Simon Biggs: [00:00:00] These AI kits are out there and are being used en masse. That suggests there's no hands on the keyboard. Is there a huge volume of sophisticated AI attacks? We're seeing queries coming in seconds after that token's been stolen. There's more people doing attacks and achieving outcomes without the requisite skill set that they needed five years ago.

Simon Biggs: Attacks predominantly used to be encryption first, now it's data first, practically no encryption. Doesn't matter where the data is, they will find where that data is fairly quickly. This information that's taken is gonna be weaponized in new and novel ways.

Ashish Rajan: AI agents and incident response. If you have been working in the incident response forensic space for a while, you probably already understand that traditionally, and when I say traditional, I mean before AI became a thing, we knew that we could get enough information from a cloud build.

Ashish Rajan: As long as we had the logs, we could build the entire footprint of... We could build the entire footprint of how something impacted the organization and what was the root cause of it. Of course, we can't do that without the logs. Now, that's for another episode. But

Simon Biggs: to

Ashish Rajan: unpack what incident response and forensic looks like in, in an AI world, I had Simon Biggs, who is a cyber incident response [00:01:00] specialist at Varonis.

Ashish Rajan: He's been in NCC Group before and has done a lot of forensics in the pre-AI era and doing forensics in this AI era we live in. So we spoke about some of the changes that he has noticed in the field on how incidents have changed, how forensic has changed, how much AI is actually being seen out in the wild, and what kind of AI incidents are there.

Ashish Rajan: And if there truly are a lot of zero days, hint. No Mythos was destroyed in this particular episode. But all that, a lot more in this episode with Simon on unpacking what incident forensics look like in an AI world. As always, if you have been watching or listening an episode of the podcast for a while and have been finding it valuable, I'd really appreciate if you take a quick second to just drop that follow, subscribe, whichever podcast platform you're listening or watching this on.

Ashish Rajan: We are on Apple, Spotify, YouTube, and LinkedIn, and wherever you consume your podcast from. Thank you so much for doing that. We're inching towards a goal of 200K followers across the board, so I really appreciate your support in helping us get there. I hope you enjoy this conversation with Simon, and a huge shout out to Varonis for [00:02:00] sponsoring this episode of the podcast.

Ashish Rajan: I'll talk to you soon. Enjoy. Hello, and welcome to another episode. Simon, thanks for coming on the show. Glad to be here. Maybe just a quick intro about yourself, what you've done professionally, so people have some idea.

Simon Biggs: Absolutely. Um, so I'm Simon Biggs. So I currently work at Varonis. Uh, I'm on the forensics team, which is a team that helps our clients when there's a true positive breach.

Simon Biggs: Uh, we use data from Varonis, but also outside, so we're all forensic and IR experts. I've been in that space for about 15 years and started off doing cyber law enforcement. I was in the police. I finished as a detective sergeant on the regional organized crime team, dealing with cybercrime. Moved into the private sector, where I've been doing consultancy IR.

Simon Biggs: Dealt with hundreds of breaches all the way up from business email to nation state and government agencies. So dealt with a lot, dealt with many breaches, and, uh,

Ashish Rajan: yeah,

Simon Biggs: here today.

Ashish Rajan: Awesome, and I'm glad you've done this because I think one of the top of mind conversation for people, we're at Infosec Europe, and one of the conversation that has been top of mind for people is that, is there a huge volume of sophisticated AI attacks?

Simon Biggs: So sophisticated [00:03:00] AI tech, I think what it's doing is it's increasing the scale, the volume, and it's lowered the technical barrier to entry. So I think in terms of how often is AI allowing a goal that was unachievable at all, like wasn't seen anywhere from nation state down, I don't think that's happening.

Simon Biggs: I think it's making them easier. I think there's more people doing attacks and achieving outcomes without the requisite skill set that they needed five years ago.

Ashish Rajan: Yeah.

Simon Biggs: But is AI driving something that's completely unseen? No, that's not what I'm seeing on the front line. Theoretically with the, the more advanced models, and if somebody does some work, po- possibly, but we obviously don't know about that.

Simon Biggs: But there's nothing I'm seeing that's thinking that's impossible without AI, AI. I just think that it's lowering that technical barrier to entry. They're getting quicker. They're able to achieve better outcomes quicker during an attack. So AI aug- augmented, and they're doing things that, Claude, they're using Claude to get on, on the fly code to access something that they probably wouldn't have bothered touching before.

Ashish Rajan: Oh, but would you-- So when you say they're getting faster, what's an example of something that was, I guess probably a similar attack before, but now [00:04:00] seems a lot more different with AI?

Simon Biggs: So I think when they have a domain compromise, it used to be, you know, they would maybe sync a file share out, you know, a typical ransom group.

Simon Biggs: But now we're seeing pretty much all the groups, they will go after maybe your SQL databases. They, they'll be taking a schema, they'll be coming back, and they'll be doing a really crafted query within minutes, which, didn't used to happen at scale and at volume. Your, your nation states would do stuff like that, but now we're seeing that in normal kind of ransom breaches and other attacks.

Simon Biggs: So I think that, that is one other area where we're seeing, you know, diver-- access to diverse datasets that, that weren't touched.

Ashish Rajan: Yeah. Um,

Simon Biggs: just, just frequently and, and, relentlessly. Mm. And I think the other thing that is giving advantage, certainly that we're seeing now, is on business email compromise, the more advanced phishing kits, I think, um, they're leveraging AI both for the prompt, both for the, you know, to set up the infrastructure and get the phishing portal and, and sort of spinning up on, on you know, cloud and containerized, very ephemeral platforms.

Simon Biggs: So, you know, signature doesn't work 'cause [00:05:00] they're only there briefly. And then actually post-compromise as well. We're seeing sort of Microsoft Graph queries coming in like minutes, seconds after that token's been r- stolen via relay. That is unusual. Like that suggests there's no hands on the keyboard and, these AI kits are out there and are being used en masse, which is a big sea change in terms of the, you know, the threat that that poses.

Ashish Rajan: Wow. So, uh, and I think when we were talking about this earlier, it's almost like what Metasploit did for Script Kiddies. Is this something similar?

Simon Biggs: Yeah, and it's the same thing. So Metasploit, Kali Linux, BloodHound, these tool sets that were released that sort of brought everything together and gave it a bit of a user interface and a bit of a, you know, prepackaged. That brought the technical barrier to entry down. So BloodHound, for example, you used to have to know active directory quite in-depth.

Simon Biggs: You'd have an expert to kind of move through that and get where you needed to be quickly. Mm. Would require some expertise. BloodHound, which is an amazing tool, both for defense and, and offense, that was co-opted by attackers to obviously maraud through a Windows environment, 'cause you can get your domain admin in a couple of hops.

Simon Biggs: [00:06:00] Yeah. So that was a big sort of lowering of that technical barrier, and we saw that on the front line, 'cause all of a sudden we were finding BloodHound outputs and compromised- ... compromised servers. Uh, and on about a few jobs we've actually had the raw output, and you can actually see the path they followed- Oh

Simon Biggs: and it matches the forensics. So you're like, "Okay, they needed two hops to get domain admin. Oh, yeah, those two machines that are in the BloodHound output I've been is where they moved." So that, I think AI is just a, a faster evolution of a trend that we've always seen. So I don't think it's so much a revolution in terms of, of it's doing things that were just impossible.

Simon Biggs: I think it's accelerating that process. So if you've got a weakness or you're, you've got something there, a vulnerability it's gonna get found quicker, it's gonna get exploited quicker. I think that, that's the way I see it. But yeah, your, to your point, the tools, it's a very similar-

...

Simon Biggs: Lowering of the

Ashish Rajan: bar.

Ashish Rajan: But so the, so the recon part, the exploitation part, or even the- network traversal. All of that is achievable, a lot more easier today.

Simon Biggs: Yeah, and I think AI can pull that together. I think that's another key thing. Whereas you'd have disparate tools, you'd have to work the output still. You would then have to have somebody that could understand [00:07:00] the output, say BloodHound, and then, manually go into Metasploit and maybe do what the necessary attacks, et cetera.

Simon Biggs: Whereas now the models are there that would let you pull all that together relatively easy. Yeah. So you don't actually have to be able to code, you don't actually have to really understand Active Directory. You know, if you've trained... if the model's trained to do that sort of thing and it's set up in advance, you can kinda get there without really any major technical skill, which is quite scary b- because that used to be, like a red team capability.

Simon Biggs: You'd be like, "A good red team, that's what they're doing."

Ashish Rajan: Yeah.

'

Ashish Rajan: Cause they already had their, for lack of a better word, toolkit that they would walk in with.

Simon Biggs: Yeah, they'd have custom toolkits and obviously BloodHound, you know, Metasploit- Yeah,

Ashish Rajan: yeah ...

Simon Biggs: all these packages. It just pulls together their tool sets- Yeah, yeah

Simon Biggs: makes it easier, just automates stuff, and I think, yeah, AI can do that, and can on the fly as well. So you don't need to wait for, say, the BloodHound team, the Metasploit team, or Kali Linux to, to put something in. You can do it yourself. If you find something bespoke, you can probably get one of the good models if you can afford the tokens- Yeah

Simon Biggs: um, to do it for you. Yeah. And that, that you're not constrained by somebody else that is a developer. You can [00:08:00] probably get that yourself. I,

Ashish Rajan: I think, um, it... I would love to kind of paint this in the picture of the current AI-augmented kinda services, whatever. I think there's a Copilot, uh, research that you guys came out with.

Ashish Rajan: Could you share the bit about that as well? The, I think the one, one we spoke about that you guys use Copilot and prompt?

Simon Biggs: Yeah. So basically our, uh, threats lab discovered a vulnerability in Copilot where you could basically, uh, do a prompt injection and get it to carry out an instruction, which is of concern and I think highlights the attack surface that you've got.

Simon Biggs: So it's not just AI, as you said, augmenting the attackers. It's the attack surface and the vulnerability that introduces as well to a whole other level of vulnerability, and it's a little bit more nebulous than, you know, a traditional platform where you would do work on the code and you'd find the vulnerabilities.

Simon Biggs: Obviously, AI can do things that are perhaps unexpected, and it's hard to lo- lock down. So I think that exploit kinda shows that you can, every user potentially could start being [00:09:00] able, even, even inadvertently- Yeah, yeah ... get access to things that they shouldn't be or you don't want them to get access to.

Ashish Rajan: So from a forensic perspective, is there enough telemetry or information available for you to retrace steps within, with the AI? Use cases. So

Simon Biggs: yes, you can get, you can obviously get the prompt. Obviously, there's platforms out there that, that will record that and centralize it. I think it's the scale that is difficult, and to derive meaning from noise, which I, I think is just generally the, the landscape we find ourselves in anyway, right?

Simon Biggs: I think because attackers aren't dropping malware as often, they're acting like users. They're using compromised credentials that they're using living off the land. I think AI is just an extension of that, is deriving that meaning from noise. So you can- Oh. You can audit the prompts that go in. I think what's difficult is understanding what gets returned.

Simon Biggs: Oh. Uh, and having a kind of... Traditional forensics is pretty easy. You, you know what an artifact is in Windows, you know what it means. With AI, obviously, depending on a whole host of variables, [00:10:00] what they can do and what they get back isn't always, certainly just native out the box, not that easy to derive.

Simon Biggs: So you can see what was asked for.

Ashish Rajan: Yeah.

Simon Biggs: Deriving the meaning of why that was asked for and what that means and what was delivered, obviously that's another challenge.

Ashish Rajan: Also, even to understand the intent of the request- Yeah ... is itself.

Simon Biggs: Yeah. A- absolutely, and I think if you've ever played around with the models, like, the way you can craft queries, uh, I know there's a few online platforms that will let you test it, and it gets harder as you work up.

Simon Biggs: And obviously tricking the AI, AI, I know there's been research out there where the AI is over friendly.

Ashish Rajan: Yeah.

Simon Biggs: And you can kind of almost plead to it to- Yeah, yeah ... and people have successfully got information out that they shouldn't be able to get out. So obviously that, that is a concern, 'cause how...

Simon Biggs: it's not easy to test that. Mm. It's, it's not a, "Well, we're gonna run a vulnerability scanner against that and see what we get." I mean, you can do that, but, you know, there are people that specialize in getting prompts through and getting... Same with malware, right? Yeah. The models are locked down. They don't, they don't allow you to do offensive things and kind of guard- guardrails.

Ashish Rajan: Yeah.

Simon Biggs: There's people that specifically get [00:11:00] around those guardrails with really clever, intuitive kind of prompts and asks of the, of the AI to get them to, like, do what they need. I saw one example where they pretended to be a security researcher, and they kind of just did the individual components and danced around the guardrails until they ended up, and they tricked it into compiling- Oh

Simon Biggs: like, a fully remote access tool, which was blocked initially, but just through the prompts, they managed to get there.

Ashish Rajan: So is the sophistication now, The way people should approach AI security, I guess. A lot of people are looking at that from as a data, data security thing, that, hey, as long as I have my data covered, I should be good.

Ashish Rajan: But sometimes, or at least a lot of times, the reality is far from it because you may have data classification, all of that. In terms of preparing for this kind of, let's just say, AI-augmented world of incident response and research, how do you see how-- what, what do you see the good, I guess, some of the more mature customers do in their environment to be able to be ready for this?

Ashish Rajan: 'Cause, uh, the one [00:12:00] reality that is true today is that the volume of AI attacks is continue to going to increase, is that people are not expecting it to slow down anytime soon. But what we can do is to prepare for it. Yeah. How do you see some of the, I guess, people you may have spoken to, the customers, uh, how are they approaching this overall AI security as a space?

Simon Biggs: So I think it's two-pronged. I think that the traditional security checks and controls work. Yeah. And they've gotta be in place, and I think they're even more important to have a layered defense because AI lets the attackers move in the same way but quicker. Yeah. So if you've got barriers to that, then obviously you're gonna slow them down.

Simon Biggs: In terms of AI itself, I think obviously having something that pulls together, you know, will detect shadow AI usage. I think that's important because obviously you can lock down models, you can make them less useful if you like- Yeah ... but more secure, but then users might try and go around that with shadow, which is, is a massive risk.

Simon Biggs: So- Yeah ... inventory, auditing, like advanced auditing, I think permissions is a huge one. Mm. Like what permissions should it have? What does it have? And obviously, again, just like a, a file share, it's the same thing. It's just an [00:13:00] agent accessing the files for you. What can it see? Does the user need it to see that?

Simon Biggs: And obviously then dealing with that. So a platform that pulls that together it's an extension really of what you should be doing anyway. I don't think there's any kind of new magical controls that need to be in place. I think you need to account for this new platform, but it's the same problem, right?

Simon Biggs: It's shadow IT. Yeah. It's over-excessive permissions, it's visibility, audibility, and automated response as well. Mm. I think, you know, it can't all be done manually. There's just too much noise. The attackers are, are acting like users. The sort of detection opportunity is slimmer than it was, so I think you need some automation in there as well, AI-powered just purely from a resource perspective more than anything.

Simon Biggs: So I think that together, it's still the bread and butter of what, you know, you should be doing anyway. Yeah. It's an extension.

Ashish Rajan: Yeah.

Simon Biggs: Because I think as well you're gonna see vulnerabilities exploited in more niche products due to AI vulnerability sort of research as well. I think that's gonna cause some issues as well.

Simon Biggs: So you, you need a broad visibility, I think, of where your [00:14:00] data sits, and have some AI behind that to spot the, the noise. '

Ashish Rajan: Cause to your point, there's not just the applications you already have, there's also third party, like your Salesforces of the world.

Simon Biggs: Yeah, absolutely. I think obviously there's only a certain number of vulnerability researchers in the world.

Simon Biggs: I think, you know, you've got these new models. Mythos is a great example of, um, and some people say it's marketing, but it does a good job of finding vulnerabilities. And the thing is, if that's not constrained with skilled people anymore, then you can start to target the more niche products that don't get attention 'cause the market share-

Ashish Rajan: Yeah

Simon Biggs: but actually might be of use. So I think you are gonna suddenly find a wider array of vulnerabilities in many applications. And then if there's a zero day, obviously to get a proof of concept now for an exploit is really quick, and use of AI is doing that. So from something getting released in the patch, people have working proof of concepts the same day.

Simon Biggs: In a lot of cases we're seeing proof of concepts for things that aren't even patched yet or aren't even announced as vulnerabilities. So all of a sudden you could be as secure as you wanna be, but it's something that on the perimeter might have a zero day in it that there's a proof of concept there or they can get one, and [00:15:00] suddenly they're in.

Simon Biggs: So you're not necessarily buying zero days for $50,000, $100,000.

Ashish Rajan: Yeah.

Simon Biggs: Somebody could get that in their bedroom. If they can afford the tokens- Yeah ... you know, that's on the table. I think that's a bit of a, a bit of a sea change. I don't think that's

Ashish Rajan: hyperbole. I think that's- So with the people who are preparing for this, 'cause obviously a lot of people are thinking about uh, one, one of the topics that was top of mind for was how, how do I augment AI into my- my incident response team, my SOC team, my overall process in general.

Ashish Rajan: Do you find that obviously data being that very top of mind thing for- Yep ... hey, data is the fuel for AI, data security, blah, blah, blah. Is there anything specific around the data space that people could be looking at, uh, that was okay when we were looking at a non-AI world, but perhaps it's not okay in the AI world?

Ashish Rajan: Especially, you know, because we have Salesforce, Copilot, we have all these other things in the ecosystem.

Simon Biggs: Yeah. I think, again, it comes down to, like, user permissions and- Okay ... I think that's the case. Obviously, Salesforce, the, there's been some stuff in the, in the press around [00:16:00] Salesforce and, and guest permissions and things that weren't configured correctly.

Simon Biggs: So I think a lot of it is gonna not even be vulnerability, but configura- you know, misconfiguration, be that in something like Salesforce or any CRM, any- Yeah ... M three, whatever it is, M365, unintended behavior. I think AI's gonna tease that out very quickly, um, a bit like, BloodHound would tease out vulnerabilities in your AD infrastructure- Yeah

Simon Biggs: that you set up. So I think it's the same thing. So I think using it defensively.

Ashish Rajan: Yeah.

Simon Biggs: So I'm an advocate of saying run BloodHound or run Metasploit. So y- come from the point of view of the attacker and see what you find. I think it's the same. Like, run the same models, do the same thing to your environment and see what it finds.

Simon Biggs: Now, maybe it's an extension of your pen test, maybe it's something you have in house, maybe it's something like Sec DevOps that you need to build 'cause you've got some custom things. But again, you can use AI to do that.

Ashish Rajan: Yeah.

Simon Biggs: And I think, you know, incident response from that perspective, you've got to be prepared to, like, spin up your own tooling.

Simon Biggs: Maybe you do that with AI, depending where you think, you need the audit data from. If you've got something where you haven't got any audit [00:17:00] data, that's a problem. Mm. Like, if you've got data that there just isn't an audit path or you think it's not important, it's not important till you have a breach and certain somebody, a legal eagle, a lawyer says what, what was in that data?

Simon Biggs: What was it? What was taken?" And you, you know, "I don't know," 'cause there's no auditing.

Ashish Rajan: Yeah.

Simon Biggs: That's just, you can't be in that position anymore. 'Cause it doesn't matter where the data is, they will find where that data is.

Ashish Rajan: Yeah. Very quickly. And to, to what you said, because the path is automated, you said the example of the SQL query being crafted.

Ashish Rajan: Yeah, yeah. They, those are no longer a, "Oh, the script kid is not skilled enough anymore."

Simon Biggs: Yeah. It... No. They, if they see it and they find it and they can query it, they will query it, and they will query it with a really good query that gets all the nice stuff they want out of their, pa- if there's credentials in there.

Simon Biggs: Yeah. Except, you know, payment contracts, PII data. They, they want the leverage.

Ashish Rajan: Yeah.

Simon Biggs: If it's a ransom group. If it's nation state, bit of a different but same, same principle. So if you've got no transaction login, if you've got no way of knowing what queries are run, then you don't know what they've taken.

Simon Biggs: If you don't know what they've taken- Eventually you're gonna have to own up to [00:18:00] that- Yeah ... to somebody. And obviously, a good incident response if you, everybody will get breached at some point to some degree.

Ashish Rajan: Yeah, yeah. That's the

Simon Biggs: world we live in. But if you can go and say, "Well, actually we did this, and this.

Simon Biggs: We know they did this, and this. Your data isn't impacted, and we know that because..." That's a great position to be in. W- where I've dealt with breaches and it's not a great position to be in is, "Yeah, they accessed this and this," and like a customer comes back and says, "Was, was my data accessed?" "Well, we don't really know."

Simon Biggs: It's not, like, it's just not, you're never gonna recover that relationship. I think you will recover the relationship if you can say, "This is what we've done," and you're quite open and frank. And I've seen that actually build a stronger relationship, because they're in the same boat.

Ashish Rajan: Yeah.

Simon Biggs: But where you go back and say, "I don't know," is difficult, and obviously SQL databases and things, there is an overhead from logging that information, so doing that without impacting business performance is the classic-

Ashish Rajan: Ah,

Simon Biggs: yeah

Simon Biggs: it's the classic CISO conundrum, right? It's, it's security- Do I

Ashish Rajan: want all the data or just only some of that?

Simon Biggs: Yeah. And ultimately you need to think like an attacker and think, if they got access to this, what could they do? Can we see it?

Ashish Rajan: Is it possible to [00:19:00] use AI to kind of m-make that kind of, or help us do that judgment?

Ashish Rajan: To your point about the forensic log as well, you, from a forensic perspective, these logs are the reas-reasons you're able to trace them back. Yeah. And I don't even know there's a checklist for how a forensic person approaches an AI system. Is there, like, how, what's your th-thought process when you approach an AI system?

Ashish Rajan: Which is probably very different, like approaching a copilot versus a, I don't know, whatever chatbot you've seen

Simon Biggs: before. Yeah. Obviously they've been in between the kind of, its reasoning and logic. Obviously, that is notoriously non-exposed, really.

Ashish Rajan: Yeah. So

Simon Biggs: obviously we look at the prompts, we'll look at the prompts and, and what's been done, and we'll look at the access on the other side.

Simon Biggs: Again, that's, in terms of the other side, 'cause it still, it should still leave an imprint, right? So whatever your agent is just an extension of the user.

Ashish Rajan: Yeah,

Simon Biggs: yeah. So it should still be audited. If that just comes back to some nebulous model that you can't attribute to any particular user at any particular time, that's useless.

Simon Biggs: So it's the same, it's the concept of an audit log. It's a bit similar to a firewall that just gives [00:20:00] you the firewall IP and doesn't go back to an external IP. What, what use is that to anybody? It's the same principle. Yeah. So I think, you know, being able to verify that data and get it back to the user context it is from- Yeah

Simon Biggs: and attribute it to a user, and if you've got the prompt and you can see the output, you've got the full picture. The difficulty becomes if it's configured or they're using s- and that's probably an element as well. Enterprise AI and the non-enterprise AI, like in open source and stuff, has it got...

Simon Biggs: it might be great and it might get your output, but has it, you're giving that permission to access your data.

Ashish Rajan: Yeah.

Simon Biggs: Right? Yeah. So, and I think people can be a bit quick to give out any AI agent access to the data compared to if somebody came in a contractor and they're really strict with the contractor.

Simon Biggs: But you know, oh, this open source AI model, yeah, let's give that, full read, write. Yeah. Yeah, brilliant. And I think that's what you need. You just need that audit trail. So it's no different- Yeah ... um, whether it's an audit trail of your SQL database, audit trail of the AI agent and what it touches it's the same principle.

Simon Biggs: So somebody needs to look at that in advance. Yeah,

Ashish Rajan: yeah.

Simon Biggs: Say, if we had a breach, and maybe bring lawyers involved 'cause they will tease out the gaps. They will ask you [00:21:00] questions. And I love working with, with lawyers on jobs because they tease out those pertinent questions, and they get things done.

Simon Biggs: So they will say, "Right, we need to know is there any third party contract notification requirements from this data? Can you tell us, like, what's been taken?" Well, no, we can't." You know, so them going through a dry run is great because they will, they will find it. They will find it. They'll go, "Okay, can you tell us what would be accessed in that SQL database?

Simon Biggs: What, what's, what does it look like?" "Oh, no, we can only tell you the IP it came from, but not what was asked for." And they're just gonna raise their eyebrows and... Um, it's good 'cause they can give you support to get it done. Yeah. Um, but doing that in advance is great 'cause it's You don't wanna be doing it after a breach, really.

Simon Biggs: If you can do it before, I think it works well.

Ashish Rajan: Actually, this is an interesting point because I find that obviously not everyone's that AI forward today. So a lot of forensic folks that I've spoken to may not be working directly with AI systems.

Simon Biggs: Yep.

Ashish Rajan: And, uh, the approach that you mentioned is an interesting one.

Ashish Rajan: Do we include legal in those questions? Because I guess when data is taken out nine or 10 times, a lot of [00:22:00] people may have a data classification policy, but it was never really applied, let's just say. Yep. That, and the, the whole discovery of that, A, is this like, uh, is this a confidential data? Is this PII?

Ashish Rajan: Yeah. That exercise never been s- done before this moment, and now suddenly it's been given out to AI systems.

Simon Biggs: Yep. Yeah, so I think attacks predominantly used to be f- for ransomware groups, encryption first, right? Yeah. It was encryption, no data taken.

Ashish Rajan: Yeah.

Simon Biggs: Now it's data first, practically no encryption.

Simon Biggs: And I think a lot of people don't understand, going back to the legal angle, the, the questions that will be asked and what's important.

Ashish Rajan: Mm.

Simon Biggs: And like you say, the data classification is often the most expensive kind of part of the response.

Ashish Rajan: Oh my God, yes.

Simon Biggs: It's the one that's under the most time pressure because you've got regulatory bodies, you've got customers that wanna know.

Simon Biggs: You might have contract requirements, right, from third parties where you've got to let them know within 72 hours.

Ashish Rajan: Yeah, yeah.

Simon Biggs: Quicker than you've gotta let the ICO know. Yeah. So, so straight away you need to be... If you've got nothing done in advance to classify that data and label it, it's really hard to do.

Simon Biggs: And something I think people overestimate the ability of forensics to do is forensics to [00:23:00] tell you what data's been taken. Mm. Windows can... is great at telling you where people moved to what they did on the box. In terms of data access and, and sending it outside the system, out of the box, Windows is...

Simon Biggs: there's not many forensic artifacts that-

Ashish Rajan: Oh, really? ...

Simon Biggs: will definitively tell you, 'cause the lawyers will wanna definitively know, so you, you kind of have to match it up. If alls you've got to Windows forensics, you're kind of reliant on firewall to confirm volume and that it actually went out of the door.

Ashish Rajan: Yeah.

Simon Biggs: You can probably rarely get to data staging from forensics on its own without anything. So I think that's an, something that people overestimate. They're like, "Oh, the forensics will come in, they'll tell us what was, what was taken." "No problem." But if there's no logging-

Ashish Rajan: Yeah ...

Simon Biggs: if there's no logging on the SQL database, they've the system may have been, encrypted after data's taken.

Simon Biggs: They may have done fr- h- hit forensic, uh, evasion techniques.

Ashish Rajan: Yeah. We

Simon Biggs: might be able to say, yeah, there's these zip files, but we can't tell you what's in them from the forensics because that, that's, you know, that's not available anymore.

Ashish Rajan: Yeah.

Simon Biggs: And if you haven't got firewall, we don't know if it's gone out of the door.

Simon Biggs: So having some platform to, to monitor that a- and to address that gap is key. 'Cause I can attest, the amount of [00:24:00] times I've been there and I'm like, "There's just no forensic evidence to give you that answer." And obviously lawyers don't wanna notify based upon- A hunch. So I can say, "Yeah, I'm pretty sure this is what's gone.

Simon Biggs: You can see from shell bags they've gone into this folder, they've done this. It's a good chance that's gone." Yeah. And lawyers is basically go, "Well, no, like, has it gone?" "Oh, I can't- Yeah ... I can't answer that."

Ashish Rajan: Also because traditionally a firewall were never designed to just hold onto what data is actually going- Yeah

Simon Biggs: as well. And a lot of time, well, you aggregate it as well, so you'd be surprised how many times you can't work it back to a particular endpoint. So- Yeah ... even just what p- you think is simple, or let's see how much went out in the file, it's not that simple in practice. And that's one of the things you can look at.

Simon Biggs: You can say, "Okay, if we had a breach and we were looking at the firewall logs, are they useful?"

Ashish Rajan: Yeah.

Simon Biggs: And when you look at it, you go, "Oh no, it all just comes back to this one appliance, and we can't work it back to an endpoint, so we don't even know which blob storage or S3 buck- We don't know."

Simon Biggs: All of a sudden, y- what should take you minutes is taking you days, if you can get there at all.

Ashish Rajan: Yeah.

Simon Biggs: And that's a, again, a difficult position to be in.

Ashish Rajan: So is it almost... You're, what you're almost suggesting is that for forensics, for forensic people or people who [00:25:00] are building a program for AI security probably should also consider the fact that there should be enough information for forensic to come back and look at what data transferred-

Simon Biggs: Yeah

Ashish Rajan: and even has an ability to understand what type of data it was, what classification- Yeah ... the data had.

Simon Biggs: Yeah.

Ashish Rajan: Otherwise, you're basically, there's no point. At the end, when you get to that point, if you ever have to, God forbid if you have to, but if you did- Yeah ... you don't have anything to work with.

Simon Biggs: No. And, I mean, even if you can say, "Okay, this data", and you've just got file names, you've got the file server maybe that, that's been taken, or the blob, even working that from a cold start to get answers in the timeframe that is expected or required is very, very difficult.

Simon Biggs: This is stuff that needs to be done. You need to be classified. 'Cause obviously you've gotta work through that data. It's gotta do OCR. It's gotta... That needs to be done upfront.

Ashish Rajan: Yeah.

Simon Biggs: So actually forensics give you a list of files, and I, I do this, and I give the list of files and feel great, yeah. And I've got this like, you know, it's been a couple of hours and we've told you this has happened.

Simon Biggs: Um, and obviously this is when we haven't, you know, got Varonis in place, but, you know, this is what's happened. And then it's like, "Okay, [00:26:00] tell us what's in that data." Well, no, this is just Windows metadata. I can give you the list.

Ashish Rajan: Yeah,

Simon Biggs: yeah. Like, someone's gonna have to look through that data or run a tool.

Simon Biggs: And I know data and eDiscovery companies charge a lot of money to go through that data and do that data classification piece.

Ashish Rajan: Yeah.

Simon Biggs: So having it upfront and just being able to go, "Okay, these are the files. Like, how many are sensitive? How many have PII?" It's a great start, because straightaway you can go to a customer- Breached at this time, like we've done this on the data and nothing of there's no PI of yours, there's no hits for you.

Simon Biggs: Yeah. You're out of scope. Yeah. So obviously the reduction of your risk, whereas if you can't quantify, you're probably gonna have to notify everybody, and there's nothing worse than doing that on a hunch, right? Yeah. That, their data wasn't taken, but you're having to notify them and say, "Look, we don't, and we don't know."

Simon Biggs: Yeah. 'Cause that, it's much better to go, "We've got that done." But it is, for me, it's part of the incident response lifecycle, the preparation stage. That's where the battle is, is won or lost. Yeah. Um, we can obviously make it a bit better when we're in there, and we can get you the [00:27:00] answers, but some stuff, yeah, it's possible to, to not have those answers.

Ashish Rajan: So do you find that the IR team should be involved as, say, let, let's just talk, say an AI system is being built. There is a solution architect, security architect, all of that. They've gone through their- Yeah ... whatever the requirement is pre-prod before they go into, they should have, have a conversation with the incident response for-

Simon Biggs: Yeah

Ashish Rajan: AI. Yeah. 'Cause the reason, uh, it's, it's interesting, right? 'Cause at that point in time, a lot of times And security people and incidents, we don't know what the application is supposed to do, so it's hard for us to tell- Yeah ... what kind of log is important.

Simon Biggs: Yep.

Ashish Rajan: And how do you kind of find the balance there for the AI systems?

Simon Biggs: I think the key is to speak to an IR team or speak to responder, 'cause we tend to operate in a fairly niche world, and it's great we get called into the breach. But I think speak to them and say, "Okay, what information would you need?" And, like, give them an example of what's audited, and see if they can work it back.

Simon Biggs: 'Cause we're really interested in working lateral movement back to where it started.

Ashish Rajan: Yes.

Simon Biggs: So can we get it back to an endpoint? Can we get it back to a use? Can we get it back to a [00:28:00] usable entity? Mm. It comes back to an aggregate, such as a f- a, you know, a gateway or proxy, and we can't get any further.

Simon Biggs: It's no good to us. We need what's on the other side. And I think then the other thing is, okay, what, what's the data look like? Has it got timestamps, like proper timestamps? Has it got, you know, like what details are the APR request, for instance? Like is it, is it useful?

Ashish Rajan: Yeah.

Simon Biggs: Or is it just something somebody's added in for...

Simon Biggs: And I think they'll give you an honest answer. I think if you show them the output, they'll say, "Yeah, I can work with that." And just follow the process and say, "If somebody breached this, could we work this back?"

Ashish Rajan: Yeah.

Simon Biggs: It doesn't have to be intensive, but you'll very quickly tease out, oh no, like we're not getting a forward header from that gateway.

Simon Biggs: Like, we don't know where it's going to. And, and it sounds the simplest thing, but the amount of breaches I've had where I get these logs and you're waiting for the logs, and they pull them from the appliance. And you get them, and then it's like, oh, and it's all the same IP for everything. Like yeah that's the, the gateway.

Simon Biggs: And you're like can you... Have you got anything other side to marry it up?" It's like, "No." And it's like, so I can't get any further than this. Yeah. That just a, a wall I can't see over, so how do we find the endpoint? Yeah. And that, you have to go another way. Yeah. And it should be simple. So [00:29:00] like when I say basics, 'cause it's the same for an AI agent, right?

Simon Biggs: If it's coming from an IP on an endpoint-

Ashish Rajan: Yeah ...

Simon Biggs: if you've got a clear path right to the data, you can work that back, and you can say, "Okay that's initial access vector. Let's close that hole- Yeah ... and, and then move." If you're spending a lot of time trying to just find the initial access, which should be simple-

Ashish Rajan: Yeah

Simon Biggs: you're making the, the forensics life really hard.

Ashish Rajan: Ashik, uh, I think so, uh, if, if I was to summarize, I see a new wave of incident response and forensic for AI systems is If you're able to A, classification is important, we're definitely understanding on that. Yeah. Second one is the fact that if you have a direct path from a user or an agent to a data, ev- everything that's involved in the metrics or telemetry around it- Yeah

Ashish Rajan: needs to be somewhere. You, you need to have that- Yeah ...

Simon Biggs: at least. You need to have it. You, it needs to be queryable, 'cause again, just having that and saying there's six terabytes in an S3 bucket- ... of unstructured data, it's like, okay, well, I'm gonna have to now do something with that. You want to at least be able to get it into a platform to [00:30:00] query it quickly.

Ashish Rajan: Yeah.

Simon Biggs: I think that's something that gets lost as well. Like, speak to your security IR teams and how quickly can you query the data? 'Cause, uh, the amount of times where it's- ... yeah, there's 17 terabytes of unstructured logs here. That's, like, okay, but work with me a bit. We need to be able to get that into something query.

Simon Biggs: But I, I get it, it's expensive to- Yeah ... keep it in warm storage, but part of your process for IR should be, if we needed information from there, how quickly can we get that? And it needs to be minutes to hours, not days to weeks. Because obviously once we get a thread, forensics people are great at pulling that thread.

Simon Biggs: What you don't wanna be doing is a threat hunt to a breach to try and find, like, cast any huge net. You don't wanna be in that position. You wanna be able to say, "Okay, there's the logs. Okay, we've got the first thread to pull. We know that last step, we've got that. We'll work back."

Ashish Rajan: Uh-huh.

Simon Biggs: And you want that to be quick and easy along every step.

Simon Biggs: So if it's, if it's the data to an aggregator or a firewall and then to an endpoint or something in between or an agent, every step, because you don't wanna get stuck at a step. Because we're trying to get you the initial access so [00:31:00] you can close the initial access, you can figure out how long you've been breached-

Ashish Rajan: Yeah

Simon Biggs: so you can do containment, 'cause that's, that's, we wanna stop the bleeding, right? Right.

Ashish Rajan: Yeah, yeah,

Ashish Rajan: yeah.

Simon Biggs: If we can't get that back and get I- you back to the initial access vector, we can't give you any definitive. So-

Ashish Rajan: Yeah ...

Simon Biggs: anything that's gonna hold that up is really gonna hurt you. And it's not that hard to just work through as a dry run exercise and say, "Okay, so what are we worried about?

Simon Biggs: Well, we've got a file server, we've got, this, we've got that." I mean, a good example, like S3 storage access logs are on by default.

Ashish Rajan: Yeah.

Simon Biggs: The amount of people that are shocked when we say that there, there is nothing that will tell you what accessed that data. If you've got no platform in place, if you haven't...

Simon Biggs: Like, without some pre-work, if it's just out of the box, default, yeah, yeah, somebody, we can tell, you know, we can tell you somebody's took, you know, somebody's took some, can't tell you what they took.

Ashish Rajan: Yeah. I think 'cause to your point, a lot of times engineering is focused on I don't wanna pay too much on log storage, but I do need the logs as well.

Simon Biggs: Yeah. I mean, you don't, nobody wants to pay for log storage until you have a breach.

Ashish Rajan: Yeah.

Simon Biggs: Everybody needs the logs, [00:32:00] and unfortunately, especially cloud and these other sort of you know, SaaS platform, everything else, if you don't have the auditing in place, there's not a lot to do. It's not like a traditional Windows forensics where maybe we can carve some data out or we can do some magic and get

Ashish Rajan: some- Yeah,

yeah.

Simon Biggs: It's there or it's not. It's a binary thing. If it's not there That's it.

Ashish Rajan: Yeah. Wow. Okay. I mean, I- I, to, to your point, AIS is probably similar as well, where it's either, either you have the logs or you don't have the logs. 'Cause by default, the same to... Same as the S3 example, they would not have that turned on.

Simon Biggs: Yeah. M- I, I mean, a lot of platforms don't have... It's getting a bit better, but obviously a lot of platforms don't have them turned on, 'cause obviously the storage costs money.

Ashish Rajan: Yeah.

Simon Biggs: You've gotta be able to query the logs as well, as I said, getting them in somewhere that's useful. But yeah, it costs money, and I understand that.

Simon Biggs: It's easy for me as a consultant- Yeah, yeah ... to say, "Yeah just log everything." Um, but you need to have that basic audit path. And I think sometimes people over log as well, like, like, stuff that isn't useful.

Ashish Rajan: Yeah. Yeah, and, uh, finding the balance is the hardest part because- Yeah ... I'm sure people have found that they've over-engineered and have...

Ashish Rajan: May- maybe the financial organizations are good like [00:33:00] that because they just have the money to just give me everything.

Simon Biggs: Yeah. And, and, and you know, sometimes we say give us everything as forensics 'cause we want the data, and it's like, whoa, whoa, maybe not that much data. No. So, um, we can be picky.

Simon Biggs: But I think, yeah, I think being led by some sort of offensive team with the def... Yeah, a blue team as well and just running through a, a dry run is a great... That tends to get the best results because you can very quickly say, "Yeah, we can get you answers from that," and that's a good baseline. Yeah. You might wanna do more, but if you get to a point where the forensics team's saying, "We're stuck now," you don't...

Simon Biggs: Like, it's good to do that in a test and get over that hump.

Ashish Rajan: Yeah. I think I, I think I got the answer because my hope was at least from this interview to be able to give people a, a starting point for what they should be looking. And I think we've already given three, which I think is pretty cool.

Ashish Rajan: To be able to at least have enough information for a direct path- Yeah ... having the classification, which is I'm sure it's not an easy conversation because depending on how much data and how long the data has been there, there's like... I think I was talking to someone about zero trust, and they were talking about zero trust [00:34:00] has this pillar for data security.

Ashish Rajan: One of the thing was data classification in that data security. And someone said, "If you look at the organization that has been 20, 30 years old who've never done this-

Simon Biggs: Yep ...

Ashish Rajan: just the exercise to classify their, their, that data," and I don't know about with AI systems, but this is pre-AI. They said it would cost them more- than the revenue the company makes to go through 20 years of data and classify them

Simon Biggs: Yeah, I think it, I think it's finding that sweet spot again of over-engineering and what, what you need to, what you need to be able to do.

Simon Biggs: I think obviously there's some easy wins. Yeah. So I think your CRMs and your cloud storage, I think that is an easy win 'cause the, there are tools out there obviously Veronis being one, I'm- Yeah ... saying with the T-shirt on. But there are tools there that will allow you to do that at scale- Yeah

Simon Biggs: enterprise scale, where it doesn't cost the earth. I appreciate with legacy systems and everything else, there's always gonna be that question. I guess the problem is if you can't answer that question, what's the cost of not being able to answer that [00:35:00] question? Yeah. And you look at some of the big breaches that, that, that come out, and eventually, right, th- this information that's taken is gonna be weaponized in new and novel ways.

Simon Biggs: Yeah. So I think the liability will increase as well because what AI allows attackers to do is post-process data.

Ashish Rajan: Yeah.

Simon Biggs: So getting 10 terabytes of data is overwhelming. It's overwhelming for an attacker. Yeah. It doesn't change just 'cause an attacker. They s- what do I do with this? But now with AI, actually, they could be post-processing that data and, and finding, new and novel ways of monetizing it.

Simon Biggs: 'Cause that's all they wanna do.

Ashish Rajan: Yeah.

Simon Biggs: And it will happen 'cause it's what they always do and have done. Yeah. So I think you will find new and novel attacks coming from stolen data that will drive the need to be a bit... 'Cause if you haven't notified a customer and all of a sudden they get aware of an attack that's using the data and you didn't notify, obviously we're gonna start seeing liability lawsuits come through more often.

Simon Biggs: And again, then the cost of the data classification might become more reasonable. But I think you can get to a point now with the tools, I don't think it has to cost the earth. I think even just that [00:36:00] first pass of being able to say, "Okay, what type of data is it?"

Ashish Rajan: Yeah. "

Simon Biggs: Are we worried about this data?" If you can rule out a terabyte straight away and say, "Yeah, that's, we know that is not, like we've done that pre-work.

Simon Biggs: We know that is just, we're not worried about that." And I've worked with clients who can do that. They're like, "Yes, no, yes, no, no, yes."

Ashish Rajan: Yeah.

Simon Biggs: And straight away you've got a subset to work with, and that makes it so much easier than I don't know. I don't know. It's, it's just-

Ashish Rajan: Everything is important.

Simon Biggs: Yeah, ev- everything's important.

Simon Biggs: And I think what people don't realize is third-party contracts, there are s- it's getting written in more and more often 'cause the supply chain attacks, and third party attacks, where you have to notify them in a certain period if their data's been impacted. Yeah. And actually, there's quite severe penalties, and the bigger players will come down heavy.

Simon Biggs: Um, and I've seen it. Yeah. I've seen it in the breaches. They will come down, they will demand answers, and they want more information than regulators.

Ashish Rajan: Yeah,

Simon Biggs: yeah. And you're obliged to give it to them. Yeah, yeah. Like they s- I've had checklists come through, and it's like I've had this checklist come through from one of our third parties.

Simon Biggs: This is what they wanna know, and they wanna know the IOCs, they wanna know... they want a forensic report basically. Yeah, yeah, yeah. Um, [00:37:00] and, you know, they've got the clout to demand it. So I think knowing your liability from that perspective will drive what you need to do on the data classification piece.

Ashish Rajan: Yeah.

Simon Biggs: The higher that is, the better you've gotta be with your data classification to, to meet that. And- Awesome.

Ashish Rajan: No, thank you for sharing that. Uh, I mean, that, that's all the questions I had 'cause I think I'd have more, these are... I got my goal. Uh, where can people learn more about the research you guys are doing and know more about Viranus as well?

Simon Biggs: Yeah. So Viranus Threat Labs is where we publish our blogs, um, which can be found on our website. Um, so we, we have a good mixture. We have it from the security researchers. Uh, I've done some blogs, my team do blogs from what we see you know, in attacks against our clients that we've helped them with. And that isn't necessarily just stuff Viranus touches.

Simon Biggs: We will help o- any of our clients out, so we've, we've been involved in some really interesting and impactful cases for them and helped them out of a bit of a jam. So it's novel, interesting, that will go on there as well. Like I say, we did a bit around Shahalud some around active directory from we- Yeah

Simon Biggs: we've spoken about. Yeah. So yeah, I direct people to Viranus Threat Labs and, uh, and the blog posts we have on there.

Ashish Rajan: Awesome. I'll put [00:38:00] the links in the shorts as well. I will put your LinkedIn as well, assuming that's where you hang out normally.

Simon Biggs: Yep.

Ashish Rajan: Yeah. Yep. Unless you're on IRC channel somewhere. That would be...

Ashish Rajan: Although, I don't know if, if anyone else has IRC channels anymore. Some people do. Yeah. I'm

Simon Biggs: not, I'm not on IRC channel.

Ashish Rajan: Yeah. LinkedIn is, is where I'm at at the, uh, the, the LinkedIn- LinkedIn, LinkedIn is the modern... I think that's a good tweet. LinkedIn is the modern IRC- ... for all the security people. Yeah, pretty much.

Simon Biggs: Yeah.

Ashish Rajan: Um, yeah, I'm, uh, I, I'm on there. Maybe a couple of people that make

Simon Biggs: me speak to them on Discord. But yeah. Yeah. So. I, I will put that all to the... But thanks so much for coming in. Thank you. Thanks for having me. Thanks a lot. Pleasure. Thanks, everyone.

Ashish Rajan: Thank you for listening or watching this episode of Cloud Security Podcast.

Ashish Rajan: This was brought to you by techriot.io. If you are enjoying episodes on cloud security, you can find more episodes like these on cloudsecuritypodcast.tv, our website, or on social media platforms like YouTube, LinkedIn and Apple, Spotify. In case you are interested in learning about AI security as well, do check out our sister podcast called AI Security Podcast, which is available on YouTube, LinkedIn, Spotify, Apple as well, where we talk to other CISOs and [00:39:00] practitioners about what's the latest in the world of AI security.

Ashish Rajan: Finally, if you are after a newsletter, it just gives you top news and insight from all the experts we talk to at Cloud Security Podcast. You can check that out on cloudsecuritynewsletter.com. I'll see you next episode.

Peace

‍