Securing Your Mission with Microsoft and Ontinue

So, look, good morning, good afternoon, everybody. My name is Robert Breen. I’m part of the Microsoft team that works with nonprofits and and education customers in EMEA. And today, we’re we’re gonna touch on the topic about securing your mission with Microsoft and our our partners in Ontinue. And I’ll I’ll hand over to the guys in a minute or two just to to do their introduction. And but for those of you that don’t know me, I’m I’m part of the Microsoft team for the past three years. And, yeah, working very closely with with Ontinue, and we have Florian and Yannick who’ll be presenting as well today. If you want to go on to the next slide, please, guys. Yeah. So just a a little agenda. We’re gonna touch on Sentinel and scaling security for NGOs and educational organizations. Gonna touch on the Ontinue partnership as well, and then I’ll pass it over to Janik who’s gonna go through and the Ontinue ion MXDR, AI powered MXDR. And then we’re also gonna go through a live demo in Sentinel and ION in action, and then we’ll allow a few minutes at the end for some q and a as well, please. Also, during the call as well, if you’d like to pop any questions or queries that you have into the chat, I’m happy to field them live as well and try and make this as as interactive as possible. And then, yeah, if you can just jump on one, please. Okay. So I’m actually only gonna present one slide today before I pass to the team, but I’m just gonna give you a little bit of an overview about maybe Microsoft and and the Ontinue partnership. We formed a strategic partnership with Ontinue over the last number of years, and it’s around delivering, the managed detection response, and it’s built on Sentinel, Defender, and Entra. We’re working really closely in the nonprofit education space, and we’re offering our customers enterprise grade security and trying to make it as simple, affordable as possible and also conscious about optimizing on cost. So just going to cover what Sentinel is, what benefits that it can offer nonprofits and education, and then a little bit of an overview as to how it works as well. So Sentinel is a modern SIEM. So it’s a security information and event management solution, and it’s powered by AI and automation. So we’re we’re ten minutes into the call on an already mentioned AI, so that’s the a box ticked from Microsoft’s perspective. For nonprofits, one of the main reasons that they use TensorFlow is around detecting phishing attacks, mainly targeting any donor database that they have, so, you know, sense of information. And from an education perspective, it can be used for monitoring student account compromise attempts via N three sixty five. And for for both, you know, can help them to automate responses to ransomware attacks across endpoints and email. And on the slide, if you look to the left hand side, this is where we’re gathering all the data from. So we’re gathering data from your infrastructure, from your devices, from your users, and indeed from your applications. What that information gives us, it gives us an overview, of how we can actually identify any issues. It gives us context that we can give out to you for entity mapping to visualize any threats that you get across your organization. And we also provide case management that enables teams to collaborate and get critical work done. And all of this time, it’s giving you recommendations about what course of action to take against any threats that you come across. Sentinel is built in Azure, but believe it or not, it also helps customers that run-in hybrid environments, multi cloud. So if anyone is using AWS, Google, anyone that’s still using on premise workloads, Samsung is able to cover all of this. From a cost effective benefit, one of the things that you can get from today, and please do reach out to me after the call if you have any queries, so Microsoft is looking to support you with with grants to get Sentinel up and running. We’ve discounted pricing available up until the end of March twenty six, and we’re also providing funded trials and workshops for nonprofits and education customers. Some things that seem to be very important to our UK customers and our Swiss customers is around compliance and data protection. So Sentinel does support data sovereignty and gives role based access control for any sensitive environments, and it can help you meet GDPR requirements. And with that little overview, I’m gonna pass it over to Florian, please. Thank you so much, Rob. So thank you all for joining. I wanna start with something different than just talking about technology. We at Ontinue have been doing security since thirty five years. We come from a company called Open Systems, and we split three years ago to focus only on security, cybersecurity, because we think it’s super important to have that knowledge and and everything that’s needed. But not only that, we have a department focused only on UN NGO. I’m the lucky one to be adding that. And I had this S. O. A. Chitung Digi story. I wanna lie I wanna start with this because I was, I’m from originally from Albania. And nineteen ninety seven has been a very difficult year for us, which was nearly ended to a civil war, let’s say. So my parents did all they could to send me to an to a private school. For us, it was an Austrian private school. And when I went there, we learned that we were sharing the classroom with with orphan children who who used to live in that children village’s village. So why I bring this story is because I was lucky enough to see it firsthand how organizations such as yours, such as Children Villages really do help, the people in need. And until some years back, I was the one taking care of security and connectivity of Children Villages in my role. So I really, was lucky to kind of feel it, go through. And by that, I mean that our your mission becomes ours. Let’s say, you have, little resources on what you do, especially on cybersecurity hygiene and cybersecurity, mission, but your mission on the ground is the one that cannot stop. That’s why a vendor such as on Tinue focuses on this twenty four by seven to enable you to really focus on what matters for your organization. And that’s why it was important to me to mention this. We do this. It’s all our heart. We just came from the NetHop environment, and we see that things are getting slowly. They are trying to get better soon after this difficult year since January. Having that said, I’m the UN NGO head of UN NGO continue. You guys feel free to reach out to us. Janik will go over the demo and over the service to really show you how you would benefit for it. But as Rob said, I’m also saying we have already discounted pricing to be able to support you very quickly. And by that I’ll pass over to Janik. Thank you so much. Thank you, Florian. So picking up where Florian explained where Ontinue stands for and what we do and how we help organizations with their mission, let’s let’s now move a step further and and look how we do that, how we deliver that twenty four seven protection. And as already hinted in the agenda, we are going to split this up in two parts. I first have a few slides reserved to give you the high level overview on how we approach this, how we support, and then afterwards, we are going to park the slides and go straight into demo and show you how that would look like. Now, first of all, one of the most important or the most important service that Ontinue offers is the the monitoring, the reactive support. And for that we focus a lot on being fast and being accurate. So, making sure when something happens that we jump on this really fast, that we investigate it fast and accurate in the sense that we don’t want to create false positives. We really wanna make sure that we filter out what’s not true and that we focus on the real incidents. And what we see here is a timeline that you can expect from Ontinue. This is actually based on a real incident that we had that happened at eight fifty two in the morning quite early. We received some ransomware activity from the security solutions of the customer. This can be one or multiple alarms that hints toward ransomware activity and at that point, it’s very important that we act fast. So as you see, within three minutes here, we already auto isolated the involved devices. So when we are really certain about the accuracy of an alarm, we can automatically isolate device. We don’t even need to wait for some of our defenders to jumble it. No. We have automation for that in place. Then the next step, one minute later, is the AI systems. So now continue also has a check-in the box, I mentioned AI, but we have an AI system that starts investigating already, that starts building a plan of steps, investigation steps to execute. It executes those steps, makes a report and then, by then, a human defender has been assigned to the case and the human defender will investigate the report that AI has generated. Now what’s the the why is this important? It’s because at that point, the heavy lifting, the the the recurring investigation steps are already executed by the AI and the analyst can use his or her expertise to analyze it, validate some a little bit more and then take actions. So, for example, if we need to block a certain indicator of compromise, we can then do that a few minutes later. Some customers, they want a certain level of control where we go to them and ask for approval. That’s perfectly possible. That was the case here and we had to then ask approval from that customer. The customer gets a pop up and I will show that in the demo. The customer approves this also within a few minutes and then the action of blocking the IOC has been executed. When it’s a critical case such as this, we also provide a report the same day or the next day where we see exactly what happened, what we have done, what we have investigated and maybe most important, what are the learnings. So, how can this be prevented in the future? So I wanted to start off with that to give you an idea how the flow like that happens. Now before moving into details, I wanna mention three very important points that Ontinue that represents Ontinue. So first of all, as Ontinue, we only focus on security operations. We do not have other businesses. No. This is really bread and butter SOC services. What’s also unique is that we have a strong focus on Microsoft security. So we have a lot of people that know this inside out and in fact all of our customers, more than two hundred, not all of them NGO, but there’s also a lot of NGO and education in there. They all have Microsoft security architectures. And as a consequence of that, they use Microsoft Sentinel and that means that we leave that Sentinel with them. All the data, all the configurations and detection rules that are configured in that Sentinel solution, they stay with the customer. Now with these three pillars mentioned, let’s have a deeper look at how we deliver that service. So there’s a first part which is very important, the technology part. As I already mentioned, the data stays with you and even more all the security solutions that you have invested in, they stay with you. So this can be the Microsoft Defender stack, which is for us a core solution. So we use as the foundation of our service Microsoft, but you probably also have other solutions. You might use other clouds such as AWS or Google or you might have or probably have firewalls, proxies and IDSs. And of course, our coverage goes beyond Microsoft. Now, the core is Microsoft Sentinel where all the logs come together and now they are stored. And then there is our platform on the right side. We have our platform that we develop ourselves where we have automation, AI, reporting and all of that. And to make then the synergy possible, we connect both environments. That connection is something where we use Microsoft native technologies. So the connection between Sentinel and what we have, we do that with something called Azure Lighthouse and the connection between us and your Defender solution is with APIs that also Microsoft provides. The second important part of the continuous service is the people. So we have a huge team in the back end that delivers the day to day security operations. That’s exactly what you see here on the right side, they are an extension of your team today. So we have, for example, the cyber defenders. They are the people that will provide the twenty four seven service. They are based in different continents. We had they are based in Canada, UK UK, Germany, Switzerland, and India, and they will keep an eye on what’s happening. Next to that, we have the cyber advisers, also a very important aspect of the service. Every customer, small or big, is assigned cyber adviser. This is really a person that will know you, will know your requirements and has also very deep expertise in Microsoft. And he or she will help you in getting the most out of it and you can always ask questions to this person about security, about road map discussions, optimization of Microsoft Sentinel and much more. There’s other team in the back end as well. I will not go in detail of each of them, but for example, a threat hunting team, also important. We conduct threat hunts every week. We also have a vulnerability panelist team. And they they take care of day to day security operations. On the left, we have a whole team, at least equally important because they built the platform. We have a team that develops the AI, we have a team that develops the automation, that develops new use cases, and a team that manages all the threat intelligence that we get from different sources. In total that team is around one hundred and twenty people and they will be protecting you. Then there is also a process involved and I will not go in too much depth in this slide because the present the demo that I will give will cover all these points that is listed here on this slide, but I do want to mention one important aspect. So as as highlighted earlier, we, of course, offer reactive service and with the cyber adviser, we also have a proactive service. But it’s very important that these two work together. So, for example, what we observe in the reactive side, so incidents, and what we learn from these incidents is communicated with a cyber adviser on this side. And that cyber adviser will then work with you to build a plan with different improvement points. So this is really nice how we balance both reactive and proactive side. Now, of course, it’s all nice to see these themes, to see the technology integration, but at the at the end of the day, you want to know what do you still have to do. And let me try to clarify this with this slide, which highlights how many incidents on average we get for a customer per month in Sentinel. So this is a number that represents the average customer size of Ontinue, which is five thousand users. Now just to be clear, we have we range from all the way of fifty, sixty users to sixty thousand, but on average, have five thousand users. And for that customer we get around ten thousand incidents. The AI and automation that we have developed has the ability to narrow that down to four hundred twenty seven. So that means four twenty seven cases we have to still investigate manually. And from those four twenty seven, we escalate thirty three to the customer. This sounds dramatic, but it is usually just an approval that we need from the customer because the customer wants us to. And from those thirty three, twenty one are true positives and we stop in general every case. So at the end of the month, zero breaches and that’s what matters. So with that being said, I will pause the slides right now and I will show you how this comes into action. And I will show you more precisely how the interface from your site would look like if you work with Ontinue. And this will be a combination of a Teams environment, dashboards, and we will also show a little bit of Sentinel. So for that, give me a few seconds to switch my screen to the demo. So what you’re seeing at this moment is the Teams environment, and the Teams environment or the Teams, solution is what we use as the default communication tool with all of our customers. This doesn’t mean that we do not support anything else. We also have the option of sending emails or communicating via phone. But by default, Teams is what we use. And in Teams, we make during the onboarding two channels, one called advice Sorry, Janik. You’re not sharing. I’m not sharing? Right now it stopped. Don’t know why. What about now? Yes. Super. Yeah. And I’m just just wondering for the purpose of this, guys, if we actually drop camera just because it’s coming up on screen quite small, so it might just be visually better if the three of us drop camera, I think. I will zoom in a little bit as well. Yeah. That’s that’s much better. There we go. Thanks, Yannick. So teams, as I mentioned, and there’s two channels that will be created during the onboarding in your tenant, advice and incidents. And the incidents channel is our reactive part of the service. Here is where we will inform you about incidents that require your input or your action. These are escalate, what we call escalate incidents. As we showed in the previous slide as well, this is only a small fraction. It’s around two or three percent of all the incidents that we look at. But those that we need your input, we will summarize them for you. We will tell you what we what actions we already took and what recommendations we are giving. And when we need an approval from your side, we will give you a button available here that you can click. When you click it, you will get this action card. So in this case, we would like to mark this user as compromised in the system and then we can link that with a password reset or something like that. But for the sake of this demo, we need approval. As soon as you click approve, this will be sent back to our system and our system will immediately execute that action. There is no need for us to wait for a cyber defender to jump on this. Immediately, the system will execute this. And the beauty of Teams is that this works on your laptop and it also works on your phone, so regardless where you are, you can look at this and approve or reject. Now, very important is this is not where we store the incidents. The incidents, as mentioned earlier, they stay with you in your Microsoft Sentinel, and that means that every incident including this one can be found back based on the ID number. So, for example, this one zero TAP one zero zero three can be found back in Sentinel with all the context, all the involved alarms. In this one, it’s only one, but with more complex situations, there could be more involved alarms. But most importantly, you have access to the full activity log. And this activity log is very detailed. There is a lot of information there, including the rules that were triggered, comments that were added, status changes and enrichment. All of this is available here. Now, we do not expect our customers to be looking here all the time. They can if they want, if they need a certain visibility, but we have dashboards to abstract them from this complexity. So this is not obligatory. We also, many customers, they have a ticketing system that they use, so we also have the possibility to integrate your Sentinel with your ticketing system, which we will do during the onboarding and then there is a nice synchronization between your Sentinel, your ticketing system, and what Ontinue is doing. And, again, I wanna stress this. The data stays with you including the detection rules. So if for whatever reason you decide to not continue with continue, maybe you’re building your own internal SOC, then the the barrier is just you have to cut the connection and you can move on with the configurations. Moving back to the Teams interface and switching from incidents to advice, advice is what represents the proactive part of our service. And the cyber advisor that I talked about earlier is the person that will be acting in this environment. So, here is a place for you to ask questions. You can write them here in teams. He will answer them here or if needed in a separate meeting, that’s also possible. This can be scheduled. And there’s all kinds of things that you’re going to find here. So different types of information sharing is happening here. Any changes that we make in your Sentinel. So we update and implement continuously new relevant detections in your Sentinel. When we do that, we also let you know. That’s what you’re seeing here. Also, other important security related information such as the monthly patch Tuesday from from Microsoft or when there’s new emerging threats, all of that we will also inform you here about that. Now perhaps more important is your your security posture. And in order to help to improve your security posture, we also want to build a plan, a structured plan with recommendations. And that’s also part of our core service and that plan can always be consulted here at the top in the right corner and looks like this. So it’s really a set of different controls with a priority one to five and each of these controls you can look at, you can open them up, look at the description and the recommendations we are giving. Now, we are building this so that we have a structured plan that we can work out together and the goal is that every month we choose two or three of these points and we work together to implement them. And the cyber adviser will be with you in an advisory role and to help out here. Now we do all these things. We have the primary goal to take care of your security end to end, you don’t need to worry about it. But, of course, at the end of the day, you still would like to know what we are doing. You want visibility. So that’s why we also provide a lot of options for reporting. One of the options is a traditional monthly report, a PDF of twenty, thirty pages, which can always be accessed here under files under reporting. I won’t go through the whole report now, but this report includes all kinds of statistics, dashboards, cases that were analyzed, cases that are closed, threat hunts that we executed, what exactly what threat hunts did we do and what were the outcomes of that, changes that we made in Sentinel, so all of that is in this monthly report. And if you have questions about that, you can always discuss it with a cyber adviser. Of course, you don’t wanna wait until the end of the month to understand what is happening, so we also have real time dashboards available and they are here accessible under this step, ION for Teams. Now before I click on Aisle for Teams, you might see this word Aisle on different places such as here, here, here, and there. ION is the name of our service, short Aisle. So if you were wondering, now you know. And from the ION service, which is includes the AI automation, all of that, there is one part which we make visible to you and that’s the reporting. And that reporting we have integrated in here directly in Teams. So when you click on it, you will get our dashboards, our interface directly accessible. And so what you see here is immediately the cases that we are working on. So three cases in in this demo. And also here, you can see if we need an approval somewhere or not. And then there’s all kinds of high level dashboards that you can consult. So, for example, you can see a summary of how many incidents we have investigated in the last three months and how many of those were escalated to you. If you want to see that in percentages, you can also see that here. And so that’s what I mentioned earlier, only a very small percentage is actually escalated to you. And then you can see that on average we do this within sixteen minutes and then thirty nine minutes are required from the customer in this demo environment. So you can also see there that it’s it’s going to be an exercise of finding that balance in how much you allow us to do without approval and how much you still want control. The more preapproved we have, the faster we can react to incidents and to threats. As also mentioned earlier when I was showing Sentinel, you can find everything back in Sentinel. We don’t expect you to go there. We also give a nice summary here of all the cases, all the cases that work applicable to your environment and you can always filter here to just see the ones that were escalated to you. So these are the cases that were also sent to your Teams environment. And then you can always click on one if you want to see what is happening on the case. And so you see that we show the activity logs that we fetch from your Microsoft Sentinel and we show them here. And then in general, based on these activity logs, you quickly understand what’s going on. But again, if you want then the detail, we provide you this link and you can from this interface switch to your Microsoft Sentinel and get all the details available. And then the final tab here at the top is the environment tab. It’s last but not least, it’s also very important because this defines how we work together. Many customers they say, yes, I have an MDR partner. I’m not happy with it. They don’t really save us time. They don’t really know our environment. It’s very standardized. And that’s what exactly what we want to prevent. And in order to do that, we need to understand how we work together and what’s important for you. So, for example, key assets, which is what we are showing here, is something we want to understand. Key assets such as, let me show some, backup servers, domain controllers, devices from executive people or from management, admin accounts, all of that we want to define those. And then we can give extra focus on these assets. We have detections that take this into account. Our cyber defenders, they will understand what is critical, and we will also configure specific watch lists in your Microsoft Sentinel to really have tailored monitoring of these assets. So that’s really important for us and to really tailor the service. Also, rules of engagement. So we can, as mentioned earlier, take actions for you, a lot of actions including endpoint isolation, execution, a restriction of app execution. We can do password resets. We can soft delete emails, block IOCs. There’s really a lot we can do, but you tell us exactly what we can or allowed to do and whatnot. We make sure that all the needed granularity is there. So we can work with tags, tags for tags for your different devices such as domain controllers and backup servers and we can say for these devices you are allowed to do something and for these devices not at all and maybe for these you need to ask approval. So there’s a lot of granularity. We can also work with time zones. All of that is perfectly possible. The same granularity applies to the escalation. So when something happens, let’s say an incident with level of criticality as critical, we can define a flow, an escalation flow in how we need to reach out to you. Who do we need to contact first? How do we need to contact them? So email, phone as mentioned is also supported. Also, here we can work with time zones and also this is not visible here, but we can’t assign specific people to specific type of devices. Maybe you have someone responsible for laptops and someone responsible for servers or domain controllers. So all of that we can define very granular. Now at the end of the day, our goal is that we only reach out to you when necessary, but you always want to be able to reach out to us when needed. Hopefully, this doesn’t happen, but when something really bad happens, the house is on fire, you need to reach out to us. We are always there for you twenty four seven. So we always have a central number that you can call by phone. That’s always possible, that’s always available. Or there is a second option, which is actually our recommended option. It’s to use the engage button here at the top. So it’s a button available there. We made it in green. It used to be red. Green reduces the distress, so at that moment, every color of green helps. You click on it, you give it a title, you give it a description, and then you press create. Very straightforward. And at that moment, there’s two things that happen. Number one is in Sentinel, it will automatically create an incident, so the documentation starts. And number two, you will get an invitation. You will get an invitation in your calendar and within ten a a Teams link. Sorry. Teams link in your calendar and within officially fifteen minutes, but unofficially within five minutes, you are talking to our cyber defenders. And these cyber defenders are immediately technical experienced people, not like sometimes is the case with other partners where you first have to go to an agent, a non technical person, he or she needs to filter the case, that’s you’re losing time at that moment. So that’s the efficiency we wanna bring with our tool. Good. So I’m going to pause the demo here at this moment. I’m going to stop sharing and bring back up the PowerPoint deck. In fact, there is actually not content left on the PowerPoint deck, so I’m sure if there’s already questions that appeared in the chat so far on the demo. We don’t have any in there as yet. But, yeah, just a reminder, if anybody doesn’t want to pop in a question, please feel free to do so. Just maybe a couple of things, Janik, from my side. And, Mark, I think it’s key that you you pointed out just at the end in terms of the gain gaining access to somebody technical really quickly because then that is the problem even with dealing with with Microsoft Direct that, you know, sometimes you don’t get through to the right level of support straight away. So that’s gonna be a big time saver for customers. There’s also just maybe a couple of things that we haven’t maybe fully covered yet in terms of the, you know, some of the benefits of of work and would continue. Like I said, at the start, we do have customers in the not for profit and education space that are benefiting from using Ontinue. Some customers make a mistake of looking to deploy Sentinel themselves, and part of leads to is, you know, overages in costs. They end up having to take it down and start it start it up from scratch again because it’s just not set up correctly. It’s not tuned for the correct recommendations. It’s not looking at the critical logs correctly. It’s not looking at the right storage tiers. So all of these, if you like, mistakes that people make setting up themselves is something that continue to support in the actual deployment and and just make sure that it’s set up once and set up correctly that the costs are kept under control, which, you know, is a is a key point. So that’s some of the main benefits from my experience that I’ve seen with customers working with working with Ontinue. That that’s a very good point there. And I also want to stress that we have many customers that join on Tenu and have before never seen or worked with Sentinel. And that’s also a burden we wanna take off. So during the onboarding, we will set Sentinel up for you. We will do the configuration and advise you on the best architecture. And then along the way in the partnership, together with your cyber adviser, you can learn about Sentinel. You can learn about features, how to use it if you want to. If you don’t want to, that’s also fine. The same cyber adviser will continuously look at how your Sentinel is configured and how it can be more optimally configured. Maybe there are certain sources that are missing or certain sources that don’t make a lot of sense. Also, the licenses for Microsoft, it’s not always easy to understand what you’re using or how to use them. So at Ontinue, as part of our base service, we help our customers in getting the most out of their investments. There is there’s just a a question popped in there from Chris around, Cyber Advisor and and the plan of action. So, yeah, would the Cyber Advisor work with us on implementing the actions is is the ask from Chris. Maybe if you could just go give a little bit more detail around the the cyber adviser offering, please. Yes. So the cyber adviser will help you with implementing it. Very important is the cyber adviser will not do it for you. He or she stays in an advisory role. But, yeah, the best practice is the advice, the steps, those are shared with you. And, also, in general, it doesn’t need to be from that plan. If you have other questions that we didn’t include in that plan, you can always ask for advice. Thanks, Janik, and thanks, Chris, for the question. Any final thoughts maybe from your side, Florian, at all? No. I’m just we’re open. I really enjoyed the discussion, and I’m we are here for the questions, whoever wants to follow-up. The main goal to go to Chris’ questions, we see ourself as the copilot, and you guys remain the pilot. So you wanna show us the direction. The data remains with you. You show us where to go, and we give our advice the whole time, and we make the best out of it to enable your mission at the end of the day. Thanks, Florian. And then maybe just I’m gonna say a final point for me to reemphasize the the support that Microsoft can offer customers here. You’re talking about support with deployment costs, support with, actually using Sentinel in in the first twelve months after deployment, and but there’s also workshops that we can undertake funded by Microsoft as well. So if you like, that’s the skin in the game from from the Microsoft side. And if anybody’s looking for any information about those programs or support, please feel free to reach out to me directly. You can ping me on Teams or or drop me an email. And Robert Breen at Microsoft dot com is me. But, otherwise, I will look to speak with with you all over the coming weeks, join our next one on ones, and see if there’s any any follow ups needed. And other than that, I think that’s, that’s all from my side. So, Yanik, maybe over to you for any final thoughts? I don’t have any final thoughts this moment. So, yeah, they can as I mentioned, they can always contact us. Get in contact with us as well Ontinue. If you also want to get our inputs on let’s say, for example, you have a certain investment in Microsoft, you want to see how this could replace other tools maybe or how you could get the most out of it, we can also just have a chat on that. And let’s see if there is overlapping tools that you can replace with your existing licenses or maybe licenses for Microsoft that you’re looking at. We can also just, without commitment, just have a chat about that as well. And with that, those are my final thoughts. Lovely. Yeah. Thanks, Janik, and and thanks, Varian, and, indeed, to all the customers for attending I really appreciate it, and I hope you have a great Halloween break this evening. Happy weekend, everyone. Bye, everyone. Bye bye. Take care.