>>Good morning live from Las Vegas. It's the Q with AWS reinvent 2021. This is our fourth day of coverage. The third full day of the conference. Lisa Martin here with Dave Nicholson. Dave, we had had a tremendous number of conversations. In fact, we've two live sets over a hundred guests on the program, and I have another web. I've got two Dave's for you for the price of one. Dave trader joins us the field CSO client advisor at Presidio. We're going to be talking about ransomware and security, Dave, welcome to the program. Thank you for having me. So it's looking at your background. You've got a very cool background. You hold numerous cybersecurity certifications, including CIS SP you've received numerous endorsements from the department of Homeland security, the FBI and NSA. And in 2018, you graduated from the FBI's CSO academy in Quantico. Wow. Yeah, it sounds like he's a man with a very special set of skills. I think you're right. I think you're right. One of the things that we have seen the cybersecurity landscape has changed dramatically in the last year and a half 22 months or so. I was reading some stats ransomware and the check happens delivery once every 11 seconds. It's now a matter of when not, if talk to us about some of the things that you're seeing, the threat landscape, changing ransomware as a service what's going on. >>The last part that you mentioned was ransomware as a service is key. The access to be able to launch a tax has become so simplified that the, the, the, uh, the attacker level doesn't have to be sophisticated. Really. You can get down to the 100 level brand new hackers that are just getting into the space. They can go to a help desk and they can purchase ransomware, and they can run this ransomware that has the comes with quality assurance, by the way. And if they didn't run correctly, they've got a help desk support system. That'll help them run this in a, you know, as a criminal enterprise. Um, the access is really what is, what has made this so prevalent, and it really exacerbated the problem to the massive scale that we're seeing today. Yeah. >>And of course, we're only hearing about the big ones, you know, re you know, Conti colonial pipeline. But as I mentioned, an attack occurring every 11 seconds, I also was reading the first half of calendar, 21, that ransomware was up nearly 11 X. So the trajectory it's going the wrong way, it's going up into the right and the way that we don't want it to go, are they becoming more brazen? Is it easier? Ransomware is the surface, but also they're able to be paid in Bitcoin and that's less traceable. >>Yeah. So, um, exponential is not even fair, right? Cause it, that's not even a fair assessment because that up and right, it's just, it's been so pervasive that we just see that continued growth. Uh, you know, there's how, you know, different ways and how we're going to stop that. And what we're, what we're doing from a national perspective is all coming into play and what we're going to do about it. You know? So the, one of the things that I'm seeing, that's kind of new is the taunting aspect. So the taunting aspect is, uh, you know, they've been in your network for a little while, the dwell times extended and they're collecting intelligence, but what they're doing is, you know, they used to let you, after they would present you with the ransomware note, they would let you kind of circle the wagons. And then you would come to a decision point as an organization. >>Is, am I going to pay or am I not well? And they would give you a little bit of time to deliberate. Well, now during your deliberation time, they're actually sending texts to the CEO and the CFO and there's, and they're, they're, they're showcasing their, their, uh, technical prowess and that they've got you, they own you at that point. And they're, they're texting on your personal device. And they're saying, you should go ahead and pay us, or we're going to make this worse. The taunting aspect is even twisting the knife and it's, uh, you know, out of box isn't even from a criminal aspect, I expect that to be out of bounds, no >>Crazy. And of course, you know, some of the things that we've seen, um, uh, the, the white houses, counter ransomware initiative, a coalition of 30 countries aimed to ramp up global efforts to attack that it's like, are you seeing cyber crime with the rise and the proliferation, you think there's gonna be more regulations and organizations that are going to be having to deal with? What do you think? Some of the things that we're going to see on that legal? >>Yeah. So we have to, we have to leverage compliance, and there's a lot of really great frameworks out there today that we are leveraging. And there's, there's good methodology on how to stop this. The issue is it's the adoption and really the, the, the knowledge, the subject matter expertise, and really that consultant side, that's the message that I try and get out to, to, to our customers and our clients. And I'm trying to really get them to understand what that evolution looks like and what, what is needed in each discipline, because there's various disciplines across the board and you almost have to have them all, um, you know, in order to be able to stop ransomware and solve for that ransomware problem. And I do think the regulation is going to be key. I also think that I need some air support from not only the federal government, but our internet service providers and, and we as a free country, we need to be careful of, you know, on, on some of that, some of those fronts. But I, I, I still think that I would appreciate, you know, my ISP doing a little bit of block and tackle for me, you know, and helping me out, even though I want the freedom to do and be able to do whatever I want. I still like them to say, you know, we're gonna block known that because, you know, it would just be nice to have a little bit of support even on that side. So how does >>An ISP prevent me from panning out my password and being fooled in a, in a, in a phishing attack is the, is the question that, is, that, is that still a real issue? >>So I wouldn't put that. I wouldn't put that on the ISP. I would put that more on the end point and some personal responsibility, right. Knowing, and I do, I do stress that a little bit, but relatively early >>Morning sarcasm in my bag. >>Yeah. So I do put that on, but there, but there are tremendous partners that I work with that are able to do that and automate a lot of that for you. And I need to make it simple, but simple as hard. And that's what you know is, especially in cybersecurity, we want to make it simple for it and really be able to remove the threat to the end user and protect the user. But in order to do that, there's a ton of things on a ton of sophistication and innovation that happens in the background. And we really need to be able to showcase how that's done. And, um, I, it's, obviously I'm excited about it, but we need more people that are able to just specialize in this. We need more good guys that are able to come in and help us on this front. >>I also think we need to break down some barriers for on the competition with, you know, market share and the partners we need to, we need to kind of elevate the conversation a little bit and we all need to work together because we're all in the same boat when it comes to how we're being attacked. Um, you know, from a national perspective on a global scale. And I think that if we elevate the conversation, our collective, uh, mindset in that, that, that, that, uh, that, that mind share is going to be able to really help us innovate and, and put a stop to this. >>So then how is Presidio and AWS, how are you helping them until you get to it? Ransomware and mitigation can talk to us about that. How are you going to be helping, especially there's cyber security skills gap that's gone on like five years. >>Sure. Yeah. That skills gap is going to continue to, we're going to continue to see that grow as well. And we're efforting that on many fronts, but I'm really excited about the ransomware mitigation kit that got, uh, unveiled yesterday. Um, I got a call earlier this year from, uh, AWS and, and, uh, we basically, the question was posed to me, you know, what are we going to do about this is from an AWS perspective, what can we do? Um, you know, cause th the cyber adversaries are, uh, are, are relatively unchecked and, and, and their attitude is what are you going to do about it? So AWS posed the question, what are we going to do about it? And what we came up with was, you know, as, as an isolated organization, or as an isolated discipline as with like a managed detection and response or endpoint protection, um, that silo could not by itself accomplish and the solve to eliminate ransomware or to make a dent in eliminate ransomware. >>So what we had to do was combine disciplines, and we reached over to BCDR disaster recovery and, and, and, and our backup teams. And we said, let's put together endpoint protection, MDR, and let's, let's merge the two of these. And let's automate that. So that what happens is, is when we detect the ransomware attack, there's, there's a specific indicators of compromise that happened in the attack, the end point protection, which is CrowdStrike in our case can see that and can notify that, and then can tell the backup and recovery team, Hey, we know that this is a, this is an indicator of compromise. We know that this system is, has been owned. And then there's an inflection point where we can ask the user if they want to manually intervene, or if they want us to automate that and intervene for them. So it really keeps production going full-time and, uh, it doesn't, it takes away the cyber adversaries ability to hold our data hostage. So this is an, it was this one, and I don't use PI verbally, uh, frequently, but this is a monumental, uh, uh, evolution of what, of what we're going to see and how to prevent ransomware. >>Wow. I was reading that, that ransomware is backups, or you talked about backup, the backup backup attacks are on the rise as well. How can organizations, how can they work with Presidio in AWS? You described this as monumental kind of game-changing, how can they work with you guys to, to implement this technology so that we can start dialing down the threats? >>Yeah. So we would love to, we would love to hear from you, right? Give us a, give us a call. Um, but, uh, our teams, you know, with, with CloudEndure and AWS CloudEndure and CrowdStrike and what they've really come up with, and, and you have to have these two things ahead of time. So I sit on our critical incident response team, and, you know, I, I do work with, you know, the, the bureau as often as I can on attribution, but you have to have these ahead of time. So your, your, your, your, uh, critical response plan needs to be in place. And if you have the two things that we, that we've really put a lot of effort into over the last eight months, if you've got CrowdStrike and you've got cloud on, on the backend, we can establish all of those, um, and, and really set this up for you to eliminate that threat. And, and that's what we're excited to showcase this week, and, you know, in the coming months, and we're going to, and we've also got additional things in additional features that we plan to add to that in the, in the coming months, Dave, >>Your thoughts on the partnership between private industry and government entities. Uh, you mentioned that the level of sophistication to engage in this bad behavior doesn't necessarily have to be the, have to rise to the level of state sponsored. Um, but can we do this in the private sector, by ourselves? What are your, what are your sort of philosophical? >>I will give you my, I will give you a statistic on this and it will, it'll be self-explanatory. But, um, 80% of our critical infrastructure in the United States is privately held. So we're unique in that perspective, we aren't like some other countries where they can just mandate the requirement that the government will control critical infrastructure. It's privately held here in the United States. So you almost have to invite the federal government to come in, even though you are a critical infrastructure, they still have to be invited to come help you. And that partnership is key in order to be able to defend yourself, but also to defend the nation. Our power grids are our water sources. I mean, you'll see those are private private companies, but we need that federal help. And I try and evangelize that partnership. I mean, you know, there's always the, um, you know, when you think about working with federal agencies, like the, like the FBI, um, there's a little bit of hesitation and you're not really quite sure. >>I will tell you that those, those men and women are, um, uh, they're amazing. They're amazing to work with they're, they're really good at what they do. And, and you're certainly it's a partnership and they have a whole division set up there's the office of the private sector is designed to have these conversations and help you prepare. And then in the unfortunate instance where you might have an attack there, right. They're trying to figure out who did that to you, you know, and, and you're a victim, you're a victim of a federal crime at that point. And they, they treat you with such care and, you know, they're, uh, they do such a great job. So I think we have to engage them in order to, and we should actually be able to help them with the technology and how, and make it easier for them to do their job, but something I'm also very interested in. >>Talk to me about your interests as the last question, in terms of what's going to go on here, we are wrapping up 2021 entering 2022, which hopefully will be a much better year for on many fronts, including the decrease in ransomware. What are some of the things that you're excited about? There's so much technology, there's so much opportunity and innovation going on with AWS and its partner ecosystem. What excites you, what opportunities do you see as we head into 2020? Yeah. >>So I do see some, I do see some threats that are going to evolve. Um, ransomware is certainly going to be more of the same until we get this out in this new methodology and what we've built until that becomes widely adopted. I think we, you know, we're not going to make a dent in the numbers that we're seeing just yet, but I'm hoping that that will change when, you know, when the industries do start to adopt that. The other thing that I'm seeing is I think operational technology is going to take a hit in 2022 because the bad guys have started to figure out how, um, you know, that, that, that, that operational technology is not as, uh, it's not front and center. And it's not top of mind for a lot of CSOs. So they're, they're targeting that weakness and going after that. So I think we really need to brace for that and, and really, uh, get in front of that. Uh, so that's one of the things that I'm prepping for is really the operational IOT conversation, and then how I can help, uh, organizations and even, even home users, you know, with some of the stuff that you've got, you know, maybe in your own home that could be used again, >>Right? Cause that work from anywhere is going to persist for quite some time. Dave, thank you so much for joining Dave Nicholson and me on the program this morning, talking about what's going on in the threat landscape ransomware, but also this monumental shift and from, from a technology and a partnership perspective that Presidio and AWS are doing to help customers and every industry, private and public sector. We appreciate your insights. Thank you >>For having me. Thanks >>For being here. Very Dave and Dave I'm Lisa you're watching the cube, the global leader in live tech coverage.