>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>> Narrator: Live from Madrid, Spain, it's theCUBE, covering HPE Discover Madrid 2017, brought to you by Hewlett Packard Enterprise. >> Welcome back to Madrid, Spain, everybody. This is theCUBE, the leader in live tech coverage, and this is day two of our exclusive coverage of HPE Discover 2017. I'm Dave Vellante with my co-host Peter Burris. Last night was a great night of customer meetings. We stumbled into the CIO meeting, we were at the-- >> And were quickly ushered out. (both laugh) >> We were at the analyst event, and of course we met our good friend Dr. Tom Bradicich at the analyst meeting. This is the man who brought a lot of the IOT Initiative into HPE. He's the general manager of the IOT and Systems division. Great to see you again, Dr. Tom. Thanks so much for coming on. >> Thank you Dave and Peter, it's great to be here at theCUBE, great to be here at HPE Discover Madrid. Lots of great things happening, I can't wait to tell you about 'em. >> So we're very excited to have you on. John Furg and I interviewed you in the very early days after you came over from your previous company, and you had this sort of vision of, you know, bringing the HPE into the intelligent edge. >> Yes. >> And we're like okay, this sounds really complicated. You got ecosystem, you got all kinds of technologies that you gotta develop. Hardware, software. And you're making it happen. It's become a meaningful portion of HPE's business, so I know you got a long way to go, but congratulations on the progress so far. >> Thank you. Give us the update on the-- >> Well, first of all, thank you for that, I appreciate it. I must give credit to my team, I tell them all the time that if you don't execute and do the work, I'm just a science fiction writer. (interviewers laugh) And the vision has come about, and we have real customer deployments of course that the, you know, the proof of it. >> Right. >> At first we had no products and no customers, now we have these products that we'll talk about, and we have the customer deployments, and we're changing things for businesses at the edge, and again the edge is just not the data center. And the manufacturing floor, we'll talk about refineries, oil rigs, those type of edges. We're doing a lot of work there. And it's been exciting to see the ideas that we have get adopted by not only customers, but the industry, so we're seeing other analysts pick up on two dimensions: computing at the edge, and a little more complicated one, a little more difficult to grasp, is converged OT and IT at the edge, the two worlds of operational technology converging with IT. We were on theCUBE talking with an OT partner, National Instruments, a long while ago, and now we literally have those products in the market in the hands of customers. National Instruments is reselling the Edgeline 1000, the Edgeline 4000 products, as well as of course us selling it, and it's pretty exciting to see this happening. >> Well what I love about that conversation is, you know, when we first started to talk to you, we said okay, let's play the skeptic, analysts are skeptic. >> Sure. >> And we said one of the big problems you're gonna face is bringing the organizations together, OT and IT. They're just different worlds, oil and water, you know, you got hardcore engineers and you got IT guys, and then subsequent to that conversation, you bring on National Instrument, right? >> Yes. >> And we have that conversation. Okay, so we sit down, I check that box, at least they're having conversations. Can you talk about how that convergence is actually occurring, and what's in it for the customer? >> Well great. To talk about this convergence, the best thing to do is say it can happen at several levels. It can happen at a solutions level, it can happen at a software level and a hardware, physical level. Let's talk about a physical level, it's a little more tangible to understand. Let me use the smartphone, which everybody has. Like Peter, you have one there. If you hold that up, you will notice inside the manufacturer of that phone converged, or integrated, those are synonyms, many consumer devices. Such as what? A music player, of course, the phone, of course. But also many other things. A GPS system. >> Camera. >> A camera. The list goes on, right? We can go on. Oh, the flashlight, and by the way, your wallet. Maybe not your wallet, but a millennial and younger's wallet-- >> Yeah, sure. >> Is in that phone. >> My wallet's in it. >> My wallet's in it. >> In it, and-- >> Venmo, baby. >> That's right. (all laugh) >> I have my kids' wallets in there too. >> Oh that's great, you've done that switch. So what is happening there obviously is the notion of we're, you know, software defining and we're converging. Now the benefits of that are irrefutable. One thing you buy, it's less energy. One thing to manage, the convenience of carrying it around. Let's take that metaphor and impute it at, let me say a manufacturing floor edge. There's lots of edges out there. We go to a manufacturing floor edge, we see several devices, just like the early pioneers of the smartphone saw a consumer with a camera around his neck, a GPS on his belt, text, right, a flashlight, a wallet, and all this. We see all these devices out there, and what are they? Some of 'em are OT, as you mentioned. Operational technology devices such as control systems, such as data acquisition systems. >> Real-time systems. >> Real-time systems, industrial networks. CAN, PROFIBUS, SCADA solutions and networks. And the second thing we see is some IT. Most of it's closed, so this is important. It's good IT, meaning computing and storage, but a lot of it is closed systems. It's not the open EXEDY 6 architecture that we so enjoy in the data center. So those things are out there. We looked at 'em and we put them all in one box, just like the smartphone is one device. What are the benefits? Lower space, there's not a lot of space at the edge. Lower energy, there's not a lot of energy, right, at the edge. But the more profound benefits that we're seeing, and we have a large auto manufacturer who has deployed this on their manufacturing line, is it keeps uptime higher. In other words, it reduces downtime. So if the manufacturing line stops, there's nothing worse than a manufacturing line stopped, except perhaps an empty one. But the point is, when a manufacturing line stops, you can't put out product. You can't put out product, you can't recognize revenue get it in the consumer's hands. It's very obvious. It's an air-tight business case, actually. So we're able to reduce any downtime, why? Because first of all, everything's together, and secondly, we're able to manage it just like we're managing the data center because it's an open EXEDY 6 architecture. >> So you're converging tasks as well as hardware. >> As well as hardware, and then the next step is software, you know, as well. We just launched a new class of software called the Edgeline Services Platform, and this is OT software. So we're talking OT functions like aggregators and things that do OT technologies and some IT, but because we have so much compute power and it's open, it's EXEDY 6, it can run software like VMware, Microsoft Products, even database products as well. But because we have that, we're able to software define. When you software define, and I'll use the wallet again. You don't have a billfold with your license anymore. Plastic and leather has been software defined, and therefore it's less to deal with. It's much more efficient. So that announcement of our software strategy along now with our hardware strategy is very exciting for us, and customers are very much interested in it. >> So do you have some examples, you know, some real world examples? Customers that you can talk about where you're bringing together OT and IT disciplines? >> Yeah, you bet. Yeah, you bet. Let me talk about a large global beverage and snack company, and they make snacks, and in this case, potato chips. So a potato chip is a product, and the idea of having them come out of the line in the bag and be a higher quality is important. So we took an Edgeline System, the EL 1000, and we put it at the edge, and we were able to software define several of their IT and OT components and get it to a consolidation and integration in one box. Now what that did is it allowed the, and will do, is allowed the foods to move faster. So if they move across the conveyor belt faster, you can bag them faster, get 'em out to the consumer. The second thing is because it's so powerful, this is interesting. Now they can use video cameras to inspect the quality. Now think about that. That's not necessarily a new idea, but what is new is the notion that you can take video, which I think you'd agree is the largest data, is that right? A video is big, big data. >> We know that well. >> Especially if it's high, Yeah, especially if it's higher resolution, and your hosting costs are telling you that as well, right? Of all these videos. But if it's high resolution, and because you're looking for, you know, defects, indeed, one has to process that not only in high resolution, massive data, number one. Number two, quickly, because the thing is moving, and you wanna know to knock it off or stop or whatever the case may be. So what has happened there is my team and I did not think of that. Our customers thought that, well because you gave us this platform, we can now enhance it with a new type of sensor called a camera, with a new type of data, called video, to enhance our quality and keep our process moving faster. >> So keeping this converged notion going, you're converging the hardware, which is, you know, important. You're converging a lot of the administrative tasks. >> Yes. >> Which reduces the likelihood of any single human failure bringing the whole system down, but now you're talking about, in the whole sense, infer, and act loop that typifies what happens at the edge, you're converging new technologies into that loop by being able to add new data type, bring modeling, machine learning, analytics, in the infer, and then being able to act right there, which allows you to think about new invention, new innovation very, very rapidly because you have the processing power to converge all that new function as it becomes better understood. Have I got that right? >> You got it right. I serve as an adjunct professor at university, so let me position it in an easy way to learn. You said sense, infer, and act. Let's just call 'em the three A's. Acquire, analyze, and act. >> Okay. >> It's just easier to remember. And let me talk to that too, but this is actually just synonyms. So the acquisition of the data is through sensors in D to A conversion, or let me say A to D, analog to digital. Because most of these phenomenon, video for example, it has to be, is a light phenomenon. Moisture, pressure. At Duke Energy, for example, the second largest energy provider I worked on that industrial internet of things solution, and vibration was the thing that needed to be acquired and then analog to digital. Now the analysis has to take place. There are seven reasons to analyze at the edge. There are seven reasons not to send the data to the cloud. In the past, we have talked about it. One of them's latency, one of them's cost, one of them's bandwidth, another one is security, another one is reliability, another one is geofencing and policy, another one is duplication and security, you know, hostile or just, you know, reliability drop packets. There's a lot of issues to do that analysis there. But because we have a non-compromised full EXEDY 6, in fact, 64 in one box. 64 Xeon, Intel Xeon product in one box. We don't have to compromise the stack. We can take it directly out of the data center and run things like artificial intelligence, machine learning algorithms. We can virtualize, we can containerize, we can run Citrix applications at the edge to have better access to the data and of course the application. But you're absolutely right, and then the second thing in this point is we move from the middle A, analysis right, to the action. The reason, I've learned this doing many IOT deployments. The reason people do an IOT deployment is to act. Yes, it's exciting to collect data. It's also exciting to analyze it. But have you ever been in a business meeting where you sit and you analyze data and you give tremendous insights, and one conclusion is pit against another conclusion and it cancels out all conclusiveness, and then you talk and you analyze, and you walk out and nothing happens, there's no action. Many of us have been in that. That's the idea here. You can't stop at the analysis, even though artificial intelligence, deep algorithms, moving averages, signatures that we can compare are very powerful. Well, what do you do when you do that? Because we have control and actuation systems built into Edgeline, we literally in a physically space, as well as in a logical process, as you pointed out, close that loop. >> Right. >> Acquire, analyze, act, acquire, analyze, act. Yes, connect to the cloud or the data center if we need to, but the issue is you don't have to. Now here's what's profound about that. This system at the edge can be managed and run the same stacks as any cloud or data center. I'm gonna use those as synonyms because a cloud is just a data center that nobody's supposed to know where it is. So a data center far away on the corporate campus or in a public or private cloud somewhere, is managed the same way. When that happens, we are revolutionizing workload management. Now, I spent a lot of years in my former time in IT and building data centers and building some of the first clouds, workload management's a big deal. How do you shift the workload to the free server? >> Peter: Right. >> Or to the free resources, right? To optimize, obviously. And it's a packing problem many times in the data center. Well now we've introduced another place to workload manage. >> Right. >> It's called the edge, it's far away. So we workload managed in the data center, then the cloud was invented, that's the first off premises. The next off premises is now the edge. So the other off premise is the edge. So now we have a workload management capability. Do you wanna do 100% processing at the edge where the action is, and where the acquisition is? Do you wanna do 100% in the cloud? That's still possible. Do you wanna do 50-50? Would you like to do 10-90? Would you like to do 30-70? You get my point. >> Totally. >> I can shift this, and depending on the season, depending on issues like disaster recovery, depending on your workloads, you can now do that, and again, you can do this with the Edgeline 1000, the Edgeline 4000, because of the processing power and the converged OT inside it. >> Well our observation is that it's not about bringing your business to the cloud, it's about bringing the cloud to your business. >> Yes. >> So bringing that sense of workload management. You know, you might say the cloud is just a virtualized data center when you come right down to it. So bringing all those capabilities and bringing them to wherever the data requires it. And there's gonna be a lot of instances where the data is gonna be at the edge, stay at the edge, but that doesn't mean you don't want all the benefits of how you run computing data at the edge where that data is. >> Yeah, and we're not obviating, we're offering choice. >> Right. >> But again, there are seven reason I went over why you do it here, but I've had a customer say none of those seven matter. So okay, we send everything to the cloud, and we have great cloud hybrid IT products that do that. >> Yeah. >> And we've envisioned a three-tier data model, you know, real time at the edge. >> Yes. >> Maybe you don't persist everything, but like you said, there are a lot of reasons not to move all the data back. But there is maybe a spot where you aggregate some of that data from discrete devices, and sure, if you wanna do some deep modeling in the cloud, go for it. And that cloud might be the public cloud, it might be your own private cloud. Does that seem reasonable to you? >> Very reasonable, and another reason for a cloud is it's an aggregation point for other, in this case, manufacturing lines where other smart cities to come together, because you're not gonna connect every city, every plant, any to any. You'll have a hub and spoke model where the cloud serves as that hub. So there are always reasons, and that's why, you know, if you look at our company, the pillars of our company, Pointnext services, the second pillar is hybrid IT, primarily focused on cloud and data centers, and the third is the intelligent edge. And those all play very, very closely together, in fact we have edge to core strategies, we have edge to core offerings with partners like NVIDEA, with partners like SAP, with partners like SAS, we have edge to core. For example, Schneider as well, Schneider Electric. All of them are looking at this idea, GE, Microsoft Azure, let's go to the edge. And two years ago, that was not the case, right? Let's go there, when you go to the edge, what are you gonna run it on? Well, let's not force our software partners to re-architect like they used to have to to run at the edge, which is like I'd call that drive-by analytics. You just have to cut out everything because it only ran on a wimpy core somewhere or a little device. No, let's move the entire data center capability out to the edge, when I was presenting this to one of our partners, the CEO of the company, I was presenting this vision, and he was texting during my talk 'cause I was boring. (interviewers laugh) And then I said this, this is a very powerful company, I won't mention names. Then I said, we're gonna move data center class technology out to the edge. It's not gonna be in compromised cores or limited memory or a little bit of storage. It's the very things in the data center we'll harden called Edgeline. We'll add controls systems and data acquisition, we'll put it out at the edge. He stopped texting. Then he looked up at me and said, "Wow, you're really moving a data center out to the edge." and you just said that, right? It's the cloud is coming. It's almost a reverse idea of what was happening before. >> Well you wrote a blog recently. >> Yes. >> About the space edge. So I wanted to ask you about that. What's going on in the space, and that's the ultimate edge, I guess. >> The infinite edge. >> The infinite edge. Explain what you guys are doing there and why it's important. >> Well, this is exciting. Space travel for exploration and eventually colonization, if you would believe that, is happening. We have the first supercomputer technology in a NASA spaceship now. It has orbited the Earth well over 1,000 times and it is doing thousands of benchmarks and is doing very well, isn't failing. Now, why is that profound? Because again, that edge is so far away and the ability to push that back to Earth now, which we could call the data centers on Earth, is limited. It takes minutes, sometimes even longer. There's issues with reliability as well. So we were able to do that, and then we've created a new thing called Project Extreme Edge, where we're going to build Edgeline systems that will fit better with lower energy, smaller size in spaceships, and eventually in colonization, but we're just going into space travel and exploration right now. And I'd like to mention that HP Labs is a great participant in this because they're working on a technology, and the name of it is called the Dot-Product Engine. And dot-product is a mathematical operation needed in high-performance computing and artificial intelligence. But we're able to use that technology because it's small, it's fast, faster than we believe anything else on the market, and also it has a low energy profile. And those are all any edge, obviously, but it's also great for the space edge, and I like to quote Frank Sinatra when he said if I can make it there, I can make it anywhere, New York, New York. (laughs) Well, if we can make it in the space edge, these Earth edges will benefit as well. Some of the same challenges. >> All right, we're out of time, but I gotta ask you. Meg stopped by yesterday, and was giving great support for the intelligence. >> She has, yes. >> The company's now reporting the intelligent edge is gonna be one of the main areas. What about the new guy? Antonio. >> Antonio Neri. >> You know, what's your relationship with him, experience? Has he been focused on this area? >> Support? >> He's been great, he supports in three ways, let me just sum up in three ways. Number one, he supports in customer visits. He and I have been on customer visits together, it's always wonderful to have the president and now the new CEO with you affirming what we're doing. That's number one of three, number two of three, he supports the work we're doing with our new global IoT innovation labs, in fact our first grand opening, the first one in Houston, we will have one in Singapore opening in February, and then we'll have one in Europe and perhaps one in India, we're opening these labs for innovation, but my point is, the one in Houston, our first grand opening, Antonio Neri came personally and did the ribbon cutting and sponsored that as well. And then third, he is of course funding my business unit, and he's been very, very supportive and I'm really happy that he's staying with us and he'll be CEO. >> Excellent, Dr. Tom, thanks so much for coming on theCUBE. Congratulations, as you say, I know there's a long way to go, but looks like you're off to a great start and have some real traction. >> Tom: Thank you very much. >> So we appreciate your time and your insights. Okay, keep it right there buddy, we'll be back with our next guest. This is theCUBE, we're live from Madrid. Be right back. (upbeat electronic music)

>> Announcer: Live from Las Vegas it's The Cube covering HPE Discover 2017 brought to you by Hewlett Packard Enterprise. (electronic music) >> Welcome back everyone, we're live here in Las Vegas for HPE, Hewlett Packard Enterprise, Discover 2017 SiliconAngle Media's program The Cube where we go out to the events and extract the signal from the noise. I'm John Furrier, my co-host Dave Vellante, my Co-CEO and Co-Founder SiliconAngle Media which is part of siliconangle.com, The Cube, SiliconAngle.tv, thecube.net, and wikibon.com. Go to wikibon.com and seek out all the great research, and a lot of the stuff they're talking about here at HPE Discover has a lot to do with what's happening at Wikibon and around big data and IoT. Dave, summary of day one wrap-up, kind of our take if you will on HPE's messaging, what they're showing and the debate. We were at Dell EMC World. We heard Michael Dell and his team say bigger is better. HP is saying agile, nimble, but they've got a confederation, federation, all these little kind of HP companies. It's still a conglomerate. It's not small, as you said in our opening. Meg's keynote today was all about the future of computing in a new way, if you will, data, IoT center of it. Your thoughts and analysis of day one keynote, our guests, your thoughts. >> John, I opened up this morning's segment saying that five years ago we talked on The Cube about, and I made the statement, HP's got to shrink to grow. The other thing I said about HP, now HPE, was it's got to get back to its roots of invent, and it has not gotten back to those roots, and now it is reinventing itself, and it's opportunity to get back to its roots of invention is through a partner ecosystem. That's very clear, kind of point number one. The second point I want to make is that these transformations that HPE and companies have gone through, I mean I've never seen anything this large, splitting a company up of 100 billion dollar company, changing all the IT systems, doing all these spin merges, these are not trivial exercises. So when Meg says we're sort of at the end of that transformation, that five year process, in many respects they've now got to create a new transformation. They finally got this, they have this smaller company that's more focused, and they've really got to still sharpen the edges on that sword in my opinion. The software business is still part of HPE, so that's got to happen. The cash coming in from the CSC spin-merge still has to come in, so the balance sheet is still being restructured. But essentially the message that you're hearing from HP is we're going to help you keep the lights on. We're going to make hybrid IT simple which is a good sort of tagline, but it's a very, again, nontrivial thing to do. We've got this new partner ethos, and we've got this fourth piece which is a moonshot on IoT, and that's our big growth opportunity, and we're going to put all our muscle behind that. I like the strategy. I mean if you're going to go smaller and more focused, you've got to have some kind of moonshot like that. You've got to have a partner ecosystem as they've described, but as I say, there's still some more work to be done. They're still shaking off the embers of the exit of the cloud business, trying to reshape that whole thing, so there's, as I say, more work to be done. >> You know it's interesting, good points, I agree 100%. I would add that my observation and what I came into HPE looking at was what will leadership, and specifically Meg Whitman and Antonio Neri, mainly Meg Whitman, and the team articulate to the customers, because they've been getting pounded in the press on financial performance, the journey. I mean if I'm Meg Whitman, I got to be saying hey, enough with the backbiting on, the five-year journey and trying to peg me to a milestone, because the market's changing. You go back five years and say oh, it's going to be a five year journey, let's say Meg Whitman says that. What that really means is that's just kind of an estimate, based on her opinion execute but what I think, well, she mighta seen but what happened was: the cloud just came in and completely decimated the landscape relative to disruption opportunity so a five-year journey, pegged at that time, becomes essentially maybe longer. And so they're executing a turbulent marketplace that's good for them but it could be wind at their back too. So I think they had to come out and talk to their customers. The customers need to hear from HP, and saying, "Look, we got your back. "We're going to be delivering. "We understand the transformation. "We understand what's going on." They've been in the IT consumption business, serving customers in IT. They're a big company. They got to calm the customers down and give them confidence. So to me, I saw confidence in the simplicity message, hybrid IT message, and the IoT with the headroom. I didn't see any game-changing, futuristic, vapor. I didn't see a lot of AI washing, I didn't see a lot of machine learning, which is, I think we're seeing the trend. But they didn't lead with that. They led with the meat and potatoes of HP: Storage, talking about the acquisitions: Simplicity.. >> Dave: Services.. >> Nimble, the messaging with partners, I thought that's very much a meat-and-potatoes, it wasn't like a lights-out keynote by Meg Whitman in the sense of standing ovation on, yeah rah-rah. But it was meat-and-potatoes, aggressive, assertive, "we're here for the long haul" and I thought that was positive. >> I think the partner-friendly ethos is really, really important, and you see it around the show, I mean look at, Veeam is a Platinum Sponsor, right? That never would've happened two years ago because of HP Protector, HP's backup software. Never would've happened before. You see Fortunet out in the show, basically a competitor with HP, HP's security business. And then this whole new partnership around the large SI's, right, I mean that's a big deal. You were saying "India, SI's." The CEO of Wipro, standing up today, I thought he was one of the more impressive parts of the keynote. So, a much more aggressive posture with partnerships, a much cleaner story for partners. Yesterday, the partner conference got pretty high marks. People, I think, are fairly excited about that, because HP has got enough muscle to put resources in, and John you know. What's your take on the whole channel and partnership thing? I mean, you lived that for a decade. >> Well, I mean, I think the channel thing is a great opportunity for them. It's about making money together and I think that's going to be a key thing. My thoughts, just from trying to read the tea leaves, and I'm going to put this out there, it's, I would say, not half-baked but my observation from today, and in the interviews, things came together for me around something that I was thinking about but I could see it now with a little bit of a clarity, and that is I think we're going to see a hardware renaissance. And what I mean by that is, I think the message of computing is changing. We've been predicting, with Open Compute, that we've been covering, which is an open source project, where Facebook and now others are donating reference and imitations after which, Antonio Neri was supporting that project. It's not a lot of funding, there's a lot of open source projects going on. There's a lot of disruption happening. It's almost just like, small little, not real well-reported marketplace. Not a lot of money's being made yet, cuz there's some new things happening. I think, what's clear to me today is that a new business model of hardware is coming. And I think HP, if smart, could change their business model. Instead of being a hardware box supplier, which they know is a declining market, to a TAM, a Total Addressable Market, true private cloud, of $260 billion, and be a supplier of hardware business model, rather than hardware product, where they bring their systems expertise in, use open source, bring the stuff out of HP Labs, and not try to be hardcore about productising it in a hardcore way, meaning another SKU. I think they got to have some core products, but the growth, I think's going to come from a hardware renaissance, where a new developer's going to come out of hardware, you're going to start to see hardware being in the game. Just last week at the Recode Conference, you had Steve Ballmer with Kara Swisher, saying "We should have got in the hardware business a long time ago. Everyone's making their own phones," in reference to the consumer market. So, I think the enterprise market, you're going to see real opportunity around service providers and enterprises, essentially getting the best of what Amazon and Google does, which is build their own boxes, in a new hardware development way. That, to me, is absolutely clear and I think that's going to open up, essentially, that long tail of compute. Cloud-like, true private cloud, and hybrid. And I think if HP's smart, they should jump on that and double down on that trend. >> So, the things I'm looking for between, say now and the next Discover in Madrid in December. The post-spin-merge balance sheet. Let's take a look at that, 'cause I think it's going to look a lot better. And that's going to cause people to go "Whoa, look at that, now HP's got even more leverage "to go out and do deals." The second is, when does IoT actually become a meaningful and measurable component of HPE's business? Talking a lot about it, building up the ecosystem, talking about some use cases, a lot of blue-sky types of things, but not a lot of hardcore, concrete examples at the customer level. So when does that become a meaningful revenue generator? And then, I think from credibility's standpoint, margins. Meg said, "This is it, margins have bottomed. "They're going to bounce off the bottom "and grow from here." We've got to see that, and I think the keys are services, really executing on the services side, leveraging their acquisitions, let's see what they can do with, I mean Aruba looks good, Nimble, SimpliVity. Can they turn those into billion dollar businesses like they did with 3Par? And then the partnerships, I don't expect any head-fakes, you remember HP used to always head-fake the channel and head-fake the partnerships. I don't expect that now. >> They've never had fake partners. Partners would call them out on the carpet on that. I think they have been groping with the partners, and hoping to have a flagship. >> Dave: I dunno, I mean.. >> I don't think they've, now you're trying to be critical of HP, but they've never had fake partners. >> When they, say head-fake. They would buy a company like EDS, and their partners Ecosystem would go "Whoa, wait a minute, I'm not sure "I want to partner with these guys." >> I'd debate that with you, but I think HP's always had great partnerships. I think where they've misfired, if you want to be critical, is that they mismatched where the growth was, with throwing an outsource for instance, that's a complete mismatch to where the growth is. Now, to your point about IoT, I think that's their big opportunity because IoT is a beachhead setup. I think it's a great opportunity as a flagship message to take the portfolio of HP into a partner-friendly world that's going beyond swim lanes, this is like the Grand Canyon, the Panama Canal. And none of them more than swim lanes. So I think having the portfolio with more M&A activity, with Aruba and some of the hardware they have, they can go in and get the beachhead in IoT and use that as a driver, a flagship with their partnerships to start engaging customers and holding the ground. And then, moving the services in, that could hold them for a good couple years. And then, as the margins shift from the declining hardware business, I think that's an opportunity, and we're going to look at that. >> And the other big opportunity, beyond IoT, is this intercloud management. Will HP participate in earnest in building up some software capabilities to manage cross-cloud? On-prem, off-prem, everything in between, Sass, et cetera. You don't hear anything about that now. So is that part of the HPE strategy? Will it use its new balance sheet to go after some of those emerging software companies, and rebuild its software business? >> Well, we always will analyze. We've got all day tomorrow. We've got some great guests. But Dave, Information Technology, known as IT, is not going away. It's changing, certainly, for sure. Information and technology's really going to be a great opportunity for HP. If they stick in their old ways, they'll be dead. If they can transform over themselves, I think it's a winner. Of course we've got live coverage, three days, tomorrow and Thursday This is theCUBE. Go to SiliconAngle.com, check out all the latest reporting and journalism. Go to Wikibon.com for all the great research. The best research is behind a subscription. You got to pay for that, I would definitely do that. The true private cloud report you guys did, I thought was killer, really that's groundbreaking, and IoT stuff's fantastic. Of course, go to SiliconAngle.tv to check out all the great stuff. And of course, go to CrowdChat.net, and we have a new CUBE 365 product coming out of the oven from SiliconAngle labs, lot of great stuff. Stay with us for more coverage tomorrow and check out YouTube.com/SiliconAngle for all the videos in replay. We'll be back tomorrow, stay with us. Have a great day. (electronic music)