The Microsoft 365 environment is complex to administer from a cybersecurity perspective. There are very expensive options from Microsoft that add advanced security elements to the 365 environment. In addition to cost, ease of use and knowledge can become limiting factors dependant on the capability of the organization when implementing Microsoft’s advanced security. Dark Rhino Security and Infocyte partnered to build a managed service offering that dramatically simplifies the evaluation, compilation, and remediation of security gaps present in a companies Microsoft 365 environment. Chris Auger from Infocyte and Tyler Smith, a co-founder of Dark Rhino Security, host this episode of Security Confidential and explain how to benchmark against the CIS standards a Microsoft 365 environment and how to remediate the gaps in a simplified manner. The end result is a highly secure Microsoft 365 environment.

00:14 Introduction

03:10 Microsoft 365 Security Overview

04:50 Why Microsoft 365 is difficult

05:30 Why set it and forget is the wrong answer

08:00 Anatomy of an attack, attack chain

13:20 The attack vectors

15:33 Cost structure of M365 tools

20:15 Dark Rhino Security Microsoft 365 Security Assessment .

23:48 Security controls analyzed as part of assessment

25:08 Value of Dark Rhino Security in the Process

26:15 Is Tenable used under the hood?

27:15 Does MFA solve the security gaps?

29:35 What is out of domain forwarding and will they block it?

32:47 Does Small Business really have the risk

42:35 Timeline for Assessments

To get the free vulnerability scan of up to 10,000 nodes in your network call Dark Rhino Security at 614.401.3025 or visit https://darkrhinosecurity.com or email info@darkrhinosecurity.com

 

Video Transcript

– Hello everyone, thank you for joining us. I am joined today with, with me, I have Chris Augur from Infocyte. I am Tyler Smith from Dark Rhino Security. We’re going to be talking about Microsoft 365 security and compliance and how we can make that easier for you. So, Chris, thanks for joining me today.

– And thanks for having me. I’m really looking forward to having this discussion.

– Awesome, awesome. So we will have some time towards the end of the webinar to ask questions. So if everybody can just hold your questions until the end. I’m trying to keep an eye on the chat, so if there are any problems, please go ahead and raise them in there. So without further ado, let’s go ahead and get started. So a little bit about Dark Rhino Security. We were founded in 2017. We try to provide security services for organizations of all sizes, and we believe that access to security should be affordable for everybody, and that’s one of the things that we’ve done. We’ve tried to leverage security services, or technologies, and wrap services around those technologies to make them accessible for everybody, so it’s just a little bit about Dark Rhino. So Chris, if you wanna do the intro for Infocyte.

– Yeah, so Infocyte was founded by a couple of folks from the Air Force. They ran the Air Force CERT. Basically, they got very frustrated because they were dropped into unknown environments and their job was to go determine if any bad actors are rooting around in very complex networks. When they got out of the service, they founded Infocyte to really solve the problems that they were endlessly faced within the service, specifically around threat hunting, advances in incident response support, and things of that nature. Over time, over the last five years, we’ve evolved, and most recently, we’re really doing a focus on Microsoft 365 security, compliance, and control through our partners like Dark Rhino. We’re kinda solving one of the biggest challenges out there. And that is, how do you actually know if your environment is set up properly? And how do you track for configuration drift over time? So we will talk more about that shortly.

– Yep, thanks for giving us that introduction. One of the things that’s become obvious over the last few years is just this huge shift to cloud services, and a big part of that has been trying to get a handle on what that means for an organization, because while it comes with certain benefits operationally, it also comes with certain risks, and understanding those problems and where they arise is really important. So one of the things, while Microsoft takes care of most of its security needs as far as being able to provide the service, it doesn’t really do a lot for you. Security configuration of Microsoft 365 is a thing that they leave up to the end users and end user organizations. That’s one problem. Another problem is the native alerts that come along with the compliance piece are not user-friendly. So when it comes to determining, are you out of compliance, setting that up and and maintaining that is very difficult to do. And then the last part of it is really monitoring that and keeping your finger on that pulse is a challenge in and of itself. Chris, do you want to chime in?

– Yeah, I mean, the reality is, you know, Microsoft as a platform has incredible capabilities to be exceptionally secure, but like most Microsoft products, they default to the ones that make it easiest to migrate to, easiest to use, to eliminate, kind of, support calls or challenges, not the most secure or the properly secured environments. That setup is rarely done appropriately. And even with MSPs or MSSPs that we’ve been working with over the past several months as we’ve been launching this platform, the vast majority are actually getting abysmal result, and of the end users that we’re working on, it’s actually even worse than that. If you layer on top of that, for example, the latest SolarWinds breach or what’s going on right now with Hafnium is, people may have set it up properly to begin with. But the challenge is, even though you set it up properly, if, like in the example of SolarWinds, a bad actor gets elevated credentials, they use those credentials to swim upstream and change your configuration to allow them to inflict damage. So it’s one of those things where a lot of the compromises that we’re seeing right now is an organization gets a compromise but they’re not inflicting damage on the asset they compromise. Rather, they’re using the credentials to swim upstream and manipulate and cause damage in the cloud environment. So that’s really why set it and forget it is not the right answer. You need to not only set it, but set it and check it. And then after you check it, you need to monitor it or repeatedly check it on a very frequent basis to ensure that you’re not getting configuration drift. In an ideal world, you’re actually doing real-time monitoring of it. So if a bad actor does get into your network, and does get access to your cloud configuration, that we will alert on that, immediately when they change, maybe out of domain forwarding, maybe a new admin was added without multi-factor. This gives us the ability to alert you, our Dark Rhino service to monitor this continuously and alert you in the event that someone made a change that made you less secure.

– Yep. And that’s what you were seeing, like you said, what we were seeing with, the SolarWinds investigations and looking at that is, the bad actors were using the ability to reconfigure the server settings, or as far as the, the allowances are for out of domain forwarding. So they could basically put themselves in the middle of all email communications. And that’s kind of the next part, so if you want to walk us through this, Chris.

– Yeah, so if you look at that anatomy of attack and kinda, how organizations get massively impacted by compromises. You know, the first part of attack is the bad actors use very sophisticated methods to phish. You know, you’re not getting an email from some random prince in Nigeria anymore. Now you’re actually getting an email from your boss or from a friend, or they’re looking at your Facebook page or connecting through you some way. So you get, you’re getting a picture or something from someone you know, often about something you did. So that spear phishing is incredibly targeted and they’re getting really, really good at it. So it’s not some random thing. Rather, you’re now getting an advanced attack, which someone sends you a file that looks like it’s from a friend of yours saying, “Hey, this is another picture about what we did last weekend,” that they’ve derived from your Facebook page, or your Twitter feed, or your Instagram posts. So you have no reason to kind of doubt that, hey, I’m going to open this. Go on to the next slide. Then you go ahead and open it, now you’re on the hook, now what they’ll often do is deploy a password logger, or they’ll do something behind the scenes to scrape your credentials. They’ll get into your environment that will now breach your account. Now, they have access to your credentials. Now, they’re incredibly dangerous, unless you’re, have the ability to track that and monitor that in Dark Rhino, we’ll talk about their other services that they do with OKTA a little bit, but unless you have sophisticated ways to track the identity, now you have somebody else logging in from somewhere else that can do significant damage. Go on to the next slide. And from there, now that they have this authentication, they have the keys to the kingdom. And once they have the keys, just think of what an administrator of your Microsoft 365 environment has the power of. You know, a very scary way to think about it is, administrators have the ability to backup and restore. Guess what? A backup is effectively copying all your confidential information to another location and then they can now access that and do real damage to your overall company or to really whatever they want to do. And through that, they can also deploy other things into your environment, they can put out GPO objects, or other things to deploy software in your environment, that now looks like it’s coming from you, and what they’re really doing is potentially deploying ransomware throughout your environment. And then they hit detonate and now all of a sudden, not one machine goes dead, but your entire organization all of a sudden gets encrypted. And you’re basically out of business, unless you either pay the ransom, or if you’re lucky to have a really good backup strategy. Go ahead and move forward with the slide. So that’s the key, is, you know, when you look at the overall kill chain, the sooner you can actually detect and stop the compromise, the better. I think that the phishing and spear phishing is getting so sophisticated, that stopping that is going to be incredibly difficult, because, stop posting on Facebook, stop posting on Instagram, stop doing Twitter, yeah, like that’s gonna happen, even though personally, I never do that. From there, you know, they acquire, they get your credentials. The best thing you can possibly do is intercept them before they can do that. And that’s really what monitoring your environment is all about. Having your credentials isn’t bad until they do something with it. As they attempt to manipulate things, intercepting that kill chain at that point in time is the most effective way to stop that exfiltration of data. You know, if you’re in a healthcare world, that’s incredibly expensive. The HIPAA violation and penalties start kicking in, and now you’re up for a huge fine if you released medical information. If you’re in school districts and you’ve released information on kids, the fines are enormous. So it’s all about stopping the attack before they can actually inflict damage or compromise your information.

– That’s right. And that’s one of the things that, as you’ve mentioned, we try to have something to address the major attack vectors. This is taken from the Verizon report. So you can go and look this up, but as you can see on the left and I apologize, ’cause I tried to get, the grayscale version of this was the only one I could snag a copy of, but on the left, you can see in 2015, where these, these avenues of breach started and you can see on the right, where they’ve ended up in 2020 as far as the prevalence is concerned. And you can see at the top, the number one thing as Chris had mentioned is phishing. So that’s becoming the gateway drug, if you will, to a data breach is phishing. And the next thing is the stolen credentials that Chris also mentioned, again, neither of these things in and of themselves is really that bad. It’s what the actor is going to do with it in your environment. And one of the things that they often can do is they can reconfigure settings on different systems. So one of the things is, because it is so central to that data, exfiltration is the Microsoft 365 server. And those settings allowing things like out of domain forwarding, which I keep bringing up because it was what was seen in the recent incident response that was tied to SolarWinds was out of domain forwarding was used to exfiltrate information. So it wasn’t, it was bad that they had the SolarWinds compromise happen, within the organization. It was bad that obviously they got access to this Microsoft server to make these changes, but no one was monitor, the real pin holding everything together is, no one was monitoring those configurations for change. And they hadn’t really been set up properly to begin with. So that’s where the service that we offer comes into play. And the other thing is, when you look at the pricing for this, and I’ll turn this over to Chris, ’cause this is really your domain. But when you look at the pricing of what you paid for, with the available Microsoft 365 tools that would help you maintain control over this versus what you actually get from them, it’s kind of, it doesn’t really hold up, right, Chris?

– Yeah, I mean, you know, Microsoft is unquestionably the dominant provider of productivity tools and Microsoft is also the absolute master of bundling a bunch of stuff together and forcing you to buy these big packages. The reality is, most people or most organizations, their employees need email, Word, PowerPoint. Maybe, in some, if you’re in finance or whatever, you use Excel. They don’t necessarily need or want all the other stuff that Microsoft packages together. But you know, you want secure email, you want Word, you want PowerPoint. You know, basically you want, that enables you to go, “Hey, I can go with 365 Business Standard.” Oh, wait, you want security? You have to jump up and pay $7.50 a user more per month just to have the ability to see if you are compliant to get access to their security center at all. Even with that, it doesn’t do the real-time monitoring. If you go forward one slide to the enterprise pricing, you actually have to leap up from that E3 at $32.00 if you want their full security scoring, their security product, one, they’re going to make you use Teams and a bunch of other stuff and Voice and stuff in order to get there. But you’re going to jump from in that $12.50 a month up to $57.00 a month per user, in order to get that advanced capability. What Infocyte’s mission, working with Dark Rhino, is how can we provide you with that ability, not only to look at your environment, look at the controls and see if you are set up properly by comparing that CIS or the Center for Internet Security benchmark, but on top of that, we have the ability to make it easy enough to do it every day. And that will turn into that real-time monitoring. So it’s really InfoCyte partnering with Dark Rhino that gives you the same security capabilities that you might get in E3 or E5 at a significantly reduced price point, in a much easier-to-consume form. You know, Tyler alluded to the fact that Microsoft’s not known for that kind of ease of use of this. I looked at our own, kinda, how many security alerts and we were getting dozens of alerts every day because Microsoft decided to say, it’s a critical alert, that’s some feature change. So you’ve got this real numbness caused by having so many alerts that people start ignoring them. You know, it’s kinda like when I was in college I just ignored car alarms because I lived by a parking lot and they were going off all the time. So, you know what? I never cared anymore, I didn’t even look to see which car it was, you know? So it’s kind of that numbness, that alert fatigue that’s really what Dark Rhino’s job and what their service are going to deliver, is not only verify how compliant you are, how you’re set up, but enabling you to have advanced capabilities without having to make that leap from $12.00 a month to $57.00 a month.

– Right, that’s right. And it’s much more focused. Like Chris mentioned, it’s the clutter that comes with that $57 per user per month with Microsoft, you get just a ton of extra stuff that you just don’t need. What we can do is allow you to focus very, very directly. And then the other thing you can do is you can also use CIS as a, they have a full benchmark, so if you have the time, you could do this on your own, but what we have isn’t, as a process, it’s extremely affordable and it’s pretty much automated, so you don’t have to worry about anything, other than when you get an alert from it, you know that it’s worth looking at, because something has changed. Just really quick, what it does at a very high level, it inspects your Microsoft 365 environment. Then what we can do is give you the benchmark score, which is going to layout the findings that we’ve discovered and give you a score of where they fall next to best practices. Then, the way that it works is you go and fix those things or we can help you fix those things. And then we can go back and take another look and see where you fall. And the other part of that is above and beyond is, we can continue to monitor and alert you as things change so that you can respond when it’s not an expected change. So Chris, anything to add?

– Yeah, one thing I will call out is, one, you know, highly recommend you do this assessment with Dark Rhino. Second bit of advice is don’t freak out if you get an “F”. So far, we’ve done this on, you know, dozens and dozens and dozens of environments, soon to be a hundred, and so far, one has actually got a “B”. No one’s gotten an “A” yet. So almost everyone is failing miserably, but the beauty is even though they’re failing, Dark Rhino can put you on a path to correct it, so you at least know it. And then from there, you kind of get to a security baseline. Once you’re at that baseline, monitoring it to make sure that a bad actor doesn’t change it is absolutely critical. But I think going through this assessment, the ostrich approach is not the right answer. You know, it’s kind of like going to a physical, you really hate going, but you feel great after you have it. Getting that check of your environment that’s totally non-impactful to your organization, auditors aren’t going to come into your environment, it’s all done remotely and Dark Rhino has really turned this into a seamless process, so you know exactly where you stand as compared to the standard on where you should be, and you can get on a path to correct your environment.

– Yeah, and one of the things is that I really cannot overstate the simplicity of the process. It takes something that honestly, when I looked at what was required for us to do this manually, by comparison, it’s the difference between transplant surgery and trimming your fingernails. I mean, it’s like, I don’t know, maybe that’s a bad example, but that’s all I got right now for you. But I mean, it really was the complexity of like where to look in Microsoft for all this stuff and what it’s supposed to be set to and everything just, it’s a lot of stuff to juggle, especially if you don’t have that comprehensive security level of service from Microsoft that lets you get the automated score. So this is just an example of the controls, some of the controls that we look at and again, the simplicity of how we can get this done versus how it’s done manually, like you can absolutely do it manually, but I would invite everybody to reach out and just give it a shot. You know, it’s, honestly, it’s very, very simple. And, and one of the other things, Chris, you can probably elaborate more is, this is where this is at right now. There are continuing improvements to what we can do from the reporting side and alerting side that are in the pipeline. Chris, anything to add?

– Yeah, so right now we kinda do checks on the most critical kind of security settings. Over the next weeks and months, this is a couple of months, this is gonna turn into over a hundred controls that we’re going to validate against and actually look that are going to be stack ranked and prioritized based on the damage they can employ, if someone was to manipulate one or change one. And the other huge part of the value that Dark Rhino provides is, knowing you pass failed is interesting, knowing you pass failed on a control-by-control basis is super important. In other words, that kind of consultative value that Tyler, Manoj, and Kevin and the team can provide you is just absolutely critical, because getting an “F” is one thing, getting an “F” with a path to get an “A”, that’s rapid, is something entirely different. And that’s really where the value of Dark Rhino over time can provide, is that consultative value to help you prioritize which ones come first and actually gets you on a path to being healthy. And then once you’re healthy, maintaining that health over time is really what it’s all about.

– Yep, yep.

– With that– Do we want to see if there’s any questions?

– Yeah.

– [Manoj] We do have several questions here.

– Okay.

– [Manoj] One question comes is, is this technology that you are presenting using Tenable under the hood?

– No, it is not. This is developed by Infocyte. We’re aware of kind of what Tenable does, and Tenable’s a very interesting kind of technology. It’s radically more complex than what Infocyte and how we do it. We actually stood up an application, a SAS application in Azure. So we’re cloud in the cloud. We do our inspection from the Infocyte Azure app to the Microsoft security control center. And it’s a Infocyte proprietary application that we’ve developed over the last year.

– [Manoj] All audience members, you’ve been unmuted. So you can, if you unmute yourself, you can feel free to ask questions as well. But while we’re waiting for that, there’s a couple others that came through the chat. One is, if you have MFA, are you not covered for configuration changes to Microsoft 365? Inadvertent–

– If you–

– [Manoj] I believe that’s the question.

– So in most cases, the answer is yes. One of the problems are, is service accounts rarely have MFA enabled, because it’s a service account. So there’s no way that you, to enable MFA. And if you take the SolarWinds example, that’s what they had the ability to do, They actually got elevated credentials to the point that they could actually create new admin that didn’t have MFA enabled but they had full administrative access. So MFA is absolutely one of the first things that you should do, but it still doesn’t protect you. If somebody compromises an account, uses that compromise to create another administrator, and then does damage. In the SolarWinds example, they, that got taken, that was so bad because it was actually taken a step further because there was no user account associated with a valid access token. So through SolarWinds’ hack, they could get what was called a SAML token, that SAML token had full administrative access but had no associated user account. So there was none of the checks against MFA or that actually kicked off. That’s why it laid dormant, well not dormant, that’s why they were inflicting damage from March until December. And even the government, even CISA, even major players had no idea, hey, Microsoft themselves lost source code through that compromise. Now, if they had real-time monitoring of their configuration set up, it would have thrown off an alert. Had someone changed any of their settings that lowered their configuration settings? It would have actually alerted you that someone is out there doing something bad. But MFA is definitely the first best step to securing your environment.

– [Manoj] Next, we have a two-part question, gentlemen. It is, what is out of domain forwarding and why don’t firewalls block it or will firewalls and DLP block it?

– So firewalls won’t block it because it’s legit. So out of domain forwarding is let’s say, you send me an email and I have it set up that all the emails you send to me, I forward to bob@yahoo.com. So out of domain forwarding is where I actually have an auto-forwarding rule set up on my mailbox. That mail coming to me gets forwarded to somewhere else as well. And that one’s so important because some of the biggest kinda financial impact hacks are done through out of domain forwarding because what they do is they set up a forwarding rule on the CFO’s accounts. Email comes into the CFO that’s an invoice, it’s forwarded somewhere else, that person changes their routing number, sends it from the CFO to that same end-user with a different routing number. And now people are paying their bills, but they’re depositing the money in the wrong account. That’s why that one is so critical. And one of the most common ways that money is actually stolen in financial transactions is by intercepting emails to the CFO, manipulating that email by changing the routing number, you’re paying your bill, and the first time the company knows that they have a serious problem is when they start calling their customers saying, hey, why didn’t you pay your bill? And they’re like, I did pay the bill.

– Yeah.

– Right here. I paid the bill. Oh, that’s not my routing number. Oh, crap.

– Yep, yep. And we’ve actually seen that before, in a couple of cases where that was exactly what happened. Being able to intercept that, that intercept and step into that, that communication chain. So even if you had DLP in place, it would only catch things that it’s set up to catch. So, like a financial transaction, not so much. If you have DLP properly in place, to do inline inspection from your email server, out to whoever it’s being sent to, then it should catch things like, if you have a rule to catch things, like HIPAA data, for example, then it ought to catch that. But still, I mean, you’d have to have a rule, and they would have to trigger that rule in order for you to catch it. It may be an adequate control, but that’s one of those things where it really depends. I mean, if they’re sending an encrypted attachment and you don’t have anything to deal with encrypted attachments, let’s say or no way to catch obfuscated data, then DLP would not, would not probably catch what you’re trying to stop from leaving in this instance.

– [Manoj] Okay. So, we got a couple more here.

– Oh boy.

– [Manoj] So another question comes up is that, as a small business, do we really have the risk?

– So that’s a good question.

– I would argue. I would argue yes, and I would actually argue that you’re actually at greater risk because of, you know, as a small business, clearly, you have to prioritize spending every dollar you spend. That’s your lifeblood when you’re a small business. And through that, the bad actors have figured it out that it is much easier to get, you know, $10,000 or $100,000 or $5,000 from 500 small businesses that don’t have security teams, that don’t have threat researchers and people watching this every day, they tend to be an easier target. Now, whether your environment is or not, I don’t know, but you’re still absolutely at risk. For the, take the Hafnium breach that just happened. Unlike SolarWinds, which was a very bad breach, but the Russians only targeted, you know, a few dozen to a few hundred of, potential of around 30,000, for this recent Hafnium breach, they’re estimating that 35,000 of the companies were actually actively compromised via that. You know, because they basically, literally threw thousands of bad actors against compromising everybody with the vulnerability. Now thinking through what your data is, if you’re a small business, whether you’re five employees or a hundred employees, that’s where the cost of doing this with Dark Rhino, isn’t what you think it would be. I’ll let Tyler and Manoj talk to you about it, but it is not something that is gonna break your bank in any way at all.

– Yeah, it’s a, it’s very, very affordable, even at scale. I should say, not even at scale. At either end of the scale, so large enterprise, small enterprise, small business, medium-sized business, this is a service that everyone can afford. ‘Cause again, it’s very simple for us to automate the process, which keeps our costs low, which allows us to pass that onto you. And it is something that is really important, which earlier on, I had put out the word on LinkedIn to see who would be willing to do it for free, even. And I know that we’re still offering that initial assessment for free. But to add some color to what Chris said, the two most recent cases that we’ve seen where this has played a role have been smaller companies, a company size where they have a couple of IT people handling everything from security to operations to infrastructure. And these were transactions. The transactions that were impacted were right around $250,000, I think was the average. And what the attackers did is they got, they phished somebody, they got ahold of credentials. They made some changes, forwarded emails from that user’s inbox out of the domain. And they were able to then inject themselves into the conversation and they got those routing numbers changed and money changed hands, and at the end of the day, if they were a much smaller business it may have been completely ruinous for them. It was about 200, like I said, $250,000 transaction that was a complete loss. Hope that answers the question.

– [Manoj] So the last one that I have here, is, this is interesting, with the Microsoft conversation. The question is, is the G Suite environment more secure?

– They’re both equally capable. They have almost all the same security controls. We focus on Microsoft, initially, at some point in time, we’ll probably go into G Suite, but within G Suite, if someone compromises your administrator credentials, they can do all the same damage in G Suite and no one’s there to stop them. So I would say, both are equally complex if set up properly. Both, when they are set up properly, can be extraordinarily secure, but they still have the same vulnerabilities that if someone’s account gets phished or a vulnerability enables elevated credentials to injure the environment, it really doesn’t matter what you have, unless you’re actually monitoring the controls to actually detect it. Because it’s a legit, in the eyes of computer land, it’s a legit person doing a legit activity that could happen, that’s not a protected activity. Therefore, SIM tools or the kinda AI logging tools wouldn’t know because it’s a legit activity. It’s just being used for bad purposes. And that’s what I love working with Dark Rhino on, is they take super sophisticated tools that are often only available to the massive kinda Fortune 100 or Fortune 500. And they enable those tools to be leveraged at both ends whether you’re 50 people or 10,000-person organization, they empower you to have as powerful tools as, a Citibank or a large institution would have. And that’s really the value that is being provided.

– Yeah, and that’s why one of the things that we really shifted focus on was phishing, dealing with phishing effectively. And we tested a few different vendors and settled on a service and then built out a service around it that allows you to leverage a tool, to deal with phishing effectively. And then couple that with our identity and access management managed service that we have, that allows you to deal with ensuring that everybody has a proper identity, managed identity, multifactor authentication, then tying that into a SIM that you can actually afford that we offer as a service for monitoring. And then with Infocyte, we offer I𝜋&r, where we monitor the end points for a compromise. So we’re looking at detecting compromise, not preventing it. And then this kind of rounds out the offering where we’re working with Infocyte to provide this to people. So we can monitor those settings that would allow people to do bad things that look like trusted things. Does that, was that, did we get, did we get it, Manoj?

– [Manoj] I think you got it. So, audience again, if, those were the questions that came to us through the chat, if you have any questions that you would like to ask, just unmute yourself and feel free to ask.

– And while we’re waiting for that–

– [Manoj] Might be a couple of seconds, see if there’s any more questions.

– Okay, okay. And I just want to take a second to say thanks to everyone and thank you, Chris, for joining me today and Manoj as well. And thanks to everybody that came to watch this presentation, we really appreciate you all taking the time to do that.

– Yeah, and, one, I appreciate you kinda giving me the opportunity to talk. Anyone on the call, highly recommend you give the Dark Rhino folks a call. I think it’s a spectacular offer that they’re gonna, you know, offer to do a free assessment on your environment. It is not impactful. I think the time, the value you’ll find is just extreme. And then from there, you can have that consultative conversation on, okay, how important is this to me? Do I really want to go through the work to do this? But at least you’re having that consultative conversation knowing exactly where you stand.

– Yep.

– [Manoj] I think we… Is there, Cesar, do you have a question? I’m sorry.

– [Cesar] Yes, good morning everyone.

– Hey.

– [Cesar] Yeah, the real question I had right now was, so after an initial assessment, you know, how often in your guys’ experience, would we as customers receive a health check or checkpoint that says, you know, this is where you are, three months ago, we did our first assessment, now at six months, is there a time that you guys typically recommend for these health checks?

– So usually it’s within, so when we do the first one, then we give you the results. We can help you make the corrections or you can make those on your own. And, usually we try and do that within a month. I know that it can be difficult to find time to address everything that may come up in the thing in a month. But, we try and have that opening assessment, then a period to remediate and then a closing assessment before we start what we would consider to be continuous monitoring, and that we can do as often as every day.

– [Cesar] Got it, okay, thank you.

– Yeah. Thanks for the question.

– Yeah, the platform is actually designed to be scheduled. Right now, we’ll run every day. And then within a few weeks, if anything changes or your kind of security posture declines, it’ll actually proactively alert you, so effectively, you’re having a full CIS benchmark run on your environment every single day.

– Yep. And that’s what I was talking about earlier when I said it’s looking at doing it manually versus doing it through us is it’s quite a difference in the amount of effort required.

– [Manoj] Other questions from the audience, if anyone would like to ask?

– Yeah, please feel free. Love to answer questions.

– [Manoj] Well, if there’s no more questions then, I think, we thank you gentlemen for joining us and thanks for doing this, Chris. Thanks, Tyler.

– Absolutely, thank you for having us.

– [Manoj] The audience, if you have questions, you have our emails just please send a note, and we’ll be happy to respond immediately.

– Thank you.

– Thank you Manoj and Tyler. Y’all have a great day.