WEBVTT

00:07.400 --> 00:12.440
Often we find a problem within our systems that the normal corrective standard just can't be applied.

00:12.470 --> 00:17.270
This can happen because of a variety of issues, including how our enterprise environment is set up.

00:17.270 --> 00:19.880
It could be because of a specific policy.

00:20.000 --> 00:25.220
It could be for a variety of issues, but we refer to this as an inhibitor to remediation.

00:25.220 --> 00:32.330
When we look at the dependency on IT systems as a whole, we often find that some IT systems are outdated.

00:32.360 --> 00:34.580
They've got legacy components.

00:34.760 --> 00:39.530
The specific software that we're utilizing doesn't work on updated systems.

00:39.800 --> 00:45.530
I consulted for a tanning salon at one point, and the overriding POS system, or the point of sale

00:45.530 --> 00:52.280
system, as well as the inventory system that the tanning salon used, was backdated to Windows 7.

00:52.280 --> 00:57.740
So if you were using any type of windows product after Windows 7, the program specifically just didn't

00:57.740 --> 00:58.220
work.

00:58.220 --> 01:04.370
Now, we tried utilizing a Windows 10 system that you could then backdate to utilize Windows 7 settings.

01:04.370 --> 01:05.300
That didn't work.

01:05.300 --> 01:06.590
We tried it with Windows 8.

01:06.620 --> 01:07.550
That didn't work.

01:07.550 --> 01:12.950
There was specific program requirements or the way the program was originally designed, where it just

01:12.950 --> 01:16.580
did not implement well with anything past Windows 7.

01:16.610 --> 01:22.040
This obviously provided with a variety of issues because Windows 7 was no longer supported, but this

01:22.040 --> 01:26.750
is an example of a dependency on IT systems or outdated systems.

01:27.020 --> 01:32.780
There can be outdated policies in place where policies were in place 1015 years ago, and while they

01:32.780 --> 01:40.700
made good use of the requirements or good use of the problems and technology 15 years ago, new technology

01:40.700 --> 01:43.430
has arisen, new ways of doing things have arisen.

01:43.430 --> 01:44.870
There's better way of doing things.

01:44.870 --> 01:50.960
But those outdated policies came into play and are hampering our ability to remediate certain issues.

01:50.960 --> 01:55.790
For instance, there was a password policy put into place that specifically said that it had to be eight

01:55.790 --> 02:01.010
characters in length, with at least one uppercase, one lowercase, one number, and one special character

02:01.010 --> 02:06.980
that is an incredibly outdated policy when it comes to passwords, but because of the way the policy

02:06.980 --> 02:09.470
was written, it wasn't just cut and dry like that.

02:09.470 --> 02:16.070
It actually came to hamper our remediation factors to provide multi-factor authentication, because

02:16.070 --> 02:21.110
there was a line inside the policy that specifically said no technology could be added or deducted from

02:21.110 --> 02:25.760
the current policy without director approval, and we couldn't get the director to sign off on it.

02:25.760 --> 02:30.410
So it had to go through the entire remediation policy for a change.

02:30.410 --> 02:35.000
That literally took months when there was a better way of doing things right off the get go.

02:35.030 --> 02:38.210
There could be resource constraints where we want to go through.

02:38.240 --> 02:42.560
We want to do it, but the backlog of supplies isn't available.

02:42.560 --> 02:47.480
This happened quite often in Covid where we were trying to upgrade systems.

02:47.480 --> 02:51.830
We were trying to upgrade technologies, but their resources just weren't available.

02:51.830 --> 02:56.480
This could often pose problems within the infrastructure as a whole, where we're having to do compensating

02:56.480 --> 02:59.480
controls because resource constraints are available.

02:59.720 --> 03:06.020
The complexity of the issue, if you've got uh, IT professionals or cyber professionals.

03:06.020 --> 03:11.720
And the issue is very complex, and you're having to add technology on top of technology in a specific

03:11.720 --> 03:13.910
format that could pose issues.

03:13.910 --> 03:19.550
We've all had problems where we've ran into technology and we wrote the code, or we did something on

03:19.550 --> 03:22.700
the process, and it just didn't work because it was so complex.

03:22.730 --> 03:28.130
The different systems that were interacting with it just made the the configuration that we were trying

03:28.130 --> 03:33.470
to pull off within the system as a whole not work well together, and that fluidity just wasn't there.

03:33.470 --> 03:36.020
So complexity can often pose different issues.

03:36.020 --> 03:40.760
And that specific instance, we had to break down the different configuration and provide this system

03:40.760 --> 03:45.200
with this configuration, this system with this configuration, which obviously opened up some vulnerabilities,

03:45.230 --> 03:49.190
which then we had to mitigate in order to get the system to work functionally correct.

03:49.220 --> 03:51.080
There could be also resistance to change.

03:51.080 --> 03:57.080
This happens quite often with older employees or with management, where they see the act of doing something

03:57.080 --> 03:59.150
and they're just very resistant to change.

03:59.150 --> 04:03.860
With the password policy, for instance, getting three factor authentication actually go through,

04:03.980 --> 04:09.380
uh through the process of change policy was a nightmare because for the specific company, anytime you

04:09.380 --> 04:14.630
wanted to change a policy, it had to go through an entire council or a committee that voted on the

04:14.630 --> 04:16.010
password changing policy.

04:16.010 --> 04:20.930
And even though it made sense and it needed to be enacted and it should have been cut and dry, there

04:20.930 --> 04:25.430
was a lot of resistance to that change because, hey, we've always done it this way.

04:25.430 --> 04:27.260
Why do we need to change it now?

04:27.290 --> 04:32.630
Uh, and you'd be surprised how many people were just resistant to the type of changes that can occur,

04:32.660 --> 04:34.130
especially in technology.

04:34.250 --> 04:39.050
We usually don't have that big of an issue within it and cyber because we're used to changing constantly,

04:39.050 --> 04:44.510
but sometimes you just run into people that just do not want to change, and you have to provide a compelling

04:44.510 --> 04:46.220
argument based on facts.

04:46.220 --> 04:49.760
And even then, sometimes they're resistant to provide those different changes.

04:49.820 --> 04:52.340
We could do a memorandum of understanding as well.

04:52.340 --> 04:57.380
We talked about MoUs a little bit earlier in this course, but I wanted to reiterate it here in terms

04:57.380 --> 05:06.350
of, uh, in terms of inhibitors to remediation, if I have a MoU in play with different departments

05:06.350 --> 05:12.440
or between different organizations the way that we've been doing it could necessitate having a new MOU

05:12.470 --> 05:13.070
written.

05:13.070 --> 05:17.930
Well, the MOU was originally written and signed by people that aren't with the company anymore, or

05:17.960 --> 05:19.460
for a project that was long term.

05:19.460 --> 05:23.690
Maybe the project's getting ready to end in 3 or 4 months and they don't see the need to change the

05:23.690 --> 05:24.380
MoU.

05:24.380 --> 05:29.300
And so there's resistance to changing the MOU, which means there's resistance to way we can do technology,

05:29.300 --> 05:35.600
then requiring us to hold two different systems in place to necessitate meeting that MOU requirement.

05:35.840 --> 05:39.050
MOU can provide us with a great system and ability.

05:39.080 --> 05:44.000
It can provide a great policy and a great working understanding between two departments or organizations.

05:44.000 --> 05:50.300
But it can also be an inhibitor to change if we're required to meet specific guidelines or specific

05:50.300 --> 05:56.120
functionality within systems that call for outdated or legacy systems that we want to upgrade.

05:56.930 --> 05:59.030
There's also service level agreements.

05:59.030 --> 06:05.630
We often talked about SLAs, meaning a specific requirement, and we said, hey, I want to have a 99.5%

06:05.720 --> 06:07.610
uptime on this SLA.

06:07.640 --> 06:13.670
Well, we may come up with a more secure system on that provides us better security, better encryption,

06:13.670 --> 06:17.240
but it also brings down the download speed or the upload speed.

06:17.240 --> 06:23.420
And yet our SLA dictates that we have to have this set of bandwidth or meet these specific requirements.

06:23.420 --> 06:27.740
And by adding those encryption and adding that security, it actually drops that SLA.

06:27.740 --> 06:30.770
Check down below what our SLA is required to be.

06:30.770 --> 06:32.870
And so that can be an inhibitor to change.

06:32.870 --> 06:40.910
When we have an SLA that says you will meet 99.5% of this data speed of, let's say, a gigabyte download

06:40.910 --> 06:41.360
speed.

06:41.360 --> 06:42.170
And that's great.

06:42.170 --> 06:45.080
And all our bandwidth didn't change, but we started adding encryption.

06:45.080 --> 06:47.660
We started adding more security on the system.

06:47.660 --> 06:51.710
And now instead of getting that one gig, we're at 9.9.

06:51.740 --> 06:53.930
Did it have a vastly different, changed approach to it?

06:53.930 --> 06:57.140
No, but it now does not meet that SLA requirement.

06:57.170 --> 07:01.850
We have to go back through and do a new SLA agreement based on the security needs and some businesses.

07:01.880 --> 07:06.830
Again, resistance to change, resistance to that SLA benefit, they're not going to want to do it.

07:06.830 --> 07:11.240
So SLA checklist SLAs could necessitate an inhibitor to change.

07:11.960 --> 07:16.670
There's corporate governance or organizational governance, where it refers to a framework of processes

07:16.670 --> 07:17.660
and regulations.

07:17.660 --> 07:23.570
This is often employed by different organizations to provide a specific way of doing things or a specific

07:23.570 --> 07:23.990
way.

07:24.020 --> 07:27.380
Our, uh, our different departments interact with one another.

07:27.410 --> 07:34.160
This often is transparent within it, and it provides corporate leadership to allow and assess ramifications

07:34.190 --> 07:36.410
of actions within our business.

07:36.440 --> 07:42.590
When it comes to decisions that they make, when this comes to remediation, if they go into effect

07:42.590 --> 07:46.970
and they start saying, hey, we want to do this framework, this is what we employ, this is the relation

07:46.970 --> 07:47.690
we're meeting.

07:47.690 --> 07:50.000
This is how we do business.

07:50.090 --> 07:53.900
And we want to come through and say, oh, we would like to increase our security or we'd like to do

07:53.900 --> 07:54.620
this.

07:54.710 --> 08:00.350
Uh, it may affect that regulation or it may affect that corporate compliance that thereafter, which

08:00.350 --> 08:04.940
then says that we can't do it because we've dropped our download speeds or we've dropped our bandwidth,

08:04.940 --> 08:11.210
or maybe we're employing new security, but the current compliance regulations say that you will do

08:11.240 --> 08:14.900
des older encryption algorithm or Triple-des.

08:14.930 --> 08:15.410
Right.

08:15.440 --> 08:16.940
But we just came out with this new thing called.

08:16.970 --> 08:21.530
TLS or SSL that's supposed to be bigger and better and all the way across the board.

08:21.530 --> 08:25.460
But the compliance and regulations say that you will hold up to triple death.

08:25.490 --> 08:31.370
This could be an issue because even though we know SSL is better, way better, the specific governance

08:31.370 --> 08:33.710
comes into play and says we will do triple death.

08:33.740 --> 08:40.310
This often times can be a problem when it comes to corporate governance by outlining specific technologies.

08:40.310 --> 08:45.560
So a lot of times when we talk about specific technologies, we will say or better or better, so meet

08:45.560 --> 08:48.410
the minimum requirements or better in our corporate compliance.

08:48.410 --> 08:54.620
But if that little word isn't in there, it could affect our, uh, our problems with remediation of

08:54.620 --> 08:55.400
moving forward.

08:55.400 --> 09:00.650
And so that's an inhibitor to trying to fix a security vulnerability by upgrading to a new encryption

09:00.650 --> 09:01.040
standard.

09:01.040 --> 09:02.360
That's obviously better.

09:02.360 --> 09:06.050
But because we didn't do that or better, it has to go through the entire framework, the entire governance

09:06.050 --> 09:12.770
protocols, all that problems for going to a better, um, encryption standard that has little to no

09:12.770 --> 09:14.780
effect on our overall infrastructure.

09:15.710 --> 09:17.630
There's also business process interruption.

09:17.630 --> 09:23.240
Anytime I want to change something within our enterprise environment, especially for security, ultimately

09:23.240 --> 09:28.010
I'm most likely going to have to take a system down, or I may have to patch a system, or I may have

09:28.010 --> 09:32.780
to upgrade that system, which may have an expanded lifetime or an expanded maintenance window within

09:32.780 --> 09:33.680
the process.

09:33.680 --> 09:38.480
This means that let's say I want to upgrade a router, and the normal maintenance window is only four

09:38.480 --> 09:38.810
hours.

09:38.810 --> 09:44.130
But because of the way our network is set up, maybe we anticipate the router being offline for six

09:44.130 --> 09:44.540
hours.

09:44.540 --> 09:49.460
This could provide an extended maintenance window or a system downtime that the company isn't willing

09:49.490 --> 09:53.930
to accept, which means we can't upgrade the router because our maintenance window is only four hours.

09:53.930 --> 09:55.340
But we need to do all the prep work.

09:55.370 --> 10:02.660
This could pose some issues or problems to inhibitors, to remediation of fixing or replacing this router

10:02.720 --> 10:08.390
where we have a router where the maintenance window should only take three hours, but the backup procedures

10:08.390 --> 10:12.170
to get out of it and reconfigure the old router made the two hours.

10:12.170 --> 10:16.820
If we have to back out this would override our maintenance window of only four hours to be five hours

10:16.820 --> 10:18.890
and that may come into technical issues.

10:18.890 --> 10:23.270
We've also seen technical issues where the original plan was to only take two hours.

10:23.270 --> 10:24.530
We have a four hour maintenance window.

10:24.530 --> 10:31.370
Everything's approved, but we got so, uh, streamlined, so focused on the issue that we looked up

10:31.370 --> 10:37.910
and we saw this router that's down, but it's been almost three hours and 45 minutes, and we've exceeded

10:37.910 --> 10:42.200
that maintenance window, because there's no way we can back out with the old router back in within

10:42.200 --> 10:44.390
15 minutes to meet the maintenance window guidelines.

10:44.390 --> 10:46.640
This could be technical issues that come into play.

10:46.670 --> 10:51.530
It could also be technical issues in the fact that we wanted to go to a new encryption standard, but

10:51.530 --> 10:54.290
the new encryption standard isn't taking place.

10:54.290 --> 10:56.030
It's not doing hold properly.

10:56.030 --> 11:00.230
Uh, we're having configuration issues or software issues with the system we're trying to deal with.

11:00.260 --> 11:03.350
That could be a technical issue, and it's taking longer than expected.

11:03.350 --> 11:06.980
We'd have system failures where again, the router just goes offline.

11:06.980 --> 11:08.690
It takes the entire system offline.

11:08.690 --> 11:10.100
We need to replace it.

11:10.130 --> 11:12.620
And again it's going to take 4 or 5 hours to do that.

11:12.620 --> 11:18.710
That could be a business process interruption where it's inhibiting our ability to remediate the overall

11:18.710 --> 11:19.370
issue.

11:19.520 --> 11:22.220
We could also see where we've got a problem with insecurity.

11:22.250 --> 11:27.230
We will replace a system, but in order to replace this system, we have to replace this system as well.

11:27.410 --> 11:30.590
Or we had a system fail the night we were supposed to replace something.

11:30.590 --> 11:32.000
So that's a system failure.

11:32.030 --> 11:36.080
Natural disasters come into play where we may have a tornado or a hurricane that comes into play, or

11:36.080 --> 11:39.170
even an earthquake or another natural disaster fire, flood.

11:39.200 --> 11:40.040
It doesn't matter.

11:40.070 --> 11:46.730
That comes into play, and we can't readily replace that issue or fix that remediation process because

11:46.730 --> 11:48.800
we had something unexpected come into play.

11:48.830 --> 11:53.900
And of course, there's human error, which makes up a majority of our problems where originally we

11:53.900 --> 11:54.980
were to replace this router.

11:55.010 --> 11:58.700
It's going to take three hours, but all of a sudden we had somebody click on a phishing link.

11:58.730 --> 12:03.080
Now we have an incident and it's all hands on deck to fix this incident because it's playing havoc with

12:03.080 --> 12:07.700
our systems and we can't remediate the overall issue that can be modified.

12:08.660 --> 12:10.610
We also have degrading functionality.

12:10.610 --> 12:12.710
This could be from our malware infections.

12:12.710 --> 12:18.140
It could be from any number of different aspects, but usually with malware infections coming into play,

12:18.140 --> 12:21.080
we have the malware that's taken hold within our system.

12:21.170 --> 12:23.090
We have to get out that malware.

12:23.090 --> 12:27.740
And because of that, now we've degraded our functionality of our overall client base.

12:27.920 --> 12:32.690
It's not uncommon for malware to spread, and when that spreading takes place, we no longer have access

12:32.690 --> 12:37.820
to the systems or the degraded functionality of those systems because we have to go through and wipe

12:37.820 --> 12:38.450
the program.

12:38.480 --> 12:43.790
We have to wipe that malware from existence that poses issues, gives us degraded functionality, cache

12:43.790 --> 12:46.040
management issues where we're trying to run into patches.

12:46.040 --> 12:50.030
We want to streamline that patch management window within the maintenance window.

12:50.030 --> 12:55.610
And because we're implementing patches, we have degraded functionality across our spectrum of our enterprise

12:55.610 --> 12:58.910
environment, which means our help desk can't normally do what they would like to do.

12:58.940 --> 13:03.650
It's not uncommon, especially in large environments where we're doing a major system overhaul or we're

13:03.650 --> 13:09.170
doing a major patch and something that would normally wouldn't be an issue, like a password reset.

13:09.200 --> 13:12.920
The help desk can no longer do because we're patching the different systems, and we told them not to

13:12.950 --> 13:13.670
do anything.

13:13.670 --> 13:18.680
So degraded functionality of that aspect, denial of service or distributed denial of service attacks

13:18.680 --> 13:19.550
on our system.

13:19.550 --> 13:22.010
Since our clients can access the overall system.

13:22.010 --> 13:24.200
It's restricted because we're hitting too much traffic.

13:24.200 --> 13:31.250
That could pose issues and of course, overly restrictive controls or misconfigurations where the client

13:31.250 --> 13:36.950
or the people trying to get access to our systems can't meet all those problems or meet all the functionality

13:36.950 --> 13:42.680
of those systems because we've made restrictive controls too much, and so they can't authenticate,

13:42.680 --> 13:47.480
or they can do one thing like they can write in the Excel spreadsheet, but then they can't save to

13:47.480 --> 13:52.670
it because they're restrictive controls don't allow them to, or they can read it, but they can't write

13:52.670 --> 13:55.130
to it, or they can write to it, but they can't save to it.

13:55.160 --> 13:59.570
These are all restrictive controls that I've seen in the past that just provide major issues within

13:59.570 --> 14:03.320
an overall environment and degrades functionality across the board.

14:04.460 --> 14:09.020
When we talk about legacy or proprietary systems, I've given numerous examples in the past where I've

14:09.020 --> 14:15.500
got an older system that's no longer supported, but it contains a specific software or a specific data

14:15.500 --> 14:18.350
that we can't easily translate over to a newer system.

14:18.380 --> 14:22.730
This often relates to a major problem when we're trying to remediate an issue.

14:22.800 --> 14:26.490
If Guy has got an older server and I've got newer technology that's coming out.

14:26.520 --> 14:32.550
Not only do I have to protect that system that is out of state or at its end of life and no longer supported,

14:32.550 --> 14:38.400
but I also have to remediate security around that specific legacy or proprietary system.

14:38.400 --> 14:41.880
And this could easily come into different functionalities where we're trying to do something with our

14:41.880 --> 14:42.690
network.

14:42.900 --> 14:46.560
But I've got this older legacy system that just doesn't work into play.

14:46.680 --> 14:52.050
This is a major issue, especially across larger environments where they may have 2 or 3 different legacy

14:52.050 --> 14:56.430
or proprietary servers or even different systems that we have to hide behind firewalls, we have to

14:56.460 --> 15:01.080
add additional security, but we still have to allow people to gain access to it, and we have to safeguard

15:01.080 --> 15:05.700
those systems, and we want to remediate or we want to upgrade our servers, and we can't because of

15:05.700 --> 15:07.650
this singular legacy system.

15:07.680 --> 15:12.300
This often resolves into the fact that we segment that system into its own environment.

15:12.330 --> 15:13.290
We virtualize it.

15:13.320 --> 15:18.120
We do all kinds of different compliance issues or mitigation strategies to protect that system and lower

15:18.120 --> 15:18.960
the impact of it.

15:18.960 --> 15:21.690
But never underestimate legacy proprietary systems.

15:21.690 --> 15:24.690
They're all over the place inside larger enterprise environments.