00:00:00: Good afternoon and welcome to today's fireside chat.
00:00:02: The unprecedented rise in SAP attacks lessons from Mandiant and Onapsis.
00:00:08: My name is Leah, And with us today we talked about the newly released mandient twenty-twenty six M trends report.
00:00:15: are Juergen Klitzer Klitzer VP for Mandiant Consulting Google Cloud and Anapsis CEO.
00:00:23: I said All right, sorry.
00:00:30: Let me do it again.
00:00:31: Okay five four three two one.
00:00:33: good afternoon and welcome to today's fireside chat.
00:00:36: the unprecedented rise in SAP attacks lessons from Mandiant and Onapsis.
00:00:41: My name is Leah And with us today could talk about the newly released mandiant twenty-twenty six mTrans report.
00:00:48: our Jurgen Kutcher BP VP for Mandiant consulting Google Cloud and onapsis CEO.
00:00:54: Mariano Nunez With that mariannel can you start itself?
00:00:59: Yeah, thank you very much.
00:01:01: Jürgen!
00:01:02: Very good to see you happy to have here for this discussion.
00:01:05: I know we've got some really exciting and important topics to discuss today.
00:01:10: so yeah Thank You Mariano.
00:01:11: great to be here
00:01:13: of course.
00:01:14: So look everyone knows in industry right like Mandi and kind a part of Google Cloud?
00:01:20: You guys are at the front end of the trenches.
00:01:24: three intelligences who really are tracking what threat actors and adversaries or doing And you really capture a lot of these intelligence and learnings in the M-trend report.
00:01:35: I'd love for you to talk more about what we've found over the last kind of twelve months, What were key findings on this year's M-Trend Report?
00:01:44: Yeah, so we've been publishing M-trends for about fifteen years or so now and it always summarizes our key observations from the front lines as you correctly said Mariano of the past twelve months.
00:01:54: And this year's report.
00:01:56: there were really a couple things that immediately jumped out at me.
00:01:59: one thing I would like to look at is the dwell time.
00:02:02: It was probably one of the most looked up metrics which are defined between initial compromise and detection of a threat actor in an environment.
00:02:12: And we've noticed actually for the first time after many, many years of steady decrease return to growth We have gone up to fourteen days from eleven day last year.
00:02:23: What's interesting about that?
00:02:24: is off course.
00:02:24: why behind it?
00:02:25: and we see primary reason why this?
00:02:28: because again more industrial espionage based attacks also more incidents tied with North Korean IT worker problem And these are two types of incidents where, again, attackers trying to maintain persistence for a long time.
00:02:43: I think that explains why we've seen the little bit reversal on this downward trend in the dwell-time over so many years.
00:02:51: but overall message remains positive when you look at well because fewer and fewer very long incidence as anything more than six months.
00:03:04: We see defenders getting better at detecting and responding to incidents, which is a positive for the industry now.
00:03:12: We've also seen an interesting trend around the initial compromise vector.
00:03:16: In fact, for this six consecutive year we see that exploits is the most commonly used initial compromised vector at thirty two percent.
00:03:25: on The other hand we see email phishing continuously declining.
00:03:29: it was down to six percent.
00:03:30: now.
00:03:31: We think this is primarily due to better technical controls and just simply more fishing emails Also getting blocked.
00:03:37: but we created a new category voice phishing A category that has grown to eleven percent, which Thread Actor started to use very heavily now because it bypasses the technical controls.
00:03:49: One example is Thread Actors targeting help desks and they're managing to social engineer their help desk employees too for example register attacker control mobile devices for NFA.
00:04:01: And another interesting trend is the handoff time between initial access and a full-blown ransomware attack that's gone down over the past few years from days to hours, now just twenty two seconds.
00:04:13: It is showing the challenge that defenders are facing dealing with attacks at go from like low impact intrusion to a super high-impact ransomware incident in just seconds.
00:04:25: Machine speed is critical for the SOC as we go forward, and on the topic of ransomware... The last trend I want to talk about here is threat.
00:04:34: actors are not only focusing on causing operational pain by encrypting critical systems but they've moved into actually preventing recovery.
00:04:42: They're actively targeting recovery system such as backup infrastructure or virtualization platform and other systems needed to restore an environment with a goal of course, of inflicting the maximum amount of pain.
00:04:54: To increase the odds of achieving their ransom payments.
00:04:58: those are some of the most interesting trends that we've seen in this year's entrance.
00:05:03: now That's great context you're gonna And I think it so important right for kind of The audience.
00:05:07: context like This is not a theoretical observation or prediction Like this Is actually from the front lines as You do easy response As your doing forensics.
00:05:15: So It's really high quality data and signal right across.
00:05:20: We're all kind of inundated with noise, things that come out.
00:05:22: but I think everyone looks forward to getting this telemetry and insights from you on your team because it's high quality And i think its interesting.
00:05:30: we've both been inside for more time than what we want to meet This evolution of fishing being less relevant and going towards exploitation of vulnerabilities which over the last decade were seeing a different trend.
00:05:47: That's definitely interesting to me as well.
00:05:50: I think that part of it, one of the things i noticed in this report is there a significant emphasis or relevance now on enterprise applications right?
00:05:59: In the Mannion report which we haven't seen before so maybe its connected with exploitation aspect but what happened you see and whats changed at enterprise application are really coming into the forefront.
00:06:14: Yeah, it's been an interesting evolution indeed.
00:06:17: I mean again as i said exploitation of vulnerabilities first place most commonly used attack vector and within that we do see a heavy focus on enterprise applications.
00:06:29: top three most frequently used CVEs were all tied to enterprise applications with SAP NetWeaver, taking the first place actually followed by Oracle e-Business Suite and finally Microsoft SharePoint.
00:06:43: Obviously, all three major players in the enterprise application space impact huge client footprint.
00:06:50: interesting the SAP Netweaver vulnerability specifically.
00:06:54: it related an unauthenticated remote arbitrary code upload vulnerability which when you combined it with another CVE also could result in code execution, making this indeed a very severe and very impactful vulnerability.
00:07:09: Now we track this as a campaign at Mandion When We See Recurring
00:07:14: Attacks
00:07:14: With attackers exploiting for example recurring vulnerabilities or using consistent methodologies that create campaigns around them and we saw this campaign last for the large majority of twenty-twenty five, with multiple investigations relating to these specific vulnerabilities.
00:07:31: In fact when we first started tracking it as a zero day in the early part of Twenty-Twenty Five We observed four distinct threat clusters that were exploiting this as a Zero Day And then after SAP released a patch we saw another six threat actor clusters starting to exploit this vulnerability.
00:07:51: It is clearly something that a lot of threat actors actively started to exploit.
00:07:57: One thing we've also seen, the post-compromise, we saw a lot attackers leveraging it for initial access but also then leveraging as starting point further conduct internal reconnaissance within those environments.
00:08:11: Obviously these enterprise applications are very critical assets too most organizations extremely high valuable, and I think attackers have just really taken advantage of that when those vulnerabilities were identified to immediately get sort the most critical components within an enterprise with some other most valuable data assets.
00:08:36: want to ask you some questions Mariano and obviously, You've seen the same thing that we have seen.
00:08:42: We've worked very closely together here And obviously on Upses is the expert in enterprise application security and protecting organizations against these types of attacks.
00:08:53: I know your team was at the center Of this global response as well.
00:08:57: i'd love To hear a little bit more from Your perspective what did u see specifically In twenty-twenty five when it came vulnerabilities.
00:09:07: Yeah, no absolutely you're gonna.
00:09:10: it's been a pleasure working with your team and many who work along with SAP.
00:09:15: we'd see some European certs as you described at the epicenter of that response.
00:09:22: but maybe taking this step back I think for us if you think about we've been working on the enterprise application space over the last sixteen years And we've been seeing this steady increase of, especially SAP threat activity.
00:09:36: But really what happened with the zero-day and DCB was really before an after, right?
00:09:40: It's kind of that.
00:09:41: it really became their first mass exploited SAP Zero Day vulnerability history which we hadn't seen... We'd seem very targeted attacks or some campaigns against known SAP vulnerabilities but we have never seen this scale and also used in a zero day and to your point with like now threat, different thread clusters that were kind of interacting or leveraging this.
00:10:03: So at a very high level just give you sense of the time.
00:10:06: when I get the audience's sense of their timeline Like they started really in April publicly starting in April end of April When I rely on Quest puts out a blog saying That they identified few customers who have Their SAP systems potentially compromised But it was not clear.
00:10:21: It wasn't zero day Was an over ability that has been exploited.
00:10:25: So, two days later after that blog SAP actually releases an emergency patch.
00:10:29: Right?
00:10:29: That makes it clear to everyone.
00:10:31: we're dealing with a CODA so as well started working closely with SAP and Mandian and government agencies across the world really help raise awareness on protect customers.
00:10:43: We are part of the work with SAP based.
00:10:46: some unique capabilities which have been discovered at that time was more complex than initially thought.
00:10:50: So SAP release another patch about fifteen days later, so then there's an other patch that has to be applied now.
00:10:57: But basically we have a time frame of at least since the block post two point end-of-the year off several waves of attacks.
00:11:05: right and one of reasons is that mid August this group Shiny Hunters goes out on publishes releases their public exploit so that it's another wave of attacks after that.
00:11:16: I think what interesting for us was big learning would realize happening way before kind of that April time for it, right?
00:11:23: And
00:11:23: as
00:11:24: part of an app system we have a capability.
00:11:25: We call SAP Thread Intelligence Network where we can actually see real-world attackers exploit in SAP systems and will use our intelligence to really improve our products and protect our customers but through them we found evidence like very very targeted exploits and probes happen all the way back from January.
00:11:44: So actually the threat actors were exploiting this probability.
00:11:47: In January, really we see a spike in February and March And then continuing again through different waves afterwards.
00:11:54: But if you think about the aftermath right?
00:11:55: This led to over five hundred companies being compromised Through their SAP systems.
00:12:01: I think We're fortunate that The actual component being targeted wasn't really old.
00:12:06: i'm not enabled many places so I think That actually reduced the attack surface.
00:12:11: otherwise numbers who have been ten X of
00:12:13: that?
00:12:14: I think one of the key cases that ended up becoming public later on was this very famous large UK manufacturer.
00:12:23: Unfortunately, through these attacks there were down production for six weeks.
00:12:28: they had to follow thirty thousand people and we're talking about a company has a really sophisticated SAP operation with a sophisticated security program.
00:12:36: but unfortunately this attack led two point four billion dollars in profit lost today
00:12:40: right?
00:12:41: And what a lot.
00:12:43: This was the result of shiny hunters.
00:12:44: They claim responsibility for this attack, and they say that it didn't use this SAP CRD.
00:12:50: It's a significant moment in the enterprise application security space.
00:12:55: Something I do want to highlight is we work together with you Jurgen and Charles Carmichael on the team at Mandia where not only protecting our customers but also securing all SAP customers and security community.
00:13:08: So we did work really closely to release an open source scanner, so IOC in the care of compromise scanning tool... We published it on GitHub.
00:13:20: that also helped the community and defenders worldwide get ahead of this right?
00:13:27: It was impressive to see scale at a level of sophistication and knowledge that bad guys have about these enterprise applications.
00:13:36: Now, to your point going directly after the crown jewels that are kind of in the cloud and more internet-facing than they used to be before.
00:13:43: And when I think about this right now it's like all these was pre AI Right?
00:13:48: It feels like the world changed last six months More than ever on All these attacks.
00:13:52: so this campaign we're talking about were basically mostly kind of pre AI campaigns and operations.
00:13:58: No AIs change everything.
00:14:00: So i'm very curious what Mandian sees kind of coming here in this regard, what you predict will happen now with things.
00:14:06: So as you mentioned the findings they were not good before right and there was a lot of challenges for defenders.
00:14:12: What do you see happening from threat perspective?
00:14:16: Yeah it's been really interesting couple months or maybe year where we've seen an incredible evolution with AI.
00:14:26: I remember Thread Actors first starting to use AI for social engineering, creating better emails, creating them in local language and then maybe moving into audio-video based content to ultimately be more convincing on the social engineering side.
00:14:42: that was where things started but it's not where thing stayed.
00:14:45: obviously very quickly Thread actors realized a power of egos well beyond.
00:14:51: Obviously, we'll talk more about how power AI can be in discovering vulnerabilities and exploits.
00:14:57: But even before I get to that attackers are using AI at many different capabilities.
00:15:03: At the highest level it helps them for speed scale and sophistication those other three main drivers and values that attackers getting out of AI.
00:15:15: They're, for example capable of building better attacker tools with higher speed and less knowledge that they require.
00:15:22: We've seen them build polymorphic malware meaning malware that can dynamically change its capabilities.
00:15:29: now think about what that does to anything signature based in terms of detection.
00:15:33: it just completely renders any signature-based detection completely obsolete.
00:15:38: This is malware without any human intervention can add and remove functionality through the use of AI, extremely impressive.
00:15:46: we saw that for the first time with our threat intelligence team GTIC found out in The Underground And now We've also seen it actually already being used by Threat Actors In live attacks right?
00:15:57: Extremely difficult
00:15:59: to
00:15:59: identify That.
00:16:01: and then Of course Thread actors are also automating different phases of the attack lifecycle.
00:16:07: One phase that, for example oftentimes gave the defenders an advantage was the time it took thread actors to identify crown jewels they were looking.
00:16:17: In the case of industrial espionage, finding whatever information that you're supposed to find is not a trivial task for threat actors.
00:16:25: They are usually not subject matter experts in their specific field.
00:16:28: they land somewhere in an enterprise and don't know where it's at or if there needs to be a crown jewel.
00:16:34: They need to move laterally so they can take documents out from the environment sometimes its right but also wrong information.
00:16:43: It takes time and creates noise.
00:16:45: AI can do all that for them.
00:16:47: AI can run a perfect discovery across a very large environment, look at thousands and thousands of documents to identify the right ones with much higher sophistication and much higher accuracy than a human without any special training could do.
00:17:01: That is, for example, critical phase.
00:17:03: threat actors are automating in-the attack lifecycle meaning again they're gaining speed or scale because fewer people are required to launch an attack And so this usage of the sophistication is increasing and evolving really, really rapidly here.
00:17:25: the capabilities of AI more and more as this ultimately allows them to reduce their barrier for entry.
00:17:33: It allows him to scale their attacks far faster, it allows them run more attacks in parallel And Of course As I was saying ,it allows us identify also vulnerabilities new entry points.
00:17:46: We already see.
00:17:47: exploitation of vulnerabilities like enterprise application vulnerabilities we were talking about is a number one threat vector.
00:17:55: Now, when you see how powerful AI is at discovering vulnerabilities in systems and applications but also now it's building exploits this going to be another force multiplier for the threat actors.
00:18:17: it really reduces the barrier of entry for threat actors.
00:18:22: And I think that is something we as defenders need to realize, We NEED TO USE AI FOR THE EXACT SAME REASONS, SPEED, SCALE AND SOFISTICATION!
00:18:34: The POSITIVE IS WE'RE SEEING ENTERPRISES ADOPTING AI EXACTLY FOR THAT!
00:18:40: Since we're on the topic of AI, Marianne I also wanted to ask you.
00:18:44: Of course i know SAP is obviously really focused on AI and what are the specific cyber risks to SAP applications that have now changed with AI?
00:18:57: What is your view on this?
00:18:59: It's a great question exactly.
00:19:01: SAP is doing massive transformation as a business to focus on AI.
00:19:06: they launch their autonomous enterprise vision and really strategy, which I think it's really impactful.
00:19:13: But the challenges they see is starting with what you just mentioned right?
00:19:17: We're-I was actually talking to CISO a couple of weeks ago now And he was very concerned about this.
00:19:23: new models meant exactly because one other point that you mention.
00:19:25: He said Hey!
00:19:27: I used to have advantage against... I know advanced attackers already knows how hack SAP systems.
00:19:33: we saw in these twenty five campaigns but at least I knew that most of the war from a Threlaska perspective, they don't really understand SAP.
00:19:42: They didn't know how to attack SAP systems.
00:19:43: They don't know their proprietary protocols or how to navigate SAP T-codes.
00:19:48: and now when you think about it all those like AI completely democratizes that access right?
00:19:54: Now they can just do a lot of that through the LLMs And they don' t need be an expert on the target applications.
00:20:01: That maybe kind of they did have knowledge before.
00:20:04: um i think in SAP also particular What happens is we're talking about mission critical systems, right?
00:20:10: So you gonna have now significant more volume as to describe off kind of more patches.
00:20:14: More things to patch or zero days that you've been attacked on.
00:20:18: but even for no vulnerabilities You cannot apply the patch Even if you haven't because it may not be able to get a downtime.
00:20:25: so your operating with assistance will long exposure to non vulnerabilities and I think in that point kind of the three intelligence, that context for triage and remediation is key.
00:20:36: You're not going to be able to fix everything.
00:20:38: so knowing through three intelligence kind of purpose built for this which are the ten things you're exposed too?
00:20:44: Which other two have actually been exploited by the three actors today right now most likely gonna be compromised kinda supersized with AI.
00:20:52: That's definitely I think an area off opportunity.
00:20:54: on balance The other one has a lot around zero-day detection, right?
00:20:59: It's like we're going to see as you describe more zero day vulnerabilities being discovered by LLMs.
00:21:04: So having the ability to detect zero data attacks against SAP is kind of critical and then something will hear a lot about this.
00:21:12: everyone is coding with AI.
00:21:14: now I'm creating code way faster with more volume of code.
00:21:21: there are a lot concerns whether that code is actually secure or not.
00:21:24: SAP has total capabilities like dual base assistance where you can actually generate code.
00:21:30: based on our analysis, it's very important that organizations run those new AI generated code capabilities through security controls.
00:21:39: Otherwise your pushing insecure or potential malicious code into production which could be
00:21:45: dangerous.
00:21:47: but I think again for this a lot of threats and pessimism.
00:21:53: in one perspective As we know, there's also a recognition I think from us practitioners that AI can be actually used for good.
00:22:02: So i'm curious about Jurgen and you're touching a little bit on it like where do you see that AI could use by defenders to really protect themselves against this new
00:22:10: reality?
00:22:12: Yeah, before I respond to that.
00:22:13: I just wanted to add your previous comment right?
00:22:15: That exposure window...I think it's an important topic for enterprises to realize with this new wave of zero days and vulnerabilities being identified by AI.
00:22:26: already in the twenty-twenty five mTrends reports we saw that the average exposure window is now negative.
00:22:32: seven Attackers are using vulnerabilities before a patch is even realized.
00:22:40: That means you as a CISO will have to accept that, You're going to have vulnerabilities and not gonna be able to patch fast enough?
00:22:49: The other reason it's just simply.
00:22:51: we expect of course A very significant number of vulnerabilities to be identified And As already seen in the past several years We'll also deal with vulnerabilities In systems which can no longer be patched.
00:23:03: Maybe the manufacturer no longer exists.
00:23:05: The devices are end of support, end-of life.
00:23:08: most enterprises deal with challenges like that and I think this is a critical moment for us again as cyber security professionals to realize To go back to a lot of the foundations That we've been talking about For so long.
00:23:22: Defense in depth zero trust architectures improving cyber defense capabilities all Of these things are going to be critically important.
00:23:31: obviously patching changing and updating your vulnerability management program is absolutely critical.
00:23:37: Reducing your attack surface, it's critical.
00:23:40: but also all of the additional security controls that we've been talking about for these years are going to be critical because you have to assume breach.
00:23:48: You're gonna have issues where not being able to fix fast enough before a threat actor potentially identifies.
00:23:56: But I agree with you.
00:23:58: Let's let's leave the doom and gloom a little bit behind us And let's also talk about how AI helps to defenders, and by the way?
00:24:05: I do believe that AI will give a greater Advantage to the defenders than to the threat actors.
00:24:11: right it may seem at times like things are not in perfect balance but i think over time Ai is A huge advantage for Us as defenders.
00:24:19: The first thing That I Think About Is when I talked To sysos is You need to use ai For the same three drivers that the threat actors are using, its speed scale sophistication.
00:24:30: There's many different ways that defenders can do it.
00:24:33: I'm just going to give a couple of examples.
00:24:37: i was talking earlier about how attack life cycles have gotten shorter through the use of AI .I gave that example of the twenty-two seconds in handoff time between two different threat actors going from initial foothold.
00:24:53: Now we as humans don't deal well with twenty two seconds in terms of response time, right?
00:24:58: If you're a sock analyst the light turns red.
00:25:01: Twenty-two seconds later You've got to complete ransomware incident In your hand.
00:25:05: chances are not going to react fast enough.
00:25:08: that alert will sit in the queue by The time it gets picked up.
00:25:11: It's evolved significantly.
00:25:13: AI can give us as cyber defenders such a powerful tool, building agentic songs that can operate at machine speed and make decisions for us is so critical.
00:25:25: it can triage these huge volumes of alerts at machine speeds So that the sock can then focus on those elements That really matter.
00:25:34: where human intervention Is needed.
00:25:36: Where complexity still demands Human analysis or human decision ultimately need to be made.
00:25:43: But one of the things that is clear for me and something we've also seen threat actors do, For example at a moment they will create a distraction or diversion.
00:25:53: They'll make very noisy attacks on each side They're overloading the sock.
00:26:01: I mean, this goes back to some of the old movies bank heists etc.
00:26:05: where The bad guys generate a lot of distraction for law enforcement in one particular part Of the city when they try to launch an attack In another part of the City and threat actors use the same technique.
00:26:16: that means your sock needs to scale And the human component is never gonna scale than their specific scenario especially if we're dealing with more and more zero-days vulnerabilities, more attacks automated fully AI driven attacks.
00:26:30: We need to be able to triage and work these alerts at machine
00:26:34: speed."
00:26:35: And I think there's great agentic solutions out there that Google have built now that can really help deal with the specific... threats that are out there, can build at scale and speed is absolutely necessary.
00:26:51: And on top of that with AI so many new things you could also do.
00:26:56: for example a look back function looking at closed incidents understanding if anything was missed by looking across multiple tickets or incidents.
00:27:06: maybe they were close.
00:27:07: it's an additional pattern identified.
00:27:13: typically a sock never has the time to go back and look at past events, past alerts.
00:27:20: And I think AI also needs to be used again in the identification of vulnerabilities by the defenders.
00:27:28: obviously we have a huge role to play there as well.
00:27:32: when i look at the vulnerability problem tied to AI always look at it from two perspectives.
00:27:37: one is How do we make sure that what we release in the future doesn't have problems of past?
00:27:45: AI is a phenomenal tool.
00:27:47: We're helping organizations build better, more secure SDLC processes by integrating AI into the SDLC.
00:27:55: It's a tool that is available.
00:27:56: it's very powerful and capable And can really reduce and improve quality of code being generated.
00:28:04: as you were saying Mariano earlier right?
00:28:06: A lot of this custom code is where risk sits because again, it's developed very quickly.
00:28:13: And that is a huge opportunity that defenders have to proactively scan this code before it goes into production and identify vulnerabilities.
00:28:22: The great thing about AI is they can also help with identifying these specific vulnerabilities and actually providing recommendations around them.
00:28:32: so not just pointing out the problem but telling you as software engineer what we need to do Right.
00:28:39: I mean, we recently launched for example the AI threat defense here at Google Cloud that exactly aims to help with this type of problem.
00:28:47: so That way We can deal With a go forward problem.
00:28:49: but Of course you still have all The past?
00:28:52: You need To review as well But also there again ai Can give you speed and scale when humans review source code.
00:28:59: i've done it As A consultant.
00:29:01: It's very tedious process slow process for a human to review source code and quite honestly, you will miss all of these.
00:29:10: AI is phenomenal at reviewing source code.
00:29:13: Enterprises need to use that to review all their applications and systems they have already in production And also, of course thinking about some of the supply chain risks etc.
00:29:23: Enterprises that provide software as a service will absolutely need to use AI To help ensure they proactively identify and remediate these critical vulnerabilities.
00:29:36: so what they give their clients ultimately has been tested by AI and has been fully remediated.
00:29:44: So again, I think there's a huge advantage here to us as the defenders.
00:29:48: we're playing a little bit of catch-up right now but i think ultimately We will get there Right?
00:29:55: AI will be an advantage for the defenders.
00:29:58: Now I fully agree.
00:30:00: Im an incredible optimistic optimist.
00:30:04: so if you think about in my mind I'm actually really optimistic about the long term.
00:30:09: I think in probably five over like, five years plus we're going to be probably AI gives us as a defender one of the unique opportunities.
00:30:17: We will have to actually change that kind of asymmetry situation between the offensive defense and what we've been always being exposed too.
00:30:26: i think The next few years before we get there as defenders are gonna Be pretty tough right now.
00:30:32: because exactly What you said?
00:30:34: that is going to generate the speed at which attackers are gonna be able use it, how many attackers can leverage this.
00:30:39: So I think there's recommendations and best practices.
00:30:42: you're saying like sooner organizations can implement those controls using AI through the five AIs.
00:30:48: as said i think that will bring a lot of balance that equation as quickly we got right?
00:30:54: And innovations like Google AI threat defense solutions where building really helping organisations get their faster.
00:31:02: We do same.
00:31:03: On our end, we announced a few months ago the on-apps agent gateway to really help organizations bring SAP into their agent security and compliance workflows.
00:31:13: Because at DFA it's all about context right?
00:31:15: You can like.
00:31:16: LLMs are really good at kind of high level understanding different components in domains.
00:31:20: but there is certain domains like in our case enterprise applications where you need to have really deep domain contexts that kind and really do impact assessment, actually drive that autonomous defense.
00:31:35: So we are continuously innovating to help customers achieve it.
00:31:40: I think we're running up against time here but i just want to close.
00:31:44: maybe in closing here... It's great to see kind of the power off of mandian kind of part at google cloud And what Anaps has been doing
00:31:53: over the last several years
00:31:54: right?
00:31:54: We bring a really great synergistic value even responding to an incident, right?
00:32:01: Something that affects a application like SAP.
00:32:05: Mandate is of course kind of leading organization in understanding the network and sending the operating system database really looking at all those assets on how these systems were compromised.
00:32:14: or how do we respond?
00:32:15: I would cover from there.
00:32:16: And we bring it into the application layer.
00:32:19: intelligence.
00:32:21: What exactly if the attacker went into the SAP application layer Like then this where can provide a lot value helping remove that blind spot so that the full attack chain, the full kind of business impact could be understood and really mitigated.
00:32:35: And clean up and mitigate it moving forward.
00:32:36: So I'm really pleased with the collaborations we've done also not only in the field but all the three intelligence sharing We're doing between our teams.
00:32:44: they open source tools will release to help everyone.
00:32:47: The committee on defenders are very excited about other steps Of our partnership as well.
00:32:53: Yeah if i can just echo That was recently at a panel where again this topic off we need to collaborate more as security solutions providers, to help enterprises deal with these new threats out there.
00:33:06: And I find this partnership between Anapsis and Google Mandiant of course really refreshing that intelligence sharing but then also giving back to the community.
00:33:16: Giving tools, giving intelligence to the Community so The Community learns how to protect themselves helps identify what might or may not be going on in their environment.
00:33:27: collaboration between Onapsis and Manion, I think it is so critical.
00:33:32: And that there's definitely something we as an industry need to continue to promote –to have collaboration–and make this type of a positive impact on the
00:33:40: community.".
00:33:42: Couldn't agree more with you, Mariano?
00:33:53: Thank you very much for your time!
00:33:54: Well, thank you
00:33:59: both for drilling down into the latest zero-day exploit campaigns.
00:34:04: The impact of AI driven threats and for discussing how to develop a defense strategy.