sleep when you go to work when you’re in your car when you go to the bathroom and everywhere. So there are instances when you know, a piece of malware like that compromising your device can jeopardize more than just the private the data that you have on the device, but also your privacy.
Jim Collison [29:23]
In going Christian,
Christian Johnson [29:25]
I was gonna ask you know, one of the things I heard in that statement is the evolution of how cloud computing in particular has evolved the ability to perform this type of detection, particularly with machine learning, with respect to both the bitdefender box and the antivirus product that can be installed on device. How much is bitdefender pushing as a service pushing data to those devices and then having the devices perform the analytic and the detection versus having consumer data go to a bit defender cloud environment in order To be analyzed and make some type of determination.
Liviu Arsene [30:03]
That is the biggest concern that everybody has when it comes to cloud computing. Nobody, actually, I mean, they all fear that maybe there’s too much information being sent to the cloud that’s being processed that could somehow expose private information. Well, the good part is, and the best part is that we are completely compliant on the one side with every legislation, regulation and GDPR. And both legislation the US, Europe and Asia everywhere. But and, you know, if we’re talking about security experts, we’re talking we’re talking about security industry, these guys are really tech savvy, they want to pick your part, your products, your technologies, and the way you you do stuff, they will and they will track you down if you do something suspicious. So in regards to that, nothing like that ever happened. So that means we’re doing a good job, in terms of protecting them. In terms of how and what type of information is usually offloaded? Well, nothing that’s being sent to the cloud is, or contains information that could privately or could potentially identify you as an individual. I mean, it’s all anonymized in the sense that even a file, if I haven’t seen it before, I will not upload that file to the file, I will simply get a fingerprint of that file that tells me how it will tell me the the the distribution, if you will have the data within that file. So I would know in case I spot something similar, that, you know, it’s a fingerprint that I’ve seen somewhere else before, but I do not need to know the contents of that file. And that’s how usually, these algorithms work. For example, look at look at, let’s take anti spam solutions, for example, right, you’ve got an anti spam client, you’re sorry, you’ve got an email client installed in your computer, you got Thunderbird, Thunderbird, for example, whenever an email reaches your inbox, a unique fingerprint for that email is sent to the cat and that fingerprint contains does a little bit of local processing to strip out any information and it does stuff like it parses out content that could be sensitive, you know, like name, phone numbers and stuff like that. It parses out email addresses from and to it parses out IP addresses, from and to, it will look at whether or not there are attachment, but it will not forward the attachment, it will just get a fingerprint of that attachment, you know, the type of file and stuff like that. And most of these algorithms usually do this locally. And and then they just broadcast that information to the cloud. And we have to remember that that broadcast needs to be short, because the bandwidth sometimes doesn’t support a lot of information. So So yeah, all of this is optimized, all of this is done with privacy in mind.
Christian Johnson [32:42]
Can you talk a little bit about how the performance trade off exists when, let’s say the box is trying to make some type of rendering about defending the network? How long is the delay between when potentials, potential malicious activity is taking place, the analysis that bitdefender performs off Prem and the actual action or change to the network that the box and acts at the site once it’s been analyzed?
Liviu Arsene [33:11]
Sure, so I mentioned earlier that it’s all about machine learning models, and the models can be less than a kilobyte in size sometimes, and can can accurately statistically the tech threat, and just like that a wide range of threats. So that’s, that’s why you know, the performance penalty on the network is usually minimal. Because you don’t, you don’t you don’t just do a network capture, you don’t just capture packets, just look at just fingerprint them. And if you if the model actually says that there’s a 99 point 99 point 99 probability that this hitter for this packet is similar to something that I’ve seen and looks like an SMB exit, for example, then that, you know, the the following packets will be discarded, that means that it’s, it’s something that’s trying to exploit the SMB vulnerability out there at the network level. So that’s how it’s worth, it usually works. And that’s why performance isn’t really hindered if you don’t see a lot of the bottlenecks on your network traffic. It’s not like with VPN, for example, you know, VPN solutions nowadays, have been optimized, you know, for MX, for supporting a lot of throughput, even their own solution. For example, for iOS, we released an update, I think, a couple of months back or a month back where we improved efficiency by about 25%. Because people said they noticed Actually, it was a perceived more of a observation that there were bottlenecks on their mobile traffic, and then we did our best to you know, eliminate that performance penalty.
Jim Collison [34:44]
Maybe a good opportunity to show so if you’re listening to the audio only you might want to come over a video but this is kind of my bitdefender dashboard. You can see the boxes installed in the very top and then the machines that are associated with it. The The interesting thing is over Over to the right side as in the notification sections, you can kind of see, I actually had a little, a little Kingston device from a couple years ago that was both a Wi Fi, you could take it, plug it into a hotel, and it would make a hotspot for you. So this was a five or six years ago. And that was kind of important today, you know, you don’t really need it. But I was mucking around with it last night. And it actually when I attach it to the network, it scanned it for me right away. So as soon as the network hit it, it scan it said there’s no vulnerabilities, which I found kind of amazing that there was no vulnerabilities in this old device. But it kind of worked. And then you can kind of see Oh, two weeks, two or so ago, I ran that studio, that studio box that it’s showing two threats are blocked. On the studio Core i seven, that’s this box right here, attached to it, and it in it records it there gives me some some level of protection, right, I get some notification. Sometimes I’ll be going through emails and a spam email will have something and even this is online, not even a client. I’m going through my own online emails, and I’m showing the content right of the email that’s popping up. So it’s so it’s doing, it’s at least showing it to me. And I’ll immediately get a notification saying we blocked that. If it shows up, we blocked that. I imagine that’s happening at the local level, right? That’s not the box blocking it? Or maybe it is I know, it is
Liviu Arsene [36:17]
it is because there’s device fingerprinting. And that does that mean it knows when it scans for I mean, whenever you plug in a device in your network, and the box is securing that network, that device automatically transmits some data packets to the box, you know, in order to send out its identity, if you will. And besides its identity, it also says hey, I’m running this type of software, it’s it has this build, it has this hardware and stuff like that. And based on that, basically, we can map it to whatever we know about that device. And that what’s the most recent version of software for that device, it’s a little bit of comparison. So that’s why it will give you the heads up. But judging from the the dashboard that you have, in that amount of devices, were pretty much on par with what we discussed earlier that you’re you have tons of IoT devices, devices connected to the Internet, and you’re basically turning into your own system administrator. So this is, this is a nice feature to have that you can see and manage all your devices,
Jim Collison [37:15]
when you can see on Oh, six down it says box has blocked the spam attempt on this URL. So we can see that as definitely hope. I’m hope I’m not giving anything away here. I think I’m okay. I looked at it in advance there. Yeah.
Liviu Arsene [37:28]
Do you have any smart home assistance?
Jim Collison [37:30]
I have both the Google and the Amazon device?
Liviu Arsene [37:36]
Well, this is interesting, because there were a couple of instances I think last year in which third party, I think it was for an apple assistant for the Siri, the Siri thing, a couple of third party. Siri developers for Apple sometimes gained access to 30 bit 32nd sound bits from their assistant. And that was a that was a major bummer. So we decided at some point to come up with a feature that will allow you to silence your Smart Home assistant if you want if you want privacy, and you’re worried about sometimes triggering triggering it and you know sending chunks of conversations to somebody else. So you can you can try it out you can have I think it’s under the activity. Activity tab. So try it try to
Jim Collison [38:17]
Yeah, there’s a lot in there. There’s a lot there’s a lot to work with when you’ve got the the app installed on your PC. Let’s transition a little bit talk about VPN, because when you install the app, you get access to the VPN, it’s there and available. I think there’s a free tier, I actually purchased the the standard VPN, which I think is relatively inexpensive. If I was a really good podcaster he would have had all those prices out. But check your local price. Right as it is it was very affordable. I think on an annual basis. I think I maybe paid $30 or something like that a year for the VPN access. How? How important and I’ll ask you this question. Should I have that VPN turned on all the time? I mean, at this point, should just be running the VPN? 24. Seven? Or is that still kind of only when I’m in a coffee shop? Or I’m on the road or not connected? Anything? Good? What’s your advice?
Liviu Arsene [39:05]
I guess it depends on the weather to make a joke about it depends on your level, apparently. So if you trust your home network, basically, if you’ve done your security, audit, and you know that everything’s safe and secure, then you probably don’t need it at home. So that that’s that’s safe. That’s okay, unless you want to do some shady activities and connect to some, you know, some dubious websites and you want to hide your traffic. I’m kidding. But VPN is always a nice option. Maybe I am. Maybe you are I will judge you know,
Jim Collison [39:36]
Christians like I’m leaving now.
Liviu Arsene [39:38]
Where is this conversation?
But usually VPN is a solution for when you’re traveling, the traveling or when you want more privacy when browsing for example, or when you want to access geo restricted content. So when you’re traveling and you don’t, you don’t know how the Wi Fi setup is at your hotel or You’re working from home and you’re working from a coffee shop, because let’s face it, you’re not working from home, really. So that’s when you actually need a VPN. Because you know, there’s whenever you have no control over the network, you don’t know who set up the network or who’s controlling the router. There’s also the privacy angle, for example, whenever you fear that trackers might track you more, because you’re visiting their websites, and you want to limit the amount of information they collect about you your behavior, your the way you jump from one website to another, or your shopping habits and stuff like that, or the type of content that you read. And that’s usually why most people turn to VPN solutions. Plus, there’s also the fact that VPN solutions, again, can restrict geo located, geo restricted can unrestricted geo locked content, or so it depends pretty much on what your focus is
Jim Collison [40:57]
pretty easy. Showing on on the on the video or showing kind of just the connection, the VPN connection, it literally I just bring up the application hit Connect, I’ve got some options to choose the location or have it auto choose for me and clicking on the wrong thing. There we go. Again, choose the location and have that select that area, we’re talking about maybe accessing content from another region, or you wouldn’t normally have access to I find it handy. I don’t probably use it as much as they should Christian, let me pose the same question to you. Should I just have it on all the time? Or? Or is it okay, if I just run it whenever I feel like I need it?
Christian Johnson [41:36]
Yep, for me, it’s the bit purpose driven, I always like to make sure that I am not artificially constraining my bandwidth, which is something that a common VPN solution can always put you at risk for, especially if there’s congestion on a particular server. So it depends like if I’m, for example, a video gamer, there’s no way I want to VPN on, I want as low latency as possible, I want to be getting all of the clicks and before everyone else, if I’m doing average web browsing, surfing, and it’s predominantly text and image, and yeah, I can probably leave the VPN on. And I’m not going to really notice any substantive performance impact.
Liviu Arsene [42:17]
And I will give you another example of when you need VPN, for example, let’s say you’re doing online shopping from your mobile device, and you’ve just been hit with an email with an amazing discount. on mobile devices. Sometimes you may not have a security solution. Let’s take iOS, for example, you don’t have a native built in security solution. It’s a sort of VPN, if you fire that up, it will also be able to tell you whether or not the website you’re visiting the website you’re about to input your credit card into is actually legitimate or not. Because you know, the the solution, the bitdefender VPN will actually filter out URLs that are malicious, fraudulent, or scammy, if you will. So regardless of where you get that email, whether you click on it from Facebook or WhatsApp or any other applications that you had installed, it will automatically vet it and it will automatically tell you whether or not it’s it’s secure. So it’s kinda like having a security solution for URLs if you’re not sure what you’re clicking.
Jim Collison [43:19]
Okay, well, that didn’t totally clear it up. For me, I’m gonna I guess I’m going to use VPN. In certain situations, when I want to know that I’m, I’m anonymous or I’m I’m being I want to be more secure than it was before. It does sound like it may stop some spammy type things for me when I’m doing certain if I’m shopping, or I’m out, available. So it’s super, super, super handy. And it’s great that it just came again, it kind of came with a family of products that I had, and made it really really easy on the phone, both on the phone and on the desktop. And I don’t I almost never turn it on here in the network because I have the box. So I’m kind of like now that doesn’t put the box doesn’t make me anonymous, right. So that’s different if I needed to be I could using the VPN, but a pretty good solution. Am I I’m assuming do you guys do that in house? Or is that outsource to somebody else to provide that or do you know?
Liviu Arsene [44:13]
I think not exactly. Sure. I don’t want to talk stuff. That’s not true. But But I think at some point, it was outsourced. But I think the the client version for the iOS for the iOS application is actually something that’s internally developed, so it’s patented.
Jim Collison [44:31]
Okay, um, let’s talk a little we got a few minutes here left. Let’s uh, we kind of covered a bunch of cybersecurity topics as we’ve kind of been rolling through this but, but I want to ask you, what do you do today? Like, what keeps you awake at night is you think about your job and what you’re doing? What’s the biggest problem that you’re trying to tackle right now?
Liviu Arsene [44:53]
Oh, for work or, you know, threats and trends in general?
Jim Collison [44:56]
Yeah, no, I mean, like so for your job for what you Do as a researcher, what do you see that scary enough that you’re kind of like, oh, boy, we better get a handle on this thing and anything new or what’s keeping you awake at night?
Liviu Arsene [45:10]
Well, the lack of time for one, there’s so much to do and not enough time to do it in. But well, well, this is something interesting that I, I mentioned before we started the show that we’ve seen an interesting trend, which is, you know, how aapt hackers used to be state sponsored. And it was fun times, because you could point you can, you know, say, these guys belong to Russia, these guys belong to Israel, these guys belong to China. Well, it seems those times will be gone pretty soon, because we recently found that aapt hackers can be for hire. So it’s kind of like a BTS as a service. So we found, we basically ran an investigation on an architectural and video production company. So which is weird. And the guys that breached them, the APG hackers, and we know that they’re abt hackers, because of the tactics and techniques that they use, for example, they use the zero day vulnerability, and Autodesk 3ds Max, so it’s a video production software that, you know, softer. Architectural companies use, and to use a zero day vulnerability in a software for a company that, you know, doesn’t present any financial value, if you think about it, or isn’t really connected to government or as a strategic value in any way that that was weird. So our only conclusion was that whatever, whoever ran the attack was not only skilled, motivated, and very sharp for what they did. So they had the the tactics and techniques, the resources and the brainpower to find a vulnerability, which by the way, the vulnerability was actually disclosed, just days after, before we publish the report. So we didn’t even knew that they use the zero day vulnerability, just, you know, just two or three days before we published the report. So, so yeah, so this is good. This is actually something that will give us a lot of a lot of sleepless nights, because it will not only make attribution more difficult, but it means that the tools that they use will probably become more commoditized. So the tactics that they employ whenever they’re they want to target, you know, companies from verticals that were weren’t even targeted in the past. So if government was targeted, and financial, you were going to be seeing attacks on I don’t know, architectural design company for one, or you can see construction companies and stuff like that. And it’s going to make our job a lot more difficult when investigating visit these attacks.
Jim Collison [47:42]
So it’s Nebraska medicine, one of our largest health care providers here in the state of Nebraska, just had a ransomware attack this last weekend. And so, you know, it’s Christian, let me ask you that same question different, or what would you add to it? What, when you think about what’s coming, by the way, as you’re thinking about that question, Christian, I love that when you said the word motivated, you said that with kind of with with emphasis there, they’re not, you know, just have the ability, but they’re motivated differently, you know, state run versus for profit, that’s kind of what I call them. And that and that, right, where they’re doing on that the motivations are there for sure. Christian, what, what else would you add to that?
Christian Johnson [48:23]
I think for me, it goes back to a bit of an old idea, which is that we are building security on top of inherently insecure design pattern of the internet. So all of these things that we’re coming out with and innovating are basically building upon is a foundational set of technologies that weren’t necessarily thought with security as the like forefront of the architecture. And so when I see the next big vulnerability to disclosure, the next big CVE, the one, the one that currently has me just eyes wide open right now is the Active Directory privilege escalation that requires no login or otherwise it was rated as a 10. Basically, full privileged access to run around as a privileged user within a domain like really scary stuff. And it’s an it’s something that from the looks of it doesn’t is concerning enough that they weren’t willing to disclose the tools to it, to reproduce the vulnerability until things had been largely patched. And so when you see things like that time and time again, across a lot of different companies, it speaks to this broader notion that we are still operating from a foundational pyramid that has cracks all over the foundation, and we’re just patching them as quickly as we can. And while there is and I’m not saying that true innovation and security isn’t happening, like of course it is. But ultimately, like are we going to miss one or two of these big cracks that you know
Jim Collison [50:00]
Oop, tap that mic again, for me, one or two of these cracks on we get it get you back, try it again. Now shoot. Speaking of cyber security issue, no joke, I was just about to say that we have a saying around the office that if you have three lines of code, one of them probably is a vulnerability that’s about to be exploited. So, so yeah, whenever you have code, you’re dealing with vulnerabilities. Yeah, well, to Christians point, I think, you know, we we have, we have 30 or 40 years of, of this, this foundation that we’re working off of that is inherently flawed. And you know, both of you in a lot of ways are building on top of that, but then you find these huge cracks that you just kind of see through, right, Christian?
Christian Johnson [50:46]
Yeah, you know, I think it’s, it’s one of these watershed moments, we’re going to have at some point where we have to rewrite or start from scratch, right. But as a software engineer, there are two paradigms of how I can go about a refactor. One is I can take an existing code base or an existing set of stuff. And I can refactor and re architect and peel the onion and do it all within the same system. Or I can say, this thing is so hopelessly lost, I’m going to turn my efforts on a laying a new foundation, build a new version to have the server, stand it up, launch it and weigh my traffic away from the credit implementation to the new implementation, and then just turn that old thing off. Now, obviously, doing that with something as foundational as the internet, probably not feasible, right? We have millions, billions of routers and switches and fiber, and just the whole thing is not something that overnight, you’re going to go on to version two. But I do hope that, you know, once you get above electrons and physical access being the the bane of all security problems, that some of those other lower level based protocols that we have are heavily reliant on, we do eventually come up with ways to go from a v1 to v2, where we switch that off. And you can see how challenging this there’s just really basic stuff, right? Like, how hard is it been for us to switch off ipv4 and go to only ipv6, we’ve been trying them for almost a decade now. And maybe we have 25% user adoption, right? So something even more foundational than that, where it’s like, it’s no longer Ethernet frame. It’s some new type of packet technology. And here’s the security features built into each frame that you send. Until we get to that level of granularity in the lower level of the foundation, I suspect that we’re going to continue to see these types of things emerge.
Jim Collison [52:46]
Maybe in just a few minutes, we have left anything as we think about the future of bitdefender anything you’re excited about anything is you guys look ahead, and we’re not looking for state secrets, or any of those kinds of things are exclusives on this, just as you think about the future, what’s going to defend or what what do you get excited about as far as what the company’s what’s what’s coming up for the company?
Liviu Arsene [53:09]
Right, tough questions, because we’re working on such a lot of things. Okay, so Okay, let’s, let’s boil it down to one category. You mentioned, we talked a lot about IoT as well, the box is an amazing product, for example, it does great stuff. For you. I think one of the ways that we’re going to and we’re trying to the direction we’re trying to head to is the fact that we’re trying to build security, an IoT security platform, which basically means that any router vendor any router manufacturer, can pretty much bundle the features, the security features that we have in the box into their own router. So that way, you wouldn’t be dependent. Buying a box just from bitdefender. Any router that you would buy would inherently come in with built in security features that are just you know, customizable and can protect you against anything. So I guess that would be on my at least on this level on this particular topic IoT topic, that would be the next the next best thing,
Jim Collison [54:06]
any any aspirations for v3 for new box coming out anything you can say,
Liviu Arsene [54:12]
Ah, I cannot say but I can say that. Since I mentioned the platform. Netgear has already bundled some of the security features from the bitdefender box into their own Netgear products. I don’t remember the name of the product they have. But Netgear already has spearheaded these efforts. It’s
Jim Collison [54:32]
good. Yeah. And I just saw competitors box come out on a D link starts with an M that that company, and in so I’m seeing more of these coming out. It’s I’m actually surprised. This hasn’t caught on more because config even configuring your basic router for most people is just a nightmare. It just doesn’t make any sense. In a lot of cases we got to get we have to make it easier. So I think we’re going to continue to see appliance devices like this come out that that will make it easier for the average user be able to come in and say, Okay, this makes sense. And this makes sense. But as soon as you start talking about IPS, like the average consumer just kind of loses their mind, right? They’re just killing. Yeah, I don’t want to. I don’t want to do this anymore. So Liviu, Thanks for taking the time today. Well, if we ask you in a little bit to come back and talk maybe more about cyber security from from that perspective that you do want to come back
Liviu Arsene [55:28]
and join it would be absolute absolute pleasure. So thank you guys for having me today. This was a interesting and enlightening.
Jim Collison [55:35]
Very much. So we want to thank you for coming. Appreciate it.
Transcribed by https://otter.ai
Contact Christian: email@example.com
Contact the show at firstname.lastname@example.org
http://theaverageguy.tv is powered by Maplegrove Partners web hosting. Get secure, reliable, high-speed hosting from people you know and trust. For more information visit http://maplegrovepartners.com