(upbeat music) >> From around the globe, it's theCUBE. With digital coverage of Postgres Vision 2021 brought to you by EDB. >> Well, good day, everybody. John Walls here on theCUBE. We continue our coverage here at Postgres Vision in 2021. Talking today with Andy Harris, who is the Chief Technology Officer at Osirium, a leader in the Privileged Access Management Space, and Andy, good day to you. Thanks for joining us here on theCUBE. >> Good morning to you and good afternoon, yes. >> That's right. Joining us from overseas over in England, we're on this side of the big pond, but nonetheless, we're joined by the power of Zoom. So again, thanks for the time. Andy, for those who aren't familiar who are watching about Osirium, share a little bit about your various service levels of what you provide, the kind of solutions you provide, and how you've achieved a great success in this space. >> Okay. I know these things, mine will be boring. So I'll just put a little slide up now, which is the minimum I think I can get away with which is that we're all about managing privilege. So that's privileged at the endpoint, Privileged Access Management, and Privileged Process Automation. So wherever a CIS admin has to do something on a machine that needs privilege, we like to be involved. Obviously, we like to be able to delegate all the way down to the business functions with Privileged Process Automation and with the EDB or the BDR part of that functionality in EDB that really fits in to our Privileged Access Management. So what I'll do just to take you away from our product. So I'll just quickly show you a slide of the architecture, which is as simple as we have these nodes. If you like the running ADB BDR and they can perform log-ins to a target device using privileged credentials, which we control when we might be really long up to about 128 characters. >> So Andy, if you would, I think you had put together a little show and tell you a demonstration for how when these systems are perhaps under siege if you will. That there are ways in which obviously you've developed to counter this and to be able to continue secure communications, which in the privilege assets world as you know is paramount. >> Yes, indeed. So I'll show you another slide, which gives you a kind of a overview of everything that's going on and you're going to see a little demonstration of two nodes here that has the BDL technology on and they can make these logins, and we have these characters, Bob and Allison. I've just noticed how it marks in department turn Alice to Allison. they should really be Alice because you get Bob, Alice, Carol, Dave, which are the standard encryption users. And what we're going to do is we're going to demonstrate that you can have breaks in the network. So I'm just sharing the network breaks slide. I'm showing the second network break slide. And then we have this function that we've built which we're going to demonstrate for you today, which is called evil beatings. And what it does is whilst there is a politician in the network, we are going to refresh many thousands of times the credentials on the target device. And then we're going to heal the break in the network and then prove that everything is still working. So right now, I'm going to zoom over to my live connection, terminal connections to the machine. And I'm going to run this command here, which is Python EV3. And I'm going to put a hundred cycles in it which is going to do around about 10,000 password refreshes. Okay. And I'm then going to go over to Chrome, and I should have a system here waiting for me. And in this system, you'll see that I've got the device demo and I've got this come online, SSH. And if I click on this I've got a live connection to this machine. Even whilst I have a huge number of queued up and I'll just show you the queued out connections through the admin interface. The system is working extremely hard at the moment. And in fact, if I show you this slide here, you can see that I have all of these queued credential resets and that is giving our system an awful lot of grief. Yeah. I can go back to the device connection and it is all here still top. Why not? And as you can see, it is all working perfectly. And if I was a user of EDB, I think this has to be one of the demonstrations I'd be interested in because it's one of the first things that we did when we dropped that functionality into our products. We wanted to know how well it would work under extreme conditions because you don't think of extreme conditions as normal working, but whenever you have 10 nodes in different countries, there will always be a network break somewhere and someone will always need to be refreshing passwords a ridiculous rates of knots. So Andy let's talk about this kind of the notion that you're providing here, this about accountability and visibility, audit-ability, all these insights that you're providing through this kind of demonstration you've given us how critical is that today, especially when we know there are so many possible intrusions and so many opportunities with legacy systems and new apps and all of this. I mean talking about those three pillars, if you will, the importance of that and what we just saw in terms of providing that peace of mind that everybody wants in their system. >> That's a cracking question. I'm going to enjoy that question. Legacy systems, that's a really good question. If you, we have NHS, which is our national health service and we have hospitals and you have hospitals every country has hospitals. And the equipment that they use like the MRI scanners, the electro-microscope, some of the blood analysis machines, the systems in those costs multiple Gillions of dollars or should use dollars euros, dollars, pounds and the operating systems running those systems, the lifetime of that piece of equipment is much much longer than the lifetime of an operating system. So we glibly throw around this idea of legacy systems and to a hospital that's a system that's a mere five years old and has got to be delivering for another 15 years. But in reality, all of this stuff gets, acquires vulnerabilities because our adversaries the people that want to do organizations bad things ransomware and all the rest of it they are spending all that time learning about the vulnerabilities of old systems. So the beauty of what we do is being able to take those old legacy systems and put a zero trust safety shell around them, and then use extremely long credentials which can't be cracked. And then we make sure that those credentials don't go anywhere near any workstations. But what they do do, is they're inside that ADB database encrypted with a master encryption key, and they make that jump just inside the zero trust boundary so that Bob and Alice outside can get administration connections inside for them to work. So what we're doing is providing safety for those legacy systems. We are also providing an environment for old apps to run in as well. So we have something called a map server which I didn't think you'd asked us that question. I'd have to find you some slides or presentations, which we want to do. We have a map server, which is effectively a very protected window server, and you can put your old applications on them and you can let them age gracefully and carry on running. Dot net 3.5 and all of those old things. And we can map your connection into the older application and then map those connections out. But in terms of the other aspects of it is the hospital stay open 24 hours a day banks run 24 hours a day and they need to be managed from anywhere. We're in a global pandemic, people are working from home. That means that people are working from laptops and all sorts of things that haven't been provisioned by centrality and could all have all sorts of threats and problems to them. And being able to access any time is really important. And because we are changing the credentials on these machines on a regular basis, you cannot lose one. It's absolutely critical. You cannot go around losing Windows active directory domain credentials it just can't be done. And if you have a situation where you've just updated a password and you've had a failure one of those 10 nodes has the correct set of credentials. And when the system heals, you have to work out which one of the 10 it is and the one that did it last must be the one that updates all the other 10 nodes. And I think the important thing is as Osirium we have the responsibility for doing the updates and we have the responsibility for tracking all those things. But we hand the responsibility of making sure that all the other 10 nodes are up to date which just drop it into bi-directional replication and it just happens. And you've seen it happen. I mean, might be just for the fun of it, We'll go back to that demonstration Chrome, and you can see we're still connected to that machine. That's all still running fine but we could go off to our management thing, refresh it and you see that everything there is successful. I can go to a second machine and I can make a second connection to that device. Yet, in the meantime that password has been changed, Oh, I mean, I wouldn't like to tell you how many times it's been changed. I need to be on a slightly different device. I was going to do a reveal password for you, I'll make another connection but the passwords will be typically, do a top on that just to create some more load. But the passwords will typically be... I'll come back to me. They'll typically be 128 characters long. >> Andy, if I could, I mean, 'cause I think you're really showing this very complex set of challenges that you have these days, right? In terms of providing access to multiple devices across, in multiple networking challenges, when you talk to your prospective clients about the kind of how this security perimeters changed, it's very different now than it was four or five years ago. What are the key points that you want them to take away from your discussion about how they have to think about security and access especially in this day and age when we've even seen here in the States. Some very serious intrusions that I think certainly get everybody's attention. >> That's a great question again. They're all... The way that I would answer that question would definitely depend on the continent that I was talking to. But my favorite answer will be a European answer, so I'll give you a European answer. One of the things that you're doing when you come along and provide Privileged Access Management to a traditional IT team, is your taking away the sysadmins right now, before privilege access, they will know the passwords. They will be keeping the passwords in a password vault or something like this. So they own the passwords, they own the credentials. And when you come along with a product like privilege access management you're taking over management of those credentials and you're protecting those systems from a whole wide range of threats. And one of those threats is from the system administrators themselves. And they understand that. So what I would say, it's an interesting question. 'Cause I'm like, I'm thinking I've got two ways of answering I can answer as if I'm talking to management or as if I'm talking to the people who are actually going to use the products and I feel more aligned with the, I feel more aligned with the actual users. >> Yeah, I think let's just, we'll focus on that and I'll let you know, we just have a moment or two left. So if you could maybe boil it down for me a little bit. >> Boiling it down, I would say now look here CIS admins. It's really important that you get your job done but you need to understand that those privileged accounts that you're using on those systems are absolute gold dust if they get into the hands of your adversaries and you need protections income away from those adversaries, but we trust you and we are going to get you the access to your machines as fast as possible. So we're a little bit like a nightclub bouncer but we're like the Heineken of nightclub bounces. When you arrive, we know it's you and we're going to get you to your favorite machine logged on as domain admin, as fast as possible. And while you're there, we're going to cut that session recording of you. And just keep you safe and on the right side. >> All right, I'm going to enjoy my night in the nightclub. Now I can sleep easy tonight knowing that Andy Harris and Osirium are on the case. Thanks, Andy. Andy Harris speaking with us. So the Chief Technology Officer from Osirium as part of our Postgres vision, 2021, coverage here on theCUBE. (upbeat music) >> From theCUBE studios in Palo Alto, in Boston connecting with thought leaders all around the world. This is theCUBE conversation.