Michael van Rooyen:
0:00
Today’s discussion was so interesting we needed to record it over two parts. Today I have the pleasure in having an interview with Glenn Maiden, who is the Director of Threat Intelligence at FortiGuard Labs, ANZ. We’re going to be talking about all things threat intelligence, all things around cyber security, what Fortinet’s seeing, as well as talking about Glenn’s personal journey around the space, which is quite a fascinating one. Glenn, welcome to the podcast. Thank you very much, michael. It’s fantastic to be here. Yeah, great. Look, before we get started, just to set the scene, I’ve had a look at your career and I’ve had a chat in the past and you’ve got quite a good career across many defense areas and vendors. So, for people who are listening, do you mind just spending a couple of minutes about your history, your background and what led you to be the Director of Threat Intelligence at Forty Guard for ANZ? Yeah, I was very very lucky, Michael.
Glenn Maiden:
0:47
So I started out in the mid-90s with the Department of Defence as a tech co basically, and that was sort of building networks, playing around with routers, testing equipment that would eventually end up on the Army’s network In about the year 2000, I moved to what was then called the Defence Signals Directorate, which is our signals intelligence organisation. They’re now called the Australian Signals Directorate and back then the information security component that was a branch within that directorate was called Q Branch and now that is known as the Australian Cyber Security Centre. So things have sort of grown very, very large since my time 20, 25 years ago. But I spent sort of about a decade there and then I went for promotion into the Defence Imagery and Geospatial Organisation and I had my coolest job title I’ve ever had in my life and it was called the Director of Geospatial Exploitation. So I spent about four years there and that was fantastic because I learnt all about running an intelligence production directorate. So it was everything from data collection, data processing, data exploitation, reporting and analysis. So it was end to end running an intelligence organisation with reports that ended all the way up to no less than the prime minister’s desk. So very, very exciting and fantastic, but the geospatial intelligence was not where my true love lied.
Glenn Maiden:
2:03
So I went then across to the Australian tax office for about four years and I was the IT security advisor for the ATO Right, and that was a great cultural shift because you know I was so used to that sort of national security environment. Yes, going across to the ATO where they’ve got highly protected systems, they’ve got protected mainframes and data warehouses and stuff like that, they’ve got some obviously one of the biggest databases of PII in the country, probably in the Southern Hemisphere, and then those need to connect out to people’s home computers, so people running e-tax and tax agents processing. So it was very, very exciting and challenging to look at sort of the different ways where we have to protect information and move information from unclassified all the way up to the wholly protected and being able to maintain integrity across all those environments. And it was about 2015,. I left the government and since then I’ve been working in the vendor side.
Glenn Maiden:
2:53
So I did a quick stint with Lockheed Martin when I first got out and I was responsible for building the security operations center for a defense project called centralized processing. So that was a billion dollar project at the time, one of the biggest projects in the world. And then I was responsible for recruiting all the members of the security operations centre, training them up, getting everyone comfortable with the tools, building the use cases and building all the people and process side of things Very, very challenging, obviously. And then from there, yeah, I’ve been working with cyber security vendors since then some of the leading vendors and now at Fortinet for five years as of about now.
Michael van Rooyen:
3:30
Wow, wow. It’s certainly an interesting journey, you know, when you think about where you started defense and then into information security, before people called it cyber right, yes.
Michael van Rooyen:
3:39
It was information security, security and really that customer-facing learning and understanding the challenges on that side, being able to really lead to really being one of the lead vendors around cyber and threat intelligence, et cetera, et cetera. So, under your new role that you’re at today, under 40 Guard Labs for ANZ, what are your primary responsibilities for those who don’t understand what 40 Guard Labs is, and maybe you can run through a bit of that and what are the critical goals of your team?
Glenn Maiden:
4:05
Yeah, sure, michael, I’ll take you on a quick segue.
Glenn Maiden:
4:07
You’ll probably find that I’ll do that a little bit I like to meander a little bit, but cyber is an interesting term. So, as you say, guys like us that have been around for a long time there was a bit of controversy when they started calling information security cyber. But I’ve been thinking about this the last couple of weeks with that Israeli Mazar attack on Hezbollah where they blew up pages, which is definitely not an IT system. Cyber is normally meant to encompass computers and networks, so that was sort of the definition of cyber. But now I think that the definition is probably not quite right when you think that, while that was not a traditional cyber attack as you’d probably define it, because obviously without attacking over radio networks and attacking on non-digital systems, it was still a cyber-enabled attack, which I know we’ll talk about later on in this podcast.
Glenn Maiden:
4:52
So yeah, I think, as we become more and more converged. I think that some of these terms are probably almost worn out in the brave new world.
Michael van Rooyen:
5:00
They are. They are. So for those again who are thinking about threat intelligence, because that’s really a source of understanding what’s going on globally, where most attacks are coming from. So you and your team are really ingesting a lot of that threat intelligence from a global point of view, working with lots of customers, working with lots of other vendors to kind of collaborate on that data to really give your customers downstream effectively the best intelligence to protect themselves, give your customers downstream effectively the best intelligence to protect themselves. And your team then spends time curating that data, looking at data. Maybe you can touch on what the team really does.
Glenn Maiden:
5:31
Yeah, yeah, thanks. Thanks, michael, I’ll get back to your question. So FortiGuard Labs is basically the nerve center for all the Fortinet products. So most people know us for the FortiGate, the firewall. It’s an industry leader and in fact out of every firewall sold globally, one out of two is going to be a FortiGate and then the other two is everybody else. So we are absolutely in every corner, in every industry vertical in the planet. So obviously we need to keep those firewalls update as the threats change. So all the telemetry comes back to me in FortiGuard Labs and my team. That’s where we go through and we’ll exploit it, we’ll rack and stack it. We’ve got several hundred humans that do about three quarters of a million hours every year of human research, and I know we’ll talk about AI.
Michael van Rooyen:
6:16
It would be remiss of us not to, we have to.
Glenn Maiden:
6:19
We have to, yes, but yeah. So we’ve been training our AI systems and ML systems since before. It was actually cool. So we’ve got multi-billion node AI systems that have been trained for over 10 years. And if you think that, telemetry, so all that metadata coming back from those firewalls saying, well, what’s good, what’s not, do we even know? We’ve been training on petabytes and petabytes of data for all that time. For all that time.
Glenn Maiden:
6:45
So now our system is quite mature and able to go with with incredible accuracy, be able to understand if a behavior or a signature is malicious or not. So, where we’re a bit different than other threat intelligence organizations, we all read the data the Verizim data breach report and reports like that, which are fantastic, but a lot of the threat intelligence that we get is based on post incident reporting and where people rack and stack it together. So we’re able to be a little bit before the breach in near real time. So we go through a process what we see at that network and operating system layer and instead of just putting it directly into a report for someone to read at a later date, we push that back into the Fortinet fabric and also to partners like yourself at Oro. So, assuming you’re not patient zero in almost near real time, you’re actually protected from these threats as they evolve. So it is very, very different. But to get to your point about collaboration, obviously we’ll ingest information from all of our systems, processes, devices across the network.
Glenn Maiden:
7:41
But we’re big on partnering. So we’ve got teams that go through and they sit in dark web forums and telegram channels, so all that goes in to get an understanding of the bad guys. Wow. But we also partner. So we’ve been working closely with Interpol for about sort of seven, eight years.
Glenn Maiden:
7:55
We’ve been working closely with NATO for a long time In fact, my boss is going to the NATO conference very, very, very soon and the World Economic Forum, and this has actually been one that I’ve been directly involved in myself. So we’ve got a project program that we’ve been working with as a founding partner of the World Economic Forum Center for Cybersecurity, trying to map out the cyber criminal ecosystem. So yeah, where that’s interesting is, you know we normally talk about IOCs, which is a bad IP or a bad DNS address, but what we’re trying to do is find out who are the humans and the systems that they use and the accounts that they hold that sit behind these bad guys, the contis and the trick bots and the dark sides and the revils, so trying to actually understand the real people behind the cyber criminal ecosystem and the dark net that we hear so much about and that’s a really interesting couple of points.
Michael van Rooyen:
8:46
then tying back to your point around the pager and two-way radio attack, and I guess let’s circle back to that. So thanks for covering off what the labs teams does and people don’t probably see that right, it’s a huge team working behind the scenes to make sure customers are protected, sharing threat intelligence to effectively protect the world in some way, right. But then if I think about your point around this recent physical attack which could be considered, you know it is a technology attack ultimately, and the time you’ve spent doing the space, you know landscape has changed and continues to change all the time. What are some of the most significant changes then you’ve seen from a cyber threat point of view over the years and kind of how they’re impacting businesses and countries? Today You’re talking about World Economic Forum. That would never been a topic before, right? I mean, the cyber is so important today, fundamentally.
Glenn Maiden:
9:35
Well, I think I mean you’ve probably cracked it right there. I mean in terms of the bad guys, I mean the volume’s still there. But I guess the key point that I think that really is pertinent to the answer there is everything now is connected together. So again, we’ll talk about OT and connecting OT to IP-based networks. But everything that we use, everything that we do, is connected to one big borg of a system, and in the old days, again, we’ll talk about elections later on big borg of a system and in the old days, again we’ll talk about elections later on.
Glenn Maiden:
10:14
So you imagine, if I wanted to interfere with an election in the old days, I might go and bomb an election booth or I might steal a big bag of paper ballots. Now I might want to hack into an election. So everything from getting a script to ordering a car or even turning on your tap in the morning, everything is cyber enabled. So you know the bad guys in the early days, where they were just trying to breach our systems and you know, essentially, steal data. They realised a few years ago that well, availability is something that we can attack as well and that’s something that’s really, really going to make customers scream and pay us some money.
Glenn Maiden:
10:49
So I think, from my perspective, the bad guys have always been the same. They’re going to be a nation state that’s hostile to us the Iran’s, the North Korea’s. It’s going to be an issue-motivated group, and you think of the famous anonymous guys there. It might be an insider threat and that insider might be doing it for financial reasons or other reasons, or they might just screw up, yes, but most of it is going to be these serious organised crime groups that have probably migrated and evolved since the old days of the Italian mafia and now they’re all going all the way across to Nigeria and these big scam farms that are now popping up on the border of Cambodia and Thailand, sort of up in that part of the world. This is just such a lucrative industry for the bad guys and unfortunately we’re riding that crosshairs?
Michael van Rooyen:
11:34
Yeah, unfortunately. Yeah, because there’s. You know, many of the Western countries, australia etc. Have got you know a fair bit of wealth realistically, so that’s a soft target. I had a chat to one of the partners at Grand Nickel and we were talking about the same topic and he was made the the comment around um, be hard being a drug dealer today. Right, because you know, you know there’s a whole process there and people involved, etc. Where now you can sit, as you just said, any, any in any border. As long as you’re connected to this connectivity, you can really get away with a lot more and be really anonymous. Right, it’s, it’s.
Glenn Maiden:
12:04
It’s fascinating from from a business point of view, even how that, how they’re doing that well, it’s so advantageous because I can go through and route my attack through sort of a whole bunch of jurisdictions and then I can be sort of sitting in North Korea, or I can be sitting in Moscow, or I can be sitting in Beijing. I can attack you and me here sitting in Brisbane today. You can imagine just how hard that would be to track us back. So you know the likelihood of the police being able to get us in somewhere where there isn’t an ability to come and move us back to Australia to be charged.
Michael van Rooyen:
12:34
It’s absolutely beautiful, yeah, and do you think, with this continuous hyper connectivity, that that is just going to continue to be harder, or do you think we’re getting better at mitigating? Of course there’s things like labs that are helping mitigate known problems, but do you think this cat and mouse game is always going to be a system that we close in that gap, or is it widening from what you see and your counterparts you speak to?
Glenn Maiden:
12:55
I think we’re definitely getting better and I know with working with groups like Oro, so I think we’ve got some really really good technical solutions now to defend our networks we mentioned before. It’s so ubiquitous. I mean three, four, five years ago, if you talk to a board member, cyber would have probably been the last on their list of problems, but now if they have a significant breach they can actually be charged and maybe go to jail or lose their house now. So that’s certainly something that’s really, really important to them. So they’re quite happy to invest and take cybersecurity as one of the key business risks to their business. Being able to go through and do some really robust defence, especially proactive defence, before you have that big problem. I think we’re getting. I mean, probably the statistics don’t always paint that as a good picture, but certainly we’re getting more resilient than what we were a few years ago. There’s absolutely that’s obviously a sweeping statement and there’s gaps and there’s some industries that are more mature than others, but certainly in Australia we’re better than what we were. I think.
Michael van Rooyen:
13:55
Yeah, and do you feel as well that our government is really starting to push a few more things? In the US they talked about having to have a kind of cyber person size on the board. Today it’s kind of mandated at a certain company level from what I read and understand. But you know, I know Australia’s obviously adopted the SOCI Act for critical infrastructure. Do you think our government’s doing enough now to really start pushing forward that we help close that gap?
Glenn Maiden:
14:21
I think the government is doing some really, really good work. So, if you think obviously you mentioned SOCI. There’s been updates to the Privacy Act. We’ve got the Cyber Strategy, where Home Affairs wants us to be the most cyber secure nation in the world by 2030. Really really good stuff there.
Glenn Maiden:
14:36
The Privacy Act, the fines gone up to about $20 million I think it was $2 million or maybe it’s $50 million now. Either way, significantly higher than what it was before. If you don’t do due diligence around protecting personally identifiable information, pii. So, yes, certainly the dials have been screwed up there.
Glenn Maiden:
14:55
I think that my biggest concern in terms of gaps is that, as the world is now becoming a very, very unstable and probably the most dangerous world that we’ve seen in decades, probably since World War II when there is the first sign of conflict, the first weapon to be fired will be a cyber weapon, and I think we need to have a much greater sense of urgency in protecting our critical infrastructure.
Glenn Maiden:
15:24
As I said before, it’s easy for us to expect to go out and turn on the tap in the morning and get fresh water and get in our car and drive to work. So if I was a bad guy and there was some conflict, it would be very easy for me to target a water processing plant or a water pump or disable the country’s fuel supplies and, from a knock-on effect, obviously it would not take very, very long to cause significant disruptions for our economy. So I think we really need to take much more of a sense of urgency in looking at that macro level threat and just how some of these threats could be realised by a hostile nation. Again, instead of having to come and send a rocket across the north of the country and hit Darwin or whatever, why not launch an attack from sitting back in the northern hemisphere? It’s going to be just as effective, just as devastating. Yeah, true, true.
Glenn Maiden:
16:21
And actually probably more widespread, because a piece of arsenal will damage an area as opposed to a much more widespread issue, right, yeah, yeah, and hopefully we’ve got enough resilience and enough segmentation in some of our systems where it won’t be widespread. But we have seen sort of some what were relatively simple attacks. You know the colonial pipeline that we saw over in the US caused reasonably significant damage.
Glenn Maiden:
16:39
We had a recent issue where the ports or one of the shipping systems went down here in Australia, so we had boats floating across our coast unable to dock and unload their containers for a day or two, so it doesn’t take very long.
Michael van Rooyen:
16:52
Knowing that you’re spending so much time with your team looking at threat analysis, what are kind of the cyber threats facing organizations in 2025? And what should be the priorities or what should teams think about prioritizing for those, if you can give us any insights? I know things can change overnight, but what are you seeing today from your lens?
Glenn Maiden:
17:12
So from my perspective, I mean I can talk about the increasing sophistication of threats. So we’ve got now AI, we’ve got some very, very smart actors that are looking for bugs in hardware. They’re looking for breaks in systems. So there’s always going to be that, there’s always going to be a vulnerability somewhere. But I like to look at it from the other side, and this is from your side in Auro. This is the defender side.
Glenn Maiden:
17:35
So if I’m trying to defend a system, how can I make the impact of any one breach get as close to minimal or zero as possible, and that is something that we can do. So, whether that’s using multi-factor authentication, so if someone does manage to exploit one of your attack surface or one of your perimeter devices, if someone does manage to get access to that, how can we segment that off? Or how can we make sure that all those user accounts that they will then pop out of that box, how can we make sure that they’re useless or harder to exploit? To get further into the system? Smart role-based access to exploit, to get further into the system. Smart role-based access, and not just for people but for machines as well.
Glenn Maiden:
18:19
That helps really, really good security operations, like I know you do at Oro making sure that we know what our assets are, how they could be exploited, getting logs and telemetry off those devices, centralising them, normalizing them and then getting those into use cases that will then sit in front of a really really smart analyst’s screen.
Glenn Maiden:
18:37
So when something that isn’t normal comes up, we’ve minimized what we call false positives, so it’s not just something that’s going to waste someone’s time a red alert but we know with a reasonable amount of confidence that that alert that’s just popped up on my screen is something that I’ve got to take a look at and from there I can go through and isolate and clean up and then bring back into service as quick as possible. And if you think about it in that way from a defender’s perspective, it doesn’t matter if I shouldn’t say it doesn’t matter, it matters less that a bad guy has got a zero day that they’re using against you, because you know they’re only going to get to a certain amount of, they’re only going to get a certain, a certain distance before we find them and we stop them?
Michael van Rooyen:
19:16
yes, correct, you talked about the kind of nation states, uh, things that are happening and, from a global perspective, as we sit here today catching in brisbane, we’re just coming off the back of the the us elections, you know, and they’re obviously the results are a little bit in the spotlight, you know. You could argue which way it went, but it’s happened and there was a lot of discussion leading up to it and post the last election in the US, plus other elections globally, that for people who followed along with the, you know, disinformation, misinformation it always kind of dominates the conversation. Now that we’ve so cyber connected and influencing and all these sorts of things, can you talk a little bit about some of the cyber enabled threats that relate to these issues and how they may detract from what should be a normal process and how the world’s changed just in elections alone?
Glenn Maiden:
20:04
Yeah, so this is a fascinating one, michael. So, if we think about that convergence of threat, and just before we get into the misinformation, I’m always fascinated about some of these global cyber gangs. So how do you go from a gang that’s operating out of Nigeria or over in Eastern Europe all the way to attacking my mum that’s sitting on her iPhone up at Burley Heads here as part of a scam? So it’s well enough to have the infrastructure sitting behind it. It’s well enough to maybe have an exploit, and maybe I want to just do some crypto mining off her phone, or maybe I do want to scam her out of her life savings. There has to be somewhere that all that infrastructure converts into a localised attack. So mum knows that she gets a message saying oh, this is Australia Post or this is the Australian Tax Office. So how do these bad guys on the other side of the world craft a social engineering attack that is so realistic that it can get past my mum? So I think that there’s this convergence and this is where we get into the election. I think that there’s this convergence and this is where we get into the election.
Glenn Maiden:
21:10
The same bad guys and nation state guys are using the same malicious ecosystem that the criminals are using and more and more we see. Sometimes they’ll call them mercenaries, but we’re seeing that convergence of nation state actors and cyber criminals using the same infrastructure, in some cases working together, in some cases for trying to influence an election, or people, in some cases trying to steal money. So just to get a few terms out there, they call it MDM now. So there’s a new term that they’re starting to come out with, which is called misinformation, disinformation and malinformation. Now, misinformation is basically where I would say something and I just get it wrong. So I might say I’m doing a podcast with Michael in Sydney today. It was an honest mistake, but anyway, someone gets hold of that and they said oh, glenn’s in Sydney today, why did he not turn up to this meeting in Sydney when I’m actually up in Queensland? So that’s misinformation. Disinformation is where someone’s a little bit more deliberate in what they’re doing. So if you imagine I was a bad guy, I might get a FortiGate and I might say, oh, fortinet says that it can do five terabits worth of throughput when this is actually only two terabits. So I just make something completely up, send that out, and then I could use that against me. So there’s sort of those two different ways that we can use to influence Malinflammation.
Glenn Maiden:
22:28
Isinformation is a bit of a controversial term, but that’s where you use, I guess, legitimate information with malicious context. So if you think, probably revenge porn is a good example of that. So a photo is taken in the privacy of someone’s home that then gets leaked to people that weren’t originally accessed or authorized to have that information and that’s used against the victim Malinformation the reason why that’s sort of a bit controversial. It could actually be something that’s true. So if you think of our good friend Donald Trump and Stormy Daniels, that may or may not be true, but if it was true that would be really really juicy to use against him if I was one of his enemies. So, basically, forever hostile nations have wanted to go through and interfere with democracy.
Glenn Maiden:
23:11
So, back in the day, it might be Russia funding some Marxist groups at a university or something like that. There might be some other political parties that they’ll funnel some money into to try and influence, but now in these cyber-enabled days, it opens up a whole world of possibilities for these guys. So if you go back to sort of 2016, the Russians had about 500 Russians activated and trying to disrupt the American elections and American society. And if you think of those 500, that would have actually been quite rare back then. So you need Russian people that speak really, really good English. They understand and they’re speaking with American accents. They understand the subcultures. They understand sort and they’re speaking with American accents. They understand the subcultures. They understand sort of some of the societal norms. They understand the political system. They know how elections work.
Glenn Maiden:
23:56
So apparently these guys going back to that election back then, they pumped out about 80,000 posts and pieces of propaganda just to influence us. So that was 500. And obviously that was the scale they could get. But if you think now in the age of AI, you could probably have just a handful of people that could do much, much more than that by generating some of these malicious posts. And just you mentioned the election that we just saw yesterday. Going back on the 4th of September, there was a group called Tenant Media that was charged over in the US and they were a right-wing group, but they were taking money from Russia to go out and spread misinformation to all their fans, all the people that they were influencing, and they were saying, oh, go in and intimidate voters, go in and steal votes, go in and destroy ballot collection areas. So this is a real threat and it’s happening every day and luckily I can’t think off the top of my head any really catastrophic things that have happened down here in Australia, but it’s only a matter of time.
Michael van Rooyen:
24:55
It is true, and I think you do touch on a very good point there if I think about influencing media. So if we go right back, you know a newspaper, then television, you know this kind of thing’s been happening for a while where people want to kind of make things come to fruition. The challenge we’ve got now is again we’re so cyber enabled or so connected. I should say no doubt that social media has played such a big role in that because everyone’s connected on that and I think about the new generation coming through. So you have baby boomers, all that were probably still paper based reading, all that, and they were influenced in some way, but probably not as catastrophic. If we go all the way down to the people who can vote now, where they’re just hyper-connected and everything’s on a screen, probably the ability to influence the outcome is completely different, right, if you think about how wide that gap is.
Glenn Maiden:
25:39
Yeah, it’s funny. I sometimes think, and they talk about these digital natives, and I’ve got three kids a 17-year-old daughter, a 15-year-old son and a 12-year-old daughter a 15-year-old son and a 12-year-old daughter.
Glenn Maiden:
25:50
They’re all digital natives. And my son is an absolute. He loves technology. He’s built his own PC from parts. He programs in Python. Technology is just his absolute passion.
Glenn Maiden:
25:59
But I think I don’t know when we talk about digital natives. Going back to our day, we built systems from the ground up. We’d build a rack and then we’d put a router in it and we’d put a switch in it and we’d put a firewall in it and then we’d put a server in it and we’d plug it all in and load the applications on the top of that infrastructure and then push that out. We’d know what IP address it had, we knew exactly where that server was and what was running and what it was doing and if something happened you’d walk into the server room and turn it off, yeah, yeah.
Glenn Maiden:
26:29
So I just wonder, especially with sort of some of these digital natives these days, whether they’ve become a little bit a part of the attack service, because they’re so good at using these applications and exploiting these applications, but not necessarily knowing how they work. And then, if you think, in most cases or many cases these days, these applications are powered by service from the cloud. Do we actually even know where our data is or where it’s getting processed. So I think it’s very, very different in 2025 than what it was even probably pre-COVID.
Michael van Rooyen:
26:58
Yeah, yeah. And if I think about again those attacks, the influencing election and state-based activities to influence a country, and election’s always the peak period you also touched on earlier around campaigns you know christmas is coming then they’re very crafty about how they do their, their threats etc. But if I think about elections particularly and we’ve heard over the last three or four elections globally that they’ve been influenced and there’s been some proof in it and maybe not some proof in it you know there’s a bit of a debate, but do you think this has affected the public’s trust in in the editorial and the electoral process? But do you think this has affected the public’s trust in the electoral process or do you think it’s kind of they just get on with it? What’s your view on that?
Glenn Maiden:
27:34
I think, michael, that’s 100%. The public’s trust has been affected and in some ways, that is actually the intent of some of these disruptions. So I don’t necessarily need to have my candidate win. But what happens if like we saw sort of last time what happens if I can erode the public’s trust so much in elections that I can use that then against my enemy country? And I just read a report recently about our handling of COVID and you could argue with how good a job we did versus how bad and a few mistakes with 2020 hindsight. But the frightening part of that particular report was there was an erosion, a significant erosion of public trust in authorities, people like the health system. So when the next pandemic comes along, maybe people won’t be quite as compliant in some of these. So it becomes very, very, very, very different situation and quite dangerous very, very quickly.
Michael van Rooyen:
28:27
Do you think there’s some strategies that governments, organisations or individuals can use to protect themselves against the spread of misinformation, and maybe ways to really validate and identify credible sources, considering we’re talking a lot about AI, you know, deep fakes, all these sorts of things or it’s just going to get harder and harder, I think?
Glenn Maiden:
28:44
it is going to get harder and harder, I think, especially with the rise of AI and deep f facts, it’s going to be very, very hard to work out what’s real and what’s not. And you know, I don’t know if I can answer you, michael, where this goes. I mean, you know, if it was a cyber attack, you know a buffer overflow or some sort of exploit against a service, I’d say, well, we need to put a firewall in front of it and block that port or monitor that port or something. But when it comes to influencing humans, I don’t know. Maybe we get an AI, some sort of an AI system to defend against it. But it’s definitely a risk.
Glenn Maiden:
29:14
And even if you look at where the attackers are going, so it’s so, so common now for attackers to not even use necessarily use malware, but certainly more and more they’re using credentials that they’ve either stolen or dumped from the victim or they’ve just bought from an initial access broker and you guys at Oro in the SOC. It’s one thing to see to notice someone doing a port scan inside a network. That’s unusual. That’s something really, really unusual. I’ve got to go and investigate that. But it’s another thing to see Michael move from server A to server B. Well, that might actually be you just going through and accessing a file share, but it could be someone using your account. That’s a lot harder, as the SOC analyst, to know. Well, is this legitimate or is this anomalous?
Michael van Rooyen:
29:58
I hope you enjoyed part one of my discussion with Glenn Maiden, Director of Threat Intelligence at FortiGuard Labs ANZ. Tune in next week for part two.
