In this podcast, you will learn how PC Matic's multi-patented allowlisting technology has solved the historical governance issues that have plagued traditional allowlisting products, for Federal agencies looking to fulfill the SWAM requirement within the Continuous Diagnostics & Mitigation program. In Carahsoft’s new podcast, Fulfilling SWAM Compliance in the CDM Program Through Application Allowlisting, Zack Austin, PC Matic's Vice President of Business Development will demonstrate the value their solution brings in regards to simplifying implementation and management of the default-deny method. We’ll also have Will Crenshaw - President CyberPrime, discussing CDM and the progress made across the Federal Government. SUBSCRIBE to get the latest tech tips & tricks from industry leaders! https://www.youtube.com/user/carahtechtv FOLLOW US ON TWITTER: https://twitter.com/Carahsoft CONNECT WITH US ON LINKEDIN: https://www.linkedin.com/company/carahsoft/ LIKE US ON FACEBOOK: https://www.facebook.com/carahsoft LISTEN TO US ON OUR CARAHCAST CHANNEL: https://www.carahsoft.com/carahcast READ THE LATEST TECH COMMUNITY TRENDS: https://www.carahsoft.com/community
Federal Resilience through Enhanced Governance: Next-Generation Software Access Controls for FISMA, Zero Trust, and CDM Integration
Corey Baumgartner 00:15
Welcome back to carrot cast the podcast from Carahsoft. The trusted government IT solutions provider subscribe to get the latest technology updates in the public sector. I'm Corey Baumgartner, your host from the Carahsoft production team. On behalf of PC Matic, we would like to welcome you to today's podcast focused around how PC Maddix multi patented allow listing technology has solved the historical governance issues that have plagued traditional allow listing products. For this webinar, Zack Austin, PC Maddix vice president of business development will demonstrate the value their solution brings in regard to simplifying implementation and management of the default deny method. We'll also have will Crenshaw president of cybercrime discussing CDM and the progress being made across the federal government.
Zack Austin 01:00
So again, thank you all for joining us on our presentation today of PC Mattox application allow listing solution. The way I like to go through these presentations is really to give you a real time demonstration of how we were able to solve the headaches and the continuous management of the traditional allow listing products that will bring ease of use, while of course being foundational to your security stack, and overall, enhancing all the security methods that you may have already existing within your ecosystem. At the end of this demonstration in this discussion, I do want to hand it off to Willie Crenshaw, who I brought on here to co host with me today. And the reason why is because I wanted to go ahead and discuss the continuous diagnostics and mitigation program by DHS. Willie was the LEAD program executive for governance, risk and compliance for NASA, as well as and as I mentioned, he's now the CEO of cybercrime LLC. Willie is one of the authors behind the CDM program where Software Asset Management is the foundation. He understands where this needs to go, and the problems that historically this method has come with. But where PC Matic is able to assist you in those requirements and those initiatives and achieving CDM in achieving Zero Trust and achieving, again, the foundation of your security stack. So without further ado, happy to go ahead and get started. So just a quick overview about the company. If you've heard a PC Matic you would know that we are 100% Made in America, we've been around for over 23 years. And this is something that has always remained true and in these times is extremely important, especially when it comes down to knowing where your software is coming from where the development is held. And so we are 100% Made in America exclusively operated and built by 100% American citizens PC Maddix application allow listening is proudly FedRAMP authorized at the moderate level. We are authorized at the moderate level with the SBA as our sponsor, this is again, a huge milestone for us we're very proud to have be able to say that we have achieved that. With PC Matic we were selected by the National Institute of Standards and Technology to join their National Cybersecurity Center of Excellence in regards to joining the NCC oh we we were selected out of the 1000s of vendors that applied we were one of 24 companies that were able to join for their Zero Trust architecture project. For this project, we're helping to author and build and demonstrate the blueprint of what Zero Trust architecture is to look like for the future. Within that architecture we are integrating with mainstream companies again like Microsoft Zscaler, VMware, Cisco trollocs, IBM Octo Palo Alto Networks, multiple mainstream vendors are the only application allow listing that is implemented and integrated within the NCC OE Zero Trust architecture were the foundation that begins that architecture, which we're very proud of. With our product, it is a layered security solution. Again, when you're trying to achieve Zero Trust when you're trying to achieve CDM compliance and implement some sort of Software Asset Management there is no one stop shop. That's just one product and it achieves all and so of course there's going to be multiple agents and multiple products that are implemented and that is exactly what PC Matic is. And we'll go a little bit more into detail further in this presentation. But we are a layered solution that layers on top of it with again, excuse me, layer solution that layers within all existing solutions, so it's not going to compete with any ADRs or SDRs. Any blacklist antivirus identity access it's going to complement the work have that. And that all comes back to the NIST cybersecurity framework, which I'll show in a moment. But it works and complements the work of others. So it's going to sit at the front, identifying and protecting your assets, while the rest of the other security solutions can detect, respond and then recover to really build this holistic ecosystem and complement the work of all the other vendors that are implemented. In order to do that, and actually layer into the security stack, you're going to need to be lightweight. And that's exactly what PC Matic is. So we're a lightweight agent that sits on the endpoint using minimal resources. Now, anybody can just say that, but we consistently win awards year after year for our application allow listing through AV test. And just this year for 2022, we received the Best Performance Award for our solution, as well as the best advanced protection Award, which we got a perfect score protecting against all different strains of ransomware. So again, another proud milestone for us. But again, it is a lightweight agent. So it's not going to bog your unit down slow down the endpoint, while being able to complement the work of all the other vendors that may be implemented. With our product, there are multiple ways for deployment. So if you're not a federal customer, if you're someone that is operating under state and local or sled K through 12, we do have our traditional cloud offering available. But for those that our within the federal environment, we do have our FedRAMP. Gov cloud offering as well as on premises for either of those environments, whether or sectors doesn't matter. So all those offerings are available to you. Available for all of those offerings, we we proudly protect Windows, Windows servers, your Mac and your Linux operating systems. So without further ado, we'll jump right in because I did mention at the beginning about the continuous diagnostics and mitigation program. And so this is something that was launched back in 2013. And it's almost like a prelude to what Zero Trust is, right. And it's so it's making sure that all assets are identified, protected, and then building onto that. So all your devices, all your applications, all of your users, all of the network connections, everything is being identified upfront, and then being able to protect that. With this program, it is mandatory for all civilian agencies to have all the technologies within this implemented. The beautiful thing about this really is because it is a mandatory objective that all civilian has to follow. DHS fully funds this for the first two years through the CDM program, which we'll talk about a little bit more. This is something of course Carahsoft. And PC medic can assist you with fulfilling your RFS to be able to apply for the CDM funding, because again, it's mandatory to have this you have to have it but the funding is there. And so we can help you reach that funding in helping to implement that. Now, the reason why I'm talking about this program is that the big red circle right there, it says asset management. And so under asset management that follows not just hardware Asset Management and identifying what devices you have connected, which ones can be accounted for, but also all of the software that has been implemented on each and every single device. And so Software Asset Management is not just taking your inventory, but also locking down what assets have access to what users which ones are legitimate, which assets are not legitimate, have they been authorized? Are they blacklisted? Or they whitelisted? Are they gray listed? And so application allow listing falls under the Software Asset Management requirement within within this program. And what we'll be talking about is that it's an application allow listing, yes, it's mandatory. But historically, it's been unmanageable, it is a huge frustrating and overhaul for the IT and agencies to implement and continuously manage that it has really remained unfulfilled. And that's the problem with the historically all of the other allow listing products that remain on the market. And they've and those that have made that problem or made the product have not solved that problem. And what we've found is that they moved over to different types of methods such as detecting and responding rather than solving this issue. Because we know the method works. It's just solving that management issue. And that's where PC Matic has solved that issue with the governance in regards to CDM PC Matic is on the CDM approved products list. So again, you can purchase PC Matic through the CDM program, receive that funding and then be able to fulfill your compliance of sufficing for the asset management portion of the CDM program. Talking about what do we solve and that's what I'll be demonstrating today comes down to three words, implementation, man management and the overall governance. What I mean by that is implementing such a highly restrictive security method, such as application allow listing, but really just the continuous management of any new software files and certificates and scripts and processes, because it's never ending, continuously managed managing that from day to day, again, is where the headache comes in, and where nobody has solved that issue. But PC Matic has a solution for that. And the overall governance across the network for local exceptions, that proprietary software that we will never see, especially on the federal side, the things that will never touch our servers that is only going to be held locally, whether it's on premise or on the GOV cloud. How fast is that policy going to take effect across the network? How many times do I have to make the policy? Who exactly is able to receive that enforcing access controls? And how wide and far can I deploy that policy? Those are the three issues that traditional analyst and continues to deliver. But this is where PC Matic solves those problems. I mentioned Zero Trust at the beginning of this. And the reason why I brought it up is because again, CDM was kind of the prelude to that. And it really does tie back into identifying first, right, so Zero Trust is all about identifying users, and devices and applications. And that's really where the foundation of CDM is. And so I brought this up because we're seeing a lot more of the word Zero Trust come up, but they do tie in together. And I'd wanted to give you all a visual of what we're looking like in the enhanced Identity Governance, Zero Trust architecture, within the NIST NCC OE project. So again, here you can see we're integrating with tenable forescout, Microsoft lookout, but you see at the front, we are providing the endpoints suite, which is what we'll be demonstrating today, being able to identify the applications and software and then communicate throughout the rest of the analytical tools to identify the users. But this is where the Software Asset Management starts right at the endpoint at the forefront before any of the other tools can get started. So application allow listening, if you're not familiar with the method, it is a form of endpoint protection that only allows authorized software files and certificates to execute. So meaning if anything has not been authorized, if it's unknown, if it's an update, that's never been seen before, it's instantly denied. So default deny, that is the definition of what Zero Trust is, trust nothing and verify everything. So you're saying no, upfront, yes, later, rather than blacklist or detecting and responding where you're looking at behaviors, but you're still allowing unknowns to execute, and then trying to detect and respond to it afterwards. So this is a completely different, like a paradigm shift compared to detect they were responding, you should use both. But again, it's where you put it. And so application allow listing comes before detecting and responding, because you want to know what's going to be allowed and only authorized what you know, here in this architecture for Zero Trust, were the again, the only allow listing that's implemented within this architecture, which we're very, very proud of a lot of these products and all these vendors, they do make the traditional allow listing solution, Microsoft Trilux, VMware as well, what we'll be talking about, but there are differentiators with us. And we're the only ones implemented. So talking about the NIST cybersecurity framework, and where we would be sitting within an existing ecosystem. As I said, it's at the forefront, right. So when I look at the NIST cybersecurity framework, you should be using all, you know, five tiers, there's not one product that is or method that is better than the other. But it really does start at the foundation and evenness says here that the activities and the founder and the identify function are foundational for full effective use of this framework. Meaning it doesn't matter if you're using detect, respond or protect, you have to start at the foundation. It's like building a house, you have to start here and build a really solid foundation. Because if you don't have a solid foundation, and you build your house and your roof and you have this huge house and it's nice, because you don't have something that's going to hold it down and actually keep it together. When a cyberattack comes through a nation state attack, if it's strong enough, again, it's going to wipe that house out. And so starting at the foundation with asset management, in order to protect everything, you have to know what you're protecting. So you identify First, identify what you have implemented, what's authorized, and then lock it down. And that's as simple as it gets. So that way there's less volume reaching, detect and respond, especially in the in the scenario of a zero day attack a nation state attack again, less to rely on detecting and responding and that's why it's so important to start at the foundation. And that's exactly what PC Matic is. The reason why we tie in to Asset Management we'll talk about in a moment, but traditionally allow listings going to sit at protected detect. And so we've moved it over to asset management, because of our ties in with software inventory, and then being able to lock down those said assets. What makes PC Matic different, if you're familiar with the method, you know, this, this method has been around for so long. So I like to put it into simplest terms is that there's a couple of differentiators in regards to the implementation management and governance. Implementing traditionally, with the, with the traditional application allow listing products, you're having to build your list from scratch, or rely on a learning mode to implement and onboard all of your policies, right from there. But also, every time a piece of software is updating the user or the admin, the admin have to add the policies, the admin has to verify everything that's getting out of the admin has to deliver all those policies. And it's nonstop, right, because software is updating, you know, 24/7 365. And so trying to have your team be able to manage all the continuous updates to software and making sure they're exactly what they are, while trying to do everything throughout your workday is where the frustration and the stress fullness of the governance comes in. And that's where PC Matic really excels. And we'll be talking about that in a second. But we have an integrated global list of over 22 billion verified pieces of software, files, processes, digital certificates, and scripts. So it's integrated into the product. So it's out of the box, plug and play ready to go. Meaning when you deploy it, you're not getting hammered with, you know, good files being blocked, because the authorized software, your authorized assets are already on that integrated list. So you don't have to spend your time adding the policies just to get the product running. The other portion of this is that all the traditional allow listing when you're making the local policies, it's just taking too much time to be delivered. You know, it's again, if you're having to make the policies and it's nonstop, and you're trying to get endpoints and workspaces authorized, so that they can continue their work days. And it's taking hours for it to reach every single endpoint and server. I mean, it really becomes this, you know, stressful environment, because it's just never ending and it catches up to you really fast. And so you're less likely to run into that issue because of that global list. But also with PC medics allow listing, when you're making policies, you're able to deliver the policy across the network to multiple options. And I'll show you in a second, the devices, whether it's individual devices, entire departments and groups, or with our multi tenant console, a single agency or you know, maybe if it was a school district, you can deploy to multiple schools, all within two clicks. And it's instant. And so we have a patent on the technology that we are able to handle to make that happen. So it's instant across the network, and you're less likely to run into this issue. We do have a built in inventory scanner to preload the local list, and I'll be able to show you also through our integration, how we've made that possible. And then at the end, of course, comes down to supply chain risk and understanding where your products are coming from where they're made, who is behind this, with all the other vendors, of course being so mainstream, so large, they do they are outsourcing development to other countries, where PC Matic is exclusively exclusively made in America by American citizens talking about that integrated global list. So we've spent well over a decade building this list of all the authorized software. So that way, again, you're not having to build this list from scratch, where to get this product running, so less likely to run into good files being blocked. That way you can continue and focus only on local policies to proprietary software, we're never going to see. So any legitimate software you can purchase or download is already on this. Now, if you want to make a much more restrictive, allow this, by all means you'll be able to see what is being allowed what is in the environment, and then make again blacklist or deny list policies right off of that. So you don't have to solely use this Global list and everything's being allowed, you can make it much stricter, by simply doing the opposite of restricting what we're saying is good. That's all built into the console as well. So the way we build this Global list that's integrated is through our USA based malware research team. Now we have millions upon millions of customers since we've been around for over 23 years. We are continuously building this list for you. So all of these definitions, all the billions that we provide, you continue to be built and then delivered to you with each new version for the Fed. Each new version that comes out with the traditional cloud offering where again, it's not going through gov cloud or on premise that is automatic that malware research team is able to add it to that global list. And then it's instantly updated. And they're able to run that said software. But regardless, you have the assistance, that team that's helping you to continue building this list. So that way you're taking the weight off of you and your team, you don't have to rely on yourselves to continuously manage and figure out what software is legitimate. If there's a flaw, if there's a vulnerability, we on the back end are assisting you with those definitions. So to give you all a quick demonstration, I'm going to log in to my portal here. And so this is the multi tenant console, I'll be this is again, this is the federal one. So I don't have much on here. But I'll be able to show you my traditional one, which I've built out. So it's much larger. But regardless, EAC, there's multi tenancy, you can manage multiple departments, multiple agencies all under a single pane of glass, which is, which is very nice. But the main thing I want to show you is that I have this installed on my computer, we're using this on my endpoint, and I only have three things allowed. Okay, so these policies are taking effect. Now, with only three things allowed, if I was using the traditional allow listing product, everything would be getting denied, because I have to specifically add every single thing under the sun to make sure this you know that nothing is getting denied, so I can do what I need to do. So obviously, that takes a lot of time and management resources. But with PC Matic that's not the case, because we have that integrated global list already implemented. But we have here, notepad plus plus, which is a legitimate program. It's not on here, it's not you know, anything like Adobe, or Google or Microsoft that you would think is already going to be authorized. So traditional analysis was going to deny because I have to make the policy. But as you see, that's not the case, because it's a legitimate piece of software that's already on this integrated global list. So there's 22 billion plus more of this, obviously, we see the installers allowed to run. And that's great. But you really want to know if the software is going to be allowed to run. And of course it is, again, it's a legitimate piece of software with no security flaws, it's ready to go. And then it's already in that list. So you don't have to spend your time adding to the list. Now, of course, that's not to say you're never going to see a good file be blocked, and especially on the federal side, where you're running into your proprietary software. And this really comes down to the local governance. And this to me is where we really push forward and, and lead by example. Because when you're delivering the policies with traditional listing, as I mentioned, it's taking too much time, right? So hours days, and sometimes weeks, I've heard horror stories, where each endpoint is server, you're running it through, you know, 1000s upon 1000s, of getting this policies out, and it's just not taking, you know, it's not hitting every single one and taking effect. And it again accumulates and floods. And then again, what are you going to do now you're dealing with a whole other it headache while trying to do all the rest of your work. And so with PC Matic when you're delivering a policy, it's very easy to do, right? Like I said, you don't have it's, you're less likely to run into this. But it's very easy to implement. And so what I mean by that is, you'll be able to see the notification appear under the console, whether it's also under a sim integration, which we'll talk to later. But also you can have the notification sent to your emails and your or your BYOD. Regardless, you're notified, and then you're able to come into the console, and then make that policy, making the policy, you're able to see the options to deliver that policy to entire departments or groups, whether it's an entire new set of servers, the IT department, leadership, you name it, the entire agency or multiple agencies within two clicks. So it's very easy to implement and get this policy out extremely fast. But the key thing that I want to show you is that it takes immediate effect across the network. Regardless if it's cloud, or it's on premise, this is the patented, patented technology that PC Matic has, where we're able to deliver that policy instantly across the network. So that way, the end user experience is enhanced, as well as relieving you of all the stress and operational costs that it would take to manage such a restrictive method. So to give you an example, I'm going to go ahead and create a brand new executable. That way I have something new to run, right. And so I've made this new executable. It has a new hash and new ID and the ID is not on my local list and it's not on the global definitions. So it's going to get denied instantly. My notifications are muted, but the access is denied. So I get notified says Hey, PC Matic has stopped something. It's unauthorized. Now, if I didn't know what this is, we can just leave it and then go ahead and further analyze it. It's not relying on detect and respond because I've stopped At the front, right, it's default deny your assets are under lock. So we don't know what this asset is. It's unauthorized, and it stops. But in this case, this is a good piece of software. And so I need it to run right now. And so we can come into our console. And I'm going to go into my notifications, where I can see this has already appeared, I could see what endpoint spawned it, what department the endpoints associated with, and what agency, the endpoints associated with, I have a lot of the metadata here to be able to analyze and figure out exactly what this is. But again, I made this file, I know exactly what it is. So right from here, if I know exactly what it is, I don't need to do further analysis to figure out what it is I can make the policy. And so who needs to run it, just this user, that department, the users associated with, or that agency, or every agency or location that I'm managing. And so of course, I'm gonna say just this agency. And so move this out of the way. And we're gonna prompt you saying, Hey, are you sure you want to do that? I want to say yes, absolutely, because I know what it is. And so it doesn't matter if it's one endpoint 10 endpoints 100,000 endpoints, the policy is delivered to every single agent that falls underneath that grouping that I've, I've deployed it to, we come back to where the file was blocked before, try to run it, and it's instantly allowed to run. So there's no lag and no delay, less likely to run into this issue because of that global list. But for all the proprietary software that we haven't seen, see how easy it is to add the policies, and it's instant across the network. Now this also goes towards scripting, right. So there's a couple different ways for handling the scripting portion. And we hear a lot of times from application allow listing versus application control. And application control is a blacklist method because you're setting restrictions on good applications of what they can't do. It's not a true default deny, because it requires admin to implement restrictions on something, if it's maybe in the scenario, again, of a nation state attack and insider threat. And they find out which applications don't have that restriction, they can go ahead and target those, exploit them and then be able to run set attacks. This is where a default, and AI really does come into play. And that's exactly what we provide, meaning we know what applications need to be running what scripts what they say what they're calling out to. So it doesn't matter if Google Chrome, you know, is trying to run this set unknown PowerShell, because it has not been authorized in that set of global definitions or your local allowed list, it's going to be denied. You don't need to put restrictions on on the application. In order to do that. When you deploy PC Matic, it's automatically enabled, which obviously helps in the you know, the assistance of zero days, which again, is another topic that continues to be brought up. So it's so important, and putting a default tonight at the forefront. So you're not looking for behaviors, or continuous movement, you know that if it's unauthorized, it's instantly denied. And so it's not going to be able to move further within the network, it stops there. And you can go ahead and focus on the remediation of, you know, that non executed process or file. And so we built this global scripting allow list again, to give users that true Zero Trust, I'm not trusting anything that default deny that's been traditionally used for applications. And we brought that to the scripting realm. And so to give you an idea of here, I'm going to go over to my blacklist environment. Now here, I do have Windows Defender for endpoint installed. That's again, nothing wrong with that. But it is an EDR XDR blacklist method where it detects and responds after an unknown is allowed to execute, doesn't matter where it comes from. But again, this unknown script was allowed to execute. And now they're going to rely on all the other methods to try and detect respond to it afterwards. Again, by the time you've reached that the ransomware is moving so fast within the network, it's not guaranteed you can get in front of it and stop it. And so the point is, you want to be able to stop it. before it even happens. You don't want to try to stop it after it's already executed. So only authorized what you know is the way forward, come back to my whitelist environment. bottom right hand corner, this little green shield, that's our super shield. So that's the agent that sits on the endpoint script is here in the real world. Again, it could be an office macro could be an email phishing campaign. It doesn't matter how this PowerShell script is generated. If it was a batch file, whatever it is, that scripting command is unknown. It's never been seen before. So it doesn't matter how it tries to execute Pac Man is going to stop it instantly. Again, my note zoom likes to mute my notifications. So a notification would appear as well as of course, here, we're saying, hey, it's going to be denied. And if I come into my notifications on security, it would be appearing here as well, in times of teams that are constantly developing new files and developing new scripts, I get the question of does that mean that my team has to, you know, be having this all their scripts authorized and then having to, you know, get it blocked first? And the answer is no. And the way to enforce that is through digital certificate allowed listing. This is another technology that we have multiple patents on. And so we include digital certificate allow listing both on global definitions, as well as your local levels, which makes it even less likely you'll face constant good files being blocked, that you would have been swamped with with the other security solutions, right? why I'm bringing this up is that with the digital certificates, if you have a team of developers that are constantly writing new scripts, and they're writing new files, instead of authorizing every single process that they're trying to run, you can specifically deploy a policy of a certificate that they own, or that you've given them to their environment only. And so in order for them to run the files, or their or their scripts, they have to sign their code. And so as long as that code is signed under that certificate, and you deployed it out to that endpoint, specifically, that file in process will only be able to execute in that environment, and you won't get the constant notifications of them trying to run their own software, when it is legitimate. And then making the policies, you put the digital certificate policy out only to that user, they're only allowed to run their signed files and processes in that environment. So that if it tries, if it goes outside the network, it goes to the next computer, or the endpoint or server or what have you. If it's even if it's still signed, because that certificate policy is not implemented on the other endpoints, it's now denied. And now you've seen, okay, it's gone outside the endpoint, and you can go in, you're protected, because it was denied. But now you can figure out how it got outside. So you have visibility as to where it happened when it happened, to figure out how it happened. So in it allows you to enforce access controls to who can run what, while making your life a lot easier by streamlining the authorization management, give you a quick demonstration of this, I'm going to go ahead and create another good file. And so for this part, we'll say I'm a developer, I make the new file, of course, the new file has a brand new hash, the hash isn't on the local list or the Global list. So of course, I try to run it and it's going to get instantly denied. Now, let's say admin has already deployed a policy for certificate in my environment, I just need to sign it. And of course, just to show you on the admin side, we'll can come into my local list. And we can add the certificates here, put our serial number, the issuer ID and give it a name, you know, who's the developer name, this is their certificate, and then select the level of where we want this policy to take effect. So is it you know, all the agencies I'm managing? Is it a specific agency? Is it a department in the agency, is it a user within the agency, we select the policy, select the platform, and then we click save, and it's deployed instantly. That's just how it is for all of the local allow listing. So whoever is to receive that policy instantly has it. So I've already deployed this policy as Tessar, I've deployed this policy to every account that I am managing. So now we can come back to where that file was bought before. And I'm going to go ahead and sign it with that allowed certificate certificate is now associated with that file. And because the certificate is on the allow list, not the file, it's going to be allowed to run instantly. So again, less likely to run into good files being blocked. Also enforcing who's allowed to run what software, this is also things that can be uploaded directly. So if you have a report of hashes and certificates that need to be imported, we can go ahead and give you the CSV to go ahead and transfer all that information over and then upload that directly here. So that way it preloads all that information for you. Now, talking about Zero Trust and all all of you know cybersecurity in general, it really does come down to collaboration rather than competition. And as I showed in the framework, we're not trying to compete with any other vendors were sitting at the forefront to really complement the work of your detect and respond, your your endpoint management, your multifactor, your backup, your patch management. And so it comes down to collaboration where our offering could be included to make your life a lot easier. So we do have universal sim and identity provider integrations, meaning that you can simply plug in the addresses to whatever sim you're using within your architecture and communicate all of the notifications To that said sim, so of course that's going to be working with Microsoft, Sentinel, Splunk, at&t, IBM, and more in regards to the IDP, that's going to be through SAML SSO. So any major IDP provider, those credentials can be used to get access to the PC Matic portal. So octus Cyber Ark Azure AD, and the one that I do want to bring up and show you in regards to assistance with swam, or Software Asset Management is our tie in integration with big fix. So BigFix inventory specifically is able to pull those assets. And let you know, this is all the software you have in place. And where PC Matic ties in is that we're able to lock it down and then authorize that through a simple console. So here on the integration side, I just want to show you so this is the big fix console here, we're able to do a BigFix inventory across the network for all the customers figure out again, which customers we want to be looking at. And from here, it's leveraging off of that global list. So these are all the unsigned files that have been deemed unknown, we're able to generate the reporting figure out, hey, this is you know, we've scanned all the assets. And out of this, this is how much PC Matic hasn't seen, we can actually right from here, figure out what it is. And if it is all deemed good, we can add to the whitelist, or the allow list for whichever customers you decide. And it'll automatically import that into that local list. So it makes your life a lot easier with again, enforcing the software assets and making sure that you're locking it down without having to spend your time adding it all from scratch. So this specifically for onboarding is a great assistance. In regards to this integration as well, we worked hand in hand with specific agencies what they wanted to see within this integration. And so here we built in with our universal API, the ability to look at at our process activity report, where you can see all the processes being allowed and blocked for all of the locations and departments able to generate, you know, again, the timeframe, but also see the information in the parent processes associated with every single authorized or unauthorized asset, where it's coming from who's trying to run it, what's the frequency of it, and then set the policies right from here. So instead of just the individual hash, you can deploy a policy of that certificate to the entire department or a specific user, all within this console of for unified endpoint management, notifications, managing your local lists all built in here, as well as in regards to compliance making sure that the agent is indeed installed on those that require it. So we're able to utilize a fix lit that shows where PC Matic is not installed, where the agent is not up to date, and big fix will automatically deploy that agent to update the product, or go ahead and remotely install that installer directly to that endpoint. So that way, if you were required to have Software Asset Management within those within your network, and every endpoint requires it, you can identify who doesn't have it, address them and make them go into compliance. And so, at the end of this, you know, it all comes down to you know, if we were able to show where we were able to solve a pain point of, you know, the traditional allow listing that you may be so familiar with, or you're looking to enhance your security architecture, I always like to say, really comes down to putting, you know, putting the tires to the ground, and then give it a run in your environment. Because every single customer is completely different from federal to enterprise to K through 12. Every single customer is going to be different. And so, of course, we offer free trial licenses to test the product, do proof of concept proof of viability, we're always happy to assist in those conversations and get that process started. Also, as I mentioned at the beginning, if the CDM is a requirement for you and your agency and you're not and you don't know where to get started, if you need assistance with submitting that RFS Carahsoft PC Matic the entire team is able to and happy to assist you with those endeavors. And of course at the end of this webinar, while I thank you all for attending, we will also be including copies of this slide deck as well as additional resources on information regarding our solutioning available contracts and integrations for continued discussions. And so with that, that concludes my portion of the webinar. And so I want to thank you all for taking the time to view this but I do want to hand the mic over to Willie Crenshaw to give his take on the PC Matic Application Whitelisting solution as well as a little bit of history of him with the continuous diagnostics and Mitigation Program.
Willie Crenshaw 39:58
Thank you Zack and Good afternoon, everybody. My name is Willie Crenshaw, I am the president of cybercrime, LLC. And also I am the former governance risk and compliance project executive for NASA National Aeronautics and Space Administration. I just wanted to come on for a few minutes to kind of kind of talk about the need for allow listing the continued need for allow listing I know we hear a lot about Zero Trust, I know we hear a lot about some other things that are taking place. And in when you ask the question, are you doing allow listing in your organization? You may get different answers to that. The main thing here is is the governance. One reason why CDM is some portions of CDM have not been implemented in the federal government across the federal government, is the governance. How do you how do we figure out the governance? How do we get the resources not just in dollars, but in people to be able to onboard review of board, you know, software packages and different things of that sort. So the governance is a tough, tough lift and a heavy lift. When you talk about an organization as big as the federal government, even on the civilian side, you can have some successes. And we had done that you can have certain agencies be successful everyone in every agency was not prepared to implement something of this magnitude. One of the reasons why PC Matic caught my eye was the fact that they dealt with a lot of the governance issues I was having when trying to implement allow listing. One of those things is the maintenance and the investigation of the software packages that were out there. So that's one major thing is how can we get a trusted list or a trusted list that that identified? What was good known software in the wild and not just in the federal government and federal government was moving from a god's type of configuration mode to cots, commercial off the shelf stuff. So as we move that way, and then now supply chain risk management becomes an issue. Who's developing the the, the software? Where's the supply chain? Is it coming from a nation state that is an adversary to us? How will we be able to do all these things, find out all these things. And the major part of that is how will we do it in an automated way, just couldn't hire a whole bunch of people and throw at it just didn't have the resources and the tax dollars for the American people. So PC Matic comes along, and I look at what their had, what they had, and how they automated a lot of the processes that we needed to meet the demand and meet the requirements of the governance. And that way we could be able to build the foundation CDM was a foundational thing. It's still around in its different ways. And they're gonna continue to use that. But when we look at CDM, we're not just looking at the tools, we're looking at all the capabilities, the policies, the the actual program, how does a civilian an agency whether it's DoD, or anyone in the federal government, or any organization, implement their risk management plan? And you can come up with a strategy, you can come up with the plan, but how are you going to implement it? What are you going to do? What are the things you need to do? And how quickly can you get it implemented? Before it all changes? That was our that was the task. That's what we needed to do. So we came up with CDM, we tried to take the best of breed at the time, not just in tools, but in capabilities, what capabilities exist, that would help give us the foundation to protect and to and to detect and to monitor those things that were happening in the federal government. How did we get in how do we get in front of malware? How do we get in front of a nation state that's a threat to the US and to the governments who are and to the American people. So that's why CDO was born and that's what CDO was born to do. So as we continue on, trying to implement the different capabilities and I stress capabilities here. Zack has shown you a capability of how we can protect overall your systems how you know where's PC medic, PC Matic fit. We identified that in identify, protect insecure, if you don't know what's happening, if you don't know something's bad, how can you protect it, so you're always behind it? So the major things here is is making sure that you have that complete, complete protection net, if you will. That complete Foundation, we spoke yesterday about the foundation of a house is like having a foundation built but with a big hole in the foundation. So as you put the house up, and you have a hole in your foundation, when it rains and you have water runoff, you're going to flood out your house, or you're going to break down the foundation, you may have a strong foundation on the side on the front, but if you have a hole in the back, eventually the water is going to get in and it's going to cause damage and may not cause as much damage as it would have you had no foundation, but it will still cause damage, all because you have a hole. And in some cases, we're building these houses and building these systems on top of a foundation that has a hole in it. So PC Matic helps fill that hole, they help make sure that we that you have the protection you need from an allow listing perspective with the governance and then you can trust that the information and the data that they're providing you with the application whitelist with the list that they've constructed, it's been vetted, and it has been tested and has been reviewed. That's that's pretty much what I have and what I've seen Zach, is there anything more that you specific that you need me to touch on?
Zack Austin 46:26
Uh, no, absolutely not. I appreciate you taking the time willing, that really touches on exactly, you know, the purpose of what, you know, what PC Matic was developed to do was really to be the foundation and enhance what is already existing to close the gaps that are left to again to, as you mentioned, the hole in the foundation is really to close the gaps that can be found there. Even if you think you have a solid foundation, it has to really start at identifying if it's not starting at identify, eventually it's going to catch up. And that's exactly why PC Matic was developed to be able to fulfill that to close those gaps and really enhance the work of everything else that's already existing, regardless of you know, how complex to how minimal, the ecosystem may be PC medics able to make it work for all those. So. But I appreciate that, Willie, thank you so much for taking the time, I believe that we're going to hand this off to Anna. And if you're on do you see any questions?
47:28
Yes, let's go ahead and start our Q&A. I first want to thank Zack and Willow for being with us this afternoon. So if you have any questions, you can go ahead and drop them in the Q&A pod. Give a few seconds for some to trickle in. All right, we'll go ahead and start. So the first question is how does this work with existing security solutions I have in my ecosystem? Do I need to make policies for them to be allowed.
Zack Austin 48:00
So the way that we this all comes back down to the integrated global list that we've already implemented in the product. So the way we're able to work with all the security vendors is that they all have digital certificates and products and hashes that are have already been authorized for you. And so it's already on that integrated list. And no, you don't need to make the policies for those set vendors, because it's already integrated in that very large global list. So all of your, your, again, your EDR and your STRS all the multifactor when you're throwing it out there, you're not having to make the policies because it's already been done for you by that USA based malware research team. Since we assist you with building that, as Willie just mentioned before, so no, you don't need to make the policies and that's why we're able to work with everybody because it already comes equipped into that global list.
48:55
All right, thank you. Um, see we have one in the chat is PC Matic clients agentless or agent setup. Agent setup. All right, let's move on to our next one. How does this endpoint protection compared to the likes of CrowdStrike Sentinel one and other EDR products?
Zack Austin 49:20
Gotcha. So again, it comes back down to let me put bring this up. Just go through a couple slides really quick. So it all comes back down to thinking about the framework and where we would be sitting. So we have here the left side. Yep, PC Matic and CrowdStrike and Sentinel one. So you have your detecting and responding, the continuous monitoring where they are looking, you know, for something that it hasn't executed yet, and they're looking to see if they can monitor the behavior of that even if it's unknown, they do allow it to run and then try to monitor the behavior afterwards. Right. So yes, that's a form of endpoint protection, but it is a blacklist, right. So that's the ladder you want to get ahead of it. As Willie said, you want to get it Head of it rather than being behind the attack. And where PC Matic is different is we are saying no upfront to anything on authorized, whereas a CrowdStrike or sent no one will allow the unknown, they'll say, okay, or maybe to that unknown and allow it to run and then monitor afterwards. But if it's maybe a piece of ransomware, that's never been seen before. Again, maybe a vulnerability that's never been seen, if it's unknown, and they're unable to detect that behavior, it's never been seen in their library, they're going to allow it to move on forward. Whereas PC Matic on top of that says, It's unauthorized, we've never seen it before. And it's not allowed to move. And so that's the difference of it. But it's not so much of a competition more of a compliment, where we're able to layer in with your crowd strikes your Sentinel ones, your Palo Alto, and complement the work that they are doing. And so it enhances that experience of detecting and responding by identifying first. And so in this also where it complements is that if you have if there's in the, in the form of maybe a zero day, right, as your days come through, and the sock is getting overwhelmed with notifications, rather than just you know, 100 and an hour, all of a sudden it is 1000s upon 1000s. Really, the SOC is going to need to come down because the detector respond cannot keep up with that. Whereas PC Matic is built to kind of be that shield right at the forefront and deny everything, the network gets slower, but it doesn't go down. So it's going to better enhance the experience of the ecosystem, the protection of it. But also, you know, the performance of detecting response. That's why NIS comes here and says that it's foundational for effective use of this framework, you're going to use these tools, you have to start here. And that's where we complement the work of those set methods.
51:48
I think Zack, the thing too, is defense in depth, right? Yes, it is. I look at it, you know, from a football analogy, you know, you know, PC Matic is the offensive line up front, you know, CrowdStrike and carbon black. And those may be made, they may detect a blitz coming, you know, so they pick that up. So So I think that first layer of protection to identify them protect against what's out there in the wild, as opposed to let me detect it, and then we have to scramble to try to put out the fire. If you didn't find out what that looks like on the other end is I detect it now I gotta find out if it's done any damage in CrowdStrike, and those guys and you know, carbon black, and those do a good job at detecting it and then responding to it. But when you look at PC Matic is, you know beforehand, something looks suspicious, something doesn't look right. And until we find out what it is, we're not going to allow it through.
52:55
Thank you, Billy. Thank you. Our next question is, are there any plans to integrate with products such as Z scalar? And how does it compare?
Zack Austin 53:05
So yes, we do have on our technology roadmap to integrate with the likes of Z scalar Z scalar is another collaborator we work alongside within the NIST cybersecurity Center of Excellence, Zero Trust architecture, how it compares is that it come? The best way to put it is that we are looking at the integrity of the file. And so if that file is unauthorized, we deny it. And so Zscaler looks at the user if they are authorized to have access to the application rather than the integrity of the set application. So we actually complement one another where we are looking at the files and the application part of it. And they are more so looking at the user base. So right from the start, we say, hey, this application is authorized, we're gonna allow it to move through and Zscaler says, okay, but who has access to this this good application you're saying? And so that's where we complement one another.
54:01
Okay, thank you very much. Um, our next question is, Can I request integrations be developed with other products such as Tanium, or Microsoft Intune?
Zack Austin 54:11
Absolutely. So I showed a lot of the, you know, the the big fix portion for the unified endpoint management, but of course, not everybody may have that product within their ecosystem, Microsoft Intune, and Tanium being also different UTM products, with PC Matic again, with talking about collaboration, all of these vendors or we're not in competition with any of them. So if there's an integration that is desired, we are probably happy to, you know, use those use cases and bring forward to those collaborators and really make this vision of how our product could assist in their endeavors with whatever they're using in their architecture make it happen. So the answer is absolutely we can we're more than happy to work with the partners as well as the customer and making that ecosystem vision a reality.
55:01
All right, thank you very much. And it looks like our last question is how often is the Global list updated with new definitions.
Zack Austin 55:09
So that is definitely going to vary on whichever offering is deployed. So nonfederal is going to be the traditional product, that global list is updated twice a day. And so twice a day the definitions are uploaded directly to the cloud, which is where the services are connected for the traditional product. So that's automatically updated for them. No, no hands required no management of sorts in regards to the federal products, where it's going through gov cloud or on premise that's going to come out in different versions. So every time we're deploying a version, it comes equipped with the containers of all the definitions, and so that's going to come out with every version and we update those versions quarterly.
56:00
Okay, thank you very much. And that closes out our webinar. Thank you so much to Zack and Willie for being with us this afternoon. I also want to thank everybody who participated and joined us today. We hope this webinar has been helpful for you and your organization.
Corey Baumgartner 56:16
Thanks for listening and thank you to our guests Zack Austin and will Crenshaw don't forget to like, comment, and subscribe to care cast and be sure to listen to our other discussions. If you'd like more information on how PC Matic can assist your organization, please visit www.carahsoft.com or email us at AW marketing@carahsoft.com Thanks again for listening and have a great day.