In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin and David Ratner, CEO of HYAS, discuss the innovative Adversary Infrastructure Platform and its role in enhancing cybersecurity defenses.
In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with David Ratner to discuss the innovative approach of the Adversary Infrastructure Platform to cybersecurity. The platform focuses on understanding and disrupting communication between attackers and their command and control infrastructure, allowing for quicker detection and response to attacks. It can even identify and shut down masked communication attempts.
The conversation emphasizes the platform's ease of deployment and integration into existing security architectures, making it accessible for organizations of all sizes. David discusses HYAS's research on the future of malware, including the use of generative AI and polymorphic malware. This research aims to stay ahead of evolving threats, helping organizations build effective defenses.
The conversation covers HYAS's research notes on Black Mamba and EyeSpy, which highlight their commitment to understanding attacks and building the right intelligence into the Adversary Infrastructure Platform to detect future threats.
The conversation also explores how the platform provides visibility and observability for CISOs, addressing the concerns of not knowing what is happening in real time within their environments.
The Adversary Infrastructure Platform allows CISOs to implement a comprehensive strategy for prevention and business resiliency, giving them confidence in their ability to detect and respond to anomalous activity.
One of the key strengths of the platform is its flexibility across different devices and network environments. It can be deployed to guard against various operating systems and even IoT and OT devices sending beacons to command and control systems, ensuring comprehensive protection regardless of the devices or connectivity methods being used.
Overall, David provides listeners with insights into the Adversary Infrastructure Platform and its role in enhancing cybersecurity. He highlights the platform's effectiveness in detecting and responding to attacks, its ability to provide real-time visibility, and its flexibility in deployment.
Listen in to gain a better understanding of how the platform works, its research-driven approach, and its potential to improve an organization's security posture.
Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story
Guest: David Ratner, CEO at HYAS [@hyasinc]
On LinkedIn | https://www.linkedin.com/in/davidhratner/
On Twitter | https://twitter.com/davidhratner
Resources
Learn more about HYAS and their offering: https://itspm.ag/hyasl3si
EyeSpy Proof of Concept: https://www.hyas.com/blog/eyespy-proof-of-concept
For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording as errors may exist. At this time we provide it “as it is” and we hope it can be useful for our audience.
_________________________________________
BHUSA _ HYAS Adversary Infrastructure Platform_ Benefits and Capabilities with David Ratner
Sean Martin: And hello, everybody. You're very welcome to a new Redefining Cybersecurity podcast episode here on ITSP Magazine. It's part of our 2023 event coverage, where we get to talk to cool people about cool things, new trends, and new research and new findings. And I'm thrilled to have David Ratner on from HYAS.
David, how are you?
David Ratner: I'm great, Sean. It's a pleasure to be here and thank you for having me.
Sean Martin: It's going to be going to be a good chat. There's so many questions I have already, um, but I'm sure once you start to, uh, explain in, in greater detail from what I've read, what you do at HYAS, uh, I'll have even more.
Uh, before we get to that though, a few words. From you about, uh, your role as a CEO there, um, and maybe your journey and path to, to HYAS, if you don't mind.
David Ratner: Yeah, absolutely. You know, um, uh, for me personally, I'm a PhD computer science guy, and I've always loved roles that blended tech and business and had one foot in technology and one foot in, in go to market.
And on top of that, I've always gravitated towards companies that had the opportunity to really impact millions of people and really change the world. And so HYAS was a very small, you know, company founded, uh, actually on Vancouver Island in British Columbia. HYAS itself is a First Nations word for great or auspicious or powerful, and they had a brand new way of looking at cybersecurity.
Um, when M12 or Microsoft Ventures led the Series A in HYAS, um, M12 brought me in to take it to the next level and really drive it forward, and I've had an absolute, um, uh, amazing time with that journey so far, and I'm incredibly excited about what's, uh, what's to come for HYAS.
Sean Martin: Nice. So one of the, um. One of the things that I read was this, uh, and it may be not, not new for everybody, but it was certainly something I hadn't come across frequently.
And it's a cyber threat adversary infrastructure. Um, so that's a phrase that, uh, I'm not familiar with mine kind of. Breaking down what that is and because that's kind of like the crux of what we're going to be
David Ratner: sure You know, there's so many cybersecurity companies today that try and block this attack or block that attack and the reality is that Attackers are often inventing new techniques and adapting their approaches faster than our defenses are blocking them.
We see every single day a brand new breach despite how much money is going into EDRs and next gen firewalls and all these other kinds of aspects. And so, all of that prevention stuff is necessary. But it's clearly not complete, and it's clearly not a perfect way to keep bad actors out. What HYAS does, and the way we look at the problem in a different way is, regardless of whether a bad actor breaks in by cracking a password, whether they break in through a supply chain attack, a zero day attack, insider risk, phishing, Regardless of how they get a foothold inside the enterprise, and regardless of whether it's a malware attack or malware less attack, one of the first things that has to happen is that attack needs to beacon out for instructions.
It needs to talk to its command and control for lateral motion, for data exfiltration, for privilege escalation, eventually for encryption. All of those kinds of things require communication between your digital spy that's inside the enterprise. And command and control or adversary infrastructure that's outside your enterprise.
And fundamentally that adversary infrastructure had to be set up in advance before the attack could be launched. If you think about a very simple phishing attack that attempts to get me to click on a Bank of America link that's not really a Bank of America site, kinds of stuff. That whole domain and that website and everything had to be created before that email ever landed in my inbox.
And so HYAS sat there and said, look, if you can become an expert in adversary infrastructure, the infrastructure that bad actors use to set up and command and control their attacks, that has to be done before the attack can actually be launched. And so if you can become an expert there, then you can actually do things that other people can't do.
You can see things that other people can't see, and you can actually bring security and proactive protection to a very, very next level. And that's what we're seeing with, uh, in the market today with our solutions.
Sean Martin: All right. I was right. So many questions now that even from just that. So, as you were starting, my mind was going, well, this probably sits between...
Protection and response, and detection and response. Um, I might be mistaken now, having heard what you said. So this sounds more, more along the lines of having the intelligence of what's external to the organization. I don't know if you look at internal as well.
David Ratner: So there's a variety, there's a variety of different ways that our clients use our technology.
Fundamentally, everything that we do is based off of this adversary infrastructure platform. And we I can talk at length about the platform and all the data we gather, but there's unique intelligence inside the platform and the platform is almost a real time representation of what is and isn't adversary infrastructure on the Internet.
So we have this amazing platform. It's all cloud based. It's all extensible, automatic, no humans in the loop, constantly evolving and constantly learning new data. And what's also super interesting about that is, whereas a lot of people have used, you know, allow and deny lists and other kinds of feeds of information.
You know, what that means is that, you know, you subscribe to the FBI report, or you learn a new piece of information, and you say, oh, XYZ2. com is bad. Check. The adversary infrastructure platform is actually based on a very interesting graph database. And so, some of the highest IP is in the data sources we go get, and some are exclusive, and some are private, and some are commercial, and some are open source.
But some of the HYAS IP is in how that all gets assembled in a graph database to build connections and build connections between the nodes. That means that when HYAS learns a new piece of information, like xyz2. com is bad, rather than just updating that little data point, we can update everything else that that's connected to in the graph database.
That's how we can actually stay ahead of attackers and actually know that that domain that just got created five minutes ago, even though it hasn't been used in an attack yet. And may not be used for months when it does show up in the wild is going to be used for nefarious purposes. And we know that today.
Six months ahead of time. We know all that through the use of the intelligence and the way we store and gather data in this adversary infrastructure platform. And so back to how some of the clients use it, some clients use it to simply understand the nature of the attacks that they're facing. And so some might be attacked and sit there and have one jigsaw puzzle piece, one indicator of compromise.
IP or email or a phone number or a malware hash or a. Whatever. And they plug it into this adversary infrastructure platform through one of our products called Highest Insight. And it allows them to map out the complete campaign architecture, understand everything that they need to know, right? Where did this come from?
Who's behind it? What, what other assets do they have? How do I watch them as closely as they're watching me? So in that sense, it, it couldn't even be used. After an attack to understand what do I need to do next? How do I adapt my defenses? Who do I need to look out for? What are they going to come after me with next?
And if I want to involve law enforcement, What information do I give them? If I simply want to proactively protect myself, what alerts do I want to generate? How do I, how do I watch them as closely as they're watching me and know everything I need to know, but other, other, other clients may use it purely as a protective DNS system, as a shield around their enterprise.
And in this sense. You know, in a world where if a bad actor wants to break in, they can't break in. HYAS can simply, as soon as any breach occurs, and as soon as they start beaconing out, HYAS can sit there and say, hey, this communication's anomalous. This communication shouldn't be happening. Let's shut it down.
Let's render that attack inert. Now you can go clean it up before that attack progresses. And in that sense, it's You know, it's much closer to detection and remediation aspects. And so the use of the adversary infrastructure platform changes depending on which product and which use case clients are trying to drive.
Sean Martin: And where, um, where do you see the majority of that coming? Cause I was actually speaking to, uh, an Omnia analyst yesterday talking about proactive protection and this, this concept of, yeah, you do, you do get breached. You close that down. Now, what? Right? Yeah. You don't want to have let it happen again.
Perhaps there's some information sharing. Others can benefit from the learnings there. Um, do you see a lot of it happening there? Or is that a kind of burgeoning space?
David Ratner: Uh, you know, it's a definitely a growing space. When we talk about protective DNS. It's recommended by CISA and the NSA now. They wrote a memo about it.
It's part of their Shields Up initiative. They even mentioned HYAS in their memo. It's a recommended part of SASI. Cyber insurance carriers are starting to ask, do you have protective DNS in their, you know, surveys as they, you know, Look at cyber insurance and how much they're going to insure you for. And we're seeing significant interest, especially internationally as well as domestically, where people are starting to layer this on as part of a security in defense or security in layers approach.
And it's specifically because people are realizing that no matter what I put up across my four walls, Bad actors are going to continue to find innovative ways to break in. It may be through a, a library in a cloud service that I didn't even realize I was using at this point in time. But if you can understand what is and isn't anomalous communication coming out of your enterprise, and you can be an authority on what is and isn't adversary infrastructure, Then you can shut down that breach as quickly as it started and drive the time from infection to detection and remediation to almost near real time kind of aspects that allows you to move from this prevention based strategy, where you hope you don't get attacked to a true business resilience and business continuity strategy, where you can stand up in front of your board or in front of your shareholders and sit there and say, look.
Regardless of how these attacks evolve, regardless of how changing work models happen, I'm confident in our strategy that we've laid out that I can continue to move business forward.
Sean Martin: Yeah. And I want to get to the, the attacks evolving. Cause I know you guys put out, uh, some news and some, some, uh, research you've done.
That's pretty, uh, pretty interesting. So we're going to get to I SPY in a few moments, but I want to stick with the understanding. So help me under, help me understand where this fits within an organization's, uh, security management, security operations program. Um, what, what are they doing now that will look different?
Um, do they, the, does their team look for different things? Are they using different, obviously different tools, but kind of describe to me how this fits in.
David Ratner: Yeah. So, uh, first and foremost, many, uh, companies, many organizations have a threat research, a threat investigative, or even a fraud investigation team, depending on who they are and what their business is and those kinds of aspects.
Oftentimes they may use open source tools or other kinds of forms of intelligence to figure this out. HYAS is. A set of intelligence that they don't have today. It brings to them a set of data that they don't have access to. Um, some of our clients have told us that the use of HYAS helps them close cases three or four X faster than they previously could, which allows them to do more with less resources, allows them to be more effective at their job and actually understand the nature of the threats or find the sources of fraud and actually recover funds and those kinds of aspects.
So, so it, it can fit inside that threat intel team or that fraud investigation team from that perspective. Other clients where protective DNS fits is oftentimes on the IT side of fundamentally how do I protect my organization and my employees in a world where they're constantly moving around, where attacks are constantly evolving.
And Protective DNS is a added layer in a, you know, security and layers approach that complements your EDR, that complements your firewall, that complements your overall XDR approach and actually integrates directly into your SIEM, into your SOAR, into your firewall, into your EDR, XDR solution, so that in some cases, it doesn't even have to be an extra management tool, but simply adds efficacy into everything else that you've built.
And in fact, our protective DNS solution is so flexible that number one, not only can it adapt to whatever the client's architecture and set of components are, so it's not, hey, rip everything out and replace it with this, but we can, through APIs, just integrate it into what you already have. But that architecture is so flexible, we can even put it in front of the OT side of the network, in front of the production side of the house, to, to protect your servers and your databases.
And what we're seeing as attacks evolve today is sometimes they're penetrating an employee or the IT side, or sometimes they're breaking into the production side of the house. And it's important to have the visibility and the observability across your entire network. It and ot.
Sean Martin: Yeah, I'm, I'm, I'm loving the OT scenario.
I mean, or, or even so there's production in that sense, but also, uh, a lot of organizations, pretty much every organization is a tech company at some level. Yeah. And has some engineering and development and, and dev ops going on as well. And I, I presume understanding that picture is useful too. Um, can you describe, I don't, I don't know if there's a, a recent threat that would be top of mind for folks that.
That you helped a client identify and respond to. And I'm not looking for the client's name unless they, they wanted you to say that. But, uh, as a scenario, a use case where perhaps a well known threat. Was responded to more quickly than, than,
David Ratner: you know, um, it, it, it's interesting rather than talk about, you know, specific threats, cause I don't want to get into, you know, specifics of individual clients and, and, and NDAs.
Um, you know, as, as far back as, as SolarWinds, when SolarWinds came out, You know, we talked to our clients about the fact that fundamentally what sunburst malware did is it got into your organization, it laid low for 15 days, and then it would raise its hand and say, Hey, I'm alive. What do you want me to do?
It's that beaconing behavior that we were talking to our clients about that sit there and said, highest will protect you. As soon as that beaconing wakes up, highest sits there and shuts that down and says, this shouldn't be happening. And what we see constantly day after day, there was a recent wave of attacks called decoy dog.
Where fundamentally they were evading EDR, they're breaking into the organization, they're masking their communication with command and control. But it's highest in our use of an adversary infrastructure platform that can nevertheless see that adversarial communication to command and control and therefore shut it down.
There was, uh, you know, we've talked to clients who, you know, have had bad actors inside their network for multiple years. And the reason that they live inside that network for multiple years is they're trying to mask their outbound communication. They're trying to mask the communication with command and control to make the protocol look like a normal protocol or all those different kinds of aspects.
But fundamentally, they're talking to a place that HYAS knows they shouldn't be talking to. And so that's where, you know, one, uh, CTO, uh, in the telecom industry told me, he said, David, HYAS doesn't just find the needle in the haystack. You find the needle in the stack of needles. And it's, it's that, that precision that HYAS can provide that allows us to do things that others can't.
You know, um, there's an organization in Germany called AV Test. An AV test, um, will, you know, do independent third party testing of protective DNS solutions. And they've, I won't name names, but they've tested everyone in the market and when they tested highest. They came back and said, yeah, HYAS actually is the most effective, best protective DNS solution on the planet today.
And again, it's because we take that different approach. It's because we're built on that adversary infrastructure platform and we have intelligence that others don't have.
Sean Martin: And speaking of intelligence that others don't have, um. There are plenty that do have some of this intelligence and they often sit on the other side of the other side of the fence from us trying trying to get at us and certainly the introduction of generative AI has been a hot topic and wondering, I mean, there are easy use cases to To kind of pull together in one's mind, phishing attacks become different, perhaps more effective, more scalable, more targeted, even at the same time.
Um, your team, as part of your research around this infrastructure, put together a tool called iSpy. Tell us a little bit about What that is and, and, uh, why that research is important to you.
David Ratner: Yeah. You know, it's, um, so we're super proud of the fact that we have the most effective and best protective DNS solution on the planet today, but it's not enough to simply protect against today's attacks.
You have to understand where attacks are going in the future, what that future landscape is going to look like and how you build up defenses against it. Before attackers start utilizing it heavily. And so, our research arm, you know, of HYAS, started looking into what does the future of malware look like with generative AI, with LLMs, you know, with polymorphic malware, those kinds of aspects.
Earlier this year, we published a research note, you know, around something called Black Mamba. And then just recently we published, um, a second one called iSpy. And fundamentally, iSpy uses AI to adapt its techniques, to adapt its code in real time, to evade EDR and XDR, and... And is an example of fully, you know, polymorphic AI based malware or, you know, actual cognitive threats that, um, are the kind of thing that we expect to see examples of in the future.
And the whole point of doing this research is if you understand how offense works, then you can build the defenses to defend against it. Remember, the original origin of HYAS was all about looking at attacks in a different way. And rather than playing the cat and mouse game of block this attack, and block that attack, and block that attack, let's understand how attacks work and, oh my god, they all have to beacon out to adversary infrastructure or command and control for...
instructions. So let's focus on that Achilles heel and be better than everyone else at doing this because we've taken a different approach. That's exactly what the research around Black Mamba and iSpy is aiming at, which is how do we understand these attacks so we can build the right telemetry and build the right intelligence into that adversary infrastructure platform so we can be blocking tomorrow's attacks as part of everything that we do.
Sean Martin: Yeah, because I guess on either side of the beacon, it doesn't really, well, I mean, the payload certainly matters if it's built in and doesn't have to beacon, that's a different story. But, but if it, if it doesn't know what it's supposed to do yet, or how it's supposed to do it, when it's supposed to do it,
David Ratner: I think there's a lot of. Learning that we can get from how, you know, communication with these LLMs work and all those different kinds of aspects. It may not look like traditional beaconing does today, right? But there is still, you know, some element of communication as AI adapts its techniques. And as it, you know, figures out how to rewrite its own code so that it is polymorphic, right?
There is some element still of, you know, talking externally for data exfiltration and all these aspects. And so all of this research is really aimed at, so what does that look like? What is the Achilles heel going forward? How do you put the right telemetry and the right set of data? How do we augment?
All of the intelligence that we have today in that adversary infrastructure platform in order to detect these kinds of things in the future and therefore build the best defense by, by leading with understanding how offense works.
Sean Martin: So how do, how do organizations, how much understanding of the inner workings do they need to know about what you do to fit it in properly to what they currently do?
David Ratner: Yeah, you know. A key goal of HYAS is to make sure that we build solutions that are easy to deploy, easy to manage, work standalone, and integrate into your own environment. And so we have clients that have very small IT teams and very limited security. Infrastructure or even security knowledge, and they're able to, this is all SAS, it's all API forward, so they can literally be up and running in minutes, and in many cases, you know, have a very simple mechanism to manage the solution or even manage the solution still through whatever SIM, whatever SOAR, whatever existing tools they're using today, because of our integrations and our API.
You know, we have a Healthcare client that had 23, 000 endpoints. And they had, um, uh, uh, there was a public incident that affected, you know, thousands of customers, them among them. Um, their CISO said, David, we need to deploy this today. We were deployed across all 23, 000 endpoints in 30 minutes. And so it can be one of these things, which is very easy to deploy.
It's very easy to deploy and easy to manage because it's SAS and because of our API integrations, we can make it very easy for our clients to both integrate it into their own environment, as well as integrated into their own existing management tools.
Sean Martin: And, and talk to me, uh, is that the, the CISO level, they're, they're responsible to, uh, communicate with their peers about their, their current exposure and risk level and the controls and everything else that they have in place to remain secure and compliant and all that.
How, how does what you do help them have a better story, tell a better story, uh, in that regard?
David Ratner: Yeah, you know, it was interesting. I was talking with Uh, a couple of different CISOs recently, and you know, one of the biggest questions I always ask people is, so Mr. CISO, what keeps you up at night? What are you most worried about?
And that answer has changed a lot over the last couple of years. Lately, what I'm hearing is a big one is, I don't really know what's happening. In real time inside my environment. I don't have the visibility and the observability that I really need in order to confidently sit there and say, I understand what's happening.
Look, we'll do POCs and we'll do trials and we'll help clients, you know, pro bono, and sometimes we'll find clients where employees are doing Bitcoin mining on their VMs. Sometimes we'll find clients that are accessing adult content in violation of policy controls, you know, from public machines and a variety of other things that aren't necessarily 100% nefarious.
But if that's happening and you don't know about it, what else is happening that you don't know about? And so... You know, to come back to what is, what does this allow CISOs to say, you know, to their peers? Fundamentally, this allows CISOs to sit there and say, I've implemented a strategy, not just for prevention, but for business resiliency.
I can actually feel confident that if something breaks into my environment, I'll be able to detect it before it causes financial damage, before it causes reputational damage, before, I have to go in front of my boss and my board and my customers and sit there and explain everything that happened and honestly risk being fired as a result of having a big major breach.
And this allows them to have the confidence to understand that things will get in no matter how good you build your defenses. Things will get in. This allows them to complement everything they've built from a prevention strategy and actually implement a true business continuity strategy and sit there and say, I feel comfortable now that if something is going on anomalous inside my environment that I understand what it is.
Sean Martin: Yeah. And. So as we begin to wrap here, you can elaborate where I don't get it quite right. For me, the genius is in looking and being intelligent and having the knowledge of what's happening at any moment in time. Regardless of which side of, of the attack is, is being executed in any particular moment. Um, the practitioners, the responders, uh, the CISO and, and his peers in line of business, his or her peers in line of business, can know that any actions being taken.
You're, you're identifying that, uh, in, in real time.
David Ratner: Absolutely. Our protective DNS solution gives them the confidence that anything beaconing out from their enterprise, whether it's from the production network or the corporate network, anything talking to adversary infrastructure will be alerted, can be automatically stopped, attack rendered inert.
Give you that safety and control. Look, some, maybe, maybe you even have consultant laptops that you don't get the opportunity to put the right software on who come and join your network. But as soon as they join your network, you have the ability to sit there and say, is there anything coming off this machine that shouldn't be?
Right? So how do you give CISOs and overall companies the confidence to move business forward, recognizing that there's a set of adapting techniques, there's a set of unknown threats, and bad actors are going to breach your network across a variety of ways. It's about understanding what is and isn't adversary infrastructure and being able to, you know, in near real time, drive the notion of Infection to detection to shut down and remediation, you know, and be able to have the confidence to go do that.
Other clients simply use it to monitor their risks and monitor their threats and understand the nature of the threats that they face and honestly watch what the bad actors are doing just as well as the bad actors are watching them.
Sean Martin: I have one more question cause you touched on it. In one word, uh, workforce, maybe it was two workforce, uh, flexibility or changes there. And as you were just describing your, your point there, I was thinking what you do doesn't rely on a specific device to your point on the, on the consultant, right?
It, it could be windows and Mac Linux, it doesn't matter in the office, outside of the office.
David Ratner: It could be anything. And in fact, you know, we, we, we saw a couple of years ago, an example of where a enterprise was breached through the connected coffee pot. Right. We're seeing increased notion of smart devices, whether it's smart printers or smart coffee pots or other kinds of IoT devices inside the enterprise, whether it's on the IT side or on the factory floor, that may not be able to run traditional software.
Right. You know, kind of security software. But ultimately everything still uses the network, right? And so as soon as these devices are on the network and as soon as they use that network to beacon out to adversary infrastructure, that's where the intelligence of the highest adversary infrastructure platform comes into play.
Sean Martin: Super cool, David. Super cool. I'm glad I got to, uh, to chat with you today. Um, For those who want the same and even better experience, they can, they can meet with you in Las Vegas at Black Hat, right?
David Ratner: Absolutely. We'll be at Black Hat. We, um, on Wednesday and Thursday morning from eight to 10 AM, we sponsor the Highest Hangover Bar.
Um, please come and join. I know that a lot of people end up staying late nights in Vegas and we have everything you need in order to recover and get ready for your day the next day. So we have the Highest Hangover Bar. We'll have, um... Uh, a suite for private meetings. You're welcome to reach out and book a private meeting, but you know, you're also welcome to reach out even after Black Hat as well on www.
highest. com. And we're always happy to talk to people about their current business problems and how we might be able to help.
Sean Martin: Very good. Very good. So, um, yeah, for those listening, we'll put a link of course, to, uh, to connect with the Highest team via the website and, uh, your profile. David. So, so folks can connect with you, uh, through social media and whatnot.
And, uh, yeah, hopefully they get a chance to chat with you in the team in Las Vegas. I'm sure they're going to have many more questions that I'm unable to ask. But, uh, I appreciate you taking the time to give us an update on, uh, who, who and what HYAS is and does and, uh, the value that you bring and I learned a ton today.
So thanks.
David Ratner: Hey, I really appreciate the opportunity, Sean. And I look forward to seeing you next week in Las Vegas as well.
Sounds good.