Webinar, Talos Threat Intelligence and the Evolving Threat Landscape. Before we begin, I want to cover a few housekeeping items. At the bottom of your audience console are multiple application widgets you can use. If you have any questions during the webinar, you can submit your questions in the Q&A box, and they'll be answered at the end of the presentation. You can also expand your slide area by clicking the maximize icon on the top right of the slide viewer. If you have any technical difficulties, please click the Help widget. If you can please take a moment to fill out the survey at the end of the webinar, that would be great. I will now hand the presentation over to our speaker, Chris Clark. Thank you.
Thank you. Good afternoon, everyone. Thank you for joining the webinar. My name is Chris Clark. I'm a Solutions Architect with Insight Public Sector. Today we're going to be diving into Cisco Talos and Cisco Public Funding. With us today, I have Caralee Murphy, who is a public funding advisor from Cisco, and then Joe Marshall, who is an engineering technical lead from Cisco as well. Caralee will get things started with our Cisco Public Funding team and what is the current 2021 funding status. Then we'll pass it over to Joe to discuss Cisco Talos, you know, emerging security threats we're seeing and what we can do to protect against those threats.
Then I will close things out with our Insight team and how we can help you build a security solution based on the information provided today. I believe we'll also open it up for some Q&A if we have time at the end. With that, I will pass it over to Caralee to take it away.
Hi, everyone. Can you hear me okay?
Yes.
Very clearly.
Loud and clear.
All right. Great. Hi, everyone. My name is Caralee Murphy, and I'm the channel manager on the Cisco Public Funding team. I'm going to give you a short overview, five minutes, maybe eight minutes, around Cisco public funding and all things funding. Let me just get used to this new platform, so forgive me. All right. Our team, we support our sellers, partners, and customers as it relates to grants, bonds, E-Rate, and stimulus. We do all sorts of things. We do research and funding reports, we do project checks and training and grant promotion. We work with a third party called The Grants Office. This is a great thing for all of our customers and our partners' customers, so Insight's customers.
when you're working through your technology projects and you're getting to a point where you're like, "Oh, we're really excited about this project. Now, how do we pay for it?" This is actually a great time for you to reach out to the Cisco Public Funding team. We can run a comprehensive report on all of the funding that's available to you, and then our team, along with the Grants Office, we can provide guidance around what funding sources you should pursue for your project. Our team, we actively monitor all public funding sources, keeping in mind technology projects that might be underfunded or require funding, and we try to promote the grants that really make the most sense for you, for our customers. We, of course, I have to mention this, also have a fully supported operation around E-Rate. Okay.
Is someone moving the slide to me, or do you want me to move them? Sorry. This is perfect if someone moved that for me.
Nope. I apologize. I hit a button.
Oh. Well, thank you. No, it's perfect. As you can see, there are multiple sources of funding. We have E-Rate, bonds, federal, state, and local ongoing grants, and COVID stimulus funding on the top left. The first two rounds of stimulus funding that needs to be tied back to COVID, but almost everything connects to COVID, whether that's for education, strengthening network security cameras, increased bandwidth, all of that. Okay, a quick way to think about it. For funding sources, when you're thinking about devices, think about the Emergency Connectivity Fund, so ECF. For security and collaboration, think about stimulus. For K-12, we call it ESSER. And for network and infrastructure, think about E-Rate. I'm going to dig into that just a little bit further. For stimulus, think about facilitating safety and security, both cyber and physical.
Think about creating hybrid learning environments, so hybrid learning and, like, classroom device refresh, things like that. For E-Rate, think about building campuses that are flexible. You could, you know, update your wireless routing switches and any related licenses. Okay. Now I'm going to go through just the highlights of the stimulus funding by vertical. As everyone knows, the original stimulus funding passed in March 2020, and almost a year later, in March 2021, the American Rescue Plan Act was passed. For K-12 schools and higher ed, you were covered in all three rounds of funding. For non-public schools, they were covered in two rounds of funding. State and local governments, they were covered in the first and third rounds. It's really interesting to look at the numbers here.
You can see K-12 started with $13 billion, and then the second round, $54 billion, and then in the American Rescue Plan Act round, $122 billion. Let's have a closer look at K-12. For K-12, the public schools, they had ESSER funds, which they received funds in all three rounds of funding. All three rounds were called ESSER, and they all have basically the same guidelines. For every iteration of ESSER funding, technology is specifically called out. The deadline for public and non-public schools is September 2023. The Department of Education wants schools to strengthen their infrastructure and strengthen their network so that at any point, students can move in and out of distance and hybrid learning models. The Department of Education actually provided 13 spending categories to make sure required spending for strong learning infrastructures would qualify.
That was my quick K-12 highlight. If you need more support around K-12, reach out to our team, we can give you a lot more. For higher ed, they received $40 billion in their third round of stimulus funding. The first two rounds, they received $14 billion and $23 billion. 50% has to go to student aid and 50% to institutional needs. Priorities include things like distance learning, technology, expenses due to coronavirus. Every single school receives something. A quick highlight is just that higher ed, they have a shorter spending guideline compared to K-12. Higher ed, they actually need to spend their funding one year from when they received it. Over the first two rounds, their deadline is coming up in January 2022 and May 2022 for the third round.
Finally, again, I'm just giving you the very highlights. I'm giving you enough to be dangerous, enough to know what you can do with your money. If you need more support, reach out to us. For state and local governments, they have seen $360 billion in funding. What I wanna highlight here is just the relatively open nature when it comes to the funding, and like there's a long runway to spend it. You see the breakdown, it's almost $220 billion for states and D.C. as well as tribal nations, and $130 billion for local governments. Something for all levels of government. Every level of government has something earmarked for them, and that's really awesome.
It's like for the first time ever, everyone is working with something, so it's definitely a time to, you know, dream big and think of those pain points, things that you always wanted to solve. The state and local governments, they actually have until 2024 to spend. You can be strategic. You can really think about what you want the future to look like. You can think about things like securing remote work and citizen experience when it comes to inclusion, empowering public engagement. All these words are things that were in the funding description. Ensuring critical continuity of services, inclusive society when it comes to broadband, modernizing work, addressing the digital divide of building trusted experiences. All right, those are my quick funding highlights for you to leverage.
Reach out to our team if you need anything else in terms of funding, but we have lots of resources you can look at on your own. We have an erate.com site you can check out. We've got industry solution sites. There's a grants and bonds website here. Based on your vertical, if you're coming from higher ed, if you're coming from K-12, you can actually go into this grants and bonds site based on where you're coming from and look at all of the funding available to you based on that, like, which vertical you're in. We also have a Stimulus Allocations OneM ap. If you just wanna go in and see how much it's been allocated at a very high level, you can check that out as well.
We have lots of mailers and also webinar playbacks on specific topics if you wanna get caught up on any of that. I think that's all from me. Thank you very much, and I'll hand it back.
All right. Thanks, Caralee. With that, now actually we will pass this over to Joe, to dive into the Talos conversation.
Everybody hear me good?
Yep, I got you.
Outstanding. Thank you so much. All right, give me a second here to share my screen. Hey, there we go. Everybody see that just fine?
Yes. It's gonna show.
Outstanding. Thank you so much. Just making sure. Sometimes it doesn't work. Well, first, thanks to the team for having me today. I'm looking forward to talking about threats, sort of what we see in the threat landscape right now. I hope to make you a student of the game. I wanna explain some of or demystify what these bad actors are doing, how they do their business, and then hopefully give you some resources to combat these threats or to at least think about how does this affect my enterprise? How do I defend against these threats? What are some valuable things, takeaways that I could create from this? With our friends here, I think we're gonna be able to really provide you some really great information.
Let's just jump right into it. Who is this handsome, bearded man in front of you? Again, my name is Joe Marshall. I do senior security strategy for Cisco Talos. I focus on hacking all the things. We're a giant hacker collective here at Cisco Talos. I come from utility space, and I've worked a lot with educational institutions. I've worked a lot with power utilities. I've worked a lot with water, oil and gas, manufacturing, you name it, to think about embedded system security. I actually built our first offensive security team for that here at Talos and general threat research. No matter what your specialization here is at Cisco Talos, everybody here is a threat researcher, so we're always looking for bad, net new and keeping everybody safe.
Of course, I am out here in the Mid-Atlantic at Baltimore, Maryland. What is Cisco Talos? How do I define and noun it? There's about 400 of us. We're on five different continents. We speak nearly 30 languages among all of us, and we are threat researchers. We are, with a small exception which I'll get into, we're not fee for service, so I am not billable by Cisco. My job is to find the bad guys, stop the bad guys. End of sentence. Our threat intelligence that we generate gets issued to all of our products and some of our open source tools like Snort, which is a very popular open source IDS/IPS. We invented that. That's us.
To make sure that all of our customers and all of our communities are protected against emerging threats, both known and unknown. To give you an idea of just the volume, the breadth, depth, scale, and scope of just data that we see, you can kinda see these statistics in front of you. At some point, numbers become kind of abstract because a lot is a lot. If I were to really summarize what we just in a single day see, we see about 6 PB of threat intelligence information in a day. That's honestly from the 87 million endpoints of data that we collect. We're looking for malware, we're looking for malicious URLs, we're looking for emails, we're looking for DNS infrastructure that we know is supporting command and control for these attacks.
Like Emotet is very resurgent right now, so we're in the hunt. We're looking for additional Emotet infrastructure to black hole or take down. So that's just gives you a sort of a snapshot of the volume that we see here. And we have a lot of different sort of specializations that make all of this analysis even possible. Of the 400 of us, it's a fairly robust infrastructure. We sort of just organize ourselves organically to combat these threats. I don't have a tremendous amount of time to go each individual one. But for example, on our threat intelligence and interdiction team, we have intels. We have linguists that speak just about every language you could possibly think of, Korean or Japanese, Urdu, Pashto, Farsi, Ukrainian, Russian, Portuguese, French, Spanish, you name it, Italian.
We have just about everyone, and they're typically native speakers of that language, which is incredibly important. This is also where we coordinate a lot with our government partners all over the world, like Europol or the FBI. We have a lot of intelligence relationships that we cultivate and maintain all over the world, to both exchange that information and stay current on threats. Sort of a dirty secret in this space, I guess, is that nobody sees it all. That's just not possible. What you really get is that security is fundamentally a people business, and so we form those relationships, and we really endorse them. We have our own malware research team, obviously. They're in detection research.
We have our own community team because we have so much open source technology and data and threat intelligence that we provide to our communities. We have our own offensive security team because we wanna know what bad guys are doing, so we emulate them as much as possible. And of course, we have incident response at the very bottom. Obviously, they're fee for service. They're not free. You purchase retainers through them, and they're able to give you a lot of proactive and reactive services. We're actually gonna talk a little bit about incident response today as well. If you ever wanna quit your job and go into threat intelligence, and you're wondering, "Well, how do I do what Joe does?" These are the three areas of execution.
Whether I see 1 piece of malware or in fact 1.4, and actually I think we're towing in on 1.5 or 1.6 these days, these are the three ways you have to make it happen. This is the circle of life. You have to be able to see it, analyze it, and then do something about it. You know, Hakuna Matata, circle of life. There you go. When I mean visibility, this is the great thing about as a threat researcher and as the product ecosystem that we support, everything talks to everything. It has to.
We own an entire security stack ecosystem at Cisco, from pre-perimeter DNS, so we can examine Fast Flux DNS, we can examine all the threats that we know exist in that space, from rapid command and control, malware delivery, before it even gets to their intended victim, all the way to layer two inside of an enterprise network where we can install a rapid monitoring. We can look at metadata for packets like Stealthwatch and other things as well. Let's go on to the next one real quick. Here's kind of a cool story, all right, that I really, really like. That story is, well, how do you kind of marry all that together?
One of the things that I really enjoy here is that we are able to really sort of put this together, and this is a cool story, a scary story, but a cool story with NotPetya. Obviously, the most costliest cyber attack in history, $10 billion in damage. It was destructive malware, obviously attempting to emulate ransomware. It was not. What was able to happen here is that we were able, because of the relationships that we had formed, we were able to get a call 3:00 A.M. from Ukraine, from their Ministry of Defense and from their Ukrainian Cyber Police, "Hey, the internet's on fire. Please come help us." If you are ever curious, Wired magazine, Andy Greenberg wrote a fantastic article on the damage that was done.
The Port of New Jersey couldn't open its gates. They had a 10-mile traffic jam. Renault couldn't make cars. Nabisco couldn't make cookies. Merck, the massive pharmaceutical company, lost a tremendous amount of money. Maersk, the largest oceanic shipping company, was literally saved by one hard drive in South Africa. It just spread like wildfire, and it turns out this was an exploit using SMB exploits. The wiper malware, recently, or wiper malware just was devastating, using those EternalBlue exploits. One of the really cool things that happened was when we did the analysis, we were actually able to pass this information on to the Department of Justice, and then last year in October, they issued the indictments for the five hackers responsible for NotPetya.
We got a very nice call-out from the Department of Justice for the work we were able to contribute to the law enforcement community to have those indictments issued. Which is a pretty rare thing because typically they thank Twitter or Facebook or Google, and you kind of see that in there. But getting a very specific call-out of a small 400-person organization inside of Cisco was really cool and very kind of them to do, and it makes you feel good that you're contributing. What are we gonna talk about today? Well, we're gonna talk a lot about ransomware. You can't throw a stick without hitting it right now. That's just the hard reality of what our threat landscape looks like.
Between that and supply chain, and I would say more ransomware than supply chain right now, it is a tough market for your small mid-market, and large cap, organizations. That includes everything from small municipalities to massive higher education institutions and everything in between. The attackers are very canny, they're very meticulous in their research, and they choose their victims very well. Of course, I live in Baltimore, so Baltimore County Public Schools got whacked pretty hard, and actually, I believe they paid the ransom. We're seeing again, just prolific in this threat space. We are part of the ransomware task force for the Executive Office of President Biden. We're actually quoted on the EO, and the White House. You can see Matt Olney, Director of Talos Threat Intelligence and Interdiction.
I work a lot with Matt and his team of being able to have a seat at the table for how this country and how our law enforcement apparatuses and our civil apparatuses combat ransomware. It's very cool that we're a part of that conversation and that our work is recognized. When you're in the threat intelligence business, I have a bit of a shocker. I'm not really in the good news business. I'm kind of in the what are the bad guys doing, and sometimes that just equates to all bad news. I don't wanna leave you with that. I wanna be able to leave you with positive changes that you can make. I'm not trying to scare you. At the same time, this is the reality of what we're being confronted with right now as threats think.
What we're thinking of and what we're seeing right now is a tremendous amount of perimeter targeting. We still see phishing, what we call BEC, business email compromise, but we're also seeing unpatched IIS servers, à la Hafnium, which happened earlier this year. We're seeing a lot of RDP services being exposed, VPN endpoints which don't have two-factor authentication. We're actually gonna get into that with Colonial Pipeline. These exposed infrastructures are really doing no one in the victim world a favor. A lot of this sometimes stems from COVID. A lot of organizations had to rapidly pivot to a remote workforce. They didn't really consider the security implications of being able to do that.
There's a bit of a long tail when you think about, you know, their remote decisions finally catching up with them in the realm of, we have a security compromise. What's changed? You know, if you think 2015 to 2018, we had a lot of onesies and twosies. My grandmother would get ransomware, and she'd have to pay a bitcoin to get pictures of her grandkids back. Well, they shifted that business model because these new cartels, these Ransomware-as-a-Service infrastructure, really decided that the reason robbers rob banks is that's where the money is. Large organizations got targeted. We call that big game hunting, which is you're going for the biggest kill because that's the easiest way to get the most money the fastest.
That's why you see large companies being targeted or large health institutions or educational institutions, because they probably carry a cyber insurance policy, and that policy will pay out. They know you're good for the money, and they can get paid out. If you wonder how that business model actually works, it's really no different from any other business that actually exists. I have a product, I need to move that product. I have my miscreants or my ransomware affiliates who are designed to do the kinetic attacks, and then I have to rinse and repeat or reinvest my profits. Do I cash out? How do I launder my bitcoin into actual fiat currency? These are all very important things that these cartels have to think about. They themselves do not do the active hacking.
They are a business that has a supply chain, so they'll bring in the actual actors who do the compromise. One other thing we're gonna talk about here is access brokers. What is an access broker? Access brokers are basically compromise-as-a-service. This is a very mercenary attitude to think about with ransomware right now. Admin access for sale. What you see is a lot of research being done, and you can kind of see in these screenshots. You know, there's a Saudi Arabian hospital with 7,400 employees. They make about $1 billion in revenue. I have full domain admin access for 1.5 bitcoin or whatever that value is because it fluctuates in value and currency. Give me, let's say $50,000, you can have this.
You'll easily make $4 million to $5 million on your ransom, depending on what you wanna make. Sometimes they are just purely access as a service, and sometimes they actually also will participate as a affiliate to do that. The ransomware cartels just don't have the time or the energy to be able to go and hunt victims. This market sort of sprung up on the dark web that really facilitates that. This information, of course, makes it to the affiliates who then go, "Now I have full domain access. I don't really have to hack the organization. I just need to get inside, go low, go slow, distribute my ransomware, exfil information for extortion, and then press the button." Again, this is sort of big game hunting.
This is just basically an overview, graphical overview of what that actually looks like. We're gonna talk just a little bit about the lateral propagation and the data exfiltration elements 'cause it's very important. Data exfiltration. Why do ransomware groups exfil data from your network? This is a compliance mechanism. It is the most tried-and-true extortion tactic since the history of time. I have decimated your network with ransomware. I want $1 million in bitcoin for to make this go away. Also, if you do not pay me in the time that I allot, your private information that I've stolen, and I'm specifically looking for human resources files, legal contracts, PII information that would be awful to be disclosed.
Things are essentially very, very sensitive, and you can kind of see that list here: finance, contracts, projects, marketing. I would never want to see the light of day, because that could hurt me competitively. It could get me in regulatory or legal trouble. The cost could be astronomical. They know that, and they set ransoms that are going to be just under that pain threshold of I can make this go away, and you don't have to deal with these things. They're very, very smart about how they initiate their ransoms. We call these shaming sites. This is scraped right off the dark web. It's not that old. It's actually, like, a couple weeks. Basically, this tells us this is where they announce that.
You can kind of see published, which meant they didn't pay me, so now here's all your data for anybody to go download. Some people pay, some people don't pay. Unfortunately, it's an incredibly opaque thing, so we don't know who pays. But through this site, we can tell who does not pay. Unfortunately, all this data is now being exposed to the detriment of quite a few people, and certainly revenue lost and all kinds of qualitative and quantitative things that are just bad happening. Of course, BlackMatter got brought up. Actually, BlackMatter is sort of subsumed right now by the LockBit cartel, but this was so bad with BlackMatter, they came swinging out so hard, the FBI did issue in mid-October that update of, "Oh, gosh, this was really bad.
These guys are causing a lot of damage. BlackMatter is actually in the process of rebranding, and I think that's why LockBit is really taking off. To give you an idea, this is what that BlackMatter shaming site would look like. These guys rebrand and reorganize all the time because they're avoiding legal authorities, and they don't like the heat. They wanna stay very, very quiet. They don't wanna draw attention to themselves. It happens anyway, though. If you're wondering how a cartel gives their affiliates the ammunition to go make them money. By the way, they have a profit-sharing, so an affiliate or a mercenary, if you will, if, like, the ransom's under, say, $4 million, the Ransomware-as-a-Service cartel gets a 5% cut.
If say it's over 5 million, they get 25% cut. There's a profit-sharing agreement between these affiliates and the actual cartels. How do I get my affiliates? Well, you have to go through an interview process. They have to verify that you're actually native to the country, you're Russian or Ukrainian. They have tests they'll subject you to. They wanna know who you've hacked previously. Once you are in, once you've been approved, much like the mob, you're now a friend of ours, then we are gonna equip you with everything you can to be successful. We actually were able to get a playbook from the Conti ransomware cartel, and then it was all in Russian. Because we have native Russian speakers in Cisco Talos, we decrypted it and translated it for you.
If you go to our website, talosintelligence.com, you can get a playbook, a step-by-step playbook of everything they're going to do when they get inside of your network to discover the domain admin, discover how your network is built, exfil that data, launch their ransomware. It is 100% demystifying what the bad guys do, and you absolutely should give it a read or at least pass to your active network defenders of going, "Hey, have you seen this? This is important stuff." We're gonna get a little bit right here into the something to mention. Springhill Medical Center is probably, it's in my hometown. I'm from Mobile, Alabama. They were hit by ransomware, and this is actually a legal case going on right now. I don't think it's settled out of court.
I still think it's in court, the first confirmed what we think was the fatality of ransomware. Unfortunately, a child passed away in a neonatal unit because the nursing station systems were down because of ransomware. They, the nurses were not able to get to a child in time, and there was a fatality. I think there's actually been others, but this was the first actual documented case of ransomware affecting the health of a human being. My small story, my grandmother was in that hospital when that ransomware attack hit. It's funny how sometimes things can be personal when bad things happen to people. I would certainly encourage you to Google that case and follow it.
Even if they settle, I think it's safe to say in the InfoSec community this did happen, and it's awful, but this is the world we live in now. LockBit is now the sort of predominant cartel that we're seeing doing activity. BlackMatter is either going quiet or being subsumed by other cartels. We actually interviewed a LockBit mercenary affiliate. We have that complete interview. He was getting out of the game, and we're like, "Well, if you're getting out of this, why don't you tell us what you do and how you did your business?" This is how they did it. Again, on our blog, talosintelligence.com, it's all free. There's no marketing. There's no paywall. We want you to be smarter. We want you to be informed. Go read it.
It's fascinating and terrifying, but you will learn how bad guys think and how they do their business. I do wanna mention Colonial Pipeline real quick because if you lived on the East Coast, you had a gas shortage hit you. I just want you to think about, well, how did this happen? Basically, when Colonial Pipeline, because it made the news. I've actually been to Colonial Pipeline. Again, I focus on SCADA and oil and gas and things like that. The company itself did not have a PII disclosure, but a former employee was part of another website that was compromised. They used their Colonial Pipeline email address and username and password, and they basically said, "Well, we have this through a data leak. Let's just try it against Colonial Pipeline." It worked. That's how they got in.
They did not have a multi-factor authentication solution in front of that VPN. They did not have, I think, robust monitoring that existed after the adversary was able to get inside that network. The worst-case scenario basically happens. The initial alerts of, something bad is happening, actually happened on the operator stations in their oil and gas command and control center, which I've been to. It looks like a NASA space shuttle center. It's huge and impressive. That's how they were compromised. It really is to think about sort of your integrated systems, especially inside of an enterprise, what's talking to what are my data flows, how am I thinking about visibility. Really important questions you should be asking yourself as you think about how these adversaries are able to make themselves successful.
Something I always wanna leave everyone with is every time an adversary is inside your network doing bad stuff, it's an opportunity to detect what that badness is. If you're doing deep packet inspection, if you're doing endpoint detection response or XDR, if you're doing pre-perimeter, if you're doing multi-factor authentication solution, yes, these things are not bulletproof, but collaboratively, they're amazing. They really do create defense in depth that you're gonna get a lot of value out of. If the worst actually happens and there is a breach, everything they do is not super ninja. It is absolutely an opportunity to attack. That Conti playbook is a wonderful thing to think about as you read it, as should a domain user be using Who am I? No, not really. That would be an opportunity to attack, things like that.
I do wanna go supply chain question, and a very important question on incident response, and then I'm gonna turn it over to our friends. When SolarWinds impacted the world as it was, and we discovered it in December of last year, it seemed to be prominently as a nation-state targeting. This was 100% nation state. The initial compromise happened all the way back in February of last year, but it really didn't become prevalent until March. It wasn't discovered until December of last year, and this was the SolarWinds infrastructure management tool being compromised, and then the patch, malicious patch, much like in NotPetya, was being distributed, and that caused a lot of damage.
The thing to think about, and the thing that we're sort of sitting in a short-term is compromise and that victims downloaded this for this very common predominant infrastructure management tool, but their logging capabilities were 30-60-90 days. No one's gonna keep logs all the way back to March to know that if this essential product to my enterprise was compromised, how do I know the adversary did not get into my network? Things were very tough for us in Talos as we tried to figure out just how bad this really was. Unfortunately, in this business, it's very tough to get closure on what adversaries are doing, only because of the visibility question and because of the logging problems that our enterprise customers and our retainer customers have.
When you think about supply chain, when you think about upstream or downstream, what are my liabilities? Or if you're having a merger and acquisition, it's important to think about who you do business with and how you talk to them, and should you or should you not have a permissive infrastructure with them. I typically err on the side of no or yes, but as a security person, you wanna be enabling of business imperatives, but you wanna do it in such a way that doesn't expose an undue risk to the business. That really is something to think about. Also, I want you to think about preventative versus response.
One of the things that I encounter a lot when I talk with victims of, say, ransomware or a supply chain-based attack, and I work a lot with our Cisco Talos Incident Response team, is how much of your budget is proportioned to stopping the thing versus, "Oh, gosh, something bad has happened. How do I respond to that thing?" Business continuity or disaster recovery plans are important, but what about incident response if I need to bring in some hacker experts to figure out how do I stop myself becoming an additional, more impacted victim? Or how do I proactively determine what my security posture and hygiene actually is? That's where an incident response retainer is going to be invaluable because it's gonna help you answer those questions and get a real strong sense of, well, what is my risk?
You know, how do I mitigate? Risk is never zero. But if I'm more knowledgeable, well, knowledge is power, and now you can think about budget structuring and personnel and things that are important for you to keep your name out of the news and keep your enterprise safe. Think about response. Response is very, very important, and I see a lot of skew to prevent. Just think about how you would respond if something bad did happen. I hope it doesn't, but unfortunately, that's just the world we live in. That's kind of it. I really appreciate the time and being able to talk.
If there's any questions or if anyone wants to quiz me on threats and what the bad guys are doing, as of yesterday, I was following law enforcement raiding several cryptocurrency and ransomware cartel offices in Russia. I have up-to-the-minute information I can supply if anyone is curious or if they have general questions. I'm here or available later on in the presentation. I send you into silence. That's fantastic. All right, I will turn over the ball.
Thanks, Joe. Great stuff. I appreciate it. Let me see if we get the slides up now. All right. To close out, I just want to wrap this all around how we at Insight can help you build out a security solution for your organization, using public funding or, you know, accessing the capabilities of Talos. Here you can see. Next slide, actually. Insight has evolved. We're continuously evolving, you know, from our beginnings as an IT risk reseller to, you know, in the mid-2000s, you know, just being more IT services-focused to today, where we consider ourselves more of a global technology solution partner. With our combined strengths, we are a full-service solution provider for efficiency and customer transformative services.
Through our deep partner relationships and creative mindset, we provide meaningful solutions to overcome complex challenges and drive IT outcomes. Our supply chain optimization services can help you invest smarter, so you can maximize resources and invest in your future. We have our connected workforce services to help your employees work smarter with the tools they need to feel connected, engaged, inspired. This ranges from mobility to collaboration. Our cloud and data center transformation solutions can help you run your workload smarter with the right cloud and data center platform so you can achieve agility. We have our digital innovation team that can help you innovate smarter so you can leverage data-driven insights to make meaningful connections and drive differentiation in how you deliver your services. As you can see here, we have a global reach.
Our global reach with operations in more than 20 countries. We also provide support in 14 languages and currencies. We have a national reach and local presence, with offices in major markets throughout the United States and Canada. Whether you need an IT consultation or access to our OS resources or top partners, we have 3,500+ partners, you know, 8,000 client-facing executives and teammates, and then over 4,500 technical experts, focused on all of our vendors, which includes Cisco. We can provide the dedicated personnel and certified IT professionals who will help you throughout the lifecycle. Our goal is to essentially become your one hand to shake when it comes to your technology needs.
With all of that, where do you go to get the conversation started around Talos using public funds with Cisco into your organization? The first step would be if you know who your Insight account rep is, so reach out to them to get the conversation started. If not, always go to insight.com. You can get started there, get your request information. They'll get you connected with somebody, and then they will bring in one of those resources, you know, technical experts to help you guys get the conversation started. As we go deeper into it, we can hopefully build out a help you transform your organization. Again, I know Joe Marshall asked if there's any questions. I'll open it back up for any other questions.
If not, then, I think we can wrap this up.
It doesn't look like we have any questions. I wanna thank everyone for joining today, and I hope you have a great rest of your week. Thank you.