This Week in Enterprise Tech 536 Treanscript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Louis Maresca (00:00:00):
On This Week in Enterprise Tech, we have Mr. Brian Chee, Mr. Curtis Franklin back on the show. Attackers are now probing zero day vulnerabilities in edge infrastructure products. We'll talk about what that means for your organization. We also have Vis p Daver, he's Chief Revenue Officer at what Fix. And we're gonna talk about digital adoption platforms or DAPs, which are no code software platforms actually integrate directly with your applications and they really help users adapt and learn quickly. So you definitely should miss it. It's quiet on the set
Podcasts you love from people you trust. This is TWiT
Louis Maresca (00:00:45):
This Week in Enterprise Tech episode 536, recorded March 24th, 2023. You break it. You what? Fix it. This episode of this week in Enterprise Tech is brought to you by miro. Miro is your team's visual platform to connect, collaborate, and create together. Tap into a way to map processes, systems, and plans with the whole team. Get your first three boards for free to start creating your best work yet at miro.com/podcast. And by Melissa, more than 10,000 clients worldwide. Rely on Melissa for full spectrum data quality and ID verification software. Make sure your customer contact YA is up to date. Get started today with 1000 records cleaned for free at melissa.com/twi.
Welcome to TWiT This Week in Enterprise Tech. The show that is dedicated to you, the enterprise professional, the IT pro, and the geek just wants to know how this world's connected. I'm your host, Louis Maresca, your guide to the big world of the enterprise, but I he got you by myself. I need to bring in the professionals and the experts in their field, starting to have our own principle analyst at, I'm dia he is the man that eats and sleeps the enterprise. We have Mr. Curtis Franklin. Curtis, welcome back. You're gearing up for some trips, right?
Curtis Franklin (00:02:05):
Well, they are coming, but before I go anywhere far from home, I've got a conference early next week Enterprise Connect. Then I'm going to be working at MegaCon, the second largest fan event in the nation. Next weekend after that I get to go work with a vendor on their conference. And then two weeks after that it's rsa. So while I do get to sleep at home, I don't get to stay in my office very much over the next few weeks. Sure. Do hope I get a chance to see some members of the TWiT riot though.
Louis Maresca (00:02:40):
Now how you, how large does MegaCon, how many people get that, get in there? Is it hundreds of thousands or is it pretty big la
Curtis Franklin (00:02:45):
Last year it was 140,000 and they are anticipating at least that many this year. The only event that was larger and it was only by a couple thousand attendees was New York Comic-Con. So it promises to be an exciting few days over at the Orange County Convention Center.
Louis Maresca (00:03:06):
Sounds like it, sounds like it. Well, speaking of exciting, I have, we have our favorite network guy on the show today as well. Mr. Brian Chee Heibert. Now speaking of exciting, is this happening at the Orlando Fairgrounds over there?
Brian Chee (00:03:17):
The Orlando Fairgrounds? No. <laugh>? No, not this time. It's a little too big for the fairgrounds actually. Not enough indoor space, but I am, I am finally getting, looks like I'm getting authorization to go spend some money and we're gonna try and see about upgrading the physical network infrastructure for the fairgrounds. I'm gonna be throwing in a whole bunch of single mode fiber in hopes that we'll start off with gig cuz it's nice and inexpensive. But eventually I want to go to either 10 gig or 40 gig for the fairgrounds back backbone ought to be interesting.
Louis Maresca (00:03:59):
Very interesting. I was thinking about actually upgrading my network again, but now that I've had somebody so much trouble, I think I'm tired of playing with it. So I think I'm just gonna leave it alone and see what happens. <Laugh>. Yeah, maybe I'll have to have you come back up and help me cuz I'm, I'm just done with it at this point.
Brian Chee (00:04:13):
Well, it's, it's a lot easier to get up especially with Amtrak running those special deals on the auto train. There you
Louis Maresca (00:04:19):
Go. There you go. Well, thanks guys for being here. We, we have a busy show, so we should definitely get started now. I've always thought that Edge devices could actually help actually protect attacks or against attacks. However, attackers are now probing for zero day vulnerabilities in edge infrastructure products. We'll definitely talk about what that means. We also have BIS behavior, he's Chief revenue Officer at what Fix and we're gonna talk about today. Digital adoption platforms. There are essentially no code software that actually integrates completely with other applications to help your users learn and adapt quickly. Really cool stuff here, so we'll definitely wanna get to that. But before we do, let's go ahead and jump into this week's news. Blips, you might have needed another reason for not trusting kiosk systems because of their vulnerabilities to hackers. And if you did, here's a story from ours, technico that says, hackers were able to drain millions of dollars in digital coins from cryptocurrency ATMs.
Now how did they do this? While they exploited a zero day vulnerability, of course it placed all the customers between a rocket and at hard place by placing them on the hook for losses that can't be reversed. Now the heist targeted ATMs sold by General Bites, accompanied with multiple locations throughout the world, these BMS short for Bitcoin apm ATMs can be set up in convenience stores and other businesses to allow people to exchange Bitcoin for other currencies and vice versa. And our customers connect the BMS to crypto application server to that they can manage their coin or General bikes could manage for them for reasons that aren't entirely clear. The BMS offer an option that allows customers to upload videos from the terminal to CAS using a mechanism as the master server interface. So to pull off the heist, an unknown threat actor exploited a previously known vulnerability that allowed it to use this interface to upload and execute a malicious Java application.
The actor then drained various hot wallets of about 56 B T A C worth, roughly 1.5 million. General bites patched to vulnerability about 15 hours later after learning of it. But due to the way cryptocurrencies work, the losses were unrecoverable. This is how, what happened with this, this is the whole kind of how it print transcribed. The attacker identified a security vulnerability in the master service interface. The ATMs used to upload the videos, the attackers scan the IP address space managed by cloud host Digital Ocean to identify running cas service ports. And in fact, they looked for ways that the server had access to the internet. They exploited the vulnerability. The attacker uploaded the job application directly to the server used by the admin interface. The bad part was the app server was by default configured to start applications right when they were uploaded. Not good.
Once the malicious actor or application executed on the server, threat actor was then able to access the database read and decrypt encoded API keys needed to actually access funds and hot wallets and exchanges. They were able to transfer funds from hot wallets to wallet controlled by their threat actor. They were able to download username and passwords and turn off two FA and access terminal event logs and scan for instances where customers scan private keys At the A T M. I guess this goes to show you secure your devices and ensure that only the services that you need to connect are there. Not all these in other interesting ones. And the more connections you have, the more surface areas there aren't exploit
Curtis Franklin (00:07:44):
Looking for yet. Another reason to hate artificial intelligence, well, here you go. A malicious Facebook account, stealing chat, G P T browser extension for Google Chrome has emerged representing a new variant in a campaign affecting thousands of users daily. The extension discovered by Cardio Labs was downloaded more than 9,000 times before Google removed it from the Chrome store earlier this week. Once installed, the malware exploits the Chrome extension a p I to pill for session. Cookies for Facebook accounts giving threat actors full access to the victim's account. According to an article at Dark Reading, the malware is based on version one 16.6 of the open source project. The fake G P T variant really does only one very specific malicious action and it does it right after installation. The rest is basically the same as the genuine code, so there's no long lasting reason to suspect it.
The extension tries to access any Facebook business account the victim manages. If it succeeds it immediately, it immediately collects all relevant data related to that account, like ongoing promotions, available credit currency, minimum billing threshold, and any linked credit facility. Now this extension is far from the first that users have had to worry about. In August last year, a group of McAfee Labs analysts published a list of five browser extensions that engaged in cookie stuffing. In November, researchers found a Swiss Army knife like malicious browser extension called Cloud nine aimed at Chrome and Microsoft Edge users. This one enabled attackers to seize control of a user's browser session remotely and execute a broad range of attacks. Now, law enforcement agencies around the world are warning users of these attacks and their sponsoring organizations. For example, the Kim Suki group of cyber criminals, also known as Velvet Colema or thum, is thought to be based in North Korea and uses malicious chrome browser extensions as well as app store services to target individuals conducting research on the inter Korean conflict taken together. Well, it's just one more reason to be very, very careful when it comes to trusting artificial intelligence.
Brian Chee (00:10:14):
This PC magazine article, it sounds like the script from a oh oh seven film, you know, maybe a gadget that Q made for us. So anyway, getting onto the article said, we've seen hackers mailing USB drives loaded malware, but now someone in Ecuador has resorted to creating flash drives designed to explode once they connect to a computer. So this last Monday, a local TV network Equi reported a device detonating inside a company newsroom. It turned out the explosion came from a USB drive that was mailed to a journalist at the station. Once it was inserted to a laptop, the flash drive blew up. Although no one was seriously injured. Equi and Ecuadorian authorities released photos and video, which shows the explosion seemed to cause no visible damage inside the newsroom. However, report from Equi says the USB drive contained a common military explosive known as rdx.
The RDX was contained inside a capsule within the U S B drive and only half of the explosive substance went off. Quote, if it had fully activated, the damage could have been higher than what we found according to a police officer. Now the R DX was activated. Oh, my may have been in involved. Well, well the activation of the RDX was imperfect. According to the report, it says it wasn't pulling enough voltage from the com computer's. SB connector funs, a nonprofit dedicated to human rights and free speech noted that journalists at two other media outlets in Ecuador also received bomb laden USB drives and ended up connecting them into computers. But in both cases, the flash drives failed to go off. Now there's a reason why I'm reading this article. It this is real oh oh seven stuff. So realistically, how many of you have had a u USB port on a computer or u SB hub that just doesn't seem to have enough power to charge a phone quickly or even run, say a raspberry pie?
And I think, you know, according to this article and other people floating around the internet, it looks like this is all happening because the journalist that did have the explosion used the hub, and I bet it was a 1.1 hub, so it didn't provide enough power to, to actually set off the explosives. So this is gonna be kind of an interesting report to see how it turns out over time. Anyway talk about a poison pen letter. You know, this is, this is kind of weird maybe we'll see it in the next oh oh seven film. Who knows,
Louis Maresca (00:13:22):
Chad G P T and a lot of large language models are actually known for their ability to generate content, but they're also known for those interesting hallucinations that they do as well. While Stanford's AI language model is no exception to the rule. That's right, according to this register article, the demo of the web demo of the alpac or a small AI language model based on me LAMA system has been taken offline. It's been taken down researchers at Stanford User University due to safety and cost concerns. Now, a group of computer scientists at Stanford University actually fine-tuned Lama to develop alpaca a open source 7 billion parameter model that reportedly cost less than $600 to build. Pretty interesting. Now, the code was released last week on GitHub and it captured the attention of developers after some reportedly managed to get it up and running on raspberry pies, cell phones, computers, even the pixel six smartphone.
Now alpaca was fine tuned with 50,000 tech samples guiding the model into following specific instructions in, in function, more like open AI's text Da Vinci's zero three model known. There is a caveat here. It didn't actually anticipate the hosting costs of it and AC when they actually exposed it to the public. And just like other examples of these models like proximity AI or Bing's original chat, G P T models, content moderation was actually very challenging. In fact, hallucinations in particular seem to be the common failure mode for alpaca even compared to the Da Vinci three, one that's out there today. So they actually took it down very, you know, hallucination in particular seems to be a common failure for the Alka. And of course all the other models that are out there. The interesting thing will be to see how this actually scales going.
For now, I guess this goes to show you scale, test your services or just might rock your bank. Well folks, that does it for the blips. Next up the bites, but before we get to the bites, we have to thank a really great sponsor of This Week in Enterprise Tech. And that's Miro. I got a question for you. Are you and your team still gonna go from tab to tab or tool to tool losing brilliant ideas and important information along the way? Well, with Miro, that doesn't actually need to happen. Murro is the collaborative visual whiteboard that brings all of your great work together, no matter where you are and when you're there, whether you're working from home or in hybrid workplace or everything comes together in one place online. Now at first glance, it might just seem like just a simple digital whiteboard, but Miros capabilities run way beyond that.
It's a visual collaboration tool pack with features for the whole team to build on each other's ideas and create something innovative from anywhere. Now shorten time to launch so your customers get what they need faster. With Miro, you need only one tool to see that vision come together and come to light. Now, planning, researching, brainstorming, designing and feedback cycles that can live all on a Miro board across all teams. And faster input means faster outcomes. In fact, Miro users actually report that the tool increasing project delivery speeds by 29%. That's huge. Now view and share the big picture overview in just a cinch when everyone has a voice and everyone can tap into a single source of truth, your team remains engaged, invested, and most, most importantly, happy. Now cut out any confusion on who needs to do what. By mapping out processes, roles, and timeline, you can actually use several templates in there, including murals, swim lane diagram.
The strategic planning becomes easier when it's visual and accessible. Tap into a way to map processes, systems, and plans with the whole team so they not only view it, but have a chance to give feedback as well. And if you're feeling meaningful fatigue, I know I am mural users report saving up to 80 hours per user. That's a ton per year. Now, just from streamlining those conversations, ready to be part of the more than 1 million users who join Miro every month, get your first three boards for free start working better together at miro.com/podcast. That's M I R o.com/podcast. And we thank Miro for the support of this week and enterprise tech. Well folks, it's time for the bites. Now this week we have an interesting one because we've talked a lot about edge computing devices. In fact, we have a lot of blips sometimes about the fact that some of these networking devices that are out there are being exploited.
But you know, I always thought that most edge devices are really helped to increase the perimeter of your network security or helped to actually increase network security. However, there's some interesting data coming out. Nearly 20% of the zero day flaws that attackers exploited in 2022 were in network security and IT management product. According to a recent report by mania in this dark reading article now, and I also said the data associated with zero day attacks in 2022 actually suggests that threat actors are actually increasing their probing for security weaknesses in edge infrastructure technologies, including those VPNs that are out there, whether it's home or business network, VPNs, firewalls and IT management products out there. Now researchers from Mandy attracted a total of 55. That's right, that's a lot of zero days, zero day vulnerabilities that actually adversaries exploited in malicious campaigns last year and found that 10 of them actually were involved in internet facing edge devices.
Now there is actually a senior analyst at Google Cloud and they said that adversaries are actually focusing on edge technologies like, like this because they perceive enterprise organizations as having fewer capabilities around endpoint detection and response and monitoring. That's because obviously their networks are so big, they're very complex and in fact, IOTs, they're no exception here. They make it actually worse. Now, there's some interesting more data here. The fact that these, that Chinese actors continue to be the most active exploiters of these zero days. And in fact in some cases sometime now, Chinese state sponsors, right, actors exploited more than more zero days in 2022 than any other threat group of the 13, Andy was able to identify seven of those, or more than half involved Chinese advanced persistent threat or a p t group. Now obviously a lot of the cyber attackers out there, they're fine financially motivated, right?
They want to take action and they continue to be another set of adversaries that actively exploit zero day vulnerabilities last year. In fact, throughout that, back in 20 20, 1 of the 16 zero days for which they were able to actually see or or detect four, were using financial motivated attacks. Now, I wanna bring my co back in because this is interesting here because you know, we obviously talk about edge computing quite a bit. I think to me, the biggest threat here seems to be devices that are not updated that often that are maybe internet exposed like iot, but I wanted to get your guys' thoughts. What do you think is obviously from even a small business to an enterprise is the most vulnerable here?
Brian Chee (00:20:30):
Tell it. I'll jump in.
Louis Maresca (00:20:31):
So Curtis was muted. <Laugh>.
Brian Chee (00:20:33):
Oh, anyway, the, anyway, the, I'm just going to do, and I told you. So the 2014 keynote by Dan Gear entitled cybersecurity as real politic. He's been saying, you know, since many, many years before that keynote that the true edge of the enterprise is actually now the home. Well, here, here's the problem, there's awful lot of really good software out there that forces updates, but one of the things that I keep noticing is a lot of these systems, even the really good ones allow grace periods and a lot of remote users, a lot of people that work from home are putting off the updates. And I think that is one of the issues. It's actually bringing, opening up a lot of vulnerabilities. And the other thing is, a lot of homes, a lot of home users, they don't physically separate or they don't separate off their traffic from the kids at all. I've done all kinds and that's, you know, I, you know, I love the munchkins, but they have this bad habit of clicking on just about anything, especially if it's a free game. And kids are a big attack vector. And sorry, parents
Louis Maresca (00:22:09):
<Laugh> did you are good like pointing at me or something like that. Jerry
Curtis Franklin (00:22:14):
Brian Chee (00:22:15):
Louis Maresca (00:22:17):
I think I have at least 400 devices on the network and that's why I've segmented them was two, two totally separate networks. But I'll tell you, a lot of them are iot devices. A lot of them are edge computing devices and a lot of them don't get updated that often. So what do you think Curtis, is this the biggest vulnerability? Is there something else out there that I'm missing?
Curtis Franklin (00:22:36):
Well, I, I think it's important to, to say a couple of things. First, to Brian's point, there are a couple of cybersecurity awareness vendors awareness training vendors who make their products available to the family members of employees. And there are companies out there that have started making that available. Now, you can't require employees, family members to take cybersecurity awareness training, but I think making it available is a very good thing. But the, the article that we were reading from, it's important to note that this is edge security infrastructure devices. These are the firewalls, the filters, the, you know, various pieces of infrastructure that the enterprise has on the ground. And where this is really important is that we've seen a rise in companies offering cloud-based infrastructure. So rather than simply having a firewall, a box that sits in your core stack, you have a a cloud-based appliance.
The best reason for this is, is twofold. One, it covers all of your employees, all of your various productivity edge devices, no matter where they are. That's a good thing. The other is that it tends to be updated on cloud time. You know, I still, I can remember when a lot of companies for their core switches, core routers were on an annual, or at most every six months update schedule. So no matter how often the vendor did updates to the firmware and software, they would update those appliances once or twice a year cause of the disruption it caused to the network to take them down and update them. When you have a cloud service, they're gonna be updating really on a, a more or less constant basis. And that's what we need. When these vulnerabilities are found, when they are published, you've got a matter of hours at best before you start seeing attacks using those vulnerabilities.
And one of the things that's important to note zero days are, are precious commodities in the, the threat world. You, you said it was interesting that almost all the zero days were used against financial institutions costs a lot to develop a zero day. It costs a lot to refine a zero day. And so they're not going to, it's called burning a zero day. You're not gonna use it because once it's been used once, it's no longer a zero day you're not gonna use that unless the potential payoff is high. And that means you're either going to have a good chance of getting some serious coin for that, or you're some sort of nation state actor looking for potentially very valuable data. It's known that the various intelligence agencies around the world have stockpiles of zero days. Most of the criminal organizations, it is assumed have at least small stores of zero days.
If they're gonna use one, you can bet they're gonna try to get the maximum payoff for that, you know, fairly impressive investment that they're making in, in, you know, causing some sort of untoward action. But I, I think it's fascinating. We have really expanded the concept of the edge. You know, in years past the edge was this infrastructure, this network edge, the, the point at which the enterprise met the internet. And now you have probably four times as many of those as you have employees because of all the various connected devices out there in employee's hands. It, it's been a, an order of magnitude increase that for better or for worse has not been matched by an order of magnitude improvement in the effectiveness of all of our edge security policies, products, and strategies.
Louis Maresca (00:27:33):
You know, it's really interesting you're saying that I know just about remote employees in general. I think we, we discussed recently around the last pass issues that they had and the fact that the exploits that happened there were due to people who had access to you know, vulnerable data or, you know, important data from their home computers, they were able to connect. And so those machines actually were overtaken and, and those users credentials were then used then access to right data and to be able to get into the systems and be actually be able to siphon data out. And it brings up an interesting factor here. Obviously you just said, you know, your network is only as secure as some of the edge devices that are being added to the network. And I think the truth of the matter is there's a lot of remote employees out there.
And of course some organizations, they try to make sure that their, their devices are up to date. They use mobile device management software, something to be able to say, Hey, let's make sure that these things are active and up to date. And if they're not, then they can't access resources. And I think that's an interesting way of doing it. However, it doesn't block everything. I I would say that maybe there needs to be some level of additional security that goes on there, especially when accessing data that is customer data or user data or infrastructure that needs to happen even if you're doing it from a remote location. Now, do you guys know of anything that's in the, in the field today that's happening to, to ensure that if you're an sre a site reliability engineer or a network engineer and you're, you're connecting to the infrastructure, to the data in the backend, even from a remote scenario that you would be able to do that securely from a maybe the secure device or maybe a secure VM or something like that? Or is it just really VPNs mostly? Is there any other solutions out there that you guys know? We, we've
Brian Chee (00:29:22):
Had one for a long time. I, I'm a big, big fan of virtual desktop infrastructure, VDI and Microsoft and VMware. And we're actually gonna have a guest on, in the relative to near future from Aircom that are talking about virtual workstations that have implemented zero trust. Being able to go and say, oh, I'm infected, hit a kill switch and I can actually throw away any changes on the virtual desktop. That's been around at least for almost a decade. I personally am very, very happy with Microsoft's solution because my under Hyper V it allows you to play Tetris with a graphics processor. That's something that's actually really hard to do and Hyper V did it great. I was actually able to run Revit, which is an AutoCAD product, very complex. It's a 3D rendering of architectural information and running VDI with Hyper V I was able to go and have students, you know, architectural students go around the university Hawaii and running Revit on iPads and making changes to the 3D models for buildings so we could actually have an as-built model for the bulk of the buildings at the University of Hawaii.
It's very cool. In fact, one of the architects, you know, commercial, you know, professional architects that I worked with was absolutely stunned saying, wow, this is running Revit on an iPad faster than it does my desktop. So VDI is an interesting solution and I encourage our viewers, we will be having aircom on on not too far from now, we're gonna be talking about zero day virtual desktops and you could actually run it just using an iPad or tablet or Chromebook.
Curtis Franklin (00:31:35):
Yeah, and real quickly we know that VDI I is an incredibly secure way of doing things, but for those companies that can't or won't do that, there are products out there from remote policy enforcement to mobile device management. All of these that make sure that any device that connects to your central network has followed certain policies. You know, gen typically involving which version of the operating system they're on, which version of various applications they're on, which applications are allowed to attach. And frequently doing things like partitioning data so that the any corporate data that is on the device is in a lockbox that is not accessible from the rest of the device. So this is one of those things where there are known solutions to the problem. The, the real issue is getting companies to invest in making sure that those known solutions are applied and that people make sure that they use all the tools that are available.
Louis Maresca (00:32:50):
That's great advice. Use all the tools that you've readily available to you. That's right. Thank you, Curtis. Well, folks, I think that does it for the bites cuz we definitely want to get to our guests. We have some interesting thing to talk about there. But, but before we do, we do have to thank another great sponsor of This Week in Enterprise Tech and that's Melissa, the address experts. Now address verification is the foundation for business success. Now what can an accurate address help your business with? Well, about 63% of shopping journeys begin online. Approximately 20% of shipping addresses actually contain spelling mistakes, incorrect postal codes or house numbers and formatting errors. Having solutions like an address audible complete service can ensure new and returning customers always receive their packages on time in the right place. And auto complete service helps lowers cart abandonment, that's right, as well as speeds up the buying process for any customer.
The average large size e-commerce site can give and gained 35% increase in conversion rates by improving a checkout design. At the core of quick, accurate delivery is reliability clean data. That's right. Roughly 41% of consumers say fast delivery is the most critical aspect of their online shopping experience. 56% of those shoppers say that they won't purchase from the same store again if it's unsatisfied with, with the shipping experience. Verified addresses help with marketing campaigns and they, in fact, they even shorten sales cycles. Now retailers rely on default address verification built into their platforms, which is not always accurate or intuitive. Having inline validation, validation corrects addresses as they are actually entered. Now, an an estimated 20 to 40% of customer records in a single marketing campaign are duplicates. Carriers can charge 10 to $15 per parcel for address correction. Now this consequence proves that having an address verification solution will lower unnecessary waste and all of those costs.
Melissa's address verification tools leverage 38 years of address verification expertise flexible to fit any business model. Melissa's global service can verify addresses for 240 countries and counting. To ensure only valid billing and shipping addresses. Enter your system, Melissa's SOC two, HIPAA, and G D P R compliant. So you know, your data is always in the best hands may share your customer contact data is up to date. Get started today with 1000 records clean for free at melissa.com/TWiT. That's melissa.com/TWiT and we thank Melissa for their support of This Week in Enterprise Tech. Well folks, it's now my favorite part of the show to get, to bring the guests to drop some knowledge on the twt riot. Today we have Vispi Daver, he's Chief Revenue Officer at what fix. Welcome to the show, Vispi.
Vispi Daver (00:35:48):
Thanks a lot Lewis. Glad to be here.
Louis Maresca (00:35:51):
Now our our audience is at all different points in their career and a lot of the people who are in the beginning, sometimes even in the middle, they love to hear people's journey through tech and what brought them to their current career. Can you maybe take us through a journey through tech and what brought you to, to Vispi
Vispi Daver (00:36:05):
For sure. I'll go reverse chronologically. So I've been at Vispi for the last five years. I won't get into right now what Vispi does, but a thousand employees software startup grown from zero to a thousand employees in the last five to eight years. And I lead our sales and partnerships. I'm the chief revenue officer. How I got there is even more unique and interesting. I was an angel investor and I was an angel investor in Vispi before being an angel investor, I was a venture investor. I live in the live and work in the San Francisco Bay area. So I was a venture investor with a venture capital fund that invested in enterprise software and left them to decide what to do. And part of that was angel investing and then joining a startup full-time Before that I worked at McAfee, so my old security language was rusty and it got brushed up in the first half of this call. As you guys talked about endpoint security and attacks and all the things that when I first started my career, I was heavily into as a product manager bef before that college and I grew up in Bombay in India. That's a quick background.
Louis Maresca (00:37:09):
That's fantastic. Well, I do wanna jump right into this because this is a really interesting topic the whole concept of digital adoption platform. Can you maybe take us through what that is and what what it can actually do for organizations?
Vispi Daver (00:37:20):
For sure. I'll start with what the problem statements are, Luis, and then talk about what we do. So based on a, a variety of surveys on how many software applications a typical enterprise worker has to access, that number is anywhere between five and 13. Gartner says it's about 13. So imagine I'm in sales, I'm in a thousand employee company, I easily have eight software applications that I have to look at every day from my C R M to my sales automation, et cetera, all of that. Now I've got to function in these software applications successfully, whether I'm an existing employee or a new employee, I've gotta be able to function and complete my business processes in there. Now, the current way of ensuring that happens is to do a lot of training and enablement and make the end users of software technology savvy.
That's the current way. Let's get to the end users. There's a digital transformation project. Let's train them. Let's explain to them how this software works based on how we've configured it for our enterprise. We're turning that around and we're saying that we're gonna make the technology user savvy, so we are gonna isolate parts of the technology that are relevant to that particular end user based on their role and their context. And then we're gonna make that technology to the user so the user can complete their task or their business process, et cetera, all in real time. I was gonna explain after that how it's done, but let me pause that and see if you have any questions on that.
Louis Maresca (00:38:46):
Yeah, I'm really interested in, I want you to go into how it's done because I think you talked a little bit about the fact that these are no code software platforms, so that means that it allows organizations to actually go in and customize these things for, particularly for different types of application services and stuff that they have. Is that correct?
Vispi Daver (00:39:03):
That's a really good one. So now let's say you're a new, you're a enterprise and you've bought an HR software or a sales software obvi, you're gonna have paid a meaningful amount and you're obviously not gonna use it out of the box. You're gonna configure it because the way you hire an employee is different. The way you enter an opportunity in a CRM is different, et cetera. And now you configure it. So that configuration of the software is the start of the difficulty in training your end users. Now your end users have to learn your way of doing it. So what we do in there is we create what we call is overlays that sit on top of all these software applications that are intelligent in guiding you based on who you are towards the task you want to do. If I've logged into my C R M today, it's the end of the quarter and I've logged in to look at what's closing this quarter, what fix is intelligent to know that and contextually understands my role in the system that I'm the cro. Do you want to see a pipeline report of all the 25 deals that are closing in the next week and then we'll show me that. So again, take that example rather than me a user learning the technology to figure out how I get my pipeline report for the end of the quarter, it's serving it up to me. That's what fix that layer being, making the technology user savvy to show the information that I need to execute on. Tons of example
Louis Maresca (00:40:24):
Like that. That that's a great explanation just to get it out of the way. It sounds us like this is a very advanced clippy. Is that right? <Laugh>? You
Vispi Daver (00:40:31):
Know, because I don't No, because of your background. I was expecting that loose just only, only because of your background. I was expecting that hardly ever get it anymore unless there's a, there's a strong tenured Microsoft or on the phone. I would say very different because contextual to user and in the app you are, you are actioning, you're not learning, you are actioning. So let, let me take another example. As a, as an employee in an HR system, at the end of the end of the year, you're doing a performance review. When what fix sits there, we're not what fix isn't telling the employee what to do, what fix is actioning, what grade would you give this direct report of yours and then action it, et cetera in there. So it's, and it's the new world, it's all multiple applications. So all my softwares are all integrated. So one is intelligent knowing what you do, who you are, your context, and the other is integrated. So I have to take a lead from a lead management platform into a crm. After that it goes into a contract contract management system. Then it get executed until I get paid. It passes through six business processes and applications. And I've gotta be able to navigate through all that with the savviness of the technology.
Louis Maresca (00:41:44):
So lemme ask you a question. When an organization wants to implement a D A P for a specific call, you, you gave the HR system example mm-hmm. <Affirmative>, does that mean that somebody has to, who is an expert at the software, somebody will have to go in and actually train, create the workflow for what it wants to actually show to the user. So they kind of build this out using some kind of wizard. How do they, how, how do they go about if they just started on this platform?
Vispi Daver (00:42:05):
Yeah, like I'll take a step back and explain all the use cases. So we have hundreds of customers. They have multiple software applications in each. Now there's broadly two types of software. There's software you purchase, right? And there's software you built at any company, whether you're a tech company or a energy utilities company. Now those softwares are either for internal users or external users. So let's take some examples of each. You buy some hr, e r p finance, CR r m you build random softwares for your internal use. If you're a product development house, you build software like word, you build software like teams, you build all of this and you ship it out. So we work in an integrated manner on all of these softwares, mobile, desktop web, et cetera. Now for the softwares that we have seen multiple times before, which is obviously the ones you have built Microsoft Teams is a ones you have bought rather Microsoft Teams customers.
For example, crm. Hr, we have smart solutions. So these are out of the box templates. The an a good analogy is think of the soft, the digital adoption platform as a canvas. That canvas, you have paintings on 'em. So we have pre-recorded paintings, which are smart solutions that you can fine tune and use, but the power of the solution is in coming up with more valuable paintings based on your own business process. So I'll give you a few examples there. So again, sticking with the canvas onboarding training. These are, you bought a new software, you bought teams new onboard train on teams. Here are some paintings already from what fix on there, but the real value comes in understanding the company and understanding what's super valuable to them. So I'll give you a couple of examples. We have one large customer who sells paint.
The sellers are field sellers who sell paint to wholesalers, retailers, et cetera. Now they have a strong correlation that sales must visit customers in order to do more sales. There's a correlation between being on the field and visiting and sales. Most of their wa FIX paintings had the title visiting in them of some form. So what they did is, before a seller goes out to visit a customer, they must plan their visit in the crm. Their manager must approve that, and when they come back, it must be audited. What did you do? How are our paints, et cetera laid out? They call that a military operation and their revenue numbers are dependent on how many visits occur, what fixes the painting overly on that, ensuring that's occurring in a timely manner at the right time. So several examples like that. Now think of the value that you're driving with that versus anything else. I'll pause there.
Louis Maresca (00:44:41):
Sure. So I, I'd like to relate this a little bit. So I, you know, obviously we, we talked a lot about some of the new generative AI models that are out there. How does it relate to that? I know that I've, I've read a lot about some of the DAPs that are out there that integrate two different applications, whether it's like Salesforce or Slack or something like that, where it can technically bring relevant information to the user based off of their user interactions or so on and so forth. That, is that something that your platform does as well? Is that, is that kind of what's part of D A P as well?
Vispi Daver (00:45:11):
Yeah, so on the L L M and AI piece, some of it's new, so some of it we're thinking through et cetera. Right now we have some thoughts and ideas around that, and some of it just on learning. We've had incorporating the software a lot. So let's say I'm one of a thousand employees in a company I've been using and completing my tasks in a particular software in the, in a certain way. And it's been very successful based on a funnel analysis that's promoted as that's the way to go about it for other users. We have that constantly personalization there. But where chat G P T and others come in is the ability to crawl other knowledge assets and knowledge repositories and bring that content into the application in our paintings and in our workflow. So to further enrich our, our paintings on our canvas, that's one.
Another component which I haven't talked about, which it already exists, is in some software applications, the users want to be more efficient and need to be more efficient by accomplishing more and less time. And in those cases, we automate a lot. So for example, let's say I wanna find out how many days P t O I have left and it takes me 10 screens to get through there in order to find out that I have 18 days left. There's no reason learning desire for me to have to navigate through that. You'll just talk to our system and ask them, how many days do I have left? And we'll extract that from those 10 pages and 10 screens they're using chat t p d to communicate with the software the reverse direction. I've just met Lou, he's really interested in learning more about what fakes. I'll just enter that and that'll automatically sort of populate all of the fields necessarily in all the six or seven platforms that I, that I look at. So there's a few ways we're working on it, but all fairly new from a chat jpd standpoint.
Louis Maresca (00:46:57):
So this is very interesting. I have a lot more to ask, but I suspect that my co-host are also chomping at the bay here, so I wanna throw that to them as well. Curtis wanna go first?
Curtis Franklin (00:47:07):
Sure. Mr. I know that for many companies the idea of how to train their employees on a given piece of software is a huge part of the total cost of ownership because getting them to use a new piece of software or especially if there's a change made to a known piece of software, the the costs are huge. Is that something that you are doing as you help companies help lower that cost to get the the software usable in the hands of the employees?
Vispi Daver (00:47:50):
So Curtis, the answer is yes there. I would say that's that has been the use case for digital adoption consistently. Middle of the bat, those paintings around onboarding, training, change management have always been bought internally the more, and, and it works really well. So to give you some examples, when the pandemic first hit, we had a spike in inbound inquiries because everyone said classroom based training, instructor like training, it's all gone and we have to get something in app for training. So yes, the answer is yes, then a solid way, but to, to sort of inform and, and evolve and explain where we are now. If I look at our, the, I'd say the top 30% of digital adoption professionals in the community, whether with us or with someone else, what they're doing now with it is solving much bigger problems.
The likes of which I described. I'll give you one more example. HR just now, in the last year, unfortunately in the US there was a lot of exiting of employees. Now the painting there in the HR system was how do you exit an employee such that you are compliant to all the local state regulations so that it is not, there's less likelihood of a litigation at the end. Now that painting was created with what fakes as an overlay on the HR system so that the end result there, Curtis was zero chance of litigation. Now think of how much, how valuable that is in the flow of work in addition to onboarding training. Does that make sense?
Curtis Franklin (00:49:22):
It does make sense. And, and that's one of those things that so many companies forget about. You know, onboarding gets huge press. Mm-Hmm. <affirmative>, offboarding, outboarding very little. You know, you, you've talked about this, so I wanted to also ask what is a typical customer Yeah. For your product? Like, it sounds like the sort of thing that would be very useful if I had 15,000 seats. Is that the bottom end of your client base or do you see smaller companies that, that wanna make it take advantage of what you're doing?
Vispi Daver (00:50:08):
Yeah, really good. I'll also answer and benchmark for all of you where the category is today because saying nascent or early adopter doesn't benchmark exactly how many people have adopted. So two-thirds of the Fortune 500 have bought our category and is using it in at least one software process. Two-Thirds of Fortune 500. Now, one of the opportunities for our category is that once you start with a software application, you grow within there. So I'll take the bookends Curtis, to answer your question. We'll have the largest companies in the world, fortune 10 we have 75 Fortune 500. They would use us for multiple software applications and processes. They would have the entire HR stack, et cetera, all with their employees familiar with the what fix overlay on top of it as much, if not more so than the normal ui. But then we also have a set of customers that are building product.
Those sets of customers can be large companies. Cisco's a great example, or they can be smaller product development teams, et cetera, building it. So Lou would be a customer as mi Microsoft in, in one department is, and, and approved to talk about it. So Lou could be a customer, Lou's product manager, could be a customer in Word, et cetera. And Lou's end customers would be a customer. So we have large Fortune 500 that I've deployed teams that are using us on their teams overlay. So goes up Curtis all the way to, I think our largest would be a few hundred thousand employees, if I'm not mistaken. And smallest would be a small SaaS company building product in. The product manager wants to have these overlays on it for their end customers. Does that make sense?
Curtis Franklin (00:51:45):
It, it does make sense. And it, it's starting to put together a full picture of, of the sort of services you provide. Now, do you typically go directly to your customers or does it come in, does your product come in conjunction with say, a consulting contract with a you know, KPMG or you know, company, you know, Accenture company like that typically bring you in on one of their large consulting projects?
Vispi Daver (00:52:18):
Yeah, really good. So we'll have companies coming inbound into our website, filling out forms, et cetera. Those include Fortune 10 all the way down to smb groups. Curtis, they vary from it to learning to sales enablement, H R I S, et cetera, all depending on the application. We'll also prospect directly to them. So we'll also sell directly. We also have two types of software partners, Curtis. One is systems integrators, like the large GSIs who have large transformation projects or they're just embedded in an account and they're growing in that account will also have software vendors as partners. So Microsoft, for example, is a partner. Salesforce is a partner, et cetera. And those software partners, the, the partnership bookends range from a marketplace partnership to their Salesforce selling us or their post Salesforce selling us to ensure adoption of their product. So all of that from a go-to-market direct sales with the appropriate partnership contribution.
Brian Chee (00:53:25):
Wow. Talk about it. All kinds of really cool stuff. Let, let's go and ask some of the questions that I'm sure our viewers want to know. Like for instance I visited Disney last n yesterday, and one thing I noticed is, you know, Disney has an awful lot of people working on all kinds of things. So like for instance, there has been a change to the parking policies at say, Disney. And those employees don't have a desk, they don't have a desktop computer or even a laptop. At best, they're getting their information through a mobile app. Now you mentioned mobile is something like this a WhatsApp comfort zone?
Vispi Daver (00:54:12):
Yes. So mobile's unique in its use cases. Web's unique and desktop's unique in all its use cases on mobile. Your example's a good one. I'll do an analogy. We have a large hotel as a customer. The hotel staff don't have access to a desktop. They access the hotel's application, whether it's HR or others through their mobile phone. So the only way to communicate with them and to change their behavior and the flow of their work is through that. So in your Disney case, as with our hotel case, what fix overlays will appear when they log into the application. That overlay in your case would be a great example of a communication overlay to ensure compliance. The parking process has changed. Here is the new process. Now that's usually good, but not enough. But what what fix can do is actually ensure compliance with that new process. So let's say the I don't know the process change, but the change is no more parking in lot A, it's only in lot B. So let's say if that Disney employee tries to park someone in lot a in the system, it'll block them from doing that and it'll ensure they park in lot B. So yes, you can communicate and you can also ensure behavior there as well.
Brian Chee (00:55:23):
All right, so say for instance, I'm, I say a 10,000 user com medium size corporation mm-hmm. <Affirmative>, what kinds of homework should I be doing before we give you folks a call? You know, what, how much change do I have to make sure I have source code available for you? If we something that we built or what, what's, what's my homework?
Vispi Daver (00:55:52):
Yeah, so no source code, none of that. The integration is fairly seamless. What I'd say, Brian, I'll quote one of our tenured go-to-market folks here, which is the reality is in any enterprise, anyone who owns a product will see a demo of our overlays on top of the product and find it interesting. Almost everyone will. The challenge is finding who's got who's interested enough to buy now and what does that entail? Are you undergoing a change project? Do you have adoption that is way below par? You've bought for a thousand people, but only 500 are using it? Is there a huge issue with enablement and change associated with the application? All of those contribute to who's interested. Now, once that starts, then it propagates into the enterprise and everyone gets interested in having it as part of their application.
Brian Chee (00:56:43):
Okay, so what about our proverbial traveling salesperson? Mm-Hmm. <affirmative>, who is not always connected. In fact, they may not even have a cellular modem, but they connect in, say their hotel room. Mm-Hmm. <affirmative> does what fix allow me to have things that are offline or partially offline?
Vispi Daver (00:57:03):
Yeah. I'll explain to you how it works technically so that we'll answer a few questions. So what, what happens with an end user, the salesperson or any of the thousands of people at an enterprise, they'll log into their application. Let's say it's an HR app they built, they've bought or something they built, are overlays show up seamlessly as part of their workflow in the application, the overlays. They don't need to log into what fix, they don't even know or necessarily need to know what fixes there. So how is that happening? One of two ways. If it's an application where you have access to the code, there'll be a Java script header in the application such that when the application is being called from the cloud, our overlays are being called from our cloud simultaneously and meeting at the end users browser. And the other way, if it's applications that you purchase, like a HR system, et cetera, then there'll be a browser extension on each of the end users that it pushes out. And that's how it shows up in the same way. So all these thousands of end users at our large customers, they don't necess, they don't log into what fix or know about it, whereas seamless and flush with the application. They think it's the underlying application that is intelligent and guiding them through what they need to do. Contextually
Louis Maresca (00:58:13):
Vis, unfortunately, we're running low on time. Thank you so much for being here. We really do appreciate it. Now since we're running low on time, I did wanna give you the chance to tell the folks at home where they can learn more about what fix, maybe how they could get started, how organizations can get in touch.
Vispi Daver (00:58:27):
Yeah, you could go to Vispi.com, www.watfixx.com. There's several ways you can get in touch. Lots of information and content there and form fills based on your need that you can fill out and get there. Thank you.
Louis Maresca (00:58:41):
Thanks again. Well, folks, you've done it again. You sat through another hour. The best saying enterprise and IT podcast in the universe. Definitely tune your podcaster to twt. I wanna thank everyone who makes this show possible, especially to my wonderful co-host, starting with our Mr. Brian Chee sheer, what's going on for you in the coming weeks where couple people find you and get in touch with you?
Brian Chee (00:59:01):
I'm going to try and peel some money out of the central Florida fairgrounds. We're gonna try and buy some fiber optics so that I can start running a minimum of a gig to every single building. If all goes well, every building will be dually connected, and if the ubiquity switches support it, I want to do L A C P so that I can actually do load balancing instead of just failover. So network architecture for the 5 0 1 [inaudible] [inaudible]
Louis Maresca (00:59:36):
Fantastic, thank you. Thanks Chiefer. Well folks, we also have to thank our very own Mr. K Franklin. Curtis, what's coming up for you? Where can people find all of your work?
Curtis Franklin (00:59:45):
Well, the big thing for me is that I've gotten one big research project off my desk. So I get to start looking hard at risk quantification. And I'm gonna be doing that for both internal risk and third party risk. You know, these supply chains, these pesky things can introduce so much risk to an organization. And oddly enough, companies really want to know what that is. So I'm gonna be talking about that. Also dealing with the issue of friction when it comes to processes and procedures. So lots of good stuff for me to be looking at. I'll be doing that while I'm out flying about between one event and another. Hope to see everyone there. And in the meantime, they can follow me on TWiTter at kg four GWA mastodon KG four GWA at sd, I'm sorry, at Mastodon. Do sdf do org, also on LinkedIn. Feel free to follow me there. I'm just everywhere across the social networks.
Louis Maresca (01:00:55):
Thanks, Curtis. Well, we also have to thank you as well. You're the person who drops in each and every week to get your enterprise goodness. So why don't make it easy for you to watch and listen and catch up on your enterprise in IT News. So go to our show page right now, TWiT.tv/twi, though you'll find all the amazing back episodes, the show notes, the co-host information, the guest information, and the links of the stories that we do during the show. But more importantly, right there next to those videos, you'll get those helpful. Subscribe and down the link support the show. Get by getting your audio version, your video version of your choice, and listen on any one of your devices cuz you know we're on all of the podcast applications or pretty much on any platform out there. So definitely check it out and subscribe cuz it's the best way to support the show.
Plus you may have also heard Club TWiT. That's right, it's a members only ad free podcast service with, there's actually a bonus TWI plus feed that you can't get anywhere else. And it's only $7 a month and there's a lot of, there's a ton of things that's great about Club twi. One of them is the exclusive access to the members only Discord server. That's right. You can chat with hosts, producers, there's a ton of discussion channels out there. Lots of fun ones. So definitely check that out. Plus, there's also special events that show up on there. There's a lot of great discussions. Join Club TWiT, be part of that fun in the movement. Go to TWiT tv slash club TWiT. Now, club TWiT also offers corporate group plans as well. That's right. It's a great way to give access to your team, whether it's, you know, your sales department, your IT department, the plans start with five members at a discounted rate of $6 each per month.
And you can add as many seats as you like. And it's a really great way for every team to stay on top of all of our podcasts that we have have out there. Plus just like regular memberships, they can join the TWiT plus bonus feed. They can actually join the, the bonus feed as well as join the Discord server as well. So definitely join and be part of club TWiTter, TWiTter tv slash club TWiT. And after you subscribe, I want you to impress your family members, your friends, your coworkers, give them the gift of TWI each and every week I share it with another coworker and they're always jump right on and listen cuz they got lots of information and lots of interesting stuff to talk about on here. And we definitely guarantee they will enjoy it and find it interesting as well. Now if you've subscribed and you are available on Fridays at 1:30 PM Pacific Time, we do this show live.
That's right, right here, right now, live dot TWiT tv. Just go to that webpage there. They have all the amazing se sessions and streams that are on there. Pick the one that you want to view the show on. Come see how the pizza's made. All the behind the scenes, all the fun stuff, the banter before and after the show. We do it live. And you know what, there's also an amazing i r c channel as well that we have that we, we have some amazing characters in there that we interact with each and every week. Just go to IRC dot twi tv, it'll put you in the TWiT live channel right away. And we get to chat with a lot of fun people in there. In fact, they're, they're hitting us right now with a ton of really funny and interesting and pithy show titles for us for later.
And they keep me laughing and and interested in the show. So thank you guys for being here and being part of that irc.twi.tv. I definitely want you to hit me up, whether it's on TWiTter, that's TWiTter.com/lum. There I post all my enterprise tidbits. I'm also on Macon lum twi social. That's right. You can direct message me, hit me with show ideas, ideas, conversations. I just talked last week a little bit about what I do at Microsoft. In fact once you go check out developers.microsoft.com/office, we post this all the latest to Grace Ways for your customize your office solution. Especially. I was talking a little bit about Office Scripts. That's right, it's that automate tab. If you have Microsoft 365, you open Excel and there's an automate tab. Well that's that my, that's my tab. That's right. That's the best way to create macros in Excel.
Thank you Chiefer, for all your support. And again, before we sign out, I wanna thank our editor for today because they cut out all of the mishaps and the functions that I do and mess up during the show. So thank you for that. Making me look good. Chris, thank you to our TD for today, Mr. An Per, he is a talented guy, content creator does amazing things, but he also does at a great show called Hands on Photography, which actually I learned each and every week from what's going on this weekend in that show. Ant,
Ant Pruitt (01:05:44):
Hey Mr. Lou, thank you so much, sir. Well, this week we dive into a little bit of video and audio editing. Actually, it's more about audio editing. There's a pretty cool AI tool. I know you're tired of hearing about ai, trust me, I am too. But there's a pretty cool AI tool available for everybody to help clean up their audio and try to make their podcast sound better and their video sound better and it's a pretty slick tool. So go check it out. Twit.Tv/H o for hands on photography. Thank you for the support, sir.
Louis Maresca (01:06:18):
I think we better get used to the AI topic cuz I don't think it's going away anytime soon. We'll,
Ant Pruitt (01:06:24):
Louis Maresca (01:06:25):
<Laugh> <laugh>. I know it. I know. Thanks Anne. Well, until next time, I'm Lewis Maki just reminding you, if you want to know what's going on in the enterprise, just keep quiet.
Jonathan Bennett (01:06:37):
Hey, we should talk Linux. It's the operating system that runs the internet, bunch game consoles, cell phones, and maybe even the machine on your desk. You already knew all that. What you may not know is that TWiT now is a show dedicated to it, the Untitled Linux Show. Whether you're a Linux Pro, a burgeoning ciit man, or just curious what the big deal is, you should join us on the Club TWiT Discord every Saturday afternoon for news analysis and tips to sharpen your Linux skills. And then make sure you subscribe to the Club TWiT exclusive Untitled Linux Show. Wait, you're not a Club TWiT member yet. We'll go to TWiT.tv/club TWiT and sign up. Hope to see you there.