(gentle music) >> Hey! Welcome back to theCUBE's coverage of WiDS 2023, the eighth Annual Women In Data Science Conference. I'm your host, Lisa Martin. We are at Stanford University, as you know we are every year, having some wonderful conversations with some very inspiring women and men in data science and technical roles. I'm very pleased to introduce Tracy Zhang, my co-host, who is in the Data Journalism program at Stanford. And Tracy and I are pleased to welcome our next guest, Rhonda Crate, Principal Data Scientist at Boeing. Great to have you on the program, Rhonda. >> Tracy: Welcome. >> Hey, thanks for having me. >> Were you always interested in data science or STEM from the time you were young? >> No, actually. I was always interested in archeology and anthropology. >> That's right, we were talking about that, anthropology. Interesting. >> We saw the anthropology background, not even a bachelor's degree, but also a master's degree in anthropology. >> So you were committed for a while. >> I was, I was. I actually started college as a fine arts major, but I always wanted to be an archeologist. So at the last minute, 11 credits in, left to switch to anthropology. And then when I did my master's, I focused a little bit more on quantitative research methods and then I got my Stat Degree. >> Interesting. Talk about some of the data science projects that you're working on. When I think of Boeing, I always think of aircraft. But you are doing a lot of really cool things in IT, data analytics. Talk about some of those intriguing data science projects that you're working on. >> Yeah. So when I first started at Boeing, I worked in information technology and data analytics. And Boeing, at the time, had cored up data science in there. And so we worked as a function across the enterprise working on anything from shared services to user experience in IT products, to airplane programs. So, it has a wide range. I worked on environment health and safety projects for a long time as well. So looking at ergonomics and how people actually put parts onto airplanes, along with things like scheduling and production line, part failures, software testing. Yeah, there's a wide spectrum of things. >> But I think that's so fantastic. We've been talking, Tracy, today about just what we often see at WiDS, which is this breadth of diversity in people's background. You talked about anthropology, archeology, you're doing data science. But also all of the different opportunities that you've had at Boeing. To see so many facets of that organization. I always think that breadth of thought diversity can be hugely impactful. >> Yeah. So I will say my anthropology degree has actually worked to my benefit. I'm a huge proponent of integrating liberal arts and sciences together. And it actually helps me. I'm in the Technical Fellowship program at Boeing, so we have different career paths. So you can go into management, you can be a regular employee, or you can go into the Fellowship program. So right now I'm an Associate Technical Fellow. And part of how I got into the Fellowship program was that diversity in my background, what made me different, what made me stand out on projects. Even applying a human aspect to things like ergonomics, as silly as that sounds, but how does a person actually interact in the space along with, here are the actual measurements coming off of whatever system it is that you're working on. So, I think there's a lot of opportunities, especially in safety as well, which is a big initiative for Boeing right now, as you can imagine. >> Tracy: Yeah, definitely. >> I can't go into too specifics. >> No, 'cause we were like, I think a theme for today that kind of we brought up in in all of our talk is how data is about people, how data is about how people understand the world and how these data can make impact on people's lives. So yeah, I think it's great that you brought this up, and I'm very happy that your anthropology background can tap into that and help in your day-to-day data work too. >> Yeah. And currently, right now, I actually switched over to Strategic Workforce Planning. So it's more how we understand our workforce, how we work towards retaining the talent, how do we get the right talent in our space, and making sure overall that we offer a culture and work environment that is great for our employees to come to. >> That culture is so important. You know, I was looking at some anitab.org stats from 2022 and you know, we always talk about the number of women in technical roles. For a long time it's been hovering around that 25% range. The data from anitab.org showed from '22, it's now 27.6%. So, a little increase. But one of the biggest challenges still, and Tracy and I and our other co-host, Hannah, have been talking about this, is attrition. Attrition more than doubled last year. What are some of the things that Boeing is doing on the retention side, because that is so important especially as, you know, there's this pipeline leakage of women leaving technical roles. Tell us about what Boeing's, how they're invested. >> Yeah, sure. We actually have a publicly available Global Diversity Report that anybody can go and look at and see our statistics for our organization. Right now, off the top of my head, I think we're hovering at about 24% in the US for women in our company. It has been a male majority company for many years. We've invested heavily in increasing the number of women in roles. One interesting thing about this year that came out is that even though with the great resignation and those types of things, the attrition level between men and women were actually pretty close to being equal, which is like the first time in our history. Usually it tends on more women leaving. >> Lisa: That's a good sign. >> Right. >> Yes, that's a good sign. >> And we've actually focused on hiring and bringing in more women and diversity in our company. >> Yeah, some of the stats too from anitab.org talked about the increase, and I have to scroll back and find my notes, the increase in 51% more women being hired in 2022 than 2021 for technical roles. So the data, pun intended, is showing us. I mean, the data is there to show the impact that having females in executive leadership positions make from a revenue perspective. >> Tracy: Definitely. >> Companies are more profitable when there's women at the head, or at least in senior leadership roles. But we're seeing some positive trends, especially in terms of representation of women technologists. One of the things though that I found interesting, and I'm curious to get your thoughts on this, Rhonda, is that the representation of women technologists is growing in all areas, except interns. >> Rhonda: Hmm. >> So I think, we've got to go downstream. You teach, I have to go back to my notes on you, did my due diligence, R programming classes through Boeings Ed Wells program, this is for WSU College of Arts and Sciences, talk about what you teach and how do you think that intern kind of glut could be solved? >> Yeah. So, they're actually two separate programs. So I teach a data analytics course at Washington State University as an Adjunct Professor. And then the Ed Wells program is a SPEEA, which is an Aerospace Union, focused on bringing up more technology and skills to the actual workforce itself. So it's kind of a couple different audiences. One is more seasoned employees, right? The other one is our undergraduates. I teach a Capstone class, so it's a great way to introduce students to what it's actually like to work on an industry project. We partner with Google and Microsoft and Boeing on those. The idea is also that maybe those companies have openings for the students when they're done. Since it's Senior Capstone, there's not a lot of opportunities for internships. But the opportunities to actually get hired increase a little bit. In regards to Boeing, we've actually invested a lot in hiring more women interns. I think the number was 40%, but you'd have to double check. >> Lisa: That's great, that's fantastic. >> Tracy: That's way above average, I think. >> That's a good point. Yeah, it is above average. >> Double check on that. That's all from my memory. >> Is this your first WiDS, or have you been before? >> I did virtually last year. >> Okay. One of the things that I love, I love covering this event every year. theCUBE's been covering it since it's inception in 2015. But it's just the inspiration, the vibe here at Stanford is so positive. WiDS is a movement. It's not an initiative, an organization. There are going to be, I think annually this year, there will be 200 different events. Obviously today we're live on International Women's Day. 60 plus countries, 100,000 plus people involved. So, this is such a positive environment for women and men, because we need everybody, underrepresented minorities, to be able to understand the implication that data has across our lives. If we think about stripping away titles in industries, everybody is a consumer, not everybody, most of mobile devices. And we have this expectation, I was in Barcelona last week at a Mobile World Congress, we have this expectation that we're going to be connected 24/7. I can get whatever I want wherever I am in the world, and that's all data driven. And the average person that isn't involved in data science wouldn't understand that. At the same time, they have expectations that depend on organizations like Boeing being data driven so that they can get that experience that they expect in their consumer lives in any aspect of their lives. And that's one of the things I find so interesting and inspiring about data science. What are some of the things that keep you motivated to continue pursuing this? >> Yeah I will say along those lines, I think it's great to invest in K-12 programs for Data Literacy. I know one of my mentors and directors of the Data Analytics program, Dr. Nairanjana Dasgupta, we're really familiar with each other. So, she runs a WSU program for K-12 Data Literacy. It's also something that we strive for at Boeing, and we have an internal Data Literacy program because, believe it or not, most people are in business. And there's a lot of disconnect between interpreting and understanding data. For me, what kind of drives me to continue data science is that connection between people and data and how we use it to improve our world, which is partly why I work at Boeing too 'cause I feel that they produce products that people need like satellites and airplanes, >> Absolutely. >> and everything. >> Well, it's tangible, it's relatable. We can understand it. Can you do me a quick favor and define data literacy for anyone that might not understand what that means? >> Yeah, so it's just being able to understand elements of data, whether that's a bar chart or even in a sentence, like how to read a statistic and interpret a statistic in a sentence, for example. >> Very cool. >> Yeah. And sounds like Boeing's doing a great job in these programs, and also trying to hire more women. So yeah, I wanted to ask, do you think there's something that Boeing needs to work on? Or where do you see yourself working on say the next five years? >> Yeah, I think as a company, we always think that there's always room for improvement. >> It never, never stops. >> Tracy: Definitely. (laughs) >> I know workforce strategy is an area that they're currently really heavily investing in, along with safety. How do we build safer products for people? How do we help inform the public about things like Covid transmission in airports? For example, we had the Confident Traveler Initiative which was a big push that we had, and we had to be able to inform people about data models around Covid, right? So yeah, I would say our future is more about an investment in our people and in our culture from my perspective >> That's so important. One of the hardest things to change especially for a legacy organization like Boeing, is culture. You know, when I talk with CEO's or CIO's or COO's about what's your company's vision, what's your strategy? Especially those companies that are on that digital journey that have no choice these days. Everybody expects to have a digital experience, whether you're transacting an an Uber ride, you're buying groceries, or you're traveling by air. That culture sounds like Boeing is really focused on that. And that's impressive because that's one of the hardest things to morph and mold, but it's so essential. You know, as we look around the room here at WiDS it's obviously mostly females, but we're talking about women, underrepresented minorities. We're talking about men as well who are mentors and sponsors to us. I'd love to get your advice to your younger self. What would you tell yourself in terms of where you are now to become a leader in the technology field? >> Yeah, I mean, it's kind of an interesting question because I always try to think, live with no regrets to an extent. >> Lisa: I like that. >> But, there's lots of failures along the way. (Tracy laughing) I don't know if I would tell myself anything different because honestly, if I did, I wouldn't be where I am. >> Lisa: Good for you. >> I started out in fine arts, and I didn't end up there. >> That's good. >> Such a good point, yeah. >> We've been talking about that and I find that a lot at events like WiDS, is women have these zigzaggy patterns. I studied biology, I have a master's in molecular biology, I'm in media and marketing. We talked about transportable skills. There's a case I made many years ago when I got into tech about, well in science you learn the art of interpreting esoteric data and creating a story from it. And that's a transportable skill. But I always say, you mentioned failure, I always say failure is not a bad F word. It allows us to kind of zig and zag and learn along the way. And I think that really fosters thought diversity. And in data science, that is one of the things we absolutely need to have is that diversity and thought. You know, we talk about AI models being biased, we need the data and we need the diverse brains to help ensure that the biases are identified, extracted, and removed. Speaking of AI, I've been geeking out with ChatGPT. So, I'm on it yesterday and I ask it, "What's hot in data science?" And I was like, is it going to get that? What's hot? And it did it, it came back with trends. I think if I ask anything, "What's hot?", I should be to Paris Hilton, but I didn't. And so I was geeking out. One of the things I learned recently that I thought was so super cool is the CTO of OpenAI is a woman, Mira Murati, which I didn't know until over the weekend. Because I always think if I had to name top females in tech, who would they be? And I always default to Sheryl Sandberg, Carly Fiorina, Susan Wojcicki running YouTube. Who are some of the people in your history, in your current, that are really inspiring to you? Men, women, indifferent. >> Sure. I think Boeing is one of the companies where you actually do see a lot of women in leadership roles. I think we're one of the top companies with a number of women executives, actually. Susan Doniz, who's our Chief Information Officer, I believe she's actually slotted to speak at a WiDS event come fall. >> Lisa: Cool. >> So that will be exciting. Susan's actually relatively newer to Boeing in some ways. A Boeing time skill is like three years is still kind of new. (laughs) But she's been around for a while and she's done a lot of inspiring things, I think, for women in the organization. She does a lot with Latino communities and things like that as well. For me personally, you know, when I started at Boeing Ahmad Yaghoobi was one of my mentors and my Technical Lead. He came from Iran during a lot of hard times in the 1980s. His brother actually wrote a memoir, (laughs) which is just a fun, interesting fact. >> Tracy: Oh my God! >> Lisa: Wow! >> And so, I kind of gravitate to people that I can learn from that's not in my sphere, that might make me uncomfortable. >> And you probably don't even think about how many people you're influencing along the way. >> No. >> We just keep going and learning from our mentors and probably lose sight of, "I wonder how many people actually admire me?" And I'm sure there are many that admire you, Rhonda, for what you've done, going from anthropology to archeology. You mentioned before we went live you were really interested in photography. Keep going and really gathering all that breadth 'cause it's only making you more inspiring to people like us. >> Exactly. >> We thank you so much for joining us on the program and sharing a little bit about you and what brought you to WiDS. Thank you so much, Rhonda. >> Yeah, thank you. >> Tracy: Thank you so much for being here. >> Lisa: Yeah. >> Alright. >> For our guests, and for Tracy Zhang, this is Lisa Martin live at Stanford University covering the eighth Annual Women In Data Science Conference. Stick around. Next guest will be here in just a second. (gentle music)

(upbeat music) >> Hello everyone, welcome back to theCUBE's coverage of Cloud Native SecurityCon North America 2023. Obviously, CUBE's coverage with our CUBE Center Report. We're not there on the ground, but we have folks and our CUBE Alumni there. We have entrepreneurs there. Of course, we want to be there in person, but we're remote. We've got Ben Hirschberg, CTO and Co-Founder of Armo, a cloud native security startup, well positioned in this industry. He's there in Seattle. Ben, thank you for coming on and sharing what's going on with theCUBE. >> Yeah, it's great to be here, John. >> So we had written on you guys up on SiliconANGLE. Congratulations on your momentum and traction. But let's first get into what's going on there on the ground? What are some of the key trends? What's the most important story being told there? What is the vibe? What's the most important story right now? >> So I think, I would like to start here with the I think the most important thing was that I think the event is very successful. Usually, the Cloud Native Security Day usually was part of KubeCon in the previous years and now it became its own conference of its own and really kudos to all the organizers who brought this up in, actually in a short time. And it wasn't really clear how many people will turn up, but at the end, we see a really nice turn up and really great talks and keynotes around here. I think that one of the biggest trends, which haven't started like in this conference, but already we're talking for a while is supply chain. Supply chain is security. I think it's, right now, the biggest trend in the talks, in the keynotes. And I think that we start to see companies, big companies, who are adopting themselves into this direction. There is a clear industry need. There is a clear problem and I think that the cloud native security teams are coming up with tooling around it. I think for right now we see more tools than adoption, but the adoption is always following the tooling. And I think it already proves itself. So we have just a very interesting talk this morning about the OpenSSL vulnerability, which was I think around Halloween, which came out and everyone thought that it's going to be a critical issue for the whole cloud native and internet infrastructure and at the end it turned out to be a lesser problem, but the reason why I think it was understood that to be a lesser problem real soon was that because people started to use (indistinct) store software composition information in the environment so security teams could look into, look up in their systems okay, what, where they're using OpenSSL, which version they are using. It became really soon real clear that this version is not adopted by a wide array of software out there so the tech surface is relatively small and I think it already proved itself that the direction if everyone is talking about. >> Yeah, we agree, we're very bullish on this move from the Cloud Native Foundation CNCF that do the security conference. Amazon Web Services has re:Invent. That's their big show, but they also have re:Inforce, the security show, so clearly they work together. I like the decoupling, very cohesive. But you guys have Kubescape of Kubernetes security. Talk about the conversations that are there and that you're hearing around why there's different event what's different around KubeCon and CloudNativeCon than this Cloud Native SecurityCon. It's not called KubeSucSecCon, it's called Cloud Native SecurityCon. What's the difference? Are people confused? Is it clear? What's the difference between the two shows? What are you hearing? >> So I think that, you know, there is a good question. Okay, where is Cloud Native Computing Foundation came from? Obviously everyone knows that it was somewhat coupled with the adoption of Kubernetes. It was a clear understanding in the industry that there are different efforts where the industry needs to come together without looking be very vendor-specific and try to sort out a lot of issues in order to enable adoption and bring great value and I think that the main difference here between KubeCon and the Cloud Native Security Conference is really the focus, and not just on Kubernetes, but the whole ecosystem behind that. The way we are delivering software, the way we are monitoring software, and all where Kubernetes is only just, you know, maybe the biggest clog in the system, but, you know, just one of the others and it gives great overview of what you have in the whole ecosystem. >> Yeah, I think it's a good call. I would add that what I'm hearing too is that security is so critical to the business model of every company. It's so mainstream. The hackers have a great business model. They make money, their costs are lower than the revenue. So the business of hacking in breaches, ransomware all over the place is so successful that they're playing offense, everyone's playing defense, so it's about time we can get focus to really be faster and more nimble and agile on solving some of these security challenges in open source. So I think that to me is a great focus and so I give total props to the CNC. I call it the event operating system. You got the security group over here decoupled from the main kernel, but they work together. Good call and so this brings back up to some of the things that are going on so I have to ask you, as your startup as a CTO, you guys have the Kubescape platform, how do you guys fit into the landscape and what's different from your tools for Kubernetes environments versus what's out there? >> So I think that our journey is really interesting in the solution space because I think that our mode really tries to understand where security can meet the actual adoption because as you just said, somehow we have to sort out together how security is going to be automated and integrated in its best way. So Kubescape project started as a Kubernetes security posture tool. Just, you know, when people are really early in their adoption of Kubernetes systems, they want to understand whether the installation is is secure, whether the basic configurations are look okay, and giving them instant feedback on that, both in live systems and in the CICD, this is where Kubescape came from. We started as an open source project because we are big believers of open source, of the power of open source security, and I can, you know I think maybe this is my first interview when I can say that Kubescape was accepted to be a CNCF Sandbox project so Armo was actually donating the project to the CNCF, I think, which is a huge milestone and a great way to further the adoption of Kubernetes security and from now on we want to see where the users in Armo and Kubescape project want to see where the users are going, their Kubernetes security journey and help them to automatize, help them to to implement security more fast in the way the developers are using it working. >> Okay, if you don't mind, I want to just get clarification. What's the difference between the Armo platform and Kubescape because you have Kubescape Sandbox project and Armo platform. Could you talk about the differences and interaction? >> Sure, Kubescape is an open source project and Armo platform is actually a managed platform which runs Kubescape in the cloud for you because Kubescape is part, it has several parts. One part is, which is running inside the Kubernetes cluster in the CICD processes of the user, and there is another part which we call the backend where the results are stored and can be analyzed further. So Armo platform gives you managed way to run the backend, but I can tell you that backend is also, will be available within a month or two also for everyone to install on their premises as well, because again, we are an open source company and we are, we want to enable users, so the difference is that Armo platform is a managed platform behind Kubescape. >> How does Kubescape differ from closed proprietary sourced solutions? >> So I can tell you that there are closed proprietary solutions which are very good security solutions, but I think that the main difference, if I had to pick beyond the very specific technicalities is the worldview. The way we see that our user is not the CISO. Our user is not necessarily the security team. From our perspective, the user is the DevOps and the developers who are working on the Kubernetes cluster day to day and we want to enable them to improve their security. So actually our approach is more developer-friendly, if I would need to define it very shortly. >> What does this risk calculation score you guys have in Kubscape? That's come up and we cover that in our story. Can you explain to the folks how that fits in? Is it Kubescape is the platform and what's the benefit, what's the purpose? >> So the risk calculation is actually a score we are giving to clusters in order for the users to understand where they are standing in the general population, how they are faring against a perfect hardened cluster. It is based on the number of different tests we are making. And I don't want to go into, you know, the very specifics of the mathematical functions, but in general it takes into account how many functions are failing, security tests are failing inside your cluster. How many nodes you are having, how many workloads are having, and creating this number which enables you to understand where you are standing in the global, in the world. >> What's the customer value that you guys pitching? What's the pitch for the Armo platform? When you go and talk to a customer, are they like, "We need you." Do they come to you? Is it word of mouth? You guys have a strategy? What's the pitch? What's so appealing to the customers? Why are they enthusiastic about you guys? >> So John, I can tell you, maybe it's not so easy to to say the words, but I nearly 20 years in the industry and though I've been always around cyber and the defense industry and I can tell you that I never had this journey where before where I could say that the the customers are coming to us and not we are pitching to customers. Simply because people want to, this is very easy tool, very very easy to use, very understandable and it very helps the engineers to improve security posture. And they're coming to us and they're saying, "Well, awesome, okay, how we can like use it. Do you have a graphical interface?" And we are pointing them to the Armor platform and they are falling in love and coming to us even more and we can tell you that we have a big number of active users behind the platform itself. >> You know, one of the things that comes up every time at KubeCon and Cloud NativeCon when we're there, and we'll be in Amsterdam, so folks watching, you know, we'll see onsite, developer productivity is like the number one thing everyone talks about and security is so important. It's become by default a blocker or anchor or a drag on productivity. This is big, the things that you're mentioning, easy to use, engineering supporting it, developer adoption, you know we've always said on theCUBE, developers will be the de facto standards bodies by their choices 'cause developers make all the decisions. So if I can go faster and I can have security kind of programmed in, I'm not shifting left, it's just I'm just having security kind of in there. That's the dream state. Is that what you guys are trying to do here? Because that's the nirvana, everyone wants to do that. >> Yeah, I think your definition is like perfect because really we had like this, for a very long time we had this world where we decoupled security teams from developers and even for sometimes from engineering at all and I think for multiple reasons, we are more seeing a big convergence. Security teams are becoming part of the engineering and the engineering becoming part of the security and as you're saying, okay, the day-to-day world of developers are becoming very tangled up in the good way with security, so the think about it that today, one of my developers at Armo is creating a pull request. He's already, code is already scanned by security scanners for to test for different security problems. It's already, you know, before he already gets feedback on his first time where he's sharing his code and if there is an issue, he already can solve it and this is just solving issues much faster, much cheaper, and also you asked me about, you know, the wipe in the conference and we know no one can deny the current economic wipe we have and this also relates to security teams and security teams has to be much more efficient. And one of the things that everyone is talking, okay, we need more automation, we need more, better tooling and I think we are really fitting into this. >> Yeah, and I talked to venture capitalists yesterday and today, an angel investor. Best time for startup is right now and again, open source is driving a lot of value. Ben, it's been great to have you on and sharing with us what's going on on the ground there as well as talking about some of the traction you have. Just final question, how old's the company? How much funding do you have? Where you guys located? Put a plug in for the company. You guys looking to hire? Tell us about the company. Were you guys located? How much capital do you have? >> So, okay, the company's here for three years. We've passed a round last March with Tiger and Hyperwise capitals. We are located, most of the company's located today in Israel in Tel Aviv, but we have like great team also in Ukraine and also great guys are in Europe and right now also Craig Box joined us as an open source VP and he's like right now located in New Zealand, so we are a really global team, which I think it's really helps us to strengthen ourselves. >> Yeah, and I think this is the entrepreneurial equation for the future. It's really great to see that global. We heard that in Priyanka Sharma's keynote. It's a global culture, global community. >> Right. >> And so really, really props you guys. Congratulations on Armo and thanks for coming on theCUBE and sharing insights and expertise and also what's happening on the ground. Appreciate it, Ben, thanks for coming on. >> Thank you, John. >> Okay, cheers. Okay, this is CUB coverage here of the Cloud Native SecurityCon in North America 2023. I'm John Furrier for Lisa Martin, Dave Vellante. We're back with more of wrap up of the event after this short break. (gentle upbeat music)

>>Hey everyone, welcome to this event, HPE Compute Security. I'm your host, Lisa Martin. Kevin Dee joins me next Senior director, future Surfer Architecture at hpe. Kevin, it's great to have you back on the program. >>Thanks, Lisa. I'm glad to be here. >>One of the topics that we're gonna unpack in this segment is, is all about cybersecurity. And if we think of how dramatically the landscape has changed in the last couple of years, I was looking at some numbers that H P V E had provided. Cybercrime will reach 10.5 trillion by 2025. It's a couple years away. The average total cost of a data breach is now over 4 million, 15% year over year crime growth predicted over the next five years. It's no longer if we get hit, it's when it's how often. What's the severity? Talk to me about the current situation with the cybersecurity landscape that you're seeing. >>Yeah, I mean the, the numbers you're talking about are just staggering and then that's exactly what we're seeing and that's exactly what we're hearing from our customers is just absolutely key. Customers have too much to lose. The, the dollar cost is just, like I said, staggering. And, and here at HP we know we have a huge part to play, but we also know that we need partnerships across the industry to solve these problems. So we have partnered with, with our, our various partners to deliver these Gen 11 products. Whether we're talking about partners like a M D or partners like our Nick vendors, storage card vendors. We know we can't solve the problem alone. And we know this, the issue is huge. And like you said, the numbers are staggering. So we're really, we're really partnering with, with all the right players to ensure we have a secure solution so we can stay ahead of the bad guys to try to limit the, the attacks on our customers. >>Right. Limit the damage. What are some of the things that you've seen particularly change in the last 18 months or so? Anything that you can share with us that's eye-opening, more eye-opening than some of the stats we already shared? >>Well, there, there's been a massive number of attacks just in the last 12 months, but I wouldn't really say it's so much changed because the amount of attacks has been increasing dramatically over the years for many, many, many years. It's just a very lucrative area for the bad guys, whether it's ransomware or stealing personal data, whatever it is, it's there. There's unfortunately a lot of money to be made into it, made from it, and a lot of money to be lost by the good guys, the good guys being our customers. So it's not so much that it's changed, it's just that it's even accelerating faster. So the real change is, it's accelerating even faster because it's becoming even more lucrative. So we have to stay ahead of these bad guys. One of the statistics of Microsoft operating environments, the number of tax in the last year, up 50% year over year, that's a huge acceleration and we've gotta stay ahead of that. We have to make sure our customers don't get impacted to the level that these, these staggering number of attacks are. The, the bad guys are out there. We've gotta protect, protect our customers from the bad guys. >>Absolutely. The acceleration that you talked about is, it's, it's kind of frightening. It's very eye-opening. We do know that security, you know, we've talked about it for so long as a, as a a C-suite priority, a board level priority. We know that as some of the data that HPE e also sent over organizations are risking are, are listing cyber risks as a top five concern in their organization. IT budgets spend is going up where security is concerned. And so security security's on everyone's mind. In fact, the cube did, I guess in the middle part of last, I did a series on this really focusing on cybersecurity as a board issue and they went into how companies are structuring security teams changing their assumptions about the right security model, offense versus defense. But security's gone beyond the board, it's top of mind and it's on, it's in an integral part of every conversation. So my question for you is, when you're talking to customers, what are some of the key challenges that they're saying, Kevin, these are some of the things the landscape is accelerating, we know it's a matter of time. What are some of those challenges and that they're key pain points that they're coming to you to help solve? >>Yeah, at the highest level it's simply that security is incredibly important to them. We talked about the numbers. There's so much money to be lost that what they come to us and say, is security's important for us? What can you do to protect us? What can you do to prevent us from being one of those statistics? So at a high level, that's kind of what we're seeing at a, with a little more detail. We know that there's customers doing digital transformations. We know that there's customers going hybrid cloud, they've got a lot of initiatives on their own. They've gotta spend a lot of time and a lot of bandwidth tackling things that are important to their business. They just don't have the bandwidth to worry about yet. Another thing which is security. So we are doing everything we can and partnering with everyone we can to help solve those problems for customers. >>Cuz we're hearing, hey, this is huge, this is too big of a risk. How do you protect us? And by the way, we only have limited bandwidth, so what can we do? What we can do is make them assured that that platform is secure, that we're, we are creating a foundation for a very secure platform and that we've worked with our partners to secure all the pieces. So yes, they still have to worry about security, but there's pieces that we've taken care of that they don't have to worry about and there's capabilities that we've provided that they can use and we've made that easy so they can build su secure solutions on top of it. >>What are some of the things when you're in customer conversations, Kevin, that you talk about with customers in terms of what makes HPE E'S approach to security really unique? >>Well, I think a big thing is security is part of our, our dna. It's part of everything we do. Whether we're designing our own asics for our bmc, the ilo ASIC ILO six used on Gen 11, or whether it's our firmware stack, the ILO firmware, our our system, UFI firmware, all those pieces in everything we do. We're thinking about security. When we're building products in our factory, we're thinking about security. When we're think designing our supply chain, we're thinking about security. When we make requirements on our suppliers, we're driving security to be a key part of those components. So security is in our D N a security's top of mind. Security is something we think about in everything we do. We have to think like the bad guys, what could the bad guy take advantage of? What could the bad guy exploit? So we try to think like them so that we can protect our customers. >>And so security is something that that really is pervasive across all of our development organizations, our supply chain organizations, our factories, and our partners. So that's what we think is unique about HPE is because security is so important and there's a whole lot of pieces of our reliance servers that we do ourselves that many others don't do themselves. And since we do it ourselves, we can make sure that security's in the design from the start, that those pieces work together in a secure manner. So we think that gives us a, an advantage from a security standpoint. >>Security is very much intention based at HPE e I was reading in some notes, and you just did a great job of talking about this, that fundamental security approach, security is fundamental to defend against threats that are increasingly complex through what you also call an uncompromising focus to state-of-the-art security and in in innovations built into your D N A. And then organizations can protect their infrastructure, their workloads, their data from the bad guys. Talk to us briefly in our final few minutes here, Kevin, about fundamental uncompromising protected the value in it for me as an HPE customer. >>Yeah, when we talk about fundamental, we're talking about the those fundamental technologies that are part of our platform. Things like we've integrated TPMS and sorted them down in our platforms. We now have platform certificates as a standard part of the platform. We have I dev id and probably most importantly, our platforms continue to support what we really believe was a groundbreaking technology, Silicon Root of trust and what that's able to do. We have millions of lines of firmware code in our platforms and with Silicon Root of trust, we can authenticate all of those lines of firmware. Whether we're talking about the the ILO six firmware, our U E I firmware, our C P L D in the system, there's other pieces of firmware. We authenticate all those to make sure that not a single line of code, not a single bit has been changed by a bad guy, even if the bad guy has physical access to the platform. >>So that silicon route of trust technology is making sure that when that system boots off and that hands off to the operating system and then eventually the customer's application stack that it's starting with a solid foundation, that it's starting with a system that hasn't been compromised. And then we build other things into that silicon root of trust, such as the ability to do the scans and the authentications at runtime, the ability to automatically recover if we detect something has been compromised, we can automatically update that compromised piece of firmware to a good piece before we've run it because we never want to run firmware that's been compromised. So that's all part of that Silicon Root of Trust solution and that's a fundamental piece of the platform. And then when we talk about uncompromising, what we're really talking about there is how we don't compromise security. >>And one of the ways we do that is through an extension of our Silicon Root of trust with a capability called S Spdm. And this is a technology that we saw the need for, we saw the need to authenticate our option cards and the firmware in those option cards. Silicon Root Prota, Silicon Root Trust protects against many attacks, but one piece it didn't do is verify the actual option card firmware and the option cards. So we knew to solve that problem we would have to partner with others in the industry, our nick vendors, our storage controller vendors, our G vendors. So we worked with industry standards bodies and those other partners to design a capability that allows us to authenticate all of those devices. And we worked with those vendors to get the support both in their side and in our platform side so that now Silicon Rivers and trust has been extended to where we protect and we trust those option cards as well. >>So that's when, when what we're talking about with Uncompromising and with with Protect, what we're talking about there is our capabilities around protecting against, for example, supply chain attacks. We have our, our trusted supply chain solution, which allows us to guarantee that our server, when it leaves our factory, what the server is, when it leaves our factory, will be what it is when it arrives at the customer. And if a bad guy does anything in that transition, the transit from our factory to the customer, they'll be able to detect that. So we enable certain capabilities by default capability called server configuration lock, which can ensure that nothing in the server exchange, whether it's firmware, hardware, configurations, swapping out processors, whatever it is, we'll detect if a bad guy did any of that and the customer will know it before they deploy the system. That gets enabled by default. >>We have an intrusion detection technology option when you use by the, the trusted supply chain that is included by default. That lets you know, did anybody open that system up, even if the system's not plugged in, did somebody take the hood off and potentially do something malicious to it? We also enable a capability called U EFI secure Boot, which can go authenticate some of the drivers that are located on the option card itself. Those kind of capabilities. Also ilo high security mode gets enabled by default. So all these things are enabled in the platform to ensure that if it's attacked going from our factory to the customer, it will be detected and the customer won't deploy a system that's been maliciously attacked. So that's got >>It, >>How we protect the customer through those capabilities. >>Outstanding. You mentioned partners, my last question for you, we've got about a minute left, Kevin is bring AMD into the conversation, where do they fit in this >>AMD's an absolutely crucial partner. No one company even HP can do it all themselves. There's a lot of partnerships, there's a lot of synergies working with amd. We've been working with AMD for almost 20 years since we delivered our first AM MD base ProLiant back in 2004 H HP ProLiant, DL 5 85. So we've been working with them a long time. We work with them years ahead of when a processor is announced, we benefit each other. We look at their designs and help them make their designs better. They let us know about their technology so we can take advantage of it in our designs. So they have a lot of security capabilities, like their memory encryption technologies, their a MD secure processor, their secure encrypted virtualization, which is an absolutely unique and breakthrough technology to protect virtual machines and hypervisor environments and protect them from malicious hypervisors. So they have some really great capabilities that they've built into their processor, and we also take advantage of the capabilities they have and ensure those are used in our solutions and in securing the platform. So a really such >>A great, great partnership. Great synergies there. Kevin, thank you so much for joining me on the program, talking about compute security, what HPE is doing to ensure that security is fundamental, that it is unpromised and that your customers are protected end to end. We appreciate your insights, we appreciate your time. >>Thank you very much, Lisa. >>We've just had a great conversation with Kevin Depu. Now I get to talk with David Chang, data center solutions marketing lead at a md. David, welcome to the program. >>Thank, thank you. And thank you for having me. >>So one of the hot topics of conversation that we can't avoid is security. Talk to me about some of the things that AMD is seeing from the customer's perspective, why security is so important for businesses across industries. >>Yeah, sure. Yeah. Security is, is top of mind for, for almost every, every customer I'm talking to right now. You know, there's several key market drivers and, and trends, you know, in, out there today that's really needing a better and innovative solution for, for security, right? So, you know, the high cost of data breaches, for example, will cost enterprises in downtime of, of the data center. And that time is time that you're not making money, right? And potentially even leading to your, to the loss of customer confidence in your, in your cust in your company's offerings. So there's real costs that you, you know, our customers are facing every day not being prepared and not having proper security measures set up in the data center. In fact, according to to one report, over 400 high-tech threats are being introduced every minute. So every day, numerous new threats are popping up and they're just, you know, the, you know, the bad guys are just getting more and more sophisticated. So you have to take, you know, measures today and you have to protect yourself, you know, end to end with solutions like what a AM MD and HPE has to offer. >>Yeah, you talked about some of the costs there. They're exorbitant. I've seen recent figures about the average, you know, cost of data breacher ransomware is, is close to, is over $4 million, the cost of, of brand reputation you brought up. That's a great point because nobody wants to be the next headline and security, I'm sure in your experiences. It's a board level conversation. It's, it's absolutely table stakes for every organization. Let's talk a little bit about some of the specific things now that A M D and HPE E are doing. I know that you have a really solid focus on building security features into the EPIC processors. Talk to me a little bit about that focus and some of the great things that you're doing there. >>Yeah, so, you know, we partner with H P E for a long time now. I think it's almost 20 years that we've been in business together. And, and you know, we, we help, you know, we, we work together design in security features even before the silicons even, you know, even born. So, you know, we have a great relationship with, with, with all our partners, including hpe and you know, HPE has, you know, an end really great end to end security story and AMD fits really well into that. You know, if you kind of think about how security all started, you know, in, in the data center, you, you've had strategies around encryption of the, you know, the data in, in flight, the network security, you know, you know, VPNs and, and, and security on the NS. And, and even on the, on the hard drives, you know, data that's at rest. >>You know, encryption has, you know, security has been sort of part of that strategy for a a long time and really for, you know, for ages, nobody really thought about the, the actual data in use, which is, you know, the, the information that's being passed from the C P U to the, the, the memory and, and even in virtualized environments to the, the, the virtual machines that, that everybody uses now. So, you know, for a long time nobody really thought about that app, you know, that third leg of, of encryption. And so a d comes in and says, Hey, you know, this is things that as, as the bad guys are getting more sophisticated, you, you have to start worrying about that, right? And, you know, for example, you know, you know, think, think people think about memory, you know, being sort of, you know, non-persistent and you know, when after, you know, after a certain time, the, the, you know, the, the data in the memory kind of goes away, right? >>But that's not true anymore because even in in memory data now, you know, there's a lot of memory modules that still can retain data up to 90 minutes even after p power loss. And with something as simple as compressed, compressed air or, or liquid nitrogen, you can actually freeze memory dams now long enough to extract the data from that memory module for up, you know, up, up to two or three hours, right? So lo more than enough time to read valuable data and, and, and even encryption keys off of that memory module. So our, our world's getting more complex and you know, more, the more data out there, the more insatiable need for compute and storage. You know, data management is becoming all, all the more important, you know, to keep all of that going and secure, you know, and, and creating security for those threats. It becomes more and more important. And, and again, especially in virtualized environments where, you know, like hyperconverged infrastructure or vir virtual desktop memories, it's really hard to keep up with all those different attacks, all those different attack surfaces. >>It sounds like what you were just talking about is what AMD has been able to do is identify yet another vulnerability Yes. Another attack surface in memory to be able to, to plug that hole for organizations that didn't, weren't able to do that before. >>Yeah. And, you know, and, and we kind of started out with that belief that security needed to be scalable and, and able to adapt to, to changing environments. So, you know, we, we came up with, you know, the, you know, the, the philosophy or the design philosophy that we're gonna continue to build on those security features generational generations and stay ahead of those evolving attacks. You know, great example is in, in the third gen, you know, epic C P U, that family that we had, we actually created this feature called S E V S N P, which stands for SECURENESS Paging. And it's really all around this, this new attack where, you know, your, the, the, you know, it's basically hypervisor based attacks where people are, you know, the bad actors are writing in to the memory and writing in basically bad data to corrupt the mem, you know, to corrupt the data in the memory. So s e V S and P is, was put in place to help, you know, secure that, you know, before that became a problem. And, you know, you heard in the news just recently that that becoming a more and more, more of a bigger issue. And the great news is that we had that feature built in, you know, before that became a big problem. >>And now you're on the fourth gen, those epic crosses talk of those epic processes. Talk to me a little bit about some of the innovations that are now in fourth gen. >>Yeah, so in fourth gen we actually added, you know, on top of that. So we've, we've got, you know, the sec the, the base of our, our, what we call infinity guard is, is all around the secure boot. The, you know, the, the, the, the secure root of trust that, you know, that we, we work with HPE on the, the strong memory encryption and the S E V, which is the secure encrypted virtualization. And so remember those s s and p, you know, incap capabilities that I talked about earlier. We've actually, in the fourth gen added two x the number of sev v s and P guests for even higher number of confidential VMs to support even more customers than before. Right? We've also added more guest protection from simultaneous multi threading or S M T side channel attacks. And, you know, while it's not officially part of Infinity Guard, we've actually added more APEC acceleration, which greatly benefits the security of those confidential VMs with the larger number of VCPUs, which basically means that you can build larger VMs and still be secured. And then lastly, we actually added even stronger a e s encryption. So we went from 128 bit to 256 bit, which is now military grade encryption on top of that. And, you know, and, and that's really, you know, the de facto crypto cryptography that is used for most of the applications for, you know, customers like the US federal government and, and all, you know, the, is really an essential element for memory security and the H B C applications. And I always say if it's good enough for the US government, it's good enough for you. >>Exactly. Well, it's got to be, talk a little bit about how AMD is doing this together with HPE a little bit about the partnership as we round out our conversation. >>Sure, absolutely. So security is only as strong as the layer below it, right? So, you know, that's why modern security must be built in rather than, than, you know, bolted on or, or, or, you know, added after the fact, right? So HPE and a MD actually developed this layered approach for protecting critical data together, right? Through our leadership and, and security features and innovations, we really deliver a set of hardware based features that, that help decrease potential attack surfaces. With, with that holistic approach that, you know, that safeguards the critical information across system, you know, the, the entire system lifecycle. And we provide the confidence of built-in silicon authentication on the world's most secure industry standard servers. And with a 360 degree approach that brings high availability to critical workloads while helping to defend, you know, against internal and external threats. So things like h hp, root of silicon root of trust with the trusted supply chain, which, you know, obviously AMD's part of that supply chain combined with AMD's Infinity guard technology really helps provide that end-to-end data protection in today's business. >>And that is so critical for businesses in every industry. As you mentioned, the attackers are getting more and more sophisticated, the vulnerabilities are increasing. The ability to have a pa, a partnership like H P E and a MD to deliver that end-to-end data protection is table stakes for businesses. David, thank you so much for joining me on the program, really walking us through what am MD is doing, the the fourth gen epic processors and how you're working together with HPE to really enable security to be successfully accomplished by businesses across industries. We appreciate your insights. >>Well, thank you again for having me, and we appreciate the partnership with hpe. >>Well, you wanna thank you for watching our special program HPE Compute Security. I do have a call to action for you. Go ahead and visit hpe com slash security slash compute. Thanks for watching.

(upbeat music) >> Welcome back to theCUBE's continuing coverage of Snowflake Summit 22 live from Caesars Forum in Las Vegas. I'm Lisa Martin with Dave Vellante. We've got a couple of guests joining us now. We're going to be talking about financial services. Rinesh Patel joins us, the Global Head of Financial Services for Snowflake, and Jack Berkowitz, Chief Data Officer at ADP. Guys, welcome to the program. >> Thanks, thanks for having us. >> Thanks for having us. >> Talk to us about what's going on in the financial services industry as a whole. Obviously, we've seen so much change in the last couple of years. What does the data experience look like for internal folks and of course, for those end user consumers and clients? >> So, one of the big things happening inside of the financial services industry is overcoming the COVID wait, right? A lot of banks, a lot of institutions like ours had a lot of stuff on-prem. And then the move to the Cloud allows us to have that flexibility to deal with it. And out of that is also all these new capabilities. So the machine learning revolution has really hit the services industry, right? And so it's affecting how our IT teams or our data teams are building applications. Also really affecting what the end consumers get out of them. And so there's all sorts of consumerization of the experience over the past couple of years much faster than we ever expected it to happen. >> Right, we have these expectations as consumers that bleed into our business lives that I can do transactions. It's going to be on the swipe in terms of checking authenticity, fraud detection, et cetera. And of course we don't want things to go back in terms of how brands are serving us. Talk about some of the things that you guys have put in place with Snowflake in the last couple of years, particularly at ADP. >> Yeah, so one of the big things that we've done, is, one of the things that we provide is compensation data. So we issue a thing called the National Employment Report that informs the world as to what's happening in the U.S. economy in terms of workers. And then we have compensation data on top of that. So the thing that we've been able to do with Snowflake is to lower the time that it takes us to process that and get that information out into the fingertips of people. And so people can use it to see what's changed in terms of with the worker changes, how much people are making. And they can get it very, very quickly. And we're able to do that with Snowflake now. Used to take us weeks, now it's in a matter of moments we can get that updated information out to people. >> Interesting. It helps with the talent war and- >> Helps in the talent war, helps people adjust, even where they're going to put supply chain in reaction to where people are migrating. We can have all of that inside of the Snowflake system and available almost instantaneously. >> You guys announced the Financial Data Cloud last year. What was that like? 'Cause I know we had Frank on early, he clearly was driving the verticalization of Snowflake if you will, which is kind of rare for a relatively new software company but what's that been like? Give us the update on where you're at and biggest vertical, right? >> Absolutely, it's been an exciting 12 months. We're a platform, but the journey and the vision is more. We're trying to bring together a fragmented ecosystem across financial services. The aim is really to bring together key customers, key data providers, key solution providers all across the different Clouds that exist to allow them to collaborate with data in a seamless way. To solve industry problems. To solve industry problems like ESG, to solve industry problems like quantitative research. And we're seeing a massive groundswell of customers coming to Snowflake, looking at the Financial Services Data Cloud now to actually solve business problems, business critical problems. That's really driving a lot of change in terms of how they operate, in terms of how they win customers, mitigate risk and so forth. >> Jack, I think, I feel like the only industry that's sometimes more complicated than security, is data. Maybe not, security's still maybe more fragmented- >> Well really the intersection of the two is a nightmare. >> And so as you look out on this ecosystem, how do you as the chief data officer, how do you and your organization, what process do you use to decide, okay, which of the, like a chef, which of these ingredients am I going to put together for my business. >> It's a great question, right? There's been explosion of companies. We kind of look at it in two ways. One is we want to make sure that the software and the data can interoperate because we don't want to be in the business of writing bridge code. So first thing is, is having the ecosystem so that the things are tested and can work together. The other area is, and it's important to us is understanding the risk profile of that company. We process about 20% of the U.S. payroll, another 25% of the taxes. And so there's a risk to us that we have an imperative to protect. So we're looking at those companies are they financed, what's their management team. What's the sales experience like, that's important to us. And so technology and the experience of the company coming together are super important to us. >> What's your purview as a chief data officer, I mean, a lot of CDOs that I know came out of the back office and it was a compliance or data quality. You come out of industry from a technology company. So you're sort of the modern... You're like the modern CDO. >> Thanks. Thanks. >> Dave: What's your role? >> I appreciate that. >> You know what I'm saying though? >> And for a while it was like, oh yeah, compliance. >> So I actually- >> And then all of a sudden, boom, big deal. >> Yeah, I really have two jobs. So I have that job with data governance but a lot of data security. But I also have a product development unit, a massive business in monetization of data or people analytics or these compensation benchmarks or helping people get mortgages. So providing that information, so that people can get their mortgage, or their bank loans, or all this other type of transactional data. *So it's both sides of that equation is my reading inside. >> You're responsible for building data products? >> That's right. >> Directly. >> That's right. I've got a massive team that builds data products. >> Okay. That's somewhat unique in your... >> I think it's where CDOs need to be. So we build data products. We build, and we assist as a hub to allow other business units to build analytics that help them either optimize their cost or increase their sales. And then we help with all that governance and communication, we don't want to divide it up. There's a continuum to it. >> And you're a peer of the CIO and the CISO? >> Yeah, exactly. They're my peers. I actually talk to them almost every day. So I've got the CIO as a peer. >> It's a team. >> I've got the security as a peer and we get things done together. >> Talk about the alignment with business. We've been talking a lot about alignment with the data folks, the business folks, the technical folks to identify the right solutions, to be able to govern data, to monetize it, to create data products. What does that... You mentioned a couple of your cohorts, but on the business side, who are some of those key folks? >> So we're like any other big, big organization. We have lots of different business units. So we work directly with either the operational team or the heads of those business units to divine analytic missions that they'll actually execute. And at the same time, we actually have a business unit that's all around data monetization. And so I work with them every single day. And so these business units will come together. I think the big thing for us is to define value and measure that value as we go. As long as we're measuring that value as we go, then we can continue to see improvements. And so, like I said, sometimes it's bottom line, sometimes it's top line, but we're involved. Data is actually a substrate of the company. It's not a side thing to the company. >> Yeah, you are. >> ADP. >> Yeah but if they say data first but you really are data first. >> Yeah. I mean, our CEO says- >> Data's your product. >> Data's our middle name. And it literally is. >> Well, so what do you do in the Snowflake financial services data Cloud? Are you monetizing? >> Yeah. >> What's the plan? >> Yeah, so we have clients. So part of our data monetization is actually providing aggregate and anonymized information that helps other clients make business decisions. So they'll take it into their analytics. So, supply chain optimization, where should we actually put the warehouses based on the population shifts? And so we're actually using the file distribution capabilities or the information distribution, no longer files, where we use Snowflake to actually be that data cloud for those clients. So the data just pops up for our other clients. >> I think the industry's existed a lot with the physical movement of data. When you physically move data, you also physically move the data management challenges. Where do you store it? How do you map it? How do you concord it? And ultimately data sharing is taking away that friction that exists. So it's easier to be able to make informed decisions with the data at hand across two counterparties. >> Yeah, and there's a benefit to us 'cause it lowers our friction. We can have a conversation and somebody can be... Obviously the contracts have to be signed, but once they get done, somebody's up and running on it within minutes. And where it used to be, as you were saying, the movement of data and loss of control, we never actually lose control of it. We know where it is. >> Or yeah, contracts signed, now you got to go through this long process of making sure everything's cool, or a lot of times it could slow down the sale. >> That's right. >> Let's see how that's going to... Let's do a little advanced work. Now you're working without a contract. Here, you can say, "Hey, we're in the Snowflake data cloud. It's governed, you're a part of the ecosystem." >> Yeah, and the ecosystem we announced, oh gee, I think it's probably almost a year and a half ago, a relationship with ICE, Intercontinental Exchange, where they're actually taking our information and their information and creating a new data product that they in turn sell. So you get this sort of combination. >> Absolutely. The ability to form partnerships and monetize data with your partners vastly increases as a consequence. >> Talk to us about the adoption of the financial services data cloud in the last what, maybe nine months or so, since it was announced? And also in terms of the its value proposition, how does the ADP use case articulate that? >> So, very much so. So in terms of momentum, we're a global organization, as you mentioned, we are verticalized. So we have increasingly more expertise and expertise experience now within financial services that allows us to really engage and accelerate our momentum with the top banks, with the biggest asset managers by AUM, insurance companies, sovereign wealth funds on Snowflake. And obviously those data providers and solution providers that we engage with. So the momentum's really there. We're really moving very, very fast in a great market because we've got great opportunity with the capabilities that we have. I mean, ADP is just one of many use cases that we're working with and collaborations that we're taking to market. So yeah, the opportunity to monetize data and help our partners monetize the data has vastly increased within this space. >> When you think about... Oh go ahead, please. >> Yeah I was just going to say, and from our perspective, as we were getting into this, Snowflake was with us on the journey. And that's been a big deal. >> So when you think about data privacy, governance, et cetera, and public policy, it seems like you have, obviously you got things going on in Europe, and you got California, you have other states, there's increasing in complexity. You guys probably love that. (Dave laughs) More data warehouses, but where are we at with that whole? >> It's a great question. Privacy is... We hold some of the most critical information about people because that's our job to help people get paid. And we respect that as sort of our prime agenda. Part of it deals with the technology. How do you monitor, how do you see, make sure that you comply with all these regulations, but a lot of it has to do with the basic ethics of why you're doing and what you're doing. So we have a data and AI ethics board that meets and reviews our use cases. Make sure not only are we doing things properly to the regulation, but are these the types of products, are these the types of opportunities that we as a company want to stand behind on behalf of the consumers? Our company's been around 75 years. We talk about ourselves as a national asset. We have a trust relationship. We want to ensure that that trust relationship is never violated. >> Are you in a position where you can influence public policy and create more standards or framework. >> We actually are, right. We issue something every month called the National Employment Report. It actually tells you what's happening in the U.S. economy. We also issue it in some overseas countries like France. Because of that, we work a lot with various groups. And we can help shape, either data policy, we're involved in understanding although we don't necessarily want to be out in the front, but we want to learn about what's happening with federal trade commission, EOC, because at the end of the day we serve people, I always joke ADP, it's my grandfather's ADP. Well, it was actually my grandfather's ADP. (Dave laughs) He was a small businessman, and he used a ADP all those years ago. So we want to be part of that conversation because we want to continue to earn that trust every day. >> Well, plus your observation space is pretty wide. >> And you've got context and perspective on that that you can bring. >> We move somewhere between two, two and a half trillion dollars a year through our systems. And so we understand what's happening in the economy. >> What are some of the, oh sorry. >> Can your National Employment Report combined with a little Snowflake magic tell us what the hell's going to happen with this economy? >> It's really interesting you say that. Yeah, we actually can. >> Okay. (panelists laugh) >> I think when you think about the amount of data that we are working with, the types of partners that we're working with, the opportunities are infinite. They really, really are. >> So it's either a magic eight ball or it's a crystal ball, but you have it. >> We think- >> We've just uncovered that here on theCUBE. >> We think we have great partners. We have great data. We have a set of industry problems out there that we're working, collaboration with the community to be able to solve. >> What are some of the upcoming use cases Rinesh, that excite you, that are coming up in financial services- >> Great question. >> That snowflake is just going to knock out of the park. >> So look, I think there's a set of here and now problems that the industry faces, ESG's a good one. If you think about ESG, it means many different things from business ethics, to diversity, to your carbon footprint and every asset manager has to make sure they have now some form of green strategy that reflects the values of their investors. And every bank is looking to put in place sustainable lending to help their corporate customers transition. That's a big data problem. And so we're very much at the center of helping those organizations support those informed investors and help those corporates transition to a more sustainable landscape. >> Let me give you an example on Snowflake, we launched capabilities about diversity benchmarks. The first time in the industry companies can understand for their industry, their size, their location what their diversity profile looks like and their org chart profile looks like to differentiate or at least to understand are they doing the right things inside the business. The ability for banks to understand that and everything else, it's a big deal. And that was built on Snowflake. >> I think it's massive, especially in the context of the question around regulation 'cause we're seeing more and more disclosure agreements come out where regulators are making sure that there's no greenwashing taking place. So when you have really strong sources of data that are standardized, that allow that investment process to ingest that data, it does allow for a better outcome for investors. >> Real data, I mean, that diversity example they don't have to rely on a survey. >> It's not a survey. >> Anecdotes. >> It's coming right out of the transactional systems and it's updated, whenever those paychecks are run, whether it's weekly, whether it's biweekly or monthly, all that information gets updated and it's available. >> So it sounds like ADP is a facilitator of a lot of companies ESG initiatives, at least in part? >> Well, we partner with companies all the time. We have over 900,000 clients and all of them are... We've never spoken to a client who's not concerned about their people. And that's just good business. And so, yeah we're involved in that and we'll see where it goes over time now. >> I think there's tremendous opportunity if you think about the data that the ADP have in terms of diversity, in terms of gender pay gap. Huge, huge opportunity to incorporate that, as I said into the ESG principles and criteria. >> Good, 'cause that definitely is what needs to be addressed. (Lisa laughs) Guys thank you so much for joining Dave and me on the program, talking about Snowflake ADP, what you're doing together, and the massive potential that you're helping unlock with the value of data. We appreciate your insights and your time. >> Thank you for having us. >> Dave: Thanks guys. >> Thank you so much. >> For our guests, and Dave Vellante, I'm Lisa Martin. You're watching theCUBE, live in Las Vegas at Snowflake Summit 22. Dave and I will be right back with our next guest. (upbeat music)

(upbeat music) >> Welcome back to theCUBE's coverage of VEEMON 2022. We're here at the Aria in Las Vegas. Dave Vellante with David Nicholson, my co-host for the week, two days at wall to wall coverage. Jason Buffington is here, JBuff, who does some amazing work for VEEAM, former Analyst from the Enterprise Strategy Group. So he's got a real appreciation for independence data, and we're going to dig into some data. You guys, I got to say, Jason, first of all, welcome back to theCUBE. It's great to see you again. >> Yeah, two and a half years, thanks for having me back. >> Yeah, that's right. (Jason laughs) Seems like a blur. >> No doubt. >> But so here's the thing as analysts, you can appreciate this, the trend is your friend, right? and everybody just inundates you with now, ransomware. It's the trend. So you get everybody's talking about the ransomware, cyber resiliency, immutability, air gaps, et cetera. Okay, great. Technology's there, it's kind of like the NFL, everybody kind of does the same thing. >> There's a lot of wonderful buzzwords in that sentence. >> Absolutely, but what you guys have done that's different is you brought in some big time thought leadership, with data and survey work which of course as an analyst we love, but you drive strategies off of this. So you got to, I'll set it up. You got a new study out that's pivoted off of February study of 3,600 organizations, and then you follow that up with a thousand organizations that actually got hit with ransomware. So tell us more about the study and the work that you've done there. >> Yeah, I got to say I have the best job ever. So I spent seven years as an analyst. And when I decided I didn't want to be an analyst anymore, I called VEEAM and said, I'd like to get in the fight and they let me in. But they let me do independent research on their behalf. So it's kind of like being an in-house counsel. I'm an in-house analyst. And for the beginning of this year, in February, we published a report called the Data Protection Trends Report. And it was over 3000 responses, right? 28 countries around the world looking at digital transformation, the effects of COVID, where are they are on BAS and DRS. But one of the new areas we wanted to look at was how pervasive is ransomware? How does that align with BCDR overall? So some of those just big thought questions that everyone's trying to solve for. And out of that, we said, "Wow, this is really worth double clicking." And so today, actually about an hour ago we published the Ransomware Trends Report and it's a thousand organizations all of which have all been survived. They all had a ransomware attack. One of the things I think I'm most proud of for VEEAM in this particular project, we use an independent research firm. So no one knows it's VEEAM that's asking the questions. We don't have any access to the respondents along the way. I wish we did, right? >> Yeah, I bet >> Go sell 'em back up software. But of the thousands 200 were CISOs, 400 were security professionals which we don't normally interact with, 200 backup admins, 200 IT ops, and the idea was, "Okay, you've all been through a really bad day. Tell us from your four different views, how did that go? What did you solve for? What did you learn? What are you moving forward with?" And so, yeah, some great learnings all around helping us understand how do we deliver solutions that meet their needs? >> I mean, there's just not enough time here to cover all this data. And I think I like about it is, like you said, it's a blind survey. You used an independent third party whom I know they're really good. And you guys are really honest about it. It's like, it was funny that the analyst called today for the analyst meeting when Danny was saying if 54% and Dave Russell was like, it's 52%, actually ended up being 53%. (Jason laughs) So, whereas many companies would say 75%. So anyway, what were some of the more striking findings of that study? Let's get into it a little bit. >> So a couple of the ones that were really startling for me, on average about one in four organizations say they have not been hit. But since we know that ransomware has a gestation for around 200 days from first intrusions, so when you have that attack, 25% may be wrong. That's 25% in best case. Another 16% said they only got hit once in the last year. And that means 60%, right on the money got hit more than once per year. And so when you think about it's like that school bully Once they take your lunch money once and they want lunch money, again, they just come right back again. Did you fix this hole? Did you fix that hole? Cool, payday. And so that was really, really scary. Once they get in, on average organizations said 47% of their production data was encrypted. Think about that. So, and we tested for, hey, was it in the, maybe it's just in the ROBO. So on the edge where the tech isn't as good, or maybe it's in the cloud because it's in a broad attack surface. Whatever it is, turns out, doesn't matter. >> So this isn't just nibbling around the edges. >> No. >> This is going straight to the heart of the enterprise. >> 47% of production data, regardless of where it's stored, data center ROBO or cloud, on average was encrypted. But what I thought was really interesting was when you look at the four personas, the security professional and the backup admin. The person responsible for prevention or mediation, they saw a much higher rate of infection than the CSOs and the IT pros, which I think the meta point there is the closer you are to the problem. the worst this is. 47% is bad. it's worse than that. As you get closer to it. >> The other thing that struck me is that a large proportion of, I think it was a third of the companies that paid ransom. >> Oh yeah. >> Weren't able to recover it. Maybe got the keys and it didn't work or maybe they never got the keys. >> That's crazy too. And I think one thing that a lot of folks, you watch the movies and stuff and you think, "Oh, I'm going to pay the Bitcoin. I'm going to get this magic incantation key and all of a sudden it's like it never happened. That is not how this works. And so yeah. So the question actually was did you pay and did it work right? And so 52%, just at half of organization said, yes. I paid and I was able to recover it. A third of folks, 27%. So a third of those that paid, they paid they cut the check, they did the ransom, whatever, and they still couldn't get back. Almost even money by the way. So 24% paid, but could not get back. 19% did not pay, but recovered from backup. VEEAM's whole job for all of 2022 and 23 needs to be invert that number and help the other 81% say, "No, I didn't pay I just recovered." >> Well, in just a huge number of cases they attacked the backup Corpus. >> Yes. >> I mean, that's was... >> 94% >> 94%? >> 94% of the time, one of the first intrusions is to attempt to get rid of the backup repository. And in two thirds of all cases the back repository is impacted. And so when I describe this, I talk about it this way. The ransomware thief, they're selling a product. They're selling your survivability as a product. And how do you increase the likelihood that you will buy what they're selling? Get rid of the life preserver. Get rid of their only other option 'cause then they got nothing left. So yeah, two thirds, the backup password goes away. That's why VEEAM is so important around cloud and disk and tape, immutable at every level. How we do what we do. >> So what's the answer here. We hear things like immutability. We hear terms like air gap. We heard, which we don't hear often, is orchestrated recovery and automated recovery. I wonder if you could get, I want to come back to... So, okay. So you're differentiating with some thought leadership, that's nice. >> Yep. >> Okay, good. Thank you. The industry thanks you for that free service. But how about product and practices? How does VEEAM differentiate in that regard? >> Sure. Now full disclosure. So when you download that report, for every five or six pages of research, the marketing department is allowed to put in one paragraph. It says, this is our answer. They call the VEEAM perspective. That's their rebuttal. To five pages of research, they get one paragraph, 250 word count and you're done. And so there is actually a commercial... >> We're here to buy here in. (chuckles) >> To the back of that. It's how we pay for the research. >> Everybody sells an onset. (laughs) >> All right. So let's talk about the tech that actually matters though, because there actually are some good insights there. Certainly the first one is immutability. So if you don't have a survivable repository you have no options. And so we provide air gaping, whether you are cloud based. So your favorite hyper-scale or one of the tens of thousands of cloud service providers that offer VEEAM products. So you can have, immutability at the cloud layer. You can certainly have immutability at the object layer on-prem or disk. We're happy to use all your favorite DDoS and then tape. It is hard to get more air-gaped and take the tape out drive, stick it on a shelf or stick it in a white van and have it shipped down the street. So, and the fact that we aren't dependent on any architecture, means choose your favorite cloud, choose your favorite disc, choose your favorite tape and we'll make all of 'em usable and defendable. So that's super key Number one. Super key number two there's three. >> So Platform agnostic essentially. >> Yeah. >> Cloud platform agenda, >> Any cloud, any physical, we work happily with everybody. Just here for your data. So, now you know you have at least a repository, which is not affectable. The next thing is you need to know, do you actually have recoverable data? And that's two different questions. >> How do you know? Right, I mean... >> You don't. So one of my colleagues, Chris Hoff, talks about how you can have this Nalgene bottle that makes sure that no water spills. Do you know that that's water? Is it vodka? Is it poison? You don't know. You just know that nothing's spilling out of it. That's an immutable repository. Then you got to know, can you actually restore the data? And so automating test restores every night, not just did the backup log work. Only 16% actually test their backups. That breaks my heart. That means 84% got it wrong. >> And that's because it just don't have the resource or sometimes testing is dangerous. >> It can be dangerous. It can also just be hard. I mean, how do you spend something up without breaking what's already live. So several years ago, VEEAM created the sandbox is what we call a data lab. And so we create a whole framework for you with a proxy that goes in you can stand up whatever you want. You can, if file exists, you can ping it, you can ODBC SQL, you can map the exchange. I mean, you can, did it actually come up. >> You can actually run water through the recovery pipes. >> Yes. >> And tweak it so that it actually works. >> Exactly. So that's the second thing. And only 16% of organizations do. >> Wow. >> And then the third thing is orchestration. So there's a lot of complexity that happens when you recover one workload. There is a stupid amount of complexity happens when you try cover a whole site or old system, or I don't know, 47% of your infrastructure. And so what can you do to orchestrate that to remediate that time? Those are the three things we found. >> So, and that orchestration piece, a number of customers that were in the survey were trying to recover manually. Which is a formula for failure. A number of, I think the largest percentage were scripts which I want you to explain why scripts are problematic. And then there was a portion that was actually doing it right. Maybe it was bigger, maybe it was a quarter that was doing orchestrated recovery. But talk about why scripts are not the right approach. >> So there were two numbers in there. So there was 16% test the ability to recover, 25% use orchestration as part of the recovery process. And so the problem where it is, is that okay, if I'm doing it manually, think about, okay, I've stood back up these databases. Now I have to reconnect the apps. Now I have to re IP. I mean, there's lots of stuff to stand up any given application. Scripts says, "Hey, I'm going to write those steps down." But we all know that, that IT and infrastructure is a living breathing thing. And so those scripts are good for about the day after you put the application in, and after that they start to gather dust pretty quick. The thing about orchestration is, if you only have a script, it's as frequently as you run the script that's all you know. But if you do a workflow, have it run the workflow every night, every week, every month. Test it the same way. That's why that's such a key to success. And for us that's VEEAM disaster recovery orchestra tour. That's a product that orchestrates all the stuff that VEEAM users know and love about our backend recovery engine. >> So imagine you're, you are an Excel user, you're using macros. And I got to go in here, click on that, doing this, sort of watching you and it repeats that, but then something changes. New data or new compliance issue, whatever... >> That got renamed directly. >> So you're going to have to go in and manually change that. How do you, what's the technology behind automated orchestration? What's the magic there? >> The magic is a product that we call orchestrator. And so it actually takes all of those steps and you actually define each step along the way. You define the IP addresses. You define the paths. You define where it's going to go. And then it runs the job in test mode every night, every week, whatever. And so if there's a problem with any step along the way, it gives you the report. Fix those things before you need it. That's the power of orchestrator. >> So what are you guys doing with this study? What can we expect? >> So the report came out today. In a couple weeks, we'll release regional versions of the same data. The reason that we survey at scale is because we want to know what's different in a PJ versus the Americas versus Europe and all those different personas. So we'll be releasing regional versions of the data along the way. And then we'll enable road shows and events and all the other stuff that happens and our partners get it so they can use it for consulting, et cetera. >> So you saw differences in persona. In terms of their perception, the closer you were to the problem, the more obvious it was, did you have enough end to discern its pearly? I know that's why you're due the drill downs but did you sense any preliminary data you can share on regions as West getting hit harder or? >> So attack rate's actually pretty consistent. Especially because so many criminals now use ransomware as a service. I mean, you're standing it up and you're spreading wide and you're seeing what hits. Where we actually saw pretty distinct geographic problems is the cloud is not of as available in all segments. Expertise around preventative measures and remediation is not available in all segments, in all regions. And so really geographic split and segment split and the lack of expertise in some of the more advanced technologies you want to use, that's really where things break down. Common attack plane, uncommon disadvantage in recovery. >> Great stuff. I want to dig in more. I probably have a few more questions if you don't mind, I can email you or give you a call. It's Jason Buffington. Thanks so much for coming on theCUBE. >> Thanks for having me. >> All right, keep it right there. You're watching theCUBE's live coverage of VEEAMON 2022. We're here in person in Las Vegas, huge hybrid audience. Keep it right there, be right back. (upbeat music)

>> Welcome to this Cube Conversation, I'm Lisa Martin. I'm joined by Derek Manky next, the Chief Security Insights and Global Threat Alliances at Fortiguard Labs. Derek, welcome back to the program. >> Hey, it's great to be here again. A lot of stuff's happened since we last talked. >> So Derek, one of the things that was really surprising from this year's Global Threat Landscape Report is a 10, more than 10x increase in ransomware. What's going on? What have you guys seen? >> Yeah so this is massive. We're talking over a thousand percent over a 10x increase. This has been building Lisa, So this has been building since December of 2020. Up until then we saw relatively low high watermark with ransomware. It had taken a hiatus really because cyber criminals were going after COVID-19 lawyers and doing some other things at the time. But we did see a seven fold increase in December, 2020. That has absolutely continued this year into a momentum up until today, it continues to build, never subsided. Now it's built to this monster, you know, almost 11 times increase from, from what we saw back last December. And the reason, what's fueling this is a new verticals that cyber criminals are targeting. We've seen the usual suspects like telecommunication, government in position one and two. But new verticals that have risen up into this third and fourth position following are MSSP, and this is on the heels of the Kaseya attack of course, that happened in 2021, as well as operational technology. There's actually four segments, there's transportation, automotive, manufacturing, and then of course, energy and utility, all subsequent to each other. So there's a huge focus now on, OT and MSSP for cyber criminals. >> One of the things that we saw last year this time, was that attackers had shifted their focus away from enterprise infrastructure devices, to home networks and consumer grade products. And now it looks like they're focusing on both. Are you seeing that? >> Yes, absolutely. In two ways, so first of all, again, this is a kill chain that we talk about. They have to get a foothold into the infrastructure, and then they can load things like ransomware on there. They can little things like information stealers as an example. The way they do that is through botnets. And what we reported in this in the first half of 2021 is that Mirai, which is about a two to three-year old botnet now is number one by far, it was the most prevalent botnet we've seen. Of course, the thing about Mirai is that it's an IOT based botnet. So it sits on devices, sitting inside consumer networks as an example, or home networks, right. And that can be a big problem. So that's the targets that cyber criminals are using. The other thing that we saw that was interesting was that one in four organizations detected malvertising. And so what that means Lisa, is that cyber criminals are shifting their tactics from going just from cloud-based or centralized email phishing campaigns to web born threats, right. So they're infecting sites, waterhole attacks, where, you know, people will go to read their daily updates as an example of things that they do as part of their habits. They're getting sent links to these sites that when they go to it, it's actually installing those botnets onto those systems, so they can get a foothold. We've also seen scare tactics, right. So they're doing new social engineering lures, pretending to be human resource departments. IT staff and personnel, as an example, with popups through the web browser that look like these people to fill out different forms and ultimately get infected on home devices. >> Well, the home device use is proliferate. It continues because we are still in this work from home, work from anywhere environment. Is that, you think a big factor in this increase from 7x to nearly 11x? >> It is a factor, absolutely. Yeah, like I said, it's also, it's a hybrid of sorts. So a lot of that activity is going to the MSSP angle, like I said to the OT. And to those new verticals, which by the way, are actually even larger than traditional targets in the past, like finance and banking, is actually lower than that as an example. So yeah, we are seeing a shift to that. And like I said, that's, further backed up from what we're seeing on with the, the botnet activity specifically with Mirai too. >> Are you seeing anything in terms of the ferocity, we know that the volume is increasing, are they becoming more ferocious, these attacks? >> Yeah, there is a lot of aggression out there, certainly from, from cyber criminals. And I would say that the velocity is increasing, but the amount, if you look at the cyber criminal ecosystem, the stakeholders, right, that is increasing, it's not just one or two campaigns that we're seeing. Again, we're seeing, this has been a record cases year, almost every week we've seen one or two significant, cyber security events that are happening. That is a dramatic shift compared to last year or even, two years ago too. And this is because, because the cyber criminals are getting deeper pockets now. They're becoming more well-funded and they have business partners, affiliates that they're hiring, each one of those has their own methodology, and they're getting paid big. We're talking up to 70 to 80% commission, just if they actually successfully, infect someone that pays for the ransom as an example. And so that's really, what's driving this too. It's a combination of this kind of perfect storm as we call it, right. You have this growing attack surface, work from home environments and footholds into those networks, but you have a whole bunch of other people now on the bad side that are orchestrating this and executing the attacks too. >> So what can organizations do to start- to slow down or limit the impacts of this growing ransomware as a service? >> Yeah, great question. Everybody has their role in this, I say, right? So if we look at, from a strategic point of view, we have to disrupt cyber crime, how do we do that? It starts with the kill chain. It starts with trying to build resilient networks. So things like ZTA and a zero trust network access, SD-WAN as an example for protecting that WAN infrastructure. 'Cause that's where the threats are floating to, right. That's how they get the initial footholds. So anything we can do on the preventative side, making networks more resilient, also education and training is really key. Things like multi-factor authentication are all key to this because if you build that preventatively and it's a relatively small investment upfront Lisa, compared to the collateral damage that can happen with these ransomware paths, the risk is very high. That goes a long way, it also forces the attackers to- it slows down their velocity, it forces them to go back to the drawing board and come up with a new strategy. So that is a very important piece, but there's also things that we're doing in the industry. There's some good news here, too, that we can talk about because there's things that we can actually do apart from that to really fight cyber crime, to try to take the cyber criminals offline too. >> All right, hit me with the good news Derek. >> Yeah, so a couple of things, right. If we look at the botnet activity, there's a couple of interesting things in there. Yes, we are seeing Mirai rise to the top right now, but we've seen big problems of the past that have gone away or come back, not as prolific as before. So two specific examples, EMOTET, that was one of the most prolific botnets that was out there for the past two to three years, there is a take-down that happened in January of this year. It's still on our radar but immediately after that takedown, it literally dropped to half of the activity it had before. And it's been consistently staying at that low watermark now at that half percentage since then, six months later. So that's very good news showing that the actual coordinated efforts that were getting involved with law enforcement, with our partners and so forth, to take down these are actually hitting their supply chain where it hurts, right. So that's good news part one. Trickbot was another example, this is also a notorious botnet, takedown attempt in Q4 of 2020. It went offline for about six months in our landscape report, we actually show that it came back online in about June this year. But again, it came back weaker and now the form is not nearly as prolific as before. So we are hitting them where it hurts, that's that's the really good news. And we're able to do that through new, what I call high resolution intelligence that we're looking at too. >> Talk to me about that high resolution intelligence, what do you mean by that? >> Yeah, so this is cutting edge stuff really, gets me excited, keeps me up at night in a good way. 'Cause we we're looking at this under the microscope, right. It's not just talking about the what, we know there's problems out there, we know there's ransomware, we know there's a botnets, all these things, and that's good to know, and we have to know that, but we're able to actually zoom in on this now and look at- So we, for the first time in the threat landscape report, we've published TTPs, the techniques, tactics, procedures. So it's not just talking about the what, it's talking about the how, how are they doing this? What's their preferred method of getting into systems? How are they trying to move from system to system? And exactly how are they doing that? What's the technique? And so we've highlighted that, it's using the MITRE attack framework TTP, but this is real time data. And it's very interesting, so we're clearly seeing a very heavy focus from cyber criminals and attackers to get around security controls, to do defense innovation, to do privilege escalation on systems. So in other words, trying to be common administrator so they can take full control of the system. As an example, lateral movement, there's still a preferred over 75%, 77 I believe percent of activity we observed from malware was still trying to move from system to system, by infecting removable media like thumb drives. And so it's interesting, right. It's a brand new look on these, a fresh look, but it's this high resolution, is allowing us to get a clear image, so that when we come to providing strategic guides and solutions in defense, and also even working on these takedown efforts, allows us to be much more effective. >> So one of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. You said, I don't think that we've hit that ceiling yet, but are we at an inflection point? Data showing that we're at an inflection point here with being able to get ahead of this? >> Yeah, I would like to believe so, there is still a lot of work to be done unfortunately. If we look at, there's a recent report put out by the Department of Justice in the US saying that, the chance of a criminal to be committing a crime, to be caught in the US is somewhere between 55 to 60%, the same chance for a cyber criminal lies less than 1%, well 0.5%. And that's the bad news, the good news is we are making progress in sending messages back and seeing results. But I think there's a long road ahead. So, there's a lot of work to be done, We're heading in the right direction. But like I said, they say, it's not just about that. It's, everyone has their role in this, all the way down to organizations and end users. If they're doing their part of making their networks more resilient through this, through all of the, increasing their security stack and strategy. That is also really going to stop the- really ultimately the profiteering that wave, 'cause that continues to build too. So it's a multi-stakeholder effort and I believe we are getting there, but I continue to still, I continue to expect the ransomware wave to build in the meantime. >> On the end-user front, that's always one of the vectors that we talk about, it's people, right? There's so much sophistication in these attacks that even security folks and experts are nearly fooled by them. What are some of the things that you're saying that governments are taking action on some recent announcements from the White House, but other organizations like Interpol, the World Economic Forum, Cyber Crime Unit, what are some of the things that governments are doing that you're seeing that as really advantageous here for the good guys? >> Yeah, so absolutely. This is all about collaboration. Governments are really focused on public, private sector collaboration. So we've seen this across the board with Fortiguard Labs, we're on the forefront with this, and it's really exciting to see that, it's great. There's always been a lot of will to work together, but we're starting to see action now, right? Interpol is a great example, they recently this year, held a high level forum on ransomware. I actually spoke and was part of that forum as well too. And the takeaways from that event were that we, this was a message to the world, that public, private sector we need. They actually called ransomware a pandemic, which is what I've referred to it as before in itself as well too. Because it is becoming that much of a problem and that we need to work together to be able to create action, action against this, measure success, become more strategic. The World Economic Forum were leading a project called the Partnership Against Cyber Crime Threat Map Project. And this is to identify, not just all this stuff we talked about in the threat landscape report, but also looking at, things like, how many different ransomware gangs are there out there. What do the money laundering networks look like? It's that side of the supply chain to map out, so that we can work together to actually take down those efforts. But it really is about this collaborative action that's happening and it's innovation and there's R&D behind this as well, that's coming to the table to be able to make it impactful. >> So it sounds to me like ransomware is no longer a- for any organization in any industry you were talking about the expansion of verticals. It's no longer a, "If this happens to us," but a matter of when and how do we actually prepare to remediate, prevent any damage? >> Yeah, absolutely, how do we prepare? The other thing is that there's a lot of, with just the nature of cyber, there's a lot of connectivity, there's a lot of different, it's not just always siloed attacks, right. We saw that with Colonial obviously, this year where you have attacks on IT, that can affect consumers, right down to consumers, right. And so for that very reason, everybody's infected in this. it truly is a pandemic I believe on its own. But the good news is, there's a lot of smart people on the good side and that's what gets me excited. Like I said, we're working with a lot of these initiatives. And like I said, some of those examples I called up before, we're actually starting to see measurable progress against this as well. >> That's good, well never a dull day I'm sure in your world. Any thing that you think when we talk about this again, in a few more months of the second half of 2021, anything you predict crystal ball wise that we're going to see? >> Yeah, I think that we're going to continue to see more of the, I mean, ransomware, absolutely, more of the targeted attacks. That's been a shift this year that we've seen, right. So instead of just trying to infect everybody for ransom, as an example, going after some of these new, high profile targets, I think we're going to continue to see that happening from the ransomware side and because of that, the average costs of these data breaches, I think they're going to continue to increase, it already did in 2021 as an example, if we look at the cost of a data breach report, it's gone up to about $5 million US on average, I think that's going to continue to increase as well too. And then the other thing too is, I think that we're going to start to see more, more action on the good side like we talked about. There was already a record amount of takedowns that have happened, five takedowns that happened in January. There were arrests made to these business partners, that was also new. So I'm expecting to see a lot more of that coming out towards the end of the year too. >> So as the challenges persist, so do the good things that are coming out of this. Where can folks go to get this first half 2021 Global Threat Landscape? What's the URL that they can go to? >> Yeah, you can check it out, all of our updates and blogs including the threat landscape reports on blog.fortinet.com under our threat research category. >> Excellent, I read that blog, it's fantastic. Derek, always a pleasure to talk to you. Thanks for breaking this down for us, showing what's going on. Both the challenging things, as well as the good news. I look forward to our next conversation. >> Absolutely, it was great chatting with you again, Lisa. Thanks. >> Likewise for Derek Manky, I'm Lisa Martin. You're watching this Cube Conversation. (exciting music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomena that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke at it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

(gentle music) >> Welcome to theCUBE's coverage of PagerDuty Summit. I'm your host for "theCUBE", Natalie Erlich. And now we're joined by the CEO and Chairperson for PagerDuty. We're joined by Jennifer Tejada. Thanks very much for joining the program. >> Hi, Natalie. It's great to have you, and "theCUBE", with us again. >> Fantastic, well, let's do an overview of what PagerDuty does and how it's helping its customers. >> Well, PagerDuty is a digital operations management platform. And what that means is that we use software to detect real-time issues and events from the complex ecosystem of technology that's really hard for humans to manage. We then intelligently orchestrate that work to the right teams, the right people with the right expertise, in the moments that matter the most to your business. And that's become especially important as the whole world has moved to a digital-first world. I mean, pretty much everything we do we can experience on demand today but that's only made possible through the complex technology and infrastructure that's managed and operated by responders all over the world. And PagerDuty's digital operation solution communicates issues in real time to ensure a perfect customer experience every time. >> Terrific, and if you could go through some of the key features like on-call management, incident response, event intelligence and analytics, it would be really great. >> Sure, so, our heritage started with automation of the on-call situation for engineers. So, back in the day, many organizations had software engineers building apps, platforms, infrastructure, but then they would throw that over the wall to an ops team who would manage it in production. That led to poor code quality, it led to lots of challenges when people would release software in the middle of the night on a Saturday, et cetera. And it meant that it took a very long time for companies to manually get a problem into the hands of the right person to solve it. We automated all of that using an API-based ecosystem that connects to over 460 of the most popular applications, observability stacks, monitoring systems, security applications, ticketing environments, cloud environments, et cetera. And so, all of that is now seamless. What that data enabled us to do was build an event management solution, which we call Event Intelligence, which now uses AI and machine learning to help responders understand the nature of all the different events coming at them. So, for instance, instead of seeing 100 events coming at you from 16 different monitoring environments in your infrastructure, PagerDuty will use AI to know that of those 175 are part of the same incident. They're events conspiring to becoming a business-impacting incident. And that allows our teams to get ahead of things, to become proactive versus reactive. We've also built analytics into our solution which helps our customers benchmark themselves and their operational efficiency versus their peer group. It helps them measure the health of their teams and understand which services are causing them the biggest challenges and the most expense whether that's labor expense or customer impact. And most recently, we've been really thrilled with our acquisition of Rundeck which helps us automate the remediation of events which now means that PagerDuty can automate incident management and incident response, both upstream, in terms of identifying events as they flow in, and also downstream, safe self-healing of infrastructure, application and platform environments to get things back to the way they need to work in order to serve end customers and serve employees across an enterprise. We're really excited as our vision has expanded to become the ubiquitous platform, the de facto platform, for real-time work. And what we've seen over the years is our customers coming up with very imaginative ways to use our software to solve real-time unstructured, unpredictable work across the company. That can be legal teams managing across different geographies and business units to close contracts at the end of the quarter, it could be financial services companies that are managing their physical security as well as their digital security through PagerDuty where time really, really matters if you have a data breach or a potential physical security incident. It could be customer service where customer service and support teams are working very closely with engineering teams to identify issues that are causing customers problems and to manage those issues collaboratively so that the customer experience is protected. So, just some examples of how PagerDuty is getting leveraged. And we're really excited to talk about some new innovations at Summit. >> Terrific, well, you really have your thumb on the pulse of corporate America, and as you know, last year, we talked about the pandemic and now we're looking at going back to the workforce, we're looking at the future of work. What does that look like for you? >> Well, the future of work is here and one thing is for sure, it has changed permanently. I think we all learned from the past year that remote work can provide a lot of flexibility and can level the playing field for people all around the world. It means you can access talent from different geographies. It means you can have a different level of work-life balance, but it also comes with its own set of complications. And one of the reasons we pulled Summit earlier from September into June was we really wanted to be a part of this kind of grand moment of reopening that we're seeing around the world. And that means that every organization that we're working with is redesigning their future. But that didn't start today, that started several months ago, as companies learned from their remote work experience, learned from their on-demand experience in dealing with their own customers. And it took some of those innovations and brought them forward into kind of the new design for the way teams will work, the way brands interact with their customers. And at Summit, you're going to hear us discuss why now is the moment, now is the moment to harness your digital acceleration because that's really the way that business is getting done. I mean, frankly, every business is now a software business and all business is now digital business. And PagerDuty has proven itself as the essential infrastructure on which all companies, all brands, can build their success. And as we widen our aperture we think about building the platform for not just today's challenges, but tomorrow's challenges. So, at Summit, you'll hear us talking a lot about resilience and how your entire organization and your brand will be judged on your ability to stand up a resilient business, a resilient brand experience for your customers. Today, uptime is money and resilience and reliability are the currency of tomorrow. We're entering into this era where autonomy is everything when it comes to work. I mean, employees, and generally humans, do not want to be stuck managing mundane tasks. And the hybrid work arrangements that we're anticipating mean that PagerDuty's platform will become even more essential for customers because hybrid work drives more complexity. It means your teams are distributed, they maybe distributed across regions, co-located, remote at home, in different time zones. And when something's going down that's really causing a problem in your business, you need to orchestrate work across the right people that can make a difference in that moment. Autonomy and flexibility, frankly, is what people expect from work. And they also expect to engage with apps and platforms that are easy to use, that are intuitive, that deliver really fast time to value. And that has long been at the core of PagerDuty's offering and value proposition. And none of these autonomous or automation investments replace human expertise. They allow our platform to channel that expertise and the expertise of your users to give them context and visibility to make the best possible decisions in the moment that matters. And I think that is so empowering as we think about this flexible new hybrid way of working. And then lastly- >> And I love the points. >> Oh yeah, go ahead. >> Yeah, I love the points that you make about resilience and autonomy. I'd love it if you could just drive a little further how we can build more connection now that we're going into the office and also integrating this kind of hybrid system. >> Well, I think it's really interesting because in some ways I feel super connected to my employees 'cause I'm engaging with them one-to-one, my box and their box. I have had the opportunity to stay connected to customers and executives across the industry over course of the pandemic. And yet, I'm an extrovert, I miss the in-person opportunity that kinetic energy that comes with being together in a room. And I'm looking forward to being back in studio, doing interviews with you, Natalie. But at the same time, I appreciate the convenience that I've gained. Like, I'm not looking forward to commuting again. I mean, I plan to only get on the road during off hours in the future. And I realize that I don't have to travel six hours for a two-hour meeting on the other side of the U.S., or 15 hours to have a meeting in Europe, I can get a lot of business done online. Having said that, that connection is so important. The social contract that you create with your customers and your businesses is so important. And making sure that we can connect the complex technology that runs the world today is also really important. And that's where PagerDuty plays a role. PagerDuty really helps you know who you need, what you can leverage them for, and gets them in touch when you need them, like I said, on the work that is somewhat unpredictable but can be very high priority, the highest priority in the case of a security breach or a major customer-impacting incident. And so, using AI apps, or sorry, using AI and automation to make sure that we can intelligently route work to the right people is a big part of how our platform has come together and really become the central nervous system of the digital economy. >> Yeah, I mean, these are really great points and it's a bit of a silver lining actually with the pandemic, learning that we can really stay connected despite not being in the office and now have more hybrid systems of work. But let's switch now gears to talk about leadership in our communities and how we can truly activate change and a far more just and equitable world. >> Well, I am a huge believer in social responsibility and social impact, and I really appreciate how all of our employees have come together to leverage PagerDuty's platform for good. When we went public, we launched pagerduty.org which was led by Olivia Khalili. And I know you'll hear from her and some of our impact customers this week at Summit, but I think what's really important is how engaging it is for our employee base. Last year, 93% of PagerDuty employees have volunteered their time for social causes and philanthropy. And that's in a time when we were all enduring a hardship of our own, we were all facing an unprecedented pandemic. We've donated over a million dollars in financial grants to over 400 organizations through strategic giving and employee-match programs. And we've opened civic engagement. We've opened source civic engagement with our Day for Change for our employees and our toolkits which we've shared broadly throughout the industry. We signed on to the Board Challenge which I was thrilled to do because I'm a big believer that more diversity in the boardroom is going to lead more equity in corporate America. And thrilled to add Bonita Stewart and Dr. Alec Gallimore to our board last year. And I think representation is so important at the board level, not just because it's the right thing to do, not just because it's the right thing for business, but it's the right thing for career growth for your employees, showing them the path to what's possible for them with your company. And finally, we published PagerDuty's first ever "Inclusion Diversity and Equity Report", which is part of our effort to provide transparency around not just what we're doing, but how we're measuring it, how we're progressing, so that we can get better every year. And we've highlighted our work to support time-critical health, our work to support equity in the response to COVID including vaccine distribution. And I really enjoy some of the impact stories that we hear from our non-for-profit partners that are working with us at pagerduty.org. So, leadership is what you make of it and you can lead from every chair in an organization. And I'm so proud of the leadership, our employees, and many of our customers have demonstrated in this time of particular challenge around the globe. And we're not through it entirely yet, and so, I'm just really hopeful that we can all come out of this better together. >> Right, and speaking about leadership, why do you think that diversity is so critical for effective leadership? >> Well, first of all, I think it's our responsibility to reflect the communities that we serve. My users do not all look the same, they don't come from the same background, they're from over 150 countries around the world. They're solving a diverse set of problems. And in fact, the problems they're solving with our platform is growing every day as they imagine how to apply our technology, our digital operations platform, to different types of real-time work around their companies. But diversity is also important in problem solving, in looking at challenges through different lenses, in thinking about the different stakeholders that you serve in that process, and in creating an equitable community around you, creating opportunity for people around you. I mean, one of the things that we did that was a business decision a couple of years ago was to open an office in Atlanta. And part of that was to create a path, create opportunities for Georgians and people in the Metro Atlanta area to participate in the tech industry. This was before everybody was working from home, before those geographical barriers were broken down. And I'm thrilled to say, we have a thriving community now in Atlanta that's growing and we're hiring. But that's just one example. That was the smart thing to do for our business, but it was also a great thing to do, I think, for the community. And we've brought new minds and all kinds of new people into our business. And this month we're celebrating Pride Month at PagerDuty, which I'm thrilled to do. We have very active LGBTQ community who contribute hugely to our efforts and to our customers' success. And we think that everybody deserves an equal shot at opportunity at the lifestyle they want and the opportunity to build their own bright future. >> Great, and just lastly, what's the main focus for PagerDuty in the next year? >> The main focus for PagerDuty next year is really executing on our strategy to become the defacto platform for real-time work, ensuring that we can leverage the largest domain-agnostic ecosystem of connected apps and services, that we can leverage the largest dataset based on responder data, workflows, events and incidents to help our customers deliver the resiliency, the autonomy, and the connectedness that they're looking for to serve their customers and accelerate their digital prospects and frankly, to prosper in the future. So, it really is about becoming that de facto platform for action for all your real-time, unstructured and important work. >> Well, Jennifer Tejada, the CEO and Chairperson of PagerDuty, loved having you on this program. Really appreciate your insights on diversity and leadership, and, of course, the next phase for PagerDuty itself. I'm your host for "theCUBE" now covering the PagerDuty Summit. Thanks for watching. (bright music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomenon that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

>> Narrator: From around the globe, it's theCUBE with digital coverage of IBM Think 2021 brought to you by IBM. >> Hello everybody, welcome back to IBM Think 2021, the virtual edition. My name is Dave Vellante and I'm pleased to welcome back a long time Cube alum, Jim Whitehurst, who's the president of IBM. And I'll call him chief cultural evangelist, welcome Jim. Great to see you again. >> Great to see you, Dave. Thanks so much for having me. >> Yeah, it's really our pleasure. And I want to start off, it's just over a year as president of IBM. And I wonder, you know, when you're a little kid or, you know, early in your career, computer science class, did you ever think you'd be president of a company that was founded in 1911? I mean, amazing. I wonder if you could share what's the most important thing you've learned in your first year? >> Well, look, I mean, as you said, I would've never thought it. Yeah, I was the first kid to have an IBM PC on the block and was always into technology but never saw myself as like, you know, running a big tech company. So it is humbling. I would say that there are tons of lessons in the first year. I guess the two that strike me most is one is just related to strategy and that's, you know, Red Hat and most technology companies, we're very customer focused. But it's around whatever technology we're bringing to market where IBM has fundamentally transitioned. And kind of transformed itself over time to make sure it can meet customer needs. So it's sold off businesses, it's bought other businesses, it's created new businesses. So it really shows the kind of the focus and value on serving our customers and doing whatever it takes to do it. And that's been a fundamental kind of different strategy than most companies have had. I think one of the reasons that we've been around for over a 100 years. The second is I'm deeply into culture and I've talked a lot about the difference of running Red Hat, it's all about innovation versus Delta Airlines where I was before, which is driving efficiency. IBM is both and so really trying to think through how you run an organization that needs to run the financial systems of the world, that extraordinary reliability and drive roadmaps on things like quantum computing. At the same time be able to innovate iteratively with our customers and in open source communities. And kind of getting that balance right as a leader. It's, you're kind of doing what we did at Red Hat and what we did at Delta but kind of doing it together. And I think that stretched me as a leader and kind of taught me a lot about how we're thinking about continuing to evolve the culture at IBM. >> Now, of course, you do this leadership series, you put out things out on LinkedIn and words matter. And that's what I take away from a lot of the little short hits that you do, which I really appreciate. My stuff that I put Jim on LinkedIn, it's just, you got to invest like 15, 20 minutes. So I really appreciate the short hits. But you do that regular series and I'm curious do you do that to reach more IBM people? Are you an open source culture? You're trying to help others. And I'm curious as to sort of why that platform as opposed to sending around an internal thing an IBM. And I'm wondering if your principles and how they've evolved kind of post pandemic. >> Well, so first off, maybe that comes from Red Hat but I think IBM shares that it's if you have something really, really valuable, you want to share it. And look, when I am out talking to our customers, CEOs and some of the biggest companies in the world, honestly we rarely talk about technology 'cause other people are more detailed or deep in that. We primarily do talk about culture. And how you think about again, how do you take an organization that's been built to drive efficiency and scale on a global basis and make it able to be more nimble and more innovative? And so, and obviously, hopefully that's all with IBM and Red Hat technologies. But ultimately most of my conversations at a senior leadership level are about culture and leadership style to drive that. And so if that's valuable for CEOs of some of the world's largest companies, it's valuable to leaders kind of across all spectrums, all sizes. And so I think LinkedIn is a good way to kind of take some of those messages and make sure we were able to share those much more broadly. So certainly I spend more time talking about it inside of IBM and I spend a lot of time with our clients talking about it. But I think many of the lessons are applicable more broadly. And so why not share them? And LinkedIn's a great platform to be able to do that. >> How about you, how have your principles, how have your principles sort of changed and how have they evolved post pandemic? >> Well, I think a couple things, so one is the pandemic kind of forces you to get more precise about it. And what I mean by that is so much of leadership is about building credibility and trust and influence. And when you're seeing someone in 3D live, visual cues can kind of mean a lot in the water cooler conversations. Or who you run into in the hall can all help kind of create that level of trust. But you can't do that in 2D. As great as Zoom and other platforms are, you just can't quite do it. And so you have to be much more thoughtful in how you're creating opportunities to kind of create trust. So I'd say I've gotten more surgical in thinking about kind of what those elements of leadership are that do that. I think the second thing I've really learned at IBM again is back to this. We have to be able to do both, drive a future state in a known world as well as, I call it seek a future state in an unknown world. So driving a roadmap for quantum computing takes a number of different technologies coming together in one year, in two years, in five years. And that really does have to be pre-planned, which is very very different, that I'll call the iterative innovation approach that we use at Red Hat and open source communities and working with our clients. And we have to do both. And so as a leader you really have to understand the problem you're trying to solve and apply slightly different kind of leadership tactics against that. So when you're executing a known versus you are trying to create something in an unknown, does require different approaches and we have to do both in IBM. And I think that's the struggle a lot of companies have, every company needs to do that. If you're Delta Airlines, you don't want anybody innovating on the safety procedures before your flight. Yet you want a lot of innovation happening on your website and your mobile app. So how do you bring those together? And as a leader you can have a common set of values, but recognize you have to bring different tools to the table, depending on the context in which you're leading. And so I learned a lot more and gotten a lot crisper with that since being at IBM. >> Interesting, I mean, the pandemic, we all know it's been terrible but one of the upshots has been we had a glimpse of the future sort of shoved into a forced march of digital in 2020. And so obviously the next 10 years ain't going to be like the last 10 years. And one of the things we've been talking about is ecosystems and partnerships and the power and leverage that you can get from those. And Arvin has said, laid it out, we are returning to growth company. And so I wonder if you could talk to how partnerships and ecosystems play into that return to growth for IBM. >> Well, first off a key part of our strategy we talk about hybrid cloud and AI. It's not just about, hey, a platform that runs across all the different deployment models is convenient. It's also because innovation is coming from so many sources today. It's coming from a by-product from the web 2.0 companies, it's coming from open source. It's coming from an explosion of startups because of the amount of capital in venture capital. It's coming from traditional software companies. It's coming from our clients who are participating in open source. And so you have so many sources of innovation. Much of what we're doing is landing a platform that allows you to consume innovation safely and reliably from wherever it's coming from. So a core part of a platform by definition is the ecosystem around it. Having a platform that runs everywhere is great but if you don't have any applications that run on it who cares. And so ecosystem and partners have always been important to IBM, but for this strategy of this horizontal platform oriented strategy, it is critical to our success because much of the platform is the ecosystem. And so we've already talked about investing a billion dollars in that ecosystem to get ISVs and other partners on our platform, again, to ultimately kind of create that kind of horizontal layer where I can run anything that I want to on it and I can run that anywhere I want to. And so the two sides of that so all the innovation happening on top and making sure it runs everywhere is what really unlocks the freedom of choice. That reduces friction to innovation, which allows everybody in the ecosystem from our clients to ISVs to hardware partners to innovate more quickly. And that's what we really see as the benefit of our platform. It's not a horizontal stove pipe, come innovate in this one place. It's recognizing innovation's happening in so many places. And the only way we're going to be able to allow people to ingest that is to have a horizontal platform that everyone's participating in. Which is why partners and ecosystem are so important, not only to the success of our platform, but to the, I'd say, as a success of this next generation of computing. These horizontal fabrics that require an ecosystem kind of built around them. >> I think that's an important nuance that maybe people don't understand that yes, you have a platform. Obviously, OpenShift is a linchpin but it's an enabler for people to build other platforms. It's not the be all, end all platform that's sort of ultimately becomes another Island. And so that is a key part of the growth strategy and presumably expand your total available market. >> Oh, absolutely and so this is the key is we can talk about great IBM technologies. We're doing amazing things in security and AI and natural language processing and all these other areas. But the platform is a recognition that we're not going to do everything for everybody anymore. There's just the democratization of technology means that there is so many sources of innovation. And so first and foremost, we have to land a platform so you can consume anything from anywhere. And then of course, we'll drive our own pace of innovation both in hardware and software around that platform. But we are just a player on that platform, which we're really instantiating for really anybody to be able to reach customers or customers to reach sources of innovation. >> I know sustainability is a passion of yours, that it's obviously a hot topic right now. Oftentimes I joke tongue in cheek, Milton Friedman's rolling over in his grave with all this ESG talk. And I know you just posted recently on LinkedIn. And of course I went right down to Kavanaugh because my premise is not only is sustainability the right thing to do, it's also good business. But I wonder if you could give us your perspectives on this. >> Yeah, well, so first off, I mean, as a large global citizen as IDM I think this is an important role that we play and look, this isn't new to IBM. We came out with our first statements around environment in 1970. We put out our first report that's become our environmental impact report in 1990. We've been talking about climate since the early two thousands. So we've been involved in this for a long, long time because I do think it's important broadly. But there's also a specific role I think IBM can play beyond just our own individual actions to reduce our own footprint. Because of some of the extraordinary technologies that IBM has worked on in the years especially around semiconductors, we have just an amazing amount of technology, expertise, intellectual property around material science. And so just a couple of examples of those that relate to the environment. We in doing some other work realized that we had a way to be able to recycle PET plastic, which is a real problem because so many clothes and other things are now made out of PET. And it's really hard to recycle but a by-product of other work we're doing realized we could do that. And so we've formed a JV and we're funding that to not profit from it but to make sure that much more of the world's PET is recycled. Or the work that we're doing on batteries, where using ocean water instead of rare earth minerals to make batteries that not only are cleaner but last longer. Those are kind of byproducts of our kind of core business. The areas that we can see the benefits of innovation and material science being able to impact the world. I am hopeful that we'll be able to play a role with all of that in clear air carbon capture. I mean, that's still far further away but I do think IBM has a unique role that we can play because of our deep expertise in, again, material science, quantum computing, and modeling that put us in a unique position to have a major impact on the world. >> I wonder if we could talk a little bit about sort of IBM and its technology bets. And I've made the point a number of times in my writing that IBM's R and D spend has been about pretty constant, about $6 billion a year. But as IBM is jettison certain businesses got out of the x86 server business and it got out of the Foundry business with micro electronics. Now it's spinning out NewCo. What happens, the effect is that R and D as a percent of revenue goes way, way up. And my premise has always been that allows IBM to be more focused. So whether it's hybrid cloud, AI, quantum, Edge where are you placing your technology bets and maybe give us a sense of how you ranked them, some of your favorites. >> Yeah, so, look, that's exactly right. I mean, we are one of the few places that still invest a massive amount in R and D, especially in fundamental research. And so I'll kind of break down kind of the core areas. So first off, what I'd say is part of the hybrid cloud platform is recognizing we don't need to do everything for everyone. There is great open source technology. There are great other vendors that are doing things that we can enable our customers to access via the platform. So we're not trying to do everything for everybody in the way maybe 40 years ago we did. Because we understand there's so much great other technology out there that we're going to make sure that we expose. So we're investing in areas where we think we can uniquely add value that need to happen that others aren't doing. So AI, let me take that as an example. There's tremendous work happening in machine learning that we see every day because of Facebook and people trying to identify cats. And so I don't mean to trivialize it, there's a phenomenal work happening there. There's a lot less work being done on in AI on things where you have a lot less data. Or areas where you need explainable unbiased AI and the problem with machine learning engines is they're not auditable by definition. That's kind of a black box. And so we do a lot of work in areas like that. We do a lot of work in natural language processing. So we've had more of a as a kind of publicity kind of push the technology something called Project Debater. Where Watson can debate kind of champion debaters. That was mainly to make sure we can understand language in context, which allows for being able to better handle call centers in areas like that. Allows us to understand source code, which also is thinking about how you migrate applications from on-premise to the cloud. So we have a bunch of AI things that we are doing and is a core focus of what we're doing. But specifically we're investing in areas like anti-biased auditability, natural language processing, areas where others aren't. Which is unique and we can bring those capabilities together with what others are doing. Security, obviously, a huge, huge area where we've invested in quantum safe encryption. We've invested in confidential computing. In other words, even in compute mode your data is encrypted. So you can keep your own keys, so not even we on our cloud can see your data. So a lot of investments happening around security and that's going to continue to be an area as we know that's going to get more and more and more scrutiny. So heavy, heavy focus there. Heavily focused on technologies that help you kind of modernize your infrastructure. So automation tools, integration tools and areas around that. So on the software side, those are kind of the main areas. When you look on the hardware side, obviously quantum is a significant area where we have a leadership position we continue to drive. But even semiconductor research in kind of process technology. So we announced something with Intel to work with them to bring some of our process technologies. As we kind of go from 7 nanometers to 5 to 2 to ultimately 1. That set of technologies is an area where we have a real leadership position and we'll continue to work with now Intel. We continue to work with others to drive that forward. So whole bunch of areas both on the hardware and the software side that we continue to make progress on. >> Yeah, the Silicon piece is interesting. And when we saw that Arvin as part of the Intel announcements that we thought originally, oh, maybe it's just about quantum but it's really much more than that. You mentioned the process. We dug into it and we realized, wow, we said Power10 actually has the highest performance. And because of the way in which you are not to geek out but you're you dis-aggregate memory. And Pat Gelsinger talked about system on a package. It turns out folks that IBM is actually the leader in that type of capability. And also the way that systems on chips use memory is very inefficient but IBM has actually invented some techniques to make that much more efficient. That's sort of the future of semiconductors. And the reason why we spend so much time thinking about it is because it's of national interest. There's a huge chip shortage, which doesn't look like it's going away anytime soon. So that's a critical part of national competitiveness and technology competitiveness going forward. >> Well, and the other interesting part about that, and you talked about Power10, going back to the hybrid cloud platform that we talked about. It's not just about running applications across wherever you want to run them. It also abstracts the chip architecture. So all of a sudden whether it's on the mainframe, it's on power, it's on ARM, it's on x86 and a whole bunch of other technologies that might get developed. We're making it much easier to kind of consume that specialization or variety at the hardware level. Recognize as Moore's law runs its course there's no longer this inevitability of everything's just going to go to x86. I think we are going to see more variety because we're going to have needs in the factory floor or in the automobile or with massive container as applications. Where you're going to need, whether it's kind of shared memory or different architectures all the way out to kind of low battery consumption. And that whole kind of breadth and our hybrid cloud platform enables that variability. And then IBM obviously has great technology to enable kind of building unique capability in hardware. So we kind of play on both sides of it, both kind of developing great technologies but then making it really easy for developers to consume and use those specialized features. >> I'm glad you brought that up, Jim. We mentioned Moore's law because we're all talking about how Moore's law is waning and it's quote, unquote dead. But the reality is, is the outcome of Moore's law which is the doubling of performance every two years is actually accelerating because of the common actuarial factors of CPU's and GPU's and NPUs and accelerators and DSPs. If you add all those up and actually, we're actually quadrupling every two years. So we have more processing power at much lower costs because of the volumes that you're seeing on things like ARM. So it's actually a very exciting time. We're entering an era that really, it's hard to get your mind around sometimes. So my question is how should we think about the future state of IBM? What does that look like? >> Well, so first off, the thing that I've found extraordinary about IBM kind of having been there now just a little over a year as an employee, a couple of years, I guess, when Red Hat was acquired. Is it is unique in fundamentally changing, again, who we are to kind of meet the needs going forward. And if you think about the needs in technology, recognize it was only like 20 years ago that Nicholas Carr wrote his famous article, IT Doesn't Matter, it's about back office. And in that world, IBM was really, really effective at building and running IT systems for our clients. We would come in, we would just kind of do everything for them. Today, technology is the forefront of developing or building competitive advantage for almost any business. And so nobody wants to kind of hand the keys, so we no longer are necessarily doing things for our clients. We're doing things with our clients. So there's a whole set of work, and we talked about how we engage with our clients, how we're much more collaborative and co-creative and our whole garage model to help build the capability to innovate with our clients is a key part of what we're doing. We'll continue to drive core technologies forward like quantum in key areas that require billions of dollars of research that frankly no one else is willing to do. And then we bring it all together with this hybrid cloud platform where we recognize it's no longer about us doing it all for you anymore. We're going to do the things where we can uniquely add value but then provide it all on a platform which allows you to consume from wherever, however you want to in a safe, secure, reliable way. So as we watch this next generation of computing unfold, cloud shouldn't end up being a bunch of vertical stove pipes. It truly needs to be kind of a horizontal platform that allows you to run any application anywhere in a safe, secure, reliable way and our architecture helps do that. So it's no longer able to do everything for you. It's we can do things uniquely on a platform and work with you to be able to help you kind of create your own pace of innovation, your own sources of advantage. And so that's the broad kind of direction that we're going, again, as enterprises move from consuming technology to be more efficient, to driving advantage with it. They need partners who understand that focused on their success and can innovate with them. And that's really where we're going with our technology, with our services capability and kind of our approach to how we work with our clients. >> Yeah, Jim, you just laid out the Holy grail of computing in the coming decade and with IBM's acquisition of Red Hat. And it really enables that vision and clearly the company is one of the top few that are in a position to do that. Jim Whitehurst, thanks so much for coming back on theCUBE. Really appreciate your time. >> Thanks for having me, it's great to chat. >> All right and thank you for watching. Keep it right there for more content of theCUBE's coverage of IBM Think 2021, the virtual edition, be right back. (gentle music)

(upbeat music) >> Welcome to this CUBE conversation. I am Lisa Martin, excited to welcome back one of our distinguished alumni, Derek Manky joins me next. Chief security Insights and Global Threat Alliances at Fortinet's FortiGuard Labs. Derek, welcome back to the program. >> Yes, it's great to be here and great to see you again, Lisa. Thanks for having me. >> Likewise, yeah, so a lot has happened. I know we've seen you during this virtual world, but so much has happened with ransomware in the last year. It's unbelievable, we had this dramatic shift to a distributed workforce, you had personal devices on in network perimeters and non-trusted devices or trusted devices on home networks and lots of change there. Talk to me about some of the things that you and FortiGuard Labs have seen with respect to the evolution of ransomware. >> Yeah, sure, so it's becoming worse, no doubt. We highlighted this in our Threat Landscape Report. If we just take a step back looking at ransomware itself, it actually started in the late 1980s. And it didn't, that was very, they relied on snail mail. It was obviously there was no market for it at the time. It was just a proof of concept, a failed experiment if you will. But it really started getting hot a decade ago, 10 years ago but the technology back then wasn't the cryptography they're using, the technique wasn't as strong as easily reversed. And so they didn't really get to a lot of revenue or business from the cyber criminal perspective. That is absolutely not the case today. Now they have very smart cryptography they're experts when say they, the cyber criminals at their game. They know there's a lot of the attack surfaces growing. There's a lot of vulnerable people out there. There's a lot of vulnerable devices. And this is what we saw in our threat landscape group. What we saw at seven times increase in ransomware activity in the second half of 2020. And that momentum is continuing in 2021. It's being fueled by what you just talked about. By the work from anywhere, work from home environment a lot of vulnerable devices unpatched. And these are the vehicles that the ransomware is the payload of course, that's the way that they're monetizing this. But the reality is that the attack surface has expanded, there's more vulnerable people and cyber criminals are absolutely capitalizing on that. >> Right, we've even seen cyber criminals capitalizing on the pandemic fears with things that were around the World Health Organization or COVID-19 or going after healthcare. Did you see an uptick in healthcare threats and activities as well in the last year? >> Yeah, definitely, so I would start to say that first of all, the... Nobody is immune when it comes to ransomware. This is such again, a hot target or a technique that the cybercriminals are using. So when we look at the verticals, absolutely healthcare is in the top five that we've seen, but the key difference is there's two houses here, right? You have what we call the broad blanketed ransomware attacks. So these aren't going after any particular vertical. They're really just trying to spray as much as they can through phishing campaigns, not through... there's a lot of web traffic out there. We see a lot of things that are used to open playing on that COVID-19 theme we got, right? Emails from HR or taxes and scams. It's all related to ransomware because these are how they're trying to get the masses to open that up, pay some data sorry, pay some cryptocurrency to get access to their data back. Oftentimes they're being held for extortions. They may have photos or video or audio captures. So it's a lot of fear they're trying to steal these people but probably the more concern is just what you talked about, healthcare, operational technology. These are large business revenue streams. These are take cases of targeted ransoms which is much different because instead of a big volumetric attack, these are premeditated. They're going after with specific targets in mind specific social engineering rules. And they know that they're hitting the corporate assets or in the case of healthcare critical systems where it hurts they know that there's high stakes and so they're demanding high returns in terms of ransoms as well. >> With respect to the broad ransomware attacks versus targeted a couple of questions to kind of dissect that. Are the targeted attacks, are they in like behind the network firewall longer and faster, longer and getting more information? Are they demanding higher ransom versus the broader attacks? What's what are some of the distinctions there besides what you mentioned? >> Yeah, absolutely so the targeted texts are more about execution, right? So if we look at the attack chain and they're doing more in terms of reconnaissance, they're spending more cycles and investment really on their end in terms of weaponization, how they can actually get into the system, how they can remain undetected, collecting and gathering information. What we're seeing with groups like Ragnar Locker as an example, they're going in and they're collecting in some cases, terabytes of information, a lot, they're going after definitely intellectual property, things like source code, also PII for customers as an example, and they're holding them. They have a whole business strategy and plan in mind on their place, right? They hold them for ransom. They're often, it's essentially a denial of service in some cases of taking a revenue stream or applications offline so a business can't function. And then what they're doing is that they're actually setting up crime services on their end. They, a lot of the the newest ransom notes that we're seeing in these targeted attacks are setting up channels to what they call a live chat support channel that the victim would log into and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. And they're trying to have in their point of view they're trying frame this as a good thing and say, we're going to show you that our technology works. We can decrypt some of the files on your system as an example just to prove that we are who we say we are but then they go on to say, instead of $10 million, we can negotiate down to 6 million, this is a good deal, you're getting 30% off or whatever it is but the fact is that they know by the time they've gotten to this they've done all their homework before that, right? They've done the targets, they've done all the things that they can to know that they have the organization in their grasp, right? >> One of the things that you mentioned just something I never thought about as ransomware as a business, the sophistication level is just growing and growing and growing and growing. And of course, even other bad actors, they have access to all the emerging technologies that the good guys do. But talk to me about this business of ransomware because that's what it seems like it really has become. >> Absolutely, it is massively sad. If you look at the cybercrime ecosystem like the way that they're actually pulling this off it's not just one individual or one cyber crime ring that, let's say five to 10 people that are trying to orchestrate this. These are big rings, we actually work closely as an example to, we're doing everything from the FortiGuard Labs with following the latest ransomware trends doing the protection and mitigation but also working to find out who these people are, what are their tactics and really attribute it and paint a picture of these organizations. And they're big, we worked on some cases where there's over 50 people just in one ransomware gang. One of the cases we worked on, they were making over $60 million US in three months, as an example. And in some cases, keep in mind one of these targeted attacks like in terms of ransom demands and the targeted cases they can be an excess of $10 million just for one ransom attack. And like I said, we're seeing a seven times increase in the amount of attack activity. And what they're doing in terms of the business is they've set up affiliate marketing. Essentially, they have affiliates in the middle that will actually distribute the ransomware. So they're basically outsourcing this to other individuals. If they hit people with their ransomware and the people pay then the affiliate in the middle will actually get a commission cut of that, very high, typically 40 to 50%. And that's really what's making this lucrative business model too. >> Wow, My jaw is dropping just the sophistication but also the different levels to which they've put a business together. And unfortunately, for every industry it sounds very lucrative, so how then Derek do organizations protect themselves against this, especially knowing that a lot of this work from home stuff is going to persist. Some people want to stay home, what not. The proliferation of devices is only going to continue. So what are organizations start and how can you guys help? >> Start with the people, so we'll talk about three things, people, technology and processes. The people, unfortunately, this is not just about ransomware but definitely applies to ransomware but any attack, humans are still often the weakest link in terms of education, right? A lot of these ransomware campaigns will be going after people using nowadays seems like tax themes purporting to be from the IRS as an example or human resources departments or governments and health authorities, vaccination scams all these things, right? But what they're trying to do is to get people to click on that link, still to open up a malicious attachment that will then infect them with the ransomware. This of course, if an employee is up to date and hones their skills so that they know basically a zero trust mentality is what I like to talk about. You wouldn't just invite a stranger into your house to open a package that you didn't order but people are doing this a lot of the times with email. So really starting with the people first is important. There's a lot of free training information and security. There is awareness training, we offer that at Fortinet. There's even advanced training we do through our NSC program as an example. But then on top of that there's things like phishing tests that you can do regularly, penetration testing as well, exercises like that are very important because that is really the first line of defense. Moving past that you want to get into the technology piece. And of course, there's a whole, this is a security fabric. There's a whole array of solutions. Like I said, everything needs to be integrated. So we have an EDR and XDR as an example sitting on the end point, cause oftentimes they still need to get that ransomware payload to run on the end point. So having a technology like EDR goes a long way to be able to detect the threat, quarantine and block it. There's also of course a multi-factor authentication when it comes to identifying who's connecting to these environments. Patch management, we talk about all the time. That's part of the technology piece. The reality is that we highlight in the threat landscape report the software vulnerabilities that these rats more gangs are going after are two to three years old. They're not breaking within the last month they're two to three years old. So it's still about the patch management cycle, having that holistic integrated security architecture and the fabric is really important. NAC network access control is zero trust, network access is really important as well. One of the biggest culprits we're seeing with these ransom attacks is using IOT devices as launchpads as an example into networks 'cause they're in these work from home environments and there's a lot of unsecured or uninspected devices sitting on those networks. Finally process, right? So it's always good to have it all in your defense plan training and education, technology for mitigation but then also thinking about the what if scenario, right? So incident response planning, what do we do if we get hit? Of course we never recommend to pay the ransom. So it's good to have a plan in place. It's good to identify what your corporate assets are and the likely targets that cyber-criminals are going to go after and make sure that you have rigid security controls and threat intelligence like FortiGuard Labs applied to that. >> Yeah, you talk about the weakest link they are people I know you and I talked about that on numerous segments. It's one of the biggest challenges but I've seen some people that are really experts in security read a phishing email and almost fall for it. Like it looked so legitimately from like their bank for example. So in that case, what are some of the things that businesses can do when it looks so legitimate that it probably is going to have a unfortunately a good conversion rate? >> Yeah, so this is what I was talking about earlier that these targeted attacks especially when it comes to spear, when it comes to the reconnaissance they got so clever, it can be can so realistic. That's the, it becomes a very effective weapon. That's why the sophistication and the risk is rising like I said but that's why you want to have this multilayered approach, right? So if that first line of defense does yield, if they do click on the link, if they do try to open the malicious attachment, first of all again through the next generation firewall Sandboxing solutions like that, this technology is capable of inspecting that, acting like is this, we even have a FortiAI as an example, artificial intelligence, machine learning that can actually scan this events and know is this actually an attack? So that element goes a long way to actually scrub it like content CDR as well, content disarm as an example this is a way to actually scrub that content. So it doesn't actually run it in the first place but if it does run again, this is where EDR comes in like I said, at the end of the day they're also trying to get information out of the network. So having things like a Platinum Protection through the next generation firewall like with FortiGuard security subscription services is really important too. So it's all about that layered approach. You don't want just one single point of failure. You really want it, this is what we call the attack chain and the kill chain. There's no magic bullet when it comes to attackers moving, they have to go through a lot of phases to reach their end game. So having that layer of defense approach and blocking it at any one of those phases. So even if that human does click on it you're still mitigating the attack and protecting the damage. Keep in mind a lot of damages in some cases kind of a million dollars plus. >> Right, is that the average ransom, 10 million US dollars. >> So the average cost of data breaches that we're seeing which are often related to ransom attacks is close to that in the US, I believe it's around just under $9 million about 8.7 million, just for one data breach. And often those data breaches now, again what's happening is that the data it's not just about encrypting the data, getting access because a lot of organizations part of the technology piece and the process that we recommend is backups as well of data. I would say, organizations are getting better at that now but it's one thing to back up your data. But if that data is breached again, cybercriminals are now moving to this model of extorting that saying, unless you pay us this money we're going to go out and make this public. We're going to put it on paste and we're going to sell it to nefarious people on the dark web as well. >> One more thing I want to ask you in terms of proliferation we talked about the distributed workforce but one of the things, and here we are using Zoom to talk to each other, instead of getting to sit together in person we saw this massive proliferation in collaboration tools to keep people connected, families businesses. I talked a bit a lot of businesses who initially will say, oh we're using Microsoft 365 and they're protecting the data while they're not or Salesforce or Slack. And that shared responsibility model is something that I've been hearing a lot more about lately that businesses needing to recognize for those cloud applications that we're using and in which there's a lot of data traversing it could include PII or IP. We're responsible for that as the customer to protect our data, the vendor's responsible for protecting the integrity of the infrastructure. Share it with us a little bit about that in terms of your thoughts on like data protection and backup for those SaaS applications. >> Yeah, great question, great question tough one. It is so, I mean ultimately everybody has to have, I believe it has to have their position in this. It's not, it is a collaborative environment. Everyone has to be a stakeholder in this even down to the end users, the employees being educated and up-to-date as an example, the IT departments and security operation centers of vendors being able to do all the threat intelligence and scrubbing. But then when you extend that to the public cloud what is the cloud security stack look at, right? How integrated is that? Are there scrubbing and protection controls sitting on the cloud environments? What data is being sent to that, should it be cited center as an example? what's the retention period? How long does the data live on there? It's the same thing as when you go out and you buy one of these IOT devices as an example from say, a big box store and you go and just plug it into your network. It's the same questions we should be asking, right? What's the security like on this device model? Who's making it, what data is it going to ask for me? The same thing when you're installing an application on your mobile phone, this is what I mean about that zero trust environment. It should be earned trust. So it's a big thing, right? To be able to ask those questions and then only do it on a sort of need to know and medium basis. The good news is that a lot of CloudStack now and environments are integrating security controls. We integrated quite well with Fortinet as an example but this is an issue of supply chain. It's really important to know what lives upstream and how they're handling the data and how they're protecting it absolutely. >> Such interesting information and it's a topic ransomware that we could continue talking about, Derek, thank you for joining me on the program today updating us on what's going on, how it's evolving and ultimately what organizations in any industry need to do with protecting people and technology and processes to really start reducing their risks. I thank you so much for joining me today. >> All right it's a pleasure, thank you. >> Likewise Derek Manky I'm Lisa Martin. You're watching this CUBE conversation. (upbeat music)

(upbeat music) >> Welcome to this CUBE conversation. I am Lisa Martin, excited to welcome back one of our distinguished alumni, Derek Manky joins me next. Chief security Insights and Global Threat Alliances at Fortinet's FortiGuard Labs. Derek, welcome back to the program. >> Yes, it's great to be here and great to see you again, Lisa. Thanks for having me. >> Likewise, yeah, so a lot has happened. I know we've seen you during this virtual world, but so much has happened with ransomware in the last year. It's unbelievable, we had about 14 months ago, this dramatic shift to a distributed workforce, you had personal devices on in network perimeters and non-trusted devices or trusted devices on home networks and lots of change there. Talk to me about some of the things that you and FortiGuard Labs have seen with respect to the evolution of ransomware. >> Yeah, sure, so it's becoming worse, no doubt. We highlighted this in our Threat Landscape Report. If we just take a step back looking at ransomware itself, it actually started in the late 1980s. And it didn't, that was very, they relied on snail mail. It was obviously there was no market for it at the time. It was just a proof of concept, a failed experiment if you will. But it really started getting hot a decade ago, 10 years ago but the technology back then wasn't the cryptography they're using, the technique wasn't as strong as easily reversed. And so they didn't really get to a lot of revenue or business from the cyber criminal perspective. That is absolutely not the case today. Now they have very smart cryptography they're experts when say they, the cyber criminals at their game. They know there's a lot of the attack surfaces growing. There's a lot of vulnerable people out there. There's a lot of vulnerable devices. And this is what we saw in our threat landscape group. What we saw at seven times increase in ransomware activity in the second half of 2020. And that momentum is continuing in 2021. It's being fueled by what you just talked about. By the work from anywhere, work from home environment a lot of vulnerable devices unpatched. And these are the vehicles that the ransomware is the payload of course, that's the way that they're monetizing this. But the reality is that the attack surface has expanded, there's more vulnerable people and cyber criminals are absolutely capitalizing on that. >> Right, we've even seen cyber criminals capitalizing on the pandemic fears with things that were around the World Health Organization or COVID-19 or going after healthcare. Did you see an uptick in healthcare threats and activities as well in the last year? >> Yeah, definitely, so I would start to say that first of all, the... Nobody is immune when it comes to ransomware. This is such again, a hot target or a technique that the cybercriminals are using. So when we look at the verticals, absolutely healthcare is in the top five that we've seen, but the key difference is there's two houses here, right? You have what we call the broad blanketed ransomware attacks. So these aren't going after any particular vertical. They're really just trying to spray as much as they can through phishing campaigns, not through... there's a lot of web traffic out there. We see a lot of things that are used to open playing on that COVID-19 theme we got, right? Emails from HR or taxes and scams. It's all related to ransomware because these are how they're trying to get the masses to open that up, pay some data sorry, pay some cryptocurrency to get access to their data back. Oftentimes they're being held for extortions. They may have photos or video or audio captures. So it's a lot of fear they're trying to steal these people but probably the more concern is just what you talked about, healthcare, operational technology. These are large business revenue streams. These are take cases of targeted ransoms which is much different because instead of a big volumetric attack, these are premeditated. They're going after with specific targets in mind specific social engineering rules. And they know that they're hitting the corporate assets or in the case of healthcare critical systems where it hurts they know that there's high stakes and so they're demanding high returns in terms of ransoms as well. >> With respect to the broad ransomware attacks versus targeted a couple of questions to kind of dissect that. Are the targeted attacks, are they in like behind the network firewall longer and faster, longer and getting more information? Are they demanding higher ransom versus the broader attacks? What's what are some of the distinctions there besides what you mentioned? >> Yeah, absolutely so the targeted texts are more about execution, right? So if we look at the attack chain and they're doing more in terms of reconnaissance, they're spending more cycles and investment really on their end in terms of weaponization, how they can actually get into the system, how they can remain undetected, collecting and gathering information. What we're seeing with groups like Ragnar Locker as an example, they're going in and they're collecting in some cases, terabytes of information, a lot, they're going after definitely intellectual property, things like source code, also PII for customers as an example, and they're holding them. They have a whole business strategy and plan in mind on their place, right? They hold them for ransom. They're often, it's essentially a denial of service in some cases of taking a revenue stream or applications offline so a business can't function. And then what they're doing is that they're actually setting up crime services on their end. They, a lot of the the newest ransom notes that we're seeing in these targeted attacks are setting up channels to what they call a live chat support channel that the victim would log into and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. And they're trying to have in their point of view they're trying frame this as a good thing and say, we're going to show you that our technology works. We can decrypt some of the files on your system as an example just to prove that we are who we say we are but then they go on to say, instead of $10 million, we can negotiate down to 6 million, this is a good deal, you're getting 30% off or whatever it is but the fact is that they know by the time they've gotten to this they've done all their homework before that, right? They've done the targets, they've done all the things that they can to know that they have the organization in their grasp, right? >> One of the things that you mentioned just something I never thought about as ransomware as a business, the sophistication level is just growing and growing and growing and growing. And of course, even other bad actors, they have access to all the emerging technologies that the good guys do. But talk to me about this business of ransomware because that's what it seems like it really has become. >> Absolutely, it is massively sad. If you look at the cybercrime ecosystem like the way that they're actually pulling this off it's not just one individual or one cyber crime ring that, let's say five to 10 people that are trying to orchestrate this. These are big rings, we actually work closely as an example to, we're doing everything from the FortiGuard Labs with following the latest around some of the trends doing the protection and mitigation but also working to find out who these people are, what are their tactics and really attribute it and paint a picture of these organizations. And they're big, we're working some cases where there's over 50 people just in one ransomware gang. One of the cases we worked on, they were making over $60 million US in three months, as an example. And in some cases, keep in mind one of these targeted attacks like in terms of ransom demands and the targeted cases they can be an excess of $10 million just for one ransom attack. And like I said, we're seeing a seven times increase in the amount of attack activity. And what they're doing in terms of the business is they've set up affiliate marketing. Essentially, they have affiliates in the middle that will actually distribute the ransomware. So they're basically outsourcing this to other individuals. If they hit people with their ransomware and the people pay then the affiliate in the middle will actually get a commission cut of that, very high, typically 40 to 50%. And that's really what's making this lucrative business model too. >> Wow, My jaw is dropping just the sophistication but also the different levels to which they've put a business together. And unfortunately, for every industry it sounds very lucrative, so how then Derek do organizations protect themselves against this, especially knowing that a lot of this work from home stuff is going to persist. Some people want to stay home, what not. The proliferation of devices is only going to continue. So what are organizations start and how can you guys help? >> Start with the people, so we'll talk about three things, people, technology and processes. The people, unfortunately, this is not just about ransomware but definitely applies to ransomware but any attack, humans are still often the weakest link in terms of education, right? A lot of these ransomware campaigns will be going after people using nowadays seems like tax themes purporting to be from the IRS as an example or human resources departments or governments and health authorities, vaccination scams all these things, right? But what they're trying to do is to get people to click on that link, still to open up a malicious attachment that will then infect them with the ransomware. This of course, if an employee is up to date and hones their skills so that they know basically a zero trust mentality is what I like to talk about. You wouldn't just invite a stranger into your house to open a package that you didn't order but people are doing this a lot of the times with email. So really starting with the people first is important. There's a lot of free training information and security. There is awareness training, we offer that at Fortinet. There's even advanced training we do through our NSC program as an example. But then on top of that there's things like phishing tests that you can do regularly, penetration testing as well, exercises like that are very important because that is really the first line of defense. Moving past that you want to get into the technology piece. And of course, there's a whole, this is a security fabric. There's a whole array of solutions. Like I said, everything needs to be integrated. So we have an EDR and XDR as an example sitting on the end point, cause oftentimes they still need to get that ransomware payload to run on the end point. So having a technology like EDR goes a long way to be able to detect the threat, quarantine and block it. There's also of course a multi-factor authentication when it comes to identifying who's connecting to these environments. Patch management, we talk about all the time. That's part of the technology piece. The reality is that we highlight in the threat landscape report the software vulnerabilities that these rats more gangs are going after are two to three years old. They're not breaking within the last month they're two to three years old. So it's still about the patch management cycle, having that holistic integrated security architecture and the fabric is really important. NAC network access control is zero trust, network access is really important as well. One of the biggest culprits we're seeing with these ransom attacks is using IOT devices as launchpads as an example into networks 'cause they're in these work from home environments and there's a lot of unsecured or uninspected devices sitting on those networks. Finally process, right? So it's always good to have it all in your defense plan training and education, technology for mitigation but then also thinking about the what if scenario, right? So incident response planning, what do we do if we get hit? Of course we never recommend to pay the ransom. So it's good to have a plan in place. It's good to identify what your corporate assets are and the likely targets that cyber-criminals are going to go after and make sure that you have rigid security controls and threat intelligence like FortiGuard Labs applied to that. >> Yeah, you talk about the weakest link they are people I know you and I talked about that on numerous segments. It's one of the biggest challenges but I've seen some people that are really experts in security read a phishing email and almost fall for it. Like it looked so legitimately from like their bank for example. So in that case, what are some of the things that businesses can do when it looks so legitimate that it probably is going to have a unfortunately a good conversion rate? >> Yeah, so this is what I was talking about earlier that these targeted attacks especially when it comes to spear, when it comes to the reconnaissance they got so clever, it can be can so realistic. That's the, it becomes a very effective weapon. That's why the sophistication and the risk is rising like I said but that's why you want to have this multilayered approach, right? So if that first line of defense does yield, if they do click on the link, if they do try to open the malicious attachment, first of all again through the next generation firewall Sandboxing solutions like that, this technology is capable of inspecting that, acting like is this, we even have a FortiAI as an example, artificial intelligence, machine learning that can actually scan this events and know is this actually an attack? So that element goes a long way to actually scrub it like content CDR as well, content disarm as an example this is a way to actually scrub that content. So it doesn't actually run it in the first place but if it does run again, this is where EDR comes in like I said, at the end of the day they're also trying to get information out of the network. So having things like a Platinum Protection through the next generation firewall like with FortiGuard security subscription services is really important too. So it's all about that layered approach. You don't want just one single point of failure. You really want it, this is what we call the attack chain and the kill chain. There's no magic bullet when it comes to attackers moving, they have to go through a lot of phases to reach their end game. So having that layer of defense approach and blocking it at any one of those phases. So even if that human does click on it you're still mitigating the attack and protecting the damage. Keep in mind a lot of damages in some cases kind of a million dollars plus. >> Right, is that the average ransom, 10 million US dollars. >> So the average cost of data breaches ever seen which are often related to ransom attacks is close to that in the US, I believe it's around just under $9 million about 8.7 million, just for one data breach. And often those data breaches now, again what's happening is that the data it's not just about encrypting the data, getting access because a lot of organizations part of the technology piece and the process that we recommend is backups as well of data. I would say, organizations are getting better at that now but it's one thing to back up your data. But if that data is breached again, cybercriminals are now moving to this model of extorting that saying, unless you pay us this money we're going to go out and make this public. We're going to put it on piece and we're going to sell it to nefarious people on the dark web as well. >> One more thing I want to ask you in terms of proliferation we talked about the distributed workforce but one of the things, and here we are using Zoom to talk to each other, instead of getting to sit together in person we saw this massive proliferation in collaboration tools to keep people connected, families businesses. I talked a bit a lot of businesses who initially will say, oh we're using Microsoft 365 and they're protecting the data while they're not or Salesforce or Slack. And that shared responsibility model is something that I've been hearing a lot more about lately that businesses needing to recognize for those cloud applications that we're using and in which there's a lot of data traversing it could include PII or IP. We're responsible for that as the customer to protect our data, the vendor's responsible for protecting the integrity of the infrastructure. Share it with us a little bit about that in terms of your thoughts on like data protection and backup for those SaaS applications. >> Yeah, great question, great question tough one. It is so, I mean ultimately everybody has to have, I believe it has to have their position in this. It's not, it is a collaborative environment. Everyone has to be a stakeholder in this even down to the end users, the employees being educated and up-to-date as an example, the IT departments and security operation centers of vendors being able to do all the threat intelligence and scrubbing. But then when you extend that to the public cloud what is the cloud security stack look at, right? How integrated is that? Are there scrubbing and protection controls sitting on the cloud environments? What data is being sent to that, should it be cited center as an example? what's the retention period? How long does the data live on there? It's the same thing as when you go out and you buy one of these IOT devices as an example from say, a big box store and you go and just plug it into your network. It's the same questions we should be asking, right? What's the security like on this device model? Who's making it, what data is it going to ask for me? The same thing when you're installing an application on your mobile phone, this is what I mean about that zero trust environment. It should be earned trust. So it's a big thing, right? To be able to ask those questions and then only do it on a sort of need to know and medium basis. The good news is that a lot of CloudStack now and environments are integrating security controls. We integrated quite well with Fortinet as an example but this is an issue of supply chain. It's really important to know what lives upstream and how they're handling the data and how they're protecting it absolutely. >> Such interesting information and it's a topic ransomware that we could continue talking about, Derek, thank you for joining me on the program today updating us on what's going on, how it's evolving and ultimately what organizations in any industry need to do with protecting people and technology and processes to really start reducing their risks. I thank you so much for joining me today. >> All right it's a pleasure, thank you. >> Likewise Derek Manky I'm Lisa Martin. You're watching this CUBE conversation. (upbeat music)

(bright music) >> From around the globe, it's theCUBE with digital coverage of IBM Think 2021 brought to you by IBM. >> Hello everybody, welcome back to IBM Think 2021, the virtual edition. My name is Dave Vellante and I'm pleased to welcome back a long time Cube alum, Jim Whitehurst, who's the president of IBM. And I'll call him chief cultural evangelist, welcome Jim. Great to see you again. >> Great to see you, Dave. Thanks so much for having me. >> Yeah, it's really our pleasure. And I want to start off, it's just over a year as president of IBM. And I wonder, you know, when you're a little kid or, you know, early in your career, computer science class, did you ever think you'd be president of a company that was founded in 1911? I mean, amazing. I wonder if you could share what's the most important thing you've learned in your first year? >> Well, look, I mean, as you said, I would've never thought it. Yeah, I was the first kid to have an IBM PC on the block and was always into technology but never saw myself as like, you know, running a big tech company. So it is humbling. I would say that there are tons of lessons in the first year. I guess the two that strike me most is one is just related to strategy and that's, you know, Red Hat and most technology companies, we're very customer focused. But it's around whatever technology we're bringing to market where IBM has fundamentally transitioned. And kind of transformed itself over time to make sure it can meet customer needs. So it's sold off businesses, it's bought other businesses, it's created new businesses. So it really shows the kind of the focus and value on serving our customers and doing whatever it takes to do it. And that's been a fundamental kind of different strategy than most companies have had. I think one of the reasons that we've been around for over a 100 years. The second is I'm deeply into culture and I've talked a lot about the difference of running Red Hat, it's all about innovation versus Delta Airlines where I was before, which is driving efficiency. IBM is both and so really trying to think through how you run an organization that needs to run the financial systems of the world, that extraordinary reliability and drive roadmaps on things like quantum computing. At the same time be able to innovate iteratively with our customers and in open source communities. And kind of getting that balance right as a leader. It's, you're kind of doing what we did at Red Hat and what we did at Delta but kind of doing it together. And I think that stretched me as a leader and kind of taught me a lot about how we're thinking about continuing to evolve the culture at IBM. >> Now, of course, you do this leadership series, you put out things out on LinkedIn and words matter. And that's what I take away from a lot of the little short hits that you do, which I really appreciate. My stuff that I put Jim on LinkedIn, it's just, you got to invest like 15, 20 minutes. So I really appreciate the short hits. But you do that regular series and I'm curious do you do that to reach more IBM people? Are you an open source culture? You're trying to help others. And I'm curious as to sort of why that platform as opposed to sending around an internal thing an IBM. And I'm wondering if your principles and how they've evolved kind of post pandemic. >> Well, so first off, maybe that comes from Red Hat but I think IBM shares that it's if you have something really, really valuable, you want to share it. And look, when I am out talking to our customers, CEOs and some of the biggest companies in the world, honestly we rarely talk about technology 'cause other people are more detailed or deep in that. We primarily do talk about culture. And how you think about again, how do you take an organization that's been built to drive efficiency and scale on a global basis and make it able to be more nimble and more innovative? And so, and obviously, hopefully that's all with IBM and Red Hat technologies. But ultimately most of my conversations at a senior leadership level are about culture and leadership style to drive that. And so if that's valuable for CEOs of some of the world's largest companies, it's valuable to leaders kind of across all spectrums, all sizes. And so I think LinkedIn is a good way to kind of take some of those messages and make sure we were able to share those much more broadly. So certainly I spend more time talking about it inside of IBM and I spend a lot of time with our clients talking about it. But I think many of the lessons are applicable more broadly. And so why not share them? And LinkedIn's a great platform to be able to do that. >> How about you, how have your principles, how have your principles sort of changed and how have they evolved post pandemic? >> Well, I think a couple things, so one is the pandemic kind of forces you to get more precise about it. And what I mean by that is so much of leadership is about building credibility and trust and influence. And when you're seeing someone in 3D live, visual cues can kind of mean a lot in the water cooler conversations. Or who you run into in the hall can all help kind of create that level of trust. But you can't do that in 2D. As great as Zoom and other platforms are, you just can't quite do it. And so you have to be much more thoughtful in how you're creating opportunities to kind of create trust. So I'd say I've gotten more surgical in thinking about kind of what those elements of leadership are that do that. I think the second thing I've really learned at IBM again is back to this. We have to be able to do both, drive a future state in a known world as well as, I call it seek a future state in an unknown world. So driving a roadmap for quantum computing takes a number of different technologies coming together in one year, in two years, in five years. And that really does have to be pre-planned, which is very very different, that I'll call the iterative innovation approach that we use at Red Hat and open source communities and working with our clients. And we have to do both. And so as a leader you really have to understand the problem you're trying to solve and apply slightly different kind of leadership tactics against that. So when you're executing a known versus you are trying to create something in an unknown, does require different approaches and we have to do both in IBM. And I think that's the struggle a lot of companies have, every company needs to do that. If you're Delta Airlines, you don't want anybody innovating on the safety procedures before your flight. Yet you want a lot of innovation happening on your website and your mobile app. So how do you bring those together? And as a leader you can have a common set of values, but recognize you have to bring different tools to the table, depending on the context in which you're leading. And so I learned a lot more and gotten a lot crisper with that since being at IBM. >> Interesting, I mean, the pandemic, we all know it's been terrible but one of the upshots has been we had a glimpse of the future sort of shoved into a forced march of digital in 2020. And so obviously the next 10 years ain't going to be like the last 10 years. And one of the things we've been talking about is ecosystems and partnerships and the power and leverage that you can get from those. And Arvin has said, laid it out, we are returning to growth company. And so I wonder if you could talk to how partnerships and ecosystems play into that return to growth for IBM. >> Well, first off a key part of our strategy we talk about hybrid cloud and AI. It's not just about, hey, a platform that runs across all the different deployment models is convenient. It's also because innovation is coming from so many sources today. It's coming from a by-product from the web 2.0 companies, it's coming from open source. It's coming from an explosion of startups because of the amount of capital in venture capital. It's coming from traditional software companies. It's coming from our clients who are participating in open source. And so you have so many sources of innovation. Much of what we're doing is landing a platform that allows you to consume innovation safely and reliably from wherever it's coming from. So a core part of a platform by definition is the ecosystem around it. Having a platform that runs everywhere is great but if you don't have any applications that run on it who cares. And so ecosystem and partners have always been important to IBM, but for this strategy of this horizontal platform oriented strategy, it is critical to our success because much of the platform is the ecosystem. And so we've already talked about investing a billion dollars in that ecosystem to get ISBS and other partners on our platform, again, to ultimately kind of create that kind of horizontal layer where I can run anything that I want to on it and I can run that anywhere I want to. And so the two sides of that so all the innovation happening on top and making sure it runs everywhere is what really unlocks the freedom of choice. That reduces friction to innovation, which allows everybody in the ecosystem from our clients to ISVs to hardware partners to innovate more quickly. And that's what we really see as the benefit of our platform. It's not a horizontal stove pipe, come innovate in this one place. It's recognizing innovation's happening in so many places. And the only way we're going to be able to allow people to ingest that is to have a horizontal platform that everyone's participating in. Which is why partners and ecosystem are so important, not only to the success of our platform, but to the, I'd say, as a success of this next generation of computing. These horizontal fabrics that require an ecosystem kind of built around them. >> I think that's an important nuance that maybe people don't understand that yes, you have a platform. Obviously, OpenShift is a linchpin but it's an enabler for people to build other platforms. It's not the be all, end all platform that's sort of ultimately becomes another Island. And so that is a key part of the growth strategy and presumably expand your total available market. >> Oh, absolutely and so this is the key is we can talk about great IBM technologies. We're doing amazing things in security and AI and natural language processing and all these other areas. But the platform is a recognition that we're not going to do everything for everybody anymore. There's just the democratization of technology means that there is so many sources of innovation. And so first and foremost, we have to land a platform so you can consume anything from anywhere. And then of course, we'll drive our own pace of innovation both in hardware and software around that platform. But we are just a player on that platform, which we're really instantiating for really anybody to be able to reach customers or customers to reach sources of innovation. >> I know sustainability is a passion of yours, that it's obviously a hot topic right now. Oftentimes I joke tongue in cheek, Milton Friedman's rolling over in his grave with all this ESG talk. And I know you just posted recently on LinkedIn. And of course I went right down to Kavanaugh because my premise is not only is sustainability the right thing to do, it's also good business. But I wonder if you could give us your perspectives on this. >> Yeah, well, so first off, I mean, as a large global citizen as IDM I think this is an important role that we play and look, this isn't new to IBM. We came out with our first statements around environment in 1970. We put out our first report that's become our environmental impact report in 1990. We've been talking about climate since the early two thousands. So we've been involved in this for a long, long time because I do think it's important broadly. But there's also a specific role I think IBM can play beyond just our own individual actions to reduce our own footprint. Because of some of the extraordinary technologies that IBM has worked on in the years especially around semiconductors, we have just an amazing amount of technology, expertise, intellectual property around material science. And so just a couple of examples of those that relate to the environment. We in doing some other work realized that we had a way to be able to recycle PET plastic, which is a real problem because so many clothes and other things are now made out of PET. And it's really hard to recycle but a by-product of other work we're doing realized we could do that. And so we've formed a JV and we're funding that to not profit from it but to make sure that much more of the world's PET is recycled. Or the work that we're doing on batteries, where using ocean water instead of rare earth minerals to make batteries that not only are cleaner but last longer. Those are kind of byproducts of our kind of core business. The areas that we can see the benefits of innovation and material science being able to impact the world. I am hopeful that we'll be able to play a role with all of that in clear air carbon capture. I mean, that's still far further away but I do think IBM has a unique role that we can play because of our deep expertise in, again, material science, quantum computing, and modeling that put us in a unique position to have a major impact on the world. >> I wonder if we could talk a little bit about sort of IBM and its technology bets. And I've made the point a number of times in my writing that IBM's R and D spend has been about pretty constant, about $6 billion a year. But as IBM is jettison certain businesses got out of the x86 server business and it got out of the Foundry business with micro electronics. Now it's spinning out NewCo. What happens, the effect is that R and D as a percent of revenue goes way, way up. And my premise has always been that allows IBM to be more focused. So whether it's hybrid cloud, AI, quantum, Edge where are you placing your technology bets and maybe give us a sense of how you ranked them, some of your favorites. >> Yeah, so, look, that's exactly right. I mean, we are one of the few places that still invest a massive amount in R and D, especially in fundamental research. And so I'll kind of break down kind of the core areas. So first off, what I'd say is part of the hybrid cloud platform is recognizing we don't need to do everything for everyone. There is great open source technology. There are great other vendors that are doing things that we can enable our customers to access via the platform. So we're not trying to do everything for everybody in the way maybe 40 years ago we did. Because we understand there's so much great other technology out there that we're going to make sure that we expose. So we're investing in areas where we think we can uniquely add value that need to happen that others aren't doing. So AI, let me take that as an example. There's tremendous work happening in machine learning that we see every day because of Facebook and people trying to identify cats. And so I don't mean to trivialize it, there's a phenomenal work happening there. There's a lot less work being done on in AI on things where you have a lot less data. Or areas where you need explainable unbiased AI and the problem with machine learning engines is they're not auditable by definition. That's kind of a black box. And so we do a lot of work in areas like that. We do a lot of work in natural language processing. So we've had more of a as a kind of publicity kind of push the technology something called Project Debater. Where Watson can debate kind of champion debaters. That was mainly to make sure we can understand language in context, which allows for being able to better handle call centers in areas like that. Allows us to understand source code, which also is thinking about how you migrate applications from on-premise to the cloud. So we have a bunch of AI things that we are doing and is a core focus of what we're doing. But in specifically we're investing in areas like anti-biased auditability, natural language processing, areas where others aren't. Which is unique and we can bring those capabilities together with what others are doing. Security, obviously, a huge, huge area where we've invested in quantum safe encryption. We've invested in confidential computing. In other words, even in compute mode your data is encrypted. So you can keep your own keys, so not even we on our cloud can see your data. So a lot of investments happening around security and that's going to continue to be an area as we know that's going to get more and more and more scrutiny. So heavy, heavy focus there. Heavily focused on technologies that help you kind of modernize your infrastructure. So automation tools, integration tools and areas around that. So on the software side, those are kind of the main areas. When you look on the hardware side, obviously quantum is a significant area where we have a leadership position we continue to drive. But even semiconductor research in kind of process technology. So we announced something with Intel to work with them to bring some of our process technologies. As we kind of go from 7 nanometers to 5 to 2 to ultimately 1. That set of technologies is an area where we have a real leadership position and we'll continue to work with now Intel. We continue to work with others to drive that forward. So whole bunch of areas both on the hardware and the software side that we continue to make progress on. >> Yeah, the Silicon piece is interesting. And when we saw that Arvin as part of the Intel announcements that we thought originally, oh, maybe it's just about quantum but it's really much more than that. You mentioned the process. We dug into it and we realized, wow, we said Power10 actually has the highest performance. And because of the way in which you are not to geek out but you're you dis-aggregate memory. And Pat Gelsinger talked about system on a package. It turns out folks that IBM is actually the leader in that type of capability. And also the way that systems on chips use memory is very inefficient but IBM has actually invented some techniques to make that much more efficient. That's sort of the future of semiconductors. And the reason why we spend so much time thinking about it is because it's of national interest. There's a huge chip shortage, which doesn't look like it's going away anytime soon. So that's a critical part of national competitiveness and technology competitiveness going forward. >> Well, and the other interesting part about that, and you talked about Power10, going back to the hybrid cloud platform that we talked about. It's not just about running applications across wherever you want to run them. It also abstracts the chip architecture. So all of a sudden whether it's on the mainframe, it's on power, it's on ARM, it's on x86 and a whole bunch of other technologies that might get developed. We're making it much easier to kind of consume that specialization or variety at the hardware level. Recognize as Moore's law runs its course there's no longer this inevitability of everything's just going to go to x86. I think we are going to see more variety because we're going to have needs in the factory floor or in the automobile or with massive container as applications. Where you're going to need, whether it's kind of shared memory or different architectures all the way out to kind of low battery consumption. And that whole kind of breadth and our hybrid cloud platform enables that variability. And then IBM obviously has great technology to enable kind of building unique capability in hardware. So we kind of play on both sides of it, both kind of developing great technologies but then making it really easy for developers to consume and use those specialized features. >> I'm glad you brought that up, Jim. We mentioned Moore's law because we're all talking about how Moore's law is waning and it's quote, unquote dead. But the reality is, is the outcome of Moore's law which is the doubling of performance every two years is actually accelerating because of the common actuarial factors of CPU's and GPU's and NPUs and accelerators and DSPs. If you add all those up and actually, we're actually quadrupling every two years. So we have more processing power at much lower costs because of the volumes that you're seeing on things like ARM. So it's actually a very exciting time. We're entering an era that really, it's hard to get your mind around sometimes. So my question is how should we think about the future state of IBM? What does that look like? >> Well, so first off, the thing that I've found extraordinary about IBM kind of having been there now just a little over a year as an employee, a couple of years, I guess, when Red Hat was acquired. Is it is unique in fundamentally changing, again, who we are to kind of meet the needs going forward. And if you think about the needs in technology, recognize it was only like 20 years ago that Nicholas Carr wrote his famous article, IT Doesn't Matter, it's about back office. And in that world, IBM was really, really effective at building and running IT systems for our clients. We would come in, we would just kind of do everything for them. Today, technology is the forefront of developing or building competitive advantage for almost any business. And so nobody wants to kind of hand the keys, so we no longer are necessarily doing things for our clients. We're doing things with our clients. So there's a whole set of work, and we talked about how we engage with our clients, how we're much more collaborative and co-creative and our whole garage model to help build the capability to innovate with our clients is a key part of what we're doing. We'll continue to drive core technologies forward like quantum in key areas that require billions of dollars of research that frankly no one else is willing to do. And then we bring it all together with this hybrid cloud platform where we recognize it's no longer about us doing it all for you anymore. We're going to do the things where we can uniquely add value but then provide it all on a platform which allows you to consume from wherever, however you want to in a safe, secure, reliable way. So as we watch this next generation of computing unfold, cloud shouldn't end up being a bunch of vertical stove pipes. It truly needs to be kind of a horizontal platform that allows you to run any application anywhere in a safe, secure, reliable way and our architecture helps do that. So it's no longer able to do everything for you. It's we can do things uniquely on a platform and work with you to be able to help you kind of create your own pace of innovation, your own sources of advantage. And so that's the broad kind of direction that we're going, again, as enterprises move from consuming technology to be more efficient, to driving advantage with it. They need partners who understand that focused on their success and can innovate with them. And that's really where we're going with our technology, with our services capability and kind of our approach to how we work with our clients. >> Yeah, Jim, you just laid out the Holy grail of computing in the coming decade and with IBM's acquisition of Red Hat. And it really enables that vision and clearly the company is one of the top few that are in a position to do that. Jim Whitehurst, thanks so much for coming back on theCUBE. Really appreciate your time. >> Thanks for having me, it's great to chat. >> All right and thank you for watching. Keep it right there for more content of theCUBE's coverage of IBM Think 2021, the virtual edition, be right back. (gentle music)

>>Okay, >>welcome to Accelerating next. Thank you so much for joining us today. We have a great program. We're gonna talk tech with experts, will be diving into the changing economics of our industry and how to think about the next phase of your digital transformation. Now. Very importantly, we're also going to talk about how to optimize workloads from edge to excess scale with full security and automation all coming to you as a service. And with me to kick things off as Neil Mcdonald, who's the GM of compute at HP NEAL. Always a pleasure. Great to have you on. >>It's great to see you dad >>now, of course, when we spoke a year ago, we had hoped by this time we'd be face to face. But here we are again, you know, this pandemic, It's obviously affected businesses and people in so many ways that we could never have imagined. But the reality is in reality, tech companies have literally saved the day. Let's start off, how is HPV contributing to helping your customers navigate through things that are so rapidly shifting in the marketplace, >>although it's nice to be speaking to you again and I look forward to being able to do this in person. At some >>point. The >>pandemic has really accelerated the need for transformation and businesses of all sizes. More than three quarters of C. I. O. S. Report that the crisis has forced them to accelerate their strategic agendas, organizations that were ready transforming or having to transform faster and organizations that weren't on that journey yet are having to rapidly develop and execute a plan to adapt to this new reality. Our customers are on this journey and they need a partner for not just the computer technology but also the expertise and economics that they need for that digital transformation. And for us this is all about unmatched optimization for workloads from the edge to the enterprise to extra scale With 360° security and the intelligent automation all available in that as a service experience. >>Well, you know, as you well know, it's a challenge to manage through any transformation, let alone having to set up remote workers overnight, securing them, re setting budget priorities. What are some of the barriers that you see customers are working hard to overcome? >>Simply put the organizations that we talk with our challenged in three areas. They need the financial capacity to actually execute a transformation. They need the access to the resource and the expertise needed to successfully deliver on a transformation. And they have to find the way to match their investments with the revenues for the new services that they're putting in place to service their customers in this environment. >>You know, we have a data partner E. T. R. Enterprise Technology Research and the spending data that we see from them is it's quite dramatic. I mean last year we saw a contraction of roughly 5% of in terms of I. T. Spending budgets etcetera. And this year we're seeing a pretty significant rebound. Maybe a 67% growth ranges is the prediction. The challenge we see his organizations have to they got to iterate on that. I call it the forced march to digital transformation and yet they also have to balance their investments. For example that the corporate headquarters which have kind of been neglected. Is there any help in sight for the customers that are trying to reduce their spending and also take advantage of their investment capacity? >>I think you're right. Many businesses are understandably reluctant to loosen the purse strings right now given all of the uncertainty. And often a digital transformation is viewed as a massive upfront investment that will pay off in the long term, and that can be a real challenge in an environment like this, but it doesn't need to be uh, we work through HP financial services to help our customers create the investment capacity to accelerate the transformation, often by leveraging assets they already have and helping them monetize them in order to free up the capacity to accelerate what's next for their infrastructure and for the business. >>So can we drill into that? I would wonder if you could add some specifics. I mean, how do you ensure a successful outcome? What are you really paying attention to as those sort of markers for success? >>Well, when you think about the journey that an organization is going through, it's tough to be able to run the business and transform at the same time and one of the constraints is having the people with enough bandwidth and enough expertise to be able to do both. So we're addressing that in two ways for our customers. One is by helping them confidently deploy new solutions which we have engineered, leveraging decades of expertise and experience in engineering to deliver those workload optimized portfolios that take the risk and the complexity out of assembling some of these solutions and give them a prepackaged validated supported solution intact that simplifies that work for them. But in other cases we can enhance our customers bandwidth by bringing them HP point Next experts with all of the capabilities we have to help them plan, deliver and support these I. T. Projects and transformations. Organizations can get on a faster track of modernization, getting greater insight and control as they do it. We're a trusted partner to get the most for a business that's on this journey in making these critical computer investments to underpin the transformations and whether that's planning to optimizing to save for retirement at the end of life. We can bring that expertise to bear to help amplify what our customers already have in house and help them accelerate and succeed in executing these transformations. >>Thank you for that. Let's let's talk about some of the other changes that customers see him in the cloud is obviously forced customers and their suppliers to really rethink how technology is packaged, how it's consumed, how it's priced. I mean there's no doubt in that. So take Green Lake, it's obviously leading example of a pay as you scale infrastructure model and it could be applied on prem or hybrid. Can you maybe give us a sense as to where you are today with Green Lake? >>Well, it's really exciting now from our first pay, as you go offering back in 2006, 15 years ago to the introduction of Green Lake. HBs really been paving the way on consumption-based services through innovation and partnership to help meet the exact needs of our customers. Hp Green Lake provides an experience, is the best of both worlds. A simple paper use technology model with the risk management of data that's under our customers direct control and it lets customers shift to everything as a service in order to free up capital and avoid that upfront expense that we talked about. They can do this anywhere at any scale or any size and really HP Greenlee because the cloud that comes to you >>like that. So we've touched a little bit on how customers can maybe overcome some of the barriers to transformation. What about the nature of transformations themselves? I mean historically there was a lot of lip service paid to digital and and there's a lot of complacency, frankly, but you know that covid wrecking ball meme that so well describes that if you're not a digital business, essentially you're gonna be out of business. So, you know, those things have evolved, how is HPV addressed the new requirements? >>Well, the new requirements are really about what customers are trying to achieve. And four very common themes that we see are enabling the productivity of remote workforce. That was never really part of the plan for many organizations being able to develop and deliver new apps and services in order to service customers in a different way or drive new revenue streams, being able to get insights from data so that in these tough times they can optimize their business more thoroughly. And then finally think about the efficiency of an agile hybrid private cloud infrastructure. Especially one that now has to integrate the edge. And we're really thrilled to be helping our customers accelerate all of these and more with HP computer. >>I want to double click on that remote workforce productivity. I mean again the surveys that we see, 46 of the ceo say that productivity improved with the whole work from home remote work trend. And on average those improvements were in the four range which is absolutely enormous. I mean when you think about that how does HP specifically help here? What do you guys do? >>Well every organization in the world has had to adapt to a different style of working and with more remote workers than they had before. And for many organizations that's going to become the new normal. Even post pandemic, many I. T. Shops are not well equipped for the infrastructure to provide that experience because if all your workers are remote the resiliency of that infrastructure, the latency is of that infrastructure, the reliability of are all incredibly important. So we provide comprehensive solutions expertise and as a service options that support that remote work through virtual desktop infrastructure or V. D. I. So that our customers can support that new normal of virtual engagements online everything across industries wherever they are. And that's just one example of many of the workload optimized solutions that we're providing for our customers is about taking out the guesswork and the uncertainty in delivering on these changes that they have to deploy as part of their transformation. And we can deliver that range of workload optimized solutions across all of these different use cases. Because of our broad range of innovation in compute platforms that span from the ruggedized edge to the data center all the way up to exa scale in HPC. >>I mean that's key if you're trying to affect the digital transformation and you don't have to fine tune, you know, basically build your own optimized solutions if I can buy that rather than having to build it and rely on your R and D. You know, that's key. What else is HP doing? You know, to deliver new apps, new services, you your microservices, containers, the whole developer trend, what's going on there? >>Well, that's really key because organizations are all seeking to evolve their mix of business and bring new services and new capabilities, new ways to reach their customers, new way to reach their employees, new ways to interact in their ecosystem all digitally. And that means that development and many organizations of course are embracing container technology to do that today. So with the HP container platform, our customers can realize that agility and efficiency that comes with container ization and use it to provide insight to their data more and more on that data of course is being machine generated or generated the edge or the near edge. And it can be a real challenge to manage that data holistically and not of silos and islands at H. P. S. Moral data fabric speeds the agility and access to data with a unified platform that can span across the data centers, multiple clouds and even the edge. And that enables data analytics that can create insights powering a data driven production oriented cloud enabled analytics and AI available anytime anywhere and at any scale. And it's really exciting to see the kind of impact that that can have in helping businesses optimize their operations in these challenging times. >>You gotta go where the data is and the data is distributed. It's decentralized. I I like the liberal vision and execution there so that all sounds good. But with digital transformation you're gonna see more compute in hybrid deployments. You mentioned edge. So the surface area, it's like the universe its its ever expanding. You mentioned, you know, remote work and work from home before. So I'm curious where are you investing your resources from a cyber security perspective? What can we count on from H P. E there >>Or you can count on continued leadership from hp as the world's most secure industry standard server portfolio. We provide an enhanced and holistic 360° view to security that begins in the manufacturing supply chain and concludes with a safeguarded end of life Decommissioning. And of course we've long set the bar for security with our work on silicon root of trust and we're extending that to the application tier. But in addition to the security customers that are building this modern Khyber or private cloud, including the integration of the Edge need other elements to they need an intelligent software defined control plane so that they can automate their compute fleets from all the way at the edge to the core. And while scale and automation enable efficiency, all private cloud infrastructures are competing with Web scale economics and that's why we're democratizing web scale technologies like Pensando to bring web scale economics and web scale architecture to the private cloud. Our partners are so important in helping us serve our customers needs. >>Yeah. I mean H. P. Is really up to its ecosystem game since the middle of last decade when when you guys reorganized and it became even more partner friendly. So maybe give us a preview of what's coming next in that regard from today's event. >>Well, they were really excited to have HP. Ceo, Antonio Neri speaking with Pat Gelsinger's from Intel and later lisa su from A. M. D. And later I'll have the chance to catch up with john Chambers, the founder and Ceo of J. C. Two ventures to discuss the state of the market today. >>Yeah, I'm jealous. You got, yeah, that's a good interviews coming up, NEal, thanks so much for joining us today on the virtual cube. You've really shared a lot of great insight how HP is is partner with customers. It's, it's always great to catch up with you. Hopefully we can do so face to face, you know, sooner rather than later. >>I look forward to that. And you know, no doubt our world has changed and we're here to help our customers and partners with the technology, the expertise and the economics they need For these digital transformations. And we're going to bring them unmatched workload optimization from the edge to exa scale with that 360° security with the intelligent automation. And we're gonna deliver it all as an as a service experience. We're really excited to be helping our customers accelerate what's next for their businesses. And it's been really great talking with you today about that day. Thanks for having me >>very welcome. It's been super Neil and I actually, you know, I had the opportunity to speak with some of your customers about their digital transformation and the role of that HPV plays there. So let's dive right in. >>Yeah. Mm.