(upbeat music) >> We are entering a new era of cyber attacks. The SolarWinds hack it underscored a rising and very disturbing trend. Namely that tunneling in through an organization's supply chain. And you're hearing terms like island hopping and living off the land to becoming mainstream in the world of cybersecurity. And we're going to talk a little bit about ransomware and cyber with Manoj Nair, who is the GM of Metallic, a Commvault Company. And Tim Carben, is a Principal Systems Engineer with Mitchell International. Gents welcome. Thanks so much for coming on. Talk to me about this very important topic. So, Tim, I got to start with you, you're the practitioner. You got to fight this battle every day. You heard me upfront it feel like we are entering a new era. The adversary is highly capable, very well-funded. How are you thinking about changes in protecting your data and creating things like air gaps and what are you doing to solve this problem? >> I think the most important part. And this is just to start off with is patching, everything up to date. Most of the time someone's getting in, or most of the time one of these viruses is replicating between the different systems. It's due to unpatched environments. And then number two is training. If your resources don't know, not to click on something or to hover over something to look at it. Then, you are just going to be exposing your environment over and over and over again. But when it all boils down to it, and it comes back to what I'm doing in the data protection world in the backup and recovery, I have to look at not only how am I going to get this data back. Because if a system gets encrypted we are going to look for recovery first. That's it, look for recovery first. But we also need to make sure that our environment is protected. Lock down our media agents. Lock down our storage that we're connected to. And like you had mentioned before use an air gap. And no one... I mean, everyone's been moving away from tape and it's understandable. There's a lot of resource utilization involved. There's a lot of people that you need in there in your data center, moving things around. And it's a robotic machine, you have to rely on. Not only that, but recovery times can be slow. What I found is Commvault is gone out there and they've offered us SaaS storage. This SaaS storage is somewhere else. We could be in AWS. We could be in Azure. We could be in GCP but we can still connect to this SaaS storage. And we never have to worry about someone having access to a data center and getting to our tapes. We don't have to worry about someone having tenant access and deleting our backups off of a particular tenant. Which is something that we are going to see in the future if it's not out there already. So, there's a lot that we have to do and protecting ourselves is very important. And Commvault is making it a lot easier. >> Thank you, Tim. So, Manoj I mean, these things have probably been around for a while but we're seeing really sort of, I talked about mainstream and a couple of things that are really disturbing. We're seeing this malware come in and they're self forming. They're creating different signatures but we're also seeing this idea of living off the land very stealthily using your own tools against you. And then really disturbingly, we're seeing when you discover... When a victim discovers that they're being attacked and they respond... Their incident response is triggering a very aggressive counter attack by the hackers. Where they've already exfiltrated really sensitive data. Then they'll then they... And they've been stealing and making monetizing your data. And then they'll just encrypt it, hold it for ransom, threaten to release that sensitive data if you don't let them keep going. It's really, really disturbing. What's your perspective on this raising the bar that the bad guys have done and how we can keep pace? >> Yeah, Dave. I lived through the nation state attack that happened in 2012. The front door seat was at RSA as part of the leadership team. And at that time it was considered a this is a very unique and it's an advanced persistent threat. It took the resources of one of the biggest nations of the world to mount something like that. And fast forward, eight, nine years later, we're seeing that these kinds of techniques have now been mainstreamed. You've got a lot of people who are figuring out not just... They may not even care about your data but they know you care about your data. So they're not trying to exfiltrate the data maybe to look for sensitive data and monetize it. That's just harder. Why not take it directly from you. In Q1 of 2021, the average ransomware ransom went up 43%. It's like 250K or something. That's just the ransom. And we saw now that it's impacting day-to-day lives. You saw the long lines of the gas things gas pumps on the East coast a weekend before last and as somebody who had a ransomware attack as the news story say they'd paid for the ransom. And that was the recovery after paying 5 million was slow. So they had to go and figure out how to recover from the backups. And that was not fast enough. So defense in depth is something that has really been the mantra and just like protecting a home, you're not just looking at putting an alarm on the front door. You have sensors on your windows. You have a fire alarm. You've got to say if you got different things too in terms of really thinking through different trends. And Tim hit on a couple of those things. You really think about what is my weak link? What is my vulnerability? That vulnerability is now your software supply chain. So you're thinking about who am I buying things from? Are they taking care of stuff because they are now a new vector? And that's kind of the biggest I would say new thing that has not been mainstream. Like a lot of these techniques are getting mainstream but the fact that a software supply chain itself that is being deployed in mass is now vulnerable? And that will be monetized. It might've started with the nation state doing that but then you'll get the... People trying to take it for ransom. They'll start weaponizing those same vulnerabilities. So really that data and making sure that your crown jewels you have a very safe way of protecting them. And it's not just... You need to practice in readiness of that. Like any system. Just having that there it's not good enough, like can I detect issues? What is the ecosystem that's part of? How is my identity tracking who has got access to that? We've seen a lot of interesting things as part of why we started creating services like a air gap service in the cloud. The customer doesn't have to worry about managing credentials because even those were getting compromised. People were stealing the credentials to go delete the backup. So, the steps keep leaping forward. There's a lot of money going in the research and development of malware. And the industry in partnership with customers and partnership with local and federal authorities are going to have to figure out how to tackle this together. >> Yeah. So Tim, you don't mean Commvault, you don't think of being the cybersecurity space specifically, but those worlds are coming together the data protection and security space. And I would imagine for you as a practitioner it's challenging because you don't have a blank chequebook. I mean, yes, you can spend... You have to spend on cyber but you have all these... You talked about digital transformation in an earlier discussion that we had and you've got to figure out, how do I apply AI and automation? You've got a talent gap. I mean, you can't hire people that have the skills because you just can't keep throwing people at the problem. So, you don't have this unlimited budget. I saw a stat there's a company it's Cybersecurity Ventures. They said by 2025 we'll lose $10.5 trillion annually to cyber attacks. And I think if I look at it, who's ever numbers. You look at IDC I think has one of the higher numbers out there. It's like a hundred billion that we spend each year on cyber. So it's infinitesimal compared to the value that the bad guys are extracting. So, how are you dealing with that complexity, fragmented security tooling lack of talent turnover? I mean, all this stuff and the budget challenges. How do you deal with all that? >> It's... And I do not want to use this word, but it's as easy as research and staying on top of everything. Everyone knows, you update your virus definitions. You keep that up-to-date. You close your firewall holes. You have denies at the very end of every firewall. You make sure you keep track of these small things. At the same time, you leverage utilities that make it easier for you to do your job. The Commvault iDA has a feature that keeps track of changes or modifications on a server. So if I have a server, that's actively getting hit with a ransomware. Commvault reports me in a word and tells me, "Hey, we have had this many files modified within this time period. Look at it right now." So, on top of everything else we have because it's not a replacement for our virus protection but it does help us. And it does keep track of things in Commvault, as well as a lot of other companies out there, are doing some great things in closing up small little gaps and adding little features that could really help us move forward in the future. And keep us more protected, I guess I should say. >> Yeah. Well Manoj, I mean the backup Corpus is a sort of the last line of defense. It's also could be a first point of attack because all the valuable data is in there. So, I'll give you the last word here on the segment. Thanks for doing this with me guys. How do you think the industry needs to approach this? It's not a... You can't go on it alone. You definitely need to collaborate. Your final thoughts. >> Yeah, collaborate, share risk factors, making sure that systems are connected and they're not siloed. And that will really make sure our customers are getting the best out of all of us. And you have to build an intelligence of the product anything static. Just like you said, you need to backup the cyber crown jewels or they're going to go after that. So, your backup systems need to have AIML. They need to be able to detect any kind of suspicious activity. You can't just kind of code it in and just expect that what you thought would work in the lab is how it's going to behave. So, but it's a... And in general unless there's a bigger penalty in terms of the response to these kinds of attacks, as long as they keep getting paid, they're going to keep doing this thing. So you got to follow the money is a simple work. Let's take that a rich ecosystem, that's funding them and replace it with a tight partnership between companies and the customers and partners and governments. >> Guys. Well, I mean, the equation is pretty simple. Value equals benefit over cost. If you can increase the denominator for the bad guys it'll lower their ROI and that's kind of your job. And so keep up the good work, gents. Thanks so much for coming to theCUBE and talking to me about this very important topic. Really appreciate it. >> Thank you. Thank you for having us. >> And thank you for watching this CUBE Conversation. This is Dave Vellante. We'll see you next time. (upbeat music)