Not Another Demo - E11 - ZScaler | CSA West Michigan

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hey everyone and welcome to episode 11 of our series not another demo for those of you that have decided to skip episodes 1 through 10 and jump right into number 11 not another demo is the cloud security alliance west michigan's attempt at changing the narrative and the conversation a little bit with with vendors and making it a real conversation really finding out and learning what's uh what a company is able to do for your organization so as always i've got anthony from the csa with me also today we're joined by pat nicholson and and uh kevin burdock from zscaler and so we're going gonna be talking about i'm guessing like vpn and remote workers and all that sort of good fun stuff today um so with that kevin i'm gonna pass things over to you and let you guys introduce yourself and then um we'll we'll jump right in well matt uh thank you very very much i appreciate the opportunity i think this is a unique way to uh just kind of collaborate you know across the state of michigan and share uh best practices and technology so i appreciate it and anthony thanks for taking time out of your day so kevin burdock was a scalar responsible for uh the the michigan area i'm focused on uh large large uh accounts here and uh just appreciate the opportunity and with me today i have as i call them the security ninja pat nicholson so thanks thanks kevin hey guys thanks for having us pat nicholson uh z scaler sales engineer uh working with kevin as well as another rep by the way of mark binkier i've been with the company for about two years now so excited to chat with uh you folks today about what zscaler does awesome yeah i appreciate you guys um being here as well i'm i'm excited for this one so um so i think it's super relevant for everything that's going on in the world right now so one of the things that i like to do is to start these um presentations with is is just ask a simple question so you know nobody's traveling really right we're all sitting in in offices we've got more vendors than ever are trying to fill up time on our calendars we've got probably more meetings more zoom meetings than ever on our calendars all of that taken into account can you guys give us some reasons or explain why someone should take a meeting with zscaler and spend an hour with you guys yes you know pat maybe i'll jump in just from a high level i think you know uh matt you talked about just how things are changing right if we go back five six months ago people had different uh solutions in place and i think this covid19 has really catapulted technologists and more so security professionals into that arena probably at a at a higher rate of speed than they they probably were planning on it so you know it's it's with everybody pressing to the cloud moving compute to the cloud and applications i think it's relevant now that people are working from anywhere whether it's a coffee shop or at home um how do you secure um that that now work from anywhere and so i think with us and what we bring to the table purpose built for the cloud in the cloud i think that it's it's a perfect opportunity and timing just to learn what we're doing and really uh turning the security uh paradigm on its head right just that's it's that next wave of digital transformation is that security in that cloud so so the question i always like to ask after you know the why why should we take a meeting with z-scaler is what prob business problem are we trying to solve but i think we know that here with z-scaler so i'm going to pivot a little bit and ask a different question how does this differ from a traditional vpn solution sure so uh anthony i'll give you a little bit of background on what zskiller does so um it is somewhere aware we are a cloud security web gateway or proxy in the sky um our users send their traffic either through an agent or a tunnel into our environment um now with a traditional vpn um what we've seen is his customers either have two choices they can either split tunnel that traffic and it goes out kind of naked out to the internet and all their rfc 1918 related traffic an internal traffic is coming over that split tunnel or they're doing a full tunnel meaning that all traffic is coming back to that data center that regional headquarters so customers right now without zscaler have to make a pretty difficult choice either they look at improving the end user's experience by allowing their internet traffic to go direct out that nic card or do they bring everything back to a central security stack impeding on the user's experience but knowing that it's a more secure experience so with zscaler in play what we would suggest is is that all of your internet bound traffic go to one of our data centers so our agent intelligently locates that the closest uh tenant that you work within there that tenant is um managed through our portal um those that portal manages and is in included in over 150 of our data centers so one place to put all your policy up now for your internal related traffic customers can still run a split tunnel or they could look at our z-scaler private access alternative which simply is a new way of providing secure remote access to internal assets without putting the user on the network so we once called it a software defined perimeter uh we're now using terms like zero trust network access but the great thing about zskiller is is that one agent on one machine provides both vpn replacement and secure web gateway functionality so architecturally how does that look so i've got this agent on my work you know laptop and i decide today i don't feel like working in my office i've been sitting here for weeks on end um i'm gonna go to my local coffee shop for the morning and have my coffee and um i'm gonna work there um i understand the uh internet access side of it so you know the traffic's going to your data center um and being inspected and all that fun stuff um but for zpa when i you know i need to get to the server file share um how architecturally is that set up sure sure so like you mentioned with zskiller internet access uh all your internet traffic is going to be scanned i mean through that we have a next generation firewall av detection malware prevention data loss prevention sandboxing all that good stuff but your question is anthony's what happens when i want to reach out to an internal resource so what happens is z-scalar private access is the same agent allows that user to authenticate into the environment through a saml insertion authentication and what we do from an architectural perspective is we place what's called an app connector on the network that contains the asset or application that that remote user needs access to what happens is is that app connector creates a outbound tls connection into our cloud and you working on your agent your agent reaches out and creates a secure tls connection into the cloud through authorization authentication we determine who what your identity is anthony and then we determine what access policies that are granted to you access policies are made up of applications so for instance let's say that you're a third-party vendor or you're an employee you have absolutely no access to anything behind that app connector unless there's a policy written for you so what would happen is is that upon authentication a policy is applied to you and then anthony knowing your identity we would be able to determine if you had access to the file share segment or the web app segment or and we can get his granular down to a specific fqdn or fully qualified domain name and ports and protocols assigned to that unless you qualify for an access policy you have access to nothing because we never place you on the network you can't ping you can't telnet you can't do a port scan you cannot do an nmap none of those things that typically hackers or bad people or even just people interested in learning about their own network with those tools that they would launch none of that works because your session remains in our cloud and our cloud brokers that uh relationship between that app connector and the applications on the network so how are you doing that um technically are you you know if i reach out to an internal resource how does zpa know to move that traffic to the connector on site are you doing it via dns is it you know are you really setting certain ip ranges inside or what's that look like yeah that's right so each connector um is independently installed and configured um they're by the way they're configured in pairs for a redundancy and resiliency perspective but each connector is defined with the app segments or resources that he or he has access to so yes that can be through dns that can be through uh exact fqdn entry it could be a wild card many times our zppa customers will start off with a wild card entry and allow everyone to access the entire network just as if they were running a vpn client um so as our customers kind of grow with the product as they're deploying it they start to put more and more stringent access policies in place so a whole lot of stuff that i want to unpack there something beautiful did happen in that conversation though anthony twice said zpa and uh and pat you you actually spelled out c scalar private access a couple of times so well done there you're following the not another demo rules to a t which is great um anthony we got to work on that a little bit [Laughter] of course i have it um so uh so i want to let's i want to kind of step back to the beginning of that conversation so we talked a little bit about what's happened with covet as people are um you know i think a lot of people kind of unexpectedly had an immediate remote workforce maybe they weren't prepared for it maybe they had some vpn in place but you know it wasn't up to um you know it wasn't up to standards that sort of thing so so maybe that drove a lot of people towards looking down this path but eventually we're going to come to the other side of covet right and and at some point there will be a bit of a balance between you know i mean my guess is a lot of companies are looking at you know do we bring people back do we not do we in some fashion so some so as the pressure of hey all of our workers are working from um unsecure wi-fi all over the place to maybe half of them are back in the office and half of them are not um does that change i i guess does that change the need i hate to use a word but um i guess let's because because i also heard a couple of things in their pad of you're talking about you know i think there's there's some um some usability stuff right as far as keeping your your internet connection local um when you're using g-scaler as well as some security stuff so can can we talk a little bit about um like like post coveter post what we're going through when business settles back down a little bit and and what the value of looking at a z-scaler solution is when we're not hyper focused on remote workers sure sure so let me paint a scenario then uh where we have a potential customer or client that has many remote locations um so yes we've sent those workers home they're coming back home but in order to really uh in order to deliver what the z-scaler internet access platform is providing you would need a number of point products meaning you would need to have a proxy a next generation firewall a sandbox a data loss prevention mechanism you would need endpoint security you would need visibility and monitoring you need some sort of load balancing so really matt our business cases is pre-coded was take a look at the sites that you maintain today do you really need a stack of appliances in that site to protect your users and the answer is absolutely not if you think about the way the transformation is happening applications have left the castle and moat uh kind of design where the moat was the perimeter security architecture the castle is where the jewels were so now that we have things like sas applications and microsoft has done a really good job of kind of driving us to the cloud through office 365. once our applications leave that really determines what we're going to do next with our network and our security so uh i'm going to stop you there um i'm going to say i i i agree z scaler is a great uh tool to add to the arsenal um [Music] but when you say absolutely not you don't need all those other things i'm not getting rid of my edr anytime soon and that's just the fact and while cloud-based and sas applications are definitely becoming more prevalent moving forward on-prem file shares are still a thing and they're going to be a thing for for a long time um so i do want to caution you know uh evangelizing that a little too much well yeah i would well you know what anthony what i was going to what it was going to back up a bit and explain is is that where the the crown jewels are we would still need a traditional security perimeter so my analogy was around a remote site that may not have anything of value in it but yet we're still spending on a stack of equipment for users that have left in applications that are no longer there so yeah you're exactly right but we would never come into a customer and say hey um you can get rid of all your your perimeter security at a data center where you're housing file shares and applications and things of that nature um our our play really is around that remote worker that remote branch uh where there's no reason for us to be spending on even a a a an appliance like a firewall utm you know ours our suggestion would be to push those responsibilities into our cloud and maybe walk with run with something like an sd-wan appliance that can simply have a basic acl on the outside and all traffic is default routed to us maybe maybe another particular use case to to answer anthony and matt's question as far as what how do we see it in the future right so we have a client let's let's not name that client right they use a lot of third parties that come into their organization and then out of their organization and may need access to a particular application that as you defined it as a crown jewel that sits within their network traditionally they would have to go through and spin up different appliances and gain access and things like that and we've been told that it takes a long period of time i've heard anything from three weeks to four plus weeks they might need access to particular environments for a short period of time and so i think as companies do that and leverage outside resources zscaler can help enable getting them access based on policy whether it's external applications or internal applications and and we can do that more effectively and more efficiently so post covid people are still going to be leveraging third parties people are still going to be needing access to critical systems for a short period of time whether it's new development or testing etc um and i think zscaler can enable that and pat maybe you can unpack that a little bit without sharing that client's name well let me let me let me jump in kevin because i i'm not i'm probably not as familiar with some of this stuff as maybe anthony is i don't live in the real world like he does still um i i live in a not real world um but so so let's say i am you know i'm re-looking at the architecture of how my company operates and we're going to spin up a small remote office with 10 people in a neighboring city because we were able to find the employees there that we wanted versus the town that the company is headquartered in um are you guys saying that it's it's a very secure thing to be able to put them you just put them in the office with is with zscaler in place and be able to access all the apps without having to build out the the kind of the traditional security footprint in that remote location yeah correct okay yeah correct what would what we would suggest in that case is use z-skill or internet access to protect their internet traffic and then roll with zscaler private access to be that vpn replacement to get them back into that data center where our important apps still live or leveraging zpa to access a private or public cloud environment as long as the there's an app connector in that environment we can broker that relationship between that asset and the user through our cloud okay so this is where i wanted this conversation to get to because i know in like when covet first happened and people were all panicking about vpn and remote workers and whatever i mean that you know that that's all well and good and i know as and i'm not saying you guys security people and companies in general like like to i hate to say take advantage but we take advantage of situations that come up right and and sometimes acquisitions can be made that are short-term thinking because something happened right and now i need to protect me from this for six months or or whatever that is but i like having this conversation where we're actually talking about fundamentally changing and and making more secure how we're doing our operations not not just now or not just until a vaccine or whatever is the end of kovid but moving forward so does this also do things like make it easier if you say wanted to move buildings or offices or maybe you're renting a place for now and you're building and right i mean does this make your remote staff be i mean much more mobile like you don't care you don't care if they're in a remote office or a coffee shop or at home or on a cruise ship somewhere at that point right no no or back in the office yeah the agent works wherever the user is so um yeah you got it we're making this a more nimble work at home or work from anywhere employee so talk about so you mentioned back in the office are there benefits to people accessing stuff through zscaler if they're even in the office oh yeah a 100 um what we can do in that perspective is is we start to look at eliminating the the necessary stack of equipment that may or may not be present there today so you know a lot of customers are concerned with the lifespan of a security stack as well as the investment but also um as they as you guys are probably aware turning on additional features within a security appliance tends to diminish its performance um and so what we found is is that the need to have an elaborate security stack especially at a site that doesn't really have anything of importance in it other than users is no longer necessary and so we look at things like sd-wan as being an enabler of z-scale as as applications move and people look at the internet as their backbone that's kind of that network transformation where we put an sd-wan appliance in and utilize our stack in the cloud to provide the security front um minimizing the cost of an mpls circuit i no longer have a bunch of point products there the sd-wan appliance though it may have a utm capability we know that turning on additional features drops throughput on these appliances because they've been built for one thing um and then you know once the application leaves and your network is being transformed well then the next transformation stage would be how you deploy security and that's where yeah so and i think that's a great segue so this is the csa um so we should probably talk you know a bit about security as well um so i know you guys are a bit of a swiss army knife as far as you know what features you have in specifically uh internet access yeah um so talk to me about um what kind of other tools i could replace like uh possibly my dns filter that i have through another company that may rhyme with cisco you know you know things of that nature yeah okay so that's actually a very good question um one thing that we do as a proxy which is the foundation of what the product is we don't look at packets like a firewall we look at transactions and we not only uh the mindset that we have with z-scale or private access is zero trust we also carry that mindset into our z scalar internet access platform so in a traditional dns um look up whitelist blacklist type of architecture um let's just use for instance cnn.com cn.com cnn's a hosted domain in the united states been in business for 40 plus years has a great web reputation score it's categorized as a new site so a dns type offering is going to look at cnn.com as a safe destination for the user the user is allowed to go and that's the last time that that architecture looks at that user z scaler actually says yes all those things about cnn are true but we do not trust cnn at all every transaction that that user is performing on that website will be logged and analyzed because we don't know for instance if there's a malicious cdn that's going to route the user to a site we don't know if there's a cross-scripting attack in there we don't know if there's malicious code hiding somewhere within that website so every transaction that that user has and is experiencing with cnn.com is being analyzed for uh by through us is there is there categorically you know you're able to block say i want to block all peer-to-peer you know uh websites and you know uh anything that has malware or hack tools things of that nature those things you can categorically just you know within policy block yeah that's right so i was taking us down a little bit more of a rat hole around how we do that but yes of course from a content url filtering perspective we have those abilities as well as we have a lot of criteria that we can build our policies around so it could be based on an ap group it could be based on a location a department a specific user uh time of day we could put rules around the amount of bandwidth that a user could consume on a web asset we could determine if they can upload to the site but they couldn't download vice versa that's getting more into our casb capability but yes 100 anthony awesome so um when we're also talking about security identity and authorization are you know a big part of that um so you mentioned you know uh that the policies are based around you know identity and you know it knows who you are and therefore we'll route you to the correct location due to the correct policies et cetera um how are you doing that and what identity providers do you support sure uh anything that's saml 2.0 capable really anthony it's pretty broad so most of our customers are of course using azure active directory but that could be your pings your octas um with adfs with uh ad connect um you know anything saml 2.0 capable and so once we have that user's identity depending on the saml assertion process that takes place and the attributes that come over we're able to create very granular policies so if we know that anthony's in i.t he works out of grand rapids um and we know what time he's in the office let's say we could build a very very granular policy on just you um where it acts only in a certain time of day for instance great so i'm going to circle this all the way back around to where we start before i change gears slightly in that you know when we when we look at the question of why should someone spend some time with you it sounds like that that there there is an opportunity here to take a look at yours your entire security operations streamline some stuff maybe make some things more secure so so now we're like completely away from talking about vpn and remote workers right which is which is excellent which which i think is sometimes something that happens right we we get down we get down certain rabbit holes and we don't get out of them so i you know again bringing this conversation back up for anyone that's watching this right i think you uh hopefully you're seeing that there's an entire conversation um to be had here to that i will switch to gears to what does that conversation look like so i i always like to from my perspective in my um in my day-to-day job um i i work with lots of different vendors i see companies acquiring vendors i see companies kicking vendors out on a daily basis and 99 of the time i find that the reason why someone moves away from one technology to another is not necessarily the technology but is the service and sales and support um and all of that stuff so let's talk a little bit first about what the pre-sales motion looks like with you guys and that and and and so talk through a little bit of like you know initial conversations up through you know doing a poc pov whatever acronym you guys use um and then into like to the signing of the po after that i want to talk about what happens after the signing of the po because i think that sometimes is even more important but talk about what um what that pre-sales process looks like with you guys a little bit okay so matt i'll jump in here and i think if i throw any acronyms out there please jump in and correct me but i think our journey starts with a customer excuse me we a prospect right so we engage and we come with perspective whether it's working with different partners or we do our own research we do the best of our ability to understand who they are as a company what are their core objectives and we do several discovery meetings right so it's we want to understand where their current state is and where their desired state so we talk about that and then you know depending on what their particular use case it might be you know web access it might be private access whatever that might be we then construct something and we call it a proof of value so we make sure that we're aligned with the customer what they're trying to achieve and even if it's incrementally right so we look at marginal gains if a customer just wants you know to look at something other than vpn that's what we'll start with and we can grow with them but we clearly understand what their core objective is and we make sure that we deliver on that so as we go through a journey and we enter into a pov which is a proof of value we think our concept works it's all about driving value for the customer and so we we align with that and so on the back side of that pov we're in a position to drive business outcomes for that customer and as we go through that that exercise with the customer we're collaborating all along the way so your traditional approach of post p uh pov contract signature bring in other individuals our team works uh collectively and we start delivering uh right out of the gate and because of the foundation that we've built prior to or in that engagement process we know what the outcomes are what we're supposed to deliver against um and so that's how we engage with the customer and then we'll have 30 60 90 day checkpoints um to make sure that we're achieving those objectives now along the way uh when we engage with customers not only you know from a sales motion pat and i would be working throughout that process we then introduce what we call a technical account manager depending on the size and scope of deployment um it's pretty easy but then we we have a technical account manager that also sits shoulder to shoulder with us and the customer so that as they're going through their journey they know who to talk to and we're still all aligned with those outcomes you take that and we also layer on a customer success manager so we're not a services company we're a software company and um so we're not backing up the truck and saying hey you need a lot of services but we do have those support mechanisms because at the end of the day being a sas solution the customer holds the right to say yes i'm going to renew or no i'm not based on the value that you've delivered commensurate to the investment so i know that's probably long-winded but it all starts with what's most important to the customer and that's driving outcomes for them well i really think it's i mean i think it's one of the most important parts of this conversation that we have though because again you know it's all happy happy joy joy when we sign the po and you know and the the the consumer is excited because they've got a new toy to play with and then the the you know you guys are excited because you've added another logo made another sale um three six nine 12 months from from that moment on 18 months two years down the road you know that i think those are the conversations that i think are are super important to know like if i'm truly going to make this investment in a technology um that that could be right i mean investing in z scalar could be quite quite a big change positive change but quite a big change for an organization you know am i going to see them uh outside of when it's time to sign renewals right because i hear that a lot like you know i never see the not you guys again but i do hear that a lot from um from companies like yeah we only see that vendor when it's time to sign a renewal so i do think it's important that customers know when they're making those investments what it is that they're getting into from a support standpoint so i just i want to i want to kind of double down on that and then pat maybe if you want to jump in on it right so we look at we'll have quarterly business reviews with the client right so if there's a particular let's say we're talking about ssl inspection something like that right that's a component of uh one of our solutions if we think it's critically important for them to do that that's what we're going to be focused on so each quarter we connect with the client we understand okay how are we measuring against what their core objectives were where areas of improvement so it's not hey sign the deal and move on we we truly view it as a partnership um because it's we look at the long game with the customer not just that one instance of of selling them a solution so i can't stress that enough is whether it's quarterly business reviews that we do with customers whether it's executive reporting that we do with we share with like hey the the number of threats that were blocked areas of focus and it's not necessarily from an upsell perspective it's maximizing their current investment and naturally that opens up the doors to say hey you're doing a great job for us here and as something might come up for renewal they might say hey let's take a look at this maybe it's kasbi maybe it's something else just because of our nature and how we're focused on outcomes for the customer so um so to that point again we've we've talked about a lot and you guys have a lot to offer um i hate to coin a phrase because it's probably one that's on the back of our upcoming not another demo t-shirts but companies don't want to boil the ocean right so um can pat maybe you can talk a little bit about um how do people typically start with z-scaler and then kind of build from there so they're not trying to um you know take on everything at the same time so let me start with z-scale private access because that might be a little bit easier to to start this question with our answer so a lot of customers will look at zscaler private access initially as a vpn replacement so from a deployment perspective they simply put a wildcard entry in anyone who has the z scalar agent and who has been identified and authenticated will have the same experience as they did with their vpn client so typically what will happen is we'll run both clients and then we'll move them eventually just the z scaler and then as the customer gets more and more familiar with our deployment team so again the crawl walk run mentality uh the deployment team in the customer will start to uh increasingly develop more complex access policies to start to lock the environment down but initially it's kind of left wide open we have a way to automatically discover applications and build policy off of that so that would be z scale or private access um again left wide open and then we lock it down over time with zscaler internet access because the platform has so many capabilities it really depends on what the customer is attempting to do um again being a cloud proxy at our foundation a lot of customers will simply look at you know what our blue coats are getting long in the tooth we can no longer update and upgrade them their end of sale into support we just want to use you as a gateway excuse me a proxy um so in that case matt what would happen is we would simply load agents onto uh domain users machines as well as we would create either ipsec or gre tunnels from the lan edge into our environment and within just a few hours the customer is taking advantage for clarification is it two separate agents one for private access and internet access are we talking to one agent nope just one agent just one yeah well done well done yeah and now the great thing i was going to mention about zpa real quick is is that again the great thing a lot of our customers enjoy is that once they change networks close their machine what have you with zia and zpa that authentication happens automatically so if you break the link to us you don't have to re-authenticate like with a traditional vpn client so depending on what it is that they would like to consume in our platform we normally start off with basic web and content filtering uh then we will move into um getting ssl inspection enabled because as you guys are probably aware 90 plus percent of the internet now is tied up in tls traffic um and in order for us to apply advanced security policies we need to be able to crack that session open so ssl inspection would normally be the next thing we look at and then um based on what what bundle they had purchased we may enable the cloud firewall we would enable casby maybe if they went a little bit more advanced um data loss cloud access security broker sorry yep got started cloud access security broker excuse me yep i messed up that one but maybe they look at data loss prevention um or maybe we want to start uh including uh our nanolog metadata and have that sent in a syslog fashion so they're on that was going to be my final technical question was yeah this is obviously generating a lot of information and a lot of value um how do i get that into my sim so i can write alerts for things that you know i want to see or you know anything that was possibly missed yep great great question so of course um no security admin wants to be banging around seven different uh portals to try and align what happened right they need the sim is there for a purpose so what we do is uh we provide what's called an analog streaming server it's just a lightweight vm that sits where the sim does um so we take that encrypted and compressed log from our environment and then basically ingest it into a syslog fashion which can be delivered to a sim now we do maintain up to six months of logs in our environment um but any admin really is not going to want to be in our portal then another portal and then looking at their sims well plus there's compliance requirements that are going to require you know holding onto those logs for longer so yep that's correct that's correct but for a company that's maybe in the middle of changing sims or looking at one or doesn't have one because those certainly do still exist they they would have the ability to have at least six months of stuff in your environment am i hearing that right yeah that's right i mean literally matt we could go back and see what you were up to like in april on a sunday right i mean not that you want to know that but we could we could deploy it really report on that so yeah lots of great amazing analytics the ability to craft uh custom reports have those reports launched at will um yeah lots and lots of visibility in the platform awesome well hey guys i am looking at the time and uh as all the good conversations do this one is uh is could just continue on but um i i really pat kevin i want to thank you guys for um for sharing some stuff i i hope this opened up people's minds a little bit again i think we you know i i love it when the conversation kind of stretches out and we talk um you know more more about security um than than features and functions and i think we accomplished everything that i want to do with this um series today so um really appreciate you guys um being a part of episode 11. i can't believe we've gotten to episode 11. um for everyone that's watching this please do all the like and subscribe and share and all of that sort of fun um youtube stuff subscribe to our channel as well um hey we're up to like 220 subscribers now so we're doing all right for a little uh for a little organization so anyways with that um thanks everyone for watching and we'll see you for episode [Music] [Applause] 12. you

Info

Channel: CSA West Michigan

Views: 128

Rating: 5 out of 5

Keywords: csa, csa west michigan, not another demo, zscaler, vpn, remote workers, remote office, covid, 2020, security, cyber security, threat, internet, secure web gateway

Id: ATsk4QaNSSA

Channel Id: undefined

Length: 40min 59sec (2459 seconds)

Published: Thu Oct 22 2020