Unknown Sponsor Voice (13:05)

And now a word from our sponsor, KnowBefore. It's all connected and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBefore, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBeFor's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco. 35 vendor integrations and Counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint, identity or web security vendors. Then coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbefore.com SecurityCoach that's knowbefore.com SecurityCoach and we thank KnowBe4 for sponsoring our show.

Dave Buettner (14:38)

And now a message from Black Cloak. What's the easiest way for threat actors to bypass your company's cyber defenses targeting your executives at home? According to the latest Poneman research study, over 42% of CISOs have reported cyberattacks on their executives in their personal lives and this becomes your problem because executives are easy targets at home for account takeover, credential theft and reputational harm. Close the at home security gap with Black Cloak's Digital Executive Protection Platform Award winning 247365 protection for executives and their families. Learn more at BlackCloakIO in this week's Threat Vector segment, we preview this week's episode where host David Moulton goes behind the scenes with Palo Alto Network's CIO and ciso. Here's David Moulton.

David Moulton (15:42)

Here's a quick preview of this week's Threat Vector. Tune into the full show on Thursday and don't forget to subscribe so you never miss a single episode. Let's get into it.

Mira (15:53)

AI is real. It's absolutely real because we are seeing value already. Through that we are seeing meaningful business impact which we can quantify the outcomes that we are able to get.

David Moulton (16:09)

Welcome to Threat Vector, the Palo Alto Networks podcast where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. I'm your host David Moulton, Director of thought leadership for unit 42. Today I'm thrilled to introduce two exceptional leaders from Palo Alto Networks who are at the forefront of driving both technology and security strategies for our company. Mira is an experienced technology executive with a passion for business outcomes. She's worked at top companies like Citrix, McAfee and Cisco, where she championed digital transformation and diversity initiatives. Nile brings over 25 years of cybersecurity experience before joining Palo Alto Networks. Together, Mira and Niall will discuss their unique partnership and how they balance innovation with security to drive growth. We'll explore their approach to incident response, how they leverage AI for productivity and the importance of trust in cybersecurity. Now, with all the constant new threats, how do you ensure that the team here at Palo Alto Network stays ahead of the curve in terms of both security technologies and skills?

Niall (17:22)

First of all, it kind of partnering closely with Enterprise 2. It's partnering with Wendy Whitmore in unit 42. I think Mira, you've got a unit 42 mug over there that I saw earlier on.

David Moulton (17:32)

Yeah, those of you who can't see us on the on the podcast, she's got her don't panic mug going unit of 42.

Niall (17:38)

Mary showed me earlier on today so I think it's cool. So yeah, so we work closely with Basie on unit 42. Generally they see like for most Palo Alto networks generally get to see things before the vast Majority of our organizations out there, certainly Wendy and the Unit 42 team, they get called into multiple different incidents. If we see something externally that's interesting, we'll generally ping them and say, oh, by the way, for such and such a threat actor, can you tell me who they are, what's their motivation, what's their IOCs and what partner with that back and forth? So I think the great thing about working in Palo is one is we've got them, we've got a really good team, basically, we've got a really good platform. Both Mir and I can leverage Unit 42 for threat intel itself when we need them in some of those incidents.

David Moulton (18:24)

Mir, I'm sure there's times when you and Niall will have disagreements on how to prioritize risk. Walk us through that process of discussing the risk and figuring out where to take a risk and where to back off and how do you mitigate those sorts of things?

Mira (18:41)

So, David, when you talk about, you know, I mean, I call it the business outcomes and security sometimes is a healthy friction that you need to talk through. It's to me always, it's the way we need to resolve it is in the how, not the what. I always tell my team it's not an option to say no to a security control that we need. I want to go fast so I can't cut down on my break. I just need to figure out how I'm going to get that break, the strength I need. And that may be the place that we get into the friction. So I always tell my team, ask for the what. Don't get hung up on the house. We have smart people around. When you put them together, they'll figure out the how. It's rather a matter of figuring out the how to gather, not compromising on the what of the security.

David Moulton (19:33)

Niall, when you're thinking about those risk conversations, how do you coach your team to go in and not necessarily be prescriptive of you have to use this control, but we have to get to this outcome.

Niall (19:47)

Yeah, good question. I think for the most part, like, I'm very execution driven when I look at this. It's generally like, what's the set of priorities we have like a what's the business value? What's the set of priorities against those? And then for those set of priorities, which of those require a significant amount of resources? So there's no point in saying, hey, there's a large project we want to do and we want it all done in Q1, like, that's not going to work from There many of them are multi kind of year and multithreaded projects. So for each of those it's really like at what phase are we in that project? Are we in the inception mode? Are we in the documentation, Are we in the sign off mode? Which part of the phases are we at? And then kind of working closely on the team to align in relation to what do we do, what do we build, what do we get across the road in Q1, what do we get across the road in Q2, what do we do get across the road in Q3? That's critically important. Firmly believe once the plan is locked and loaded, it's locked and loaded. After that, then it's execution, execution, execution. And with that I think it's critically important to understand probably two things. One is like there's normal projects in the normal course of the business that you need to insert and then two, what will happen is naturally over time kind of going back to incidents and issues. Every company will have an incident or an issue and then with that they'll say, oh by the way, we have 32 controls that worked and we have two controls that didn't work. Basically we need to implement those. So I think for the most part it's that healthy conversation of what's the business value, what's the prioritization, how much resources is going to require. And then if a team can get generally aligned on that after that, then I find it's a pretty smooth process from there.

David Moulton (21:29)

Thanks for listening to this segment of the Threat Vector Podcast. If you want to hear the whole conversation, you can find the show in your podcast player. Just search for Threat Vector by Palo Alto Networks. Each week I interview leaders from across our industry and from Palo Alto Networks to get their insights on cybersecurity, the threat landscape and the constant changes we face. See you there.

Dave Buettner (21:57)

Be sure to check out the complete Threat Vector podcast right here on the N2K CyberWire network or wherever you get your favorite podcasts. Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. And finally, the curious case of ChatGPT's meltdown moments. It seems that this AI wunderkind has its limits, and certain names are enough to send it into a digital tailspin. What do David Meyer, Jonathan Zatrain and Jonathan Turley have in common? Well, aside from being accomplished individuals with impressive credentials, they've all managed to trigger ChatGPT's I'm unable to produce a response feature. It turns out that these names are connected to some rather awkward AI hallucinations. For example, ChatGPT falsely claimed that Jonathan Turley had been involved in a non existent sexual harassment scandal. The chatbot even cited a Washington Post article as evidence, which it turned out was also made up by the AI itself. Jonathan Zittrain's name is also on the list of banned names, but there's no obvious reason why. He recently wrote an article in the Atlantic called We need to Control AI Agents now, which might have something to do with it, but it's unclear. What's more, his work has been cited in a New York Times copyright lawsuit against OpenAI and Microsoft. But entering the names of other authors whose work is also cited in the suit doesn't cause chatgpt to break. And then there's David Mayer, who was initially blocked by ChatGPT before being unblocked for reasons that are still unclear. Some speculate it might be connected to David Mayer de Rothschild, a member of the wealthy and influential Rothschild family, but there's no evidence to support this theory. Ars Technica points out that these hard coded filters can cause problems for ChatGPT users. It's been shown how an attacker could interrupt a session using a visual prompt injection of one of the names rendered in a barely legible font embedded in an image. Moreover, someone could exploit the blocks by adding one of the names to a website, thereby potentially preventing ChatGPT from processing data it contains. Though not everyone might see that as a bad thing, I can't help wondering if OpenAI could simply have ChatGPT whisper the names that cannot be named. You know, like Voldemort. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com this holiday season, only malware in the building returns with a festive Christmas Carol inspired twist in this special episode. Selena Larson, Proofpoint Intelligence analyst and host of Discarded Rick Howard and yours truly embark on a ghostly journey through the most pressing cybersecurity threats of the season. In this festive adventure, we dive into key cybersecurity risks like two factor authentication pitfalls, social engineering scams, and the frightening return of consumer targeted attacks. From the echoes of past cyber attacks to the threats hidden behind holiday merriment, we're here to bring you practical wisdom with a dash of holiday spirit that's only malware in the building. Check it out. That is the CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwiren2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpie is our publisher, and I'm Dave Buettner. Thanks for listening. We'll see you back here tomorrow. Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know, I started my first business back in the early 90s and oh, what I would have done to have been able to have the service services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, the taxes, all of those things that you need to go through when you're starting a business. The hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff. Launch, run and protect your business. To make it Official today@legalzoom.com you can use promo code CYBER10 to get 10% off any LegalZoom business information product, excluding subscriptions and renewals, that expires at the end of this year. Get everything you need from setup to success@legalzoom.com and use promo code CYBER10. That's legalzoom.com and promo code CYBER10. Legalzoom provides access to independent attorneys and self service tools. Legalzoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm, LZ Legal Services llc.