12.12.20 live stream
“I think I just blew their mind”
Tech scam: Sean and Spasean
Start point on stream:1.40.31 to 3.14.21
Total call time: 1.33.40
Scammer’s knowledge is tested while trying to sell Charlene a “cyber security firewall” with “7 layers of protection”
2.28.38 – 2.29.43
….do you guys sell a SIM at all that maybe I could use so that I can, you know, run queries on all of that data and get events and log correlation based off of all of these firewalls that you’ve shown me and all these devices and all this data...its way too much for me to protect so I’m gonna need something that’s gonna do a little bit of better correlation for me across all these different data points because if you’ve got the Cisco firewall you know or maybe even Cisco advanced malware protection and that’s popping up a bunch of false positives you’ve got IBM you have SonicWall that’s maybe looking at the network layers showing me some greater visibility on the network, how do I know to be able to correlate what’s happening on my regular endpoint systems vs all the network even mobile devices as well, right, maybe all that together could possibly, you know, if there’s a way…I don’t want my computer lighting up like a Christmas tree you know! I’d like to be able to maybe go into a SIM and run some queries off of that to be able to have, you know, greater visibility to whatever’s going on – right! Scammer: (long pause). 2.31.35 to 2.33.39
..If you think about it, firewalls, it’s just like a gate; it’s like you open up the gate, you close the gate, you open up the gate you close the gate. But what about, you know, valid ports that could be opened: valid IP addresses, maybe VPNs and proxies that are being utilized by the haggers and the scammers, right, that are trying to take my money, they’re utilizing you know benign processes and benign behaviors on my endpoints and I have no idea what’s going on, they’re using things like Powershell and Symantec’s not gonna be able to block that, McAfee’s not, right, and then they’re utilizing data exfiltration policies through things like Cloud operating systems through different ports that are very readily available like port 80 or 443 right, they’re utilizing these types of ports that the firewalls aren’t gonna be able to do so I’m trying to get more towards a behavioral-based mechanism that I need greater visibility, I need detections based off of behaviors and not just, you know, 1s and 0s, this is bad this is good, because when you have firewalls that are just blocking an IDS an IPS based off of good or bad, a lot of times you can’t just say everything’s gonna be good or everything’s gonna be bad you have to look at the correlation between what is this incident or what is this behavior that’s happening. Maybe I had outlook.exe that was spawned and then from there other processes were spawned and then all of a sudden Powershell was run they were doing a netuser right for instance, all those things together could be bad but if I were just to go to the command prompt and put in netuser right and change the password then that doesn’t look bad but in the whole scheme of things when running a discovery scan on the network to see what other devices are on there and then you move them laterally to other systems I need a lot more, this could all be under the nose of the traditional firewall protection and that’s why I’m saying I need a little bit more holistic of an approach that brings all this together from these firewalls, endpoint security devices, all correlated within a centralized incident and event manager so that’s why I was asking if you have something possibly that would be able to satisfy that.
Scammer: (long pause)
Charlene is now passed to the Billing Supervisor, Sparsean
2.54.13 to 2.56.30
I have a couple of questions because this gentlemen was talking about the 7 layers of protection but we never really got into some of the behavioral analytics that go on from a machine-learning and behavior base because I actually like to better detect from an anomalous behavior vs a signature or a firewall IDS IPS host-based firewall approach, right, which you’re either kinda letting something in or letting it out, because a lot of the haggers now are using common protocol and common practices on the endpoint systems as well, as well as the network to be able to move laterally, they’re utilizing things like Powershell on my system and the traditional types of systems that you guys are trying to sell me aren’t gonna be able to protect that because I have a lot of those traditional things in place already and I just want greater visibility, maybe there’s a way that you guys can maybe if it’s as a service, a security incident, an Event Manager, I didn’t know if you all sold any of those like a Splunk or a QRadar or LogRhythm or something like that. I see you have IBM that was on there before, but SonicWall I’m not necessarily the biggest fan of I think their efficiencies around management centralized isn’t very very good - I’d like a next generation firewall possibly like a Palo Alto Networks and then I’d also like something from an endpoint and a mobile standpoint that maybe work together with all of that so I can have greater visibility, greater protection. But I’m really gonna need even email security, I tried to ask the last gentleman about phishing attacks and if you guys did any Cloud sandboxing technology? I’d really like to be able to protect against that not necessarily just spam, because everybody can block spam, but those targeted attacks, I don’t wanna be Patient Zero right and I’d really like to have some real-time protection if I did happen to click on that link what would happen if it goes and opens up Google Chrome goes into y’all sandbox you check it against your technology, I’m sure you have billions and billions of probes that are out there, check against that technology: if this is a known phishing site if this is a wormhole site, if this is a spoofed site you name it right, I’d like to be able to have that visibility and block it in real time if I were to actually click on it. I hope that makes sense.
Scammer: (long pause)
3.14.34
Pierogi: I think I just blew their mind