Palo Alto Networks, Inc. (PANW) Earnings Call Transcript & Summary

All right. Hi, I'm Nathaniel Quist. So this is the presentation that I'm going to have for Zero Con. I'm just going to jump -- I'm going to share my screen, and then we'll just jump right into the presentation. All right. Well, let's go ahead and share the specific slide that I'm using. All right. My little window out of the way here. Okay. [indiscernible]. All right. Well, welcome to the presentation. Today, we're going to be talking about the COVID conundrum, the security impact and then the opportunities that we saw via with cloud workloads, security incidents, things within cloud environments during the time of the COVID pandemic and essentially from October 2019 until February 2021, looked at a lot different kind of data points within that. So it's kind of what this conversation is going to be around, COVID and the cloud. So first and foremost, my name is Nathaniel Quist. I am a threat researcher with Palo Alto Networks, with Prisma Cloud and Unit 42. We're kind of the mix between getting that threat intelligence angle from cloud into the real world, looking at cloud from a threat intel perspective, who's attacking it? Why they're attacking it? And then what are they finding in it? That's kind of my primary focus. And my contact information there, Twitter handles, e-mails, LinkedIn. Please feel free to get a hold of me with any questions after this presentation. If you want to take them offline, then those are the best ways to get a hold of me. That was the best avatar. That is the best avatar. I mean with all the smiley face with a beard. Just I think if I could just make my face that way all the time, I don't know if plastic surgery goes that way or not. But I don't know if I want to be yellow anyway or just keep it up. All right. So this conversation is going to be primarily about the cloud threat report that myself and my team created. The data that we gathered, again, as I said, just a second ago, between October 2019 and February of 2021, a very large overall comprehensive environment data set. And then really the big thing that we want to point out is that we actually collected this data from actual real sensors in cloud environments, and this is all factual real data. It's not a survey data or anything of that nature. It's a very large comprehensive data of the time during COVID-19 and what we saw from cloud environments during that time. There's a download link, cloud threat report, identified as cloudthreat.report\1H21. Please go check it out, download it, get some of the information. We'll just give you a high-level overview of what it is that we're going to look at within the report within this conversation today. So all right. So the general debate what we're going to talk about is the COVID response that organizations had, we saw an overall increase in cloud infrastructure. I mean probably not so much of a surprise, but we'll dive into that. We're going to dive into the security incidents that come from that, specifically being that when there is less time to do work, but there's more work to do, something is going to give, and that's typically security incidents, security for that. So we saw a dramatic rise in security incidents within cloud environments during this time, so we'll dive into that as well. And we're going to wrap everything up with a little bit of an investigation on cryptocurrency. I'm a big fan of the blockchains. But some good news here as well is that we actually saw a decreased expansion of cryptomining operations within cloud environments. So we're going to dive into that as well. All right. So some of the key findings. We're going to dive into each and every one of these as we go through the report. Just in general, there was about a 22% global increase in cloud workloads during the -- from October 2019 until February 2021. We have 188% global increase in security incidents, I mean, almost twofold, right? We saw a 30 -- we saw the organizations -- about 30% of organizations expose some sort of sensitive information within their cloud environment. So we'll dive into that and figure out what kind -- what that looked like. And then the 17% of organizations are showing a cryptomining operation indicators, which is down. So some good news there, but we'll dive into cryptocurrency and what is it doing. All right. So the first section that we're going to talk about is going to be the impact of COVID within the cloud usage. And the most significant impact of that is that we saw 22% increase in cloud workloads from, again, October 2019 until February 2021. And the biggest reason of that is this work-from-home situation that near all of us are facing. Several of us are starting to kind of creep back into the office a little bit but by far and large, the vast majority of employees and organizations are still work-from-home. And because of that -- so they had to connect to the environment somehow, and the cloud was a very good and scalable option to do that. So it's kind of natural that we see that work-from-home driving that cloud infrastructure upwards. So we had that 22% average. Some industries saw bigger growth than others. So this is just a top 5 industry ranking of what industries actually grew the most cloud infrastructure during this time. Chemical manufacturing, government grew the most 83%; pharma and life sciences grew 81%; wholesale, retail environments grew at 80%; and then insurance companies grew about 73%. And again, if we're looking at government, chemical manufacturing, pharma and life sciences, these are large organizations very important to COVID recovery, especially when it comes to like pharma, life sciences, COVID vaccines being a part of that government, keeping everything in track, moving forward and making sure that things get situated and moving properly. And then obviously, chemical manufacturing. I don't think there's any really big surprise there. On the wholesale and retail environment, I mean we shifted a lot of the -- during the time of COVID, we had to purchase things somehow. So things like Amazon, things like shopping online increased because of the need to continue buying things for our economy, things of that nature. So I don't think there's any large surprise here, but these are the organizations that saw the biggest increases. From a regionality perspective, this kind of brings 20% sort of aspect, but each individual region saw increases as well. We saw APAC grew at 70% cloud workload; EMEA, Europe, Middle East and Africa grew 79 -- or 69%; Americas grew 65%; and Japan at 58%. We pulled Japan out of that APAC region because there are some specific differences within Japan that we saw. They handled the smallest cloud workload growth. But because of that, we also -- they also have like the smallest security incident growth as well. So there's something interesting to be said about that. So we're going to highlight Japan specifically for a couple of our examples as we move forward here. So before we get to that, it's important to note that as COVID was ramping up -- before COVID really happened, you can see in Q4 2019, that's when the announcement of COVID happened, and we see a decrease in the number of cloud workloads that were being developed. So the cloud was actually on a decline for the past couple of quarters. It was still growing, I mean a very, very healthy 30% growth, you could say. And we got some of this data from Synergy report, which they essentially track cloud expenditures, money that's moving into cloud providers that's publicly recorded. They actually record that and we took that information and run with that as well. The top blue line here is the cloud accounts with critical incidents, right? So these are the -- any of the cloud accounts that actually have a critical incident involved. We took that as an overlay to see -- we saw a cloud decrease during the time, and then we start seeing this rapid increase right about Q1 2020, right when the HO -- WHO declared COVID-19 a pandemic and the U.S. declared COVID-19 a pandemic. We started seeing that incidents were starting to rise in correlation with that. But we still saw a negative growth in the number of cloud spend, right? So it's still now going into like a 27%. Again, it's still growing, but it's on a decline. And then we started seeing the cloud accounts with critical security incidents starting to pick back up. So you can see as COVID happened, we started to increase that workload. And then following that, then we start seeing an increase in security alerts or security incidents as we're going through. So kind of an interesting trend seeing the money spend and then seeing security incidents as they're moving through. So kind of a cool graph. We're going to focus specifically on RDP exposure for the next couple of slides. Specifically, I want to look at Japan. You can see here at the bottom, and we -- exposure of RDP is a trend that we've been tracking for roughly 2 years just to see if RDP is being publicly exposed or not to the world, and we see that organizations within Japan have the smallest amount of RDP exposure in the world, where countries like Canada, unfortunately, are seeing the largest. 70% of organizations within Canada are seeing a complete public exposure of RDP to the wild. U.S. is right in the middle, 51%, kind of a bellwether on that aspect. But what's the big deal about RDP exposure? Why are we highlighting that specifically? Well, RDP is -- there's pros and cons for it, right? The pros being that it allows the remote management of infrastructure. It's allowing organizations to shift in remote or shift that workforce to cloud and still maintain functionality of that infrastructure, right? It's how a lot of organizations continue functioning. Now the con of that is it allows the remote management of infrastructures. So predators will always follow their prey across the savanna or across the plains. Predators will follow their prey into the cloud. So they will be looking for how do the actor -- or how do these organizations manage their infrastructure. They're going to try to follow that same thing. RDP exposure has had some very notable -- or RDP, in general, has had some very notable examples of malicious usage. BlueKeep, back in 2019, was a wormable -- malicious worm that was able to hop from RDP, RDP, RDP systems, and it's all focused on was RDP impersonations or attack vectors. Ransomware -- in 2020, 50% of all ransomware attacks were using RDP as that vector of infection or in vector of lateral movement or across population. Just recently in January 2021, there was a very large DDoS botnet that captured about 14,000 systems. It was able to generate about 750 gigabits per second as far as the DDoS capability, and it solely used RDP as its attack vector. So some very serious things to happen on it. Also in 2020, ESET created a report, and it said that 768% increase in RDP attacks were recorded in 2020. So RDP was being hit hard and it was being hit heavy with these organizations or with organizations that were using RDP. And if we do a kind of a quick Shodan search across all these organizations, we found that there's about 400 -- 4 million, 4.6 million instances of RDP that's exposed just publicly to the worldwide Internet, right? If we look specifically at those cloud organizations in the bottom right here, looking at Tencent or Alibaba, had about 600,000, almost 700,000 exposed instances of RDP. Google GCP had about 450,000. Amazon had about 433,000 and Microsoft or Azure had about 306,000 exposed systems with RDP exposed to the worldwide web. So you can see that this is a topic. You can see that RDP is specifically targeted and attacked by attackers and used, there are several examples, and it's increasing. So something very specific that we wanted to focus on, as we shift -- all of our industries shift to the cloud, we want to make sure that we're locking down and being smart about what we're exposing to the world. So that kind of leads us into more of a security aspect. RDP is just one aspect that we looked at. There are several other incidents that we also wanted to highlight within our report and then also within this particular presentation. As I mentioned earlier, cloud security incidents did grow, and it grew pretty dramatically, 188% global increase in security incidents. That's a pretty, pretty dynamic, pretty large growth during this time. What did some of these incidents look like? Just kind of breaking off in here, the top 2 or top 3, we're going to loop these in here, is we saw a 212% increase in SQL databases that were not encrypted. So just the usage of data storage -- databases just being exposed, there was a large increase in the number of databases now were needed during this time. And unfortunately, we saw a 212% increase in these databases just not being encrypted by default or at all. We all saw a 149% increase in database snapshots also not being encrypted. So if you create a database, you can save that database again for later use or to build other images off of, et cetera. It's not encrypting those databases, just leaving them unencrypted. Anybody can kind of come around and take those and see what's inside of that database, even though it's not being used at the moment. So something to be known witness there. The next kind of group that we look at were just the exposures of different services, 122% increase in firewall rules that are allowing all traffic to Kubernetes clusters. And you can probably have specific IP tables or specific routing functionality inside of Kubernetes clusters itself, but not -- but just exposing the entire cluster open to the Internet, just kind of breathe a little bit of fear, a little bit of disaster in there. We saw that 70% of organizations permitted traffic over all -- all traffic over Telnet. Telnet is a pretty common vector to get into systems and try to [ cycle ] data out of it. So old school techniques right in there. But 70% of organizations exposing Telnet. Not very good. We saw 68% of organizations just directly exposing incidents to the Internet. So there is no -- basically any traffic to incidents of cloud incidents up there. 62% in SMB, saw 61% exposing FTP. Here's the 59%. This is on a global average, just across the board, 59% exposing RDP and then 58% exposing their MySQL or Postgres service down there as well. Also at the bottom, the exposed accessibility. So we -- the third option up there, 149% of database is not being encrypted or database snapshots not being encrypted. We saw 32% of database snapshots are just publicly available to the Internet at large. So they're not encrypted. There's no way to protect it. It's just open, just kind of flapping out there, and anybody knew. If they know where to look, they can go rob it. The final section we want to kind of highlight is logging. When you see a large trend that network flow logs are not being retained or turned on in some aspects. You can see that 25% of database logs are not doing any sort of audit logging in their environment, and we see that 13% of storage buckets are also not logging any of those accesses to those buckets. So again, this is kind of the trend, top 15 that we're looking at here, specific groups not encrypting, exposing services and then not logging things that our industries -- all of our industries should really make sure that we're doing or taking care of. All right. Looking at specific industries and then which industries saw the largest growth in security incidents is just huge, retail, 402% increase in cloud security incidents between October 2019 and February 2021. Just a very large dramatic increase. And again, retail being, how do we get this information? Or how do we provide our services to a public that is now remote, have to increase those cloud workloads? And we saw a 70% increase in workloads within that retail environment, that equated to a 402% increase in security incidents, which is unfortunate. Looking at manufacturing and government and then also pulling pharma and life sciences in there as well. Saw a 230% increase for manufacturing, 205% increase for government, and then what pharma and life science also saw 127% increase in security incidences. Manufacturing, government and pharma were the top 3 #1 workload increases during this time. And unfortunately, they're also in the top 4 for the number of security incidents that we also see during that time. So there's a very strong -- super strong correlation between increasing the amount of workloads in a cloud environment and then also increasing the security incidents that go along with it. There's a disconnect there of scaling security measures using CIS benchmarks, using our compliance mechanisms, making sure that our systems are configured properly that's unfortunately not keeping up with the increase in workload usage. So we're going to kind of pull across the specific 3 environments that we want to look at. We look specifically at logging. We're going specifically at access keys, and we're looking specifically at versioning. And then going across the industries with these particular aspects, we saw that 50% of organizations just -- all industries are using versioning within their cloud storage systems. We see that only 39% -- 31% are actually rotating their access keys more frequently than 90 days. And we see that only 28% of organizations are actually implementing logging across all of their cloud systems as well. There are some hires -- some winners and some losers when it comes to specific industries and how they handle this information. We're going to go to the big ones right off here. The telecommunication is big winner when it comes to versioning control, 66% of these organizations are implementing versioning control within their cloud storage systems. And actually, they have a fairly good win record when it comes to logging, 34% of their cloud storage containers, which is pretty good on average across systems. However, they're not doing very good when it comes to access keys. They're not rotating their access keys as frequently as needed. Only 15% of the organizations within the telecommunications industry are actually rotating their access keys on that recommended 90 days or sooner. So some interesting things there. Media, on the other hand, is killing it when it comes to rotating their access keys and implementing logging. They're clear winners when it comes to that. However, they're not really so critical when it comes to the versioning control, what -- just making sure that those files inside of those cloud storage systems are staying versioning control and making sure that they're accurate. But there are really -- it appears that media is really restricted on who is accessing those systems and making sure they know what is -- who is accessing those systems, just not so much like if they're changing. Where telecommunications, on the other hand, is like really conscious of making sure that those files inside those systems are not moving, but they're not really looking at who's accessing it so much. So some interesting contrast in there. Retail and banking, BFSI, kind of low, unfortunately, on the logging and access keys, doing all right, a little bit about average when it comes to versioning control. High tech, it's kind of sitting on -- it just got average on everything. Doing all right, but needs a little bit more work on the access keys. But kind of a trend that we can see in there. Here's kind of a fun thing. Not so much fun, but I like the gift anyway, it's like 4 kids like just throwing that dirt right in your face. And why -- reason I thought this skit was perfect for this statement is that 30% of organizations are exposing sensitive information publicly. Just letting them go. It's a little bit like throwing dirt in your face, trying to dig a hole. It's like -- we're doing something wrong here, and how do we fix this? So what I want to do is we want to look at what type of data is actually being exposed. So we look to see if we could find sensitive information. And then what does that sensitive information look like? Of this 30% of data that is exposed, we found that 69% of that data is actually PII data, private information -- personally identifiable information. 35 -- 34% of the sensitive data is intellectual property. We found that 7% is health care-related data and 6% of it is financial-related data. So these are some pretty serious sensitive types of data that is being exposed publicly. And kind of the breakdown of it is kind of concerning. And again, it's publicly accessible. The attacker or whoever would be interested in getting a hold of that data, they would just simply now have to know which URL address to look for or where to look at within that environment, and they can just open it right up and then suck it down. Looking at the types of malware within cloud environments, in general, we saw about 92%, 93% of the data within cloud environment is primarily Microsoft-related download information. 4.4% of the data is octet-stream data, application style, and we have some binary octet-stream data. And then we have Microsoft DOS-related malware as well. So there's only about 4 different types of data that we're seeing within malware environments. As all of our industries become more perceptive and more keen at looking at malware within cloud environments, a lot of these numbers will change. We and my team, Unit 42, will keep an eye on these and update these as we move forward. So you can probably look forward to seeing future reports from Unit 42 on our cloud threat reports, really focus on this type of information, and we're going to flesh it out and make it more relevant. So it's pretty cool stuff. Looking forward to the future capabilities of malware storage here. Moving into cryptocurrency. We did -- we look specifically at cloud, COVID and see if there's correlations between the cloud and COVID and cryptocurrencies in general. Cryptocurrency is a very hot topic these days and sometimes, I'm pretty passionate about. I really do enjoy cryptocurrencies. I like the technology behind it, big fan of blockchain. So kind of a sweet spot that's something that we can look at within here. There's actually some good news within our cryptocurrency world and cryptomining specifically, and that is that, for the first time, we have seen an actual decrease in the number of organizations that are experiencing cryptomining operations. It was 23% in Q3 2020, now we're down to 17% in Q1 2021. This is the first decrease that we've seen since we started tracking these metrics in 2018. So pretty cool information. I hope this was like a -- all right, doing well. And there's a side story within this that I kind of want to bring out is even though we're seeing our organizations decrease, we actually see an overall 65% increase in the total volume of traffic that is moving to specifically Monero or XMR mining pools. So why is that? The good news is organizations are becoming aware of mining, right? So we're becoming aware of it, security vendors, like Palo Alto and others are starting to alert and modify and blackhole a lot of these communications that are moving out to some of these known mining pools. They're starting to shut them down. So we're certainly seeing a decrease in organizations that are experiencing this traffic. But the attackers are seeing this, too. So what are they going to do? Well, they're seeing the writing on the wall, so to speak. And so they're starting to turn their mining operations at a full, turn it up to 11 so they can get everything they can before it washes up and they can't get any more. So that's kind of the impetus of why we're seeing this decrease in organization experiences within cryptomining operations, and we're seeing that really large rise in total volume and because actors are kind of like, "Uh-oh, we got to start doing something here, nonetheless, we're going to lose it." So they're trying to suck down as much as they possibly can. During all of this, we wanted to look at which currency is doing the most cryptomining operations, and that is, by far and large, Monero. Monero is the king of public mining -- cryptomining operations within cloud environments, and it is about 99% of the total mining operations. And as for a lot of the reasons really, Monero is, you can consider kind of a criminal coin, at least it's very favored by criminals for a few reasons. There are legitimate reasons for Monero. It's got some cool features, security-specific features anonymity-focused features that it has. Specifically ring signatures allows for the plausible deniability of transactions within an environment. So it's really like cash, where I can give you $5 and whoever else knows, it doesn't really know that it wasn't me that gave you $5. You and I know that I gave you $5, but no one else really knows, right? There's a little bit of anonymity that's in there. Also has the ability of stealth addresses. It's like kind of like a P.O. box. The onetime use address, you just send this transaction to a P.O. box. No one really knows who owns that P.O. box, especially every transaction you have, you pick a different P.O. box to make that transaction. It's very difficult to track and harness. So you can see that the big reasons why attackers would like that current -- the type of currency, the type of flexibility, security benefits with it. So XMR is really heavily used. There's also a very large market presence within Monero. It's really easy to move currency. It's really easy to have purchasing power to be able to buy what it is -- whatever it is that you would like. With it, there are a number of dark web marketplaces that only use Monero currency and you can literally buy anything you want that's out there. And it's like literally anything, and they only use Monero funds because of the anonymity features, the plausible liability, those ring signatures are very helpful finding those stealth addresses. We also want to look a little bit about other mining operations. We didn't look only at Monero, we looked at other coins as well. We looked at Ethereum and Bitcoin, Litecoin, Dash. But all of this mining traffic only accounted for less than 1% of the total amount of traffic to know mining pools that we looked at. And why is that specifically? Well, first and foremost, coins like Bitcoin, Litecoin and Dash really require specialized hardware in order to mine that particular currency on something called ASIC hardware. Any network -- if you're trying to mine Bitcoin or any of these, one of the passing algorithm used to come up with those specific catches is not very favorable for CPU-focused mining. You really need to have that specialized hardware in order to make it happen. If you are mining off of a CPU and you're mining Bitcoin out of it, you're just -- you're going to just be throwing more money away in terms of electricity than you're actually going to be gaining in any monetary value out of Bitcoin. So there's a big decrease there. That goes to say, if you do see any network communication building specifically to Bitcoin, Litecoin, Dash mining pools, there is no smart reason why that would ever be happening. So chances are it's probably not very good, so let's just turn that off. Ethereum kind of on the other hand, though, they had the largest percentage, and I'll show you here in a second, of mining operations happening within cloud environments. And that's -- it almost makes sense because Ethereum there can be profitable if you're using GPUs, or graphic processing units, as opposed to CPUs. GPUs are available within cloud environments, and you can have it since it's running multiple GPUs. So there could be reasons why a specific organization may want to mine Ethereum within their cloud infrastructure. I personally wouldn't, but it is possible, but -- so there could be reasons for that. Looking at the overall trend here, you can see that Monero, XMR just hands down, blows everything away. This is a large scale. So it's kind of trying to put everything into relation, give everything a little bit of value. But you can see that XMR is well above 10,000 connections on a single day. It actually peaks up to 24,000 right there on February 7. But the next closest one being Ethereum, just kind of creeping up over 100. I think min/max is out maybe 150 connections in a single day. So Ethereum is not very good. You can see here that the Litecoin -- Bitcoin really has like 10 connections, and that's about all of this. So Monero definitely winning that battle. We also wanted to look at if there were specific trends that we could look at specifically from mining cryptocurrency. This is specifically Monero that we're looking at here. And if there's any correlations between COVID-related events in this environment. And lo and behold, there are some correlations that we found, which is kind of interesting. First and foremost here is this kind of big break between -- funny, December 24 and January 3. What could be happening there? It just kind of goes to prove that no matter what the operation, criminal, or legitimate or whatever, you kind of want to take those holidays off, right? So this is our holiday break, end of the year, first of the new year. And we do see a pretty noticeable decrease in activity during that time. On January 9 is the first U.S. patient that was confirmed to have the COVID-19 or the Brazilian variant identified. That -- there was a dip directly after that. And so it's possible that there was a concerned effort going on there. On January 14, the COVID relief bill was announced. Kind of petered, the cryptomining kind of was on a decrease at that particular time. We started seeing an increase in Monero traffic in January 20. This is when the U.S. presidential election or inauguration took place. And we started seeing the start that COVID or that cryptomining operations were increasing. There was another larger increase right after the Johnson & Johnson trials were released. Activity really started to spike right when the FDA submitted their particular -- the FDA approved the Johnson & Johnson vaccine near the highest peak of activity during this time. And then when the CDC says that schools can reopen, we actually start seeing a pretty small amount of volume taking place within the cloud environments. So while we probably need more information to make definitive estimates, I want to say, mapping your bitcoin purchasing capabilities would be a good map for specific-related events. But there are some interesting correlations between cryptocurrency mining events and public events as they were happening during the time. So we talked a lot about security events, talked a lot about cryptocurrency. How do we kind of prevent some of the bad security incidences from happening in our environment? And how we move forward? What something that my team is really working on right now, what we call it The Big Cloud 5. So how do we actually assure that we get excellence within cloud environments? So the first kind of foundation of this is to dig deep into our cloud visibilty, trying to get logging information, trying to make sure that our net flow, or our VPC network communication is being collected and analyzed, just getting visibility into what is happening in our cloud environment. Who's logging into which system? Are they using proper authentication? Things of that nature. Then we want to set up those security guardrails. We want to make sure that systems are being deployed in a proper manner. They are being scanned on a regular basis to make sure that you're not -- that organizations are not putting out systems that need additional vulnerability scanning or using the latest versions, things of that nature. These are all things that can be built into that CI/CD pipeline to make sure that our cloud environments are staying secure and remaining secure. The reason to kind of want to adopt the standard. What are the standards that your industry needs? What are the standards that -- just the cloud environment in general stands? We like stands by. We like to push the CIS benchmarks, the Center for Internet Security -- or standard, sorry. They're really good, cloud-specific, even platform-specific standards and compliance measures that they want to integrate into your cloud environment. It will really help your cloud maintain those guardrails, making sure that everything is set up properly to begin with and make sure that you have security practices and procedures implemented from the beginning. Very, very, very helpful. Then we need the tier 4 of this is to get security engineers and security practitioners involved in that engineering process, in that CI/CD pipeline. Engineers who code, engineers who understand security from a very fundamental level to make sure that our cloud environments are staying secure. And we kind of want to top it off with a little bit of that invented security within our DevOps operations. As we're building systems, as that CI/CD pipeline is just going and turning out new systems, and as our cloud environments are scaling and shrinking on a dynamic nature as they're intended to do, making sure that they stay secure to begin with, using DevOps tools that have built-in security, built-in scanning, built-in code checking capabilities to make sure that there aren't any vulnerabilities or that they're using the latest versions of those cloud instances or services and applications that are coming out and are available to us. So this is our 5 layers to success within cloud security. Hopefully, that makes sense to you. Again, feel free to ask questions. See where you can make something more efficient or what things are available to get things more proficient. A little pitch here. Sales -- Prisma Cloud is a comprehensive cloud-native security platform. We integrate into several aspects of the cloud security posture. We look at the posture of the management. We look at monitoring systems and what those systems are communicating with. We're looking and detecting threats, changes to your compliance situations. As you can see, the data that we gathered is pretty comprehensive as far as what we're able to see in cloud environments. We also look at the hosts and containers themselves. Like what is the workload protection that they have? What is happening inside of those containers? And what is happening on those hosts themselves? What is happening in your serverless systems? We're able to look inside of those applications to see if there are any security threats that are happening. And there's the network security. Who's talking to who? Which systems are communicating with those cryptomining operations, those cryptomining pools? What types of systems are communicating to no malicious command and control infrastructure? Things of that nature. Who's talking to what? Prisma Cloud allows visibility into those aspects. And then we also look at the infrastructure management. How is that infrastructure being deployed? Is it being routinely scanned? Can we identify risks to workloads prior to deployment into production environments? That's what we're really looking at trying to make sure that we set those guardrails and keep going in a secured fashion. So it's everything that I have with this talk. Again, please feel free to reach out with any questions that you may have. And thank you so much for your time. I really appreciate it. So thank you.