Craig Jones
π€ SpeakerAppearances Over Time
Podcast Appearances
And it's not something that's done willy-nilly, you know?
I mean, it does feel kind of offensive, someone coming in and tampering with my stuff, you know?
But effectively, it's written into the EULA, like the End User License Agreement.
And candidly, you kind of need this.
And I think that's where a lot of firewall providers actually fail, is the fact that they rely on end users to patch everything.
And candidly, so many firewalls that just bought and they never updated, you know?
One of the things that we've been kind of working on, even before this situation, was, you know, pulling in our telemetry, our firewall telemetry, the kind of basic telemetry I was talking about earlier, into Splunk.
And I remember talking to Mark, who was just this amazing Splunk engineer in my team, and
I said, well, can we go back on that data?
Can we find out when this first started?
Because I couldn't quite work out the exact moment in time or the first firewall that was hit by this Asnarok attack.
And then I went back, well, how far does that data go back?
And then Mark said, well, actually, I think I've got like three months worth.
So we kind of rolled this thing back three months.
And there was one single device that had been hit like a month or so beforehand.
Like sometime in February, if my memory serves me right.
So it was kind of registered to like a Chinese 163 address.