Video: Webinar: Invisible Threats, Inevitable Attacks: Exposing the Gaps in OT Security | Duration: 3004s | Summary: Webinar: Invisible Threats, Inevitable Attacks: Exposing the Gaps in OT Security | Chapters: Introducing OT Experts (80.649994s), OT Environment Complexity (288.685s), OT Security Incidents (474.32s), OT Security Challenges (961.615s), Proactive OT Security (1064.095s), Proactive Security Measures (1394.24s), Better Together Strategy (1759.8099s), Closing Cybersecurity Advice (2172.7202s)

Transcript for "Webinar: Invisible Threats, Inevitable Attacks: Exposing the Gaps in OT Security": Hello. I'm Michael Rothschild, from Armis. I'm pleased to be joined by three very, well seasoned, very knowledgeable people around OT. We're going to talk a lot about some of the new developments in OT today or in industrial technology or cyber physical systems, many different names for it, all the same thing. We're seeing lots of attacks and different things that can happen in the OT environment. So we're gonna talk about that today, again, with our experts that are on our panel. Without further ado, I would love them to introduce themselves to you. Let's start over with Nick Graham. Nick, welcome. Thank you. My name is Nick Graham. I work with a partner of arms called RavenTek and the five federal civilian space for the United States. Glad to be here. Great. Thank you, Nick, for being here. And, Danny, Danny, you're a new joiner to Armis, coming over from the Arturo acquisition. Man, what a what a a ride it's been, I imagine, thus far. I'm sure you can write a book about it. But, Danny, would you like to introduce yourself? Yes. So my name is Danny Bren. I was the one of the two founders and, the CEO of OTORIO by Armis, and I am very pleased to to join Armis. And as a fact, it is my first day here in the offices and my first appearance in the Armys outfit. So, great start for me. Prior to to prior to army senatorial, I served for many years with the Israeli Defense Forces. Most of my career was around cyber physical system defense, security, and, just anxious to start and provide the same level of, value to the army's customers. And, Danny, we're so lucky to have you. You bring a whole wealth of knowledge and a whole other area about OT that we've been, involved in, but certainly you raised the bar on that. And I have to tell you that Armis looks great on you. So we're really lucky to have you. Welcome to Armis, and we're we're happy that you're here. Thank you. Appreciate it. And our veteran, also a guy that has forgot more about OT than I'll ever know. Carlos, Carlos, you've been at, Armis for some time. Would you like to introduce yourself and talk a little bit about what you're doing? Thanks, Michael. And, Danny, welcome to the team. Kinda get tired to the of saying that over and over again. So, yeah, my, you know, Carlos Buenano. I'm the CTO for OTIA. I've been in Armis for six years. My background is, control systems engineering. So I was a control system engineer for a long time, you know, programming POCs and DCS, you know, working on any industry you couldn't think of, mining, manufacturing, oil and gas. And I'm focused a lot on, you know, controlled network design and the implementation, and securing, controlled networks currently. So thanks for having me today, Michael. Excellent. So again, what we're going to do today, is we're gonna have a little bit of a discussion amongst the four of us. I'm pretty much gonna be prompting some questions and stuff like that. We have a bunch of good questions that have come in from our customers that are, industry questions and things like that. And we're just gonna have a discussion, and we're pleased that everybody has joined us today, kind of joining in the conversation, hearing what we have to say, and some of the the things that are going on. Hopefully, this will give you some ideas in terms of how to protect your own environment. So we have a lot of good information from you. I'm glad you're able to join today. So Carlos, I'd love to start with you. As you said, you've been involved many different systems, many different verticals. You know, when we talk about OT, operational technology, some people call it cyber physical systems, all all different names and and and things like that. We think about things like PLCs and DCSs and HMIs and all these three and four letter acronyms that we're so familiar with. But when we think about today's OT infrastructure, is it really just OT? Are we really just concerned with things like actuators and robots and things like that? What is an OT environment looking like today? So, OT environments are very complex. Okay? Because, yes, they have PLCs, they have DCS, they have actuators, sensors, and and so forth. But there is a lot a lot behind the scenes that we don't talk about it. BMS system, for instance. We we're talking about HVAC systems. We're talking about UPSs. We're talking about, you know, power boards. We're also talking about lights and, access control and so many other things that run behind an a a control system and not necessarily connected to each other. And it's very complex. Okay? Because, you know, these systems are designed for longevity. I was involved in few projects, greenfield projects, and one of the first requirements was to, you know, you know, to support this system for thirty years, at least Thirty years. And that creates a big issue because, every time that we we come across a a control system, environment, so there's, you know, devices that are old, that are running old protocols, all operating systems, you know, everything is pretty much, out of date. And and the reason is because, this system, they run twenty four seven, and and they only have a few windows, within the year, if not only one, you know, to do maintenance and to do updates. Most likely is, some of the system that we want to address some of the vulnerabilities. They are basically, operational even though they are in shutdown mode because there are other systems that has to be tested, and we are not able to to to get access to them. So it's a very, very complex systems. You know, and one of the things that that we always look at is, you know, how to protect them. And, you know, you know, we try to actually follow the frameworks. There are a lot of frameworks today that that help us, how to protect the systems, but they become can become quite, overwhelming just because of the reason that I have I said before. It's like, how how do we protect these systems that need to be, they need to continue on running? Excellent. So it sounds like there's a there's a lot more than just OT than just the the standard PLC and and things like that. Danny, I I'd love to turn it over to you. Obviously, coming over from OTORIO, you've been in very involved in the forefront of OT security, particularly, critical infrastructure, industrial operations. And OTORIO is now part of Armis. You bring a lot of expertise in securing industrial environments. Can you share a real world breach or security incidents that industry, that it indicates or illustrates the type of, OT security gaps that the OT industry is, is feeling and where hackers are exploiting today. Definitely. And I'll be more than than happy to to thank you for through my, thought process. But just, one additional point to what Carlos just shared with us, which is very important, to understand when I'll start addressing the breaches, the entire OT environment serves the business revenue stream of the organization. And this is something to to understand because it is a business risk and not purely just a technology IT risk, and we'll address that a little bit later. So so I I will go and start from Colonial Pipeline. Now everybody I don't know if everybody understands what Colonial Pipeline was an IT, successful IT. It was an IT ransomware attack. It was not an OTA there. But because of, the fact that they had no real monitoring of the control systems and understanding what is really happening in the OT environment, the leadership of Colonial Pipeline decided to shut down business operations, shut down the OT environment by themselves as a precaution. So I think that the the the fact that I'm looking at this incident as an important incident is because it shows not only the convergence that everybody talks about IT, OT, and maybe collaboration, file address, split, but interdependency of the IT and OT. And if you don't have a a good scheme that provides you a an end to end understanding, visibility, and and and strategy around IT, OT, convergence, then you get such an interdependent that you left to take down your systems by yourself. And the and this is an important thing to understand, and and and this is an important, value that I think that Armis brings to the table, and we probably would discuss that a little bit later. The second one, or I would say that there are two segments to the second one is the Stuxnet because everybody talks about the Stuxnet. This is the first one that basically showed the connectivity between the cyber and the physical and which we today, this year, we we just had the first, Gartner quadrant, coming, via security. But it started, back in 02/2010, and and according to, public news, Probably, it was operational since 02/2007, and there were about three years or four years of of one can look at it as the innocent series where superpowers understood what they can do and and and the rest, did not. The second, I would say, artifact of of the same family was the Triton. Not many are familiar with the Triton, and and this is where it it it was the first time where where a runs where an worm attacked the, the monitoring control systems of the control systems. Right? So, basically, you take down all the the safeguards of the old environment and and a potential cyber a potential successful cyber breach could result in in casualties, real real life casualties. So so if you connect those together, you understand the and and this can happen in an airport, in a refinery, and in in in oil and gas industry, in the energy industry, chemical industry, etcetera. So it's not just, you know, as everybody thought, crypto infrastructure or nuclear problem, etcetera. I just wanted to add some some current context that, Lenny, if it's just just for people to understand what the safety system is and how critical this is. So when when a a plan is in operation, is is is using the process control network and and and and it operates. But someone presses stop emergency stop, for instance, the, system kicks in. And there is a lot of, like, what we call cause and effect diagram that depending on where the system actually stopped, the the whole, you know, control system needs to flush out safely, close the valve safely. Because if that doesn't happen, it it could actually cause, damage not only to the equipment but also to people. And if, you know, try to attack the safety system in a way that interrupts the sequence of shutting down this, this, you know, critical systems, it could actually cause a lot of damage, and that's why it's so important. Sorry, Danny. I just wanted to add that. No. No. No. Thank you for the thank you very much for the color. So I'll I'll continue what Carlos just said, and let's take an industry that nobody thinks about it, the pulp, paper, and packaging industry, which everybody eats cereal this morning. Right? So in the process of of producing the pulp, which is an important ingredient that does the carton board and then goes into the packaging and goes to our cereal, there are there are very, complex and hazardous chemical and high pressure, processes, which this control system or this safety mechanism basically makes sense that makes sure that nothing happens. Now if this is taken down, you can get an environmental damage that will last for years. You can get hundreds of people that will be killed from the explosion or the or or the the toxic. So there are many ways that that on a daily basis, we don't think about which the Triton can affect, and this is why I think that this is a a very important, bridge. I hope that that, Carlos, that you agree with me. No. No. Completely agree. Yeah. And and the last one, which which everybody knows again, Dragonfly or what we call the series of the Ukraine power grid attacks, is basically, show that this type of weapons not only can be used but also was used in a geopolitical conflict. And this is highly important when we are today, 2025, which I would say the global geopolitical unrestlessness is is is an important driver of what we are going to expend. And and I hope that our our customers, partners, friends in the industry are preparing for that. I just wanted also to highlight a a couple of things, all in one thing. You know, and that resonated that when Danny said it. So the the attackers are in the system for a long time. The reason is because these systems are not simple. They're very difficult, and they they don't understand it. PLC is actually something that is very difficult to understand unless you actually have experience. So, when it started, it basically stayed at three or four years just only to understand how to compromise the PLCs and and how to remove or not remove. Yeah. Remove the safe safeguards within the PLCs and then, put a new code inside, a new firmware inside without, you know, operations to realize that what's happening. And this is actually a process that, it is very difficult, very lengthy. So and and and and the conclusion that I wanted to take is that, the attackers, they do have budget to actually have, you know, the time and the effort, to get to a point that they can actually create some damage. I just wanted to to to to add that to the to the conversation. Absolutely. You know, when we think about OT, we think about, not only packaging, cereal boxes, and stuff like that, we think about critical infrastructure. And, you know, it's it's pretty, early in the morning here relatively speaking. Think about all of the things that you've done already that have involved critical infrastructure, whether it's, you know, the water for brushing your teeth, even just turning on the lights. Everything is critical infrastructure. Nick, from RavenTek, thank you again, so much for joining one of our partners. And, obviously, Nick, RavenTek works, very closely with organizations in terms of securing OT critical infrastructure, these types of things. From a partner perspective, where where do you see the biggest gaps in how companies are currently approaching OT or CPS security? Great question. I'll I'll tell you when I talk to them, the biggest gap is really around, like, visibility. They're really understanding what they've got in their environment. And what I always, talk to my clients when, we're having these discussions is I I try and tell them, you know, you have to be able to see a target to be able to hit. And when these organizations don't have an idea of what they've got in their environment, there's no way they're gonna be able to protect it. So when I start talking to them in this perspective, very first thing I start talking about is how Armis is going to be able to use their or what I call the data collector, what's referred to as the data collector. That's a passive listening device, so it's gonna be able to have minimal impact on their environment, but give back so much. Being able to say, look. This is everything you've got in your environment, so you now have a complete picture of what you need to start looking at protecting and then taking the steps to do so. It makes makes a lot of sense. Go ahead, Danny. I'm sorry. I I think that Nick, hit it on on the spot. And and and one one thing that I think that Armis today shines, from all the other competitors in the market is also the the the ability to understand the role of the asset in the OT environment and the and the business risk that it it will introduce. Now this is important because in OT, there there are unique tendencies and not all assets are born equal. And you need to understand exactly the role of the asset. You need your individual asset when you would like to prioritize your limited resources and actions. And anything that armies today, is the number one, solution that that brings the entire workflow, that not only the visibility, but okay. We what is the contextualization of the visibility to to the business operations. And and this is this is something unique. Absolutely agree. Yeah. Absolutely. You know, one of the things when we think about security, we're not far from a bunch of security shows coming up, things like RSA and Black Hat and all these fun things. You know, when I think about security and and a lot of us have been in security for some time, I always think about the fact that we may have gotten it wrong in security. We oh, you know, traditionally or legacy wise, you know, security or or, fighting an attack has always been after the attack has been launched. I kind of think about it, you know, similarly to the, the theft deterrent system or the burglar alarm you may have in your house. You you would never buy a burglar alarm system in your house that tells you, hey, there's somebody that's pulling stuff out of your house right now. You wanna get it as early as possible. Right? So similarly, when we think about security, OT security, or security in general, the industry has really been reactive in terms of something has to happen and then an action or a counteraction to security has to take place. I'd love to get your impressions each of your impressions in terms of proactive security. Is this becoming more of a thing? And if so, you know, how are you seeing it manifested in OT infrastructures? Definitely. I'm just gonna take that. So, we have seen a lot of customers, you know, a bit more concerned. Obviously, there is a lot of things happening in the background. Right? So it's not just the customer that woke up at one day and say, hey. I'm concerned about security. I wanna do something. And so it's a lot of legislations and and governance that is actually coming into place. In Europe, you have needs to, in in The US, you know, for a long time, we have Nexip and so forth, vouchers protecting the the infrastructure. And it all all comes down to maturity. Okay? So when when when, you know, you want to start and and and finally understand, you know, the complexities, from from an IT perspective and also the risks. You know, we're talking about that 70%, today of of the attacks actually to the environment. So you you wanna start doing something. Okay? And and and, you know, one of the things that from from a proactive perspective is, you know, if you think about it, you know, what where do we start? Okay. Because it's it's very difficult to start, somewhere. And then from works actually is a really good way to get started and then, and just takes you by the hand in a way. Not necessarily you need to comply, but, you know, you can get started. And from a from a reactive perspective, you know you know, all these systems have been there for a while. We're talking about insulin response and and all these different systems that, you know, are they, you know, have to suck and so forth. But from a proactive perspective, you know, the go on. No. Touching on what Nick was actually saying. So the the the visibility is is is a key. It's it's a very first key for first step because the visibility is not just understanding the what the devices are in the in the environment, but also what the devices are doing. Okay? Discovering and defining devices, but also identifying what the devices behaviors are. And from that point onwards, then you can get get started to do some, proactive analysis. And then you start looking at, you know, what do we do? Okay. Do we how do we remediate this to avoid, you know, and protect the attack surface? Network segmentation, one step. How do we do do we start the process? How do we understand, you know, what the devices need to be doing? How do we actually segment the network so the devices are only, looking at, you know, you know, what listing policies of communication so the devices can only communicate to what they need to communicate. And then you start looking at zero trust principles and concepts, you know, to to to then, start creating, very specific set of rules, and and and at least, you know, the least access possible to to to divide to sorry. Users and devices and and and keep continue monitoring, you know, from from any anomalous behavior. So, and this, actually, this technology is allowing us to be a bit more proactive and any customers that I understand to take advantage of that. So so to bring together, Michael, your analogy and and what just Carlos said, it's not only that you want to be aware that when the burglary is at your front porch. Right? You want to make sure that you didn't leave the the back door open or the or one of the windows open or or your most important, variable assets outside of the vault. Now I'll try to interconnect that to what Carlos said. Visibility is an important stepping stone, and this is the the foundation foundation for everything. But then you you we we can go on level one and say we we need visibility in in our in our, to our assets or to our process integrity, which is important, an important, fee feature. But then, how does address segmentation? One of the main, I would say, errors or mistakes or misconfigurations or blind spot that we see across the board globally is a flat network. A flat network architecture in the OT. So so you start you need to start if you want to be proactive, you need to start looking at the network architecture, not in and leveraging the existing investments that you have and and trying to adapt that minimizing the attack surface according to the OT process or or the the process needs, the business process operational needs. And this is relatively a a low hanging fruit that can be achieved. A second a second part that I think that now brings together the both the the innovation side of the house and and the threat side of the house is supply chain management and and insecure remote access. We still see that in the IT environment, it's unheard of. Right? But in the OT, we'll let somebody from within the organization to connect from his home or or one of our suppliers or vendors to come and do performance optimization or some preemptive maintenance, and you will connect. So you want to to be to start with a low angling proactive approach, monitor your your network architecture at any time, see that it is as tight as needed by the operational processes, and then the same thing for the remote access whether by your employees or supply or or vendors. Because supply chain today is the number one introducer of, the ransomware attacks to to the OT environment, and and we need to to acknowledge that. Absolutely. And and, Nick, I I to go back to you, you know, one of the things that I think you said was really very poignant, whether you're you're reactive and proactive, and obviously a lot more more organizations are being much more proactive. We see so many attacks that are launched. And more often than not, when this happens, customers or or or prospects or whomever says, if I only knew, right. If I only knew that something was still running, that the server was on the team viewers, it was still at a PA, a default password, all of these types of things. So, you know, obviously we're, we're seeing organizations that are becoming much more proactive in terms of ferreting these things out. Nick, I'm curious. You you work with many different, many different organizations. Can you share an example or or a case study, some kind of idea of how an organization successfully improved its IT security posture and its OT security posture by integrating and and and deploying this more visible approach? Absolutely. So one of the ones, worked with a health care organization specifically, around patient monitors. These are the type of devices, for people that don't know when I say patient monitor. If you go into a hospital or something of that nature, they'll put these sensors on you to get your blood pressure, your heart rate, your temperature, that sort of thing. And it came out fairly recently. I I actually believe Armis even had a blog on this around a particular patient monitor. And I don't even know if I wanna mention the manufacturers. I'll I'll keep that out. But, basically, there was a vulnerability that would allow bad actors to get in and compromise these things. And we also found out that these devices actually would allow, the data that was collected down to the patient information, as well as the doctor's information, that could be sent to a a bad actor or a nation state, if you will. But that wasn't even the worst. The worst example of this is that once a bad actor got access to these devices, they could actually change the output of the readings. So if you were to think about that, if somebody were to be in an operating room or something of that nature, and god forbid that would happen, but if they were, the doctors, the nurses, everyone involved there are relying on that information to give the correct, life saving health care to these particular individuals. And this health organization became aware of that. And so we went in and we helped implement Armis to get that visibility and to identify the susceptible patient monitor systems and to take multiple steps, which comes back to like, what Danny Bren and Carlos Buenano both had mentioned previously. Visibility isn't just the only edge. You have to be segmentation, learning how to take and actually put protective steps in place to be able to make sure even if you've got those devices because let's be honest, organizations can't spend on a dime to get these devices out of place. So they need to understand how they can prevent access to those devices. So this is really the example that I I would give you that I look at personally because I take health care very, seriously, you know, people are in there. They're looking for help. They're looking to be taken care of. And the last thing you wanna have happen is have somebody go in there and have a bad actor end up causing somebody to die or and I won't say worse because there's nothing worse than that. Yeah. For sure. We're not just talking about mission critical systems. We're talking about life critical systems. And, you know, one of the interesting things I think specifically in health care is we think about, you know, things like patient monitors, things that touch the patient, and that's all really important stuff. But there's just so many other additional things that you have to be visible about, like the building management systems. Right? Is it warm or cool enough? Right? All of these different things, IT, you know, you have, things like niche and charting on epic, whatever else. So many different pieces parts that we have to be concerned with today. Absolutely. I I'd love to turn back over to you. Again, you're sporting that Arma shirt, and we love that, Danny from OTORIO by Armis and the acquisition that we made. We're we're so happy to have you. You know, one of the questions that I'm sure a lot of viewers are are asking themselves is is that that old that age old question of better together. OTORIO by Armis and, Armis have come together. Armis has acquired OTORIO by Armis. What's that better together story? What are we getting more? What are we able to offer customers more than we were just as individual companies previously? So I would say that the Armis and OTORIO by Armis vision were extremely similar, even identical. And and it and it and we started basically around the same the same period. Where always took the when when we got to this, let's visualize a junction. Armis took the cloud SaaS type of off road and the OTORIO by Armis, took the more challenging, but, or and the on prem, road. And I would say that, what's to today, a customer can benefit is to have a on prem cloud or hybrid solution that will take him through the journey from visibility to the proactive risk identification and management, with the, with the limited resources that customers have today, they will get a very clear prioritizations of their most, critical, points that they need, to to basically address and how to, allocate their limited resources. Now why this is important is because everybody talks about conversions, but nobody takes care of coordination. So when you have convergence of OT and IT without coordination of OT and IT, basically, you amplify the risk or you amplify the threat. Right? So what Armis brings together, and and I'm very proud to be part of of the Armis, story going forward with the authority. What Armis brings together today is basically the the collaborative workbench that will enable, both the OT side of the OT practitioners and the IT practitioners to collaborate and to coordinate their very important and critical risk management processes proactively. And then it will be they will be able to solve all these, risks and and and and events that Nick and and Carlos basically addressed in their in their part. Yes. So we just go on back and and, yeah, Danny Bren is completely a % right. So if you think about, you know, the initial conversation, how complex of the environments are, there are environments that, you know, they are kind of, converged already, and and this actually happens naturally. So when I say kind of, it's like a very limited conversions. You know, you have IoT devices, you know, the environments. You know, you have all kind of BMS devices, as I mentioned before, where you have TVs, you have handhelds. We have all these things to, you know, promote, a a lot of, different ways of operating, especially large organizations. When it comes to, you know, organizations within, you know, different industries like oil and gas and mining, the the the process could be or the the the infrastructures can become even more complex. And one of the the the the big the blind spots that we had, you know, were those, those part of the plants that were completely isolated, not had air gaps. Maybe it's just because they were already part of a a very critical part of the the process. And this is when, you know, the the the the, the the Titan product from from from OTORIO, you know, comes in and and and provide us the visibility that we needed into those those very, very isolated spaces. And then, of course, the there are more access, that we talk about. You know, from a from a CPS perspective, you know, zero trust principles are actually becoming more and more, critical. And, you know, the the SRA, that is actually one of the the the functionality that is gonna allows us to not only from a, you know, internal, but also external from vendors and maintenance. It's gonna open up in a very secure way, to to more efficiency when it comes to to, you know, one, protecting, but two, diagnosing and and also maintaining, LTE environments. And the other thing that I wanted to to to to add is that it's gonna also allows us to to, you know, provide a more secure way, you know, to to perform this LTE and OT convergence because it's gonna add the the visibility, but also it's gonna add the way to communicate and to connect in in between the two the two environments more safely. So it is is you know, the the advantages are incredible. Just one one more sentence. I I I fully agree with Carlos and and, and the our customers will get that from a single platform that that that basically interconnects the values. And and it is one thing to manage two different vendors, two different separated solutions, whether they will be the best in the industry. But when you interconnect the best solutions in the industry and you get an end to end holistic approach that covers the entire CPS environment including supply chain? This is what I think makes today Armis the number one vendor in the world. Yeah. But don't but don't take my words on that. I I was acquired. Look at the Garmin Magic Quadrant. Yeah. Definitely. The Magic Quadrant tells a tells a good story. And I think, you know, one of the best stories we can tell is whether you're on prem or in the cloud, whether you're converged or air gapped, we have a solution for you. So that's that's a a really good a really good value prop. With just a couple of minutes left, you know, I would love to have each of our listeners walk away, with something that's actionable. So, I'm gonna ask each of you to give me just one thing, just one best practice, one thing that you think organizations should follow that perhaps we've been a little lax on it to this point. And Nick, I'd like to start with you. What what's one thing that you would like to give us a piece of advice to our listeners? Michael, I I would sound like a broken record, but it comes back to visibility. Make sure you are being able to see everything in your environment. If that's the one thing that I could get to, is that know what's in your environment so you can protect it. Yeah. The the old story, you can't protect what you can't see. So Absolutely. Got it. Danny, let me turn it over to you. What's the one piece of advice that you'd like to give our listeners? So I have to continue from where Nick stop. And I would say, pretty OT cybersecurity as a, an operational business risk. So it's visibility with a context to your business and don't treat it as a niche it problem. And, and this is, this is the number two, I would say, advice that I can give, as a follow-up to what Nick just said. Yeah. And, and Danny, you, you kind of opened up with the comment, you know, it's, it's not just an operational thing, right? It's not just a resilience thing. It's a business thing. And we've actually seen some pretty successful campaigns around some of our customers that are actually using this as as a marketing tool, as a as a value driver to the end customers about security. So, completely completely hear you saying, good advice. And and, Carlos, finally, over to you. One piece of advice that you'd like to give our listeners. I'm gonna I'm gonna just, maybe just, you know, we we go a bit a bit more, different approach. Visibility, of course, is number one. But, when I was, you know, tasked to create a security program, you know, for, energy company in in Australia, I didn't know what to do. Okay? So I didn't even know that start with visibility was one thing. But what happened was that, I decided to turn over a framework that not because I needed, to comply with it, because but it was because I needed to have a guidance, when it comes to the steps to to to follow when it comes to creating a cybersecurity program to help us through, you know, the complexity of of of developing and and implementing a secure network that will help us throughout the journey. At the time, I chose I c six two four four three, and I was surprised of how, you know, how it was together put together was actually the the the framework. And he touched on visibility, touched on network segmentation, he touched on, authentication. It takes it takes on, you know, access security and so forth. Any I felt like, you know, it was very obvious to me of which steps to follow and how to mention the maturity in every step. Because then, you know, visibility is the foundational part of everything. Once you you reach that, then you wanna understand what the next steps are and how, you know, it can actually the process or the security, program can help you throughout the the the the whole, the whole journey. And and and it you know, going and and and turning into a framework where it takes you by the hand, you are okay. I achieved this. Let me see my gaps and then go to the next one. I see my gaps. And then, you know, all of a sudden, you have a really strong cybersecurity program, you know, with the visibility that you need that is was, you know, very important because it needs to actually you need to understand what is there and how to protect it. But then how the how to protect it is actually what, the the framework helped me with. So I I guess, yeah, what you're saying is that these frameworks are actually really good, whether you're looking at, as you mentioned, six two four four three, MITRE ATT and CK. There's lots of good stuff out there, and the ability to kinda follow those best practices definitely can raise the level for all of us. So, with that, you know, we're out of time, but we have just so much more material, so much more content on our website. We have demos. We have all kinds of good stuff that we would love to show you how how you can actually put some of these things into practice. So, what I'd like to do now is, obviously, thank each of our speakers, Nick from RavenTek, Danny, Carlos, from Armis. And most of all, I'd like to thank our our viewers. And please, if you have, questions, more information, do reach out to us. We have a whole lot of, good stuff to show you how you can put some of these practices or some of these ideas into practice immediately, and help secure your organization from the unacceptable. Right? Thank you very much. Looking forward to seeing you again.