>> Announcer: Live from New York City. It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify, and the Institute for Critical Infrastructure Technology. >> Hey, welcome back everyone. Live here with Cube coverage in New York City, our favorite place to be when we've got all the action going on. CyberConnect 2017 is an inaugural event where industry, government comes together to solve the crisis of our generation. That's cybersecurity. I'm John Furrier, co-host theCube My partner Dave Vellante here. Our next guest is Chris Novak, VTRAC Global Director, Threat Research Advisory Center at Verizon. Welcome to theCube, great to have you. >> Thanks, pleasure to be here. >> So you do all the homework. You've got the forensic data. You're the one looks at the threats. You're the burning bush of cyber intelligence. What's happening? Tell us what's the threats? >> Everything. So, it's interesting because I always find what I do to be wildly exciting just because it's always changing, right? Everything we see. It's kind of' like being a cop. Ultimately you're investigating unknowns all the time, trying to figure out how they happen, why they happen, who they happen to, but more importantly than that, how do you get ahead of it to prevent being the next one, or prevent it happening to others? And that's really the thrust of what we're out to do. >> Talk about the challenges 'cause General Keith Alexander was on stage talking about how he compared it to an airline crashing, where they come in looking for the black box, and it's worse because you don't even know what happened, who was involved. >> Chris: That's right. >> The notion of anonymous, public domain software is causing all kinds of democratization, good and bad, bad being actors that we don't even know attacking us. What is the landscape of how you identify what's going on? >> Yeah, and it gets even more challenging than that because I like that analogy, and I'd say I'd almost take it one step further and say the analogy of the airline and looking for the black box. In many cases when we go in to do an investigation, we're just hoping that there was a black box to look at to begin with. In many cases, we get there and there was no information, and we're trying to take all the pieces and put it together of what's left. And ultimately what we see is, it keeps evolving, right? It keeps getting harder, and the threat actors keep getting better. What I always tell folks is, while many of us all have to play by a set of rules, or regulations, or compliance obligations, the threat actors don't have to do any of that. They're free to do whatever works for them, and repeat it over and over again, and, for them, it's a business. >> So Dave and I were talking earlier. I want to get your reaction to this. About the importance of Stuxnet. Ars Technica has a report coming out that certificate authorities were compromised well before Stuxnet. But Stuxnet is the Pearl Harbor, cyber Pearl Harbor, as a point in time. So much has happened since then. So from that kind of Pearl Harbor moment of the wakening of, oh my God, to today, what's the landscape look like? How important was the Stuxnet to that point in time now, and how has it evolved? What's changed? >> Sure, and I think a couple of key things that come out of that. One is, you start to see more and more attribution to government-related attacks. Some are actively sponsored and known. Some are, we're just diggin' through the details and the weeds to try and figure out who's actually behind it and attribution may never actually take place. >> Or it could not be real 'cause they want to blame their enemy so that they get attacked. >> Well, and that's the either beauty or downside of cyber is that you can conduct it in a vacuum, in an anonymous fashion. So, in many respects, you can conduct an attack remotely and try to give it all the hallmarks of someone else, making it further difficult to attribute it. >> And the tools are now available too, so like, I hear reports that states are sponsoring, or releasing in the public domain, awesome hacks, like Stuxnet of the future, which some say was released and then got out of control by accident. >> And that's always something you have to be concerned about is the fact that once this stuff gets out there, even if you only intended to use this malware or attack vector once. Once you use it on that victim, there is a potential that that spreads. >> But you guys have been doing this study for the last decade. >> Correct. >> So you've seen the shift from sort of hacktivist to nation-sponsored malware. What has the research shown you over the last decade as that shift has occurred? >> Yeah, it's interesting because you look at it and a lot of what we still see today are financially-motivated and interestingly enough, opportunistic, low-hanging fruit kind of attacks. About 70 to 80% fall in that category, and about 20 to 25, depending on the year, are nation state, but that keeps growing each year. And, I think a lot of it is. >> John: What the nation state piece? >> The nation state piece. But it's still the smaller piece of the pie or the graph, whatever you're looking at, because, at the end of the day >> It's cash. >> It's cash. >> They want the cash. >> And so much of what we find when you look back at the old days of breaches where the majority of them were, they weren't even really breaches of theft of data, it was someone. >> Confetti, graffiti. >> I should have actually asked that question differently because it's really went from hacktivist to criminals. >> Chris: Correct. >> To nation states and you're saying the dominant now is criminal activity. >> That's correct. Yeah, we find the large piece of it about more than half is organized crime. It comes down to, look, you can steal money in a variety of different ways. This is a way to do it safely from thousand miles away >> And no one knows who you are. >> on the other end of a keyboard. >> So it's annoyance. >> And by the way, no consequence. Who's going to? >> Virtually, yeah. >> What court do you go to? >> So its annoyance is the hacktivist. Okay, we can kind of' live with that. It's cash and it's threats to critical infrastructure. >> And we see kind of a graduation there where you see the activists realize, I can this and make a point, but a point doesn't necessarily make me money, or I can do this for an organized crime group and make millions of dollars. Hmmmm. >> And, by the way, to your point which we were just teasing out, Dave. There is zero downside, because if you get caught, what happens? >> Yeah. >> If you get caught. >> If you get caught, yeah. And then what happens if you get caught? >> There's no jurisdiction. >> You don't make money. >> No, no, there's no courts. >> It's very hard to prosecute. >> There's actually no process for that. >> So, we heard this morning that WannaCry and other examples of malware really weren't about malware. I mean, sorry, they really weren't about ransomware, they were about sending a message, or politics. So, you're obviously seeing more of that in your research. >> Chris: Exactly right. >> Fake news, and I wonder if you could comment. >> Absolutely, yeah. So, in fact, it was interesting because some of those had continued to come out. Everyone kept thinking that it was all ransomware, and then as we studied it further we found some of these, they never had the intention of collecting a ransom, or giving the data back. It was all about making a political point, and you now have this kind of injection of politics into something that was really, traditionally, just organized crime, smash and grab, make cash. Now politics is feeding into that, going, wait, we can affect and influence and all sorts of things in ways people have never imagined and people don't even know it's going on. >> So you must be seeing a dramatic improvement in the quality, hate to say this, but the quality of malware, over the last decade. Less bugs, less errors, >> More sophisticated. >> More insidious, sophisticated. >> That's exactly right >> Vectors. >> We do see that continuing to improve and for them, like I always tell folks, they operate it like a business. You'll have some of these groups where they'll have different divisions or departments. People will have clearly-defined roles and responsibilities of what they're supposed to be doing in generating that malware, troubleshooting it, and they'll even reward people for how well it works. >> Chris, I'd like to get your personal opinion. If you could put your Verizon hat on too, I will take any opinions that you have. How do we solve this? 'Cause this event here. We like this inaugural event because it's the first industry event that talks about the big picture, the holistic view, the 20-mile stare, if you want to' say it that way. Not the Black Hat, which has its own conference, and there should be more of that. This is industry coming together. Governments now intersecting here. What's your opinion on how this gets solved. We heard community, shared data, that's been going around. What do you think? >> So, that's probably the hardest question I get asked, and, honestly, I think it's because there's not really a simple answer to it, right? It's like saying, how do we stop crime? We don't. It's not going to be possible. It's a matter of, how do we put up better defenses? And also, important, how do we put up better detection, so that we can see things and, potentially, stop them sooner before they blow up into these big, multi-hundred-million record, or billion record breaches? So, one of the biggest things that I advocate is awareness. We also have to do things like pro-active threat hunting, right? If you're not out there. It's kind of like having security guards, right? You go through any office and you've got security guards walking the halls, sitting in the lobby, looking for things that are unusual. If we're not out there in the cyber realm looking for unusual things, you can't expect that you're going to see them until they've reached a certain blow-up point. >> Or are they cloaked? Completely cloaked. You can't see 'em. >> That's also true. >> Security guards are looking for someone they can't see. >> That's true. >> Chris, thanks so much for coming here and sharing the opinion. Follow the research. And your report's public, or? >> Yes, the reports are all available on the VerizonEnterprise.com website. >> Okay, VerizonEnterprise.com. Check it out. These reports are a treasure trove of information. Always getting it out. Thanks for your perspective. Lookin' for more trends. Chris Novak here inside theCube here in New York City's live coverage of CyberConnect 2017. I'm John with Dave Vallente. We're back with more coverage after this short break. (techno music)

>> Narrator: New York City, it's the Cube covering CyberConnect 2017 brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Welcome back, everyone. This is the Cube's live coverage in New York City's Grand Hyatt Ballroom for CyberConnect 2017 presented by Centrify. I'm John Furrier, the co-host of the Cube with my co-host this week is Dave Vellante, my partner and co-founder and co-CEO with me in SiliconAngle Media in the Cube. Our next guest is James Scott who is the co-founder and senior fellow at ICIT. Welcome to the Cube. >> Thanks for having me. >> You guys are putting on this event, really putting the content together. Centrify, just so everyone knows, is underwriting the event but this is not a Centrify event. You guys are the key content partner, developing the content agenda. It's been phenomenal. It's an inaugural event so it's the first of its kind bringing in industry, government, and practitioners all together, kind of up leveling from the normal and good events like Black Hat and other events like RSA which go into deep dives. Here it's a little bit different. Explain. >> Yeah, it is. We're growing. We're a newer think tank. We're less than five years old. The objective is to stay smaller. We have organizations, like Centrify, that came out of nowhere in D.C. so we deal, most of what we've done up until now has been purely federal and on the Hill so what I do, I work in the intelligence community. I specialize in social engineering and then I advise in the Senate for the most part, some in the House. We're able to take these organizations into the Pentagon or wherever and when we get a good read on them and when senators are like, "hey, can you bring them back in to brief us?" That's when we know we have a winner so we started really creating a relationship with Tom Kemp, who's the CEO and founder over there, and Greg Cranley, who heads the federal division. They're aggressively trying to be different as opposed to trying to be like everyone else, which makes it easy. If someone wants to do something, they have to be a fellow for us to do it, but if they want to do it, just like if they want to commission a paper, we just basically say, "okay, you can pay for it but we run it." Centrify has just been excellent. >> They get the community model. They get the relationship that you have with your constituents in the community. Trust matters, so you guys are happy to do this but more importantly, the content. You're held to a standard in your community. This is new, not to go in a different direction for a second but this is what the community marketing model is. Stay true to your audience and trust. You're relied upon so that's some balance that you guys have to do. >> The thing is we deal with cylance and others. Cylance, for example, was the first to introduce machine learning artificial intelligence to get passed that mutating hash for endpoint security. They fit in really well in the intelligence community. The great thing about working with Centrify is they let us take the lead and they're very flexible and we just make sure they come out on top each time. The content, it's very content driven. In D.C., we have at our cocktail receptions, they're CIA, NSA, DARPA, NASA. >> You guys are the poster child of be big, think small. >> Exactly. Intimate. >> You say Centrify is doing things differently. They're not falling in line like a lemming. What do you mean by that? What is everybody doing that these guys are doing differently? >> I think in the federal space, I think commercial too, but you have to be willing to take a big risk to be different so you have to be willing to pay a premium. If people work with us, they know they're going to pay a premium but we make sure they come out on top. What they do is, they'll tell us, Centrify will be like, "look, we're going to put x amount of dollars into a lunch. "Here are the types of pedigree individuals "that we need there." Maybe they're not executives. Maybe they're the actual practitioners at DHS or whatever. The one thing that they do different is they're aggressively trying to deviate from the prototype. That's what I mean. >> Like a vendor trying to sell stuff. >> Yeah and the thing is, that's why when someone goes to a Centrify event, I don't work for Centrify (mumbles). That's how they're able to attract. If you see, we have General Alexander. We've got major players here because of the content, because it's been different and then the other players want to be on the stage with other players, you know what I mean. It almost becomes a competition for "hey, I was asked to come to an ICIT thing" you know, that sort of thing. That's what I mean. >> It's reputation. You guys have a reputation and you stay true to that. That's what I was saying. To me, I think this is the future of how things get done. When you have a community model, you're held to a standard with your community. If you cross the line on that standard, you head fake your community, that's the algorithm that brings you a balance so you bring good stuff to the table and you vet everyone else on the other side so it's just more of a collaboration, if you will. >> The themes here, what you'll see is within critical infrastructure, we try to gear this a little more towards the financial sector. We brought, from Aetna, he set up the FS ISAC. Now he's with the health sector ISAC. For this particular geography in New York, we're trying to have it focus more around health sector and financial critical infrastructure. You'll see that. >> Alright, James, I've got to ask you. You're a senior fellow. You're on the front lines with a great Rolodex, great relationships in D.C., and you're adivising and leaned upon by people making policy, looking at the world and the general layout in which, the reality is shit's happening differently now so the world's got to change. Take us through a day in the life of some of the things you guys are seeing and what's the outlook? I mean, it's like a perfect storm of chaos, yet opportunity. >> It really depends. Each federal agency, we look at it from a Hill perspective, it comes down to really educating them. When I'm in advising in the House, I know I'm going to be working with a different policy pedigree than a Senate committee policy expert, you know what I mean. You have to gauge the conversation depending on how new the office is, House, Senate, are they minority side, and then what we try to do is bring the issues that the private sector is having while simultaneously hitting the issues that the federal agency space is. Usually, we'll have a needs list from the CSWEP at the different federal agencies for a particular topic like the Chinese APTs or the Russian APT. What we'll do is, we'll break down what the issue is. With Russia, for example, it's a combination of two types of exploits that are happening. You have the technical exploit, the malicious payload and vulnerability in a critical infrastructure network and then profiling those actors. We also have another problem, the influence operations, which is why we started the Center for Cyber Influence Operations Studies. We've been asked repeatedly since the elections last year by the intelligence community to tell us, explain this new propaganda. The interesting thing is the synergies between the two sides are exploiting and weaponizing the same vectors. While on the technical side, you're exploiting a vulnerability in a network with a technical exploit, with a payload, a compiled payload with a bunch of tools. On the influence operations side, they're weaponizing the same social media platforms that you would use to distribute a payload here but only the... >> Contest payload. Either way you have critical infrastructure. The payload being content, fake content or whatever content, has an underpinning that gamification call it virality, network effect and user psychology around they don't really open up the Facebook post, they just read the headline and picture. There's a dissonance campaign, or whatever they're running, that might not be critical to national security at that time but it's also a post. >> It shifts the conversation in a way where they can use, for example, right now all the rage with nation states is to use metadata, put it into big data analytics, come up with a psychographic algorithm, and go after critical infrastructure executives with elevated privileges. You can do anything with those guys. You can spearfish them. The Russian modus operandi is to call and act like a recruiter, have that first touch of contact be the phone call, which they're not expecting. "Hey, I got this job. "Keep it on the down low. Don't tell anybody. "I'm going to send you the job description. "Here's the PDF." Take it from there. >> How should we think about the different nation state actors? You mentioned Russia, China, there's Iran, North Korea. Lay it out for us. >> Each geography has a different vibe to their hacking. With Russia you have this stealth and sophistication and their hacking is just like their espionage. It's like playing chess. They're really good at making pawns feel like they're kings on the chessboard so they're really good at recruiting insider threats. Bill Evanina is the head of counterintel. He's a bulldog. I know him personally. He's exactly what we need in that position. The Chinese hacking style is more smash and grab, very unsophisticated. They'll use a payload over and over again so forensically, it's easy to... >> Dave: Signatures. >> Yeah, it is. >> More shearing on the tooling or whatever. >> They'll use code to the point of redundancy so it's like alright, the only reason they got in... Chinese get into a network, not because of sophistication, but because the network is not protected. Then you have the mercenary element which is where China really thrives. Chinese PLA will hack for the nation state during the day, but they'll moonlight at night to North Korea so North Korea, they have people who may consider themselves hackers but they're not code writers. They outsource. >> They're brokers, like general contractors. >> They're not sophisticated enough to carry out a real nation state attack. What they'll do is outsource to Chinese PLA members. Chinese PLA members will be like, "okay well, here's what I need for this job." Typically, what the Chinese will do, their loyalties are different than in the west, during the day they'll discover a vulnerability or an O day. They won't tell their boss right away. They'll capitalize off of it for a week. You do that, you go to jail over here. Russia, they'll kill you. China, somehow this is an accepted thing. They don't like it but it just happens. Then you have the eastern European nations and Russia still uses mercenary elements out of Moscow and St. Petersburg so what they'll do is they will freelance, as well. That's when you get the sophisticated, carbonic style hack where they'll go into the financial sector. They'll monitor the situation. Learn the ins and outs of everything having to do with that particular swift or bank or whatever. They go in and those are the guys that are making millions of dollars on a breach. Hacking in general is a grind. It's a lot of vulnerabilities work, but few work for long. Everybody is always thinking there's this omega code that they have. >> It's just brute force. You just pound it all day long. >> That's it and it's a grind. You might have something that you worked on for six months. You're ready to monetize. >> What about South America? What's the vibe down there? Anything happening in there? >> Not really. There is nothing of substance that really affects us here. Again, if an organization is completely unprotected. >> John: Russia? China? >> Russia and China. >> What about our allies? >> GCHQ. >> Israel? What's the collaboration, coordination, snooping? What's the dynamic like there? >> We deal, mostly, with NATO and Five Eyes. I actually had dinner with NATO last night. Five Eyes is important because we share signals intelligence and most of the communications will go through Five Eyes which is California, United States, Australia, New Zealand, and the UK. Those are our five most important allies and then NATO after that, as far as I'm concerned, for cyber. You have the whole weaponization of space going on with SATCOM interception. We're dealing with that with NASA, DARPA. Not a lot is happening down in South America. The next big thing that we have to look at is the cyber caliphate. You have the Muslim brotherhood that funds it. Their influence operations domestically are extremely strong. They have a lot of contacts on the Hill which is a problem. You have ANTIFA. So there's two sides to this. You have the technical exploit but then the information warfare exploit. >> What about the bitcoin underbelly that started with the silk roads and you've seen a lot of bitcoin. Money laundering is a big deal, know your customer. Now regulation is part of big ICOs going on. Are you seeing any activity from those? Are they pulling from previous mercenary groups or are they arbitraging just more free? >> For updating bitcoin? >> The whole bitcoin networks. There's been an effort to commercialize (mumbles) so there's been a legitimate track to bring that on but yet there's still a lot of actors. >> I think bitcoin is important to keep and if you look at the more black ops type hacking or payment stuff, bitcoin is an important element just as tor is an important element, just as encryption is an important element. >> John: It's fundamental, actually. >> It's a necessity so when I hear people on the Hill, I have my researcher, I'm like, "any time you hear somebody trying to have "weakened encryption, back door encryption" the first thing, we add them to the briefing schedule and I'm like, "look, here's what you're proposing. "You're proposing that you outlaw math. "So what? Two plus two doesn't equal four. "What is it? Three and a half? "Where's the logic?" When you break it down for them like that, on the Hill in particular, they begin to get it. They're like, "well how do we get the intelligence community "or the FBI, for example, to get into this iphone?" Civil liberties, you've got to take that into consideration. >> I got to ask you a question. I interviewed a guy, I won't say his name. He actually commented off the record, but he said to me, "you won't believe how dumb some of these state actors are "when it comes to cyber. "There's some super smart ones. "Specifically Iran and the Middle East, "they're really not that bright." He used an example, I don't know if it's true or not, that stuxnet, I forget which one it was, there was a test and it got out of control and they couldn't pull it back and it revealed their hand but it could've been something worse. His point was they actually screwed up their entire operation because they're doing some QA on their thing. >> I can't talk about stuxnet but it's easy to get... >> In terms of how you test them, how do you QA your work? >> James: How do you review malware? (mumbles) >> You can't comment on the accuracy of Zero Days, the documentary? >> Next question. Here's what you find. Some of these nation state actors, they saw what happened with our elections so they're like, "we have a really crappy offensive cyber program "but maybe we can thrive in influence operations "in propaganda and whatever." We're getting hit by everybody and 2020 is going to be, I don't even want to imagine. >> John: You think it's going to be out of control? >> It's going to be. >> I've got to ask this question, this came up. You're bringing up a really good point I think a lot of people aren't talking about but we've brought up a few times. I want to keep on getting it out there. In the old days, state on state actors used to do things, espionage, and everyone knew who they were and it was very important not to bring their queen out, if you will, too early, or reveal their moves. Now with Wikileaks and public domain, a lot of these tools are being democratized so that they can covertly put stuff out in the open for enemies of our country to just attack us at will. Is that happening? I hear about it, meaning that I might be Russia or I might be someone else. I don't want to reveal my hand but hey, you ISIS guys out there, all you guys in the Middle East might want to use this great hack and put it out in the open. >> I think yeah. The new world order, I guess. The order of things, the power positions are completely flipped, B side, counter, whatever. It's completely not what the establishment was thinking it would be. What's happening is Facebook is no more relevant, I mean Facebook is more relevant than the UN. Wikileaks has more information pulsating out of it than a CIA analyst, whatever. >> John: There's a democratization of the information? >> The thing is we're no longer a world that's divided by geographic lines in the sand that were drawn by these two guys that fought and lost a war 50 years ago. We're now in a tribal chieftain digital society and we're separated by ideological variation and so you have tribe members here in the US who have fellow tribe members in Israel, Russia, whatever. Look at Anonymous. Anonymous, I think everyone understands that's the biggest law enforcement honeypot there is, but you look at the ideological variation and it's hashtags and it's keywords and it's forums. That's the Senate. That's congress. >> John: This is a new reality. >> This is reality. >> How do you explain that to senators? I was watching that on TV where they're trying to grasp what Facebook is and Twitter. (mumbles) Certainly Facebook knew what was going on. They're trying to play policy and they're new. They're newbies when it comes to policy. They don't have any experience on the Hill, now it's ramping up and they've had some help but tech has never been an actor on the stage of policy formulation. >> We have a real problem. We're looking at outside threats as our national security threats, which is incorrect. You have dragnet surveillance capitalists. Here's the biggest threats we have. The weaponization of Facebook, twitter, youtube, google, and search engines like comcast. They all have a censorship algorithm, which is how they monetize your traffic. It's censorship. You're signing your rights away and your free will when you use google. You're not getting the right answer, you're getting the answer that coincides with an algorithm that they're meant to monetize and capitalize on. It's complete censorship. What's happening is, we had something that just passed SJ res 34 which no resistance whatsoever, blew my mind. What that allows is for a new actor, the ISPs to curate metadata on their users and charge them their monthly fee as well. It's completely corrupt. These dragnet surveillance capitalists have become dragnet surveillance censorists. Is that a word? Censorists? I'll make it one. Now they've become dragnet surveillance propagandists. That's why 2020 is up for grabs. >> (mumbles) We come from the same school here on this one, but here's the question. The younger generation, I asked a gentleman in the hallway on his way out, I said, "where's the cyber west point? "We're the Navy SEALS in this new digital culture." He said, "oh yeah, some things." We're talking about the younger generation, the kids playing Call of Duty Destiny. These are the guys out there, young kids coming up that will probably end up having multiple disciplinary skills. Where are they going to come from? So the question is, are we going to have a counterculture? We're almost feeling like what the 60s were to the 50s. Vietnam. I kind of feel like maybe the security stuff doesn't get taken care of, a revolt is coming. You talk about dragnet censorship. You're talking about the lack of control and privacy. I don't mind giving Facebook my data to connect with my friends and see my thanksgiving photos or whatever but now I don't want fake news jammed down my throat. Anti-Trump and Anti-Hillary spew. I didn't buy into that. I don't want that anymore. >> I think millennials, I have a 19 year old son, my researchers, they're right out of grad school. >> John: What's the profile like? >> They have no trust whatsoever in the government and they laugh at legislation. They don't care any more about having their face on their Facebook page and all their most intimate details of last night's date and tomorrow's date with two different, whatever. They just don't... They loathe the traditional way of things. You got to talk to General Alexander today. We have a really good relationship with him, Hayden, Mike Rogers. There is a counterculture in the works but it's not going to happen overnight because we have a tech deficit here where we need foreign tech people just to make up for the deficit. >> Bill Mann and I were talking, I heard the general basically, this is my interpretation, "if we don't get our shit together, "this is going to be an f'd up situation." That's what I heard him basically say. You guys don't come together so what Bill talked about was two scenarios. If industry and government don't share and come together, they're going to have stuff mandated on them by the government. Do you agree? >> I do. >> What's going to happen? >> The argument for regulation on the Hill is they don't want to stifle innovation, which makes sense but then ISPs don't innovate at all. They're using 1980s technology, so why did you pass SJ res 34? >> John: For access? >> I don't know because nation states just look at that as, "oh wow another treasure trove of metadata "that we can weaponize. "Let's start psychographically charging alt-left "and alt-right, you know what I mean?" >> Hacks are inevitable. That seems to be the trend. >> You talked before, James, about threats. You mentioned weaponization of social. >> James: Social media. >> You mentioned another in terms of ISPs I think. >> James: Dragnet. >> What are the big threats? Weaponization of social. ISP metadata, obviously. >> Metadata, it really depends and that's the thing. That's what makes the advisory so difficult because you have to go between influence operations and the exploit because the vectors are used for different things in different variations. >> John: Integrated model. >> It really is and so with a question like that I'm like okay so my biggest concern is the propaganda, political warfare, the information warfare. >> People are underestimating the value of how big that is, aren't they? They're oversimplifying the impact of info campaigns. >> Yeah because your reality is based off of... It's like this, influence operations. Traditional media, everybody is all about the narrative and controlling the narrative. What Russia understands is to control the narrative, the most embryo state of the narrative is the meme. Control the meme, control the idea. If you control the idea, you control the belief system. Control the belief system, you control the narrative. Control the narrative, you control the population. No guns were fired, see what I'm saying? >> I was explaining to a friend on Facebook, I was getting into a rant on this. I used a very simple example. In the advertising world, they run millions of dollars of ad campaigns on car companies for post car purchase cognitive dissonance campaigns. Just to make you feel good about your purchase. In a way, that's what's going on and explains what's going on on Facebook. This constant reinforcement of these beliefs whether its for Trump or Hillary, all this stuff was happening. I saw it firsthand. That's just one small nuance but it's across a spectrum of memes. >> You have all these people, you have nation states, you have mercenaries, but the most potent force in this space, the most hyperevolving in influence operations, is the special interest group. The well-funded special interests. That's going to be a problem. 2020, I keep hitting that because I was doing an interview earlier. 2020 is going to be a tug of war for the psychological core of the population and it's free game. Dragnet surveillance capitalists will absolutely be dragnet surveillance propagandists. They will have the candidates that they're going to push. Now that can also work against them because mainstream media, twitter, Facebook were completely against trump, for example, and that worked in his advantage. >> We've seen this before. I'm a little bit older, but we are the same generation. Remember when they were going to open up sealex? Remember the last mile for connectivity? That battle was won before it was even fought. What you're saying, if I get this right, the war and tug of war going on now is a big game. If it's not played in one now, this jerry rigging, gerrymandering of stuff could happen so when people wake up and realize what's happened the game has already been won. >> Yeah, your universe as you know it, your belief systems, what you hold to be true and self evident. Again, the embryo. If you look back to the embryo introduction of that concept, whatever concept it is, to your mind it came from somewhere else. There are very few things that you believe that you came up with yourself. The digital space expedites that process and that's dangerous because now it's being weaponized. >> Back to the, who fixes this. Who's the watchdog on this? These ideas you're talking about, some of them, you're like, "man that guy has lost it, he's crazy." Actually, I don't think you're crazy at all. I think it's right on. Is there a media outlet watching it? Who's reporting on it? What even can grasp what you're saying? What's going on in D.C.? Can you share that perspective? >> Yeah, the people that get this are the intelligence community, okay? The problem is the way we advise is I will go in with one of the silos in the NSA and explain what's happening and how to do it. They'll turn around their computer and say, "show me how to do it. "How do you do a multi vector campaign "with this meme and make it viral in 30 minutes." You have to be able to show them how to do it. >> John: We can do that. Actually we can't. >> That sort of thing, you have to be able to show them because there's not enough practitioners, we call them operators. When you're going in here, you're teaching them. >> The thing is if they have the metadata to your treasure trove, this is how they do it. I'll explain here. If they have the metadata, they know where the touch points are. It's a network effect mole, just distributive mole. They can put content in certain subnetworks that they know have a reaction to the metadata so they have the knowledge going in. It's not like they're scanning the whole world. They're monitoring pockets like a drone, right? Once they get over the territory, then they do the acquired deeper targets and then go viral. That's basically how fake news works. >> See the problem is, you look at something like alt-right and ANTIFA. ANTIFA, just like Black Lives Matter, the initiatives may have started out with righteous intentions just like take a knee. These initiatives, first stage is if it causes chaos, chaos is the op for a nation state in the US. That's the op. Chaos. That's the beginning and the end of an op. What happens is they will say, "oh okay look, this is ticking off all these other people "so let's fan the flame of this take a knee thing "hurt the NFL." Who cares? I don't watch football anyway but you know, take a knee. It's causing all this chaos. >> John: It's called trolling. >> What will happen is Russia and China, China has got their 13 five year plan, Russia has their foreign influence operations. They will fan that flame to exhaustion. Now what happens to the ANTIFA guy when he's a self-radicalized wound collector with a mental disorder? Maybe he's bipolar. Now with ANTIFA, he's experienced a heightened more extreme variation of that particular ideology so who steps in next? Cyber caliphate and Muslim brotherhood. That's why we're going to have an epidemic. I can't believe, you know, ANTIFA is a domestic terrorist organization. It's shocking that the FBI is not taking this more serious. What's happening now is Muslim brotherhood funds basically the cyber caliphate. The whole point of cyber caliphate is to create awareness, instill the illusion of rampant xenophobia for recruiting. They have self-radicalized wound collectors with ANTIFA that are already extremists anyway. They're just looking for a reason to take that up a notch. That's when, cyber caliphate, they hook up with them with a hashtag. They respond and they create a relationship. >> John: They get the fly wheel going. >> They take them to a deep web forum, dark web forum, and start showing them how it works. You can do this. You can be part of something. This guy who was never even muslim now is going under the ISIS moniker and he acts. He drives people over in New York. >> They fossilized their belief system. >> The whole point to the cyber caliphate is to find actors that are already in the self-radicalization phase but what does it take psychologically and from a mentoring perspective, to get them to act? That's the cyber caliphate. >> This is the value of data and context in real time using the current events to use that data, refuel their operation. It's data driven terrorism. >> What's the prescription that you're advising? >> I'm not a regulations kind of guy, but any time you're curating metadata like we're just talking about right now. Any time you have organizations like google, like Facebook, that have become so big, they are like their own nation state. That's a dangerous thing. The metadata curation. >> John: The value of the data is very big. That's the point. >> It is because what's happening... >> John: There's always a vulnerability. >> There's always a vulnerability and it will be exploited and all that metadata, it's unscrubbed. I'm not worried about them selling metadata that's scrubbed. I'm worried about the nation state or the sophisticated actor that already has a remote access Trojan on the network and is exfiltrating in real time. That's the guy that I'm worried about because he can just say, "forget it, I'm going to target people that are at this phase." He knows how to write algorithms, comes up with a good psychographic algorithm, puts the data in there, and now he's like, "look I'm only going to promote this concept, "two people at this particular stage of self-radicalization "or sympathetic to the kremlin." We have a big problem on the college campuses with IP theft because of the Chinese Students Scholar Associations which are directly run by the Chinese communist party. >> I heard a rumor that Equifax's franchising strategy had partners on the VPN that were state sponsored. They weren't even hacking, they had full access. >> There's a reason that the Chinese are buying hotels. They bought the Waldorf Astoria. We do stuff with the UN and NATO, you can't even stay there anymore. I think it's still under construction but it's a no-no to stay there anymore. I mean western nations and allies because they'll have bugs in the rooms. The WiFi that you use... >> Has fake certificates. >> Or there's a vulnerability that's left in that network so the information for executives who have IP or PII or electronic health records, you know what I mean? You go to these places to stay overnight, as an executive, and you're compromised. >> Look what happened with Eugene Kaspersky. I don't know the real story. I don't know if you can comment, but someone sees that and says, "this guy used to have high level meetings "at the Pentagon weekly, monthly." Now he's persona non grata. >> He fell out of favor, I guess, right? It happens. >> James, great conversation. Thanks for coming on the Cube. Congratulations on the great work you guys are doing here at the event. I know the content has been well received. Certainly the key notes we saw were awesome. CSOs, view from the government, from industry, congratulations. James Scott who is the co founder and senior fellow of ICIT, Internet Critical Infrastructure Technology. >> James: Institute of Critical Infrastructure Technology. >> T is for tech. >> And the Center for Cyber Influence Operations Studies. >> Good stuff. A lot of stuff going on (mumbles), exploits, infrastructure, it's all mainstream. It's the crisis of our generation. There's a radical shift happening and the answers are all going to come from industry and government coming together. This is the Cube bringing the data, I'm John Furrier with Dave Vellante. Thanks for watching. More live coverage after this short break. (music)

>> Announcer: Live from New York City, it's theCube covering Cyber Connect 2017. Brought to you by Centrify and The Institute for Critical Infrastructure Technology. >> Okay, welcome back everyone, this is a live Cube coverage here in New York City at the Grand Hyatt Ballroom. I'm John Furrier with my co-host Dave Vellante. This is Cyber Connect 2017, the inaugural conference of a new kind of conference bringing industry and government and practitioners together to solve the crisis of this generation, according to Keith Alexander, who was on stage earlier. Our next guest is the CEO of the company that's under running this event, Tom Kemp, co-founder and CEO of Centrify. Congratulations, Tom, we met, we saw you last week, came in the studio in Palo Alto. Day one was coming to a close. Great day. >> Yeah, it's been amazing, we've had over 500 people here. We've been webcasting this, we have 1,000 people. And, of course, we've got your audience as well. So, clearly, over 2,000 people participating in this event, so we're really pleased with the first day turn-out. >> So, I would say this is, like, a new kind of event, a little bit different than most events in the business. Response has been very well received, sold out, packed house, I couldn't get a chair, strolled in, not late, but, I mean, you know, towards the end of your Keynote. This is the dynamic, there's demand for this. Why is this so popular? You guys had a good hunch here, what's been the feedback? >> Well, the feedback's been great, first of all. But, the reality is, is that, organizations are spending 10% more per year on security but the reality is the breaches are growing 40 to 70% per year. So, no matter how much money they're throwing at it, the problem's getting worse, and so people are, for the most part, kind of throwing up their hands and saying, how can we re-think security as well? So, I think there's just a complete hunger to hear best practices from some of the top CSO's. You know we had US bank CSO, we had Etna, Blue Cross Blue Shield, etcetera. What are these guys doing to keep their data secure and make sure that they don't make headlines? >> So, I want to ask you a question on the business front, obviously we saw last week, Alphabet, AKA Google, Twitter and Facebook in front of the Setna committee, around this influence thing going on with the media, still an exploit, but a little bit different than pay load based stuff we're normally seeing with security hacks, still relevant, causes some problems, you guys have been very successful in Washington. I'm not saying you're lobbying, but as a start up, you ingratiated yourself into the community there, took a different approach. A lot of people are saying that the tech companies could do a better job in D.C., and a lot of the times Google and these treasure troves of data, they're trying to figure it out. You took a different approach and the feedback we heard on theCube is working. You guys are well received in there, obviously the product, good timing to have an identity solution, and zero trust philosophy you have. Well, you did something different. What was the strategy? Why so much success in D.C. for Centrify? >> Well, we actually partnered with the IT folks and the security people. I mean, we actually spent a lot of time on site, talking with them, and actually, we built a lot of capabilities for what the government was looking to address from an identity access security perspective. That's just the reality of the situation. And so, we took a long haul view, we've done very great in the, two of our largest customers are intelligence agencies, but we actually have over 20% of our sales that goes to the federal government, state and local as well. So, you really can't just go in there, spend a lot of money, do a lot of hype. You actually have to roll up your sleeves and help them solve the mission. They call it the mission, right, they have mission, and you got to be focused on how you can address them and work with the technologist out there to make sure, so it was just, really just blocking and tackling the ground game, >> So common sense sounds like, just do the work. >> Yeah, do the work, really listen. And think about it as a multi-year investment, right? I mean, in a lot of start ups, they just, like, oh, can't get the sale, move on, right. But you actually have to realize, especially in security, that most tech companies that have a big security presence, they should get 15-20% of their business from the US government. >> That's a big bet for you guys, were you nervous at first? I mean, obviously, you have confidence now looking back, I mean, it must've been pretty nerve wracking because it's a big bet. >> It's a big bet because you also have to meet certain government standards and requirements. You got to get FIP certification, you got to get common criteria, in the cloud, you got to get FedRAMP, and that means you also have to have customers in the federal government approve you and bring you in and then you have to go through the lengthy audit process. And we're actually about to get our FedRAMP certification, just passed the audit and that's going to be coming up pretty soon as well. So, yeah, to go get common criteria, to get FedRAMP, you have to spend a million dollars for those types of certifications. At the same time, working with the large federal agencies. >> So Tom, you gave us the numbers, 10% more spending every year on security but breaches are up 40 to 70%, you said in your talk that's two trillion dollars in lost dollars, productivity, IP, etcetera, so obviously it's not working, you've mentioned a number of folks in here talking today. What's their mindset? Is their mindset this is a do-over? Or, is it, just we got to do a better job? >> I think we're getting to the point where its' going to be a do-over. And I think, first of all, people realize that the legacy technology that they have have historically focused on premises. But, the world's rapidly moving to the cloud, right? And so, you need to have cloud-based scale, a cloud-based architecture, to deliver security nowadays because the perimeter is completely going away. That's the first thing. And, I think there's also realization that there needs to be Big Data machine learning applied to this. And you guys talk about this all the time, the whole rise of Big Data. But, security is probably the best vertical. >> Data application. >> Exactly, it's probably the best vertical, because you need real-time instantaneous should I let this person come into the system or not, right? Or, over time, is this, does this represent malicious activity as well? So, I think people are realizing that what they've been doing's not working, they realize they're moving to the cloud, they need to adopt cloud, to, not only secure cloud, but have their technology be based in the cloud and they need to apply machine learning to the problem as well. >> So, in your talk, you talked about a paradigm shift, which I inferred as a mindset shift in how security practices in technologies should be applied, you got to lot of content in there. But could you summarize for our audience sort of the fundamentals? >> Well, the first fundamental is, is that the attack vector is completely changed, right? Before, it was all about vulnerabilities that someone hadn't patched this latest version of Windows, etcetera. Those problems are really solved, for the most part. I mean, occasionally it kind of pops in now and then, but for the most part, enterprises and governments are good about patching systems etcetera. You don't hear about sequel injections anymore. So, a lot of those problems have been resolved. But, where the attackers are going, they're going after the actual users, and so, I know you had the Verizon folks here on theCube, and if you look at the latest Verizon data breacher port, eight out of 10 breaches involve stolen and compromised credentials, right? And that has grown over the last few years from 50% to 60% now to over 80%. Look at the election, right? You talk about all this Twitter stuff and Facebook and all that stuff, it's John Podesta's emails getting stolen, it's the democrat's emails getting stolen, and you know, now that people have the Equifax data, they've got even more information to help figure out-- >> Social engineering is a big theme here. >> Absolutely. >> They have this data out on the dark web, this methodologies and there's also, you know, we talked with the critical interset guys that you're partnering with about all the terrorism activity, so, there's influence campaigns going on that are influencing through social engineering, but that data's being cross connected for, you know, radicalizing people to kill people in the United States. >> Well, there's that. And then there's nation states, there's insiders. So, the reality is, is that, it turns out from a security perspective, that we, the humans, we're the weakest link in this. And so, yes, there needs to be process, there needs to be technology, there needs to be education here as well. But the reality is that the vast majority of spin on security is for the old stuff, it's like we're trying to fight a land war in Asia, and that's how we're investing, we're still investing in M1 tanks in security, but the reality is that 80% of the breaches are occurring because they're attacking the individuals. They're either fooling them, or stealing it by some means or mechanisms, and so the attack vector is now the user. And that's this, and people are probably spending less than 10% securing the users, but it represents 80% of the actual attack vector. >> Talk about the general, you've had some one-on-one times with him, he's giving a keynote here, gave a keynote this morning, very inspiring. I mean, I basically heard him pounding on the table, "we don't fix this mess, You know, we're going to be in trouble, it's going to be worse than it is!" Think differently, almost re-imagining, his vibe was almost about let's re-imagine, let's partner, let's be a community. What else can you share with you interaction with him? I know he's a very rare to get to speak, but you know, running the cyber command for the NSA, great on offense, we need work on defense. What have you learned from him that industry could take away? >> Yeah, I think you hit it, which is, and I didn't realize that there's a bigger opportunity here, which is, is that in real time, there needs to be more sharing among like constituents. For example, in the energy industry, these organizations, they need to come together and they need to share, not only in terms of round tables, but they actually need to share data. And it probably needs to happen in the cloud, where there's the threats, the attacks that are happening in real time, need to be shared with their peers in the industry as well. And so, and I think government needs to also play a part in that as well. Because each of us, we're trying to fight the Russians, right? And the Chinese and the North Koreans, etcetera and a enterprise just can't deal with that alone and so they need to band together, share information, not only from an educational, like we have today, but actually real time information. And then again, leverage that machine learning. That artificial intelligence to say, "wait a minute, we've detected this of our peers and so we should apply some preventative controls to stop it." >> And tech is at the center of the government transformation more than ever. And again, Twitter, Facebook, and Alphabet in front of the senate, watching them, watching the senators kind of fumbling with the marbles. You know, hey, what's Facebook again? I mean, the magnitude of the data and the impact of these new technologies and with Centrify, the collision between government and industry is happening very rapidly. So, the question is that, you know, how will you guys, seeing this going forward, is it going to be, you know, the partnership as they come together fast or will more mandates come and regulations, which could stifle innovations, so, there's this dimension going on now where I see the formation of either faster partnership with industry and government, or, hey industry, if you don't move fast enough poof, more regulations. >> And that's also what the general brought up as well, is that if you guys don't do something on your own, if you don't fix your own problems, right, then the government's going to step in. Actually, that's what's already starting to happen right now, that if Facebook, Twitter, all these other social networks are not going to do something about foreign governments advertising on their platform, they're going to get regulated. So, if they don't start doing something. So, it's better to be in front of these things right here, the reality is that, yes, from a cyber security in terms of protecting users, protecting data, enterprise needs to do more. But, you know what, regulations are starting to already occur, so, there's a major regulation that came out of New York with the financial services that a lot of these financial firms are talking about. And then in Europe, you got GDPR, right? And that goes into effect I think in May of next year. And there's some serious finds. It could be up to four percent of your revenue as well, while, in the past, the kind of, the hand slaps that have happened here, so if you do business in Europe, if you're a financial services firm doing business in New York. >> People are going to run from there, Europe. I mean, regulation, I'm not a big fan of more regulation, I like regulation at the right balance, cause innovation's key. What have you heard here from talks? Share, cause we haven't had a chance 'cause we've been broadcasting all day, share some highlights from today's sessions after, you know, Jim from Etna was on there, which, I'm sure you got a kick out of his history comment, you're a history buff. Weren't you a history major and computer science? >> I was a history major and computer science, you got that right. >> You'd be a great dean of the sciences by today's standards. But I mean, he had a good point. Civilization crumbles when there's no trust. That comment, he made that interesting comment. >> So, it's interesting what Etna's done, from his presentation, was they've invested heavily in models, they've modeled this. And I think that kind of goes back to the whole Big Data, so I think Etna is ahead of the game, and it's very impressive what he's put forth as well. And just think about the information that Etna has about their customers etcetera. That is not something that you want. >> He was also saying that he modeled, you don't model for model's sake because stuff's going on in real time, you know what I'm saying? So, the data lake wasn't the answer. >> Well, he said his mistake was, so they were operationalizing the real time, you know, security Big Data activity, and he didn't realize it, he said that was the real answer, not just, sort of, analyzing the data swamp, so. >> Yeah, absolutely. >> So, that was the epiphany that he realized. You know, that is where the opportunity was. >> John: It was unconventional tactics, too. >> What can businesses expect, Tom? What's the business outcome they can expect if they, sort of, follow the prescription that you talked about and, sort of, understand that humans are the weakest link and take actions to remediate that. What kind of business impact can that have? >> Yeah, so, we actually, we spent a lot of time on this and we partnered with Forrester, a well known analyst group, and we did this study with them, and they went out and they interviewed 120 large enterprises. And it was really interesting that one group, group A, was getting breached left and right and group B, about half the number of breaches, right? And we were like, what is group B doing versus group A? And it had to do with implementing a maturity model as it relates to identity which is, first and foremost, implementing identity assurance, getting, reducing the number of logins, delivering single sign-in, multi factor authentication. Which we should all do as consumers as well, turn on that MFA button for Twitter, and your Gmail etcetera. Then, from there, the organizations that were able to limit lateral movement and break down, make sure that people don't have too much access to too many things as well. There was an incident, it was Saudi Generale that there was a backend IT guy, he became a traitor, he started making some losses, and so he tried to, he doubled down, he leveraged the credentials that he had as a former IT person to continue trading even though he kind of turned off all the the guardrails right there, and he should have been shut down. When he made that move into that new position, so, there's just too much lateral movement aloud. And then, from there, you got to implement the concept of least privilege and then finally you got to audit, and so if you can follow this maturity model, we have seen that organizations have seen significant reduction in the number of breaches out there as well. So, that was another thing that I talked about at my keynote, that I presented this study that Forrester did by talking to customers and there turned out to be a significant difference between group A and group B in terms of the number of breaches as well. And that actually tied very well with what Jim was talking about as well, which was, you know, I call it a maturity model, he called it just models, right, as well. But there is a path forward that you can better be smarter about security. >> But there's a playbook. >> There is a playbook, absolutely. >> And it revolves around not having a lot of moving parts where human error, and this is where passwords and these directories of stuff out there, are silos, is that right? Did I get that right? So you want to go level? >> That's the first step, I mean the first step is that we're drowning in a sea of passwords, right, and we need what's known as identity assurance, we need to reduce the number of passwords. With the fewer passwords we have, we need to better protect it by adding stronger authentication. Multi-factor authentication. The new face ID technology, which I've been hearing good reviews about, coming from Apple as well, I mean, stuff like that, and say, look, before I log into that, yes, I need to do my thumbprint and do the old face ID. >> And multi factor authentication I think is a good point, also known as MFA, that's not two factor, it's more than one, but two seems to be popular cause you get your phone, multi factor could be device, IOT device, card readers, it starts getting down into other mechanisms, is that right? >> Absolutely, it's something you have, and something you know, right? >> Answer five questions. >> Yeah, but at the same time you don't want to make it too, >> Too restrictive. >> Too restrictive, etcetera. But then here's where the machine learning comes in, then you add the word adaptive in front of multi factor authentication. If the access is coming from the corporate network, odds are that means that person was badged, got through. So, maybe you don't ask as much, for much information to actually allow the person on right there. But, what if that person was, five minutes ago, was in New York, and now he's trying to access from China? Well wait a minute, right? Or what if it's a device that he or she's never accessed from before as well? So, you need to start using that machine learning and look at what is normal behavior and what deviates from that behavior? And then, factor it into the multi factor authentication. >> Well, we've seen major advancements in the last couple years, even, in fraud detection, you know, real time. And is that seeping into the enterprise? >> Well, it should, that's the ironic thing is, is that with our credit card, I mean, we get blocked all the time, right? >> It is annoying sometimes, but you know at the end of the day you say, good. >> Yeah, thank you for doing that, you know. And so that's, in effect, the multi factor authentication is you calling up the credit card company, ironically my credit card, maybe I shouldn't reveal this, too much information, someone will hack me, but I use US bank, right there, and we had Jason the CSO of US bank right there, but, you know, calling in and actually saying, yes, I'm trying to do this transaction represents another form of authentication. Why aren't we doing similar things for people logging onto mission critical servers or applications? It's just shocking. >> I'm going to ask you a personal question, so, you mentioned history and computer science, a lot of security folks that I talk to, when they were little kids, they used to sort of dream about saving the world. Did you do that? (laughter) >> Well, I definitely want to do something that adds value to society, so, you know, this is not like the Steve Jobs telling Scully, do you want to make sugared water and all that stuff? >> Dave: No, but like, superhero stuff, were you into that as a kid, or? >> D.C. or Marvel? >> Good versus evil? >> Don't answer that question, you like 'em both. >> But the nice thing about security is, when you're a security vendor, you're actually, the value that you have is real. It's not like, you know, some app or whatever where you get a bunch of teenagers to waste time and all that stuff. >> John: Serious business. >> Yeah, you're in serious business. You're protecting people, you're protecting individuals, their personal information, you're protecting corporations, their brand, look what happened to Equifax when their, when it was announced, the breach, their stock went down 13, 14%, Chipotle went down by 400 million, their market cap went. I mean, so, nowadays, if you have a, if there's a breach, you got to short that stock. >> Yeah, and security's now part of the product, cause the brand image, not just whatever the value is in the brand, I mean the product, the brand itself is the security. If you're a bank, security is the product. >> Absolutely, if you're known for being breached, who the heck's going to bank with you? >> Whole 'nother strategy there. Okay, final question from me is, this event, what are some of the hallway conversations, what's notable, what can you share for the folks watching? Some of the conversations, the interests, the kind of people here, what was the conversations? >> Yeah, I mean, the conference, we really did a great job working with our partner ICIT of attracting sea level folks, right? So, this was more of a business focus, this was not, you know, people gathered around a laptop and try to hack into the guy sitting right next to them as well. And, so, I think there, what has come out of the conversations is a better awareness of, as I said before, it's like, you know what, we got to completely, we got to like step back, completely rethink what we're trying to do here as well, cause what we're doing now is not working, right? And so I think it's, in effect, we're kind of forcing some soul searching here as well. And having others present what's been working for them, what technologies, cloud, machine learning, the zero trust concept, etcetera, where you only, you have to assume that your internal network is just as polluted as the outside. >> I know this might be early, but what's the current takeaway for you as you ruminate here on theCube that you're going to take back to the ranch in Palo Alto and Silicon Valley, what's the takeaway, personally, that you're now going to walk away with? Was there an epiphany, was there a moment of validation, what can you share about what you'll walk away with? >> There's just a hunger. I mean there's just a hunger to know more about the business of security etcetera. I mean, we're just, we were amazed with the turn out here, we're pleased with working with you guys and the level of interest with your viewership, our webcast, I mean, this is, you know, for the first time event to have both in-person and online, well over 2,000 people participating, that says a lot. That there's just this big hunger. So, we're going to work with you guys, we're going to work with ICIT and we're going to figure out how we're going to make this bigger and even better because there is an untapped need for a conference such as this. >> And a whole new generation's coming up though the ranks, our kids and the younger, new millennials , whatever they're called, Z or letters they're called, they're going to end up running the cyber. >> Yeah absolutely, absolutely. So there just needs to be a new way of going about it. >> Tom, congratulations. >> Thank you. >> Great event, you guys got a lot of credibility in D.C., you've earned it, it shows. The event, again, good timing lighting the bottle, The CyberConnect inaugural event, Cube exclusive coverage in Manhattan here, live in New York City at the Grand Hyatt Ballroom for the CyberConnect 2017 presented by Centrify, I'm here with the CEO and co-founder of Centrify, Tom Kemp, I'm John Furrier, Dave Vellante, more live coverage after this short break. (modern electronic music)

(upbeat music) >> Announcer: New York City. It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify, and the Institute For Critical Infrastructure Technology. >> Hey, welcome back everyone. This is theCUBE, live in New York City, in Manhattan. We're here at the Grand Hyatt Ballroom for CyberConnect 2017. Inaugural event presented by Centrify. I'm John Furrier, with my co-host Dave Vellante, both Co-Founders of SiliconANGLE Media. Our next guest is Parham Eftekhari, who's the Co-Founder and Senior Fellow of ICIT. Also part of the team and the lead around putting the content agenda together. These are the guys who put it all together. Really inaugural conference, great success. Turns out, you know we (laughs), we talked about it was going to be big, it was going to be huge. By the numbers, it's just a great beachhead, the right people showed up. Welcome to theCUBE, thanks for joining us. >> Yeah, thank you for having me, excited to be here, good to chat with you again. >> So, we, before the event started, just, you know, a couple months ago when we were talking about the event, we're like, this is, love the name, first event of its kind. Always wondering, you know, will people show up? Right, you know? >> That's right, first-time events, we've talked about this before, there are so many cyber security events out there, and so many organizations competing for a limited time and resources. So, I think to have a, an event like this be such a big success in the first time speaks to the quality of the content, and, you know, Centrify's role and ICIT's role in putting it together. >> I want to give you guys congratulations, to you and your partner, for running a really amazing company and event. You guys go big by thinking small, by being small, being relevant. Your model and how you do business earns trust, it's very community-driven. Same ethos as what we believe in. So, wanted to give you props for that. >> Parham: Thank you. >> It's not usual you see great execution thinking about your audience and constituents, so congratulations. >> Thank you. >> Okay, so, with that, you've got a lot of heavy hitters in your rolodex, you guys got a great community, big names. General's up there, you have big time SiSoS. >> Parham: Yeah. >> What's the vibe? I mean, you guys are dealing with this profile persona all the time. What's on the minds? I mean, obviously the General's banging his fist on the table, virtual table, or he's holding his coffee cup, telling war stories, he's basically saying, if we don't get our act together, industry and government... >> Yeah, well, I think what's happening today, and you know the business of the Institute, we're a research-driven organization, so as an organization that provides objective research, we have the fortunate position to be able to advise to some of these commercial and public sector leaders. And so, in that advisory, we have a really good sense on the pulse of the community. And we're able to hear directly from these individuals, we don't have to look at market research studies, we don't have to look at what some of these third-party groups are talking about. We're able to communicate directly, and we can actually see and feel their feedback to what we're discussing. >> There's no lag to your model, you have your fingers on the pulse. What is it telling you? Obviously, we heard the message here, there's some work to be done, there's some technical core fundamental infrastructure things, there's application-specific things, obviously the threats aren't stopping. >> Parham: That's right. >> What are the, what's-- >> If you look at the program that was built, it really does mirror the way that the Institute believes we need to approach solving these issues. And that comes with a layered security strategy. And so, oftentimes you'll go to these events, and we understand that there's organizations that are looking to make this into more of a marketing opportunity for them. So, unfortunately, the curriculum and content only touches one or two core competencies, which obviously really underscore what the sponsors do. What we've done here at CyberConnect, which is why Centrify's such a great partner, they understand that they may be one of the world's leading identity access management organizations, but they know for us to have a cyber security renaissance and actually make that quantum leap that the General and some of the executives that you were mentioning were discussing all day, we need to have a number of different technologies discussed, and have that education talk about things like the use of machine-learning based artificial intelligence. Talk about how technology can enable automation. Talk about identity access management. Talk about, like we just heard Terry Gravenstein, talk about the importance of building a culture of trust, right? Security has a human element to it, people's one of the biggest problems we have. So, I think this is one of the reasons why this event, to your point earlier, is such a big success only the first year out. >> Parham, we heard a lot today about sort of the partnership, really the imperative, of government and commercial enterprises working together. You do a lot of work in the government. And there seems to be, anyway our impression is, there's a heightened sense of security, for obvious reasons. And, board levels in the commercial side have really tuned in to security. But still, organizations seem to be struggling with what's the right regime. You know, it used to be just an IT problem, or a security team problem, and as you really pointed out many, many times at this event, it's everybody's problem. >> Parham: Yeah. >> So, what are you seeing in terms of, things that commercial enterprises can learn from government, particularly from the top, in the top down initiative. >> Yeah, I think one of the themes you've heard discussed several times today is, and Terry again just talked about us having a seat at the table, I think there's so much media discussion about cyber security. You know, all of our families, our moms, our grandparents, are understanding that cyber security is a major issue. We're even starting to get some more general consensus that cyber security is a national security imperative. And, so I think this is helpful. I think now we have to start to, as cyber security practitioners, we have to speak in the language that resonates with, so, if you're talking to a chief operating officer, and trying to educate them on the impact of ITOT convergence, then you have to speak in the terms that a COO is interested in, versus a CFO, versus your CIO, versus your Board of Directors. So I think language matters, vocabulary matters. And I think it's one of the things that we see, we see starting to percolate up in some of the conversations that we're having. >> Given that humans are the main problem, I mean we all have this assumption, we talk about it in theCUBE all the time, but oh my gosh, internet of things is going to create this huge space of people to attack, a huge attack vector. But if the humans aren't managing the devices, is there potentially an upside there, if that makes sense? >> Yeah, so, you know, I think it all goes back to, tomorrow morning, we'll hear from Dr. Ron Ross and David from Centrify. And they're going to be talking about security by design. In this, Dr. Ross actually put out a paper, 800-160, which really talks about the importance of building better systems, devices, products. So, I think that we are moving towards automation, we're moving towards machine learning, we already see it impacting a lot of our society, and even down to the, to your point, the IoT devices. We just put out a paper about cyborgs and the use of embedded devices in an actual, in humans, trans-humanism. This is all a, this, this ship has, the train has left the station, I guess you could say. I think what's important now is to not make the same mistakes we did the first go around, and pause and not put profits over security and privacy, and actually understand that, if we can't build it with security, certain security requirements there, then we can't get that functionality, or it may not cost the price point that we want it to cost, which may, you know, have it be more affordable for consumers. So I think we have to re-prioritize. >> US companies generally have not taken that pause and put security over profits. It's really been the reverse. And many would say, okay, but it's actually worked out pretty well for US companies, they dominate the technology industry. What do you say to those folks that say, well, profits are actually more important? >> Well, I think, I think it depends, when you say it worked out well, I think if you look at all those individuals that have been impacted by the breaches, I think that's where people are really starting to understand how it's impacting us, and going back to my comment about the national security side, this is no longer just about being able to steal your PII, and maybe doing some fraud in terms of identity theft and what not. When we're talking about meta-data and capitalistic dragnet surveillance, and now if you're looking at who is stealing and curating this information, it could be special interest groups, could be nation states, so now this becomes a much larger issue and a much larger challenge. >> So it's a ticking timebomb, is essentially what you're saying. And so that begs the next question: does really government have to get involved, to begin to impose its will, if you will, on commercial organizations? >> Yeah, I think what's going to happen, and actually we were talking about this at lunch with General Alexander earlier today, it's going to be a balance. You know, the government will be getting involved, they are getting involved, there's a lot of legislation being passed that truly is trying to make a bi-partisan push to address some of these issues. But I think, ultimately, that's going to be, as the General kind of said earlier, it's just going to be the government beating these, these folks virtually on the head until they start to do some self-governance and self-regulation. >> Parham, talk about your relationship with the General, vis-a-vis, this event. I see he had a great keynote, inspiring us, he moved a lot of people, talked about the general common defense versus civil liberties balancing privacy, as you mentioned. What more can you share about some of the things that he sees and feels strongly about, that you guys are seeing in your research in the Institute, because this is interesting, because you got a guy who says, "I'm an Army guy," right, who's now looking through the prism of the future, with past history at the NSA Command Center, Cyber Command Center. >> Yeah. >> He's got a pretty interesting view, and he sees both sides of the coin. >> Yeah. >> You guys are seeing that, people in the tech business are like deer in the headlights. We saw Twitter, Facebook and Alphabet, you know, like (groans). And then the center's trying to grock what Twitter does. >> Parham: Yeah. >> So, I mean, you have this generational gap, you also have historical analog to digital transformation going on. This is a societal impact, this is pretty huge. What does the General truly feel, what's his vision, what's his point of view these days? >> So, I'm not going to speak for the General, I wouldn't dare do that, but I will say that, if you listen to his comments on stage, one of the things he does talk about, and where our relationship is very strong, is the importance of public-private sector collaboration. The General actually received our pinnacle, I'm sorry, was named our pioneer last year at our gala which is actually happening in a couple of days in Washington, DC. And he really, if you listen to his message, he underscores the importance of collaboration, not just within a sector, not just within government, but cross-sector and between public-private sector, and between technology providers and government and legislative community. So, I think one of the things that I am comfortable saying is that, he would encourage more collaboration, and more information sharing, and more trust among the sectors to work together to solve these problems. >> How should people measure success in this business? >> That's a loaded question. I think, I think success needs to be, at this stage, incremental. I think that we need to be realistic in terms of how much quote success can we achieve overnight. We've, as we mentioned earlier, the ship has sailed, and so I think we need to do multiple things simultaneously. We, of course, do need to continue to implement technology and strategies that detect and respond to threats. But I personally would say that the true success is going to really be accomplished when we start to deploy strategies and re-prioritize so we're actually building more secure systems, more secure devices. I think that's going to be... Needs to go hand-in-hand, and we'll hear a lot about that tomorrow with Dr. Ross. >> Would that imply that, either, you know, the rate of growth of breaches starts to moderate, or the amount of data or loss, revenue dollars lost, begins to, you know, slow down its growth rate or-- >> Yeah, at some point that's absolutely going to be the goal, I think that-- >> Is that a reality though, I mean given that everything is growing so fast in our business? >> Oh, yeah, I'm an eternal optimist. I think absolutely, we'll get there. I can't tell you the timeframe, but I do know that venues like this, and the work that ICIT is doing, is really important to getting us to that point. Until we get folks in the media and on Capitol Hill and in federal agencies talking about these issues, so then it's not just the security folks who are focused on this, but a broader group. >> Yeah, and I think that's the opportunity, and as we wrap up day one here, education and content value is what we're seeing. You guys see that all the time, I know I'm preaching to the choir. But again, looking at mainstream media and some of the techniques that the Russians and other states have used to implement means and the election conversations, it's being gamified, we know that. So, the media picks up on it because there's identity politics going on. So, I think there needs to be a wake-up call, I mean, I think the educational process is critical. >> Yeah. >> What's next? >> And, and, and that's where, you know, we feel very fortunate to be in the position that we're in, because ICIT is a neutral, third-party, non-profit, and non-partisan research organization. So what we're doing is putting out content. We're not, we're not, the... I should say it this way, the information comes out-- >> You've no agenda in terms of how to capture? >> Yeah, exactly. >> It's all transparent. >> Our, our, our agenda is national security. Our agenda is improving the security of our nation's critical infrastructure sectors, improving resiliency. And providing trusted advisory to these various stakeholders. >> Well, getting the people here on theCUBE, and having you guys come on, and doing this great event really get, opens up the door for more voices to be heard. >> Parham: Absolutely. >> And we heard from your partner, had some great things to say. This has got to get out there, so the people, the press can report on it-- >> Parham: That's right. We'll turn on the cameras. >> Parham: Yeah. >> Dave, what's your take on the event here? Obviously, as an inaugural event, what's your analysis? >> Well, I mean, we touched on some big topics, right? I mean, the General, in particular, was talking about collaboration with the FBI, you know, Sony came in. >> John: The role of government. >> Privacy, ACLU, Jeffrey Stone. I think, you know, my big takeaway, as we were just discussing, was... And the General said that Sony, for example, he gave that example, can't do it alone. And I, we've been saying this for a while. And John, you predicted this, you said a while back that, that the government's processes, technologies, know-how, is going to seep into commercial businesses. As it has so often. I mean, you look at, you know, space launch, you know, radar, nuclear energy, the internet, et cetera. And I think security, cyber security, is such a big problem, only the government can help solve this problem. >> Well, the government's always been dealing with the moving train, and the corporations and the enterprise have traditionally been buying shrink-wrapped software loaded on a server that's evolved to buying more servers that have been pre-integrated with software. And buying silver bullet solutions, and then leave it alone until something breaks, and then fixes it. And I think, you know, when we were talking and looking at this event, my takeaway here is, the moving train is never going to stop, and the shifting of the game is going to be a cat-and-mouse, good versus bad, new technology versus reality. Open source certainly accelerated the role of the public domain. Treasure troves of information are being amassed, whether it's WikiLeaks or in the open source. This is a problem, and then there's no real, like, real creative solutions. I am not seeing anything. So, to me, this event takeaway is that, this is the first time a step has been taken to saying, whoa, holistic big picture. What is the architecture of a global society, where nation states can compete with no borders. >> Yeah. >> In a digital, virtual space, be effective, have freedom, and then respect for the individual. I mean, no one's ever had that conversation. >> Yeah, well we're excited to have it. We've gotten really great feedback from just some of the conversations that we're hearing in the hallway, as people are taking, learning actionable intelligence, where I can actually take this and instill it. I think a lot of people are actually being inspired, and that's something we need, especially in an industry where every day is about how, you know, cyber security folks don't get in the news when nothing happens. There's a commercial, I think it's an IBM commercial, right, where it's, my, my, nothing happened at work for my dad today, right? That never happens, it's always about what does go wrong, so I think we need to be inspired and motivate ourselves. >> Well, one of the things that we're excited about, as you know, we're community-model like you guys are. You look at some of the early indicators of how blockchain, and even though it's kind of crazy, you know, bubbly with the ICOs and cryptocurrency and overall blockchain, it all comes down to the common thread. We see an open source software over multiple generations, we're seeing it in blockchain, we're seeing it in security. Community matters. And I think the role of individuals and communities will be a big part of the change, as a new generation comes up. Really fundamental, so congratulations. >> Parham: Absolutely, thank you. >> Okay, Parham here's inside theCUBE for our wrap-up of day one of CyberConnect 2017. I'm John, with Dave Vellante. Thanks for watching. (synthesizer music)

>> Narrator: Live from New York City, It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify, and The Institute for Critical Infrastructure Technology. (synth music tag) >> And government industries together for the first time. A unique kind of collaboration unlike normal events, like black hat or RSA, that are mostly about hacks and really geeky sessions. There's a great place for that, but again, this is the first of its kind, and it's presented by Centrify's theCUBE as an exclusive partner here, I'm John Furrier, co-host of theCUBE, co-founder of SiliconANGLE, my co-founder, Dave Vellante here. Dave, I mean, Centrify really taking an industry proactive role, not having their own event. Instead, using their money to fund an industry event. This is the trend in digital media. Presented by Centrify, not 'sponsored by' or 'their event'. This, we've seen this in the big data space before where events are sponsored for the community. You know, cyber security, really a big topic. You know, General Keith Alexander, retired general, was on stage as the keynote. Really talking about the crisis in the United States and around the world, around cyber security, cyber war, a whole new reality. This is the thrust of the event. >> Well, they say content is king. Well, context is kind of the empire, and the context here is, the world is changing. And the seriousness of that change is significant. General Alexander, many people may not know, General Keith, former, retired General Keith Alexander, he was the first Head of Chief $of Cyber Security at U.S., appointed by Obama. John, he was appointed Director of the NSA in 2005. Now, you guys remember, I'm sure, Stuxnet was right around 2004, 2005 when it was developed, and it bridged the Bush to the Obama administration. So he had the, all the inside baseball. He didn't talk about Stuxnet, but that was, >> He did share some nice war stories. >> Yeah, but that was the first and most significant, the way they got into Natanz, and he was at the center of all that. And he did share some war stories. He talked about Snowden, he talked about collaboration with the FBI, he talked about saving lives. And basically he said, hey, I stood in front of the ACLU. They basically undressed him, right? And then came back and said, hey, this is one of the most ethical agencies, and law-abiding agencies I've ever, he's seen, so he read that note from the head of the ACLU, it was very proud of that. >> Yeah, and the Stuxnet, it was in the news obviously, just yesterday it was reported, actually the day before November 1st, November 2nd, that Stuxnet was highly underestimated. In fact, the digital certificates that were spoofed were, been hanging around, the malware's been out there. Then again, this is, this is an indictment of the problem that we have, which is, we've got to get the security. Now, the things that the General talked about, I want to get your reaction to, because certainly I honed in on a couple key things. "Foundational tech for common defense." So he talked a lot about the Constitution and the role of government, I did a tweet on that, but what is the role of the government? That's the common defense of the United States, citizens and business. One. Not just protect the Department of Defense. At the same time, he did kind of put a plug in that we need the civil liberties and privacy to be addressed. But this is the biggest crisis we have, and it's a problem that can only be solved by working together. And if you look at, Dave, the trends that we're following on theCUBE and SiliconANGLE and Wikibon, the common thread is community. If you look at blockchain and what's going on in that disruptive, decentralized world, the role of the community is critical. If you look at what's going on in security, it's the role of the community. If you look at open source, the biggest success story of our multiple generations and now impacting the younger generation in the computer science industry and the computer industry, open source software. Community. You're starting to see the role of communities where knowing your neighbor, knowing who's involved with things, is really critical, and you can't highlight it any more than this conference that Centrify's presenting with these gurus, because they're all saying the same thing. You've got to share the data. The community's got to work together. So, common defense, maintaining civil liberties and maintaining privacy at the same time, solving the biggest crisis of our time. >> Well the other big thing and, John, you actually made this prediction to me a couple weeks ago, was that government and industry are going to start working together. It's going, it has to happen. General Alexander basically said that, is it the government's role, job, to protect commercial industry? And it was an emphatic yes, and he pulled out his fake version of the Constitution, and said yes, and he got in front of Panetta, in front of the US Senate, and made the case for that. And I think there's no question about it. Industries control critical infrastructure. And industries aren't in a good position to protect that critical infrastructure. They need help from the government, and the government has some of the most advanced technologies in the world. >> And the other thing we've been hearing from this, the executive at Aetna, is attack, maintaining intelligence on the data and sharing is critical to resolve the problem, but his point was that most people spend time on an attack vector that's usually wrong. He said, quote, "You're better off having people be idle, than chasing down on an attack vector that's wrong." So his point is, report that to the agencies quickly, to, one, reverse-engineer the problem. Most likely you're going to get better intel on the attack, on the vector, then you can start working effectively. So he says a lot of problems that are being solved by unconventional means. >> Well, General Alexander said that when he was head of Cyber Command, his number one challenge was visibility, on the attacks, they could only respond to those attacks. So, my question to you, John, is how will data, big data, machine learning, AI, whatever you want to call it, how will that affect our ability as an industry to proactively identify threats and thwart them, as opposed to just being a response mechanism? >> I think it's going to be critical. I think if you look at the AI and machine learning, AI is basically machine learning on steroids, that's really kind of what it is now, but it hopefully will evolve into bigger things, is really going through the massive amounts of data. One of the points that General Alexander talked about was the speed and velocity of how things are changing, and that most IT departments can't even keep up with that right now, never mind security. So machine learning will allow things to happen that are different analysis faster, rather than relying on data lakes and all kinds of old modeling, it's just not fast enough, so speed. The other thing too is that, as you start looking at security, this decentralized approach, most attacks are coming in on state-sponsored but democratized attacks, meaning you don't have, you can use open source and public domain software to provide attacks. This is what he's been talking about. So the number one thing is the data. Sharing the data, being part of a community approach where companies can work in sectors, because there's a lot of trend data coming out that most attackers will come out, or state-sponsored attacks, will target specific things. First of all, the one problem that can be solved immediately is that there's no way any of the United States military and-or energy grid should be attached to the Internet. And you can mask out all foreign attacks just by saying only people in the US should be accessing. That's one network conventional thing you can do. But getting the data out there is critical, but working in sectors. Most attacks happen like on the financial services industry, so if you sit in there and trying to solve the problem and keeping it on the down-low, you're going to get fired anyway, you know? The business is probably going to get hurt. Report it early, with your peers in the community, share some data, anonymize that data, don't make it, you know, privacy breaching, but get it out there. Number one thing. >> Well, here's the problem is, 80 billion dollars is spent a year on security, and the vast majority of that is still spent on perimeter security, and we heard today that the number one problem is things like credential stuffing, and password, poor user behavior, and our response to that is education. Jim Routh talked about, that's a conventional response. We need unconventional responses. I mean, the bottom line is that there's no silver bullet to security. You talked about, critical infrastructure should not be connected to the internet, but even then, when you have an air gap, you go back to Stuxnet, Natanz had an air gap. Mossad got through the air gap. There's always a way to get through somehow. So there's no one silver bullet. It's a portfolio of approaches and practices, and education, and unconventional processes that you have to apply. And as we talked about, >> Well I mean, there's no silver bullet, but there are solutions. And I think that's what he's saying. He gave it, General Alexander gave specific examples, when he was in charge, of the NSA command center was, you know, terrorist attacks being thwarted. Those are actual secure problems on the terrorism front that were solved. There was a silver bullet for that, it's called technology. So as you generalize it, Dave, I can hear what you're saying, because IT guys want a silver bullet. I want to buy a product that solves my security problem. >> So here's the problem I have with that is, I used to read Art Coviello's, you know, memo every year, >> Yeah. >> It was like, he tried to do like the, and he still does. But I look back every year and I say, Do we feel safer and more secure than we were last year? And every year the answer is no. So we, despite all the technology, and we've talked about this on theCUBE with Pat Gelsinger, security is essentially a do-over. We do need unconventional new ways, >> No debate. >> Of attacking the problem. >> No debate. Well I noticed, I'm just highlighting the point, I mean if you look at it from an IT perspective, the old conventional wisdom was, I want to buy a product. Hey, vendor, sell me your security product. What General's kind of pointing out is, he's kind of pointing out and connecting the dots, is like, hey, what they learned in the NSA was, it's an ongoing iterative thing that's happening in real time. It's not an IT solution anymore. It's a more of a holistic problem. Meaning, if you don't under stand the problem space, you can't attack it. So when they talked about the terrorist attack, they had a phone record, and they had to give it to the FBI. The FBI had to get into it. They discovered the guy in basically 24 hours, and then it took a week to kind of vet the information. Luckily they caught it and saved a subway attack in New York City in 2008 that would have been devastating. Okay, still, they were successful, but, weeks. So machine learning, and to your point, is only going to accelerate those benefits. And again, the real counterpoint as General pointed out is, civil liberties and privacy. >> Well, talk- >> I mean, what do you want? You want subway attacks, or you want to have your email, and your email be clean, or you want to have people read your email, and no subway attacks? I mean, come on. >> Well, you and I have talked about this on theCUBE over a number of years, and talking about Snowden, and General Alexander brought it up, you know, basically saying, hey, he told he story and he was pretty emphatic as to, his job is to protect, not only the citizens of the United States, but the infrastructure, and basically saying that we couldn't have done it without the laws that allowed us to analyze the metadata. >> I think, I think, in my opinion, what I think's going to happen is, we're going to have a completely reimagined situation on government. If you look at the trends with GovCloud, what's going on with AWS, Amazon Web Services, in the federal area, is an acceleration of massive agility and change happening. You're going to see a reimagine of credentials. Reimagining of culture around hiring and firing people that are the right people. You know I said, and I always say, there should be a Navy SEALs for cyber, a West Point for cyber. So I think you're going to start to see a cultural shift from a new generation of leaders, and a new generation of citizens in the US, that are going to look at citizenship differently. So for instance, Centrify, which is putting on this event, has an identity solution. That's an easy solution. Take it out of IT's problem, no one should be patching 1200 different IT systems in the government. Screw it. It's like a driver's license. Here's your credential, you know? >> So, >> So there's new ways to think of it. Radical ways, progressive ways, whatever you want to call it, I think those are going to be coming fast. Blockchains is a solution. >> I was going to ask you about that. So, four out of five breaches are password related. From credential stuffing or just bad password behavior. Everybody uses the same password, because they can remember it, across all these sites. So four out of five of the breaches can be traced back to poor password behavior. So, will things like blockchain or single sign-on, really, the answer, that's about the wrong question. When will, and how will, things like blockchain come to front and center, to solve that problem? >> I don't know, Dave. I mean, all I know is in today's Wall Street Journal, Andy Kessler writes a story that if you want to predict the future, it's all about dodgeball. You've got to get in the game and get hit by a few balls to know what's kind of going on around you. >> Dave: So you've got to fail first. >> Everybody has an opinion, nobody actually knows the answer, this has been a premise in the tech business. In my opinion, my opinion is, to reimagine things, you've got to look at it differently. So if you look at Jim Routh, the CSO at Aetna said, he said, look, we're going to solve these problems in a way, and he said, I'm not even a computer science major, I'm a history major, and I'm running Aetna's security practice. And his point was, he's a history major, civilizations crumble when trust crumbles. Okay, so trust is a huge issue, so trust on the government, trust on the systems, trust with email, so that, so he's looking at it and saying, hey, I want systems that don't erode trust, because the civilization of the world will disintegrate. So trust is a big factor, these are the new things that the best minds have to solve. >> I think the other thing, that really important topic that came up is, is public policy, and there was a discussion on sort of the, you know, hacktivists versus state-sponsored terrorism, so the payload, or the signature of a hacktivist malware is dramatically different than that of a state-sponsored initiative. State-sponsored initiatives are much more sophisticated and much more dangerous. And so, Robert Gates, when he was on theCUBE, brought this up, and he said, listen, we have the best technology in the world. The best security in the world. And we apply that largely for defense, and he said, we could go on the offensive. He said the problem is, so can everyone else, and we have, as a nation, a lot more to lose. So when you, we talked about Stuxnet earlier, Stuxnet basically was your tax dollars at work, getting into the hands eventually of the bad guys, who then use that to come back and say, okay, we can attack critical infrastructure, US, so you better be careful. >> It's bigger than that, though, Dave. That's a one, that's an old point, which is a good point, but Stuxnet was the beginning of a movement that state-sponsored actors were doing. In the old days, a state-sponsored actor, in the Iran case, came from a state sponsor, they revealed their hands in their hack a little too early, and we could counter that. But when you look at the specific attacks over the past 15 years, if a state-sponsored attack on the US was happening, it was their, they had to show their hand. That's different now, with WikiLeaks and public domain, states can still remain anonymous and saying "It wasn't us!" And point to these organizations by democratizing hacker tools. So whether it's Stuxnet or something else, you're seeing state-sponsored actors, and I won't, China, Russia, whoever they are, they can actually enable other people who hate the US to attack us. Their signature's not even on it. So by democratizing the hacker tools, increases the number of people that could attack the US. And so the state sponsors aren't even doing anything. >> Well, so, Jim Routh talked about WannaCry and NotPetya, which were, you know, generally believed to be ransomware. He said no, they weren't ransomware. They only collected about 140 thousand from that in US dollars. They were really about state-sponsored political acts. I don't know, sending warnings. We're going to ask him about that when he comes in theCUBE. >> Alright. We've got a big day here. New York City here for CyberConnect 2017, this is the inaugural event presented by Centrify. All the top leaders in the industry and government are here solving the problem, the crisis of our generation's cyber attack security, both government and industry coming together. This is theCUBE, we'll be back, more live coverage after this short break.

>> Announcer: Live from New York City It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey welcome back everyone, this is theCUBE's coverage of CyberConnect 2017. Live here in New York City at the Grand Hyatt downtown on 42nd street. I'm John Furrier, my co-host Dave Vellante. This is Centrify's inaugural event that they're presenting and they're underwriting. It's the industry event between industry and government and really around the crisis of our generation which is cyber security and it's impact to the transformation to global society and our coverage here. Our next guest is Shira Rubinoff who is the President of SecureMySocial, which is really cutting edge human aspect of social engineering meets security. Primetech partners, Cybersecurity, IoT and an influencer but also doing some great work advising start-ups great participant in the community and certainly great to have you back on theCUBE. Thanks for joining us. >> Shira: Thank you, pleasure. >> So, you're in the front row. I saw you and Dave, I couldn't get a seat I was in the back of the bus here at the General Keith Alexanders keynote, among other great keynotes here. Really an inaugural event and inaugural events are great because it's the sign of the trends but also you know if they do a second even, it worked. Right, so you never know there's never going to be another event so an inaugural event means something. It means that the world has to the realization that the world is changed, the realities are here and that the old way isn't good enough. >> Shira: Yup. >> And you're in the middle of it. What's your thoughts? What's your reaction to the program? >> Well you know it's interesting, it also even goes back to the old technology days when you buy by brand. No ones going to fault you for buying the brand names. Everyone just went along with buying the trend, buying the brand. And as technology advanced itself as well we started seeing doing it the old way is just not going anywhere today. Especially with the millennials entering the workforce, how things are done, how people approach technology and security is very different. The human factors of information security is taking a front row today, in terms of security, in terms of the weakest link of the chain. Whether it being phishing, finding the entree into an organization through the human ... the weak link of the human, or in terms of tricking people for doing other things while they're downloading malware or even circumventing different technologies that are layered upon each other because there's just too many layers of security on each other and not making it easy for somebody to use the technology and keeping it strong. >> This year you bring up a good point about the human aspect of it. There's an old joke in IT where there's a fork with a cork in it and someone says why is that there? So they don't stick the fork in their eye. And that's a joke on the old system admin joke around human error, around updating. That's been around for a while, but now there's a whole other social engineering going on around the business of cyber attacks. Whether it's mafias or organized hacker units that do it for business, for profit to state governments where the social engineering around the human vulnerabilities are key. This isn't your area, it's your wheelhouse. What is the key thing that's happening? What should people be aware of? What's your analysis? >> Well I think people have to be careful of oversharing. I think there's many different entrees into finding, again when we talk about the human factors whether being government, whether being a technology company, whether being a seasuite, whether it being through social media. It's being trusted the wrong people, trusting the wrong sources, and just being open and not being over careful in checking your sources and making sure you're actually linking up whether it being on the LinkedIn. Also, I was talking to someone earlier that people were accepting LinkedIn invitations from non-trusted sources. And they seemed to look okay but again, a social engineering piece that comes in that allowed others in to actually see context and find a breech within an organization. Sometimes, somewhat like a government it can always be across all communities. >> So that's a very nuance point, lets take LinkedIn for example, mind if I picked on LinkedIn but Facebook I'm an oversharer so I'm probably being hacked 10 ways from Sunday but you can have whatever you want. But lets take LinkedIn as an example. A practitioner could say I work on the servers for Chase Bank and I handle the Apache whatever project. That's metadata that can be used against that person. He's putting it out there, he or she, for a job potentially to showcase their skills. Yet, the bad actors can use that and figure out what communities they're ... >> Exactly. >> And github their participants so it's a gesture signal point, that you ... Am I right, am I getting it right? >> Correct. Correct. And that's what some of the companies actually put allowances around what people are allowed to share on LinkedIn, however there's the double-edged sword because they're telling their employees do not overshare and say specifically what you're doing. The employee themselves are saying, hey I want to be open to recruiters to come find me because who knows what my next gig is. So they're going to over share what they're doing to show all the experience that they have so they're open to other job opportunities. >> This is a really interesting conflict, and again I'm torn because religiously I'm a big believer in the democratization of media and society but what you're talking about really is a counter against the democratization because that's based on sharing, which that's where open sources from and so this is going to be some sort of shift. >> Correct. Correct. Well, that also plays into the whole millennial shift. Of how it's approached through the workforce. Millennial generation share everything, everything is open. My whole life is opening itself up on social media. I want you to know what I'm having for breakfast because you might want to have it too. By the way, this is what I'm working on at work because you might find it interesting. Whether it being their boss or saying don't do this they're saying don't tell me what to do and I'm going to work from home half the time. It's millennial shift and we have to shift with it. It's going that route. >> So to what degree can we take bad human behavior out of the equation? Toiling, technology, maybe it's process education. >> Well I think it has to be many factors. You know, there has to be the education around it. There also has to be implementing the right technology. To warn users if they're doing things the wrong way. For example, my company SecureMySocial, we are a technology assisted self-monitoring company for allow for employers to give employees to self monitor across social media based on compliance organization real time warnings. So it would warn the employee if they the employee themselves would be doing something wrong. So implementing technologies of that sort whether being whatever the organization may be open to. So you have the education piece, you have the partnerships with the right technology companies, and you also have allowing the employees to have the right types of security around what they're doing themselves. Without being so involved in what they're doing because then they're going to have a big push back. So there's a very fine line you have to walk here. >> And the psychology is interesting you mention the millennials too, because that's their norm. >> Shira: Correct. And they want to be part of a tribe, right? >> Shira: Yes. >> So that the belonging aspect of social is becoming a norm. But now we have to have practices. So what do you, what's your vision of this? Because that probably won't stop, that's a behavior that will constantly be there. Is that going to come in a form of product? Solutions? A better identity? I mean ... >> Well it's going to come everywhere, if you look across all generations from the boomers, gen x, millennials. Things shift with the generations as it comes down the path. So certainly through technology is going to shift to, easy to use, no extra steps to download. As Centrify has, they want a one point to contact. They don't want to overlay technologies on technologies which is what I speak about a lot. My background is heavily in psychology and the human aspect. So make things as strong as they can be without cumbersome to the employee. You want them to use it, not break it, not go around it and not just throw it out the window. >> Gee, you're a great guest and music to our ears because as Dave knows, I've been on this rant for a long time. User experience is really about user expectations. And as expectations shift, that's kind of where the puck will be or whether you're skating through the puck or skating with the puck, as some people are. The question comes down to this young generation because General talked about this new cyber warfare but there's West Point, there's no Navy SEAL, and that's going to come from a gamer culture potentially or the younger generation, so I got to ask ya. Do you think that we're going to have a counter culture? Because in every revolution, take the 60's. We're the 50's parents now, right? We're the 50's generation, or are we? So I've been kind of speculating that I think we're on the cusp of a counter culture revolution. The summer of love of digital is coming. Or maybe not, what do you think? >> You know, I think it's very interesting the way it's shifting across generations. I think that the generation, our generation before us are trying to take this millennial generation and put them in a box and saying follow my rules or else you're out and the millennial generations like make me. So it's not going to happen that way. They're going to actually drive the force of how technology is going to be created and how the business world is actually going to react and act towards them and how things are going to flow after them. And just wait for the following generation, things are going to be a lot looser. >> So you think there's going to be some massive change being shifted from their expectations. >> Shira: Correct. Correct. Yes. >> Well, I feel like millennials are in for a great awakening because now they don't have a ton to lose. >> Shira: Yes. >> As they get older and accrue more wealth. >> John: Well millennials are generally lazy, right? (laughter) >> You've got to be careful when you say that. >> As my son would say, they're smart or they're lazy. >> They're the make me generation. >> Exactly >> Alright, fine. Be careful what you wish for. But is there a gamification involved. The psychology of getting humans to behave the way that you need them to behave in order to have good security practices. >> Yes, no I think that's a great question. I think that based on what the millennials are doing now and how the shift is happening through the gen x and millennials kind of intertwining the businesses and the way technology is created and moved forward. I think that it's going to somehow have to combine forces. I think there's going to have to be a little give and take. And I think as time progresses and things mature that it's going to be understood and it's going to be adapted by them and adopted by them, as well. >> So, talk a little bit more about your company. MySocial ... >> Shira: SecureMySocial, yes. >> What does it do? How does it help solve some of these issues? >> So SecureMySocial is just technology assisted self monitoring tool for employers to give employees to self monitor across social media, based on compliance and regulations of the organization. With real time warnings and auto-delete capabilities. Basically, the organization would buy it. Based on where a person would fall in the organization there will be specific rules set to apply to them. Whether it being group rule sets for C level people, marketing and the like, you don't want false positives. And they the people themselves would get a real time warning to their known device. But I will back track a little bit because most organizations, if not all today have certain criteria. What you can and can't do across social media. But the most of the problems, if not 98 or more percent of data loss or reputation happen outside of the office. It happens on lunch breaks, vacations, weekends. We can't monitor peoples personal accounts. So we're making the users themselves, they would get the real time warnings. There's nothing to download, nothing to install. They don't give over any personal information, yet they're protected and we're able to keep it across the whole thing. >> So it's an insurance policy for the employee saying, look here's a little notification because you know that if you say that drunk tweet, let's get real right or do something that's at a concert ... >> The CFO of Twitter mistakenly tweeted out the earnings of Twitter instead of doing a direct tweet. Things happen, mistakes happen. It's the human factors of it all. >> Dave: And your technology could have stopped that? >> We could have stopped it, we could have actually auto deleted it before it even went out. >> It's almost, I don't know if it's happening on the west coast, but around where I live there's all these ... There's speed signs going up. Tells you how fast you're going. >> It's like that angel on your shoulder saying, do you really want to do this? >> It might be 25 and you see it and you go, you're going too fast and it's flashing and you slow down, and it actually works. >> We use ways in California that's more ... >> It lets you know where the cops are. (John laughing) >> There's no cops! There's no cops around. >> I know that's the same, it's just more effective. You get there faster, you don't ... >> If you don't mind I'd like to ... >> It's this subliminal message, says hey whoa yo slow down. >> Like that angel on your shoulder tapping you on the shoulder letting you know. >> Like you said, it's the good angel. >> Now I just wanted to mention also a new venture actually launching at the end of the month. It's called Prime Tech Partners. We're an incubator here in New York City. Near the flat iron district. We're going to be launching the end of November. Focusing on augmented reality, cyber security, information security and e-commerce. Opening up to start-ups. And please check it out, Prime Tech Partners. >> Shira you did some great work, I got to ask you the question because start-ups are the canary in the coal mine. >> Shira: Yup. >> They'll tell you kind of what's happening, give you a barometer. What is going on in the start-up areas around security because there's now a range, diverse range opportunities from lock chain all the way to enterprise. >> Sheri: Sure. >> So, and everything in between. What's the chirping happening in the mines of the start-ups as they create new ventures. >> Well it's interesting because when you talk about what's out there we talk about almost like an umbrella. Sometimes people would put cyber security over the whole umbrella and then fit artificial intelligence, augmented reality, virtual reality, blockchain. Everything kind of falls under there. So, you know it's actually moving along with the system. There's a lot of artificial intelligences making a big play. IoT world, there's quite a bit of technology coming out there. All finding the whole problems and if you look at everything there's a lot of the human aspects of information security that they have to take into account when developing and when pushing it out because at the end of the day, it's all social engineering. It's the human factor, whatever you're creating. >> And we're seeing the same thing on theCUBE entries. We go to hundreds of shows a year. The trend is every part of the stack is impacted by this. >> Shira: Exactly. >> At the infrastructure low level, from multi factor authentication all the way up to Docker and Cooper and Eddies at the dev ops level, the app level. To wearables ... >> Well, wearables certainly. Right? Gaining some ones information. >> John: Geo information. >> Right. Well, here was an interesting ... I went into, I have a law firm that contacted me. They wanted me to some consulting for them. They implement this most beautiful, high-tech, gorgeous office. So I was in there talking to some of the partners and they were plugging in their new smart TV's and their smart fridges. Everything into their network. You don't have breech their network to get their information, we'll breech Sony! You breech into Sony, whatever whoever the manufacturer of the TV, the fridge, whatever it is. They're thinking IoT, well they can gain access into that law firm, gain information and just take all that information and utilize that. So there's so much thought to be put around even the IoT world, artificial intelligence. The human factor takes a step back. >> If it's a network device it can be hacked. >> Exactly. Yes. >> So is part of your mission just to make people aware of humans role in bad security practices? Is that a big part of this? >> Shira: Yes. >> This sort of shining a light on it. >> Yes, I think there's almost like a stop and pause. When you're creating a technology, whatever it is, and people are looking, Oh I'm going to make this stronger. I'm going to make this better, I'm going to make this faster. Oh here let me put another control over it, and here's another control, and by the way they have to go around this and do five things, we're going to have the best thing out there. They're not going to use it, they're going to break it and circumvent it. Stop, there's a person there. How are we going to make the person use this to the best capacity? How's it going to be strong without giving them all those extra layers? Anything you're doing, there's a person there. You got to stop and think and figure out how to utilize the best way. >> Shira, give us some predictions for next year, the end of the year, so predictions are coming. We had our meeting this week, or last week on our predictions, so we're going to put you in the hot seat. Your predictions for next year. Hot trends you expect to see. What are you expecting? What's your prediction for next year? Well, I think IoT is going to take a big forefront. Especially with the smarter cities, the smarter homes. As you're talking about the wearables. Artificial intelligence is going to kind of play into that as well, but I think the people are very excited about becoming let's quote unquote smart, no extra steps, right? When you have the no extra steps, remember you're opening yourself up for something, do it smart. But IoT is really expanding itself into every infrastructure whether it being utilizing, engineering. Whether it being cities itself, whether it being homes. And the wearables are also ... If you look at what's going on with Fitbit, then you have the next Apple and then there's something else every other day that you could put on yourself and you could get any information that you want. >> So people are connecting the IoT to the industrial side of their analog to digital. >> Exactly. Yes. Yes. And I think that's going to become a forefront in the next year. >> Right. What do you think of the event here, so far? >> I think the event is terrific. We've had some amazing speakers here and I think they're all highlighting the fact that we have to share expertise and really come together to bypass the problems that are out there and work as a unit, and certainly Centrify is doing a great job here. I'm very happy to be here. >> Great. Well, good luck with everything next year. Thanks for coming on theCUBE, we really appreciate it. >> Shira: Thank you. Happy to be here. That was commentary, great analysis. An opinion here on theCUBE, here at Centrify's event that they're underwriting for the industry as an industry event called CyberConnect presented by Centrify. I'm John Furrier with Dave Vellante, stay tuned for more live coverage here in New York City after this short break. (electronic music)

>> Narrator: Live from New York City, it's the CUBE covering CyberConnect 2017 brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Okay welcome back everyone. This is the CUBE's live coverage in New York City exclusively with the CyberConnect 2017, it's an inaugural event presented by Centrify. It's not a Centrify event. Centrify one of the fastest growing security startups in Silicon Valley and around the world. It is underwriting this great event bringing industry, government and practitioners together to add value on top of the great security conversations. I'm John Furrier, your host with Dave Vellante, my co-host, my next guest is Bill Mann who's the Chief Product Officer with Centrify. Welcome back to the CUBE, great to see you. >> Hey, great to be here. >> Thanks and congratulations for you guys doing what I think is a great community thing, underwriting an event, not just trying to take the event, make it about Centrify, it's really an organically driven event with the team of customers you have, and industry consultants and practitioners, really, really great job, congratulations. >> Bill: Thank you. >> Alright so now let's get down to the meat of the conversation here at the show in the hallways is general's conversation, General Alexander talking about his experience at the NSA and the Fiber Command Center. Really kind of teasing out the future of what cyber will be like for an enterprise whether it's a slow moving enterprise or a fast moving bank or whatever, the realities are this is the biggest complexity and challenge of our generation. Identity's at the heart of it. You guys were called the foundational element of a new solution that has people have to coming together in a community model sharing data, talking to each other, why did he call you guys foundational? >> I think he's calling us foundational because I think he's realizing that having strong identity in an environment is kind of the keys to getting yourself in a better state of mind and a better security posture. If we look at the kind of the foundational principles of identity, it's really about making sure you know who the people are within your organization, by doing identity assurance so that's a foundational principle. The principle of giving people the least amount of access within an organization, that's a foundational principle. The principle of understanding what people did and then using that information and then adjusting policy, that's a foundational principle. I think that's the fundamental reason why he talks about it as a foundational principle and let's face it, most organizations are now connected to the Cloud, they've got mobile user, they've got outsourced IT so something's got to change, right. I mean the way we've been running security up until now. If it was that great, we wouldn't have had all the threats, right? >> And all kinds of silver bullets have been rolling out, Dave and I were commenting and Dave made a point on our intro today that there's no silver bullet in security, there's a lot of opportunities to solve problems but there's no, you can't buy one product. Now identity is a foundational element. Another interesting thing I want to get your reaction to was on stage was Jim from Aetna, the Chief Security Officer and he was kind of making fun with himself by saying I'm not a big computer science, I was a history major and he made a comment about his observation that when civilizations crumble, it's because of trust is lost. And kind of inferring that you can always connect the dots that trust in fundamental and that email security and most of the solutions are really killing the trust model rather than enhancing it and making it more secure so a holistic view of trust stability and enhancement can work in security. What's your reaction to that? >> So it's a complicated area. Trust is complicated let me just kind of baseline that for the moment. I think that we unfortunately, need to have better trust but the way we're approaching trust at the moment is the wrong way so let me give you a simple example. When we go, when we're at home and we're sleeping in our homes and the doors and windows are closed, we inherently trust the security of our environment because the doors and windows are closed but reality is the doors and windows can be really easily opened right, so we shouldn't be trusting that environment at all but we do so what we need to instead do is get to a place where we trust the known things in our environment very, very well and understand what are the unknown things in our environment so the known things in our environment can be people right, the identity of people, can be objects like knowing that this is really Bill's phone, it's a registered phone and it's got a device ID is better than having any phone being used for access so like I said, trust, it's complicated. >> John: But we don't know it has malware on there though. You could have malware. >> You could have malware on there but look, then you've got different levels of trust, right. You've got zero trust when you don't know anything about it. You've got higher levels of trust when you know it's got no malware. >> So known information is critical. >> Known information is critical and known information can then be used to make trust decisions but it's when we make decisions on trust without any information and where we infer that things are trustworthy when they shouldn't be like the home example where you think the doors are closed but it's so easy to break through them, that's when we infer trust so trust is something that we need to build within the environment with information about all the objects in the environment and that's where I think we can start building trust and that's I think how we have to approach the whole conversation about trust. Going back to your example, when you receive an email from somebody, you don't know if it came from that person right. Yet I'm talking to you, I trust that I'm talking to you, right, so that's where the breakdown happens and once we have that breakdown, society can breakdown as well. >> But going back to your device example so there are situations today. I mean you try to log on to your bank from your mobile device and it says do you want to remember this device, do you want to trust this device? Is that an example of what you're talking about and it might hit me a text with a two factor authentication. >> That's an example, that's absolutely an example of trust and then so there's a model in security called the zero trust model and I spoke about it earlier on today and that model of security is the foundational principles of that is understanding who the user is, understanding what endpoint or device they're coming from and that's exactly what you've described which is understanding the context of that device, the trustworthy of the device, you know the location of that device, the posture of that device. All of those things make that device more trustworthy than knowing nothing about that device and those are the kind of fundamental constructs of building trust within the organization now as opposed to what we've got at the moment is we're implying trust without any information about really trust right. I mean most of us use passwords and most of us use password, password so there's no difference between both of you, right and so how can I trust-- >> I've never done that. >> I know but how can we trust each other if we're using you know, data like that to describe ourselves. >> Or using the data in your Linkedin profile that could be socially engineered. >> Bill: Exactly. >> So there's all kinds of ways to crack the passwords so you brought up the trust so this is a, spoofing used to be a common thing but that's been resolved that some, you know same calling some techniques and other things but now when you actually have certificates being compromised, account compromised, that's where you know, you think you know who that person is but that's not who it is so this is a new dynamic and was pointed out in one of the sessions that this account, real compromises of identity is a huge issue. What are you guys doing to solve that problem? Have you solved that problem? >> We're addressing parts of solving that problem and the part of the problem that we're trying to solve is increasing the posture of multi factor authentication of that user so you know more certainty that this is really who that person is. But the fact of the matter is like you said earlier on, trying to reduce the risk down to zero is almost impossible and I think that's what we have to be all clear about in this market, this is not about reducing risk to zero, it's about getting the risk down to something which is acceptable for the type of business you are trying to work on so implementing MFA is a big part of what Centrify advocates within organizations. >> Explain MFA real quick. >> Oh, multi factor authentication. >> Okay, got it. >> Something that we're all used to when we're using, doing online banking at the moment but unfortunately most enterprises don't implement MFA for all the use cases that they need to be able to implement before. So I usually describe it as MFA everywhere and the reason I say MFA everywhere, it should be for all users, not a subset of the users. >> Should be all users, yeah. >> And it should be for all the accesses when they're accessing salesforce.com for concur so all the application, all the servers that they access, all the VPNs that they access, all the times that they request any kind of privilege command, you should reauthenticate them as well at different points in time. So implementing MFA like that can reduce the risk within the organization. >> So I buy that 100% and I love that direction, I'd ask you then a hard question. Anyone who's an Apple user these days knows how complicated MFA could be, I get this iCloud verification and it sends me a code to my phone which could be hacked potentially so you have all these kinds of complexities that could arise depending upon how complicated the apps are. So how should the industry think about simplifying and yet maintaining the security of the MFA across workloads so application one through n. >> So let me kind of separate the problems out so we focus on the enterprise use case so what you're describing is more the consumer use case but we have the same problem in the enterprise area as well but at least in the enterprise area I think that we're going to be able to address the problems sooner in the market. >> John: Because you have the identity baseline? >> One, we have the identity and there's less applications that the enterprise is using. >> It's not Apple. >> It's not like endpoints. >> But take Salesforce, that's as much of a pain, right. >> But with applications like Salesforce, and a lot of the top applications out there, the SaaS applications out there, they already support SAML as a mechanism for eliminating passwords altogether and a lot of the industry is moving towards using API mechanisms for authentication. Now your example for the consumer is a little bit more challenging because now you've got to get all these consumer applications to tie in and so forth right so that's going to be tougher to do but you know, we're focused on trying to solve the enterprise problem and even that is being a struggle in the industry. It's only now that you're seeing standards like SAML and OWASP getting implemented whereby we can make assertions about an identity and then an application can then consume that assertion and then move forward. >> Even in those situations if I may Bill, there's take the trust to another level which is there's a trusted third party involved in those situations. It might be Twitter, Linkedin, Facebook or Google, might be my bank, it might be RSA in some cases. Do you envision a day where we can eliminate the trusted third party with perhaps blockchain. >> Oh I actually do. Yeah, no, I do, I think the trusted third party model that we've got is broken fundamentally because if a break in to the bank, that's it, you know the third party trust but I'm a big fan of blockchain mainly because it's going to be a trusted end party right so there's going to be end parties that are vouching for Bill's identity on the blockchain so and it's going to be harder to get to all those end minors and convince them that they need to change their or break into them right. So yeah I'm a big fan of the trust model changing. I think that's going to be one of the biggest use cases for blockchain when it comes to trust and the way we kind of think about certificates and browsers and SSL certificates and so forth. >> I think you're right on the money and what i would add to that is looking at this conference, CyberConnect, one theme that I see coming out of this is I hear the word reimagining the future here, reimagining security, reimagining DNS, reimagining so a lot of the thought leaders that are here are talking about things like okay, here's what we have today. I'm not saying throwing it away but it's going to be completely different in the new world. >> Yeah and I think you know the important thing about the past is got to learn from the past and we got to apply some of the lessons to the future and things are just so different now. We know with microservices versus monolithic application architectures you know security used to be an afterthought before but you know, you talk to the average developer now, they want to add security in their applications, they realize that right so, and that's going to, I mean, maybe I'm being overly positive but I think that's going to take us to a better place. >> I think we're in a time. >> We need to be overly positive Bill. >> You're the chief officer, you have to have a 20 mouth stare and I think you know legacy always has been a thing we've heard in the enterprise but I just saw a quote on Twitter on the internet and it was probably, it's in quotes so it's probably right, it's motivating, a motivating quote. If you want to create the future, you've got to create a better version of the past and they kind of use taxis versus Uber obviously to answer of a shift in user behavior so that's happening in this industry. There's a shift of user experience, user expectations, changing internet infrastructure, you mentioned blockchain, a variety of other things so we're actually in a time where the better mouse trap actually will work. If you could come out with a great product that changes the economics and the paradigm or use case of an old legacy. So in a way by theory if you believe that, legacy shouldn't be a problem. >> You know and I certainly believe that. Having a kid who's in middle school at the moment, and the younger generation, to understand security way more than we ever used to and you know, this generation, this coming generation understands the difference between a password and a strong password and mobile be used as a second factor authentication so I think that the whole tide will rise here from a security perspective. I firmly believe that. >> Dave: You are an optimist. >> Well about government 'cause one thing that I liked about the talk here from the general was he was pretty straight talk and one of his points, I'm now generalizing and extrapolating out is that the HR side of government has to change in other words the organizational behavior of how people look at things but also the enterprise, we've heard that a lot in our Cloud coverage. Go back eight years when the Clouderati hit, oh DevOps is great but I can't get it through 'cause I've got to change my behavior of my existing staff. So the culture of the practitioners have to change. >> Bill: Yes, absolutely. >> 'Cause the new generation's coming. >> Oh absolutely, absolutely. I was speaking to a customer this morning who I won't mention and literally they told me that their whole staff has changed and they had to change their whole staff on this particular project around security because they found that the legacy thinking was there and they really wanted to move forward at a pace and they wanted to make changes that their legacy staff just wouldn't let 'em move forward with so basically, all of their staff had been changed and it was a memorable quote only because this company is a large organization and it's struggling with adopting new technologies and it was held back. It was not held back because of product or strategies, >> John: Or willingness. >> Or willingness. It was held back by people who were just concerned and wanted to stick to the old way of doing things and that has to change as well so I think you know, there's times will change and I think this is one of those times where security is one of those times where you got to push through change otherwise I mean I'm also a believer that security is a competitive advantage for an organization as well and if you stick with the past, you're not going to be able to compete in the future. >> Well, and bad user behavior will always trump good security. It was interesting to hear Jim Routh today talk about unconventional message and I was encouraged, he said, you know spoofing, we got DMARC, look alike domains, we got sink holes, display name deception, we've got, you know we can filter the incoming and then he talked about compromised accounts and he said user education and I went oh, but there's hope as an optimist so you've got technologies on the horizon to deal with that even right so you. >> I'm also concerned that the pace at which the consumer world is moving forward on security, online banking and even with Google and so forth that the new generation will come into the workforce and be just amazed how legacy the environments are right, 'cause the new generation is used to using you know, Google Cloud, Google Mail, Google everything and everything works, it's all integrated already and if they're coming to the workplace and that workplace is still using legacy technologies right, they're not going to be able to hire those people. >> Well I'll give you an example. When I went to college, I was the first generation, computer science major that didn't have to use punch cards and I was blown away like actually people did that like what, who the hell would ever do that? And so you know, I was the younger guy coming up, it was like, I was totally looking down. >> Dave: That's ridiculous. >> I would thank God I don't do that but they loved it 'cause they did it. >> I mean I've got the similar story, I was the first generation in the UK. We were the first Mac-Lab in the UK, our university had the first large Mac, Apple Macintosh Lab so when I got into the workplace and somebody put a PC in front of me, I was like hold on, where's the mouse, where's the windows, I couldn't handle it so I realized that right so I think we're at that kind of junction at the moment as well. >> We got two minutes left and I want to ask you kind of a question around the comment you just made a minute ago around security as a competitive advantage. This is really interesting, I mean you really can't say security is a profit center because you don't sell security products if you're deploying state of the art security practices but certainly it shouldn't be a cost center so we've seen on our CUBE interviews over the past year specifically, the trend amongst CCOs and practitioners is when pressed, they say kind of, I'm again generalizing the trend, we're unbundling the security department from IT and making it almost a profit center reporting to the board and or the highest levels, not like a profit center but in a way, that's the word they use because if we don't do that, our ability to make a profit is there so you've brought up competitive strategy, you have to have a security and it's not going to be underneath an IT umbrella. I'm not saying everyone's doing it but the trend was to highlight that they have to break out security as a direct report as if it was a profit center because their job is so critical, they don't want to be caught in an IT blanket. Do you see that trend and your comment and reaction to that statement? >> I see that trend but I see it from a perspective of transparency so I think that taking security out of the large umbrella of IT and given its own kind of foundation, own reporting structure is all about transparency and I think that modern organizations understand now the impact a breach can have to a company. >> John: Yeah, puts you out of business. >> Right, it puts you out of business right. You lose customers and so forth so I think having a security leader at the table to be able to describe what they're doing is giving the transparency for decision makers within the organization and you know, one of my other comments about it being a competitive advantage, I personally think let's take the banking arena, it's so easy to move from bank A to bank B and I personally think that people will stay with a certain bank if that bank has more security features and so forth. I mean you know, savings, interest rates going to be one thing and mortgage rates are going to be one thing but if all things are even. >> It's a product feature. >> It's a product feature and I think that again, the newer generation is looking for features like that, because they're so much more aware of the threat landscape. So I think that's one of the reasons why I think it's a competitive advantage but I agree with you, having more visibility for an organization is important. >> You can't make a profit unless the lights are on, the systems are running and if you have a security hack and you're not running, you can't make a profit so it's technically a profit center. Bill I believe you 100% on the competitive strategy. It certainly is going to be table stakes, it's part of the product and part of the organization's brand, everything's at stake. Big crisis, crisis of our generation, cyber security, cyber warfare for the government, for businesses as a buzz thing and business, this is the Centrify presented event underwritten by Centrify here in New York City. CyberConnect 2017, the CUBE's exclusive coverage. More after this short break. (electronic jingle)

>> Host: New York City, it's The Cube covering Cyber Connect 2017, brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey, welcome back, everyone. This the Cube's live coverage in New York City. This is the Cyber Connect 2017, presented by Centrify, underwritten by such a large industry event. I'm John Furrier, Dave Vellante. Our next guest is Byron Acohido who's the journalist at lastwatchdog.com. Thanks for joining us, welcome to The Cube. >> Thank you, pleasure to be here. >> So, seasoned journalist, there's a lot to report. Cyber is great, we heard a great talk this morning around the national issues around the government. But businesses are also struggling, too, that seems to be the theme of this event, inaugural event. >> It really is a terrific topic that touches everything that we're doing, the way we live our lives today. So, yeah, this is a terrific event where some of the smartest minds dealing with it come together to talk about the issues. >> What's the top level story in your mind in this industry right now? Chaos, is it data, civil liberties, common threats? How do you stack rank in level of importance, the most important story? >> You know, it really is all of the above. I had the privilege to sit at lunch with General Keith Alexander. I've seen him speak before at different security events. So it was a small group of the keynote speakers, and Tom Kemp, the CEO of Centrify. And he just nailed it. He basically, what resonated with me was he said basically we're kind of like where we were, where the world was at the start of World War I, where Russia and Germany and England, we're all kind of lining up, and Serbia was in the middle, and nobody really knew the significance of what lay ahead, and the US was on the sidelines. And all these things were just going to converge and create this huge chaos. That's what he compared it today, except we're in the digital space with that, because we're moving into cloud computing, mobile devices, destruction of privacy, and then now the nation states, Russia is lining up, North Korea, and Iran. We are doing it too, that was probably one of the most interesting things that came at you. >> His rhetoric was very high on the, hey, get our act together, country, attitude. Like, we got a lot to bring to the table, he highlighted a couple use cases and some war stories that the NSA's been involved in, but almost kind of teasing out, like we're kind of getting in our own way if we don't reimagine this. >> Yes, he is a very great advocate for the private sector industry, but not just industry, the different major verticals like especially the financial sector and the energy sector to put aside some of the competitive urges they have and recognize that this is going on. >> Okay, but I got to ask you, as a journalist, Last Watchdog, General Alexander definitely came down, when he sort of addressed privacy, and Snowden, and the whole story he told about the gentleman from the ACLU who came in a skeptic and left an advocate. As a journalist whose job is to be a skeptic, did you buy that? Does your community buy that? What's the counterpoint to that narrative that we heard this morning? >> Well, actually I think he hit it right on the head. As a journalist, why I got into this business and am still doing it after all these years is if I can do a little bit to shed a little bit of light on something that helps the public recognize what's going on, that's what I'm here to do. And this topic is just so rich and touches everything. We were talking just about the nation state level of it, but really it effects down to what we're doing as a society, what Google, and Facebook, and Twitter, how they're shaping our society and how that impacts privacy. >> We were talking last night, Dave, about the Twitter, and Facebook, and Alphabet in front of the Senate hearings last week, and how it means, in terms, he brought it up today. The common protection of America in this time, given the past election, that was the context of the Google thing, really has got a whole opportunity to reimagine how we work as a society in America, but also on the global stage. You got China, Russia, and the big actors. So, it's interesting, can we eventually reimagine, use this opportunity as the greatest crisis to transform the crap that's out there today. Divisiveness, no trust. We're living in an era now where, in my life time I can honestly say I've never seen it this shitty before. I mean, it's bad. I mean, it's like the younger generation looking at us, looking at, oh, Trump this, Trump that, I don't trust anybody. And the government has an opportunity. >> Alright, but wait a minute. So, I'm down the middle, as you know, but I'm going to play skeptic here a little bit. What I basically heard from General Alexander this morning was we got vetted by the ACLU, they threw sort of holy water on it, and we followed the law. And I believe everything he said, but I didn't know about that law until Snowden went public, and I agree with you, Snowden should be in jail. >> John: I didn't say that. >> You did, you said that a couple, few years ago on The Cube, you said that. Anyway, regardless. >> I'm going to go find the archive. >> Maybe I'm rewriting history, but those laws were enacted kind of in a clandestine manner, so I put it out to both of you guys. As a citizen, are you willing to say, okay, I'll give up maybe some of my privacy rights for protection? I know where I stand on that, but I'm just asking you guys. I mean, do all your readers sort of agree with that narrative? Do all of The Cube? >> If you look at the World War I example the general, he brought up at lunch, I wasn't there, but just me thinking about that, it brings up a good perspective. If you look at reinventing how society in America is done, what will you give up for safety? These are some of the questions. What does patriotizing mean for if industry's going to work together, what does it mean to be a patriot? What I heard from the general onstage today was, we're screwed if we don't figure this out, because the war, it's coming. It's happening at massive speeds. >> Again, I know where I stand on this. I'm a law-abiding citizen. >> - Byron, what do you think? >> Go ahead and snoop me, but I know people who would say no, that's violating my constitutional rights. I dunno, it's worth a debate, is all I'm saying. >> It's a core question to how we're living our lives today, especially here in the US. In terms of privacy, I think the horse has left the barn. Nobody cares about privacy if you just look at the way we live our lives. Google and Facebook have basically thrown the privacy model-- >> GPS. >> That came about because we went through World War I and World War II, and we wanted the right to be left alone and not have authoritative forces following us inside the door. But now we don't live in just a physical space, we live in a cyberspace. >> I think there's new rules. >> There is no privacy. >> Don't try and paint me into a corner here, I did maybe say some comments. Looking forward the new realities are, there are realities happening, and I think the general illuminated a lot of those today. I've been feeling that. However, I think when you you define what it means to be a patriot of the United States of America and freedom, that freedom has to be looked through the prism of the new realities. The new realities are, as the General illuminated, there are now open public domain tools for anyone to attack the United State, industry and government, he brought it up. Who do they protect, the banks? So, this ends up, I think will be a generational thing that the younger generation and others will have to figure out, but the leaders in industry will have to step up. And I think that to me is interesting. What does that look like? >> I think leadership is the whole key to this. I think there's a big thread about where the burden lies. I write about that a lot as a central theme, where is the burden? Well, each of us have a burden in this society to pay attention to our digital footprint, but it's moving and whirling so fast, and the speaker just now from US Bank said there is no such thing as unprecedented, it's all ridiculous the way things are happening. So, it has to be at the level of the leaders, a combination, and I think this is what the general was advocating, a combination of the government as we know it, as we've built it, by and for the people, and industry recognizing that if they don't do it, regulations are going to be pushed down, which is already happening here in New York. New York State Department of Financial Services now imposes rules on financial services companies to protect their data, have a CSO, check their third parties. That just went in effect in March. >> Let's unpack that, because I think that's what new. If they don't do this, they don't partner, governments and industry don't partner together, either collectively as a vertical or sector with the government, then the government will impose new mandates on them. That's kind of what you're getting at. That's what's happening. >> It'll be a push and shove. Now the push is because industry has not acted with enough urgency, and even though they were seeing them in the headlines. California's already led the way in terms of its Data Loss Disclosure law that now 47 states have, but it's a very, I mean, that's just the level the government can push, and then industry has to react to that. >> I got to say, I'm just being an observer in the industry, we do The Cube, and how many events will we hear the word digital transformation. If people think digital transformation is hard now, imagine if the government imposes all these restrictions. >> What about GDPR? >> Byron: That's a good question, yeah. >> You're trying to tell me the US government is going to be obliged to leak private information because of a socialist agenda, which GDPR has been called. >> No, that's another one of these catalysts or one of these drivers that are pushing. We're in a global society, right? >> Here's my take, I'll share my opinion on this, Dave, I brought it up earlier. What the general was pointing out is the terror states now have democratized tools that other big actors are democratizing through the public domain to allow any enemy of the United States to attack with zero consequences, because they're either anonymous. But let's just say they're not anonymous, let's just say they get caught. We can barely convert drug dealers, multiple jurisdictions in court and around the world. What court is out there that will actually solve the problem? So, the question is, if they get caught, what is the judicial process? >> Navy SEALs? >> I mean, obviously, I'm using the DEA and drug, when we've been fighting drug for multiple generations and we still have to have a process to multiple years to get that in a global court. I mean, it's hard. My point is, if we can't even figure it out for drug trade, generations of data, how fast are we going to get cyber criminals? >> Well, there is recognition of this, and there is work being done, but the gap is so large. Microsoft has done a big chunk of this in fighting botnets, right? So, they've taken a whole legal strategy that they've managed to impose in maybe a half-dozen cases the last few years, where they legally went and got legal power to shut down hosting services that were sources of these botnets. So, that's just one piece of it. >> So, this World War I analogy, let's just take it to the cloud wars. So, in a way, Dave, we asked Amazon early on, Amazon Web Services how their security was. And you questioned, maybe cloud has better security than on premise, at that time eight years ago. Oh my God, the cloud is so insecure. Now it looks like the cloud's more secure, so maybe it's a scale game. Cloud guys might actually be an answer, if you take your point to the next level. What do you think? >> Correct me if I'm wrong, you haven't seen these kind of massive Equifax-like breaches at Amazon and Google. >> That we know about. >> That we know about. >> What do you think? Don't they have to disclose? >> Cloud players have an opportunity? >> That we know about. >> That's what I was saying. The question on the table is, are the cloud guys in a better position to walk around and carry the heavy stick on cyber? >> Personally, I would say no question. There's homogeneity of the infrastructure, and standardization, and more automation. >> What do you think? What's your community think? >> I think you're right, first of all, but I think it's not the full answer. I think the full answer is what the general keeps hammering on, which is private, public, this needs to be leadership, we need to connect all these things where it makes sense to connect them, and realize that there's a bigger thing on the horizon that's already breathing down our necks, already blowing fire like a dragon at us. It's a piece of the, yeah. >> It's a community problem. The community has to solve the problem at leadership level for companies and industry, but also what the security industry has always been known for is sharing. The question is, can they get to a data sharing protocol of some sort? >> It's more than just data sharing. I mean, he talked about that, he talked about, at lunch he did, about the ISAC sharing. He said now it's more, ISACs are these informational sharing by industry, by financial industry, health industry, energy industry, they share information about they've been hacked. But he said, it's more than that. We have to get together at the table and recognize where these attacks are coming, and figure out what the smart things are doing, like at the ISP level. That's a big part of the funnel, crucial part of the funnel, is where traffic moves. That's where it needs to be done. >> What about the the balance of power in the cyber war, cyber warfare? I mean, US obviously, US military industrial complex, Russia, China, okay, we know what the balance of power is there. Is there much more of a level playing field in cyber warfare, do you think, or is it sort of mirror the size of the economy, or the sophistication of the technology? >> No, I think you're absolutely right. There is much more of a level playing field. I mean, North Korea can come in and do a, this is what we know about, or we think we know about, come in and do a WannaCry attack, develop a ransomware that actually moves on the internet of things to raise cash, right, for North Korea. So there, yeah, you're absolutely right. >> That's funding their Defense Department. >> As Robert Gates said when he was on The Cube, we have to be really careful with how much we go on the offense with cyber security, because we have more to lose than anybody with critical infrastructure, and the banking system, the electrical grid, nuclear facilities. >> I interviewed a cyber guy on The Cube in the studio from Vidder, Junaid Islam. He's like, we can look at geo and not have anyone outside the US access our grid. I mean, no one should attack our resources from outside the US, to start with. So, core network access has been a big problem. >> Here's something, I think I can share this because I think he said he wouldn't mind me sharing it. At the lunch today, to your point that we have more to lose is, the general said yeah, we have terrific offensive capability. Just like in the analog world, we have all the great bombers, more bombers than anybody else. But can we stop people from getting, we don't have the comparable level of stopping. >> The defense is weak. >> The defense, right. Same thing with cyber. He said somebody once asked him how many of your, what percentage of your offensive attacks are successful? 100%. You know, we do have, we saw some of that with leaks of the NSA's weapons that happened this year, that gone out. >> It's like Swiss cheese, the leaks are everywhere, and it's by the network itself. I ran into a guy who was running one of the big ports, I say the city to reveal who it was, but he's like, oh my God, these guys are coming in the maritime network, accessing the core internet, unvetted. Pure core access, his first job as CIO was shut down the core network, so he has to put a VPN out there and segment the network, and validate all the traffic coming through. But the predecessor had direct internet access to their core network. >> Yeah, I think the energy sector, there's a sponsor here, ICIT, that's in the industrial control space, that I think that's where a lot of attention is going to go in the next couple of years, because as we saw with these attacks of the Ukraine, getting in there and shutting down their power grid for half a day or whatever, or with our own alleged, US own involvement in something like Stuxnet where we get into the power grid in Iran, those controls are over here with a separate legacy. Once you get in, it's really easy to move around. I think that needs to be all cleaned up and locked down. >> They're already in there, the malware's sitting in there, it's idle. >> We're already over there probably, I don't know, but that's what I would guess and hope. >> I don't believe anything I read these days, except your stuff, of course, and ours. Being a journalist, what are you working on right now? Obviously you're out there reporting, what are the top things you're looking at that you're observing? What's your observation space relative to what you're feeding into your reports? >> This topic, security, I'm going to retire and be long gone on this. This is a terrific topic that means so much and connects to everything. >> A lot of runway on this topic, right? >> I think the whole area of what, right there, your mobile device and how it plugs into the cloud, and then what that portends for internet of things. We have this whole 10-year history of the laptops, and we're not even solving that, and the servers are now moving here to these mobile devices in the clouds and IOT. It's just, attack surface area is just, continues to get bigger. >> And the IT cameras. >> The other thing I noticed on AETNA's presentation this morning on the keynote, Jim was he said, a lot of times many people chase the wrong attack vector, because of not sharing, literally waste cycle times on innovation. So, it's just interesting market. Okay, final thoughts, Byron. This event, what's the significance of this event? Obviously there's Black Hat out there and other industry events. What is so significant about CyberConnect from your perspective? Obviously, our view is it's an industry conversation, it's up-leveled a bit. It's not competing with other events. Do you see it the same way? What is your perspective on this event? >> I think that it's properly named, Connect, and I think that is right at the center of all this, when you have people like Jim Ralph from AETNA, which is doing these fantastic things in terms of protecting their network and sharing that freely, and the US Bank guy that was just on, and Verizon is talking later today. They've been in this space a long time sharing terrific intelligence, and then somebody like the general, and Tom Kemp, the CEO of Centrify, talking about giving visibility to that, a real key piece that's not necessarily sexy, but by locking that down, that's accessing. >> How is the Centrify message being received in the DC circles? Obviously they're an enterprise, they're doing very well. I don't know their net revenue numbers because they're private, they don't really report those. Are they well-received in the DC and the cyber communities in terms of what they do? Identity obviously is a key piece of the kingdom, but it used to be kind of a fenced off area in enterprise software model. They seem to have more relevance now. Is that translating for them in the marketplace? >> I would think so, I mean, the company's growing. I was just talking to somebody. The story they have to tell is substantive and really simple. There's some smart people over there, and I think there are friendly ears out there to hear what they have to say. >> Yeah, anything with identity, know your customer's a big term, and you hear in blockchain and anti-money laundering, know your customer, big term, you're seeing more of that now. Certainly seeing Facebook, Twitter, and Alphabet in front of the Senate getting peppered, I thought that was interesting. We followed those guys pretty deeply. They got hammered, like what's going on, how could you let this happen? Not that it was national security, but it was a major FUD campaign going on on those platforms. That's data, right, so it wasn't necessarily hacked, per se. Great stuff, Byron, thanks for joining us here on The Cube, appreciate it. And your website is lastwatchdog.com. >> Yes. >> Okay, lastwatchdog.com. Byron Acohido here inside The Cube. I'm John Furrier, Dave Vellante, we'll be back with more live coverage after this short break.

>> Announcer: Live from New York City It's TheCube. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> It got out of control, they were testing it. Okay, welcome back everyone. We are here live in New York City for CyberConnect 2017. This is Cube's coverage is presented by Centrify. It's an industry event, bringing all the leaders of industry and government together around all the great opportunities to solve the crisis of our generation. That's cyber security. We have Cricket Liu. Chief DNS architect and senior fellow at Infoblox. Cricket, great to see you again. Welcome to theCUBE. >> Thank you, nice to be back John. >> So we're live here and really this is the first inaugural event of CyberConnect. Bringing government and industry together. We saw the retired general on stage talking about some of the history, but also the fluid nature. We saw Jim from Aetna, talking about how unconventional tactics and talking about domains and how he was handling email. That's a DNS problem. >> Yeah, yeah. >> You're the DNS guru. DNS has become a role in this. What's going on here around DNS? Why is it important to CyberConnect? >> Well, I'll be talking tomorrow about the first anniversary, well, a little bit later than the first anniversary of the big DDoS attack on Dyn. The DNS hosting provider up in Manchester, New Hampshire. And trying to determine if we've actually learned anything, have we improved our DNS infrastructure in any way in the ensuing year plus? Are we doing anything from the standards, standpoint on protecting DNS infrastructure. Those sorts of things. >> And certainly one of the highlight examples was mobile users are masked by the DNS on, say, email for example. Jim was pointing that out. I got to ask you, because we heard things like sink-holing addresses, hackers create domain names in the first 48 hours to launch attacks. So there's all kinds of tactical things that are being involved with, lets say, domain names for instance. >> Cricket: Yeah, yeah. >> That's part of the critical infrastructure. So, the question is how, in DDoS attacks, denial-of-service attacks, are coming in in the tens of thousands per day? >> Yeah, well that issue that you talked about, in particular the idea that the bad guys register brand new domain names, domain names that initially have no negative reputation associated with them, my friend Paul Vixie and his new company Farsight Security have been working on that. They have what is called a -- >> John: What's the name of the company again? >> Farsight Security. >> Farsight? >> And they have what's called a Passive DNS Database. Which is a database basically of DNS telemetry that is accumulated from big recursive DNS servers around the internet. So they know when a brand new domain name pops up, somewhere on the internet because someone has to resolve it. And they pump all of these brand new domain names into what's called a response policy zone feed. And you can get for example different thresh holds. I want to see the brand new domain names created over the last 30 minutes or seen over the last 30 minutes. And if you block resolution of those brand new domain names, it turns out you block a tremendous amount of really malicious activity. And then after say, 30 minutes if it's a legitimate domain name it falls off the list and you can resolve it. >> So this says your doing DNS signaling as a service for new name registrations because the demand is for software APIs to say "Hey, I want to create some policy around some techniques to sink-hole domain address hacks. Something like that? >> Yeah, basically this goes hand in hand with this new system response policy zone which allows you to implement DNS policy. Something that we've really never before done with DNS servers, which that's actually not quite true. There have been proprietary solutions for it. But response policy zones are an open solution that give you the ability to say "Hey I do want to allow resolution of this domain name, but not this other domain name". And then you can say "Alright, all these brand new domain names, for the first 30 minutes of their existence I don't want-- >> It's like a background check for domain names. >> Yeah, or like a wait list. Okay, you don't get resolved for the first 30 minutes, that gives the sort of traditional, reputational, analyzers, Spamhaus and Serval and people like that a chance to look you over and say "yeah, it's malicious or it's not malicious". >> So serves to be run my Paul Vixie who is the contributor to the DNS protocol-- >> Right, enormous contributor. >> So we should keep an eye on that. Check it out, Paul Vixie. Alright, so DNS's critical infrastructure that we've been talking about, that you and I, love to riff about DNS and the role What's it enabled? Obviously it's ASCII, but I got to ask you, all these Unicode stuff about the emoji and the open source, really it highlight's the Unicode phenomenon. So this is a hacker potential haven. DNS and Unicode distinction. >> It's really interesting from a DNS standpoint, because we went to a lot of effort within the IETF, the Internet Engineering Task Force, some years ago, back when I was more involved in the IETF, some people spent a tremendous amount of effort coming up with a way to use allow people to use Unicode within domain name. So that you could type something into your browser that was in traditional or simplified Chinese or that was in Arabic or was in Hebrew or any number of other scripts. And you could type that in and it would be translated into something that we call puny code, in the DNS community, which is an ASCII equivalent to that. The issue with that though, becomes that there are, we would say glifs, most people I guess would say characters, but there are characters in Unicode that look just like, say Latin alphabet characters. So there's a lowercase 'a' for example, in cyrillic, it's not a lowercase 'a' in the Latin alphabet, it's a cyrillic 'a', but it looks just like an 'a'. So it's possible for people to register names, domain names, that in there Unicode representation, look like for example, PayPal, which of course has two a's in it, and those two a's could be cyrillic a's. >> Not truly the ASCII representation of PayPal which we resolve through the DNS. >> Exactly, so imagine how subtle an attack that would be if you were able to send out a bunch of email, including the links that said www.-- >> Someone's hacked your PayPal account, click here. >> Yeah, exactly. And if you eyeballed it you'd think Well, sure that's www.PayPal.com, but little do you know it's actually not the -- >> So Jim Ruth talked about applying some unconventional methods, because the bad guys don't subscribe to the conventional methods . They don't buy into it. He said that they change up their standards, is what I wrote down, but that was maybe their sort of security footprint. 1.5 times a day, how does that apply to your DNS world, how do you even do that? >> Well, we're beginning to do more and more with analytics DNS. The passive DNS database that I talked about. More and more big security players, including Infoblox are collecting passive DNS data. And you can run interesting analytics on that passive DNS data. And you can, in some cases, automatically detect suspicious or malicious behavior. For example you can say "Hey, look this named IP address mapping is changing really, really rapidly" and that might be an indication of let's say, fast flux. Or you can say "These domain names have really high entropy. We did an engram analysis of the labels of these". The consequence of that we believe that this resolution of these domain names, is actually being used to tunnel data out of an organization or into an organization. So there's some things you can do with these analytical algorithms in order to suss out suspicious and malicious. >> And you're doing that in as close to real time as possible, presumably right? >> Cricket: That's right. >> And so, now everybody's talking about Edge, Edge computing, Edge analytics. How will the Edge effect your ability to keep up? >> Well, the challenge I think with doing analytics on passive DNS is that you have to be able to collect that data from a lot of places. The more places that you have, the more sensors that you have collecting passive DNS data the better. You need to be able to get it out from the Edge. From those local recursive DNS servers that are actually responding to the query's that come from say your smart phone or your laptop or what have you. If you don't have that kind of data, you've only got, say, big ISPs, then you may not detect the compromise of somebody's corporate network, for example. >> I was looking at some stats when I asked the IOT questions, 'cause you're kind of teasing out kind of the edge of the network and with mobile and wearables as the general was pointing out, is that it's going to create more service area, but I just also saw a story, I don't know if it's from Google or wherever, but 80% plus roughly, websites are going to have SSL HTBS that they're resolving through. And there's reports out here that a lot of the anti virus provisions have been failing because of compromised certificates. And to quote someone from Research Park, and we want to get your reaction to this "Our results show", this is from University of Maryland College Park. "Our results show that compromised certificates pose a bigger threat than we previously believed, and is not restricted to advanced threats and digitally signed malware was common in the wild." Well before Stuxnet. >> Yeah, yeah. >> And so breaches have been caused by compromising certificates of actual authority. So this brings up the whole SSL was supposed to be solving this, that's just one problem. Now you've got the certificates, well before Stuxnet. So Stuxnet really was kind of going on before Stuxnet. Now you've got the edge of the network. Who has the DNS control for these devices? Is it kind of like failing? Is it crumbling? How do we get that trust back? >> That's a good question. One of the issues that we've had is that at various points, CAs, Certificate Authorities, have been conned into issuing certificates for websites that they shouldn't have. For example, "Hey, generate a cert for me". >> John: The Chinese do it all the time. >> Exactly. I run www. Bank of America .com. They give it to the wrong guy. He installs it. We have I think, something like 1,500 top level certification authorities. Something crazy like that. Dan Komenski had a number in one of his blog posts and it was absolutely ridiculous. The number of different CA's that we trust that are built into the most common browsers, like Chrome and Firefox and things like that. We're actually trying to address some of those issues with DNS, so there are two new resource records being introduced to DNS. One is TLSA. >> John: TLSA? >> Yeah, TLSA. And the other one is called CAA I think, which always makes me think of a California Automotive Association. (laughter) But TLSA is basically a way of publishing data in your own zone that says My cert looks like this. You can say "This is my cert." You can just completely go around the CA. And you can say "This is my cert" and then your DNS sec sign your zone and you're done. Or you can do something short of that and you can say "My cert should look like this "and it should have this CA. "This is my CA. "Don't trust any other one" >> So it's metadata about the cert or the cert itself. >> Exactly, so that way if somebody manages to go get a cert for your website, but they get that cert from some untrustworthy CA. I don't know who that would be. >> John: Or a comprimised-- >> Right, or a compromised CA. No body would trust it. No body who actually looks up the TSLA record because they'll go "Oh, Okay. I can see that Infoblox's cert that their CA is Symantech. And this is not a Symantech signed cert. So I'm not going to believe it". And at the same time this CAA record is designed to be consumed by the CA's themselves, and it's a way of saying, say Infoblox can say "We are a customer of Symantech or whoever" And when somebody goes to the cert and says "Hey, I want to generate a certificate for www.Infoblox.com, they'll look it up and say "Oh, they're a Symantech customer, I'm not going to do that for you". >> So it creates trust. So how does this impact the edge of the network, because the question really is, the question that's on everyone's mind is, does the internet of things create more trust or does it create more vulnerabilities? Everyone knows it's a surface area, but still there are technical solutions when you're talking about, how does this play out in your mind? How does Infoblox see it? How do you see it? What's Paul Vixie working on, does that tie into it? Because out in the hinterlands and the edge of the network and the wild, is it like a DNS server on the device. It could be a sensor? How are they resolving things? What is the protocol for these? >> At least this gives you a greater assurance if you're using TLS to encrypt communication between a client and a web server or some other resource out there on the internet. It at least gives you a better assurance that you really aren't being spoofed. That you're going to the right place. That your communications are secure. So that's all really good. IOT, I think of as slightly orthogonal to that. IOT is still a real challenge. I mean there is so many IOT devices out there. I look at IOT though, and I'll talk about this tomorrow, and actually I've got a live event on Thursday, where I'll talk about it some more with my friend Matt Larson. >> John: Is that going to be here in New York? >> Actually we're going to be broadcasting out of Washington, D.C. >> John: Were you streaming that? >> It is streamed. In fact it's only streamed. >> John: Put a plug in for the URL. >> If you go to www.Infoblox.com I think it's one of the first things that will slide into your view. >> So you're putting it onto your company site. Infoblox.com. You and Matt Larson. Okay, cool. Thursday event, check it out. >> It is somewhat embarrassingly called Cricket Liu Live. >> You're a celebrity. >> It's also Matt Larson Live. >> Both of you guys know what you're talking about. It's great. >> So there's a discussion among certain boards of directors that says, "Look, we're losing the battle, "we're losing the war. "We got to shift more on response "and at least cover our butts. "And get some of our response mechanisms in place." What do you advise those boards? What's the right balance between sort of defense perimeter, core infrastructure, and response. >> Well, I would certainly advocate as a DNS guy, that people instrument their DNS infrastructure to the extent that they can to be able to detect evidence of compromise. And that's a relatively straight forward thing to do. And most organizations haven't gone through the trouble to plumb their DNS infrastructure into their, for example, their sim infrastructure, so they can get query log information, they can use RPZs to flag when a client looks up the domain name of a known command and control server, which is a clear indication of compromise. Those sorts of things. I think that's really important. It's a pretty easy win. I do think at this point that we have to resign ourselves to the idea that we have devices on our network that are infected. That game is lost. There's no more crunchy outer shell security. It just doesn't really work. So you have to have defensive depth as they say. >> Now servs has been around for such a long time. It's been one of those threats that just keeps coming. It's like waves and waves. So it looks like there's some things happening, that's cool. So I got to ask you, CyberConnect is the first real inaugural event that brings industry and some obviously government and tech geeks together, but it's not black hat or ETF. It's not those geeky forums. It's really a business community coming together. What's your take of this event? What's your observations? What are you seeing here? >> Well, I'm really excited to actually get the opportunity to talk to people who are chiefly security people. I think that's kind of a novelty for me, because most of the time I think I speak to people who are chiefly networking people and in particular that little niche of networking people who are interested in DNS. Although truth be told, maybe they're not really interested in DNS, maybe they just put up with me. >> Well the community is really strong. The DNS community has always been organically grown and reliable. >> But I love the idea of talking about DNS security to a security audience. And hopefully some of the folks we get to talk to here, will come away from it thinking oh, wow, so I didn't even realize that my DNS infrastructure could actually be a security tool for me. Could actually be helpful in any way in detecting compromise. >> And what about this final question, 'cause I know we got a time check here. But, operational impact of some of these DNS changes that are coming down from Paul Vixie, you and Matt Larson doing some things together, What's the impact of the customer and they say "okay, DNS will play a role in how I role out my architecture. New solutions for cyber, IOT is right around the corner. What's the impact to them in your mind operationally. >> There certainly is some operational impact, for example if you want to subscribe to RPZ feeds, you've got to become a customer of somebody who provides a commercial RPZ feed or somebody who provides a free RPZ feed. You have to plumb that into your DNS infrastructure. You have to make sure that it continues transferring. You have to plumb that into your sim, so when you get a hit against an RPZ, you're notified about it, your security folks. All that stuff is routine day to day stuff. Nothing out of the ordinary. >> No radical plumbing changes. >> Right, but I think one of the big challenges in so many of the organizations that I go to visit, the security organization and the networking organization are in different silos and they don't necessarily communicate a lot. So maybe the more difficult operational challenge is just making sure that you have that communication. And that the security guys know the DNS guys, the networking guys, and vice versa. And they cooperate to work on problems. >> This seems to be the big collaboration thing that's happening here. That it's more of a community model coming together, rather than security. Cricket Liu here, DNS, Chief Architect of DNS and senior fellow of Infoblox. The legend in the DNS community. Paul Vixie amongst the peers. Really that community holding down the fort I'll see a lot of exploits that they have to watch out for. Thanks for your commentary here at the CyberConnect 2017 inaugural event. This is theCUBE. We'll be right back with more after this short break. (techno music)

(upbeat music) >> Narrator: Live from New York City It's theCUBE, covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey, welcome back everyone. Live here in New York is theCUBE's exclusive coverage of Centrify's CyberConnect 2017, presented by Centrify. It's an industry event that Centrify is underwriting but it's really not a Centrify event, it's really where industry and government are coming together to talk about the best practices of architecture, how to solve the biggest crisis of our generation, and the computer industry that is security. I am John Furrier, with my co-host Dave Vellante. Next guest: David McNeely, who is the vice president of product strategy with Centrify, welcome to theCUBE. >> Great, thank you for having me. >> Thanks for coming on. I'm really impressed by Centrify's approach here. You're underwriting the event but it's not a Centrify commercial. >> Right >> This is about the core issues of the community coming together, and the culture of tech. >> Right. >> You are the product. You got some great props from the general on stage. You guys are foundational. What does that mean, when he said that Centrify could be a foundational element for solving this problem? >> Well, I think a lot of it has to do with if you look at the problems that people are facing, the breaches are misusing computers in order to use your account. If your account is authorized to still gain access to a particular resource, whether that be servers or databases, somehow the software and the systems that we put in place, and even some of the policies need to be retrofitted in order to go back and make sure that it really is a human gaining access to things, and not malware running around the network with compromised credentials. We've been spending a lot more time trying to help customers eliminate the use of passwords and try to move to stronger authentication. Most of the regulations now start talking about strong authentication but what does that really mean? It can't just be a one time passcode delivered to your phone. They've figured out ways to break into that. >> Certificates are being hacked and date just came out at SourceStory even before iStekNET's certificate authorities, are being compromised even before the big worm hit in what he calls the Atom Bomb of Malware. But this is the new trend that we are seeing is that the independent credentials of a user is being authentically compromised with the Equifax and all these breaches where all personal information is out there, this is a growth area for the hacks that people are actually getting compromised emails and sending them. How do you know it's not a fake account if you think it's your friend? >> Exactly. >> And that's the growth area, right? >> The biggest problem is trying to make sure that if you do allow someone to use my device here to gain access to my mail account, how do we make it stronger? How do we make sure that it really is David that is logged onto the account? If you think about it, my laptop, my iPad, my phone all authenticate and access the same email account and if that's only protected with a password then how good is that? How hard is it to break passwords? So we are starting to challenge a lot of base assumptions about different ways to do security because if you look at some of the tools that the hackers have their tooling is getting better all the time. >> So when, go ahead, sorry. finish your thoughts. >> Tools like their HashCat can break passwords. Like millions and millions a second. >> You're hacked, and basically out there. >> When you talk about eliminating passwords, you're talking about doing things other than just passwords, or you mean eliminating passwords? >> I mean eliminating passwords. >> So how does that work? >> The way that works is you have to have a stronger vetting process around who the person is, and this is actually going to be a challenge as people start looking at How do you vet a person? We ask them a whole bunch of questions: your mother's maiden name, where you've lived, other stuff that Equifax asked-- >> Yeah, yeah, yeah, everybody has. >> We ask you all of that information to find out is it really you?. But really the best way to do it now is going to be go back to government issued IDs because they have a vetting process where they're establishing an identity for you. You've got a driver's license, we all have social security numbers, maybe a passport. That kind of information is really the only way to start making sure it really is me. This is where you start, and the next place is assigning a stronger credential. So there is a way to get a strong credential on to your mobile device. The issuance process itself generates the first key pair inside the device in a protected place, that can't be compromised because it is part of the hardware, part of the chip that runs the processes of the phone and that starts acting as strong as a smart card. In the government they call it derived credentials. It's kind of new technology, NIST has had described documentation on how to make that work for quite some time but actually implementing it and delivering it as a solution that can be used for authentication to other things is kind of new here. >> A big theme of your talk tomorrow is on designing this in, so with all of this infrastructure out there I presume you can't just bolt this stuff on and spread it in a peanut butter spread across, so how do we solve that problem? Is it just going to take time-- >> Well that's actually-- >> New infrastructure? Modernization? >> Dr. Ron Ross is going to be joining me tomorrow and he is from the NIST, and we will be talking with him about some of these security frameworks that they've created. There's cyber security framework, there's also other guidance that they've created, the NIST 800-160, that describe how to start building security in from the very start. We actually have to back all the way up to the app developer and the operating system developers and get them to design security into the applications and also into the operating systems in such a way that you can trust the OS. Applications sitting on top of an untrusted operating system is not very good so the applications have to be sitting on top of trusted operating systems. Then we will probably get into a little bit of the newer technology. I am starting to find a lot of our customers that move to cloud based infostructures, starting to move their applications into containers where there is a container around the application, and actually is not bound so heavily to the OS. I can deploy as many of these app containers as I want and start scaling those out. >> So separate the workload from some of your infostructure. You're kind of seeing that trend? >> Exactly and that changes a whole lot of the way we look at security. So now your security boundary is not the machine or the computer, it's now the application container. >> You are the product strategist. You have the keys to the kingdom at Centrify, but we also heard today that it's a moving train, this business, it's not like you can lock into someone. Dave calls it the silver bullet and it's hard to get a silver bullet in security. How do you balance the speed of the game, the product strategy, and how do you guys deal with bringing customer solutions to the market that has an architectural scalability to it? Because that's the challenge. I am a slow enterprise, but I want to implement a product, I don't want to be obsolete by the time I roll it out. I need to have a scalable solution that can give me the head room and flexibility. So you're bringing a lot to the table. Explain what's going on in that dynamic. >> There's a lot of the, I try as much as possible to adhere to standards before they exist and push and promote those like on the authentication side of things. For the longest time we used LDAP and Kerberos to authenticate computers, to act a directory. Now almost all of the web app develops are using SAML or OpenID Connect or OLAF too as a mechanism for authenticating the applications. Just keeping up with standards like that is one of the best ways. That way the technologies and tools that we deliver just have APIs that the app developers can use and take advantage of. >> So I wanted to follow up on that because I was going to ask you. Isn't there a sort of organizational friction in that you've got companies, if you have to go back to the developers and the guys who are writing code around the OS, there's an incentive from up top to go for fast profits. Get to market as soon as you can. If I understand what you just said, if you are able to use open source standards, things like OLAF, that maybe could accelerate your time to market. Help me square that circle. Is there an inherent conflict between the desire to get short term profits versus designing in good security? >> It does take a little bit of time to design, build, and deliver products, but as we moved to cloud based infostructure we are able to more rapidly deploy and release features. Part of having a cloud service, we update that every month. Every 30 days we have a new version of that rolling out that's got new capabilities in it. Part of adapting an agile delivery models, but everything we deliver also has an API so when we go back and talk to the customers and the developer at the customer organizations we have a rich set of APIs that the cloud service exposes. If they uncover a use case or a situation that requires something new or different that we don't have then that's when I go back to the product managers and engineering teams and talk about adding that new capability into the cloud service, which we can expect the monthly cadence helps me deliver that more rapidly to the market. >> So as you look at the bell curve in the client base, what's the shape of those that are kind of on the cutting edge and doing by definition, I shouldn't use the term cutting edge, but on the path to designing in as you would prescribe? What's it look like? Is it 2080? 199? >> That's going to be hard to put a number on. Most of the customers are covering the basics with respect to consolidating identities, moving to stronger authetication, I'm finding one of the areas that the more mature companies have adopted as this just in time notion where by default nobody has any rights to gain access to either systems or applications, and moving it to a workflow request access model. So that's the one that's a little bit newer that fewer of my customers are using but most everybody wants to adopt. If you think about some of the attacks that have taken place, if I can get a piece of email to you, and you think it's me and you open up the attachment, at that point you are now infected and the malware that's on your machine has the ability to use your account to start moving around and authenticating the things that you are authorized to get to. So if I can send that piece of email and accomplish that, I might target a system administrator or system admins and go try to use their account because it's already authorized to go long onto the database servers, which is what I'm trying to get to. Now if we could flip it say well, yeah. He's a database admin but if he doesn't have permissions to go log onto anything right now and he has to make a request then the malware can't make the request and can't get the approval of the manager in order to go gain access to the database. >> Now, again, I want to explore the organizational friction. Does that slow down the organization's ability to conduct business and will it be pushed back from the user base or can you make that transparent? >> It does slow things down. We're talking about process-- >> That's what it is. It's a choice that organizations have to make if you care about the long term health of your company, your brand, your revenues or do you want to go for the short term profit? >> That is one of the biggest challenges that we describe in the software world as technical debt. Some IT organizations may as well. It's just the way things happen in the process by which people adhere to things. We find all to often that people will use the password vault for example and go check out the administrator password or their Dash-A account. It's authorized to log on to any Windows computer in the entire network that has an admin. And if they check it out, and they get to use it all day long, like okay did you put it in Clipboard? Malware knows how to get to your clipboard. Did you put it in a notepad document stored on your desktop? Guess what? Malware knows how to get to that. So now we've got a system might which people might check out a password and Malware can get to that password and use it for the whole day. Maybe at the end of the day the password vault can rotate the password so that it is not long lived. The process is what's wrong there. We allow humans to continue to do things in a bad way just because it's easy. >> The human error is a huge part in this. Administrators have their own identity. Systems have a big problem. We are with David McNeely, the vice president of product strategy with Centrify. I've got to get your take on Jim Ruth's, the chief security officer for Etna that was on the stage, great presentation. He's really talking about the cutting edge things that he's doing unconventionally he says, but it's the only way for him to attack the problem. He did do a shout out for Centrify. Congratulations on that. He was getting at a whole new way to reimagine security and he brought up that civilizations crumble when you lose trust. Huge issues. How would you guys seeing that help you guys solve problems for your customers? Is Etna a tell-sign for which direction to go? >> Absolutely, I mean if you think about problem we just described here the SysAdmin now needs to make a workflow style request to gain access to a machine, the problem is that takes time. It involves humans and process change. It would be a whole lot nicer, and we've already been delivering solutions that do this Machine learning behavior-based access controls. We tied it into our multifactor authentication system. The whole idea was to get the computers to make a decision based on behavior. Is it really David at the keyboard trying to gain access to a target application or a server? The machine can learn by patterns and by looking at my historical access to go determine does that look, and smell, and feel like David? >> The machine learning, for example. >> Right and that's a huge part of it, right? Because if we can get the computers to make these decisions automatically, then we eliminate so much time that is being chewed up by humans and putting things into a queue and then waiting for somebody to investigate. >> What's the impact of machine-learning on security in your opinion? Is it massive in the sense of, obviously it's breached, no it's going to be significant, but what areas is it attacking? The speed of the solution? The amount of data it can go through? Unique domain expertise of the applications? Where is the a-ha, moment for the machine learning value proposition? >> It's really going to help us enormously on making more intelligent decisions. If you think about access control systems, they all make a decision based on did you supply the correct user ID and password, or credential, or did you have access to whatever that resource is? But we only looked at two things. The authentication, and the access policy, and these behavior based systems, they look at a lot of other things. He mentioned 60 different attributes that they're looking at. And all of these attributes, we're looking at where's David's iPad? What's the location of my laptop, which would be in the room upstairs, my phone is nearby, and making sure that somebody is not trying to use my account from California because there's no way I could get from here to California at a rapid pace. >> Final question for you while we have a couple seconds left here. What is the value propositions for Centrify? If you had the bottom line of the product strategy in a nutshell? >> Well, kind of a tough one there. >> Identity? Stop the Breach is the tagline. Is it the identity? Is it the tech? Is it the workflow? >> Identity and access control. At the end of the day we are trying to provide identity and access controls around how a user accesses an application, how we access servers, privileged accounts, how you would access your mobile device and your mobile device accesses applications. Basically, if you think about what defines an organization, identity, the humans that work at an organization and your rights to go gain access to applications is what links everything together because as you start adopting cloud services as we've adopted mobile devices, there's no perimeter any more really for the company. Identity makes up the definition and the boundary of the organization. >> Alright, David McNeely, vice president of product strategy, Centrify. More live coverage, here in New York City from theCUBE, at CyberConnect 2017. The inaugural event. Cube coverage continues after this short break. (upbeat music)

(light orchestral music) >> Hello, everyone, and welcome to the Cube Conversation here at the Palo Alto studios for theCUBE. I'm John Furrier, the co-founder of SiliconANGLE Media. We're here for some news analysis with Peter Smails, the CMO of Datos.IO D-a-t-o-s dot I-O. Hot new start up with some news. Peter was just here for a thought leader segment with Chris Cummings talking about the industry breakdown. But the news is hot, prior to re:Invent which you will be at? >> Absolutely. >> RecoverX is the product. 2.5, it's a release. So, you've got a point release on your core product. >> Correct. >> Welcome to this conversation. >> Thanks for having me. Yeah, we're excited to share the news. Big day for us. >> All right, so let's get into the hard news. You guys are announcing a point release of the latest product which is your core flagship, RecoverX. >> Correct. >> Love the name. Love the branding of the X in there. It reminds me of the iPhone, so makes me wanna buy one. But you know ... >> We can make that happen, John. >> You guys are the X Factor. So, we've been pretty bullish on what you guys are doing. Obviously, like the positioning. It's cloud. You're taking advantage of the growth in the cloud. What is this new product release? Why? What's the big deal? What's in it for the customer? >> So, I'll start with the news, and then we'll take a small step back and sort of talk about why exactly we're doing what we're doing. So, RecoverX 2.5 is the latest in our flagship RecoverX line. It's a cloud data management platform. And the market that we're going after and the market we're disrupting is the traditional data management space. The proliferation of modern applications-- >> John: Which includes which companies? >> So, the Veritas' of the world, the Commvault's of the world, the Dell EMC's of the world. Anybody that was in the traditional-- >> 20-year-old architected data backup and recovery software. >> You stole my fun fact. (laughs) But very fair point which is that the average age approximately of the leading backup and recovery software products is approximately 20 years. So, a lot's changed in the last 20 years, not the least of which has been this proliferation of modern applications, okay? Which are geo-distributed microservices oriented and the rapid proliferation of multicloud. That disrupts that traditional notion of data management specifically backup and recovery. That's what we're going after with RecoverX. RecoverX 2.5 is the most recent version. News on three fronts. One is on our advanced recovery, and we can double-click into those. But it's essentially all about giving you more data awareness, more granularity to what data you wanna recover and where you wanna put it, which becomes very important in the multicloud world. Number two is what we call data center aware backup and recovery. That's all about supporting geo-distributed application environments, which again, is the new normal in the cloud. And then number three is around enterprise hardening, specifically around security. So, it's all about us increased flexibility and new capabilities for the multicloud environment and continue to enterprise-harden the product. >> Okay, so you guys say significant upgrade. >> Peter: Yep. >> I wanna just look at that. I'm also pretty critical, and you know how I feel on this so don't take it personal, multicloud is not a real deal yet. It's in statement of value that customers are saying-- It's coming! But cloud is here today, regular cloud. So, multicloud ... Well, what is multicloud actually mean? I mean, I can have multiple clouds but I'm not actually moving workloads across clouds, yet. >> I disagree. >> Okay. >> I actually disagree. We have multiple customers. >> All right, debunk that. >> I will debunk that. Number one use case for RecoverX is backup and recovery. But with a twist of the fact that it's for these modern applications running these geo-distributed environments. Which means it's not about backing up my data center, it's about, I need to make a copy of my data but I wanna back it up in the cloud. I'm running my application natively in the cloud, so I want a backup in the cloud. I'm running my application in the cloud but I actually wanna backup from the cloud back to my private cloud. So, that in lies a backup and recovery, and operation recovery use case that involves multicloud. That's number one. Number two use case for RecoverX is what we talk about on data mobility. >> So, you have a different definition of multicloud. >> Sorry, what was your-- Our definition of multicloud is fundamentally a customer using multiple clouds, whether it be a private on-prem GCP, AWS, Oracle, any mix and match. >> I buy that. I buy that. Where I was getting critical of was a workload. >> Okay. >> I have a workload and I'm running it on Amazon. It's been architected for Amazon. Then I also wanna run that same workload on Azure and Google. >> Okay. >> Or Oracle or somewhere else. >> Yep. >> I have to re-engineer it (laughs) to move, and I can't share the data. So, to me what multicloud means, I can run it anywhere. My app anywhere. Backup is a little bit different. You're saying the cloud environments can be multiple environments for your solution. >> That is correct. >> So, you're looking at it from the other perspective. >> Correct. The way we define ourselves is application-centric data management. And what that essentially means is we don't care what the underlying infrastructure is. So, if you look at traditional backup and recovery products they're LUN-based. So, I'm going to backup my storage LUN. Or they're VM-based. And a lot of big companies made a lot of money doing that. The problem is they are no LUN's and VM's in hybrid cloud or multicloud environment. The only thing that's consistent across application, across cloud-environments is the data and the applications that are running. Where we focus is we're 100% application-centric. So, we integrate at the database level. The database is the foundation of any application you create. We integrate there, which makes us agnostic to the underlying infrastructure. We run, just as examples, we have customers running next generation applications on-prem. We have customers running next generation applications on AWS in GCP. Any permutation of the above, and to your point about back to the multicloud we've got organizations doing backup with us but then we also have organizations using us to take copies of their backup data and put them on whatever clouds they want for things like test and refresh. Or performance testing or business analytics. Whatever you might wanna do. >> So, you're pretty flexible. I like that. So, we talked before on other segments, and certainly even this morning about modern stacks. >> Yeah. >> Modern applications. This is the big to-do item for all CXOs and CIOs. I need a modern infrastructure. I need modern applications. I need modern developers. I need modern everything. Hyper, micro, ultra. >> Whatever buzz word you use. >> But you guys in this announcement have a couple key things I wanna just get more explanation on. One, advanced recovery, backup anywhere, recover anywhere, and you said enterprise-grade security is the third thing. >> Yep. >> So, let's just break them down one at a time. Advanced recovery for Datos 2.5, RecoverX 2.5. >> Yep. >> What is advanced recovery? >> It's very specifically about providing high levels of granularity for recovering your data, on two fronts. So, the use case is, again, backup. I need to recover data. But I don't wanna necessarily recover everything. I wanna get smarter about the data I wanna recover. Or it could be for non-operational use cases, which is I wanna spin up a copy of data to run test dev or to do performance testing on. What advanced recovery specifically means is number one, we've introduced the notion of queryble recovery. And what that means is that I can say things like star dot John star. And the results returning from that, because we're application-centric, and we integrated the database, we give you visibility to that. I wanna see everything star dot John star. Or I wanna recover data from a very specific row, in a very specific column. Or I want to mask data that I do not wanna be recovered and I don't want people to see. The implications of that are think about that from a performance standpoint. Now, I only recover the data I need. So, I'm very, very high levels of granularity based upon a query. So, I'm fast from an RTO standpoint. The second part of it is for non-operational requirements I only move the data that is select to that data set. And number three is it helps you with things like GDPR compliance and PII compliance because you can mask data. So, that's query-based recovery. That's number one. The second piece of advanced recovery is what we call incremental recovery. That is granular recovery based upon a time stamp. So, you can get within individual points in time. So, you can get to a very high level of granularity based upon time. So, it's all about visibility. It's your data and getting very granular in a smart way to what you wanna recover. So, if I kind of hear what you're saying, what you're saying is essentially you built in the operational effectiveness of being effective operationally. You know, time to backup recovery, all that good RTO stuff. Restoring stuff operationally >> Peter: Very quickly. >> very fast. >> Peter: In a smart way. >> So, there's a speed game there which is table stakes. But you're real value here is all these compliance nightmares that are coming down the pike, GDPR and others. There's gonna be more. >> Peter: Absolutely. I mean, it could be HIPPA, it could be GDPR, anything that involves-- >> Policy. >> Policies. Anything that requires, we're completely policy-driven. And you can create a policy to mask certain data based upon the criteria you wanna put in. So, it's all about-- >> So you're the best of performance, and you got some tunability. >> And it's all about being data aware. It's all about being data aware. So, that's what advanced recovery is. >> Okay, backup anywhere, recover anywhere. What does that mean? >> So, what that means is the old world of backup and recovery was I had a database running in my data center. And I would say database please take a snapshot of yourself so I can make a copy. The new world of cloud is that these microservices-based modern applications typically run, they're by definition distributed, And in many cases they run distributed across they're geo-distributed. So, what data center aware backup and recovery is, use a perfect example. We have a customer. They're running their eCommerce. So, leading online restaurant reservations company. They're running their eCommerce application on-prem, interestingly enough, but it's based on Cassandra distributed database. Excuse me, MongoDB. Sorry. They're running geo-distributed, sharded MongoDB clusters. Anybody in the traditional backup and recovery their head would explode when you say that. In the modern application world, that's a completely normal use case. They have a data center in the U.S. They have a data center in the U.K. What they want is they wanna be able to do local backup and recovery while maintaining complete global consistency of their data. So again, it's about recovery time ultimately but it's also being data aware and focusing only on the data that you need to backup and recovery. So, it's about performance but then it's also about compliance. It's about governance. That's what data center aware backup is. >> And that's a global phenomenon people are having with the GO. >> Absolutely. Yeah, you could be within country. It could be any number of different things that drive that. We can do it because we're data aware-- >> And that creates complexity for the customer. You guys can take that complexity away >> Correct. >> From the whole global, regional where the data can sit. >> Correct. I'd say two things actually. To give the customers credit, the customers building these apps or actually getting a lot smarter about what they're data is and where they're data is. >> So they expect this feature? >> Oh, absolutely. Absolutely. I wouldn't call it table stakes cause we're the only kids on the block that can do it. But this is in direct response to our customers that are building these new apps. I wanna get into some of the environmental and customer drivers in a second. I wanna nail the last segment down. Cause I wanna unpack the whole why is this trend happening? What's the gestation period? What's the main enabler for you? But okay, final point on the significant announcements. My favorite topic enterprise-grade security. What the hell does that mean? First of all, from your standpoint the industry's trying to solve the same thing. Enterprise-grade security, what are you guys providing in this? >> Number one, it's basically security protocol. So, TLS and SSL. This is weed stuff. TLS, SSL, so secure protocol support. It's integration with LDAP. So, if organizations are running, primarily if they're running on-prem and they're running in an LDAP environment, we're support there. And then we've got Kerberos support for Kerberos authentication. So, it's all about just checking the boxes around the different security >> So, this is like in between >> and transport protocol. >> the toes, the details around compliance, identity management. >> Peter: Bingo. >> I mean we just had Centrify's CyberConnect conference, and you're seeing a lot of focus on identity. >> Absolutely. And the reason that that's sort of from a market standpoint the reason that these are very important now is because the applications that we're supporting these are not science experiments. These are eCommerce applications. These are core business applications that mainstream enterprises are running, and they need to be protected and they're bringing the true, classic enterprise security, authentication, authorization requirements to the table. >> Are you guys aligning with those features? Or is there anything significant in that section? >> From an enterprise security standpoint? It's primarily about we provide the support, so we integrate with all of those environments and we can check the boxes. Oh, absolutely TLS. Absolutely, we've got that box checked because-- >> So, you're not competing with other cybersecurity? >> No, this is purely we need to do this. This is part of our enterprise-- >> This is where you partner. >> Peter: Well, no. For these things it's literally just us providing the protocol support. So, LDAP's a good example. We support LDAP. So, we show up and if somebody's using my data management-- >> But you look at the other security solutions as a way to integrate with? >> Yeah. >> Not so much-- >> Absolutely, no. This has nothing to do with the competition. It's just supporting ... I mean Google has their own protocol, you know, security protocols, so we support those. So, does Amazon. >> I really don't want to go into the customer benefits. We'll let the folks go to the Datos website, d-a-t-o-s dot i-o is the website, if you wanna check out all their customer references. I don't wanna kind of drill on that. I kind of wanna really end this segment on the real core issue for me is reading the tea leaves. You guys are different. You're now kind of seeing some traction and some growth. You're a new kind of animal in the zoo, if you will. (Peter laughs) You've got a relevant product. Why is it happening now? And I'm trying to get to understanding Cloud Oss is enabling a lot of stuff. You guys are an effect of that, a data point of what the cloud is enabled as a venture. Everything that you're doing, the value you create is the function of the cloud. >> Yes. >> And how data is moving. Where's this coming from? Is it just recently? Is it a gestation period of a few years? Where did this come from? You mentioned some comparisons like Oracle. >> So, I'll answer that in sort of, we like to use history as our guide. So, I'll answer that both in macro terms, and then I'll answer it in micro terms. From a macro term standpoint, this is being driven by the proliferation of new data sources. It's the easiest way to look at it. So, if you let history be your guide. There was about a seven to eight year proliferation or gap between proliferation of Oracle as the primary traditional relational database data source and the advent of Veritas who really defined themselves as the defacto standard for traditional on-prem data center relational data management. You look at that same model, you'll look at the proliferation of VMware. In the late 90s, about a seven to eight year gestation with the rapid adoption of Veeam. You know the early days a lot of folks laughed at Veeam, like, "Who's gonna backup VMs? People aren't gonna use VMs in the enterprise. Now, you looked at Veeam, great company. They've done some really tremendous things carving out much more than a niche providing backup and recovery and availability in a VM-based environment. The exact same thing is happening now. If you go back six to seven years from now, you had the early adoption of the MongoDBs, the Cassandras, the Couches. More recently you've got a much faster acceleration around the DynamoDBs and the cloud databases. We're riding that same wave to support that. >> This is a side effect of the enabling of the growth of cloud. >> Yes. >> So, similar to what you did in VMware with VMs and database for Oracle you guys are taking it to the next level. >> These new data sources are completely driven by the fact that the cloud is enabling this completely distributed, far more agile, far more dynamic, far less expensive application deployment model, and a new way of providing data management is required. That's what we do. >> Yeah, I mean it's a function of maturity, one. As Jeff Rickard, General Manager of theCube, always says, when the industry moves to it's next point of failure, in this case failure is problem and you solve. So, the headaches that come from the awesomeness of the growth. >> Absolutely. And to answer that micro-wise briefly. So, that was the macro. The micro is the proliferation of, the movement from monolithic apps to microservices-based app, it's happening. And the cloud is what's enabling them. The move from traditional on-prem to hybrid cloud is absolutely happening. That's by definition the cloud. The third piece which is cloud-centric is the world's moving from a scale up world to an elastic-compute, elastic storage model. We call that the modern IT stack. Traditional backup and recovery, traditional data management doesn't work in the new modern IT stack. That's the market we're planning. That's the market we're disrupting is all that traditional stuff moving to the modern IT stack. >> Okay, Datos IO announcing a 2.5 release of RecoverX, their flagship product, their start up growing out of Los Gatos. Peter Smails here, the CMO. Where ya gonna be next? What's going on-- I know we're gonna see you re:Invent in a week in a half. >> Absolutely. So, we've got two stops. Well, actually the next stop on the tour is re:Invent. So, absolutely looking forward to being back on theCUBE at re:Invent. >> And the company feels good about those things are good. You've got good money in the bank. You're growing. >> We feel fantastic. It's fascinating to watch as things develop. The conversations we have now versus even six months ago. It's sort of the tipping point of people get it. You sort of explain, "Oh, yeah it's data management from modern applications. Are you deploying modern applications?" Absolutely. >> Share one example to end this segment on what you hear over and over again from customers that illuminates what you guys are about as a company, the DNA, the value preposition, and their impact on results and value for customers. >> So, I'll use a case study as an example. You know, we're the world's largest home improvement retailers. Old way, was they ran their multi-billion dollar eCommerce infrastructure. Running on IBM Db2 database. Running in their on-prem data center. They've moved their world. They're now running, they've re-architected their application. It's now completely microservices-based running on Cassandra, deployed 100% in Google cloud platform. And they did that because they wanted to be more agile. They wanted to be more flexible. It's a far more cost effective deployment model. They are all in on the cloud. And they needed a next generation backup and recovery data protection, data management solution which is exactly what we do. So, that's the value. Backup's not a new problem. People need to protect data and they need to be able to take better advantage of the data. >> All right, so here's the final, final question. I'm a customer watching this video. Bottom line maybe, I'm kind of hearing all this stuff. When do I call you? What are the signals? What are the little smoke signals I see in my organization burning? When do I need to call you guys, Datos? >> You should call Datos IO anytime, if you're doing anything with development of modern applications, number one. If you're doing anything with hybrid cloud you should call us. Because you're gonna need to reevaluate your overall data management strategy it's that simple. >> All right, Peter Smails, the CMO of Datos, one of the hot companies here in Silicon Valley, out of Los Gatos, California. Of course, we're in Palo Alto at theCube Studios. I'm John Furrier. This is theCUBE conversation. Thanks for watching. (upbeat techno music)

>> Narrator: From Denver, Colorado, it's theCUBE. Covering Super Computing '17, brought to you by Intel. Hey welcome back everybody, Jeff Frick here with theCUBE. We're at Super Computing 2017, Denver, Colorado, 12,000 people talking about big iron, big questions, big challenges. It's really an interesting take on computing, really out on the edge. The key note was, literally, light years out in space, talking about predicting the future with quirks and all kinds of things, a little over my head for sure. But we're excited to kind of get back to the ground and we have Ravi Pendekanti. He's the Senior Vice President of Product Management and Marketing, Server Platforms, Dell EMC. It's a mouthful, Ravi great to see you. Great to see you too Jeff and thanks for having me here. Absolutely, so we were talking before we turned the cameras on. One of your big themes, which I love, is kind of democratizing this whole concept of high performance computing, so it's not just the academics answering the really, really, really big questions. You're absolutely right. I mean think about it Jeff, 20 years ago, even 10 years ago, when people talk about high performance computing, it was what I call as being in the back alleys of research and development. There were a few research scientists working on it, but we're at a time in our journey towards helping humanity in a bigger way. The HPC has found it's way into almost every single mainstream industry you can think of. Whether it is fraud detection, you see MasterCard is using it for ensuring that they can see and detect any of the fraud that can be committed earlier than the perpetrators come in and actually hack the system. Or if you get into life sciences, if you talk about genomics. I mean this is what might be good for our next set of generations, where they can probably go out and tweak some of the things in a genome sequence so that we don't have the same issues that we have had in the past. Right. Right? So, likewise, you can pick any favorite industry. I mean we are coming up to the holiday seasons soon. I know a lot of our customers are looking at how do they come up with the right schema to ensure that they can stock the right product and ensure that it is available for everyone at the right time? 'Cause timing is important. I don't think any kid wants to go with no toy and have the product ship later. So bottom line is, yes, we are looking at ensuring the HPC reaches every single industry you can think of. So how do you guys parse HPC verses a really big virtualized cluster? I mean there's so many ways that compute and store has evolved, right? So now, with cloud and virtual cloud and private cloud and virtualization, you know, I can pull quite a bit of horsepower together to attack a problem. So how do you kind of cut the line between Navigate, yeah. big, big compute, verses true HPC? HPC. It's interesting you ask. I'm actually glad you asked because people think that it's just feeding CPU or additional CPU will do the trick, it doesn't. The simple fact is, if you look at the amount of data that is being created. I'll give you a simple example. I mean, we are talking to one of the airlines right now, and they're interested in capturing all the data that comes through their flights. And one of the things they're doing is capturing all the data from their engines. 'Cause end of the day, you want to make sure that your engines are pristine as they're flying. And every hour that an engine flies out, I mean as an airplane flies out, it creates about 20 terabytes of data. So, if you have a dual engine, which is what most flights are. In one hour they create about 40 terabytes of data. And there are supposedly about 38,000 flights taking off at any given time around the world. I mean, it's one huge data collection problem. Right? I mean, I'm told it's like a real Godzilla number, so I'll let you do the computation. My point is if you really look at the data, data has no value, right? What really is important is getting information out of it. The CPU on the other side has gone to a time and a phase where it is hitting the, what I call as the threshold of the Moore's law. Moore's law was all about performance doubles every two years. But today, that performance is not sufficient. Which is where auxiliary technologies need to be brought in. This is where the GPUs, the FBGAs. Right, right. Right. So when you think about these, that's where the HPC world takes off, is you're augmenting your CPUs and your processors with additional auxiliary technology such as the GPUs and FBGAs to ensure that you have more juice to go do this kind of analytics and the massive amounts of data that you and I and the rest of the humanity is creating. It's funny that you talk about that. We were just at a Western Digital event a little while ago, talking about the next generation of drives and it was the same thing where now it's this energy assist method to change really the molecular way that it saves information to get more out of it. So that's kind of how you parse it. If you've got to juice the CPU, and kind of juice the traditional standard architecture, then you're moving into the realm of high performance computing. Absolutely, I mean this is why, Jeff, yesterday we launched a new PowerEdge C4140, right? The first of it's kind in terms of the fact that it's got two Intel Xeon processors, but beyond that, it also can support four Nvidia GPUs. So now you're looking at a server that's got both the CPUs, to your earlier comment on processors, but is augmented by four of the GPUs, that gives immense capacity to do this kind of high performance computing. But as you said, it's not just compute, it's store, it's networking, it's services, and then hopefully you package something together in a solution so I don't have to build the whole thing from scratch, you guys are making moves, right? Oh, this is a perfect lead in, perfect lead in. I know, my colleague, Armagon will be talking to you guys shortly. What his team does, is it takes all the building blocks we provide, such as the servers, obviously looks at the networking, the storage elements, and then puts them together to create what are called solutions. So if you've got solutions, which enable our customers to go back in and easily deploy a machine-learning or a deep-learning solution. Where now our customers don't have to do what I call as the heavy lift. In trying to make sure that they understand how the different pieces integrate together. So the goal behind what we are doing at Dell EMC is to remove the guess work out so that our customers and partners can go out and spend their time deploying the solution. Whether it is for machine learning, deep learning or pick your favorite industry, we can also verticalize it. So that's the beauty of what we are doing at Dell EMC. So the other thing we were talking about before we turned turned the cameras on is, I call them the itys from my old Intel days, reliability, sustainability, serviceability, and you had a different phrase for it. >> Ravi: Oh yes, I know you're talking about the RAS. The RAS, right. Which is the reliability, availability, and serviceability. >> Jeff: But you've got a new twist on it. Oh we do. Adding something very important, and we were just at a security show early this week, CyberConnect, and security now cuts through everything. Because it's no longer a walled garden, 'cause there are no walls. There are no walls. It's really got to be baked in every layer of the solution. Absolutely right. The reason is, if you really look at security, it's not about, you know till a few years ago, people used to think it's all about protecting yourself from external forces, but today we know that 40% of the hacks happen because of the internal, you know, system processes that we don't have in place. Or we could have a person with an intent to break in for whatever reason, so the integrated security becomes part and parcel of what we do. This is where, with in part of a 14G family, one of the things we said is we need to have integrated security built in. And along with that, we want to have the scalability because no two workloads are the same and we all know that the amount of data that's being created today is twice what it was the last year for each of us. Forget about everything else we are collecting. So when you think about it, we need integrated security. We need to have the scalability feature set, also we want to make sure there is automation built in. These three main tenets that we talked about feed into what we call internally, the monic of a user's PARIS. And that's what I think, Jeff, to our earlier conversation, PARIS is all about, P is for best price performance. Anybody can choose to get the right performance or the best performance, but you don't want to shell out a ton of dollars. Likewise, you don't want to pay minimal dollars and try and get the best performance, that's not going to happen. I think there's a healthy balance between price performance, that's important. Availability is important. Interoperability, as much as everybody thinks that they can act on their own, it's nearly impossible, or it's impossible that you can do it on your own. >> Jeff: These are big customers, they've got a lot of systems. You are. You need to have an ecosystem of partners and technologies that come together and then, end of the day, you have to go out and have availability and serviceability, or security, to your point, security is important. So PARIS is about price performance, availability, interoperability, reliability, availability and security. I like it. That's the way we design it. It's much sexier than that. We drop in, like an Eiffel Tower picture right now. There you go, you should. So Ravi, hard to believe we're at the end of 2017, if we get together a year from now at Super Computing 2018, what are some of your goals, what are your some objectives for 2018? What are we going to be talking about a year from today? Oh, well looking into a crystal ball, as much as I can look into that, I thin that-- >> Jeff: As much as you can disclose. And as much as we can disclose, a few things I think are going to happen. >> Jeff: Okay. Number one, I think you will see people talk about to where we started this conversation. HPC has become mainstream, we talked about it, but the adoption of high performance computing, in my personal belief, is not still at a level that it needs to be. So, if you go down next 12 to 18 months, lets say, I do think the adoption rates will be much higher than where we are. And we talk about security now, because it's a very topical subject, but as much as we are trying to emphasize to our partners and customers that you've got to think about security from ground zero. We still see a number of customers who are not ready. You know, some of the analysis show there are nearly 40% of the CIOs are not ready in helping and they truly understand, I should say, what it takes to have a secure system and a secure infrastructure. It's my humble belief that people will pay attention to it and move the needle on it. And we talked about, you know, four GPUs in our C4140, do anticipate that there will be a lot more of auxiliary technology packed into it. Sure, sure. So that's essentially what I can say without spilling the beans too much. Okay, all right, super. Ravi, thanks for taking a couple of minutes out of your day, appreciate it. = Thank you. All right, he's Ravi, I'm Jeff Frick, you're watching theCUBE from Super Computing 2017 in Denver, Colorado. Thanks for watching. (techno music)

(upbeat music) >> Hello, everyone and welcome to this special CUBE conversation here in our studios in Palo Alto, California. I'm John Furrier, the co-founder of SiliconANGLE Media and cohost of theCUBE, with a special preview of CyberConnect 2017, a global security conference presented by Centrify, it's an industry-independent event. I'm here with the CEO and Founder of Centrify, Tom Kemp. Tom, thanks for joining me on this preview of CyberConnect 2017. >> It's great to be here again. >> So, you guys, obviously, as a company are no longer struggling, you're clearly clearing the runway on growth. Congratulations on the success. This event will be broadcasting live on theCUBE as folks should know on the site. CyberConnect 2017 is a different kind of event, it's really the first of its kind where it's an industry gathering, not just a Black Hat, I mean, RSA's got Black Hat and they try to weave a little business in. This is all about leadership in the industry. Is that right? >> Yeah, absolutely. You know, there's really a dearth of business-focused discussions with C-Level people discussing the issues around security. And so, what we found was, was that most of the conversations were about the hackers, you know, the methodology of goin' in and hacking in. And, that doesn't really help the business people, they have to understand what are the higher level strategies that should be deployed to make their organizations more secure. So, we kind of wanted to up-level the conversation regarding security and help C-Level people, board people, figure out what they should be doing. >> And, we've obviously been reporting at SiliconANGLE, obviously, the latest and greatest on hacks. You know, you've seen everything from cyber threats, where are real hacking, to nuanced things like the rushing dissidents campaign on Facebook around voter impressions. And we saw that in the hearings in the senate where Facebook got really grilled by, you know, "Is it a real threat," no, but it is a threat in the sense that they're putting opinion-shaping. So, there's a broad range of business issues, some are highly-nuanced, some are very specific business values, you're out of business if you get hacked. So, how do you see that, because is that the discussion point? Is it more policy, all of the above, what is the overall conversations going to be like at CyberConnect 2017? >> Yeah, I think it's, look, the reality is, is that breaches before were about potentially stealing your data. But, now it's an impact on your brand. Like, what if the Russians were doing that to Pepsi or Coca-Cola, et cetera? They could just completely setup a lot of negative sentiment about you, so there's a lot of different ways to impact organizations as well. And so, what we're doing at CyberConnect is, putting forth CIOs of Aetna, US Bank, and having them describe what they do. I mean, think about a major healthcare company, Aetna, US Bank, the list goes on, you know, Blue Cross Blue Shield. And we're having the major CSOs of these large organizations tell their peers what they're doing to protect their company, their brands, et cetera. >> Well, I want to get back to the business impact in a second, but some notable key notes here. Securing a Nation Amid Change, A Roadmap to Freedom, from Retired General Keith Alexander, Former Director of the NSA and Chief of the U.S. Cyber Command. Why is he there, what's the focus for his talk? >> Well, you can't ignore the government aspect. Well, first of all, government is a huge target and we obviously saw that with the election, we saw that with the hack of the Office of Personnel Management, et cetera. And so, you know, nation states are going after governments as well as criminal organizations, so General Alexander can talk about what he did to protect us as citizens and our government. But, he also has a great insight in terms of what hackers are doing to go after critical infrastructure. >> John: He's got some experience thinking about it, so he's going to bring that thinking in? >> Absolutely, and he's going to give us an update on the latest vectors of attacks that are happening, and give us some insight on what he experienced trying to protect the United States but also trying to protect our businesses and infrastructure. So, we wanted to have him kick things off to give, you know, what more, the NSA, the ex-NSA head telling us what's going on. >> And you got amazing guests here, again the CSO from Aetna, the Chief Security Officer from Cisco, The Global Value Chain, you got US Bank. You got Amazon Web Services here talking about the Best Practice of Running Workloads on an Amazon Service Cloud. So, you got the gamut of industry, as well as some government people who have experienced dealing with this from a practitioners standpoint? What's the convoluence of that, what's the trends that are coming out of those? What can people expect to hear and look forward to watching the videos for? >> You know, I think it's going to be some of the trends that you guys talk about. It's like, how can you leverage AI and machine learning to help better protect your organization as well? So, that's going to be one huge trend. I think the other trend, and that's why we have the folks from Amazon, is in a world in which we're increasingly using mobile and Cloud and leaving the perimeter, you know, in a world where there's no perimeter, how can you secure your users, your data, et cetera? So, I think the focus of the conference is going to be very much on leveraging modern and new technologies, AI, machine learning, discussing concepts like Zero Trust. And then, also, figuring out and helping people really get some good ideas as they make the move to Cloud, how can they secure themselves, make themselves, more secure than when they had the traditional perimeter set up? >> I mean, given the security landscape, you and I discussed this in and around the industry, go back seven years, "Oh, Cloud's un-secure," now Cloud seems to be more secure then on perim because of the work that Amazon, for instance, they upped their game significantly in security, haven't they? >> Absolutely, and you know, it's interesting, it's, I mean, you see it first hand, Google comes out with announcements, Microsoft, Oracle, et cetera, and security is a key issue. And they're trying to provide a more secure platform to get people comfortable moving with the Cloud. At the same time, there's vendors such as Centrify, that's there's value-add that we can provide and one area that we specifically provide is in the area of identity and controlling who can access what, as well. So, yeah, it completely reshapes how you do security, and the vendors are contributing. What's so important that the solutions that we had before are being completely disruptive and they need to be completely adopted for the new Cloud world. >> I know it's your first event, you guys are underwriting this, it's presented by Centrify, it's not sponsored by, it's not your show. Although you're doing a lot of heavy lifting in supporting this, but your vision for this CyberConnect is really more of a gathering amongst industry folks. We're certainly glad to be a part of it, thanks for inviting us, we're glad to be there. But, this is not a Centrify-only thing, explain the presented by Centrify vis-a-vis CyberConnect. >> So, and we've also put forth another organization that we've worked with. It's an organization called ICIT, the Institute for Critical Information Technology. And, what they are, is they're a think tank. And they are very much about how can we support and secure the infrastructure of the United States, as well? We didn't want this to be a vendor fest, we wanted to be able to have all parties, no matter what technologies they use, to be able to come together and get value of this. It benefits Centrify because it raises awareness and visibility for us, but even more important, that we wanted to give back to the community and offer something unique and different. That this is not just another vendor fest show, et cetera, this is something where it's a bringing together of really smart people that are on the front-lines of securing their organizations. And we just felt that so much value could be driven from it. Because, all the other shows are always about how you can hack and ATM and all that stuff, and that's great, that's great for a hacker but that doesn't really help business people. >> Or vendors trying to sell something, right? >> Exactly. >> Another platform to measure something? >> Yeah, exactly. >> This is more of a laid-back approach. Well, I think that's great leadership, I want to give you some props for that. Knowing that you guys are very, as you say, community-centric. Now you mentioned community, this is about giving back and that's certainly going to be helpful. But, security has always been kind of a community thing, but now you're starting to see the business and industry community coming together. What's your vision for the security community at this CSO level? What's needed, what's your vision? >> I think what's needed is better sharing of best practices, and really, more collaboration because the same attacks that are going to happen for, say one healthcare organization, the hackers are going to use the same means and methods, as well. And so, if you get the CSOs in the room together and hear what the others are experiencing, it's just going to make them more better. So, the first thing, is to open up the communication. The second thing is, is that could we figure out a way, from a platform or a technology perspective, to share that information and share that knowledge? But, the first step is to get the people in the room to hear from their peers of what's going on. And, frankly, government at one point was supposed to be doing it, it's not really doing it, so, I think an event like this could really help in that regard. >> Well, and also, I would just point out the growth in GovCloud and following some of the stuff going on at Amazon, as an example, had been skyrocketing. So, you're starting to see industry and government coming together? >> Yeah. >> And now you got a global landscape, you know, this is interesting times and I want to get your reaction to some of the things that have been said here on theCUBE but also, out in the marketplace where, you know, it used to be state-actor game, not state on state. And then, if they revealed their cards, then they're out in the open. But now, the states are sponsoring, through open source, and also, in these public domains, whether it's a WikiLeaks or whatever, you're starting to see actors being subsidized or sponsored. And so that opens up the democratization capability for people to organize and attack the United States. And companies. >> Oh, absolutely, and you could right now, they have a help desk, and it's like ordering a service. "Oh, you want 500 bots going after this?" >> John: Smear a journalist for $10k. >> (laughing) Exactly, it's like as a service. Hacking as a service, they have help desk, et cetera. And, the interesting thing is. >> It's a business model. >> It's a business model, you're absolutely right. The people, it's all pay to play, right? And, just the number of resources being devoted and dedicated, and we're talking about thousands of people in Russia, thousands of people in North Korea, and thousands of people in China. And, what came out just recently, is now that they're shifting their target to individuals, and so, now you may have an individual that there may be a person just dedicated to them in China, or Russia or North Korea, trying to hack into them as well. So, it's getting really scary. >> It's almost too hard for one company with brute force, this is where the collective intelligence of the community really plays a big difference on the best practices because when you thought you had one model nailed, not just tech, but business model, it might shift. So, it seems like a moving train. >> Yeah, and we're having Mist show up, and so we're getting the government. But, I really think that there does need to be, kind of, more of an open-sourcing of knowledge and information to help better fine tune the machine learning that's needed and required to prevent these type of breaches. >> So, what can we expect? Obviously, this is a preview to the show, we'll be there Monday broadcasting live all day. What can people expect of the event, content-wise, what are your favorites? >> Well, I mean, first of all, just the people that we have there. We're going to get the two CCOs from two of the biggest healthcare companies, we're going to get the former head of the NSA, we're going to get the CSO of US Bank, I mean, we're talking the biggest financial services organizations. We're going to have the biggest healthcare organizations. We're going to have the people doing cyber. >> John: MasterCard's there. >> Yeah, MasterCard, we have the German government there as well, so we've got government, both U.S. as well as European. We've got all the big people in terms of, that have to secure the largest banks, the largest healthcare, et cetera. And then, we also have, as you talked about, obviously Centrify's going to be there, but we're going to have AWS, and we're going to have some other folks from some of the top vendors in the industry as well. So, it's going to be a great mixture of government, business, as well as vendors. Participating and contributing and talking about these problems. >> So, it's an inaugural event? >> Yes. >> So, you're looking for some success, we'll see how it goes, we'll be there. What can you expect, are you going to do this every year? Twice a year, what's the thoughts on the even itself? >> It's been amazing, the response. So, we just thought we were going to have 400 people, we sold out, we're getting close to 600 people. And now, we're going to have over 1,000 people that are going to be doing the live streaming. There's just a huge, pent-up demand for this, as well. So, we actually had to shut down registration and said sold out a week or two ago. And, so far, it looks really good, let's see how it goes. It looks like we can easily double this. We're already thinking about next year, we'll see how the event goes. If you just look at the line-up, look at the interest, or whatever, there's a pent-up demand to better secure government and enterprises. >> And leadership, like you guys are taking this as an issue, plus, others coming together. We're certainly super glad to be a part of the community, and we look forward to the coverage. This is really, kind of, what the industry needs. >> Absolutely. >> All right, Tom Kemp, the CEO and Founder of Centrify, really fast growing start up, doing an event for the community. Very strong approach, I love the posture, I think that's the way to go than these vendor shows. You know how I feel about that. It's all about the community, this is a community. I mean, look at the Bitcoin, the Blockchain, know you're customer isn't into money laundering. It's an identity game. >> Yeah, absolutely. >> Now, by the way, quick, is there going to be any Blockchain action there? >> Oh, I don't know about that, I don't think so. >> Next year. (laughing) >> Next year, exactly. >> It's certainly coming, Blockchain security, as well as a lot of great topics. Check out CyberConnect 2017. If you can't make it to New York, they're sold out, theCUBE.net is where you can watch it live. And, of course, we'll have all the video coverage on demand, on theCUBE.net, as well. So, we'll have all the sessions and some great stuff. Tom Kemp, CEO. I'm John Furrier from theCUBE, here in Palo Alto, thanks for watching. (upbeat music)

(clicking noise) >> Hello, I'm John Furrier, SiliconANGLE media, co-host of theCUBE. We are here on the ground in, here in Santa Clara, California, Centrify's headquarters, with Tom Kemp, the CEO of Centrify, and Parham Eftekhari, who's the co-founder and senior fellow of ICIT, which is the Institute of Critical Infrastructure Technologies, here to talk about security conversation. Guys, welcome to theCUBE's On the Ground. >> Thank you. >> Great to be here. >> Great to see you again, Tom. >> Yeah, absolutely. >> And congratulations on all your success. And Parham, GovCloud is hot. We were just in D.C. with Amazon Web Services Public Sector Summit. It's gotten more and more to the point where cyber is in the front conversation, and the political conversation, but on the commercial side as well. There's incidents happening every day. Just this past month, HBO, Game of Thrones has been hijacked and ransomed. I guess that's ransom, or technically, and a hack. That's high-profile, but case after case of high-profile incidents. >> Yeah, yeah. >> Okay, on the commercial side. Public sector side, nobody knows what's happening. Why is security evolving slow right now? Why isn't it going faster? Can you guys talk about the state of the security market? >> Yeah, well, ya know, I think first of all, you have to look at the landscape. I mean, our public and private sector organizations are being pummeled every day by nation states, mercenaries, cyber criminals, script kiddies, cyber jihadists, and they're exploiting vulnerabilities that are inherent in our antiquated legacy systems that are put together by, ya know, with a Frankenstein network as well as devices and systems and apps that are built without security by design. And we're seeing the results, as you said, right? We're seeing an inundation of breaches on a daily basis, and many more that we don't hear about. We're seeing weaponized data that's being weaponized and used against us to make us question the integrity of our democratic process and we're seeing, now, a rise in the focus on what could be the outcome of a cyberkinetic incident, which, ultimately, in the worst case scenario, could have a loss of life. And so I think as we talk about cyber and what it is we're trying to accomplish as a community, we ultimately have a responsibility to elevate the conversation and make sure that it's not an option, but it is a priority. >> Yeah, no, look, I mean, here we are in a situation in which the industry is spending close to 80 billion dollars a year, and it's growing 10 percent, but the number of attacks are increasing much more than 10 percent, and as Parham said, you know, we literally had an election impacted by cyber security. It's on the front page with HBO, et cetera. And I really think that we're now in a situation where we really need to rethink how we do security in, as enterprises and as even individuals. >> And it's seems, talking about HBO, talking about the government, you mentioned, just the chaos that's going on here in America, you almost don't know what you don't know. And with the whole news cycle going on around this, but this gets back to this notion of critical infrastructure. I love that name, and you have in your title 'ICIT,' Institute of Critical Infrastructure, because, ya know, and certainly the government has had critical infrastructure. There's been bridges, and roads, and whatnot, they've had the DNS servers, there's been some critical infrastructure at the airports and whatnot, but for corporations, the critical infrastructure used to be the front door. And then their data center. Now with cloud, no perimeter, we've talked about this on theCUBE before, you start to change the notion of what critical infrastructure is. So, I guess, Parham, what does critical infrastructure mean, from a public and commercial perspective? Tell me, you can talk about it. And what's the priorities for the businesses and governments to figure out what's the order of operations to get to the bottom of making sure everything's secure? >> Yeah, it's interesting, that's a great question, you know, when most people think about critical infrastructure as legacy technology, or legacy's, you know, its roads, its bridges, its dams. But if you look at the Department of Homeland Security, they have 16 sectors that they're tasked with protecting. Includes healthcare, finance, energy, communications, right? So as we see technology start to become more and more ingrained in all these different sectors, and we're not just talking about data, we're talking about ICS data systems. A digital attack against any one of these critical infrastructure sectors is going to have different types of outcomes, whether you're talking about a commercial sector organization, or the government. You know, one of the things that we always talk about is really the importance of elevating the conversation, as I mentioned earlier, and putting security before profits. I think, ultimately, we've gotten to this situation because a lot of companies do a cost-benefit analysis, say, "You know what? I may be in the healthcare sector, "and ultimately it'll be cheaper for me to be breached, "pay my fines, and deal with potentially even the "loss to brand, to my brand, in terms of brand value, "and that'll cheaper than investing what "I need to to protect my patients and their information." And that's the wrong way to look at it. I think now, as we were talking about this week, the cost of all this is going higher, which is going to help, but I think we need to start seeing this fundamental mind-shift in how we are prioritizing security, as I mentioned earlier. It's not an option, it must be a requisite. >> Yeah, I think what we're seeing now, is in the years past, the hackers would get at some bits of information, but now we're seeing with HBO, with Sony, they can strip mine an entire company. >> They put them out of business. >> Exactly. >> The money that they're doing with ransomeware, which is a little bit higher profile, ransomware, I mean, there's a specific business outcome, here, and it's not looking good, they go out of business. >> Oh, absolutely, and so Centrify, we just recently sponsored a survey, and nowadays, if you announce that you got breached, and you have to, now. It's 'cause you have to tell your shareholders, you have to tell your customers. Your stock drops, on average, five percent in a day. And so we're talking about billions of dollars of market capitalization that can disappear with a breach as well. So we're beyond, it's like, "Oh, they stole some data, "we'll send out a letter to our customers, "and we'll give 'em free Experian for a year." Or something like that." Now, it's like, all your IP, all the content, and John, I think you raised a very good point, as well. In the case of the federal government, it's still about the infrastructure being physical items, and of course, with internet a thing since now it's connected to the internet, so it's really scary that a bridge can flip open by some guy in the Ukraine or Russia fiddling with it. But now with enterprises, it's less and less physical, the store, and we're now going through this massive shift to the cloud, and more and more of your IP is controlled and run. It's the complete deperimeterization that makes things every more complicated. >> Well it's interesting you mentioned the industrial aspect of it, with the bridge, because this is actually a real issue with self-driving cars, this was on everyone's mind, we were just covering some content, covering Ford's event yesterday in San Francisco. They got this huge problem. Ya know, hacking of the cars. So, industrial IOT opens up, again, the surface area, but this kind of brings the question down to customers, that you guys have or companies or governments. How do they become resilient? How do they put steps in place? Because, you know, I was just talking to someone who runs a major port in the U.S., and the issues there are maritime, right? So you talk about infrastructure, container ships, obviously worry about terrorists and other things happening. But just the general IT infrastructure is neanderthal, it's like, 30 years old. >> Yeah. >> So you have legacy infrastructure, as you mentioned, but businesses also have legacy, so how do you balance where you are? How do you know the progress bar of your protection? How do you know the things you need to put in place? How do you get to resilience? >> Yeah, but see, I think there also needs to be a rethink of security. Because the traditional ways that people did it, was protecting the perimeter, having antivirus, firewalls, et cetera. But things have really changed and so now what we're seeing is that an entity has become the top attack vector going in. And so if you look at all these hacks and breaches, it's the stealing of usernames and passwords, so people are doing a good job of, the hackers are social engineering the actual users, and so, kind of a focus needs to shift of securing the old perimeter, to focusing on securing the user. Is it really John Furrier trying to access e-mail? Can we leverage biometrics in this? And trying to move to the concept of a zero-trust model, and where you have to, can't trust the network, can't trust the IP address, but you need to factor in a lot of different aspects. >> It's interesting, I was just following this blog chain because we've been covering a lot of the blog chains, immutable and encrypted, the wallets were targets. (laughing) Hey, this Greta the Wall, where they store the money. Now we own that encrypted data. So, again, this is the, hackers are fast, so, again, back to companies because they have to put if they have shareholder issues, or they have some corporate governance issues. But at the end of the day, it's a moving train. How does the government offer support? How do companies put it in place? What do they need to do? >> Yeah, well, there's a couple of things you can look at. First of all, you know, as a think tank, we're active on Capital Hill, working with members of both minority and majority sides, we're actively proposing bipartisan legislation, which provides a meaningful movement forward to secure and address some of the issues you're talking about. Senator Markey recently put out the Cyber Shield Act, which creates a type of score, right? For a device, kind of like the ENERGY STAR in the energy sector. So just this week, ICIT put out a paper in support of an amendment by Senator Lindsey Graham, which actually addresses the inherent vulnerabilities in our election systems, right? So there's a lot of good work being done. And that really goes to the core of what we do, and the reasons that we're partnering together. ICIT is in the business of educating and advising. We put out research, we make it freely available, we don't believe in com`moditizing information, we believe in liberating it. So we get it in the hands of as many people as possible, and then we get this objective research, and use it as a stepping stone to educate and to advise. And it could be through meetings, it could be through events, it could be through conversation with the media. But I think this educational process is really critical to start to change the minds of-- >> You know, if I can add to that, I think what really needs to be done with security, is better information sharing. And it's with other governments and enterprises that are under attack. Sharing that information as opposed to only having it for themselves and their advantage, and then also what's required is better knowledge of what are the best practices that need to be done to better protect both government and enterprises. >> Well, guys, I want to shift gears and talk about the CyberConnect event, which is coming up in November, an industry event. You guys are sponsoring, Centrify, but you guys are also on the ball, there's a brand new content program. It's an independent event, it's targeted to the industry, not a Centrify user group. Parham, I want to put you on the spot before we get to the CyberConnect event. You mentioned the elections. What's the general, and I'm Silicon Valley and so I had to ask the question 'cause you're in the trenches down in D.C. What is the general sentiment in D.C. right now on the hacking? Because, I was explaining it to my son the other day, like, "Yeah, the Russians probably hacked everybody, "so technically the election "fell into that market basket of hats." So maybe they did hack you. So I'm just handwaving that, but it probably makes sense. The question is, how real is the hacking threat in the minds of the folks in D.C. around Russia and potentially China and these areas? >> Yeah, I think the threat is absolutely real, but I think there has to be a difference between media, on both sides, politicizing the conversation. There's a difference between somebody going in and actually, you know, changing your vote from one side to the other. There's also the conversation about the weaponization of data and what we do know that Russia is doing with regards to having armies of trolls out there or with fake profiles, and are creating faux conversations and steering public sentiment of perception in directions that maybe wasn't already there. And so I think part of the hysteria that we see, I think we're fearful and we have a right to be fearful, but I think taking the emotion and the politics out of it, and actually doing forensic assessments from an objective perspective to understanding what truly is going on. We are having our information stolen, there is a risk that a nation state could execute a very high-impact, digital attack that has a loss of life. We do know that foreign states are trying to impact the outcomes of our democratic processes. I think it's important to understand, though, how are they doing it and is what we're reading about truly what's happening kind of on the streets. >> And that's where the industrial thing you were kind of tying together, that's the loss of life potential, using digital as an attack vector into something that could have a physical, and ultimately deadly outcome. Yeah, we covered, also that story that was put out, about the fake news infrastructure. It's not just the content that they're making up, it's actually the infrastructure fake news. Bionets, and whatnot. And I think Mike Rowe wrote a story on this, where they actually detailed, you can smear a journalist for 40K. >> Yeah. >> These are actually out there, that are billed for specifically these counter... Programs. >> As a service. You know, go on a forum on the Deep Web and you can contract these types of things out. And it's absolutely out there. >> And then what do you say to your average American friends, that you're saying, hey, having a cocktail with, you're at a dinner. What's going on with security? What do you say to them? You should be worried, calm down, no we're on it. What's the message that you share with your friends that aren't in the industry? >> Personally, I think the message is that, you know, you need to vigilant, you need to, it may be annoying, but you do have to practice good cyber hygiene, think about your passwords, think about what you're sharing on social media. We'd also talk, and I personally believe that, some of these things will not change unless we as consumers change what is acceptable to us. If we stop buying devices or systems or apps based on the convenience that it brings to our lives, and we say, "I'm not going to spend money on that car, "because I don't know if it's secure enough for me." You will see industry change very quickly. So I think-- >> John: Consumer behavior is critical. >> Absolutely. That's definitely a piece of it. >> Alright, guys, so exciting event coming up, theCUBE will be covering the CyberConnect event in November. The dates, I think, November-- >> Sixth and seventh. >> Sixth and seventh in New York City at the Grand Hyatt. Talk about the curriculum, because this is a unique event, where you guys are bringing your sponsorship to the table, but providing an open industry event. What's the curriculum, what's the agenda, what's the purpose of the event? >> Yeah, Tom. >> Okay, I'll take it, yeah. I mean, historically, like other security vendors, we've had our users' conference, right? And what we've found is that, as you alluded to, that there just needs to be better education of what's going on. And so, instead of just limiting it to us talking to our customers about us, we really need to broaden the conversation. And so that's why we brought in ICIT, to really help us broaden the conversation, raise more awareness and visibility for what needs to be done. So this is a pretty unique conference in that we're having a lot of CSOs from some incredible enterprise, as well as government. General Alexander, the former of the Cyber Security Command is a keynote, but we have the CSO of Aetna, Blue Cross involved, as well. So we want to raise the awareness in terms of, what are the best practices? What are the leading minds thinking about security? And then parallel, also, for our customers, we're going to have a parallel track where, if they want to get more product-focused technology. So this is not a Centrify event. This is an industry event, ya know. Black Hat is great, RSA is great, but it's really more at the, kind of the bits and bytes-- >> They're very narrow, but you are only an identity player. There's a bigger issue. What about these other issues? Will you discuss-- >> Oh, absolutely. >> Yeah, well-- >> Is it an identity or is it more? >> It actually is more, and this is one of the reasons, at a macro level, the work that we've done at Centrify, for a number of years now. You know, we have shared the same philosophy that we have a responsibility, as experts in the cyberspace, to move the industry forward and to really usher in, almost a cyber security renaissance, if you will. And so, this is really the vision behind CyberConnect. So if you look at the curriculum, we're talking about, you know, corporate espionage, and how it's impacting commercial organizations. We're talking about the role of machine-learning based artificial intelligence. We'll be talking about the importance of encrypting your data. About security by design. About what's going on with the bot net epidemic that's out there. So there absolutely will be a very balanced program, and it is, again, driven and grounded in that research that ICIT is putting out in the relationships that we have with some of these key players. >> So you institute a critical infrastructure technology, the think tank that you're the co-founder of. You're bringing that broader agenda to CyberConnect. >> That's correct, absolutely. >> So this is awesome, congratulations, I got to ask, on the thought leadership side, you guys have been working together. Can you just talk about your relationship between Centrify and ICIT? So you're independent, you guys are a vendor. Talk about this relationship and why it's so important to this event. >> Well, absolutely. I mean, look, as a security vendor, you know, a lot of, a big percentage of security vendors sell into the U.S. federal government, and through those conversations that a lot of the CSOs at these governments were pointing at us to these ICIT guys, right? And we got awareness and visibility thought that. And it was like, they were just doing great stuff in terms of talking about, yes, Centrify is a leading identity provider, but people are looking for a complete solution, looking for a balanced way to look at it. And so we felt that it would be a great opportunity to partner with these guys. And so we sponsored an event that they did, Winter Summit. And then they did such a great job and the content was amazing, the people they had, that we said, "You know what? "Let's make this more of a general thing and "let's be in the background helping facilitate this, "but let the people hear about this good information." >> So you figured out the community model? (laughs) No, 'cause this is really what works. You got to enable, you're enabling this conversation, and more than ever in the security system, would love to get your perspective on this, is that there's an ethos developing, has been developed. And it's expanding aggressively. Kind of opens doors on one side, but security's all about data sharing. You mentioned that-- >> Yeah, absolutely. >> From a hacking standpoint, that's more of a statutory filing, but here, the security space is highly communicative. They talk to each other, and it's a trust relationship, so you're essentially bringing an independent event, you're funding it. >> Yeah, absolutely. >> It's not your event, this is an independent event. >> Absolutely. >> Yeah, and so Tom said it very well, as an institute, we rely on the financial capital that comes in from our partners, like Centrify. And so we would be unable to deliver at a large scale the value that we do to the legislative community, to federal agencies, and the commercial sector, and the institute's research is being shared on NATO libraries and embassies around the world. So this is really a global operation that we have. And so when we talk about layered security, right, we're not into a silver bullet solution. A lot of faux experts out there say, "I have the answer." We know that there's a layered approach that needs to be done. Centrify, they have the technology that plays a part in that, but, even more important than that for us is that they share that same philosophy and we do see ourselves as being able to usher in the changes required to move everything forward. And so it's been a great, you know, we have a lot of plans for the next few years. >> Yeah, that's great work, you're bringing in some great content to the table, and that's what people want, and they can see who's enabling it, that's a great business model for everyone. I got to ask one question, though, about your business. I love the critical infrastructure focus and I like your value you guys are bringing. But you guys have this fellow program. Can you just talk about this, 'cause your a part of the fellowship-- >> Yeah, absolutely. >> You're on a level, and I don't want to say credit 'cause you're not really going to get credit. But it's a badge, it's a bar. >> Yeah, yeah, no-- >> Explain the fellow program. >> That's a great question. At the institute, we have a core group of experts who represent different technology niches. They make up our fellow program, and so as I discussed earlier, when we're putting out research, when we're educating the media, when we're advising congress, when we're doing the work of the institute, we're constantly turning back to our fellow program members to provide some of that research and expertise. And sharing, you know, not just providing financial capital, but really bringing that thought leadership to the table. Centrify is a part of our fellows program, and so we've been working with them for a number of years. It's very exclusive and there's a process. You have to be referred in by an existing fellow program member. We have a lot of requests, but it really comes down to, do you understand what we're trying to accomplish? Do you share our same mission, our same values? And can you be part of this elite community that we've built? And so, you know, Centrify is a big part of that. >> And the cloud, obviously, is accelerating everything. You've got the cloud action, certainly, in your space, and we know what's going on in our world. >> Yeah, absolutely. >> The world is moving at a zillion miles an hour. It's like literally moving a train. So, congratulations, CyberConnect event in November. Great event, check it out, theCUBE will be there, we'll have live coverage, we broadcast, be documenting all the action and bringing it to you on theCUBE, obviously, (mumbles) John Furrier, here at Centrify's headquarters in California, in Silicon Valley, thanks for watching. (upbeat electronic music)

>> Hello, we are here On the Ground. This is theCUBE's On the Ground program at Centrify's Headquarters. We go to Cricket Liu, chief DNS officer at Infoblox. Been with the company from the beginning. Great to see you again. Wrote the book on DNS. What year was that? That was between DNS, was like, when I was born. >> Yeah, 1992. September 1992 was when it was published. >> Great to see you. We've done some podcasts together over the years. >> Yeah, good to see you too. >> DNS, now obviously global, ICANN's now global, it's part of the U.N., all different governance bodies, but it's certainly still critical infrastructure. >> Yeah, absolutely. >> Critical infrastructure is now the big conversation as the security paradigm has moved from data center to the Cloud, there's no perimeter anymore. >> Yeah. >> How is that changing the DNS game? >> Well, I think that folks are starting to realize how critical DNS is. In October of last year, we had that huge DDoS attack against Dyn, the big DNS hosting provider in New Hampshire and I think that woke a lot of folks up. A lot of folks realized, holy cow, these guys are not too big to fail as they say. Even though they have enormous infrastructure, widely distributed around the globe, they have such a concentrational power that a huge number of really, really popular web properties were inaccessible for quite sometime, so I think that caused a lot of people to look at their own DNS infrastructure and to reevaluate it and say, well maybe I need to do something. >> Interesting about the stack wars that are going on, that attack, as we've lived through and you've been part of it as chief technical officer in many companies. DNS was always that part where it'd be secure but now you have block change, you have new kinds of infrastructure with mobile computing now over 10 years post iPhone. >> Yep, the critical moment. >> How has infrastructure changed, beyond DNS 'cause it still needs to work together? >> Yeah, well, it's funny because we do have all of these new types of devices. We do have new technologies. But a lot of things have remained the same. DNS is still the same. The remarkable thing is that the latest version in my book is 10 years old, actually 11 years old now, so it's older than the iPhone and people still buy it because the underlying theory is still the same. It hasn't changed. It's a testament, really, to the quality of the original design of DNS that it still works for anything and that it's scaled to serve a network as diverse and as large as the internet is today. >> What's your biggest observation, looking back over the past decade with DNS, about the emergence of virtual machines, now Cloud. Again, the game is still the same 'cause DNS is the plumbing and it provides a lot of the key critical infrastructure for the web and now mobile. What's the biggest observations that you've seen over the decade? >> Well I'd say one of the things that's happened over the last several years that's maybe the most important development in DNS is something that we call response policy zones. Up until now, DNS servers have just been sort of blithely complicit when it comes to, for example, malware. Malware wakes up on a device and it assumes that it has DNS available to it and it uses DNS, for example, to find command to control server, maybe a drop server to exfiltrate data to. In the DNS server, even though it's being asked to look up the address record for CommandAndControlServer.Malware.Org, it just happily goes along with it. A few years ago, Paul Vixie, who I've known for a very long time, came up with this idea called response policy zones which is basically to imbue our DNS servers with resolution policy so that you can tell them, hey if you get a query for a domain name that we know is being used maliciously, don't answer it. Don't resolve it like you normally do. Instead, hand back a little white lie like that doesn't exist and moreover, log the fact that somebody looked it up because it's a good indication that they're infected. >> So bringing policy to DNS is really making it more intelligent. >> Yeah, that's right. >> And certainly as networks grow, I was just watching some of my friends setting up the wireless at Burning Man and the whole new change of how Wi-Fi is being deployed and how networks are being constructed is really coming down to some of the basic principles of DNS to route more, be responsive, and this is kind of a new change. >> Yeah, there's a lot going on in changes to the deployment of DNS. It used to be that most big companies ran all their own DNS infrastructure. At this point, I think most large companies don't bother running, for example, what we'd call their external authoritative DNS infrastructure. They give that to a big hosting provider to do, somebody like Dyn or Verisign or Neustar or somebody like that, so that's a big change. >> Cricket, I want to ask you about the CyberConnect Event going on in New York. Infoblox is involved. Security is paramount, so now an industry event. Centrify is the main sponsor. You guys are involved as a vendor, but it's not a vendor event, it's a industry event. It's a broad category. What's your thoughts on this kind of industry event? Usually in events it's been Black Hat or vendor events pushing their wares and selling their stuff but now security is global. What's your take on this event? >> Well, I'm hoping to be able to spend a little bit of time talking to folks who come to the event about DNS and how it can be used as a tool in their security tool chain. The folks who come to us as Infoblox to our events already know about DNS. They're already network administrators or they're responsible for DNS or something like that. My hope is that we can reach a broader audience through CyberConnect and actually talk to folks who maybe haven't considered DNS as a security tool. Who maybe haven't thought about the necessity to bolster their DNS infrastructure. >> One final question since we're on bonus material time. I've got to ask you about the global landscape. I mean, in my early days involved in DNS when I came was from the '98 to the 2000 time frame. International domain names were Unicode. That's not ASCII. So that technically wasn't DNS, but still, they were keywords. They had this global landscape in, say, China, that actually wasn't DNS so there's all these abstraction layers. Has anything actually evolved out of that trend of really bringing an abstraction layer on top of DNS and certainly now with the nation-states with security are issues, China, Russia, et cetera. How does all that play out? >> Well, international domain names have actually taken off in some areas. And basically it's as you say, you have the ability now to use Unicode labels in domain names in certain contexts, for example, if you're using your web browser you can type in a Unicode domain name and then what the web browser does is it translates it into an equivalent ASCII representation and then resolves it using DNS which is the traditional DNS that doesn't actually know about Unicode. There are actually some very interesting security implications to using Unicode. For example, people can register things that have Unicode, we would say, glyphs in them that look exactly like regular ASCII characters. For example, you could register paypal.com where the A's are actually lowercase A's in Cyrillic. It's not the same code point as an ASCII A. So it's visually. >> Great for hackers. >> Oh yeah. Visually indistinguishable from paypal.com in a lot of contexts and people might click on it and go to a page that looks like PayPal's. >> John: So its a phishing dream. >> Yeah, really dangerous potentially and so we're working out some of the implications of that, trying to figure out, within, for example, web browsers, how do we protect the user from things like this? >> And a lot of SSL out there, now you're seeing HTTPS everywhere. Is that now the norm? >> Yeah, actually, within the internet engineering task force, the IETF, after it became obvious that state-sponsored-- >> John: Attacks. >> Eavesdropping. >> You were smiling. >> Was kind of the norm. >> Got to find the right word. >> Yeah, the IETF embarked on an effort called DPRIVE and DPRIVE is basically a bunch of individual tracks to encrypt basically every single part of the DNS channel, especially that between what we call a stub resolver and the recursive DNS server so that if you're a customer here in the United States and a subscriber to an ISP like Comcast or whomever, you can make sure that that first hop between your computer and the ISP is secured. >> We're getting down and dirty under the hood with Cricket Liu on DNS. I got to ask kind of up level to the consumer. One of the things that kind of pisses me off the most when I'm surfing the web is you see the browser doesn't resolve or you go hit someone's website, oh yeah, something.io, these new domain names, top level gTLDs are out there, .media, all these, and companies have firewalls or whatever their equipment is and it doesn't let it through. Because they're trying to protect the perimeter still, must be, I mean, what does that mean when companies aren't letting those URLs then, it is a firewall issue or is it more they're still perimeter based, they're not resolving it, they're afraid of malware? Somethings aren't resolving in? What does that mean? >> Well I think as often as not it's an operational problem. It could be just a misconfiguration on the part of the folks who are hosting the target website's DNS. It could be that. I don't know a lot of folks who-- >> So it's one of their policies or something, it's just kind of locking down. >> Could be that too. Or it could be, for example, that they have a proxy server and they're trying to limit access to the internet by category. Maybe it does categorization and filtering by-- >> Can you work on that? Can you write some code for that? Well thanks, great to see you, thanks for sharing this conversation here On The Ground at Centrify. >> You're welcome. >> And good luck with the CyberConnect Conference. >> Yeah, nice to see you too. >> Alright, I'm John Furrier with On The Ground here on theCUBE at Centfity's headquarters in Silicon Valley. Thanks for watching.