Our Videos

some other stats that i’d like to place out there uh days taken to monetize a cyber cyber attack you can see it varies in different industries due to various reasons like in manufacturing for instance the negotiations continue for a prolonged period of time and some instances going up to two months they go back and forth you know they there are you know organized teams of negotiators who are deployed from the hackers side and somebody will be negotiating from the side of these enterprises as well so you know that this varies because of various reasons it’s not just because of a single reason there that’s what i wanted to say again number of reconnaissance days again it’s varying what is the number of reconnaissance days it essentially means how many days does it take for a cyber security team or a soft team to actually locate or rather detect a malware or its presence and and this malware usually doesn’t do anything it is just there to sort of stay latent stay below the threshold of detection and sort of you know monitor the network and the network activity the security layers and everything else so that is reconnaissance session essentially the number of days keeps varying again but it has kind of gone you know it had come down and goes up basically depending on the sophistication of the malware that is out there if you have a very sophisticated reconnaissance malware you don’t uh sort of you know see these many number of days it takes a much longer time for us to actually detect them the city is getting targeted again no surprises there um you know cities which have a lot of concentration of government organizations are essentially the ones that get targeted for various reasons including espionage and what have you um possible sources of malware that we have detected dark web malware forums mixed again we were not able to really specify as i said it has passed through different hands it has passed through different laboratories it has been modified so we’re not able to really pinpoint and say where exactly it was created so to say military grade again a very uh heavily sophisticated malware which must have come from some defense labs or some other you know institutional entity which is connected with some very sophisticated cyber research uh from there there as well some always have been leaked they were purposefully dumbed or they were purposefully handed over by certain countries with you know certain adversarial intentions so to say research labs again inside in unsecured facilities they they have been targeted and these malwares have been exfiltrated and used for uh targeting other entities as well again cleaning the entire digital footprint starting out refresh so that the blame goes on these facilities from where they’ve been leaked and you know this hackers go scot-free at the same time again unknown it’s a big chunk because we’re not able to still figure out where exactly uh these have come from

so some of the key state-sponsored groups we are at this point are tracking uh continuing from last year again these are groups which are working together they are collaborating together their approximate geographical geographical location is what you’re seeing at this point and you can see a lot of these are located in remote areas and they’re working out of facilities where you know which which are in towns where the population is very less they’re not very well connected et cetera et cetera now this could be some kind of obfuscation or they want to just hide or rather bring in another layer to sort of hide these actors who are involved in this particular activity so to say but lot of them at least three in each of these particular regions and these are the ones who are creating the maximum mayhem at this point and these have been connected for instance the one that you see the tangent one which which comes out of uh southeast asia has been involved with specific attacks on the financial services sector primarily in terms of targeting the central banks and banks which don’t have adequate uh you know security measures to protect inter inter-country or inter-geography transfer of funds actually so that’s a very specific operation they’re running from there to fund a certain government which is based in that region and bring a lot of foreign exchange to them

again supply chain poisoning as you might be aware is essentially trying to get into the chain at certain point and infecting it so that you move uh downstream and even upstream if possible and keep the whole chain uh infected right so hackers are getting in at different points they have figured out everything including sectors like aviation where you assume that the levels of security and sort of scrutiny and diligence are high they are entering even these supply chains supply chains connected with aviation mobile phones space technologies again which have been compromised off late uh communication remote communication again you seen in eastern europe how a certain operator was affected by one of the supply chain poisoning effect you know instances actually critical projects could be compromised at will again in eastern europe basin when communication was needed communication infrastructure was needed it actually failed at that point in time uh core system and infrastructure can be rendered inoperable or inaccessible during times of prices to degrade the quality of response exactly what we’ve seen again in eastern europe you know in a certain country to be more specific that you know the entire access denial uh sort of operation was carried out in such a smooth way that despite the fact that multiple operators were involved the critical operator was handling a big chunk of these communications was sort of you know rendered sort of you know out of the picture and they were not able to sort of chip in though it took some time to put things back in operation laterally moving malware again they inject the malware which goes upstream downstream vertically horizontally etc etc essentially the target of course is to ensure that you know it is present across the supply chain and through the supply chains they can even hop over and infect parallel chains which may be running for similar uh sort of vendors or similar kind of relationships going all the way uh towards the end that uh you know it might end at a government or a critical manufacturing or you know uh or even a critical infrastructure component so let’s say right so a lot of times you’ve seen you know devices such as cctv cameras which have been procured in bulk uh you know from certain geographies they came in and they were pre-infected so to say or they had back doors and they had other challenges so to say so it is essential that these devices are sanitized they’re tested in sandbox environments to see if there is any cnc interactions that are opened up or you know at least they should be sanitized before they are added on to the network or any other way similar sort of steps hold true also for you know other operations or rather multi-staged operations connected with supply chains and because of this diversification of vendors that we’re seeing these days you know where supply chains run across geographies across vendors across you know time zones and what have you it is very difficult to actually standardize the security measures which has become a challenge that that is presented off of late so you can see drones pos devices remote field uh surveillance equipment these are the you know sort of malware ingress points for supply chains so these are you know way upstream and you know they sort of get infected and then the malware or the infection moves across the chain

so some of the other things i wanted to highlight uh since i got attention from all of you wonderful people uh today there is other things that are happening in the background which will become big news in towards the end of 2022 uh like for instance crowdsourcing a cyberattack now there were several new tactics that the hackers tried reply fishing was one of them there’s another one where you know they got a group of their you know friends or fellow hackers so to say uh to actually sit and start scanning run these dummy scans on certain networks to generate a lot of false positives and sort of you know load the soft teams and to ensure that you know they are kept tied down or bogged down while they carry out other you know ads from from a distance or target other parts of the infrastructure this is again becoming a strategy and a tactic uh by these hackers uh the intention being very clear which is to essentially keep the soft teams tied down to ensure that you know they don’t really they’re not able to function at uh at their right efficiencies again we have done some research around this in terms of this whole soft fatigue thing that comes in and you know we were told that you know there’s it’s been tough for the last couple of years but the kind of work environment changes that have happened it has been very tough on the soft teams a lot of them have been really fatigued in more ways than we can imagine there were skill shortages again to the various people leaving their organizations and things like that so everything happened in a very short period of time but fortunately it didn’t translate it into anything big anything significant we we’re very lucky at that but then again our systems are coming back uh to normal the hackers are still keeping their attentions focused and we don’t know what really happened in this period from a reconnaissance perspective how many reconciles attacks have been carried out how much data has been collected by hackers because we’re seeing a lot of these dead dumps and you know data are being exchanged on on the dark web in terms of you know targeting certain organizations with certain specific data points that they’re discussing out there again we are not sure whether these are legitimate or otherwise but then again this targeting is not going to come down anytime soon critical infrastructure manufacturing aviation mining aviation and mining are two industries which need to really watch out this year mining especially especially in north america will be targeted very significantly this year that’s our prediction you can hold it against us towards the end of the year uh so we would be urging mining and aviation companies to really up their guard in the next coming months because there’s a lot of chatter that’s happening on various forums about targeting uh or you know firms in in these two verticals so to say again so we need to address our fatigue that’s a separate discussion altogether but at the end of the day that it’s the tactic that i want to draw your attention to primarily in terms of how they are you know keeping the soft teams tied down so you can see the level of innovation that’s going on from the hacker side they’re doing a lot of things that you know that is really tying our hands down and not really uh you know giving us adequate time to or time or in a bandwidth to give a quality response uh to them

Again social engineering tags um again i’d like i wouldn’t like to emphasize too much because most of us are really aware of the gravity of the situation in terms of you know how much this is costing us as you know enterprises for operating and trying to function with adequate levels of security gain connected with the insider threat that has emerged on the surface in the last two three years the third point is what i’d like to uh sort of you know draw your attention to which basically is that reply phishing where what happens is it’s not a random fishing where you get a mail about a certain prince from a certain country or you know somebody who’s stuck in a conflict and wants to transfer money no this is about a hacker actually inserting himself or herself in it in a regular conversation by pretending to be uh you know the other entity and sort of you know replying to such an extent that they get one of the parties involved to actually perform a certain action which could i you know usually be clicking a a link that takes them to a uh you know infected site or something to that effect actually so that is something we’ll again be talking a bit about that again the cost of branded uh fishing packs so you can see certain names have been assigned there they are not at random our team has not assigned these names this this is exactly what these malware packs are actually called so you have the must have ddos kit ultimate password tracking pack with instructions demo and help it might seem like you know there is some randomness to all this but believe me this is how they are sold on these forums and on the dark web again and it’s very dangerous out there for the simple reason that it’s very easy to lay your hands on on any of these uh you know families of malware that are out there we’re done you know an awareness drive around this fact actually a lot of people picked up this particular data set and came back to us and said is it really that cheap we said it’s even cheaper you know we can show you in fact how cheap it is for that matter

i think everybody is familiar with thisuh picture where cmmc as part of thedfars and also the fcihas beenimplementing the five different levelsof cmmc model starting from basic allthe way to advancedwhere there are more than 171 practice sif an organization has to be certifiedas an advanced level and this gives themthe level of certification where theygetaccreditations and credits torunthe bids that are also participate insome of their department of defense federal contracts and government bidswhat we’re seeing is that most of theorganizations are trying to use thesebest practices and as we seewhat has entailed around the differentareas or categories of the cmmc model interms of its maturity scoring threatmodeling risk adoptationand how do we do the how do we mitigatesome of those risks uh increasingly wehave seen in the last few months thatorganizations are still leveraging thisnot just to participateor staying compliant uh as part of thebids or the projects that they are uhengaging with the government but evenusing it as a hygiene technique uh to gobeyond it uh in november 2020 uh we uhsaw that uh you know nist sb 800 172 also released uh uh with with uh thesupport from the center uh a new modelwhich is now uh more streamlined morefocused on critical systems and what isabsolutely relevantfor the organizations toparticipate or even even to certifythemselvesagainst the maturity model what we’veseen uh some of the interesting findingswhat actually led uh to uh you know tothese increased attention uh we’ve seenover 50 of the organizations especiallythe ones directly working with thegovernment or anything on the criticalinfrastructurewere breached in the last 12 monthseither resulting in integrity lossavailability loss data loss and alsomost importantly theoperational disruptions that we areseeing are the outages that we have seensimilar to some of the ones uh likesolar winds we saw we noticed last yearthe florida water plant uh gettinghacked uh all of these things uh kind ofprove what type of hygiene techniquesthat we need to use how do we map it howdo we benchmark ituh also uh mandates few mandates thathas been recommended especially uh nowthat with the new criticalinfrastructure bill that is beingdirected by the government is also uhbeing adopted across uh theorganizations for risk assessmentbuilding those maturity model across thecritical infrastructure validatingagainst different states of compliancecompliances and standardsthat are out there taking therecommendations even though it is nottoday it is notregulated or mandated by some of theentitiesthose are best practices some of themcan be self-assessed some of them can beengaged with third partieswho have the knowledge and also theskill setto be able to do this in a costeffective way is helping the overallcritical infrastructure adopt uhsecurity models with the technologyinnovation that we are seeing uh now uhsome of the recent updates uh what wealso saw with that was that the cmmclevel three and level four if you seespecifically talks about monitoringcontrols uh and also utilizing threatintelligence to block uh these maliciousdomains uh not reactively uh once theyare in the network but mostly uh use aproactive techniques where uh we areusing leveraging threat hunting we’reusing intelligence feeds through stickstaxi and cyber threat intelligence exchange that way the security leaders inside theorganizations can now proactively lookor hunt for potential inclusions thatthey are notcoveredin their existing security controls andthey can include them before an attackcan happen

a small use case thatwhat we see is that let’s takea device which is deployed like a plc or an rtu uh that is deployed in a critical infrastructure environment or ICS in amanufacturing facility now each of thesethingsgo through a process of validating theexisting risks and vulnerabilities whatare the security controls that arecurrently providedagainst starting with the basic cyberhygiene does it meet the basic securitycontrols that it haswhat are the what what if thevendor or the manufacturer has alreadystopped the support or sale on this uhthey have already issued an end of endof lifehow do weadhere to some of the newrisks that are coming out of these kindof devices which do not have any moresupportso do we elevate the risk acceptance andthen if we do then what monitoringcontrols we have so that we don’t missout on some of these things so that uhis then uh you knowgiving us the ability to provide theframework for a deep assessment soconstantly monitoring what’s going inboth the ingress and weakness pointsof data from thousands of such devicesthat are connected across yourinfrastructure exchanging the data withyour traditional id networkgives a deep visibility intomanaging this across robustthrough a robust templateand also with respect to thevulnerability remediation based onthe device fingerprinting based on thecharacteristics that each of theseequipment devices provide and how it iscategorized in uh you know in in thein the security store uh and also howdoes the maturity evolve uh based on thecontrols that we implement is what uhyou know the first set of controlsshould look like and this is one of theuse cases where we have identified threemain areas where we start withidentifying some of these devices thevisibility mappingwhich part of the network they belong toand then highlighting underlying risksvulnerabilities and then putting it alltogether and then creating a profile ora contextual threat Inteligence template which can then bereferenced at any given point of timeonce built that becomes easier tocontinuously monitor it uh so thatlooks up uh you know different areas ofhow and what controls that we buildso these include the technology vulnerability like your cves cbs uh theoverlay network so overlaying the modelson the risks that are identified andmapping them one to one and seeing howthis can beeither remediated mitigated or acceptedand then what kind of scores that we seebeyond based on thisis something that is critically uh donefor this kind of an ecosystem and alsofurther enhancing itwhile we have the visibility into it wedon’t stop there so we constantly enablemonitoring we build early alerting whichmeans that if there is somebody tryingto even install a downloader or maybe amalicious scan that is happening on thisuh which could be a remote codeinjection uh that is you know that maysit dormant for months in the networkand then study the other parts of thenetwork uh is is where the earlyalerting comes becomes helpfuland then the security leaders who areyou know very concerned about some ofthese devices exposinginformation about the infrastructurenetworkcan use these early alert monitoring andthen enhance the least privileged orzero trustbased frameworks that what kind ofaccess can these device have do i needto isolate it do we need to quarantineit so there are multiple differentcontrols that can happenand then responding to these attacks uhthe most uh the the latest uh you knowuh stages of uh investments thatcompanies are making is not just havingthe full network segmentation strategybut also micro segmenting their networkeach and every payload needs to becontrolled uh as to how this informationis flowing from point a to point b inthe network how do i control it who hasthe access to it and also do i have anyplaybooksthat can help us integrate it with ourcentralized security monitoring eventsmonitoring uh i can integrate it with mysim that i’m already using or a sourcesolution that i’m already using or anyedr which i’m already using but mostimportantly the data that is receivedthe alerts and informationwith the mappingthat is received is going to help themachieve thosehigher level of certificationrequirements and maintain those advancedyou know maintaining those advancedstages which can help the companies tonot just adhere to some basic compliance techniques but also look at itholistically and build a mature cybersecurity modelis is one of the small use cases which iwanted to sharewith this butas part of what we see in the industryand also as part of what we see with ourcustomerswe constantly look attwo main aspects of it so uh usually wework with our customers to build theseoverall cyber security maturity programand also build a plan of actionconductthreat assessments with the securityrequirements mapping what we see in someof these standards and then provide youor suggest you what are the best ways tostaying compliant enabling controls oreven beyond that if you’re looking atspecific iot ot security platformslooking at it and ot integrated or aconverged networkplatformis something thatdefinitely happy to talk about thank youEnglish (auto-generated)AllRecently uploadedWatched

uh so let’s see how this actually dealswith uh what the current uh steps areand what is the plan of action uh thatwe see with the cmmc the maturitycertification so a couple of key thingshere one is on the visibility side andthe other thing is on the threat management side of thingsif you look at it closely the modelstatesthere are five main stepsthat is included in the modeluh which is assessing first thing is toassess the network andmap it with what existing security controls do we havewhat are the uh procedures that arepresent and documentingmost importantly ensuring that we havean updated procedure or a processwhichwhich has thisdocumented and what is the plan ofaction that builds against each of thesesteps calculating those codes sowhenever we see an issue or vulnerability how much of it is important to usso there are several models uh in whichwe actually perform some of thesematurity scoring some of them arerequired by the government agencies to be able to submit the scores and they range anywhere between a score of 200 to800 uh and and the higher the score the better the maturity is for the cybersecurity of the overall organization nowwe saw that in the last one year thisresults have dippedbecause primarily because of theoperational technology infrastructurewhich is now integrated with the i.tand that is also bringing in a lot ofcontrols which is currently mandated butit does not cover uh the the existingcyber security approach uh that we hadfor several years in thein the itor our traditional uh infrastructuresecurity spacethen we also need to plan a remediationstage so it might it states thatyou need to have the organizationalvisibility to be able to take actionagainst whatever documented steps andthe scores that has beencalculated or computed uh against thesescores uh we prioritize basically telling that which are the most criticalareas we need to focus on what are theareas but having that full 360 degreeview of how theseissues can occur in my network is themost importanttopic that we’ll cover and of course thelast stage is the monitor stage so eachof these stages has some key pointersthat they talk aboutwhen we see the ss stage we look atenvironmental risks ot and iot assetsbeing connected and also classified oryou know controlled unclassifiedinformationwhich is not required uh to be uh youknow which is not uhwhich is not required uh by some of theuh some of the organizational mandates that uh the the government is uh requiring in itsbidand this is becoming a gray area what weare seeing is that while this isunclassified it does not it requiresminimal compliance uh that should beadhered to uh it is still uh responsibleand it still falls under all the 17domainsthat the cmmc are talks about or atleast it outlinesin terms of documentation are we seeingsome of the risk findings what is thesecurity plan or the system securityplan that we call it and what is theplan of action now uhit’s a very important uh point here isthatwhen we see these documented stepsthis is now being mapped not just withthe information that is out there butalso with the data that iscoming across the operational technologyand some of this critical infrastructurecomponentswhich can directly lead to a controlbreach and that eventually leads to thecompany staying non-compliant or losingsome of them some of them actuallylosing the certificationthat they already haveonce we have that steps uh the calculatestage uh outlines what are the riskscore what is the baseline model how dowe align this with the framework that isbest suited for our network and in theremediation stagewhere are we non-compliant and how do webring it to uslevel where we are meeting thosecompliance how do we map these controlsthat we have today with the compliancerequirement be it an asset managementvisibility be it monitoring remediationand responseany of the cyber resiliency process thatwe take it is mapping it to uh similarcompliance and same thing what we see isalso being directed by standards likenist uh uh and also iec 62443 which hasmore or less some overlaps in most ofthese areas and they’re a lot similarbut it does not stop once we’reimmediate there is also controls whereuh the companies and organizations haveto have continuous monitoring detectiona robust threat management plan that cancover their entire criticalinfrastructure which is being connectedto the internet nowalong with the rit and what is thecontrol flow of my unclassifiedinformation that i have from thesenetworks which is flowing through my iduh so with this five step process uh itkind of clearly outlines that where dowe start how is the journey going tolook like especially when we see otenvironments that are coming in and howdo we maintain thisfrom a mid to long termstrategicpurposes

where we talk about the adoption challenges now uh while most of thesepractices recommendations the standards are easy to be put on paper in reality we have seen that it is quite challenging when it actually comes toour own infrastructure some of them we have never touched inyears and how do we go back and runthosematurity scores against them how do we scan thosedeviceswe can we cannot even access the networksome of them are already isolated wedon’t have uh you know access to thoseair gap networks but most importantly evaluating those relevant environment iswhatwe will try touncover today where we’re looking at youknow unclassified information which doesnot have perimeterswhich means it does not have clearboundaries that is setit still falls under the cmmc requirementas detailed in their in their documentation that they have releasednow what is the desirable target forinsider attacks and adversaries wetalked aboutair gap networks so while it iscontrolled environment where nobodyexternally can access it’s always uhsomething that we see is that insiderattack has become more prevalent andit’s always accessible to somebody inthe teamwho may have access to the system andthat we are not aware ofand that still becomes a part of therequirement to be able to run thosetests and ensure that the systems areauthorizedonly to those who require accesses andif not what is the data flow that isflowing from left to right and where cani isolate it how can i implement mymicro segmentation strategies formy operational technology and how do ibuild it within uh you know within thesub networks of my overallinfrastructurehow do we determine their target levelof compliance so what at what isacceptable level of compliance that webuild so having an acceptable scorehaving a minimal set of risks and vulnerabilities is paramount and that’ssomething that uh you know we kind ofconsider it asone of the challenges when we areevaluating uh this compliancebut most importantly uh what are theresource requirements you know how muchwork that goes in preparing for thesecompliance and audit programs uh we arealways held up with some criticalprojects deadlines as we all see butthen is there a dedicated focuson building and preparing thiscompliance program now this is where wehave seen that uh you know engaging withcertain uh you know securityvendors and alsothe the thought leaders in the industryhas helped in increasing and optimizingthis processwith much less effort required for meinvolving my own security team in thisrather than having them work on theirday-to-day tasksthe other important thing is it’sevolving from basic hygiene the overallmaturity model uh what we seeing isevolving from its basic hygiene what wasthere which was part of theself-assessment that most of theorganizations were earlier doing uh tomore advanced level so here they’reseeing that with this advanced levelthat is nowcoming into effect and most of theorganizations were required as of lastyear to be able to have uh you know somesome amount of advanced controls in thenetwork before they participate in anyof the dod contractsis the skill set shortage so we see thatwhen it comes to critical infrastructurewhen it comes to legacy networksunless we have people working in thatecosystem for years and years and whohave the know-how on how to deal withthis uh it’s always challenging to findspecific skill sets who can come in andpick that whole ecosystem and try tobuild a maturity score or try to modelthe threatand perform those threat analysis uhalso this directly impacts on thebudgets and timelines so if i have tohire somebody who is capable of doing ithow long would it take for them to uhyou know be ready to perform theseauditsafter that how long does it take uh forthese personnel to execute that providethe reports and so it becomes a you knowit becomes an extensive projectwhat we’re seeing also isthe requirements becoming some of thekeyasks from government and federalcontracts sowhile today it is a good to haveand and most of the cmmc requirementsare very specific to certain criticalprojects uh it’s becoming more and moreuh you know standardized across theindustries some of these models we seeis present in nist and iec are alsodetailing out the same thing andrecommending as uh the security bestpractices uh which is adding up to uhyou know adding up to a lot of pleasureuh across organizations to make surethat they are uh you know starting thisprogram as early as possiblethe other thing is beyond you know thethe overall certification and complianceis spanning beyond your traditional i.tand including all the connected ecosystem your non-traditional likeecosystem that surrounded anything thatinvolves connecting to your networkconnecting to your infrastructure andexchanging the data whether it be yourcustomers data or your internal machineinformation is now being assessed andcompanies are finding it challenging toadopt this kind of an ecosystem and fitinto all the existing models that hasalready been builtexcept for that there has to be aseparate focus on it how do we unify allof these things within the organizationthe other aspect is also with the covetwhat we have seen uh most of the remoteworking conditions and access beyond theperimeter is exposingsome of the infrastructures are twoworkers who aretrying to connect uh remotely from theirhome officesfrom remote sites is also exposing thisinformation and how do we control uhthis and what kind of access level do weneed to bring inis is becoming a key uh you know a keytopic uh especially when we talk to ourcustomers on a daily basis it’s becomingthe key topic that they talk ready in the path of implementing some controls but then they’re always constantly looking at what other technologies can include to enhance the current process models well

what does the current models and thetarget models look like now uh as imentioned earliercmmc can be used beyond dod and federal contracts uh now based on uh you knowwhat needs to be achieved uh in terms ofthe overall cyber hygiene and what isthe state of security that the organization haveuh and some of the organizations whohave implemented this it regardless oftheir involvement with the government have also seen uh this has significantly increased the security teams orefficiency when there are threats or theamount of time that the analysts spendin the incident response planhave also significantly improved uh withthis type of a model uh that comes in sowhat what we see current in the currentprofile is that uh the some of thechallenges and some of the limitationsuh as well as causing a kind of anobstacleforadopting to this uh this kind of acertification model when we saystarting with the first one complexlegacy infrastructure so how will we dowe know what systems are in place if wedo not know what systems are we seetoday are managed by us or how are theyconstantly being updated what is the security plan on those end pointsuh we will not be able to map the magainst the compliance needs and thevisibility is the first and foremostcritical componentto enhancing the current profilewhat we see in our existingsecurity infrastructurealso limited security maturity andcontrols especially when it comes to the cmmc compliance leve lit is it is an elaboratedlist of practicesthat we need to adhere to as companiesand organizations but most importantlyhow welldo we achieve what level of cmmccompliance of or these compliance isrequired for usuh level one should be sufficient forthe fci contracts but then as we gobeyondinto a larger projects larger contractvalues uh it requires that we have amuch more robust plans that build in uhwhat is thiscontrolled unclassified information howdoes this look like can i include myoperational technologyas part of my unclassified informationeven though i’m not directly taking anycustomer data into my network but thatis again a gray area whenever there isany data that is flowing inside thenetwork and if there is a component thatis in for involved it falls under thecompliancemandates that are required to be adheredby organizationsand also we have seen that it it also uhthere is a large landscape out there uhwhen it comes to in cave inso incompatibility and also the legacytechnologies which do not have certainsecurity controls be it basic passwordchanging or something that is alreadyhardcodedcannot be updated or hasn’t been updatedfor yearsis also adding to this level ofcomplexity details uh what does thetarget profile look likefirst thing is understanding when youlook at your complex infrastructureunderstanding what is uh building out ofaction plan or a plan of action looklikea we did our self-assessments but it isimportant that we bring in a third partyvulnerability a third party to conductthose robust vulnerability riskassessment to be able to build theselevel two and above a set of compliancethat we need tomanagesome of them require a a significantamount of time efforts if it is done uhin you know internally within theorganization but with automation andsome uh technical tools that are alreadyavailable in the marketplace this isbecoming a morego-to place forquite a lot of security leaderswhoimmediately can build this plan ofaction and start executing themprioritization is another importantaspect so risk scoring the maturityscoresare all dependent on the type ofinfrastructure that is available so howdo we submit this uh scores what are wevalidating these scores against whetherit is based on the severity whether itis based on the type ofequipments or the type of infrastructurewe have inside the networkso what is acceptable under the cmmctype post that they recommendand again involving some of these uh security assessments uh will help in identifyingan accurate maturity score that can thenhelp us build a fully cyber resilient uhecosystem i would say now mapping theserisks to our organizational riskswhile we have some compliance andmandates there are about 17 domains 171practices against the maturity levelthat needs to bemapped so why we are doing this how doesit positively affectour organization how is this going tohelp our organization to be OT security another way to map these complianceand and you know eventually finallystaying compliant which is not aone-time activity uh there is level fiveand above which details that it has tohave a continuous monitoring acontinuous update uh to some of the uhinfrastructure uhin innovation that is going onespecially in the ot space so stayingcompliant obtaining this uh constantmonitoring andchecking that box off that uh we’re notjust doing it once a year to be auditedor to be able to uh certify ourselvesand then uh we look at it once everyyear but this ongoing processor a continuous model helps helps thecompanies are staying compliant so thisis where majority of the organizationsthat we have seen at least about 60 to65 percentof the customers that we talk to todayare investing in what should be theirtarget profile when it comes to cybersecurity maturity uh within theorganization some of them earlieradopters in thein their overall security journey haveseen that this has helped him to buildthose baseline profiles and build thatframework which then gets easier uh someorganizations and customers where wetalk toare already in the path of implementingsome controls but then they’re alwaysconstantly looking at what othertechnologies can i include to enhancethe current process modelas well