>>From around the globe. It's the cube covering Fortinet security summit brought to you by Fortinet. >>Welcome back to Napa Lisa Martin here at the 40, that championship security summit. I'm pleased to welcome the CEO of links us who joins me next. Harry do Hurst, Harry, welcome to the program. Great to you're here we are in an in-person event. One, which is fantastic. Two we're outdoors, three we're in Napa. >>What's not to love. >>There's nothing, nothing not to love. So you had a session this morning. Talk to me about some of the things that you shared with attendees. >>So the session was, was talking about hybrid work and really the how to make that successful. And, you know, we, as a business have really focused making it, not just work for companies, but for companies to thrive and to really embrace, um, the hybrid work and, and, and extract the Mo the most benefit from it. So we, we spoke about the challenges that, that, that, uh, that has, and some of the solutions to, uh, to solving those challenges. >>Tell me about some of the solutions I'm very familiar with as someone who has been working from home for 18 months, some of the challenges I know, understand it too, from an enterprise security perspective, but what are some of the solutions that links us CS? >>So the solutions are fall into kind of three main categories. The first is of course having the best and latest wireless technologies. So that's wifi six wifi, um, it's of course, needs to be coupled with having a good pipe into your home, or all leveraging 5g and other wireless technologies to have, have great connectivity, then having mesh networking to enable it to be wall-to-wall coverage, seamless roaming between, between all the devices to mean that your, your network infrastructure within the home is very robust. Th th the second kind of pillar of, of, of solution is, is around. Now, you can bring enterprise grade security into the home. Typically it would sit in server cupboards in, in, in, in offices and now, um, with, with us and fortunate, we've created a product which brings that enterprise grade technology for the first time into the, into the home. So it managers no longer have to, um, compromise when it comes to security and they can apply the same policies that they would be doing in an office of 10,000 people to 10,000 offices that are in individual's homes. And, and that's a kind of a first, first world first, I would say, but, um, is going to be critical. And again, it, it, it's about moving from it's good enough to let's make it amazing. Um, and let's not compromise on something as critical as security and safety. >>Absolutely. We know we've spoken a lot with 40 net today and over the last year and a half about the massive changes to the threat landscape, the expansion of it, especially with this pivot, when suddenly there were all of these devices, personal devices on home networks, corporate devices on home networks, it's really changed, not just the threat landscape, but also what enterprises need to do. You guys, you mentioned this new announcement came out yesterday, the Linx has homework solution powered by Fordanet talk to us about that, the Genesis of it, and what we're enterprises can actually get access to this. >>Sure. So, so yeah, this is a product that really it's been a meeting of minds. You know, lynxes, lynxes are a leader and have been a leader since the very beginning of wireless. And, and we are, you know, a leader today. Um, Fortnite of course, we're a leader in enterprise security. So the two combined providing the best in class, uh, home internet experience coupled with, um, the, the security, which can be managed by the business. So when as a, as a, as an end user, as a, as a, as an employee, when I plug in this equipment, it automatically phones home to, to, to, to link LyncSys. And then in turn to force net, we know that it's Harriet LyncSys, that that has been been plugged in. It will spin up a network for me, personally, and my family to use in the home. So the, the benefit to the, to the, to the consumer is that there's a fantastic wifi, six mesh solution throughout their home, which is most likely a significant upgrade on their Verizon equipment or whatever it might be. Um, and it's been spins up a corporate network and that corporate network for all intensive purposes is, is imitating exactly like if you were sitting at your desk in the office, in the corporate office. So it becomes an extension of the corporate network. Um, and as I say, it sits behind, behind the FortiGate. >>Talk to me about the Genesis of the solution. Was it the pandemic, because lynxes has seen the challenges from the consumer centric point of view. Talk to me about really kind of the catalyst for these two powerhouses coming together. >>So it was actually something that we were working on three pandemic and fortunate work. We're, we're, we're also looking at how to support the remote work because remote work is not like totally new, this, this pandemic has rapidly accelerated it, but, um, there was already a market and growing, this has just accelerated it. So both businesses independently of one another, where we're kind of toying with it. So when, when we then kind of came together, it was, it was a no brainer. And there was a kind of light bulb moment. And, and we, we realized that the combined solution with the two businesses and bringing together the expertise from both was really, would be how, how we would succeed. >>Do you see any in the last, I know it was just announced yesterday, but any, any industries in particular that you think are really like low-hanging fruit for this type of technology? >>I mean, I think finance is of course, um, you know, there's the high stakes poker in, in that industry. So, um, same goes for healthcare, um, and, and, and even education. So ones that where security is paramount of, and of course security is paramount everywhere, but those ones in particular, given the nature of, of the, those industries. So, so we really expect to see banking, finance, healthcare, uh, pharma, as, as key verticals that we would, uh, we would expect to be successful. >>Okay, excellent. Well, one of the challenges with the ransomware increases, the 40 net threat landscape report showed it's nearly up 11% in the last 12 months. Of course, we have that rapid pivot to work from home 18 months ago, and ransomware and phishing and, and techniques and social engineering getting so much more sophisticated and personalized. Now you've got someone working from home who probably has a million distractions, kids, spouses, et cetera. So easy to click on a link that for most of it looks very legitimate. So having a solution like this in place is really critical for >>Absolutely. And, and I think, you know, until those vulnerabilities are sealed, you know, the attacks will continue. And this solution is part of the, the, the soul for that. Because as soon as, as soon as these, these holes in the bucket of a tape shut, um, you know, the, the appetite to, to invest time in, in attacks, we'll, we'll, we'll fade, >>Hopefully that's the direction that we need to see it going, right. Not up until the right down. Talk to me about, so you mentioned from the it perspective, I'm looking for the benefits for an enterprise, it organization, centralized visibility, they can see in terms of productivity. I imagine it's much better for the end user, but give me that kind of it business perspective, how does this help them come together? >>So for all intents and purposes, the it manager will see within their, their fortunate, uh, interface, these devices, these links devices in people's homes, just in the same way that they would see 40 gates in their office in New York or their office in Pittsburgh. So, um, you know, it really is this, there were 15,000 people in five offices. There's now 15,000 people in 15,000 offices, and, but they can push and manage an and, and push those security, um, policies seamlessly down to all 15,000. They can categorize them. They can, they can do fall intensive purposes. Those, those employees are sitting in the, in one of their facilities. And, and that's really the, the bar that I believe companies should be holding themselves to because, um, it, it provides security for the company. It provides security for the employee, and of course, then by them being able to connect efficiently and secure securely and with great speed and no interruption, that's good for productivity, which is good for the company's profitability. >>Absolutely. It's all interconnected. And this is tuned for video conferencing. Is that >>Yes. So, so we've actually partnered with, um, both zoom and teams, Microsoft teams to, um, we've done an integration with them whereby we're able to identify and optimize that traffic within the network. So, so that adds an added benefit to, to users of those services. And we'll, we'll, we'll be rolling out further, um, partnerships with other key, um, utilities that enable that to optimization to, to, to help it be streamlined. >>So prioritize zoom and teams for the parents kick the kids >>Off. I mean, we've all experienced. The apple TV gets fired up, zoom goes down or, or fought for fortnight, uh, gaming sessions cause you know, havoc within the home. So it it's that application prioritization and optimization that, that I think will also really benefit, um, companies and the employees. The, the frustration is immense. >>I agree I've experienced some of that, but what you're really doing is providing a very secure lifeline that the enterprise needs, the employee needs. It, it's all tied together, productive employees, that our customer experience that our products and services it's, it's really these days, especially considering we don't know how much longer this is going to persist. We expect that there will be some amount of hybrid that will probably be permanent, but that's a lifeline. >>Yes, no, absolutely. I think to your point around the permanence of this, you know, of course we're not all going to be hermits and leave live at home forever, but that, you know, I think this has opened both companies and individuals eyes to what's possible. And I think if you implement these, these types of measures, then you you're setting it up for success. And, and, um, you know, I believe that the solution that we've launched is, is a part of the, the, the piece of the puzzle. >>Maybe the acceleration of it had a bit of a silver lining from what we've all experienced in the last 18 months. Yes. Yes. Talk to me about some of the comments and the feedback that you got from your session this morning. I'm sure people are very excited to hear about what you're doing. >>Yeah. I mean, since, since the announcement came out yesterday, there's been, there's been certainly a lot of interests in appetite. Um, and yeah, we're super excited about the reception it's received. Um, I think that a lot of people that are like, oh, wow, of course, why, why wouldn't this exist already? Um, and, and when you look at it like that, it kind of is obvious, but it, you know, no one expected of course the pandemic and therefore the, no one was ready for it and it's taken us a year or so to, to get a product that's, that's, that's viable and ready and going to be going to be really, really, um, a great utility for companies, but there really was nothing else out there. >>It is surprising in a sense, but then you're right. No one was prepared for the pandemic. We didn't see it coming. And we didn't think that this was a situation that we were going to have to prepare for, let alone live for as long as, as TBD, long as we have. >>Yeah, no, absolutely. That's um, I think it caught everyone by surprise. I think maybe if, if it had happened several years later than the hybrid work movement had started, it was in its infancy. It got very, very quickly ramped up to adulthood. >>I definitely >>Did. So, uh, so great news, very exciting. What you guys are doing with 49. I'm sure that there's going to be great customer feedback. We'll be excited to watch what happens as it gets deployed and rolled out and see how this really transforms the enterprise experience, the employee experience. And I imagine this is a great differentiator for links us business. No. Um, I think it's, it's a really exciting next chapter of, of our, of our history. You know, we've been around for 30 plus years and, um, I think this is, this is a real step change in, in, in where we're focused and I'm super excited about the future. >>I like that change in the future. Well, here we are in beautiful Napa. You said you're not a golfer, but your wife has, >>My wife is golfing. I I'm going to be keeping very many fingers crossed tomorrow during the program for this, for the safety of the spectators. >>That's awesome that she's in the program and here you are settled with all these meetings and all those >>Things. >>Exactly. Well, Harry, it's been a pleasure talking to you. Thank you for joining me on the program, explaining the links as homework solution powered by 49 and all the great things that are going to come from that. Thank you for Harry. Do Hurst. I'm Lisa Martin. You're watching the cube and Napa at the 40 minute security championship.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>> From "The Cube studios" in Palo Alto and Boston, connecting with thought leaders all around the world. This, is a cube conversation. >> Welcome to this Cube Virtual conversation. I'm Lisa Martin and I'm excited to be talking to one of our cube alumni again, very socially distant, Derek Manky joins me the chief security insights and global for alliances, Fortinet's FortiGuard labs, Derek it's great to see you, even though virtually >> Yep, better safe better safe these days, right? But yeah, it's great to see you again and um I'm really looking forward to a great conversation, as always. >> Yeah! So Wow Has a lot changed since I last saw you? I-I think that's an epic understatement.. But each year we talk with you about the upcoming What's coming up in the threat landscape, what you guys are seeing Some of the attack trends. What are some of the things that you've seen in this very eventful year since we last spoke? >> Yeah.. a lot of a lot of things.. um.. Obviously.. uh.. with the pandemic there has been this big shift in landscape, right? So particularly uh Q3 Q4. So the last half of the year uh now we have a lot of things that were traditionally in corporate safeguards um you know, actual workstations, laptops that were sitting within networks and perimeters of-of organizations, that have obviously moved to work from home. And So, with that, comes a lot of new a-attack opportunities Um We track as, you know, threat until at 40 minutes, so 40 guard labs on a daily basis. And.. uh.. we are clearly seeing that and we're seeing a huge rise in things like um IOT targets, being the number one attacks, so consumer grade routers, um IOT devices, like printers and network attached storage. Those are um some of the most, favorite attack vehicles that cyber criminals are using to get into the-those devices. Of course, once they get in those devices, they can then move, laterally to compromise the..uh corporate laptop as an example. So those are-are very concerning The other thing has been that email that traditionally has been our number one um Another favorite attack platform always has! It's not going away but for the first time this year in.. um in about September, the second half, we saw a web based attacks taking priority for attackers and that's because of this new working environment. A lot of people I'm serving the websites from Again, these devices that were, not, were previously within Um you know, organizations email security is centralized a lot of the times but the web security always isn't. So that's another another shift that we've seen. We're now in the full-blown midst of the online shopping season um action and shopping season is almost every day now (laughter) since this summer >> Yep.. Yep.. >> And we've clearly seen that And we- Just from September up to October we saw over a trillion, not a billion, but a trillion new flows to shopping websites uh In just one month Um So that can- than number continues to rise and continues to rising quickly. >> Yeah. So the- the expanding threat landscape I've talked to a number of Companies the last few months that we're in this situation where it's suddenly It was a maybe 100% onsite workforce now going to work from home taking uh either desktops from uh their offices or using personal devices and that was a huge challenge that we were talking about with respect to endpoint and laptop security But interesting that you- you're seeing now this web security, I know phishing emails are getting more personal but the fact that um That website attacks are going up What are some of the things that you think, especially yo-you bring up a point we are we are now and maybe even s- more supercharged e-commerce season. How can businesses prepare a-and become proactive to defend against some of these things that, since now the threat surface is even bigger? >> Yeah. Multi-pronged approach. You know, Lisa, like we always say that, first of all, it's just like we have physical distancing, cyber distancing, just like we're doing now on this call. But same thing for reuse. I think there's always a false sense of security, right? When you're just in the home office, doing some browsing to a site, you really have to understand that these sites just by touching, literally touching it by going to the URL and clicking on that link you can get infected that easily. We're seeing that, there's a lot of these attacks being driven So, education, there's a lot of free programs. We have one on Fortinet information security awareness training. That is something that we continually need to hone the skills of end users first of all, so that's an easy win I would say, to my eyes in terms of organizations, but then this multi-pronged approach, right? So things like having EDR endpoint detection response, and being able to manage those end users while they're on on their devices at home Being able to have security and making sure those are up to date in terms of patches. So centralized management is important, two factor authentication, or multi-factor authentication Also equally as important. Doing things like network segmentation. For end users and the devices too. So there's a lot of these Things that you look at the risk that's associated The risk is always way higher than the investment upfront in terms of hours, in terms of security platforms. So the good thing is there's a lot of Solutions out there and it doesn't have to be complicated. >> That's good because we have enough complication everywhere else. But you bring up a point, you know, about humans, about education. We're kind of always that weakest link, but so many of us, now that are home, have distractions going on all around. So you might be going, "I've got to do some bill pay and go onto your bank" without thinking that that's that's now a threat landscape. What are some of the things that you're seeing that you think we're going to face in 2021, which is just around the corner? >> Yeah so So we're just talking about those IOT devices They're the main culprit right now. They can continue to be for a while We have this new class of threat emerging technology, which is edge computing. So people always talked about the perimeter of the perimeter being dead in other words, not just building up a wall on the outside, but understanding what's inside, right? That's been the case of IOT, but now edge computing is the emerging technology The main difference You know, we say, is that the edge devices are virtual assistant is the best example I could give, right? That, that users will be aware of in-home networks. Because these devices, traditionally, have more processing power, they handle more data, they have more access and privilege to devices like things like security systems, lights, as an example Beyond home networks, these edge devices are also As an example, being put into military and defense into critical infrastructure, field units for oil and gas and electricity as an example. So this is the new emerging threat, more processing power, more access and privilege, smarter decisions that are being made on those devices Those devices, are going to be targets for cyber criminals. And that's something, I think next year, we're going to see a lot of because it's a Bigger reward to the cyber criminal if they can get into it. And So targeting the edge is going to be a big thing. I think there's going to be a new class of threats. I'm calling these, I haven't heard this coined in the industry yet, but I'm calling these or "EAT"s or "Edge Access Trojans" because that's what it is, they compromise these devices. They can then control and get access to the data. If you think of a virtual assistant, and somebody that can actually compromise that device, think about that data. Voice data that's flowing through those devices that they can then use as a cleverly engineered, you know, attack a social engineering attack to phish a user as an example. >> Wow! I never thought about it from that perspective before Do you think, with all the talk about 5G, and what's coming with 5G, is that going to be an accelerator of some of these trends? Of some of these "EAT"s that you talk about? >> Yeah, definitely. Yeah So 5G is just a conduit. It's an accelerator. Absolutely um Catalyst called, if you will, It's here. Um, it's been deployed, not worldwide, but in many regions, it's going to continue to be 5G is all about, um, speed.. Um right? And so if you think about how swiftly these attacks are moving, you be abl- you need to be able to keep up with that from a defense standpoint, um Threats move without borders, they move without Uh, uh, Unfortunately, without restriction a lot of the time, right? Cyber crime has no borders. Um, the-they don't have rules, or if they have, they don't care about rules (laughter) So break those rules. So they are able to move quickly, right? And that's th- the problem with 5G, of course, is that these devices now can communicate quicker, they can launch even larger scale things like "DDOS", "Distributed Denial Of Service attacks". And That is, is a very big threat. And it also allows the other thing about 5G, Lisa, is that it allows.. um.. Peer to peer connectivity too. Right? So it's like Bluetooth, Um, Bluetooth's um enhanced in a sense, because now you have devices that interact with each other as well, by interacting with each other Um that also uh, you know, what are they talking about? What data are they passing? That's a whole new security inspection point that we need to And that's what I mean about this.. Um that's just It reconfirms that the.. Perimeters that. >> Right. Something we've been talking about, as you said for a while, but That's some pretty hard hitting evidence that it is, indeed, a thing of the past Something that we've talked to you about - with you in the past is Swarm attacks. Ho- What's, What's going on there? How are they progressing? >> Yeah, so this is a real threat, but there's good news, bad news. The Good news is this is a long progressing threat, which means we have more time to prepare. Bad news is we have seen developments in terms of weaponizing this, It's like anything.. Swarm is a tool. It can be as good.. DARPA, as an example, has invested a lot into this from military research, it's all around us now in terms of good applications things like for redundancy, right? Robotics, as an example, there's a lot of good things that come from Swarm technology, but.. There's use for If it's weaponized, It can have some very scary prospects. And that's what we're starting to see. There's a new botnet that was created this year. It is called the "HTH" this is written in Golang. So it's a language that basically allows it to infect any number of devices. It's not just your PC Right? It's the same, it's the same virus, but it can morph into all these different platforms, devices, whether it's a, an IOT device, an edge device But the main, characteristic of this is that it's able to actually have communication. They built a communication protocol into it. So the devices can pass files between each other, talk to each other They don't have a machine learning models yet, so in other words, they're not quote-in-quote "smart" yet, but that's coming. Once that intelligence starts getting baked in, then we have the weaponized Swarm technology And what this means, is that you know, when you have those devices that are making decisions on their own, talking to each other >> A: they're harder to kill. You take one down, another one takes its place. >> B: um They are able to move very swiftly, especially when that piggybacking leveraging on things like 5G. >> So . the I'm just blown away at all these things that you're talking about They are so So talk about how companies, and even individuals, can defend against this and become proactive. As we know one of the things we know about 2020 is all the uncertainty, we're going to continue to see uncertainty, but we also know that we- there's expectation.. globally, that a good amount of people are going to be working from home and connecting to corporate networks for a very long time. So, how can companies and people become proactive against these threats? >> Yes People process procedures and technology. So, we talked, as I really looked at this as a stacked approach, first of all, threats, as it is said, they're becoming quicker, the attack surface is larger, you need threat intelligence visibility This comes down to security platforms from a technology piece. So a security driven networking, AI driven security operations Centers These are new. But it's, it's becoming, as you can imagine, when we talked about critical, to fill that gap, to be able to move as quickly as the attackers you need to be able to use intelligent technology on your end. So people are just too slow. But we can still use people from the process, you know, making sure You know, Trying to understand what the risk is. So looking at threat intelligence reports, we put out weekly threat intelligence briefs as an example of as Fortiguard Labs, to be able to understand what the threats are, how to respond to those, how to prioritize them and then put the proper security measures in place. So, there are absolutely relevant technologies that exist today, And in fact now I think is the time to really get those in deployment before this becomes worse, as we're talking about. And then as I said earlier, there's also free things that can be just part of our daily lives, right? So we don't have this false sense of security. So understanding that that threat is real following up on the threat and being on doing education There's phishing services Again, phishing can be a good tool when it's used in a non-malicious way, to test people's skills sets as an example. So all of that combined is But the biggest thing is definitely relying on things like machine learning, artificial intelligence, to be able to work at speed with these threats. >> Right. So, you also have global threat alliances under your portfolio. Talk to me about how 40 net is working with global Alliance partners to fight this growing attack surface. >> Yeah. So this is the ecosystem. Every, every organization, whether it's private or public sector, has a different role to play in essence, right? So you look at things in the public sector, you have law enforcement, they're focused on attribution, so when we look at cyber crime, and if we find It's the hardest thing to do, but if we find out who these cyber criminals are, we can bring them to justice. Right? Our whole goal is to make it more expensive for the cyber criminals to operate, So by doing this, if we work with law enforcement and it leads to a successful arrest and prosecution, because we've done it in the past, that takes them off line to hit somewhere it hurts Law enforcement will typically work with intelligence leads to freeze assets, as an example from maybe ransom attacks that are happening. So that's one aspect, but then you have other things like working with national computer emergency response. So disrupting cyber crime, we work with national series. If we know that, you know, the bad guys are hosting stolen data or communication infrastructure in public, you know, servers, we can work with them to actually disrupt that, to take those servers offline. Then you have the private space. So this, you know Fortinet we're a founding member of the Cyber Threat Alliance. I'm on the steering committee there. And this is working with even competitors around in our space where we can share quickly up-to-date intelligence on, on attackers. We remain competitive on the technology itself, but, you know, we're working together to actually share as much as we know about the bad guys. And recently we're also a founding member of the "Center for Cyber Security", "C for C" with World Economic Forum. And This is another crucial effort that is basically trying to bridge all of that. To mend all of that together, right? Law enforcement, prosecutors, security vendors, intelligence organizations, all under one roof because we really do need that. It's an entire ecosystem to make this an effective fight. So it's, it's interesting because a lot of people, I don't think see what's happening behind the scenes a lot of the times, but there is a tremendous effort globally that's happening between all the players. So that's really good news. And the industry piece is something close to my heart. I've been involved in a lot of time and we continue to support. >> That's exciting. And that's something that is, you know, unfortunately, so very, very needed and will continue to be as emerging technologies evolve and we get to use them for good things. And to your point, that bad actors also get to take advantage of that for nefarious things as well. Derek it's always great to have you on the program, any particular things on the 40 net website that you would point viewers to to learn more about like the 20, 20 front landscape? >> Sure. You can always check out our blogs, So it's on blogged@fortynet.com, under "Threat Research", As I said on 40 guard.com, we also have our playbooks on there. We have podcasts, we have our updated threat intelligence briefs too. So those are always great to check out and just be rest assured that, you know, everything I've been talking about, we're doing a lot of that heavy lift on the backend. So by having working with managing security service providers and having all this intelligence baked in, organizations don't have to go and have a huge OPEX by you know, hiring, you know, trying to create a massive security center on their own. I mean, it's about this technology working together and that's that's what we're here for, its we can ask what do you guard lapse? >> Awesome Derek, thank you so much for joining me today in this Cube Conversation. Lots of exciting stuff going on at 40 net and 40 guard labs as always, which we expect, it's been great to have you. Thank you. >> It's a pleasure. Thanks Lisa. >> For Derek Manky. I'm Lisa Martin. You're watching the Virtual Cube.

>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation, >>Everyone. Welcome to this cube conversation. I'm John for host of the Cube here in the Cubes Palo Alto studios during the co vid crisis. Square Quarantine with our crew, but we got the remote interviews. Got great to get great guests here from 44 to guard Fortinet, 40 Guard Labs, Derek Manky chief Security Insights and Global Threat alliances. At 14 it's 40 guard labs and, um, are Lakhani. Who's the lead researcher for the Guard Labs. Guys, great to see you. Derek. Good to see you again. Um, are you meet you? >>Hey, it's it's it's been a while and that it happened so fast, >>it just seems, are say it was just the other day. Derek, we've done a couple interviews in between. A lot of flow coming out of Florida net for the guards. A lot of action, certainly with co vid everyone's pulled back home. The bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security. Uh, in terms of action, bad actors are at all time high new threats here is going on. Take us through what you guys were doing. What's your team makeup look like? What are some of the roles and you guys were seeing on your team? And how's that transcend to the market? >>Yeah, sure, Absolutely. So you're right. I mean, like, you know, like I was saying earlier this this is all this always happens fast and furious. We couldn't do this without, you know, a world class team at 40 guard labs eso we've grown our team now to over 235 globally. There's different rules within the team. You know, if we look 20 years ago, the rules used to be just very pigeonholed into, say, anti virus analysis. Right now we have Thio account for when we're looking at threats. We have to look at that growing attack surface. We have to look at where these threats coming from. How frequently are they hitting? What verticals are they hitting? You know what regions? What are the particular techniques? Tactics, procedures, You know, we have threat. This is the world of threat Intelligence, Of course. Contextualizing that information and it takes different skill sets on the back end, and a lot of people don't really realize the behind the scenes. You know what's happening on bears. A lot of magic happen not only from what we talked about before in our last conversation from artificial intelligence and machine learning, that we do a 40 yard labs and automation, but the people. And so today we want to focus on the people on and talk about you know how on the back ends, we approach a particular threat. We're going to talk to the world, a ransom and ransomware. Look at how we dissect threats. How correlate that how we use tools in terms of threat hunting as an example, And then how we actually take that to that last mile and and make it actionable so that, you know, customers are protected. How we share that information with Keith, right until sharing partners. But again it comes down to the people. We never have enough people in the industry. There's a big shortages, we know, but it it's a really key critical element, and we've been building these training programs for over a decade within 40 guard lab. So you know, you know, John, this this to me is why, exactly why, I always say, and I'm sure Americans share this to that. There's never a dull day in the office. I know we hear that all the time, but I think today you know, all the viewers really get a new idea of why that is, because this is very dynamic. And on the back end, there's a lot of things that doing together our hands dirty with this, >>you know, the old expression started playing Silicon Valley is if you're in the arena, that's where the action and it's different than sitting in the stands watching the game. You guys are certainly in that arena. And, you know, we've talked and we cover your your threat report that comes out, Um, frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware. What's going on? What's the state of the ransomware situation? Um, set the stage because that's still continues to be a threat. I don't go a week, but I don't read a story about another ransomware and then it leaks out. Yeah, they paid 10 million in Bitcoin or something like I mean, this Israel. That's a real ongoing threat. What is it, >>quite a bit? Yeah, eso I'll give sort of the one on one and then maybe capacity toe mark, who's on the front lines dealing with this every day. You know, if we look at the world of I mean, first of all, the concept to ransom, obviously you have people that that has gone extended way, way before, you know, cybersecurity. Right? Um, in the world of physical crime s Oh, of course. You know the world's first ransom, where viruses actually called PC cyborg. This is in 1989. The ransom payment was demanded to appeal box from leave. It was Panama City at the time not to effective on floppy disk. Very small audience. Not a big attack surface. I didn't hear much about it for years. Um, you know, in really it was around 2000 and 10. We started to see ransomware becoming prolific, and what they did was somewhat cybercriminals. Did was shift on success from ah, fake antivirus software model, which was, you know, popping up a whole bunch of, you know said your computer is infected with 50 or 60 viruses. Chaos will give you an anti virus solution, Which was, of course, fake. You know, people started catching on. You know, the giggles up people caught onto that. So they weren't making a lot of money selling this project software. Uh, enter Ransomware. And this is where ransomware really started to take hold because it wasn't optional to pay for the software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer the current. Uh, the encryption kind of decrypt it with any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw we've seen things like master boot record nbr around somewhere. This is persistent. It sits before your operating system when you boot up your computer. So it's hard to get rid of, um, very strong. Um, you know, public by the key cryptography that's being so each victim is infected with the different key is an example. The list goes on, and you know I'll save that for for the demo today. But that's basically it's It's very it's prolific and we're seeing shit. Not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted ransom cases that we're going after, you know, critical business. Essentially, it's like a D O s holding revenue streams around too. So the ransom demands were getting higher because of this is Well, it's complicated. >>Yeah, I was mentioning, Omar, I want you to weigh in. I mean, 10 million is a lot we reported earlier this month. Garment was the company that was act I t guy completely locked down. They pay 10 million. Um, garment makes all those devices and a Z. We know this is impacting That's real numbers. So I mean, it's another little ones, but for the most part, it's new. It's, you know, pain in the butt Thio full on business disruption and extortion. Can you explain how it all works before I got it? Before we go to the demo, >>you know, you're you're absolutely right. It is a big number, and a lot of organizations are willing to pay that number to get their data back. Essentially their organization and their business is at a complete standstill. When they don't pay, all their files are inaccessible to them. Ransomware in general, what does end up from a very basic or review is it basically makes your files not available to you. They're encrypted. They have a essentially a pass code on them that you have to have the correct pass code to decode them. Ah, lot of times that's in the form of a program or actually a physical password you have type in. But you don't get that access to get your files back unless you pay the ransom. Ah, lot of corporations these days, they are not only paying the ransom, they're actually negotiating with the criminals as well. They're trying to say, Oh, you want 10 million? How about four million? Sometimes that it goes on as well, but it's Ah, it's something that organizations know that if they don't have the proper backups and the Attackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicate files, so sometimes you don't have a choice, and organizations will will pay the ransom >>and it's you know they're smart. There's a business they know the probability of buy versus build or pay versus rebuild, so they kind of know where to attack. They know the tactics. The name is vulnerable. It's not like just some kitty script thing going on. This is riel system fistic ated stuff. It's and it's and this highly targeted. Can you talk about some use cases there and what's goes on with that kind of attack? >>Absolutely. The cybercriminals are doing reconnaissance. They're trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. Eh? So there's a lot of attacks going on. We usually we're finding now is ransomware is sometimes the last stage of an attack, so an attacker may go into on organization. They may already be taking data out of that organization. They may be stealing customer data P I, which is personal, identifiable information such as Social Security numbers or or driver's licenses or credit card information. Once they've done their entire attack, once they've gone, everything they can Ah, lot of times their end stage. There last attack is ransomware, and they encrypt all the files on the system and try and try and motivate the victim to pay as fast as possible and as much as possible as well. >>You know, it's interesting. I thought of my buddy today. It's like casing the joint. They check it out. They do their re kon reconnaissance. They go in, identify what's the move that's move to make. How to extract the most out of the victim in this case, Target. Um, and it really I mean, it's just go on a tangent, you know? Why don't we have the right to bear our own arms? Why can't we fight back? I mean, the end of the day, Derek, this is like, Who's protecting me? I mean, >>e do >>what? To protect my own, build my own army, or does the government help us? I mean, that's at some point, I got a right to bear my own arms here, right? I mean, this is the whole security paradigm. >>Yeah, so I mean, there's a couple of things, right? So first of all, this is exactly why we do a lot of that. I was mentioning the skills shortage and cyber cyber security professionals. Example. This is why we do a lot of the heavy lifting on the back end. Obviously, from a defensive standpoint, you obviously have the red team blue team aspect. How do you first, Um, no. There is what is to fight back by being defensive as well, too, and also by, you know, in the world that threat intelligence. One of the ways that we're fighting back is not necessarily by going and hacking the bad guys, because that's illegal in jurisdictions, right? But how we can actually find out who these people are, hit them where it hurts. Freeze assets go after money laundering that works. You follow the cash transactions where it's happening. This is where we actually work with key law enforcement partners such as Inter Pool is an example. This is the world, the threat intelligence. That's why we're doing a lot of that intelligence work on the back end. So there's other ways toe actually go on the offense without necessarily weaponizing it per se right like he's using, you know, bearing your own arms, Aziz said. There's different forms that people may not be aware of with that and that actually gets into the world of, you know, if you see attacks happening on your system, how you how you can use security tools and collaborate with threat intelligence? >>Yeah, I think that I think that's the key. I think the key is these new sharing technologies around collective intelligence is gonna be, ah, great way to kind of have more of an offensive collective strike. But I think fortifying the defense is critical. I mean, that's there's no other way to do that. >>Absolutely. I mean the you know, we say that's almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cyber criminal to operate. And there's many ways to do that right you could be could be a pain to them by by having a very rigid, hard and defense. That means that if if it's too much effort on their end, I mean, they have roos and their in their sense, right, too much effort on there, and they're gonna go knocking somewhere else. Um, there's also, you know, a zay said things like disruption, so ripping infrastructure offline that cripples them. Yeah, it's wack a mole they're going to set up somewhere else. But then also going after people themselves, Um, again, the cash networks, these sorts of things. So it's sort of a holistic approach between anything. >>Hey, it's an arms race. Better ai better cloud scale always helps. You know, it's a ratchet game. Okay, tomorrow I want to get into this video. It's of ransomware four minute video. I'd like you to take us through you to lead you to read. Researcher, >>take us >>through this video and, uh, explain what we're looking at. Let's roll the video. >>All right? Sure s. So what we have here is we have the victims. That's top over here. We have a couple of things on this. Victims that stop. We have ah, batch file, which is essentially going to run the ransom where we have the payload, which is the code behind the ransomware. And then we have files in this folder, and this is where you typically find user files and, ah, really world case. This would be like Microsoft Microsoft Word documents or your Power point presentations. Over here, we just have a couple of text files that we've set up we're going to go ahead and run the ransomware and sometimes Attackers. What they do is they disguise this like they make it look like a like, important word document. They make it look like something else. But once you run, the ransomware usually get a ransom message. And in this case, the ransom message says your files are encrypted. Uh, please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address that usually they look a little more complicated. But this is our fake Bitcoin address, but you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as the researchers, we see files like this all the time. We see ransomware all the all the time. So we use a variety of tools, internal tools, custom tools as well as open source tools. And what you're seeing here is open source tool is called the cuckoo sandbox, and it shows us the behavior of the ransomware. What exactly is a ransom we're doing in this case? You can see just clicking on that file launched a couple of different things that launched basically a command execute herbal, a power shell. It launched our windows shell and then it did things on the file. It basically had registry keys. It had network connections. It changed the disk. So this kind of gives us behind the scenes. Look at all the processes that's happening on the ransomware and just that one file itself. Like I said, there's multiple different things now what we want to do As researchers, we want to categorize this ransomware into families. We wanna try and determine the actors behind that. So we dump everything we know in the ransomware in the central databases. And then we mind these databases. What we're doing here is we're actually using another tool called malt ego and, uh, use custom tools as well as commercial and open source tools. But but this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking malty, go to look through our database and say, like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system because that helps us identify maybe where the ransom that's connecting to where it's going thio other processes that may be doing. In this case, we can see multiple I P addresses that are connected to it so we can possibly see multiple infections weaken block different external websites. If we can identify a command and control system, we can categorize this to a family. And sometimes we can even categorize this to a threat actor that has claimed responsibility for it. Eso It's essentially visualizing all the connections and the relationship between one file and everything else we have in our database in this example. Off course, we put this in multiple ways. We can save these as reports as pdf type reports or, you know, usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets when we're researching file based attacks when we're researching, um, you know, I P reputation We have a lot of different IOC's or indicators of compromise that we can correlate where attacks goes through and maybe even detective new types of attacks as well. >>So the bottom line is you got the tools using combination of open source and commercial products. Toe look at the patterns of all ransomware across your observation space. Is that right? >>Exactly. I should you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic that that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At four of our labs intelligence that we acquire that product, that product of intelligence, it's consumed directly by our projects. >>Also take me through what, what's actually going on? What it means for the customers. So border guard labs. You're looking at all the ransom where you see in the patterns Are you guys proactively looking? Is is that you guys were researching you Look at something pops on the radar. I mean, take us through What is what What goes on? And then how does that translate into a customer notification or impact? >>So So, yeah, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be a wear Some of the solutions we talked about before. And if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can't see. So you got to get your hands on visibility. We call these I, O. C s indicators a compromise. So this is usually something like, um, actual execute herbal file, like the virus from the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that seed, we call it a seed. We could do threat hunting from there, so we can analyze that right? If it's ah piece of malware or a botnet weaken do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things and we really you know, it's similar to the world of C. S. I write have these different gods that they're connecting. We're doing that at hyper scale on DWI. Use that through these tools that Omar was talking. So it's really a life cycle of getting, you know, the malware incoming seeing it first, um, analyzing it on, then doing action on that. Right? So it's sort of a three step process, and the action comes down to what tomorrow is saying water following that to our customers so that they're protected. But then in tandem with that, we're also going further. And I'm sharing it, if if applicable to, say, law enforcement partners, other threat Intel sharing partners to And, um, there's not just humans doing that, right? So the proactive peace again, This is where it comes to artificial intelligence machine learning. Um, there's a lot of cases where we're automatically doing that analysis without humans. So we have a I systems that are analyzing and actually creating protection on its own. Two. So it Zack white interest technology. >>A decision. At the end of the day, you want to protect your customers. And so this renders out if I'm afford a net customer across the portfolio. The goal here is to protect them from ransomware. Right? That's the end of game. >>Yeah, And that's a very important thing when you start talking these big dollar amounts that were talking earlier comes Thio the damages that air down from estimates. >>E not only is a good insurance, it's just good to have that fortification. Alright, So dark. I gotta ask you about the term the last mile because, you know, we were before we came on camera. You know, I'm band with junkie, always want more bandwidth. So the last mile used to be a term for last mile to the home where there was telephone lines. Now it's fiber and by five. But what does that mean to you guys and security is that Does that mean something specific? >>Yeah, Yeah, absolutely. The easiest way to describe that is actionable, right? So one of the challenges in the industry is we live in a very noisy industry when it comes thio cybersecurity. What I mean by that is because of that growing attacks for fists on do you know, you have these different attack vectors. You have attacks not only coming in from email, but websites from, you know, DDOS attacks. There's there's a lot of volume that's just going to continue to grow is the world of I G N O T. S O. What ends up happening is when you look at a lot of security operation centers for customers as an example, um, there are it's very noisy. It's, um you can guarantee that every day you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs, and when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually started to say, Hey, this looks like an attack. I'm gonna go investigate it and block it. So this is where the last mile comes in because ah, lot of the times that you know these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because The reality is, if it's just humans, doing it on that last mile is often going back to your bandwidth terms. There's too much too much lately. See right, So how do you reduce that late and see? That's where the automation the AI machine learning comes in. Thio solve that last mile problem toe automatically either protection. Especially important because you have to be quicker than the attacker. It's an arms race like E. >>I think what you guys do with four to Guard Labs is super important. Not like the industry, but for society at large, as you have kind of all this, you know, shadow, cloak and dagger kind of attacks systems, whether it's National Security international or just for, you know, mafias and racketeering and the bad guys. Can you guys take a minute and explain the role of 40 guards specifically and and why you guys exist? I mean, obviously there's a commercial reason you both on the four net that you know trickles down into the products. That's all good for the customers. I get that, but there's more to the fore to guard than just that. You guys talk about this trend and security business because it is very clear that there's a you know, uh, collective sharing culture developing rapidly for societal benefit. Can you take them into something that, >>Yeah, sure, I'll get my thoughts. Are you gonna that? So I'm going to that Teoh from my point of view, I mean, there's various functions, So we've just talked about that last mile problem. That's the commercial aspect we create through 40 yard labs, 40 yards, services that are dynamic and updated to security products because you need intelligence products to be ableto protect against intelligence attacks. That's just the defense again, going back to How can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that you do. But we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court, and because of that, a lot of these cybercriminals rain free. That's been a big challenge in the industry. So, you know, this has been close to my heart over 10 years, I've been building a lot of these key relationships between private public sector as an example, but also private sector things like Cyber Threat Alliance, where a founding member of the Cyber Threat Alliance, if over 28 members and that alliance. And it's about sharing intelligence to level that playing field because Attackers room freely. What I mean by that is there's no jurisdictions for them. Cybercrime has no borders. Um, they could do a million things, uh, wrong and they don't care. We do a million things right. One thing wrong, and it's a challenge. So there's this big collaboration that's a big part of 40 guard. Why exists to is to make the industry better. Thio, you know, work on protocols and automation and and really fight fight this together. Well, remaining competitors. I mean, we have competitors out there, of course, on DSO it comes down to that last mile problem. John is like we can share intelligence within the industry, but it's on Lee. Intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. And, >>um, are what's your take on this, uh, societal benefit because, you know, I've been saying since the Sony hack years ago that, you know, when you have nation states that if they put troops on our soil, the government would respond. Um, but yet virtually they're here, and the private sector's defend for themselves. No support. So I think this private public partnership thing is very relevant. I think is ground zero of the future build out of policy because, you know, we pay for freedom. Why don't we have cyber freedom is if we're gonna run a business. Where's our help from the government? Pay taxes. So again, if a military showed up, you're not gonna see, you know, cos fighting the foreign enemy, right? So, again, this is a whole new change over it >>really is. You have to remember that cyberattacks puts everyone on even playing field, right? I mean, you know, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that, right? Anyone can basically come up to speed on cyber weapons as long as they have an Internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies, you know, But absolutely that I think a lot of us, You know, from a personal standpoint, a lot of us have seen researchers have seen organizations fail through cyber attacks. We've seen the frustration we've seen. Like, you know, besides organization, we've seen people like, just like grandma's loser pictures of their, you know, other loved ones because they can being attacked by ransom, where I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But But I will add that the least here in the U. S. The federal government actually has a lot of partnerships and ah, lot of programs to help organizations with cyber attacks. Three us cert is always continuously updating, you know, organizations about the latest attacks. Infra Guard is another organization run by the FBI, and a lot of companies like Fortinet and even a lot of other security companies participate in these organizations so everyone can come up to speed and everyone share information. So we all have a fighting chance. >>It's a whole new wave paradigm. You guys on the cutting edge, Derek? Always great to see a mark. Great to meet you remotely looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >>All right. Thank God. Pleasure is always >>okay. Q conversation here. I'm John for a host of the Cube. Great insightful conversation around security Ransomware with a great demo. Check it out from Derek and, um, are from 14 guard labs. I'm John Ferrier. Thanks for watching.

>>buy from San Francisco. It's the queue covering our essay conference 2020. San Francisco Brought to you by Silicon Angle Media >>Hey, welcome back here. Ready? Jeff Frick here with the Cube. We're in downtown San Francisco. It is absolutely spectacular. Day outside. I'm not sure why were incited. Mosconi. That's where we are. It's the RCC conference, I think 50,000 people the biggest security conference in the world here in Mosconi this week. We've been here, wall to wall coverage. We'll be here all the way till Thursday. So thanks for joining us. We're excited to have our next guest. He's got a lot of great data to share, so let's jump into it. It's hard mode. He's a VP engineering threat and mitigation products for nets. Cowhearted. Great to meet you. >>Thank you. Good to be here, >>too. So for people who aren't familiar with Net Scout, give em kind of the basic overview. What do you guys all about? Yes, and that's what we consider >>ourselves their guardians of the connected world. And so our job is to protect, like, you know, companies, enterprises, service providers, anybody who has on the Internet and help keep their services running your applications and things returned deliver to your customers would make sure that it's up there performing to, like, you know the way you want them to, but also kind of give you visibility and protect you against DDOS attacks on other kind of security threats. That's basically in a nutshell. What we do as a company and, yeah, wear the garden of connected world. >>So So I just from a vendor point of the I always I feel so sorry for >>buyers in this environment because you walk around. I don't know how many vendors are in here. A lot of >>big boost, little boost. So how do you kind of help separate? >>You know, Netsch out from the noise? How what's your guys? Secret sauce? What's your kind of special things? >>Really, it's like 30 years >>off investment in like, network based visibility, and >>we truly >>believe in the network. Our CEO, he says, like you know the network like, you know, actually, when you monitor the network, it's like taking a blood test. It tells you the truth, right? And it's really like how you find out, like, you know, some things right or wrong. I mean, I actually, for my background to like network monitoring. There's a lot of our what we think of as like the endpoint is actually contested territory. That's where the adversary is. When you're on the network and your monitoring all activity, it really gives you a vantage point. You know, that's >>really special. So we really focus on the network. Our heritage and the network is is one of our key strengths and then, you know, as part of >>us as a company like Arbor Arbor. Networks with coming in that's got acquired some years ago were very much part of Net Scout with our brand of products. Part of that, you know, the Arbor legacy includes huge visibility into what's happening across the Internet and visibility like nobody else like in terms of the number of service providers and large enterprises who work with us, help us understand what's happening across the landscape. That's like nobody else out here. And that is what we consider a key differentiator. >>Okay, great. So one of the things you guys do >>a couple times years, I understand his publisher reporting solution, gift people. Some information as to what's going on. So we've got the We've >>got the version over four here. Right Net scout threat, intelligence report. So you said this comes out twice a year, twice a year. So what is the latest giving some scoop >>here, Hot off the presses we published last week. Okay, so it's really just a few days old and, you know, our focus here is what happened in the last six months of last year. So that and then what we do is we compare it against data that we've collected a year prior. >>So really a few things >>that we want you to remember if you're on the right, you know, the first number is 8.4 million. That's the number of D DOS attacks that >>we saw. This doesn't mean that >>we've seen every attack, you know, in the world, but that's like, you know just how many DDOS attacks we saw through the eyes of our customers. That's >>in this in six months. 8.4 number is >>actually for the entire year here in an entire year of 2019. There's a little bit of seasonality to it. So if you think of it like a 4.4, maybe something that that was the second half of the year. But that's where I want to start. That's just how many DDOS attacks we observed. And so, in the >>course of the report, what we can do a >>slice and dice that number talk about, like, different sizes, like, what are we seeing? Between zero and 100 gigabits per 2nd 102 104 100 above and >>kind of give you a sense of just what kind of this separation there is who is being targeted >>like we had a very broad level, like in some of the verticals and geographies. We kind of lay out this number and give you like, a lot of contact. So if you're if you're in finance and you're in the UK, you want to know like, Hey, what happened? What happened in Europe, for example, In the past 66 months, we have that data right, and we've got to give you that awareness of what's happening now. The second number I want you to remember is seven seven or the number of new attack vectors reflection application attack vectors that we observed being used widely in in in the second half. >>Seven new 17 new ones. So that now kind of brings our tally >>up to 31 like that. We have those listed out in here. We talk about >>just how much? Uh huh. Really? Just how many of these vectors, how they're used. Also, these each of these vectors >>leverage vulnerabilities in devices that are deployed across the Internet. So we kind of laid out like, you know, just how many of them are out there. But that's like, You know that to us seven is reflecting how the adversary is innovating. They're looking for new ways to attack us. They've found 71 last year. They're going to war, right? Right. And that's that's kind of what we focus on. >>Let's go back to the 8.4. So of those 8.4 million, how many would you declare >>successful from the attacker point of view? >>Yeah, You know something that this is always >>like, you know, you know, it's difficult to go estimate precisely or kind of get within some level of >>precision. I think that you know, the the adversaries, always trying to >>of course, they love to deliver a knockout blow and like all your services down but even like every attack inflicts a cost right and the cost is whether it's, you know, it's made its way all the way through to the end target. And now you know, they're using more network and computing resource is just to kind of keep their services going while they're under attack. The attack is low, You're still kind of you. You're still paying that cost or, you know, the cost of paid upstream by maybe the service provider. Somebody was defending your network for you. So that way, like, you know, there's like there's a cost to every one of these, right? In >>terms of like outages. I should also point out that the attacks that you might think >>that this attack is like, you know, hey, you know, there was a specific victim and that victim suffered as a result of but >>in many cases, the adversaries going after people who are providing services to others. So I mean, if a Turkish bank >>goes down right, like, you know, our cannot like services, customers for a month are maybe even a few hours, right, And you know, the number of victims in this case is fairly broad. Might be one attacks that might be one target, however, like the impact is fairly, >>is very large. What's interesting is, have begs a question. Kind of. How do you >>define success or failure from both the attacker's point of view as well as the defender? >>Yeah, I mean, I mean and again, like there's a lot of conversation in the industry about for every attack, right? Any kind of attack. What? When do I say that? You know what? I was ready for it. And, you know, I was I was fine. I mean, I don't care about, you know, ultimately, there's a cost to each of these things. I'd say that everybody kind of comes at it with their You know, if you're a bank, that you might go. Okay. You know what? If my if I'm paying a little bit extra to keep the service up and running while the Attackers coming at me, No problem. If I if my customers air aren't able to log in, some subset of my customers aren't able to log in. Maybe I can live through that. A large number of my customers can't log in. That's actually a really big problem. And if it's sustained, then you make your way into the media or you're forced to report to the government by like, outages are like, You know, maybe, you know, you have to go to your board and go like a sorry, right? Something just happened. >>But are the escalation procedures >>in the definition of consistency? Right? Getting banged all the time right? And there's something like you said, there's some disruption at some level before it fires off triggers and remediation. So so is there some level of okay, that's kind of a cost of doing business versus, you know, we caught it at this. They're kind of like escalation points that define kind of very short of a full line. >>I think when we talk to our service provider customers, we talked to the very large kind of critical enterprises. They tend to be more methodical about how they think of like, Okay, you know, degradation of the service right now, relative to the attack. I think I think for a lot of people, it's like in the eyes of the beholder. Here's Here's something. Here's an S L. A. That I missed the result of the attack at that point. Like you know, I have, I certainly have a failure, but, you know, it's it's up until there is kind of like, Okay, you're right >>in the eyes the attacker to delay service >>at the at the Turkish bank because now their teams operate twice, twice the duration per transaction. Is it? Just holding for ransom is what benefit it raises. A range >>of motivations is basically the full range of human nature. There's They're certainly like we still see attacks that are straight journalism. I just I just cause I could just I wanted I wanted to write. I wanted to show my friend like, you know, that I could do this. There's there's definitely a lot of attacks that have that are like, you know, Hey, I'm a gamer and I'm like, you know, there's I know that person I'm competing with is coming from this I p address. Let me let me bombard them with >>an attack. And you know, there's a huge kind of it could be >>a lot of collateral damage along the way because, you know, you think you're going after this one person in their house. But actually, if you're taking out the network upstream and there's a lot of other people that are on that network, like you know, there's certain competitive element to it. They're definitely from time to time. There are extortion campaigns pay up or we'll do this again right in some parts of the world, like in the way we think of it. It's like cost of doing business. You are almost like a business dispute resolution. You better be. You know, you better settle my invoice or like I'm about, Maybe maybe I'll try and uses take you out crazy. Yeah, >>it, Jeff. I mean things >>like, you know the way talked about this in previous reports, and it's still true. There's especially with d dos. There's what we think of it, like a democratization off the off the attack tools where you don't have to be technical right. You don't have to have a lot of knowledge, you know, their services available. You know, like here's who I'm going to the market by the booth, so I'd like to go after and, you know, here's my $50 or like a big point equivalent. All right, >>let's jump to >>the seven. We talked about 8.4 and the seven new attack vectors and you outline, You know, I think, uh, the top level themes I took from the summary, right? Weaponizing new attack vectors, leveraging mobile hot spots targeting compromised in point >>about the end points. I o t is >>like all the rage people have mess and five G's just rolling out, which is going to see this huge i o t expansion, especially in industrial and all these connected devices and factories in from that power people. How are people protecting those differently now, as we're getting to this kind of exponential curve of the deployment of all these devices, >>I mean, there are a lot of serious people thinking about how to protect individual devices, but infrastructure and large. So I'm not gonna go like, Hey, it's all bad, right? Is plenty back on it all to be the next number, like 17 and 17 as the number of architectures for which Amir, I mean, I was really popular, like in a bar right from a few years ago. That still exists. But over time, what's happened is people have reported Mirai to different architectures so that, you know, think of it like, you know, if you have your your refrigerator connected to the Internet, it comes. It's coming with a little board, has CPU on it like >>running a little OS >>runs and runs in the West on it. Well, there's a Mirai variant ready for that. Essentially, as new devices are getting deployed like, you know, there's, you know, that's kind of our observation that there's even as new CPUs are introduced, a new chips or even the West they're introduced. There's somebody out there. We're ready to port it to that very now, Like, you know, the next level challenges that these devices, you know, they don't often get upgraded. There's no real. In many cases, they're not like, you know, there's very little thought given to really kind of security around it. Right? There are back doors and, like default passwords used on a lot of them. And so you take this combination. I have a whole you know, we talk about, you know, large deployments of devices every year. So you have these large deployments and now, you know, bought is just waiting for ready for it Now again, I will say that it's not. It's not all bad, but there are serious people who were thinking about this and their devices that are deployed on private networks. From the get go, there was a VPN tunnel back to a particular control point that the the commercial vendor operates. I mean, there are things like that, like, hardening that people have done right, So not every device is gonna find its way into a botnet. However, like, you know, you feel like you're getting a toy like Christmas and against $20 you know, and it can connect to the Internet. The odds are nobody's >>thinking not well. The thing we've heard, too, about kind of down the i t and kind of bringing of operations technology and I t is. A lot of those devices weren't developed for upgrades and patches, and Lord knows what Os is running underneath the covers was a single kind of use device. It wasn't really ever going to be connected to the outside world. But now you're connecting with the I t. Suddenly exposing a whole host of issues that were never kind of part of the plan when whoever designed that thing in the first place for sure for sure is crazy. Alright, so that's that. Carpet bombing tactics, increased sector attack, availability. What is there's carpet bomb and carpet bombing generally? What's going on in this space? >>Well, so carpet bombing is a term that we applied a few years ago to a kind of a variation of attack which, like >>traditionally, you know, we see an attack >>against a specific I P address or a specific domain, right? That's that's where that's what I'm targeting. Carpet bombing is taking a range of API's and go like, you know, hey, almost like cycling through every single one of them. So you're so if your filters, if your defense is based on Hey, if my one server sees a spike, let me let me block traffic while now you're actually not seeing enough of a spike on an individual I p. But across a range there's a huge you know, there's a lot of traffic that you're gonna be. >>So this is kind of like trips people >>up from time to time, like are we certainly have defensive built for it. But >>now what? We're you know, it's it's really like what we're seeing is the use >>off Muehr, our other known vectors. We're not like, Okay, C l dap is a protocol feel that we see we see attacks, sealed up attacks all the time. Now what we're >>seeing is like C l >>dap with carpet bombing. Now we're seeing, like, even other other reflection application protocols, which the attack isn't like an individual system, but instead the range. And so that's that's what has changed. Way saw a lot of like, you know, TCP kind of reflection attacks, TCP reflection attacks last year. And then and then the novelty was that Now, like okay, alongside that is the technique, right? Carpet bombing technique. That's that's a pipe >>amounts never stops right? Right hard. We're out of time. I give you the final word. One. Where can people go get the information in this report? And more importantly, for people that aren't part of our is a matter that you know kind of observers or they want to be more spark. How should they be thinking about security when this thing is such a rapidly evolving space? >>So let me give you two resource is really quickly. There's this this >>report available Dub dub dub dub dot com slash threat report. That's that's that's what That's where this report is available on Google Next Threat report and you'll find your way there. We've also, you know, we made another platform available that gives you more continuous visibility into the landscape. So if you read this and like Okay, what's happening now? Then you would go to what we call Met Scout Cyber Threat Horizon. So that's >>kind of tell you >>what's happening over the horizon. It's not just like, you know, Hey, what's what am I seeing? What are people like me seeing maybe other people other elsewhere in the world scene. So that's like the next dot com slash horizon. Okay, to find >>that. And I think like between those two, resource is you get >>access to all of our visibility and then, you know, really, in terms of like, our focus is not just to drive awareness, but all of this knowledge is being built into our products. So the Net's got like arbor line of products. We're continually innovating and evolving and driving like more intelligence into them, right? That's that's really? How We help protect our customers. Right >>hearted. Thanks for taking a few minutes >>and sharing the story. Thank you. 18 Scary. But I'm glad you said it's not all bad. So that's good. >>Alright, he started. I'm Jeff. You're watching the Cube. We're at the RSA conference 2020 >>Mosconi. Thanks for watching. We'll see you next time. >>Yeah, yeah, yeah.

[Music] hi I'm Peter Burris and welcome to another Cube conversation from the cube studios here in beautiful Palo Alto California today we're going to talk about some new things that are happening in the security world obviously this is one of the most important domains within the technology industry and increasingly because of digital business in business overall now to do that we've asked Eric manki to come back Derick is the chief of security insights and global threat alliances at Fort Net Derek welcome back to the cube absolutely the same feel the same way Derek okay so we're going to get into some some predictions about what the bad guys are doing and some predictions about what the defenses are doing how we're going to see them defense opportunities improve but let's set the stage because predictions always are made on some platforms some understanding of where we are and that has also changed pretty dramatically so what's the current state in the overall security world Derek yeah so what we saw this year in 2019 a lot is a big increase on automation and I'm talking from an attackers point of view I think we talked about this a little bit earlier in the year so what we've been seeing is the use of frameworks to enhance sort of the day-to-day cycles that cyber criminals and attackers are using to make their you know criminal operations is that much more efficient sort of a well-oiled machine so we're seeing toolkits that are taking you know things within the attack cycle and attack change such as reconnaissance penetration you know exploitation getting into systems and just making that that much quicker so that that window to attack the time to breach has been shrinking thanks to a lot of these crime kits and services that are offered out there now one other comment on this or another question that I might have on this is that so speed is becoming an issue but also the risk as digital business takes on a larger four portion of overall business activities that ultimately the risks and costs of doing things wrong is also going up if I got the right yeah absolutely for sure and you know it's one of those things that it's the longer that a cybercriminal has a foothold in your system or has the opportunity to move laterally and gain access to other systems maybe it's your I o T or you know other other platforms the higher the risk right like the deeper down they are within an attack cycle the higher the risk and because of these automated toolkits are allowing allowing them to facilitate that it's a catalyst really right they can get into the system they can actually get out that much quicker the risk is a much higher and we're talking about risk we're talking about things like intellectual property exfiltration client information this sort of stuff that can be quite damaging to organizations so with the new foundation of speed is becoming an increasingly important feature probably think about security and the risks are becoming greater because digital assets are being recognized as more valuable why do you take us through some of the four Donets predictions on some of the new threats or the threat landscape how's the threat landscape changing yeah so as I said we've already seen this shift in automation so what I would call the basics I mean knowing the target trying to break into that target right when it comes to breaking into the target cyber criminals right now they're following the path of least resistance right they're finding easy ways that they can get into IOT devices I into other systems in our world when we talk about penetration or breaking into systems it's through zero days right so the idea of a zero day is essentially a cyber weapon there's movies and Hollywood that have been made off of this you look at attacks like Stuxnet in the past they all use zero day vulnerabilities to get into systems all right so the idea of one of the predictions we're seeing is that cyber criminals are gonna start to use artificial intelligence right so we talk about machine learning models and artificial intelligence to actually find these zero days for them so in the world of an attacker to find a zero day they have to do a practice called fuzzing and fuzzing is basically trying to trick up computer code right so you're throwing unverified parameters out at your turn T of throwing and unanticipated sequences into code parameters and and input validation and so forth to the point that the code crashes and that's from an attackers point of view that's when you take control of that code this how you know finding weapons into system cyber weapons in this systems work it typically takes a lot of a lot of resource it takes a lot of cycles it takes a lot of intelligence that takes a lot of time to discovery we can be talking on month for longer it's one of the predictions that we're hitting on is that you know cyber criminals are gonna start to use artificial intelligence fuzzing or AI F as I call it to be able to use AI to do all of that you know intelligent work for them so you know basically having a system that will find these gateways if you will these these you know new vulnerabilities into systems so sustained use of AI F to corrupt models so that they can find vulnerabilities that can then be exploited yeah absolutely and you know when it comes to the world of hacking and fuzzing it's one of the toughest things to do it is the reason that zero days are worth so much money you know they can suffer hundreds of thousands of dollars on darknet and in the cyber criminal you know economy so it's because they're talk talk to finally take a lot of resources a lot of intelligence and a lot of effort to be able to not only find the vulnerability but then actively attack it and exploit it right there's two phases to that yeah so the idea is by using part of the power of artificial intelligence that cyber criminals will start to leverage that and harness it in a bad way to be able to not only discover you know these vulnerabilities but also create that weapon right create the exploit so that they can find more you know more holes if you will or more angles to be able to get into systems now another one is that virtualization is happening in you know what the good guys as we virtualized resources but is it also being exploited or does it have the potential be exploited by the bad guys as well especially in a swarming approach yeah virtualization for sure absolutely so the thing about virtualization too is you often have a lot of virtualization being centralizes especially when we talk about cloud right so you have a lot of potential digital assets you know valuable digital assets that could be physically located in one area so when it comes to using things like artificial intelligence fuzzing not only can it be used to find different vulnerabilities or ways into systems it can also be combined with something like I know we've talked about the const that's warm before so using you know multiple intelligence infected pieces of code that can actually try to break into other virtual resources as well so virtualization asked definitely it because of in some cases close proximity if you will between hypervisors and things like this it's also something of concern for sure now there is a difference between AI fai fuzzing and machine learning talk to us a little bit about some of the trends or some of the predictions that pertain to the advancement of machine learning and how bad guys are going to exploit that sure so machine learning is a core element that is used by artificial intelligence right if you think of artificial intelligence it's a larger term it can be used to do intelligent things but it can only make those decisions based off of a knowledge base right and that's where machine learning comes into place machine learning is it's data it's processing and it's time right so there's various machine learning learning models that are put in place it can be used from everything from autonomous vehicles to speech recognition to certainly cybersecurity and defense that we can talk about but you know the other part that we're talking about in terms of reductions is that it can be used like any tool by the bad guys so the idea is that machine learning can be used to actually study code you know from from a black hat attacker point of view to studying weaknesses in code and that's the idea of artificial intelligence fuzzing is that machine learning is used to find software flaws it finds the weak spots in code and then it actually takes those sweet spots and it starts probing starts trying to attack a crisis you know to make the code crash and then when it actually finds that it can crash the code and that it can try to take advantage of that that's where the artificial intelligence comes in right so the AI engine says hey I learned that this piece of software or this attack target has these weak pieces of code in it that's for the AI model so the I fuzzy comes into place to say how can I actually take advantage how can i exploit this right so that's where the AI trussing comes into play so we've got some predictions about how black hats and bad guys are going to use AI and related technologies to find new vulnerabilities new ways of exploiting things and interacting new types of value out of a business what are the white hats got going for them what are their some of the predictions on some of the new classes of defense that we're going to be able to put to counter some of these new classes of attacks yeah so that's that's you know that's honestly some of the good news I believe you know it's always been an armor an arms race between the bad guys and the good guys that's been going on for decades in terms of cybersecurity often you know the the bad guys are in a favorable position because they can do a million things wrong and they don't care right from the good guys standpoint we can do a million things right one thing wrong and that's an issue so we have to be extra diligent and careful with what we do but with that said you know as an example of 49 we've deployed our forty guard AI right so this is six years in the making six years using machine learning using you know precise models to get higher accuracy low false positives to deploy this at reduction so you know when it comes to the defensive mechanism I really think that we're in the drivers position quite frankly we have better technology than the Wild West that they have out on the bad guys side you know from an organization point of view how do you start combating this sort of onslaught of automation in AI from from the bad guys side well you gotta fight fire with fire right and what I mean by that is you have to have an intelligent security system you know perimeter based firewalls and gateways they don't cut it anymore right you need threat intelligence you need systems that are able to orchestrate and automate together so in different security products and in your security stack or a security fabric that can talk to each other you know share intelligence and then actually automate that so I'm talking about things like creating automated security policies based off of you know threat intelligence finding that a potential threat is trying to get into your network that sort of speed through that integration on the defensive side that intelligence speed is is is the key for it I mean without that any organization is gonna be losing the arms race and I think one of the things that is also happening is we're seeing a greater willingness perhaps not to share data but to share information about the bad things that are happening and I know that fort and it's been something at the vanguard of ensuring that there's even better clearing for this information and then driving that back into code that actually further automates how customers respond to things if I got that right yeah you hit a dead-on absolutely you know that is one of the key things that were focused on is that we realized we can't win this war alone right nobody can on a single point of view so we're doing things like interoperating with security partners we have a fabric ready program as an example we're doing a lot of work in the industry working with as an example Interpol and law enforcement to try to do attribution but though the whole endgame what we're trying to do is to the strategy is to try to make it more expensive for cyber criminals to operate so we obviously do that as a vendor you know through good technology our security fabric I integrated holistic security fabric and approach to be able to make it tougher you know for attackers to get into systems but at the same time you know we're working with law enforcement to find out who these guys are to go after attribution prosecution cut off the head of the snake as I call it right to try to hit cyber criminal organizations where it hurts we're also doing things across vendor in the industry like cyber threat Alliance so you know forty knots a founding member of the cyber threat Alliance we're working with other security vendors to actually share real time information is that speed you know message that we're talking about earlier to share real time information so that each member can take that information and put it into you something actionable right in our case when we get intelligence from other vendors in the cyber threat Alliance as an example we're putting that into our security fabric to protect our customers in new real-time so in sum we're talking about a greater value from being attacked being met with a greater and more cooperative use of technology and process to counter those attacks all right yeah absolutely so open collaboration unified collaboration is is definitely key when it comes to that as well you know the other thing like I said is is it's the is the technology piece you know having integration another thing from the defensive side too which is becoming more of a topic recently is deception deception techniques this is a fascinating area to me right because the idea of deception is the way it sounds instead of to deceive criminals when they're coming knocking on your door into your network so it's really what I call like the the house of a thousand mirrors right so they get into your network and they think they're going to your data store but is it really your data store right it's like it's there's one right target and a thousand wrong targets it's it's a it's a defensive strategy that organizations can play to try to trip up cyber criminals right it makes them slower it makes them more inaccurate it makes them go on the defensive and back to the drawing board which is something absolutely I think we have to do so it's very interesting promising you know technology moving forward in 2019 to essentially fight back against the cyber criminals and to make it more expensive to get access to whatever it is that they want Derek max Lilly yeah Derrick McKey chief of security insights and global threat Alliance this is for net thanks once again for being on the cube it's a pleasure anytime look forward to the next chat and from Peter Burroughs and all of us here at the cube in Palo Alto thank you very much for watching this cube conversation until next time you

>>Live from Las Vegas. It's theCUBE. Covering Fortinet Accelerate 18. Brought to you by Fortinet. >> Welcome to Fortinet Accelerate 2018. I'm Lisa Martin with theCUBE and we're excited to be here doing our second year of coverage of this longstanding event. My cohost for the day is Peter Burris; excited to be co-hosting with Peter again, and we're very excited to be joined by the CEO, Founder, and Chief Chairman of Fortinet, Ken Xie, Ken welcome back to theCUBE. >> Thank you, Lisa, thank you, Peter. Happy to be here. >> It's great to be here for us as well, and the title of your Keynote was Leading the Change in Security Transformation, but something as a marketer I geeked out on before that, was the tagline of the event, Strength in Numbers. You shared some fantastic numbers that I'm sure you're quite proud of. In 2017, $1.8 in billing, huge growth in customer acquisitions 17.8 thousand new customers acquired in 2017 alone, and you also shared that Forinet protects around 90% of the Global S&P 100. Great brands and logos you shared Apple, Coca Cola, Oracle. Tell us a little bit more and kind of as an extension of your Keynote, this strength in numbers that you must be very proud of. >> Yeah, I'm an engineer background, always liked the number, and not only we become much bigger company, we actually has 25 to 30% global employment in a network security space. That give a huge customer base and last year sales grow 19% and we keeping leading the space with a new product we just announced today. The FortiGate 6000 and also the FortiOS 6.0. So all this changing the landscape and like I said last year we believe the space is in a transition now, they've got a new generation infrastructure security, so we want to lead again. We started the company 18 years ago to get into we called a UTM network firewall space. We feel infrastructure security is very important now. And that we want to lead in the transition and lead in the change. >> So growth was a big theme or is a big theme. Some of the things that we're also interesting is another theme of really this evolution, this landscape I think you and Peter will probably get into more the technology, but give our viewers a little bit of an extension of what you shared in your keynote about the evolution. These three generations of internet and network security. >> Yeah, when I first start my network security career the first company I was study at Stanford University, I was in the 20s. It was very exciting is that a space keeping changing and grow very fast, that makes me keeping have to learning everyday and that I like. And then we start a company call Net Screen when it was early 30s, that's my second company. We call the first generation network security which secured a connection into the trust company environment and the Net Screens a leader, later being sold for $4 billion. Then starting in 2000, we see the space changing. Basically you only secure the connection, no longer enough. Just like a today you only validate yourself go to travel with a ticket no longer enough, they need to see what you carry, what's the what's the luggage has, right. So that's where we call them in application and content security they call the UTM firewall, that's how Fortinet started. That's the second generation starting replacing the first generation. But compared to 18 years ago, since change it again and nowadays the data no longer stay inside company, they go to the mobile device, they go to the cloud, they call auditive application go to the IoT is everywhere. So that's where the security also need to be changed and follow the important data secure the whole infrastructure. That's why keeping talking from last year this year is really the infrastructure security that secure fabric the starting get very important and we want to lead in this space again like we did 18 years ago starting Fortinet. >> Ken, I'd like to tie that, what you just talked about, back to this notion of strength in numbers. Clearly the bad guys that would do a company harm are many and varied and sometimes they actually work together. There's danger in numbers Fortinet is trying to pull together utilizing advanced technologies, new ways of using data and AI and pattern recognition and a lot of other things to counter effect that. What does that say about the nature of the relationships that Fortinet is going to have to have with its customers going forward? How is that evolving, the idea of a deeper sharing? What do you think? >> Actually, the good guy also started working together now. We formed the they call it the Cyber Threat Alliance, the CTA, and Fortinet is one of the founding company with the five other company including Palo Alto Network, Check Point and McAfee and also feel a Cisco, there's a few other company all working together now. We also have, we call, the Fabric-Ready Program which has 42 big partners including like IBM, Microsoft, Amazon, Google, all this bigger company because to defend the latest newest Fabric threat you have to be working together and that also protect the whole infrastructure. You also need a few company working together and it's a because on average every big enterprise they deploy 20 to 30 different products from different company. Management cost is number one, the highest cost in the big enterprise security space because you have to learn so many different products from so many different vendor, most of them competitor and now even working together, now communicate together. So that's where we want to change the landscape. We want to provide how infrastructure security can work better and not only partner together but also share the data, share the information, share the intelligence. >> So fundamentally there is the relationship is changing very dramatically as a way of countering the bad actors by having the good actors work more closely together and that drives a degree of collaboration coordination and a new sense of trust. But you also mentioned that the average enterprise is 20 to 30 fraud based security products. Every time you introduce a new product, you introduce some benefits you introduce some costs, potentially some new threat surfaces. How should enterprises think about what is too many, what is not enough when they start thinking about the partnerships that needed put together to sustain that secure profile? >> In order to have the best protection today you need to secure the whole infrastructure, the whole cyberspace. Network security still the biggest and also grow very fast and then there's the endpoint and there's a like a cloud security, there's a whole different application, email, web and all the other cloud all the other IoT. You really need to make sure all these different piece working together, communicate together and the best way is really, they have to have a single panel of our management service. They can look at them, they can make it integrate together they can automate together, because today's attack can happen within seconds when they get in the company network. It's very difficult for human to react on that. That's where how to integrate, how to automate, this different piece, that is so important. That's where the Fabric approach, the infrastructure approach get very important. Otherwise, you cannot react quick enough, in fact, to defend yourself in a current environment. On the other side for your question, how many vendor do you have, I feel the less the better. At least they have to work together. If they're not working together, will make it even more difficult to defend because each part they not communicate and not react and not automate will make the job very, very difficult and that's where all this working together and the less vendor they can all responsible for all your security it's better. So that's where we see some consolidation in the space. They do still have a lot of new company come up, like you mentioned, there's close to 2,000 separate security company. A lot of them try to address the point solution. I mentioned there's a four different level engineer after engineer work there because I see 90% company they do the detection. There's a certain application you can detect the intrusion and then the next level is where they after you attack what are going to do about it. Is it really the prevention setting kick in automatic pull out the bad actor. After that, then you need to go to the integration because there's so many different products, so many different piece you need to working together, that's the integration. Eventually the performance and cost. Because security on average still cost 100 times more expensive under same traffic and also much slower compared to the routing switch in networking device. That's what the performance cost. Also starting in the highest level, that's also very difficult to handle. >> So, we're just enough to start with the idea of data integration, secure data integration amongst the security platform, so enough to do as little as possible, as few as possible to do that, but enough to cover all the infrastructure. >> Yes, because the data is all a whole different structure. You no longer does have to trust environment. Because even inside the company, there's so many different way you can access to the outside, whether it by your mobile device so there's a multiple way you can connect on the internet and today in the enterprise 90% connection goes to Wi-Fi now it's not goes to a wired network, that's also difficult to manage. So that's where we will hide it together and make it all working together it's very important. >> So, in the spirit of collaboration, collaborating with vendors. When you're talking with enterprises that have this myriad security solutions in place now, how are they helping to guide and really impact Fortinet's technologies to help them succeed. What's that kind of customer collaboration like, I know you meet with a lot of customers, how are they helping to influence the leading security technologies you deliver? >> We always want to listen the customer. They have the highest priority, they gave us the best feedback. Like the presentation they talked about there's a case from Olerica which is where they have a lot of branch office and they want to use in the latest technology and networking technology, SD-WAN. Are working together with security, that's ready the new trend and how to make sure they have all the availability, they have the flexibility software-defined networking there and also make sure to security also there to handle the customer data, that's all very important so that's what we work very closely with customer to response what they need. That's where I'm still very proud to be no longer kind of engineer anymore but will still try to build in an engineer technology company. Listen to the customer react quick because to handle security space, cyber security, internet security, you have to work to quickly react for the change, on internet, on application. So that's where follow the customer and give them the quick best solution it's very very important. >> On the customer side in Anaemia we talked about that was talked a little bit about this morning with GDPR are is around the corner, May 2018. Do you see your work coordinates work with customers in Anaemia as potentially being, kind of, leading-edge to help customers in the Americas and Asia-Pacific be more prepared for different types of compliance regulations? >> We see the GDPR as an additional opportunity, as a additional complement solution compared to all the new product technology would come up. They definitely gave us an additional business rate, additional opportunity, to really help customer protect the data, make the data stay in their own environment and the same time, internet is a very global thing, and how to make sure different country, different region, working together is also very important. I think it's a GDPR is a great opportunity to keeping expanding a security space and make it safer for the consumer for the end-user. >> So Ken as CEO Fortinet or a CEO was tough act, but as CEO you have to be worried about the security of your business and as a security company you're as much attacked, if not more attacked than a lot of other people because getting to your stuff would allow folks to get to a lot of other stuff. How do you regard the Fortinet capabilities inside Fortinet capability as providing you a source of differentiation in the technology industry? >> Yeah we keep security in mind as the highest priority within a company. That's where we develop a lot of product, we also internally use tests first. You can see from endpoint, the network side, the email, to the web, to the Wi-Fi access, to the cloud, to the IoT, it's all developing internally, it tests internally so the infrastructure security actually give you multiple layer protection. No longer just have one single firewall, you pass the fire were all open up. It's really multiple layer, like a rather the ransomware or something they had to pass multiple layer protection in order to really reach the data there. So that's where we see the infrastructure security with all different products and developed together, engineer working together is very important. And we also have were strong engineer and also we call the IT security team lead by Phil Cauld, I think you are being interview him later and he has a great team and a great experience in NSA for about 30 years, secure country. And that's where we leverage the best people, the best technology to provide the best security. Not only the portal side, also our own the internal security in this space. >> So, in the last minute or so that we have here, one of the things that Patrice Perce your global sales leader said during his keynote this morning was that security transformation, this is the year for it. So, in a minute or so, kind of what are some of the things besides fueling security transformation for your customers do you see as priorities and an exciting futures this year for Fortinet, including you talked about IoT, that's a $9 billion opportunity. You mentioned the securing the connected car to a very cool car in there, what are some of the things that are exciting to you as the leader of this company in 2018? >> We host some basic technology, not another company has. Like a built in security for a single chip. I also mentioned like some other bigger company, like a Google started building a TPU for the cloud computing and Nvidia the GPU. So we actually saw this vision 18 years ago when we start a company and the combine the best hardware and best technology with solve for all this service together. So, long term you will see the huge benefit and that's also like translate into today you can see all these technology enable us to really provide a better service to the customer to the partner and we all starting benefit for all this investment right now. >> Well Ken, thank you so much for joining us back on theCUBE. It's our pleasure to be here at the 16th year of the event, our second time here. Thanks for sharing your insight and we're looking forward to a great show. >> Thank you, great questions, it's the best platform to really promoting the technology, promoting the infrastructure security, thank you very much. >> Likewise, we like to hear that. For my co-host Peter Burris, I'm Lisa Martin, we are coming to you from Fortinet Accelerate 2018. Thanks for watching, stick around we have great content coming up.

>> (Narrator) Live from Las Vegas. It's theCUBE. Covering Fortinet Accelerate 18. Brought to you by Fortinet. >> Welcome to Fortinet Accelerate 2018. I'm Lisa Martin with theCUBE and we're excited to be here doing our second year of coverage of this longstanding event. My cohost for the day is Peter Burris; excited to be co-hosting with Peter again, and we're very excited to be joined by the CEO, Founder, and Chief Chairman of Fortinet, Ken Xie, Ken welcome back to theCUBE. >> Thank you, Lisa, thank you, Peter. Happy to be here. >> It's great to be here for us as well, and the title of your Keynote was Leading the Change in Security Transformation, but something as a marketer I geeked out on before that, was the tagline of the event, Strength in Numbers. You shared some fantastic numbers that I'm sure you're quite proud of. In 207, $1.8 in billing, huge growth in customer acquisitions 17.8 thousand new customers acquired in 2017 alone, and you also shared that Forinet protects around 90% of the Global S&P 100. Great brands and logos you shared Apple, Coca Cola, Oracle. Tell us a little bit more and kind of as an extension of your Keynote, this strength in numbers that you must be very proud of. >> Yeah, I'm an engineer background, always liked the number, and not only we become much bigger company, we actually has 25 to 30% global employment in a network security space. That give a huge customer base and last year sales grow 19% and we keeping leading the space with a new port out we just announced today. The FortiGate 6000 and also the FortiOS 6.0. So all this changing in the landscape and like I said last year we believe the space is in a transition now, they've got a new generation infrastructure security, so we want to lead again. We started the company 18 years ago to get into we called a UTM network firewall space. We feel infrastructure security is very important now. And that we want to lead in the transition and lead in the change. >> So growth was a big theme or is a big theme. Some of the things that we're also interesting is another theme of really this evolution, this landscape I think you and Peter will probably get into more the technology, but give our viewers a little bit of an extension of what you shared in your keynote about the evolution. These three generations of internet and network security. >> Yeah, when I first start my network security career the first company I was study at Stanford University, I was in the 20s. It was very exciting is that a space keeping changing and grow very fast, that makes me keeping have to learning everyday and that I like. And then we start a company call Net Screen when it was early 30s, that's my second company. We call the first generation network security which secured a connection into the trust company environment and the Net Screens a leader, later being sold for $4 billion. Then starting in 2000, we see the space changing. Basically you only secure the connection, no longer enough. Just like a today you only validate yourself go to travel with a ticket no longer enough, they need to see what you carry, what's the what's the luggage has, right. So that's where we call them in application and content security they call the UTM firewall, that's how Fortinet started. That's the second generation starting replacing the first generation. But compared to 18 years ago, since change it again and nowadays the data no longer stay inside company, they go to the mobile device, they go to the cloud, they call auditive application go to the IoT is everywhere. So that's where the security also need to be changed and follow the important data secure the whole infrastructure. That's why keeping talking from last year this year is really the infrastructure security that secure fabric the starting get very important and we want to lead in this space again like we did 18 years ago starting Fortinet. >> Ken, I'd like to tie that, what you just talked about, back to this notion of strength in numbers. Clearly the bad guys that would do a company harm are many and varied and sometimes they actually work together. There's danger in numbers Fortinet is trying to pull together utilizing advanced technologies, new ways of using data and AI and pattern recognition and a lot of other things to counter effect that. What does that say about the nature of the relationships that Fortinet is going to have to have with its customers going forward? How is that evolving, the idea of a deeper sharing? What do you think? >> Actually, the good guy also started working together now. We formed the they call it the Cyber Threat Alliance, the CTA, and Fortinet is one of the founding company with the five other company including Palo Alto Network, Check Point and McAfee and also feel a Cisco, there's a few other company all working together now. We also have, we call, the Fabric-Ready Program which has a 42 bigger partner including like IBM, Microsoft, Amazon, Google, all this bigger company because to defend the latest newest Fabric threat you have to be working together and that also protect the whole infrastructure. You also need a few company working together and it's a because on average every big enterprise they deploy 20 to 30 different products from different company. Management cost is number one, the highest cost in the big enterprise security space because you have to learn so many different products from so many different vendor, most of them competitor and now even working together, now communicate together. So that's where we want to change the landscape. We want to provide how infrastructure security can work better and not only partner together but also share the data, share the information, share the intelligence. >> So fundamentally there is the relationship is changing very dramatically as a way of countering the bad actors by having the good actors work more closely together and that drives a degree of collaboration coordination and a new sense of trust. But you also mentioned that the average enterprise is 20 to 30 fraud based security products. Every time you introduce a new product, you introduce some benefits you introduce some costs, potentially some new threat surfaces. How should enterprises think about what is too many, what is not enough when they start thinking about the partnerships that needed put together to sustain that secure profile? >> In order to have the best protection today you need to secure the whole infrastructure, the whole cyberspace. Network security still the biggest and also grow very fast and then there's the endpoint and there's a like a cloud security, there's a whole different application, email, web and all the other cloud all the other IoT. You really need to make sure all these different piece working together, communicate together and the best way is really, they have to have a single panel of our management service. They can look at them, they can make it integrate together they can automate together, because today's attack can happen within seconds when they get in the company network. It's very difficult for human to react on that. That's where how to integrate, how to automate, this different piece, that is so important. That's where the Fabric approach, the infrastructure approach get very important. Otherwise, you cannot react quick enough, in fact, to defend yourself in a current environment. On the other side for your question, how many vendor do you have, I feel the less the better. At least they have to work together. If they're not working together, will make it even more difficult to defend because each part they not communicate and not react and not automate will make the job very, very difficult and that's where all this working together and the less vendor they can all responsible for all your security it's better. So that's where we see some consolidation in the space. They do still have a lot of new company come up, like you mentioned, there's close to 2,000 separate security company. A lot of them try to address the point solution. I mentioned there's a four different level engineer after engineer work there because I see 90% company they do the detection. There's a certain application you can detect the intrusion and then the next level is where they after you attack what are going to do about it. Is it really the prevention setting kick in automatic pull out the bad actor. After that, then you need to go to the integration because there's so many different products, so many different piece you need to working together, that's the integration. Eventually the performance and cost. Because security on average still cost 100 times more expensive under same traffic and also much slower compared to the routing switch in networking device. That's what the performance cost. Also starting in the highest level, that's also very difficult to handle. >> So, we're just enough to start with the idea of data integration, secure data integration amongst the security platform, so enough to do as little as possible, as few as possible to do that, but enough to cover all the infrastructure. >> Yes, because the data is all a whole different structure. You no longer does have to trust environment. Because even inside the company, there's so many different way you can access to the outside, whether it by your mobile device so there's a multiple way you can connect on the internet and today in the enterprise 90% connection goes to Wi-Fi now it's not goes to a wired network, that's also difficult to manage. So that's where we will hide it together and make it all working together it's very important. >> So, in the spirit of collaboration, collaborating with vendors. When you're talking with enterprises that have this myriad security solutions in place now, how are they helping to guide and really impact Fortinet's technologies to help them succeed. What's that kind of customer collaboration like, I know you meet with a lot of customers, how are they helping to influence the leading security technologies you deliver? >> We always want to listen the customer. They have the highest priority, they gave us the best feedback. Like the presentation they talked about there's a case from Olerica which is where they have a lot of branch office and they want to use in the latest technology and networking technology. I see when I'm working together with security, that's ready the new trend and how to make sure they have all the availability, they have the flexibility software-defined networking there and also make sure to security also there to handle the customer data, that's all very important so that's what we work very closely with customer to response what they need. That's where I'm still very proud to be no longer kind of engineer anymore but will still try to build in an engineer technology company. Lesson to the customer react quick because to handle security space, cyber security, internet security, you have to be work quickly react for the change, on internet, on application. So that's where follow the customer and give them the quick best solution it's very very important. On the customer side in Anaemia we talked about that was talked a little bit about this morning with GDPR are is around the corner, May 2018. Do you see your work coordinates work with customers in Anaemia as potentially being, kind of, leading-edge to help customers in the Americas and Asia-Pacific be more prepared for different types of compliance regulations? >> We see the GDPR as an additional opportunity, as a additional complement solution compared to all the new product technology would come up. They definitely gave us an additional business rate, additional opportunity, to really help customer protect the data, make the data stay in their own environment and the same time, internet is a very global thing, and how to make sure different country, different region, working together is also very important. I think it's a GDPR is a great opportunity to keeping expanding a security space and make it safer for the consumer for the end-user. >> So Ken as CEO Fortinet or a CEO was tough act, but as CEO you have to be worried about the security of your business and as a security company you're as much attacked, if not more attacked than a lot of other people because getting to your stuff would allow folks to get to a lot of other stuff. How do you regard the Fortinet capabilities inside Fortinet capability as providing you a source of differentiation in the technology industry? >> Yeah we keep security in mind as the highest priority within a company. That's where we develop a lot of product, we also internally use tests first. You can see from endpoint, the network side, the email, to the web, to the Wi-Fi access, to the cloud, to the IoT, it's all developing internally, it tests internally so the infrastructure security actually give you multiple layer protection. No longer just have one single firewall, you pass the fire were all open up. It's really multiple layer, like a rather the ransomware or something they had to pass multiple layer protection in order to really reach the data there. So that's where we see the infrastructure security with all different products and developed together, engineer working together is very important. And we also have were strong engineer and also we call the IT security team lead by Phil Cauld, I think you are being interview him later and he has a great team and a great experience in NSA for about 30 years, secure country. And that's where we leverage the best people, the best technology to provide the best security. Not only the portal side, also our own the internal security in this space. >> So, in the last minute or so that we have here, one of the things that Patrice Perce your global sales leader said during his keynote this morning was that security transformation, this is the year for it. So, in a minute or so, kind of what are some of the things besides fueling security transformation for your customers do you see as priorities and an exciting futures this year for Fortinet, including you talked about IoT, that's a $9 billion opportunity. You mentioned the securing the connected car to a very cool car in there, what are some of the things that are exciting to you as the leader of this company in 2018? >> We host some basic technology, not another company has. Like a built in security for a single chip. I also mentioned like some other bigger company, like a Google started building a TPU for the cloud computing and Nvidia the GPU. So we actually saw this vision 18 years ago when we start a company and the combine the best hardware and best technology with solve for all this service together. So, long term you will see the huge benefit and that's also like translate into today you can see all these technology enable us to really provide a better service to the customer to the partner and we all starting benefit for all this investment right now. >> Well Ken, thank you so much for joining us back on theCUBE. It's our pleasure to be here at the 16th year of the event, our second time here. Thanks for sharing your insight and we're looking forward to a great show. >> Thank you, great questions, it's the best platform to really promoting the technology, promoting the infrastructure security, thank you very much. >> Likewise, we like to hear that. For my co-host Peter Burris, I'm Lisa Martin, we are coming to you from Fortinet Accelerate 2018. Thanks for watching, stick around we have great content coming up.