Kirstin Burke:
Welcome to DataEndure’s February TECH talk. I’m Kirstin Burke, and I am delighted to be joined by our director of networking and client network architect Ross Rehart. Hello, Ross.
Ross Rehart:
Good morning, Kirstin. How are you?
Kirstin Burke:
Awesome. I’m awesome. And for those who are not as intimately familiar with you as we are, Ross is an industry veteran, and a veteran all baked into one fantastic person. He’s been in the technology and specifically networking industry for 25 years. So, has seen a lot, has done a lot, everything from enterprise organizations to ISPs to MSPs, and as these “SPs” have evolved, so has Ross, in terms of his exposure and just the practical application of what he does and knows. He also served in the Navy for 14 years. And so, Ross, we thank you for your service.
Ross Rehart:
Thank you.
Kirstin Burke:
Yes. So we’re just going to get going and tap into that brain of yours. So we’ve said you’ve been in this industry for 25 years really specifically focused on networking. What have you seen? So, 20 years ago to now, what are the big changes that you’ve seen and what has stayed the same? What are your observations as a veteran in this space?
Ross Rehart:
Well, I would say 20 years ago, the network and the Internet and technology in general was still very much in its infancy, very much. Businesses were just discovering what the power of the Internet was, what the power of the network was, what they could do with that. I remember in my first company out of the Navy in 1999, we spent a lot of time going, oh, we can put up a web page, and what does that web page do, and what should we do with that web page? Right? That was something that was so new to everybody. VPN, the concept of getting into a network from outside the network was brand new. I mean, Microsoft only invented the VPN in 1999, right? So this was all brand new stuff. And people really weren’t understanding what the power could be and what the potential could be.
And shortly after that, wireless started coming into the picture, and that opened up a whole new world. Simultaneously, all of that opened up whole new worlds of threats to businesses, how businesses had to defend themselves and how businesses had to think about their posture in the world. I was just writing a paper for a master’s class that I’m taking about why utilities, like power companies and gas companies and whatnot, why they seem to be so mature in the space of security awareness and security in general when it comes to cybersecurity and the fact is, they have been doing this much longer than most every other entity out there. And they have been in that attack plane much longer than any other entity out there, and because of that, they’re much more mature in that space than your average business is today.
So the business requirements for the network 20-25 years ago were wholly different than they are today, and especially since COVID happened in 2020, 2021. Up until the point of COVID, we’re talking about networks that were contained, for lack of better way of putting it. They were behind a firewall. Everybody came to an office, everybody came to a point. And I can contain the threat plane, as it were.
When Covid happened, though, all of a sudden, that threat plane was just completely dispersed, and people were scrambling and companies were scrambling to try to find out how do I protect my network now? Because I have to protect Sally’s home computer, and I have to protect from the Starbucks login, and I have to protect from somebody at the library. And what was once a walled enterprise and a walled garden, everybody stayed very safely behind a firewall became firewalls don’t matter to a large extent any longer.
And then secondly, you talk about AI and the advent of AI, that really started gaining a whole lot of momentum last year. It’s been around for a few years, but it gained a whole lot of momentum last year. Right? We saw chatGPT come to light last year, We saw Microsoft do their stuff, we saw Dall-E come to light, and everybody started talking about, we have AI in our equipment. What does that really mean? Right?
And AI is still in its infancy, but the ability of either hackers or enterprises to take this AI and use it to their advantage, to either attack or defend, that again, is something that has dynamically changed the plane of the network, right? Because hackers can now go in there. I mean, I can sit at my computer and I can say, tell me how to hack into this firewall, and AI will spit out a script to do it. Right? It’s that easy now. So those kinds of things are things that we have to do that.
So today we have to think about not only the business requirement of the network, but moreover, the approach to securing the network.
Kirstin Burke:
Got it. So it’s so interesting you say that. And I think intellectually, listening to you talk about this 20 year trajectory, right, makes sense. Things have become more complicated, whether it be the threats, whether it be the business requirements, whether it be the technology itself. Yet, I think there’s still this perspective of the network… the network seems to have always been this workhorse that you set it, you forget it, you move on and go focus on bigger things or things that are more, I don’t know, strategic or urgent or whatever.
Yet, over 75% of attacks come in through the network, and it just seems like the network requires a lot more care and feeding than it ever has before. Where’s the disconnect of what you just talked about of everything’s changed and this mentality that still seems to be fairly prevalent with the network. And if the network works, it works, and let’s just not mess with it. What’s happening there?
Ross Rehart:
Well, again, I go back to Covid. Covid changed a whole lot about how we do business in this world, right? I mean, what you and I are doing over Zoom was not that prevalent four years ago. It just simply wasn’t, right? It was more preferable to fly somebody out, meet in person, and be face to face, because that’s the way business was done. But Covid came along and said, okay, everybody get away from each other, and let’s do this from anywhere in the world, right? And because of that, and because most enterprises today, especially ones that have been around for 5, 10, 15 years or more, their network was designed by people and architects and run by people and architects and operations network engineers that were all brought up in the world from let’s build a network one certain way and protect things one certain way and do this one certain way.
A very common topology in networking, for instance, is a star topology where all the sites come into one center point, and that center point disperses the information back to those sites, right? And that center point is controlled by a firewall or by intrusion detection systems or all of the above, right? The problem is now is that those big WANs, and even in the LAN topology, wide area networks and local area networks, even in those topologies, those connections aren’t really needed anymore. Because you think about cloud computing, you think about, hey, I’ve got all my stuff on OneDrive in Azure or in Google Documents, or I consume Microsoft 365 as a service, or I consume my CRM application as a service. So these are software as a service, and they’re all coming from the cloud. And all of a sudden, when everybody seemed to go to one place to get their applications, that’s not the case anymore. Now they just need an Internet connection, and they can go anywhere they want to with that. Again, when you talk about the network, there’s two things you got to think about.
One, the network is never going to go away because we can put anything anywhere we want to, but you still have to get from point A to point B, right? So that network is an incredibly critical component. And for everybody out there that says, hey, I’m on wireless, I don’t really have any kind of physical network connection… Well, you do, because that wireless access point or that cell tower connects to a wire somewhere on the background, right, and goes to that network. And so that whole path, enterprises have to think about that entire path now.
5G is gaining a lot of momentum in enterprise, right? Business 5G is gaining a whole lot of momentum because of the promise of what 5G can bring to businesses. Speed, connectivity, reliability, et cetera. But, what you have to think about now is between the end computer that has this wireless card in it or this cellular card in it, to the point where my data is or my application is or where I’m accessing a DocuSign, for instance, there is a lot of in-between there. Therefore, there is a lot of opportunity to get in between there with the bad guys, right?
So think about going down a street with a lot of stoplights. At each stoplight, a bad guy has a chance to come up and say, give me your money. At each time you have to stop. Well, that’s essentially the way the network is, is there’s many, many stops along the way, and each point of those are vulnerable. So as an enterprise, you have to think about that.
You have to think about the older technologies, like VPN, for instance. You say, is that as effective as it needs to be? Is that as effective and meet the business requirements of what I have today, versus, again, even four or five years ago? Because when you talk about VPN technology, and the traditional VPN technology, you give somebody, or you give their computer a VPN client, you give them a static password, and you say, go ahead and connect. That is one of the most easy things to hack in the world and to grab. People go into Starbucks, they’ll put up their own access point. They’ll say I’m Starbucks. People connect to it, and all of a sudden they’re hacked. It’s really that simple to do it. So you got to think about things like, okay, if it’s not VPN, how do I connect to these resources?
Well, now we’ve got to talk about secure service edges, zero trust networking. VPNs, by the very nature allow somebody to get into the network and have access to an entire network segment, be that where all of your corporate network is, where all your servers are, anything like that. You think about that and you go, wow, I’m giving them a lot of explicit access. Without really thinking about it. And we deal with companies all the time that have the problem of that coming in.
We had a customer come to us last year, a new customer come to us last year and say, one of my laptops got hacked. They VPNed in, and my whole network was subject to ransomware. All of a sudden I was shut down, right? Because again, that threat plane that’s between point A and point B is now much larger. It’s not just a simple from the firewall to the LAN to the computer any longer. So you think about those things and you think about how that’s changed.
You got to think about what do I need to consider in my business requirement now? I need to consider things like zero trust, where instead of explicit permission, I’m giving it implicit permission, meaning that with zero trust, I’m only going to give that computer access to one thing, that application that that person needs to use. And I’m going to check that person and I’m going to check them every five minutes. I’m going to check their laptop, I’m going to check their logout, I’m going to check their access. If any of that comes back and says you are not trusted because your laptop firewall got turned off, for instance, I’m going to kill your access immediately.
And that’s what secure service edge is really all about, is a constant checking and lack of trust, quite frankly, of what those connections are, to a point where it’s not crippling to business, but moreover, it’s something that you can use as a threat plane detector and stop those from ever happening.
Kirstin Burke:
You gave a very cool, practical example of this based on your naval history that was just such a good visual picture for me to understand this as someone who doesn’t live it like you do. I wonder if you could take 60 seconds and just explain in the practical naval term how this zero trust and micro segmentation plays out.
Ross Rehart:
Sure. The concept of micro segmentation is, it goes beyond traditional, again, networking, virtual LANs, VLANs, that’s traditionally the way that we’ve segmented out parts of our networks is use VLANs. Micro segmentation takes that to a whole other level. It brings it out down even to the process level on the computer and says this process is allowed to get from point A to point B or this user is allowed to get to this process from point A to point B, and that’s it.
The analogy I use when I was serving in Desert Storm, when we went into the combat area, every naval ship at an interval of every 15 feet, they have doors that can be closed and opened, in every ship, every 15 feet. These doors get closed and open and locked down in what we call condition zebra, which means they are completely locked down, they are sealed airtight. And when you go into a combat area, you say “set condition zebra.” So we close everything. And my ship, the USS Missouri, was in the battle group with a couple of other ships, the USS Princeton, the USS Tripoli, and we were moving forward through an active minefield.
And the USS Tripoli, she actually hit a mine right off to our starboard side. And when she hit the mine, it blew a hole in the side of the ship. But the ship stayed afloat and stayed operational because the ship was essentially micro segmented with all those doors being closed. So the part that got a hole in it absolutely flooded. Can’t do a thing about that. But the rest of the airtight and watertight integrity was maintained. So that one event did not affect the entire ship or all of her operations. And she was critical to operations landing and using helicopters in that particular combat action. So that is a real clear illustration of how segmenting this and bringing the network down to the point where you’re protecting 15 foot sections of the ship, 15 foot sections of the network, not allowing something that affects that one 15 foot section to affect the rest of the 1000 feet of the ship.
And I saw this yesterday on one of our customers that we did implement micro segmentation, and we saw an incident where somebody was trying to laterally move through the network maliciously. The micro segmentation did its job and that lateral movement was stopped before it ever started. So that the attempts were made, and there were five or six repeated attempts made by the hacker to get into that, but we were able to isolate that machine via micro segmentation, take it offline, off of the network, remediate it before any damage was done.
Kirstin Burke:
It’s so interesting. I love that story, and I love hearing it. First of all, God bless our military, but just how the things that apply in one area make so much sense in another. Right? And I think when I hear this and when you even maybe listen to how the industry talks about cybersecurity, there seems to be so much focus on the endpoint, right? Which, as there should. And to your point, we all went home, we all went everywhere. And so our endpoints, whatever it was that was accessing was important.
But you don’t hear as much about the network, and this convergence to me, of, I don’t know, network security, cybersecurity, they just seem to have become so interdependent, intertwined. How do you advise organizations who maybe have an infrastructure group or kind of call it an IT group, but maybe there’s either a different cyber group or maybe there isn’t. How do you see these teams and these functions coming together? Because this seems to be newer thinking than in the past. And these two groups and teams really need to be much more aware of and interactive with each other, and what are you doing? What are you doing? How are we working together to both protect the organization as well as to make sure it’s as productive as possible? How do you advise this convergence that I think naturally hasn’t worked together as much?
Ross Rehart:
It’s interesting you bring that up, because I was talking to one of my colleagues about this yesterday. It used to be, when I started in this networking world way before 25 years ago, when I started in this networking world, the business would come to you and say, we need to be interconnected, and we need to talk to each other, and we need to talk out to our website or whatever it is. And so the design would be set up the network, put a firewall in front of it, and you’re done. There wasn’t really the consideration of cyberattacks, cybersecurity, cybercriminals, cybersecurity awareness, none of those concepts existed at that point in time. And referring back to what I said earlier when I talked about a lot of these current network engineers and architects and operations and security people, quite frankly, were raised with that kind of this is the way I set things up.
The problem with that thinking is it’s like saying I’m going to build a house and put a front door on it, and then I’ll figure out if I need a lock or not. Not sure if I really need that. Right? The door closes so I don’t get weather in, but do I really need a lock because I’m in a safe neighborhood? That’s the kind of thinking that you’re thinking about nowadays.
What I try to get businesses to think about is that security in any area, be it on the endpoint or be it on the network, be it on the servers, be it out in the cloud at any point is no longer an add on to any of this. It’s a requirement of it. And this is exactly what I told my colleague yesterday, because he was asking me if I get into this, I’m interested in network security. I said, network security shouldn’t be so much a discipline as a requirement. He says, “What do you mean by that?” And I said, when I design a network, I start with, how is it secured? I start with, what in the business needs to be secured? I start with, the requirement of everything must be 100% closed. All doors must be dog zebra. They must be closed and locked. That’s the beginning.
Then I design the network on top of that, and I open up the doors as they are necessary to open. Not by default. Before, by default, it was, everything is open, and then I’ll close the front door. Now everything is closed, and I’ll open it if you have the right credentials to come into my building. If you have the right credentials to come into my room. So the thinking has to be kind of turned around and stop thinking about these as separate things, because they’re no longer separate things. They cannot be. Think about all the hacks that happened just last year, right? And all the major hacks. You think about MGM and Caesars and on and on and on. You think about all these huge hacks that happened last year, because these networks and the thinking is, I have a cybersecurity department, I have a network department, and they do their own thing, right? They need to be the same thing now.
In fact, they need to be considered much like developers of the apps on your phone or developers of any kind of software, you have to develop in the security, into the application itself, before you actually develop the entirety of the application. And that’s what I try to get them to do. And then understand that there is no more wall, right? The wall has come down. You have to defend wherever the hotspot is, and that hotspot may be on the other side of the world, right? You know, you and I talking, I might be here in Reno, Nevada, or there in San Jose, right? You never know where that hotspot is going to be.
And I can use the LastPass hack as a really good example of this. LastPass, last year, January, announced that they had gotten hacked and users passwords had been compromised. That hack actually started in August of the previous year. So they went five full months without even knowing it was happening before that happened. And what they found out was they had a developer who had a home network. He took his laptop home, and he was working at home. Great. But he also had his own little personal media server at home. Awesome. He had never patched that media server, ever.
So a hacker got in to that media server, hacked into the media server, because the patches were available a full three years prior to this hack happening, jumped into the server, said, hey, this server is open, that patch isn’t applied, got into his network, put a key log on on his laptop, and when that hacker VPNed into LastPass’s network to do his development, the hacker had a clear path in every keystroke he needed to get in there and compromise everything he needed to do. So that hotspot, in that case, was at a developer’s home 2000 miles from the LastPass data center.
Kirstin Burke:
Yeah. The hotspots are not only the corporate locations and corporate risk, but it’s the media center, it’s the kid who takes your laptop and hops on. You have such a broader spectrum of attack surface just because of the way we work now. And so the tools and the fighting, the ground fighting, like you said, takes place in all sorts of places that you don’t expect, yet need to have that defense strategy up for wherever it comes from.
Ross Rehart:
Yeah. When you talk about the concept of, let’s say, XDR, right? XDR is extended defense and response. Use that first X on the top of it, what does that really mean? I mean, we’ve all heard about EDR, we’ve heard about MDR, we heard about endpoint detection and response and whatever. That’s great. What does XDR mean?
XDR means that I am considering every point of that path. Again, I’m considering the endpoint, I’m considering the laptop, I’m considering the user, I’m considering the server, I’m considering the DNS, I’m considering the network. Every point of that I’m looking at detection. And that, in to and of itself, can be extremely overwhelming for people because you’re talking about an IT guy. And I actually had a large, very large enterprise company in one of my past jobs come to us when Covid happened. He said, “I have three major call centers and I have to send everybody home. How am I going to do this, and how am I going to…?” You’re talking about call centers that have to comply with PCI, have to comply with HIPAA, all these regulations. How do you do that when you’re dispersed? And they scrambled for that answer, right?
Well, now that we’re back into pretty normal operations after Covid, right? As normal as you can call it. Now, people are going, okay, I weathered that storm as good as I could. Now how do I plan for that going forward so it never happens again? And that’s what we’re talking about when we talk about XDR is planning for every point that you can do.
Kirstin Burke:
The unknown, yeah. I know we’re up at the end of our time, and I love these conversations because I just love tapping into the brain of all of this history and experience. For our viewers, they’re probably in any different place of how they feel from, I feel super confident to, gosh, I’m not confident at all. When you go in and speak to someone for the first time what do you look for? If you look for someone and say, are there any kind of key triggers or key things that you’re kind of like, gosh, we got to get on this right away? If I’m sitting to you and saying, you’ve talked about all these things, they sound complicated. Sounds like there’s a lot that I need to start factoring in.
What might somebody think about right away as they look at their network, as they try to assess the health of it? What would you recommend? What do you tell people? What do you look for that either signals danger right away or that signals, hey, you’re okay?
Ross Rehart:
It’s funny you ask that because I always ask the same question. Anytime I go into any business, for any reason, to assess a network, to build a network, to help them with a problem that they’re having, anything, I always ask the same question. The first question I always ask is, what’s your business requirement? And people are going, I need the network to do X, Y and Z. But they’re not asking the question, why? Why do I need the network to do X, Y and Z? Because I need a better network, because I need to refresh my network, because modern technology says I can have AI. Awesome.
All those are great, awesome answers, but they’re not the answer you need. The question you need to ask yourself is, what does my business need to operate successfully today, a year from now, 18 months from now, five years from now? Where am I going with this? Because again, if you think about the old data center model, everybody used to come into one central point and go out. That is not the case, and it’s certainly not going to be the case five years from now. Five years from now, people have stuff on-prem they are really behind the eight ball at that point, right? It’s just not going to be the case.
So I always start with that question, “What’s your business requirement?” Because the simple fact is anybody can build a house. Anybody can build a building, right? House has a roof and four walls, essentially, and a couple of rooms in it and a couple of doors and you got a house. Awesome. But does it meet your needs? If I build a two story house and I’m in a wheelchair, that’s not going to meet my needs, right? I need to build a one story house and I need to have it ADA compliant for that to work for me because that’s my requirement versus anybody else. Right? Starting there, and then again, taking the consideration of, I know my business requirement, now I’m going to layer security on all of that, and then I’ll start building from there. And using that mentality of start with my objective first, and then use the network or your servers or your endpoints as utilities as a way to get to that endpoint and be successful in business.
If you do that, you’re always going to be much more successful than you will if you say, I’ve got to do X on my network without really understanding the reason why. I can’t tell you how many clients come to me and ask me that question. And I go, well, what are you trying to do? Do you know what you have today? Well, not really. Okay, well, if you don’t have knowledge of what you have today and you don’t know what you’re trying to do, how do you expect to build what you need to build?
I had a client in one of my past jobs. They moved their data center from an on-site data center in a corporate headquarters into a managed data center. Like AT&T or Windstream or whatever. When they moved it, they took it up and they did a lift and they moved it over to the other one, and they tried to build the exact same network in the data center. And when they came to me, they said, this isn’t working for us. This is not doing what we needed to do. We’re having performance issues. we’re having connectivity issues, the applications aren’t right. I said, okay, well, when you moved it over into that new data center, did you have your business requirements first? No, we just lift and shifted. I’m like, well, then how do you expect to do something new if you just did the same thing again? What did Einstein say the definition of insanity is doing the same thing over and over and expecting different results. You can’t do that anymore. You have to change the thinking to give me an objective, and then figure out the tools, and the designs, and what that building needs to look like, and what your house needs to look like after the fact.
Kirstin Burke:
That makes sense. So start with the end in mind.
Ross Rehart:
Exactly.
Kirstin Burke:
Then have security first. It’s kind of like what we talked about a couple of months ago on one of our last TECH talks, which is that whole “shift left” concept where instead of thinking about things like security at the end that you layer on, you shift that thinking left to the beginning of the process. And it sounds like with network security it’s the same thing, right? Don’t try to tack it on and hope it works, but start with that.
Well, I think you have given our viewers a great taste of the in-house expertise that we have around networking and around security, and we do have a network health check that we do offer folks. So if you are in that mindset of, gosh, I don’t really know where I am, I don’t really know if what I have is meeting my business objectives or maybe I even need someone to help me think about my business objectives. Given the business I’m in, what should I expect? We have a lot of very productive conversations that in some cases require very little adjustments to get something healthy. And, in other cases, it’s like, gosh, we really, we really need to rethink this. And Ross is behind all of this.
So thank you so much for your time, thank you for your perspective. And, again, for anyone who is interested in how to make sure that that network is secure and is productive together at the same time, we’d love to help. So we’ll just put that health check out there for you, it’s complimentary. And just reach out to us if that’s something you’d be interested in.
Ross Rehart:
Thank you for your time today, Kirstin. I appreciate it.
Kirstin Burke:
Thank you, thank you, thank you for joining us. I really appreciate it. And see you all next month.