A

You're listening to the Cyberwire Network, powered by N2K. Step into the digital upside down with Cyber Things Armis new three part podcast series which will dive into the unseen world of cybersecurity. From real life hacks to the digital shadows of the dark web, we connect pop culture and protection, fear and control. Episode one drops soon, so look out for Cyber Things in partnership with Cyberwire. Welcome to Cyber Things. This is a short series from our normal Bad actors podcast. We're in a homage to Stranger Things. We're exploring the hidden world beneath our connected reality. And just like Stranger Things, the digital world has its own upside down. A place of unseen devices, silent intruders and invisible threats. I'm Rebecca Craddock. I'm the Vice president of global communications here at Armis. And for this short series, we're going to be talking to some of our Armis cybersecurity professionals and massive Stranger Things fans who are wanting to talk about the digital demons that lurk in the shadows. For my first episode, I am joined by Kam Chumlee Sultani, our director of OT Solutions engineering at Armis Cam. Welcome to Cyber Things.

B

Thank you so much. I'm excited about this, Rebecca. When you reached out, I was giddy on my chair. This was a no brainer. So I love it. It's fun. And when you mentioned Stranger Things, I was like, sign me up. No hesitation. Perfect.

A

That's what we love. We want something a little bit different than our normal programming discussion. So before we dive into sort of more of the Cyber Things, Stranger Things is a few weeks away. Are you excited? I am.

B

Chaos. It's chaos everywhere. I'm literally on the edge of my seat. So it's, it's funny, like as you brought this up and we agreed to do this, there were so many parallels. So it's going to be a conversation for sure.

A

I know it 100% is. And look, even if you're not a Stranger Things fan, I think people will indefinitely in cyber security and in the market that we work in every day, I think people will really resonate with this concept and I'm hoping it will provoke a lot of debate within our specific cybersecurity community as well. So let's get into this. We are in November 2025 has been absolutely craz. And I, and I, we say this every year. We get to the end of the year think, oh, that was extraordinary year of threats of hacks, of, of, you know, uncovering of, of, you know, things that are going on around the world. But this Year particularly, it seems to have been work a lot worse than, than previous years. And I want to talk specifically to you about critical infrastructure, because this is your specialism, this is what you look after from a customer perspective. Armis, do you think this has been the worst year for targeting critical infrastructure? And like, what do you think that has looked like in terms of how customers have had to start really thinking about connecting their devices in that world?

B

Yeah, 100%. I think not only from a strategic level, but even from a technical level, we see digital convergence coming up more and more and more and more. And maybe where 10 years ago you had a lot of what we call operational technology and setting the stage for everybody. These are things not just business computers and we call the carpeted space, but even things like devices that are programmed to make something go up or down, faster, slower, hotter, colder. So when we say critical infrastructure, we're talking about things like water utilities, electric utilities, pharmaceutical companies, rail, aviation, you name it, anything that has real kinetic effects in the world. When we say operational technology or critical infrastructure, that's what we're referring to. And to your point, Rebecca, I feel like every year we finish and it's like, that was a year, surely it can't get any crazier next year and then it happens. So to answer your question, I mean there's been a couple massive attacks already in critical infrastructure specifically. And what we're really seeing is because the convergence of IT and OT and more devices now having Internet access or being IP related and not necessarily serial, what that means as we're becoming more digital is with it comes additional attack vectors. And we're seeing that time and time again. And there's actually a couple of big, big attacks that we could touch on today.

A

Yeah, and I want to talk to you about specifically about that and like, try and give some guidance to our audience of like how we need to think about it as we go into 2026. But it's interesting because, you know, you mentioned a few things we hear a lot of noise about, you know, digital transformation. It ot convergence where threats actually come from the unseen devices that sit on your network. But like stranger things there's lurking in the shadows.

B

Yeah, 100%.

A

And a lot of stuff we talk about at ARMIS and you know, within the community is this fundamental parallel of understanding everything, seeing the unseen, making sure that you understand where every single device has been connected, in the impact it has. Why is that so important? Why is that rogue device that's sitting on a network that is just a harmless IoT camera or a harmless little mobile, if that's in a corporate network, why is that so important to be aware of if you are looking in a critical infrastructure operational technology environment?

B

Yeah. The real reason is because all these devices, they aren't just standalone. So yes, if those devices are impacted, they could have catastrophic effects. But it's not just the primary attack. You have to then start considering secondary and third effects and where it's going to go. And to your point specifically with digital convergence, what before was just a router sitting on an enterprise or an IT network is now a gateway or rift or a portal into the OT environment. So looking at things like for example those devices that now have Internet connectivity and I'm, I'm going to relate everything back to Stranger Things here, a few little nuggets along the way is you can almost think about it as the Internet is the main gate or the mother gate. So although it's great and it's helping us be efficient and more operational, with the mother gate now available, it's now a portal to reach into and look at those vulnerable devices. And then I'm happy to keep expanding on this, but attack vectors essentially that once you access one device that's vulnerable, it could be a catalyst to then spread more devices, I. E. Create the, the, the hive of the army. Right.

A

For sure. So one of the things that's really interesting I think and you talk a lot about this parallel with the devices and sort of the portals in it potentially Iot there's this cross section of, of threat that comes from those environments. Even if you air gap as a security environment like a manufacturing plant or a hospital, we know that there has been influences from the supply chain from other devices that they thought was like an air gapped protected environment, but genuinely hasn't. Can you talk in your experience of how you work with customers, how you've had to sort of set up certain environments to try and put some controls in place so that we can manage these sort of barriers and try and keep the sort of lurking, taking hidden concerns of the underworld away.

B

Yeah. 100 and I have to give a shout out to the OT team at Armis and we do this every single day is not only woohoo, let's go. Is not only apply, not only apply ourselves as technical advisors and subject matter SMEs but sitting in a room and really being connectors. So to give you an idea, when we think of the Internet or we think of the vulnerabilities or threats and all these different tactics Techniques and procedures that exist out there, right? That really is the upside down world, right? That's where all the big scary things live and they're reaching out. And specifically what we like doing as a step one is we will go sit in the same room as the IT team and the OT team. And a lot of times those folks, they never interact. So that's again going back to having a power team of Will and Elle and everybody else all together to chart out what it looks like, right? And then from there you need to do an initial assessment to understand what devices that you even have. So have initial visibility and monitoring what's talking to what, what's insecure, what's using insecure protocols, what's vulnerable, and you build it out. So that's where having something like ARMIS is having that continuous monitoring to understand all the communications between devices, all the vulnerabilities with devices. So that way, in the event that something does reach out from the upside down world or from the Mother gate and the vulnerabilities and the attackers are coming in now, you get some sort of immediate alert or immediate response. So we always tell people it is a crawl, walk, run, and it's not lost on anybody that this doesn't happen overnight. It's definitely a phased approach, but that's how you get there. And so even talking about an analogy of what that would look like for, for all the Stranger Things fans out there, and I'll break it down for everybody, so you could think about something like the Mother Gate being the Internet. And inside of the Mother Gate, you essentially have a mind flayer who is think about the brains behind everything. And this mind flayer has a telepathic link to all of these different kinds of monsters and armies that can go out there. So you can think about the Mind Flayer as the brains or an advanced persistent threat or a nation state actor that's going out performing some of these large exploitable attacks that we see wreaking havoc across critical infrastructure. And so there's different, various types of soldiers, we'll say, that are under the command of the Mind Flayer, right? We'll say Demogorgons and Demodogs and everything else. All you need to know is these are basic attackers that are predatory. And so they essentially will smell blood or some presence of something and they will attack it. So in this use case, those are hackers or hacker activists that are then going through something like the Mother Gate. And earlier, Rebecca, you spoke on environments that are air gapped and that's why sitting down with the team is so important, because they may say that they're air gapped, but as you do a bit of objection handling and you're sitting down with the teams and you're mapping out network architectures long behold, there may actually be an open pivot point to that IT device that they can use as a segue. So maybe those vulnerable devices, those are the blood that the Demogorgons smell and they're going out to attack, right? And maybe in the event that those, they actually are exploited those vulnerabilities, and we can relate this to an attack that's happened over the last couple of years that's still ongoing, once the device is actually exploited, it then becomes a pivot point for all those other devices that'll shut down the power grid, that'll turn off the baggage handling system out of the Asian system, a pharmaceutical company, it changes the chemical composition of what that medication looks like. And we can refer to those, right, the actual devices that are being compromised as something like the flayed, right, where they're essentially being taken over to then gather other people and bring them into the army, all through that one telepathic link. So it is, it is pretty scary out there. But we advise everybody to first get monitoring and see what's out there. Then you have to have vulnerability management to know which devices can be exploited. Then you have to have threat detection. And then ultimately it's an ongoing iterative process to keep growing that environment and understanding things. And it also goes back to teamwork, right, Looking at all your other security tools, that is the rest of your team that are fighting everything in the upside down world and then joining together.

A

Yeah. And it's interesting because what you're talking about, what you're describing here is a massive escalation over the last three years, as you said. And you know, I hate using this buzzword, we talk a lot about it on our other podcast. But AI has expanded and sped up the mind flare ability of.

B

Yeah, there we go.

A

The team of bad actors to, to really put, put a lot of the emphasis and the speed and the time to hack or time to threat is very, very quick now. And so it's interesting how we look, as we look forward to 2026, how I think what you've laid out, the strategy of what you need to think about from a base level perspective and then sort of add the layers on. We know that AI is mass, a new dynamic for people to think about and it is sort of sentient, sort of scariness in that they're starting to evolve and learn from hacks that they've tested in other environments particularly, and then adapt that to another. You know, whether it's an airport or a water treatment plant, we know that learnt behavior has allowed people to expand their attack surface. So how do organizations then sort of, you know, we don't want to scare them and suggest that Vecna is sitting watching them. But there is a sort of more serious point in that we know that this is, this evolving threat landscape is creating massive amounts of change for organizations. So how do you think the first step is in trying to solve that next year? What do you think they should be doing as they look at that expanding tax surface with AI particularly in mind?

B

Yeah, spot on. And I mean, you said it best. Right. We're seeing a lot of these exploits and attackers and red hatters and penetration testers and everybody else. Right. Unfortunately, more so on the adversarial side of the house for malicious intent. But you're right. And you can think about this again, going back to stranger things of having the upside down world of being the big and scary and the attackers and the right side up being just the normal water utility or electric utility out there. So the real world, where all they care about right now is they want to make sure that the plant or the treatment facility is up and running and it's doing the job, it performs. It's like living in the real world. Right. But on the other thing, other side of things, in the upside down world, they have one intent and they have one mission, and that's all they're focusing their time on. So two different worlds. So now you look at the right side up, not just making sure that everything is operationally up and running in a safe and secure manner, but now you have to incorporate cybersecurity and you have to get ahead things like AI and automated offensive capabilities. Right. So the ways that you mitigate that is you have to be very tailored. And it's not lost on us that there's only a finite amount of resources per team. And for example, the last thing that you want to do is you don't want to get a tool that's giving you 4 million alerts every single day, and then your team doesn't even know how to tailor it down because there's alert fatigue. So it's understanding of those devices that are vulnerable out there. It doesn't necessarily mean that every single device needs to be patched or needs that sort of upgrade for whatever it might Be if you have the proper segmentation in place with physical or logical segmentation and micro segmentation, the risk inherently will lower. Right. So that being said, it would almost be like Instead of those 4 million alerts, you then would understand that of those 4 million alerts, maybe there's, you know, a million devices, of the million devices, because you have proper segmentation, maybe only 10% or 5% of those can actually be exploited. And in armor terms that we refer to as attack path mapping. So not just getting alerts, but understanding of those devices, how an attacker from the upside down world would come in and they would actually get to that end, attack the end device and hop from A to B to C and then exploit it and then continue to build out their army and continue to build power. Right. So that there's a couple of mechanisms for that. So integrating all of your tools, understanding what your attack landscape looks like, and then having something like an attack path map so that you know, you're getting all of these alerts, but the real things to focus on so we can prevent any other rifts from opening.

A

Yeah. And it's funny because one of the big premises of Stranger Things is of course awareness and power and, and having that control and how you manage control. And I know excited to see the 11 and Dustin and the rest of the crew and how they tackle the coming together of the two worlds. But it's funny because in cyber security we talk a lot about awareness being the key power, but of course it's the one thing that slips through a lot of organizations fingers because it's ever changing. One minute you think, you know, you've got everything sorted, you know where everything is, you can see everything, you know what your attack surface looks like. But of course, guest access, the supply chain, anything that's coming in and out on a daily basis changes the game. So awareness and control is complete illusion. So how do you then get into that proactive defense mode when actually a lot of organizations are still having to react to everything on a daily basis?

B

Yeah, yeah. And I think a lot of it comes down to information sharing, collaboration, teamwork, private public partnerships. And the reason for that is because to your point, we don't want to be reactionary. A lot of times when you look at recent attacks over the last couple of years, typically an adversary will sit in an environment for months before they actually exploit those end devices or they execute a kill chain. And at that point it's probably too late. Right. They know everything about living off the land, so it's coordinating with people and finding a trusted advisor to help you. And you look at the team in Stranger Things, right? Without each other, they would crumble. It really is a powerhouse team. And the way I like to look at it is they all bring something to the table, whether it's a scientist or it's the loyalty of a team, or maybe it's even something like. We'll consider Armist the L, right? We're closing the rift and the team uses us as the tool to go forward. So we will be the aggregation of all the other security tools, everybody else on the team and then acting as L, we will use that power to go close the rift. So, and that's where we come from. So now instead of having somebody living off the land for six months or seven months, we will identify anomalies or rogue devices or dual homed assets or somebody coming in when they shouldn't, or PLC switching modes. And then that's because we're using the team as the one point of truth. And then as L, we can then talk to the rest of the team and close it together.

A

Yeah, and I love this analogy of like teamwork because I think that for, for us, they've been working in cybersecurity for so long, it does feel like the community tries to bandy together. You know, we do not point fingers when other people have been, you know, hit. We, we are in the trenches together trying to defend the nation and defend the countries that, you know, our customers are. It's interesting as we, as I look back for, for last year, this year and, and look forward, I do genuinely feel, and, and why I'm so sort of passionate about this subject is how mainstream cyber security issues are. Now we talk a lot in, you know, our little bubble of cyber security professionals of like, what the problems are. But this year feels like it is in every conversation. My grandmother, my parents, my friends, my family, people that are not remotely in the cyber security world, but they now, this is not a hidden technology, IT societies IT department sort of element of discussion. It is mainstream life. Everybody has probably been affected by something in the last couple of years, whether that's, you know, the democracy at threat that happened last year in. I'm a Brit, this, the UK this year has been inundated with threats across retail. You know, big manufacturers, car manufacturers, financial institutions. It really does feel like we have been inundated this year in, in problem, problematic attacks and it's had a huge detrimental effect on the economy. It's had a detrimental effect on the people working at those Organizations, not just in cyber, but the actual staff. And I worry next year that this potentially gets even more critical. You mentioned right at the beginning of our discussion a water treatment plant. We know some horror stories that have happened there. We medical issues, you know, cutting edge life threatening issues that have been created or have been affected by cybersecurity threats or disruption. If we look into next year, what are the things that you would put out there about, you know, positive intent that the community and the wider society need to be aware of as we think about cybersecurity issues for 2026?

B

Yeah, and I'll start off by saying I'm scared too, Rebecca. Never in my life did I think that I'd be sitting around at Thanksgiving dinner and my grandma bring up cyber attacks. So that it's crazy. I mean, and not even in critical infrastructure. Right. I mean that's what I'm very passionate about. I think you are too. But even looking at things like deep fakes and using AI to replicate audio and visuals and now impersonating people where not just from a technological standpoint but even things like social engineering being expedited through AI. So it's, it, it is terrifying. And I think next year the way that we get ahead of this is it really is going out and interacting with the ecosystem and our, and our partners and getting involved. To give you an idea, here at ARMIS we're heavily involved with things like building out OT Zero Trust framework and providing comments. There's something called the OT Cyber Coalition that does amazing work on the hill that we're very involved with and shout out to them. They're doing a great job too. So, and information sharing with things like ISACs, information sharing analysis centers where we're now using the information that we have not only just as an OEM and As and as ARMIs, but sharing it across the entire ecosystem so we can succeed together. So that way in the event that there is a zero day, you don't have to wait weeks or months to understand that if you've been attacked, but you can get immediate results and then pulling something in, there's a bunch of great partners out there too that have things like incident response retainers. So in the event that there is some sort of attack or incident that occurs, even if you don't have the manpower to support that sort of incident response, you have a team that's backing you. So you have something from a technological standpoint that's backing you and what's been identified and those attacks and fingerprints and any sort of Hash that's matching or indicators of compromise. But you also have a team that can go out there and visit you. They can help you walk through that response. They have maybe something like a flyaway kit to do assessments, understand what's been attacked and triage it and everything else. So really, to answer your question, in short, it goes back to those partnerships and building a powerhouse team that regardless of where that rift opens up or how the story changes or maybe things that you didn't expect to happen in the first place, you can stay agile and be proactive and use AI to your advantage, right? Use it to augment your team and not, not from a noise standpoint of being even more alerted and having the noise fatigue in front of you, but use it to do things like educate your teams on critical infrastructure, educate them on how to use specific tools, right? I mean Even us at Armis, we have a data lake of 6.5 billion devices that we're constantly fingerprinting. You can use AI to essentially look at that database to see which devices are end of life, end of sale can be exploited and you could use it for a variety of other things, right? Like enrich your sock, educate your team members, come to workshops that worry out everybody else, go to conferences that are talking about cutting edge technologies and problems and really just get involved. Every person in this community and you and I both, Rebecca, we're very passionate about this because at the end of the day it's about protecting society, right? We're all in it together.

A

It is, and I love that. I mean we should end there really, because that is the end game at the end of the day and, and what a lot of us get up in the morning and work as hard as we do for. We are actually at the very, very cutting edge of technology and, and the impact it has on day to day lives. And I don't want everyone to be scared, but we, we do see a lot of change and I think going into next year we need to be acutely aware of, of, of what could potentially happen. Awareness, knowledge is power and just being aware of those things and being proactive and not sitting back and sort of waiting for things to happen is going to be crucial. I look forward to the rest of this, this series because we're going. Michael Freeman, who's head of our Armist Threat Intelligence team, Nadir Israel, our co founder and cto, and then of course Curtis Simpson, our cso, we're going to have lots and lots of discussions about what else could happen, could be happening. But I'M going to end. On our favorite subject, of course, Stranger Things is three weeks away. Little bit of prediction. You don't know how it's going to set itself up for the final series. What do you hope to see?

B

Yeah, to be honest, I feel like the ending was already pretty emotional for me, so before this. But, I mean, I literally sat there for about four minutes afterwards just digesting everything. So I don't know if it's. It's gonna have to be a grand finale of the two worlds finally colliding and the Upside down world now essentially projecting itself into the right side up. But I don't know, especially with things like the particles and matter in the air, does that mean that more people are going to join the army? What does that mean for El not being blind? There's just so many things that are coming up that I couldn't tell you. I think the show does a great job of keeping us on our toes. And trust me, I'm on my toes right now. Rebecca.

A

I'm just playing all the music like I'm an 80s kid. I'm just playing the music, getting ready for it. But, you know, I'm. I'm a sucker for a happy ending. I really hope that, you know, in a bit like the cyber world, we will defeat the baddies and. And that will. How. That's how it will play out in the show as well as in real life. Cam, thank you so much for joining me for the first episode. I'm really excited, excited. We're going to get your views later on in the series as to how it's all mapped out in the actual program, but also how we go into 2026. So for now, thank you so much. And for the rest of our audience and listeners, please tune in for the next episode where we talk even more about some of the threats exposed by the Upside Down. Till then, by. Sam.