Video: Partner Webinar: Vulnerability Management, Detection, and Response - Commercial | Duration: 2536s | Summary: Partner Webinar: Vulnerability Management, Detection, and Response - Commercial | Chapters: Welcome and Introduction (4.88s), VMDR Product Introduction (95.455s), Market Challenges (300.295s), Coverage and Assessment (1111.205s), Asset Coverage Management (1465.77s), Value and Benefits (1708.18s), Deployment Options (1900.335s), VMDR Closing Summary (2305.175s), Session Wrap-Up (2503.655s)

Transcript for "Partner Webinar: Vulnerability Management, Detection, and Response - Commercial": Hi. Good afternoon, everybody. Welcome to this, latest edition of the Armis educate. As per normal protocol, we will be starting at one minute past just to let everybody join onto the call. So give us a few seconds, and, we'll be starting a moment. Thank you. K. I have still a few people joining, so thank you. Yeah. Some familiar names on there as well. Good to see. Thank you for joining. Okay. Alrighty. Let's, let's get this moving. Chris, can we have some slides, please? Alright. Okay. Excellent. Wonderful. Here we go. Excellent. So good afternoon, everybody. Jamie Andrews here. Thank you for joining us on, this next, next edition of the Army to Educate series. Following on from last month's session that we had, which was around a new product, which was our AppSec product, we have another new product for you. So released in the early March time scale, Amish released a new product into the portfolio, which was, we call VMDR, which stands for vulnerability management and detection response. So today's session is gonna be all around that. So Chris, can you move on a slide? Okay. So we're gonna be talking through the capability of this solution, why we're bringing it to market, what the need needs for it, and what the use case are. If you look at the vulnerability marketplace, it has been, it's been established. It's reasonably mature. There are some players already in that space. But the consistent feedback from customers, partners, analysts, the market, and everybody else is that the traditional methods that people have been addressing vulnerability management don't scale, aren't accurate enough, are tricky to do, are inefficient, just do not allow enterprises to cover, the vulnerability market and the landscape that they come to today. So we started with a challenge at Armis a, a few months back in creating a new product, and this is where we've got to. So we've got our vulnerability management and detection response product, VMDR, that we're gonna talk through. Today is the this is the first session of two. So this is the commercial session, and we'll have the technical session, later on, which will be in about an hour and a half time. If you do want to join our technical session and you feel that, that there is a bit more content you need, please join that please register for that session, and we'll put that link actually in the chat now. So please register for that. If there are any questions as we go through them, please pop them in the, in the chat as well. So as I say, if we look at what we're doing here at Armis and Chris, next slide, if you could. We've expanded the portfolio. We've expanded the platform. Now as you can see, it's a very jazzy, illustration here of the Armis Centrix platform. And what we've built is the platform that has all the intelligence around the assets, all the intelligence around what we know, what we understand, and how we interpret, and then we can add the modules to that, which actually allows us to then do the deep dive into that particular specialization. So you can see here, this is the VMDR piece. We can see the new module around AppSec that we added in there as well, and you can see the traditional portfolio that we've got, that is, is helping to fuel and power this new capability. So today, I am joined by Chris Hammel. Chris is our, Chris is my slide driver, and if you can move one slide on. Chris will be, driving today's session. He'll be talking us through this new capability that we have in the platform. Chris has been with Armistice now for, a a good few months, and he's our subject matter expert in this space. So I'm expecting a good session today. So, Chris, let me pass across to you to, inform everybody about VMDR and how it fits into our lineup. Many thanks. Welcome, everyone. Hopefully, you can all hear me okay. As Jimmy mentioned, we're gonna talk through our, SentriX vulnerability management and detection response, offering. I'm gonna walk you through just, you know, what are the sort of challenges that we've heard, in the market today and how we're trying to position, our VMDR solution to solve those challenges. Now what we've, commonly as we've been going around customers the last twelve months, as we've been developing the product, we've been hearing common pinpoints, from customers that we spoke to. Some of these you might be familiar with. So I'm gonna walk you through some of the, the main challenges that we're trying to try and, to mitigate with our customers. Now the common one we hear is agent overload. The more traditional tools in this space, you have to actually deploy, an agent on a host and that comes with some overhead for the host itself to actually run the agent. When a scan is conducted, it has to perform the processing and and do the analysis of that host. It also comes with a operational overhead of having to actually deploy that agent across all of the, devices or hosts in your state. So so that's a common one that we're hearing. Having to run those agents and manage those agents across your state can give you that sort of IT overhead challenge. Now the other one that we hear quite often is the scan cycles. So especially for, customers, that have a large number of devices, it's pretty difficult to then scan all of those devices all the time, in a small period of time. Right? You have to typically put all of your devices on a large sort of scanning cycle, maybe four to six weeks. And we've we've heard varying, times, based on the size of the customer that it can take, but, it ranges anywhere from two to four to six weeks, to carry out those scan cycles. Then what that does is you're then at the mercy of when the scan kicks off, you then gotta wait for that scan cycle to complete before you can revisit, one of the hosts that are detected or scanned at the early part of the, of the initial scan. So it can it can cause some challenges with your ability to, validate a a fix or even to get that, if you had a celebrity CVE or a CVE that you really wanna get an understanding of where it sits on your current estate. It can be a period of time before you can finally report back to the business that you've scanned all the devices and you know what your current security posture is for that particular CVE. Now one sort of byproduct of having an agent on each host and each of those agents might be getting invoked with a scan to perform a scan of that host. All of that information from the scan will typically then get pushed up to a central server. And that then creates another sort of operational overhead where if each agent has to report back, then you've then got to deal with the network traffic that comes with, carrying all of that, data and all of those payloads back to your central host. So, again, another sort of over an overhead of having, a traditional approach, to scanning. Now with any sort of vulnerability management, one of the big challenge you've got is around, false positives, and that's definitely something that we've heard from, customers who are talking about, you know, what they would like a future tool in the space to try and solve. Accuracy is is obviously, important, making sure that, if you are instructing your teams to carry out fixes and remediation, that you're asking to fix things that are real issues and not something that's a potential false positive. So definitely we want to try and help address that challenge. Now lack of context, what we mean there is that in some cases, you might be able to establish that there's a tool or that we've at least we found a device, but we don't have the necessary information about that device to determine if it's something that we, if it's an important device. It might be one of your, critical assets or one of your crown jewel assets, or it might be a device that's sitting in a, in a lab environment or development environment that maybe, you've got lots of vulnerabilities or or you find lots of issues on that device, but maybe that's not the kind of that's not something that you have to prioritize right now and that you should focus your your limited resources on fixing vulnerabilities or issues on your more critical or crongial assets. Again, maybe in a traditional approach, you might, see that you find a vulnerability and sits in your overall business. And having that lack of context can really impact your decision making when it comes to what you want to, prioritise and remediate. Now, the final point here is something that we hear quite often in customers where they've sort of bridged the IT, OT space. Definitely, sort of a need to be careful and surgical about where we actually invoke scans and making sure that we're not doing what can appear to be a simple scan, could actually be enough to trigger a potential downtime in a critical OT device, for example. So, there's always the potential with a scan where it could, use a protocol that, causes a negative reaction to a destination host. Being able to have that capability to segment parts of your network and only scan where you know it's not going to cause a problem is a challenge that we feared customers try to solve with their solutions. What can we do with Armus, VMDR? The key challenge we're going to try and detect here, we want to be able to detect everything. Being able to discover all the vulnerabilities across all of your devices, including those which you can't, do an active scan on. And and really as we get into, how we've built, our VMDR solution, we're gonna talk about how we really focus on that passive approach first, try and build up as much information as we can passively, and then we only use, the active scanning where required or where we need that surgical precision to try and, complete or close the gap. Focus on what's important. Right? And that's where that context, and having the context of what a device is so that you can then say, right, this is my cranial asset. It's running. It's got some critical vulnerabilities that I need to address. Let's then focus on using our prioritization engine to make sure that we're taking the necessary steps to solve those problems first. Now, one, we hear this often in calls with customers that sometimes the need for a solution, like this is to fulfill compliance requirements. And, and our VMDR, we've got customers that are using that to fulfill regulatory requirements for PCI DSS, NIST, and DORA. So we can help you with that, overall asset discovery and building up that asset inventory and then also being able to then determine what vulnerabilities you've got against each of those, each of those assets. Then the final challenge, obviously, being aware of what assets you've got, building the asset inventory is very important. Being able to scan the inventory and understand what vulnerabilities exist on each of those assets. That's the next part of the solution. Then the final part is, okay, now that you know what critical assets you've got, what the vulnerabilities are you've got on those, how do I then go beyond knowing about it to actually driving the necessary fix, engaging the development teams required to actually solve those problems? That's where our remediation solution that's bundled in with VMDR to help you get beyond knowledge of a vulnerability into actually implementing fixes. Now, to go in a little bit more detail about how we do that, so how it works, ultimately, what we want to do is we want to first build that asset inventory. If you have customers that are already leveraging the Armacentrix platform for asset management, then the great news is that they'll be able to use all of the information, all of the device information they're already pulling together. They'll be able to leverage that as the source of of asset information, for our VNDR, solution. And then what we do beyond that is if you we could then go, okay. Here's what we've got in terms of all the integrations that we might have in place, We've built up this asset inventory. Theoretically, let's say we can see 70% of our overall asset inventory. You can then look for those unmanaged devices, using network collectors. So if in an existing customer, for example, if you're already leveraging a collector within the network, our VNDR solution allows you to enhance that collector. So we can we can boost that collector to turn it into a network scanner so that we can perform, network scans, to enhance the data that we've got in the asset inventory. And then the third source would be then doing sort of those dedicated active queries. So the way there's a couple of approaches that we are, using here. So again, we we touched on the the network, collectors. You can leverage those to do an active scan. We can also leverage, if you've got EDR, deployed on your devices, we can then, use what's called a micro agent to leverage that EDR agent as an additional way to run lightweight scans, to try and complement the information that we've already got on the asset inventory before we pass it to our vulnerability assessment engine. There's three different ways that you can use the DMDR engine to try and build up that asset inventory before we then send off to our assessment module to determine what vulnerabilities we can find. Now that's I I touched on this. It really does leverage, our, you know, long experience in building up, the asset inventory. So any any device that we do detect, we've got the benefit of being able to, cross reference it against our, large, database of assets, over 6,500,000,000 assets to try and build up as much metadata on that asset as we can to help with that context engine that I mentioned before. And then you can leverage the network traffic inspection to then, make sure that any device that maybe isn't being picked up by an integration or another security tool that you're pointing into, Armis, you could then use the network, collector to maybe find some of those unmanaged assets. Now, what we really focus on is then making sure that we're able to detect each of those assets and then from there, being able to then prioritise, the risks and the threats that you've got on your critical business assets. It's really about making sure that we can always give you that context that you need to prioritize what you've got to fix first. And then once we've got a rich asset inventory, we then compare those assets using all of that sort of rich data for every single asset. We then use that to then understand, what vulnerabilities, might exist based on the operating system, based on any applications that we know are actually running on the device itself. So we've got our, Avid database, which we're maintaining. It's an AI powered, vulnerability database, which is using lots of intelligence from sources like NVD, vendor advisories, and CISA KEV. And we're also using AI to, enrich the description information that we hold on each of these, CVEs and and vulnerabilities and also, to help determine what the remediation step is. And that's a that's a really important step for us because we wanna make sure that when we when we present a vulnerability, we're able to then also give you the next step, give you really contextualized information about what you need to do next to actually solve that particular issue. Now, this is what it would look like, and I'll bring up the UI in a second as well. What we what we really want to do is give you an understanding of what the current coverage is. What we mean by coverage is when you start using Vmdr for the first time, we'll be able to give you an understanding of what how many assets, we're aware of as part of your inventory and then how many of those assets we've been able to build that rich dataset that we need before we send off to our vulnerability assessment engine. So, in some cases, we'll have all the information that we need. So we'll have the OS version. We'll have, we'll be able to tell if there's been patches deployed on the device itself. So we'll have everything we need to then give you all the information required, around vulnerabilities. And in some cases, we'll we'll know the asset exists, but there'll be a gap or there'll be some missing information that we would need to be able to give you a, a a high confidence, vulnerability assessment. And now the great thing with that is we we also if you look at the bottom, we then give you recommendations. So we try to guide the user, on how to actually close those gaps to try and achieve a much higher, coverage rate so that you can get towards that sort of 95% coverage, across your estate so that when you're generating vulnerabilities, you also know that you've got a good coverage across your whole estate. Now, I'll touch on this at the end, but one thing that I want to point out and and, you know, when you look at, you know, what's one of the big benefits that you would use, Armis VMDR? This is one that we're seeing from customers that have engaged and, been involved in some of our early, POVs and and discussions. The time to value with the VMDR is really quick, especially if you're an existing customer. We can we can go. It's really just a quick entitlement that gets added to your existing license, and then we can leverage all of the information that's already in place. So if you've already got, integrations which are giving you, asset information and we're building up the asset intelligence, we can instantly start to pull that across to VMDR, and we can start doing the assessment. So, there's no long deployment period. You don't have to roll anything out to all of your devices to get going. It's just an integration with the SentriX backend, and you can quickly start to get understanding of what your coverage looks like and and then follow the remediation or the recommendations from there to improve that coverage rate. Now, one of the challenges that I mentioned earlier was the scan cycles. I think this is a great visualization of how that plays out in a customer's environment. So if you're running sort of a legacy tool or a a traditional scanning tool that's got maybe a two to four week scanning cycle, you might have it scheduled to run, at, like, midnight where it will run the scan. It will create a snapshot, and it will detect, you know, 50 critical vulnerabilities. And then, maybe later on that same day, an admin comes in and they install a new, piece of software on a host, which is unfortunately known to be vulnerable. Then maybe later in the day, you have another event where someone joins the network using a remote laptop which has not been patched. Now you've got these two events that have occurred after you have done your scan earlier that morning. Then let's say maybe a week later, unfortunately, you've got this attacker who has exploited this 9AM vulnerability. They've seen that you've got this software running which is vulnerable and they've been able to exploit it. Then your scan cycle kicks off after two weeks and you run a new scan and you've detected this new vulnerability and maybe you also detected that you've got this unpatched laptop on the network. It's a bit of a visualization of what the exposure window looks like and the fact that you might have to wait two weeks before you you you pick up on those earlier events. With, Armis VNDR, that's where our continuous assessment really, comes into play, because you've got the asset inventory which is constantly being maintained. And every time a new asset is either detected or an existing asset that we previously knew existed, if if we see a change on that on that device, like an upgrade to the software or new software is being deployed, that instantly triggers a, a reassessment on the asset in VMDR. So we will automatically reassess that asset, and then we will we will detect the new software that was that was deployed. And then you can then start the remediation process. You can prioritize it and reach out to development teams to actually get that, that issue resolved. So, it's a really important part that I want you to take away that we're trying to move away from that periodic or time based scan, and that leaves you open to these, exposure windows. You can actually run a continuous, scanning process so that you're really able to react quickly when a new vulnerability is found. Now, I just wanted to jump quickly in. We've got a few minutes that I'll walk you through what the platform looks like. Hopefully, this is coming through. Jamie, if you're still there. Yes. All good. When you log in to the VMDR platform, this is the homepage that, user will be presented with. The goal here is to give you that high level overview of what does my data coverage, look like. And then you can see we've got some recommendations here as to what I could do to actually improve my overall coverage score. So we're making some suggestions here. You can expand these and you'll be able to get a return on investment for making each of these changes. If I was to do this integration, for example, it would then improve my data coverage for two fifty assets. Maybe I could do a scan policy that could, you know, widen my knowledge. This one's gonna give me five. So it will give you a an understanding of what the return could be for each of these potential suggestions. This one might be one to start with because it's gonna give you over 10,000 assets. So maybe leveraging an existing collector that you've got deployed and trying to do a network scan would be the one that you could probably start with first. But the overall goal is to try and give you an understanding of how you can improve your coverage. Now this view, if you think of those three data sources that I mentioned before, Again, if you're a customer that's new to Armus, then the onboarding step here would be to first build out those integrations to the tools that you've already got in place. If you're leveraging CrowdStrike and Microsoft Intune, you can build integrations to each of those tools using, an API integration so that we can then return, without having to do any scanning, we can just leverage those integrations to build up a list of all of your assets. And then you can deploy scanners, which would be either a collector or you could leverage an EDR agent that you've already got in place. We currently support CrowdStrike EDR, and we've also just added support for Tanium, and there's plans to add more EDR agents in future as well. But ultimately, the first goal is to build up that asset discovery and get a list of the assets that we would be aware of. And then those assets then get compared to our, vulnerability database, which we're, which we are curating on a daily basis to make sure it's up to date with all of those sources. And then we would return a list of vulnerabilities. So we would be able to then show you what findings we find, and we can sort these by, you know, high profile CVEs or early warning CVEs using our threat intel. But the idea here is, like, giving you an understanding of which CVEs have got the most findings in my state, or if you wanted to, you could look at it from an asset perspective. You could look at a particular asset, and we could tell you how many findings be found for that particular asset. The goal here is to try and give you the ability to then deep dive into each of these findings. We will provide, match evidence. We'll also try to surface through some remediation information for each of these findings so that you could follow the next steps, to solve the problem. Now the final part is around, the remediation step. As I said before, it's super important that once we have determined what assets are in our network, we've then done the comparison and we know how many vulnerabilities exist. We would then leverage the power of the Vypr platform to then prioritize those assets, build out the remediation assignment so we know who the owner is of that asset, and then we can use our bidirectional integrations with ticketing platforms like ServiceNow, Zendesk, and ServiceDesk to to then start the process of engaging those teams to carry out remediation steps. Okay. I'll just wait for my screen to okay. So really just just to emphasize the point that with the EMDR, it really does fit neatly into, our overall Armist UVM capabilities. It helps unify, all of that ingest from all of those existing sources and allows you to now extend that to, EDR, and also, leveraging existing collectors to do additional, network scanning, and to really improve your overall asset inventory and then ultimately determine what critical vulnerabilities we we find and then follow the same process, where you can then contextualize those. You can prioritize what you need to fix. You can assign and remediate those to the right teams. And then over time, you can then monitor your progress, report that back to your executives, and show that you're you're really improving your overall security posture and not just reporting on what we're finding. Now, in terms of the value and the benefits, smarter detection. Being able to build that asset inventory without having to deploy, active agents across every, asset. So we can really focus on doing that passive discovery to discover, a large percentage of our assets so that when we do, send it to our, assessment engine, we're able to do that, without having to add the operational overhead that we mentioned, at the start. Accuracy, so using our, AVA database to make sure that when we do report vulnerabilities, they're real issues that, aren't sending your teams after false positives. And we're seeing some really good numbers around, the false positive reduction that we're offering. And both of those combined, they help reduce, the mean time to detection. And, ultimately, with the remediation and the prioritization, we can improve our mean time to remediation as well. And the continuous detection. So remember, it's continuous. If an asset that we see, using any of those integrations that we've got in place or using the collector, if we see that something changes on the asset, if the, software gets upgraded or the OS gets upgraded, we we have an automated process that will do a reassessment of that asset based on that new information. So it's continuous process. You don't need to wait for the next scan cycle. Now it fits into our overall, UVM approach, and you should be able to make use of those improvements in efficiency. So the time that you're saving using a a more traditional scanning tool, you should be able to use that, operational overhead that you were spending. You can devote that to maybe driving remediation, prioritizing what to fix, and you can re repurpose that time in other parts of the business to try and achieve a better overall security posture. Okay. Wrapping up, how would you try to position this to your customers? So for us, there's probably two real key different approaches or at least a different flavor to the approach. If they're an existing Armacentrix customer, and we've seen with this with customers that have that have really, taken this onboard early, the time to value is really quick. Right? You've already got all of these integrations in place. You've already built your asset inventory. Once the entitlement gets enabled, we've seen, approximately around 75% custom or coverage for those customers. So a lot of the heavy lifting is already done. The time to value is really quick. And then the time that you invest after that is really about which scanning types you want to take or make yourself, whether that's the network scanning or leveraging the EDR agents. So you can you've got that efficiency that I mentioned. You can really leverage those existing, integrations. From a procurement point of view, you can it's sold as additional entitlement to to their existing contract. With that entitlement, they will get access to the viper engine for remediation and prioritisation. Now, if they're a net new customer, and we've done quite a few net new customer engagements as well, they can still get rapid deployment. And and what but what I mean by that is it's they would do an API integration with their existing tools. So it's it's there's lots of wizards to be seeing customers get up and up and running really quickly with the integrations that they would wanna leverage as source for their inventory. And then once they've got the inventory built, then they're able to then, establish that high coverage and then start to deploy either virtual collectors to benefit from the network discovery. So the point I'm making is you don't have a big rollout phase where you have to roll out the agent to lots of your hosts. You can get up and running really quickly. And then the onboarding, obviously, we can help with the ask discovery and integration setup. We've got some really great documentation that the team have built to make this easy for you as a partner team to really, help and and really, add that extra value when it comes to you supporting your customers. And again, if you're net new, just remind that they'll be able to then also leverage that, VIPER for remediation and prioritization. Okay. Anything you wanna add there, Jamie, in terms of what I've covered? Or any questions come up so far? Yeah. Indeed. Chris, thank you very much for driving us through that. Appreciate the, the content and particularly with a little demo thrown in there for good luck as well, so thank you. Yeah. There's a few questions. There's a couple of bits. I think you may have covered them off as you went through, actually, but, let me go through them. Just let's just make sure that we have got them done. It's a actually, it's a question around deployment that's here, around how heavy is the deployment? You've talked about collectors and actually the footprint. Actually, there's there's two questions. I'll let me join them back together. So one is a, can, the VMDR product be standalone, or do you actually does it need to be deployed as part of the SentriX? And then as the follow-up to that, actually, around the deployment, what it how heavy is a deployment? Because, obviously, we're changing the game a little bit here where it comes to how a traditional sensor, and vulnerability scanner would put in place. But can you just tell a little bit more around actually the deploy. and the lift and what someone would expect around the requirements between having the full army suite and platform and just stand alone. Yep. Yep. The first one, can these deploys standalone? Absolutely. As part of that standalone deployment, you can leverage the integration capabilities that came with Armacentrix. It uses the same integration catalogue. I think there's 300 plus integrations available. As part of the VMDR asset discovery part, you would leverage those integrations with those existing security tools. That comes as part of the Vmdr license standalone. Similar to how we offer the remediation with the viper license, they all come together as part of your, VMDR license. You don't have to have a SentriX license in place to get benefits from VMDR. We've got some customers who are using it standalone today. Now in terms of the lift, so if you think of integrations, we're focusing on API integration. In terms of deployment, let's say theoretically, you had fifteen secondurity tools in your, in your stack today, and each of those had a, an API integration that we could leverage as part of the, the asset discovery, part of EMDR. It's it's gonna be how long you could determine or build those API integrations. Most cases, those wizards can be done really quickly, but it's it's all based on API, for that initial sort of passive discovery, building of the inventory. Now for the network discovery, if you don't have an agent already or if you don't have a collector already in place, we've got multiple choices for the collector. So you can deploy a physical collector that would need to be shipped to the customer's environment and deployed in their network. That's gonna have a sort of time sensitive, requirement on shipping the collector, having the customer deploy the collector, and then you could benefit from using it after that. What we've seen is if customers are time sensitive and they want to improve their deployment time, you can deploy a virtual collector. A virtual collector can be run-in the environment. It's a virtual machine or a container that would be deployed, And that way, you can speed up your deployment time and start doing your network scans a lot quicker. Awesome. Chris, thank you for that. So I think the the crux there, if I just to to summarize your comment is there are multiple ways that actually VMDR can be deployed. It's not about a a full heavy lift across the whole Centrix platform. It can be stand alone. It can be very lightweight with the integrations. Yep. It. depends upon the environment and how deep we wanna go is, I think, what we've. Yeah. got. And and the key thing for us the key thing for us that you'll hear and see in the documentation, we really focus on doing the passive first. Start with the passive and then look at where your gaps are, and then start to try and bridge the gaps using the recommendations that we give in the MDR. We'll guide you on how to then go from 60% to 70%, 80% and beyond. So that the it does a great job in actually leading customers through the next phase. Excellent. Alright. Question I love this question. I and I'm I'm surprised it took so long for this one to come in. Do you see the VMDR as a replacement to the traditional vulnerability scanner? I think yeah. For for us, we're definitely seeing that as something that customers are looking. I think the space itself is open to a new player in that market. I think we've seen a lot of customers that have rotated through multiple vendors. But yeah, absolutely, we see it as something where you can replace your existing, but we're also seeing customers that are using it as a complementary tool to what they've got in place. It's not always going to require that rip and replace. It might be that you've got a particular gap that you can't solve with your current vendor, and Vmdr can be a great gap filler because we've got those flexible options that we mentioned before. Yeah. Absolutely. No. And and, Chris, let me just add to that. We're we're seeing this this in multiple places as well. We're seeing various ways where some organizations are seeing it. As as Chris said, it's it's the change. It's the upgrade. We're seeing it coexists as well. What we're actually seeing in other places, we've saw we've got a couple of projects where it started off being a VMDR vulnerability project, and then they realized they didn't have the visibility across the whole estate that they needed and actually then went back to being a full centric project. as well. So we're seeing this as. a catalyst to actually for organizations to really understand what is what is the assets in their environment, what are the vulnerabilities we need to know about, But it all starts off with, let me understand what I've got, and I need that insight and that knowledge. So that's great. I see welcome. one. Yeah, there's one question on the chat. Can we rely on the tool to find the team are more vulnerable as on the traditional tools? Brilliant question. I've been involved in a few POVs across the region and it's a common first success criteria that we've seen customers lead with, where they have one of the more traditional approaches. They said, Look, we're seeing 2,000,000 vulnerabilities with our current tool. Success criteria number one, you need to be able to see the same as what we've got. We've been able to match in a really short space of time, we were able to then get to that 2,000,000 number. Absolutely, we're confident in the back end vulnerability assessment tool that we've got, that it will actually match and find the same vulnerabilities you've got with your current tool. Awesome. Excellent. Chris, that brings us to the end, and I've got one more task for you. I probably should have warned you on this one, but I, I thought you'd like a little challenge. Can you give us just a twenty second elevator pitch on what VMDR would be, if someone was going from the Ground Floor to the 4th Floor? They've got twenty seconds, how would you position, the the VMDR in that time? Well, it's a it's a new approach to vulnerability detection. It's leveraging passive scanning, trying to reduce the, operational overhead that you have with traditional approaches, building up the asset inventory, and then comparing that to our vulnerability database. Really trying to focus on reducing overhead, but giving you the same vulnerability information. So hopefully, a great trade off for anyone who's looking to try and solve that particular challenge. Awesome. Chris, thank you. Thank you everybody for attending. Thank you for joining us on the this session today. This recording will be on the partner portal in a couple of days. If you need any more information, please reach out to your your RPM, reach out to me, reach out to Chris. If you are joining us in, forty eight minutes time for the technical session, we will see you then. So thank you for joining, and, Chris, thank you again. Thank you all. Thanks a