Derek Manky, Fortinet | CUBEconversation
>>Welcome to this cube conversation with 40 net. I'm your host. Lisa Martin, Derek Minky is back. He's the chief security insights and global threat alliances at 40 minutes, 40 guard labs, Derek. Welcome back to the program. >>Likewise, we've talked a lot this year. And of course, when I saw that there are, uh, you guys have predictions from 40 guard labs, global threat intelligence and research team about the cyber threat landscape for 2022. I thought it was going to be a lot to talk about with Derek here. So let's go ahead and dig. Right in. First of all, one of the things that caught my attention was the title of the press release about the predictions that was just revealed. The press release says 40 guard labs, predict cyber attacks aimed at everything from crypto wallets to satellite internet, nothing. There is no surface that is safe anymore. Talk to me about some of the key challenges that organizations in every industry are facing. >>Yeah, absolutely. So this is a, as you said, you, you had the keyword there surface, right? That, and that attack surface is, is open for attack. That's the attack surface that we talk about it is literally be pushed out from the edge to space, like a lot of these places that had no connection before, particularly in OT environments off grid, we're talking about, uh, you know, um, uh, critical infrastructure, oil and gas, as an example, there's a lot of these remote units that were living out there that relied on field engineers to go in and, uh, you know, plug into them. They were air gapped, those such low. Those are the things that are going to be accessible by Elio's low earth orbit satellites. And there are 4,000 of those out there right now. There's going to be over 30,000. We're talking Starlink, we're talking at least four or five other competitors entering this space, no pun intended. And, um, and that's a big deal because that it's a gateway. It opens the door for cyber criminals to be able to have accessibility to these networks. And so security has to come, you know, from, uh, friends of mine there, right. >>It absolutely does. We've got this fragmented perimeter tools that are siloed, the expand and very expanded attack surface, as you just mentioned, but some of the other targets, the 5g enabled edge, the core network, of course, the home environment where many of us still are. >>Yeah, yeah, definitely. So that home environment like the edge, it is a, uh, it's, it's the smart edge, right? So we have things called edge access Trojans. These are Trojans that will actually impact and infect edge devices. And if you think about these edge devices, we're talking things that have machine learning and, and auto automation built into them a lot of privilege because they're actually processing commands and acting on those commands in a lot of cases, right? Everything from smart office, smart home option, even until the OT environment that we're talking about. And that is a juicy target for attackers, right? Because these devices naturally have more privileged. They have APIs and connectivity to a lot of these things where they could definitely do some serious damage and be used as these pivot within the network from the edge. Right. And that's, that's a key point there. >>Let's talk about the digital wallet that we all walk around with. You know, we think out so easy, we can do quick, simple transactions with apple wallet, Google smart tab, Venmo, what have you, but that's another growing source of that, where we need to be concerned, right? >>Yeah. So I, I I've, I've worn my cyber security hat for over 20 years and 10 years ago, even we were talking all about online banking Trojans. That was a big threat, right? Because a lot of financial institutions, they hadn't late ruled out things like multifactor authentication. It was fairly easy to get someone's bank credentials go in siphoned fans out of an account. That's a lot harder nowadays. And so cyber criminals are shifting tactics to go after the low hanging fruit, which are these digital wallets and often cryptocurrency, right? We've actually seen this already in 40 guard labs. Some of this is already starting to happen right now. I expect this to happen a lot more in 20, 22 and beyond. And it's because, you know, these wallets are, um, hold a lot of whole lot of value right now, right. With the crypto. And they can be transferred easily without having to do a, like a, you know, EFT is a Meijer transfers and all those sorts of things that includes actually a lot of paperwork from the financial institutions. And, you know, we saw something where they were actually hijacking these wallets, right. Just intercepting a copy and paste command because it takes, you know, it's a 54 character address people aren't typing that in all the time. So when they're sending or receiving funds, they're asking what we've actually seen in malware today is they're taking that, intercepting it and replacing it with the attackers. Well, it's simple as that bypassing all the, you know, authentication measures and so forth. >>And is that happening for the rest of us that don't have a crypto wallet. So is that happening for folks with apple wallets? And is that a growing threat concern that people need to be? It is >>Absolutely. Yeah. So crypto wallets is, is the majority of overseeing, but yeah, no, no digital wallet is it's unpatched here. Absolutely. These are all valid targets and we are starting to see activity in. I am, >>I'm sure going after those stored credentials, that's probably low-hanging fruit for the attackers. Another thing that was interesting that the 2022 predictions threat landscape, uh, highlighted was the e-sports industry and the vulnerabilities there. Talk to me about that. That was something that I found surprising. I didn't realize it was a billion dollar revenue, a year industry, a lot of money, >>A lot of money, a lot of money. And these are our full-blown platforms that have been developed. This is a business, this isn't, you know, again, going back to what we've seen and we still do see the online gaming itself. We've seen Trojans written for that. And oftentimes it's just trying to get into, and user's gaming account so that they can steal virtual equipment and current, you know, there there's virtual currencies as well. So there was some monetization happening, but not on a grand scale. This is about a shift attackers going after a business, just like any organization, big business, right. To be able to hold that hostage effectively in terms of DDoSs threats, in terms of vulnerabilities, in terms of also, you know, crippling these systems with ransomware, like we've already seen starting to hit OT, this is just another big target. Right. Um, and if you think about it, these are live platforms that rely on low latency. So very quick connections, anything that interrupts that think about the Olympics, right on sports environment, it's a big deal to them. And there's a lot of revenue that could be lost in cybercriminals fully realizes. And this is why, you know, we're predicting that e-sports is going to be a, um, a big target for them moving forward. >>Got it. And tell, let's talk about what's going on with brands. So when you and I spoke a few months ago, I think it was ransomware was up nearly 11 X in the first half of a calendar year, 2021. What are you seeing from an evolution perspective, uh, in the actual ransomware, um, actions themselves as well as what the, what the cyber criminals are evolving to. >>Yeah. So to where it's aggressive, destructive, not good words, right. But, but this is what we're seeing with ransomware. Now, again, they're not just going after data as the currency, we're seeing, um, destructive capabilities put into ransomware, including wiper malware. So this used to be just in the realm of, uh, APTT nation state attacks. We saw that with should moon. We saw that with dark soil back in 2013, so destructive threats, but in the world of apt and nation state, now we're seeing this in cyber crime. We're seeing it with ransomware and this, I expect to be a full-blown tactic for cyber criminals simply because they have the, the threat, right. They've already leveraged a lot of extortion and double extortion schemes. We've talked about that. Now they're going to be onboarding this as a new threat, basically planting these time bombs. He's ticking time bombs, holding systems for, for, for ransom saying, and probably crippling a couple of, to show that they mean business and saying, unless you pay us within a day or two, we're going to take all of these systems offline. We're not just going to take them offline. We're going to destroy them, right. That's a big incentive for people to, to, to pay up. So they're really playing on that fear element. That's what I mean about aggressive, right? They're going to be really shifting tactics, >>Aggressive and destructive, or two things you don't want in a cybersecurity environment or to be called by your employer. Just wanted to point that out. Talk to me about wiper malware. Is this new emerging, or is this something that's seeing a resurgence because this came up at the Olympics in the summer, right? >>Absolutely. So a resurgence in, in a sort of different way. Right. So, as I said, we have seen it before, but it's been not too prevalent. It's been very, uh, it's, it's been a niche area for them, right. It's specifically for these very highly targeted attack. So yes, the Olympics, in fact, two times at the Olympics in Tokyo, but also in the last summer Olympics as well. We also saw it with, as I mentioned in South Korea at dark school in 2013, we saw it an OT environment with the moon as an example, but we're talking handfuls here. Uh, unfortunately we have blogged about three of these in the last month to month and a half. Right. And that, and you know, this is starting to be married with ransomware, which is particularly a very dangerous cause it's not just my wiper malware, but couple that with the ransom tactics. >>And that's what we're starting to see is this new, this resurgent. Yes. But a completely new form that's taking place. Uh, even to the point I think in the future that it could, it could severely a great, now what we're seeing is it's not too critical in a sense that it's not completely destroying the system. You can recover the system still we're talking to master boot records, those sorts of things, but in the future, I think they're going to be going after the formal firmware themselves, essentially turning some of these devices into paperweights and that's going to be a very big problem. >>Wow. That's a very scary thought that getting to the firmware and turning those devices into paperweights. One of the things also that the report talked about that that was really interesting. Was that more attacks against the supply chain and Linux, particularly talk to us about that. What did you find there? What does it mean? What's the threat for organizations? >>Yeah. So we're seeing a diversification in terms of the platforms that cyber criminals are going after. Again, it's that attack surface, um, lower hanging fruit in a sense, uh, because they've, you know, for a fully patched versions of windows, 10 windows 11, it's harder, right. For cyber criminals than it was five or 10 years ago to get into those systems. If we look at the, uh, just the prevalence, the amount of devices that are out there in IOT and OT environments, these are running on Linux, a lot of different flavors and forms of Linux, therefore this different security holes that come up with that. And that's, that's a big patch management issue as an example too. And so this is what we, you know, we've already seen it with them or I bought net and this was in our threat landscape report, or I was the number one threat that we saw. And that's a Linux-based bot net. Now, uh, Microsoft has rolled out something called WSL, which is a windows subsystem for Linux and windows 10 and windows 11, meaning that windows supports Linux now. So that all the code that's being written for botnets, for malware, all that stuff is able to run on, on new windows platforms effectively. So this is how they're trying to expand their, uh, attack surface. And, um, that ultimately gets into the supply chain because again, a lot of these devices in manufacturing and operational technology environments rely quite heavily actually on Linux. >>Well, and with all the supply chain issues that we've been facing during the pandemic, how can organizations protect themselves against this? >>Yeah. So this, this is a big thing, right? And we talked about also the weaponization of artificial intelligence, automation and all of these, there's a lot going on as you know, right from the threats a lot to get visibility on a lot, to be able to act quickly on that's a big key metric. There is how quick you can detect these and respond to them for that. You need good threat intelligence, of course, but you also truly need to enable, uh, uh, automation, things like SD wan, a mesh architecture as well, or having a security fabric that can actually integrate devices that talk to each other and can detect these threats and respond to them quickly. That's a very important piece because if you don't stop these attacks well, they're in that movement through the attack chain. So the kill chain concept we talk about, um, the risk is very high nowadays where, you know, everything we just talked about from a ransomware and destructive capabilities. So having those approaches is very important. Also having, um, you know, education and a workforce trained up is, is equally as important to, to be, you know, um, uh, to, to be aware of these threats. >>I'm glad you brought up that education piece and the training, and that's something that 49 is very dedicated to doing, but also brings up the cybersecurity skills gap. I know when I talked with Kenzie, uh, just a couple months ago at the, um, PGA tournament, it was talking about, you know, big investments in what 40 guard, 40, 40 net is doing to help reduce that gap. But the gap is still there. How do I teach teams not get overloaded with the expanding service? It seems like the surface, the surface has just, there is no limit anymore. So how does, how does it teams that are lean and small help themselves in the fact that the threat is landscape is, is expanding. The criminals are getting smarter or using AI intelligent automation, what our it teams do >>Like fire with fire. You got to use two of the same tools that they're using on their side, and you need to be able to use in your toolkit. We're talking about a security operation center perspective to have tools like, again, this comes to the threat intelligence to get visibility on these things. We're talking Simmons, sor uh, we have, you know, 40 AI out now, uh, deception products, all these sorts of things. These are all tools that need that, that, uh, can help, um, those people. So you don't have to have a, you know, uh, hire 40 or 50 people in your sock, right? It's more about how you can work together with the tools and technology to get, have escalation paths to do more people, process procedure, as we talk about to be able to educate and train on those, to be able to have incident response planning. >>So what do you do like, because inevitably you're going to be targeted, probably interacts where attack, what do you do? Um, playing out those scenarios, doing breach and attack simulation, all of those things that comes down to the skills gaps. So it's a lot about that education and awareness, not having to do that. The stuff that can be handled by automation and AI and, and training is you're absolutely right. We've dedicated a lot with our NSC program at 49. We also have our 40 net security academy. Uh, you know, we're integrating with those secondary so we can have the skillsets ready, uh, for, for new graduates. As an example, there's a lot of progress being made towards that. We've even created a new powered by 40 guard labs. There is a 40 guard labs play in our NSC seven as an example, it's, uh, you know, for, um, uh, threat hunting and offensive security as an example, understanding really how attackers are launching their, their campaigns and, um, all those things come together. But that's the good news actually, is that we've come a long way. We actually did our first machine learning and AI models over 10 years ago, Lisa, this isn't something new to us. So the technology has gone a long way. It's just a matter of how we can collaborate and obviously integrate with that for the, on the skills gap. >>And one more question on the actual threat landscape, were there any industries that came up in particular, as we talked about e-sports we talked about OT and any industries that came up in particular as, as really big hotspots that companies and organizations really need to be aware of. >>Yeah. So also, uh, this is part of OT about ICS critical infrastructure. That's a big one. Uh, absolutely there we're seeing, uh, also cyber-criminals offering more crime services now on dark web. So CAS, which is crime as a service, because it used to be a, again, a very specialized area that maybe only a handful of organized criminal organizations could actually, um, you know, launch attacks and, and impact to those targets where they're going after those targets. Now they're offering services right on to other coming cyber criminals, to be able to try to monetize that as well. Again, we're seeing this, we actually call it advanced persistent cybercrime APC instead of an apt, because they're trying to take cyber crime to these targets like ICS, critical infrastructure, um, healthcare as well is another one, again, usually in the realm of APMT, but now being targeted more by cybercriminals in ransomware, >>I've heard of ransomware as a service, is that a subcategory of crime as a service? >>Absolutely. Yeah. It is phishing as a service ransomware as, and service DDoSs as a service, but not as, as many of these subcategories, but a ransomware as a service. That's a, another big problem as well, because this is an affiliate model, right. Where they hire partners and pay them commission, uh, if they actually get payments of ransom, right? So they have literally a middle layer in this network that they're pushing out to scale their attacks, >>You know, and I think that's the last time we talked about ransomware, we talked about it's a matter of, and I talk to customers all the time who say, yes, it's a matter of when, not, if, is, is this the same sentiment? And you think for crime as a service in general, the attacks on e-sports on home networks, on, uh, internet satellites in space, is this just a matter of when, not if across the board? >>Well, yeah, absolutely. Um, you know, but the good news is it doesn't have to be a, you know, when it happens, it doesn't have to be a catastrophic situation. Again, that's the whole point about preparedness and planning and all the things I talked about, the filling the skills gap in education and having the proper, proper tools in place that will mitigate that risk. Right. And that's, and that's perfectly acceptable. And that's the way we should handle this from the industry, because we process we've talked about this, people are over a hundred billion threats a day in 40 guard labs. The volume is just going to continue to grow. It's very noisy out there. And there's a lot of automated threats, a lot of attempts knocking on organizations, doors, and networks, and, you know, um, phishing emails being sent out and all that. So it's something that we just need to be prepared for just like you do for a natural disaster planning and all these sorts of other things in the physical world. >>That's a good point. It doesn't have to be aggressive and destructive, but last question for you, how can, how is 4d guard helping companies in every industry get aggressive and disruptive against the threats? >>Yeah. Great, great, great question. So this is something I'm very passionate about, uh, as you know, uh, where, you know, we, we don't stop just with customer protection. Of course, that is as a security vendor, that's our, our primary and foremost objective is to protect and mitigate risk to the customers. That's how we're doing. You know, this is why we have 24 7, 365 operations at 40 guy labs. Then we're helping to find the latest and greatest on threat intelligence and hunting, but we don't stop there. We're actually working in the industry. Um, so I mentioned this before the cyber threat Alliance to, to collaborate and share intelligence on threats all the way down to disrupt cybercrime. This is what big target of ours is, how we can work together to disrupt cyber crime. Because unfortunately they've made a lot of money, a lot of profits, and we need to reduce that. We need to send a message back and fight that aggressiveness and we're we're on it, right? So we're working with Interpol or project gateway with the world economic forum, the partnership against cyber crime. It's a lot of initiatives with other, uh, you know, uh, the, uh, the who's who of cyber security in the industry to work together and tackle this collaboratively. Um, the good news is there's been some steps of success to that. There's a lot more, we're doing the scale of the efforts. >>Excellent. Well, Derek as always great and very informative conversation with you. I always look forward to these seeing what's going on with the threat landscape, the challenges, the increasing challenges, but also the good news, the opportunities in it, and what 40 guard is doing 40 left 40 net, excuse me, I can't speak today to help customers address that. And we always appreciate your insights and your time we look forward to talking to you and unveiling the next predictions in 2022. >>All right. Sounds good. Thanks, Lisa. >>My pleasure for Derek manky. I'm Lisa Martin. You're watching this cube conversation with 40 net. Thanks for watching.
SUMMARY :
Welcome to this cube conversation with 40 net. First of all, one of the things that caught my attention was the title of the press And so security has to come, you know, from, uh, friends of mine there, right. the expand and very expanded attack surface, as you just mentioned, but some of the other targets, So that home environment like the edge, it is a, Let's talk about the digital wallet that we all walk around with. Well, it's simple as that bypassing all the, you know, authentication measures and so forth. And is that a growing threat concern that people need to be? and we are starting to see activity in. Talk to me about that. And this is why, you know, we're predicting that e-sports is going to be a, So when you and I spoke a few months ago, and probably crippling a couple of, to show that they mean business and saying, unless you pay us within a day or Aggressive and destructive, or two things you don't want in a cybersecurity environment or to be called by your employer. And that, and you know, this is starting to be married with ransomware, but in the future, I think they're going to be going after the formal firmware themselves, essentially turning some of these devices into paperweights the supply chain and Linux, particularly talk to us about that. And so this is what we, you know, we've already seen it with them or I bought net and this was in our threat landscape report, automation and all of these, there's a lot going on as you know, right from the threats a lot to get visibility you know, big investments in what 40 guard, 40, 40 net is doing to help We're talking Simmons, sor uh, we have, you know, 40 AI out now, uh, as an example, it's, uh, you know, for, um, uh, threat hunting and offensive security as an example, as really big hotspots that companies and organizations really need to be aware organizations could actually, um, you know, launch attacks and, and impact to those targets where they're going So they have literally a middle layer in this network that they're pushing out to scale a lot of attempts knocking on organizations, doors, and networks, and, you know, It doesn't have to be aggressive and destructive, but last question for you, how can, uh, you know, uh, the, uh, the who's who of cyber security in the industry to work together and tackle I always look forward to these seeing All right. You're watching this cube conversation with 40 net.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Lisa Martin | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
Derek Minky | PERSON | 0.99+ |
40 | QUANTITY | 0.99+ |
Derek Manky | PERSON | 0.99+ |
two | QUANTITY | 0.99+ |
2013 | DATE | 0.99+ |
2022 | DATE | 0.99+ |
Microsoft | ORGANIZATION | 0.99+ |
Olympics | EVENT | 0.99+ |
Lisa | PERSON | 0.99+ |
windows 10 | TITLE | 0.99+ |
54 character | QUANTITY | 0.99+ |
4,000 | QUANTITY | 0.99+ |
windows 11 | TITLE | 0.99+ |
50 people | QUANTITY | 0.99+ |
South Korea | LOCATION | 0.99+ |
40 guard labs | QUANTITY | 0.99+ |
two times | QUANTITY | 0.99+ |
Interpol | ORGANIZATION | 0.99+ |
Starlink | ORGANIZATION | 0.99+ |
One | QUANTITY | 0.99+ |
Derek manky | PERSON | 0.99+ |
40 minutes | QUANTITY | 0.99+ |
Kenzie | PERSON | 0.99+ |
today | DATE | 0.99+ |
Linux | TITLE | 0.99+ |
Simmons | PERSON | 0.99+ |
windows | TITLE | 0.98+ |
2021 | DATE | 0.98+ |
over 30,000 | QUANTITY | 0.98+ |
this year | DATE | 0.98+ |
ORGANIZATION | 0.98+ | |
20 | QUANTITY | 0.97+ |
Tokyo | LOCATION | 0.97+ |
First | QUANTITY | 0.97+ |
apple | ORGANIZATION | 0.97+ |
WSL | TITLE | 0.96+ |
over a hundred billion threats a day | QUANTITY | 0.96+ |
one | QUANTITY | 0.96+ |
40 net | QUANTITY | 0.96+ |
a day | QUANTITY | 0.96+ |
22 | QUANTITY | 0.95+ |
a year | QUANTITY | 0.95+ |
10 windows 11 | TITLE | 0.95+ |
five | DATE | 0.94+ |
Fortinet | ORGANIZATION | 0.94+ |
40 net | ORGANIZATION | 0.94+ |
first half | QUANTITY | 0.94+ |
billion dollar | QUANTITY | 0.93+ |
4d guard | ORGANIZATION | 0.92+ |
pandemic | EVENT | 0.92+ |
40 AI | QUANTITY | 0.91+ |
seven | QUANTITY | 0.9+ |
10 years ago | DATE | 0.9+ |
Venmo | ORGANIZATION | 0.89+ |
two things | QUANTITY | 0.89+ |
last summer | DATE | 0.89+ |
last month | DATE | 0.88+ |
40 guard labs | QUANTITY | 0.87+ |
few months ago | DATE | 0.87+ |
a half | QUANTITY | 0.87+ |
five other competitors | QUANTITY | 0.86+ |
one more question | QUANTITY | 0.86+ |
couple months ago | DATE | 0.86+ |
24 7, 365 operations | QUANTITY | 0.85+ |
nearly 11 X | QUANTITY | 0.8+ |
40 guy labs | QUANTITY | 0.8+ |
first machine | QUANTITY | 0.78+ |
Derek Manky, Fortinet | CUBEConversation
>> Welcome to this Cube Conversation, I'm Lisa Martin. I'm joined by Derek Manky next, the Chief Security Insights and Global Threat Alliances at Fortiguard Labs. Derek, welcome back to the program. >> Hey, it's great to be here again. A lot of stuff's happened since we last talked. >> So Derek, one of the things that was really surprising from this year's Global Threat Landscape Report is a 10, more than 10x increase in ransomware. What's going on? What have you guys seen? >> Yeah so this is massive. We're talking over a thousand percent over a 10x increase. This has been building Lisa, So this has been building since December of 2020. Up until then we saw relatively low high watermark with ransomware. It had taken a hiatus really because cyber criminals were going after COVID-19 lawyers and doing some other things at the time. But we did see a seven fold increase in December, 2020. That has absolutely continued this year into a momentum up until today, it continues to build, never subsided. Now it's built to this monster, you know, almost 11 times increase from, from what we saw back last December. And the reason, what's fueling this is a new verticals that cyber criminals are targeting. We've seen the usual suspects like telecommunication, government in position one and two. But new verticals that have risen up into this third and fourth position following are MSSP, and this is on the heels of the Kaseya attack of course, that happened in 2021, as well as operational technology. There's actually four segments, there's transportation, automotive, manufacturing, and then of course, energy and utility, all subsequent to each other. So there's a huge focus now on, OT and MSSP for cyber criminals. >> One of the things that we saw last year this time, was that attackers had shifted their focus away from enterprise infrastructure devices, to home networks and consumer grade products. And now it looks like they're focusing on both. Are you seeing that? >> Yes, absolutely. In two ways, so first of all, again, this is a kill chain that we talk about. They have to get a foothold into the infrastructure, and then they can load things like ransomware on there. They can little things like information stealers as an example. The way they do that is through botnets. And what we reported in this in the first half of 2021 is that Mirai, which is about a two to three-year old botnet now is number one by far, it was the most prevalent botnet we've seen. Of course, the thing about Mirai is that it's an IOT based botnet. So it sits on devices, sitting inside consumer networks as an example, or home networks, right. And that can be a big problem. So that's the targets that cyber criminals are using. The other thing that we saw that was interesting was that one in four organizations detected malvertising. And so what that means Lisa, is that cyber criminals are shifting their tactics from going just from cloud-based or centralized email phishing campaigns to web born threats, right. So they're infecting sites, waterhole attacks, where, you know, people will go to read their daily updates as an example of things that they do as part of their habits. They're getting sent links to these sites that when they go to it, it's actually installing those botnets onto those systems, so they can get a foothold. We've also seen scare tactics, right. So they're doing new social engineering lures, pretending to be human resource departments. IT staff and personnel, as an example, with popups through the web browser that look like these people to fill out different forms and ultimately get infected on home devices. >> Well, the home device use is proliferate. It continues because we are still in this work from home, work from anywhere environment. Is that, you think a big factor in this increase from 7x to nearly 11x? >> It is a factor, absolutely. Yeah, like I said, it's also, it's a hybrid of sorts. So a lot of that activity is going to the MSSP angle, like I said to the OT. And to those new verticals, which by the way, are actually even larger than traditional targets in the past, like finance and banking, is actually lower than that as an example. So yeah, we are seeing a shift to that. And like I said, that's, further backed up from what we're seeing on with the, the botnet activity specifically with Mirai too. >> Are you seeing anything in terms of the ferocity, we know that the volume is increasing, are they becoming more ferocious, these attacks? >> Yeah, there is a lot of aggression out there, certainly from, from cyber criminals. And I would say that the velocity is increasing, but the amount, if you look at the cyber criminal ecosystem, the stakeholders, right, that is increasing, it's not just one or two campaigns that we're seeing. Again, we're seeing, this has been a record cases year, almost every week we've seen one or two significant, cyber security events that are happening. That is a dramatic shift compared to last year or even, two years ago too. And this is because, because the cyber criminals are getting deeper pockets now. They're becoming more well-funded and they have business partners, affiliates that they're hiring, each one of those has their own methodology, and they're getting paid big. We're talking up to 70 to 80% commission, just if they actually successfully, infect someone that pays for the ransom as an example. And so that's really, what's driving this too. It's a combination of this kind of perfect storm as we call it, right. You have this growing attack surface, work from home environments and footholds into those networks, but you have a whole bunch of other people now on the bad side that are orchestrating this and executing the attacks too. >> So what can organizations do to start- to slow down or limit the impacts of this growing ransomware as a service? >> Yeah, great question. Everybody has their role in this, I say, right? So if we look at, from a strategic point of view, we have to disrupt cyber crime, how do we do that? It starts with the kill chain. It starts with trying to build resilient networks. So things like ZTA and a zero trust network access, SD-WAN as an example for protecting that WAN infrastructure. 'Cause that's where the threats are floating to, right. That's how they get the initial footholds. So anything we can do on the preventative side, making networks more resilient, also education and training is really key. Things like multi-factor authentication are all key to this because if you build that preventatively and it's a relatively small investment upfront Lisa, compared to the collateral damage that can happen with these ransomware paths, the risk is very high. That goes a long way, it also forces the attackers to- it slows down their velocity, it forces them to go back to the drawing board and come up with a new strategy. So that is a very important piece, but there's also things that we're doing in the industry. There's some good news here, too, that we can talk about because there's things that we can actually do apart from that to really fight cyber crime, to try to take the cyber criminals offline too. >> All right, hit me with the good news Derek. >> Yeah, so a couple of things, right. If we look at the botnet activity, there's a couple of interesting things in there. Yes, we are seeing Mirai rise to the top right now, but we've seen big problems of the past that have gone away or come back, not as prolific as before. So two specific examples, EMOTET, that was one of the most prolific botnets that was out there for the past two to three years, there is a take-down that happened in January of this year. It's still on our radar but immediately after that takedown, it literally dropped to half of the activity it had before. And it's been consistently staying at that low watermark now at that half percentage since then, six months later. So that's very good news showing that the actual coordinated efforts that were getting involved with law enforcement, with our partners and so forth, to take down these are actually hitting their supply chain where it hurts, right. So that's good news part one. Trickbot was another example, this is also a notorious botnet, takedown attempt in Q4 of 2020. It went offline for about six months in our landscape report, we actually show that it came back online in about June this year. But again, it came back weaker and now the form is not nearly as prolific as before. So we are hitting them where it hurts, that's that's the really good news. And we're able to do that through new, what I call high resolution intelligence that we're looking at too. >> Talk to me about that high resolution intelligence, what do you mean by that? >> Yeah, so this is cutting edge stuff really, gets me excited, keeps me up at night in a good way. 'Cause we we're looking at this under the microscope, right. It's not just talking about the what, we know there's problems out there, we know there's ransomware, we know there's a botnets, all these things, and that's good to know, and we have to know that, but we're able to actually zoom in on this now and look at- So we, for the first time in the threat landscape report, we've published TTPs, the techniques, tactics, procedures. So it's not just talking about the what, it's talking about the how, how are they doing this? What's their preferred method of getting into systems? How are they trying to move from system to system? And exactly how are they doing that? What's the technique? And so we've highlighted that, it's using the MITRE attack framework TTP, but this is real time data. And it's very interesting, so we're clearly seeing a very heavy focus from cyber criminals and attackers to get around security controls, to do defense innovation, to do privilege escalation on systems. So in other words, trying to be common administrator so they can take full control of the system. As an example, lateral movement, there's still a preferred over 75%, 77 I believe percent of activity we observed from malware was still trying to move from system to system, by infecting removable media like thumb drives. And so it's interesting, right. It's a brand new look on these, a fresh look, but it's this high resolution, is allowing us to get a clear image, so that when we come to providing strategic guides and solutions in defense, and also even working on these takedown efforts, allows us to be much more effective. >> So one of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. You said, I don't think that we've hit that ceiling yet, but are we at an inflection point? Data showing that we're at an inflection point here with being able to get ahead of this? >> Yeah, I would like to believe so, there is still a lot of work to be done unfortunately. If we look at, there's a recent report put out by the Department of Justice in the US saying that, the chance of a criminal to be committing a crime, to be caught in the US is somewhere between 55 to 60%, the same chance for a cyber criminal lies less than 1%, well 0.5%. And that's the bad news, the good news is we are making progress in sending messages back and seeing results. But I think there's a long road ahead. So, there's a lot of work to be done, We're heading in the right direction. But like I said, they say, it's not just about that. It's, everyone has their role in this, all the way down to organizations and end users. If they're doing their part of making their networks more resilient through this, through all of the, increasing their security stack and strategy. That is also really going to stop the- really ultimately the profiteering that wave, 'cause that continues to build too. So it's a multi-stakeholder effort and I believe we are getting there, but I continue to still, I continue to expect the ransomware wave to build in the meantime. >> On the end-user front, that's always one of the vectors that we talk about, it's people, right? There's so much sophistication in these attacks that even security folks and experts are nearly fooled by them. What are some of the things that you're saying that governments are taking action on some recent announcements from the White House, but other organizations like Interpol, the World Economic Forum, Cyber Crime Unit, what are some of the things that governments are doing that you're seeing that as really advantageous here for the good guys? >> Yeah, so absolutely. This is all about collaboration. Governments are really focused on public, private sector collaboration. So we've seen this across the board with Fortiguard Labs, we're on the forefront with this, and it's really exciting to see that, it's great. There's always been a lot of will to work together, but we're starting to see action now, right? Interpol is a great example, they recently this year, held a high level forum on ransomware. I actually spoke and was part of that forum as well too. And the takeaways from that event were that we, this was a message to the world, that public, private sector we need. They actually called ransomware a pandemic, which is what I've referred to it as before in itself as well too. Because it is becoming that much of a problem and that we need to work together to be able to create action, action against this, measure success, become more strategic. The World Economic Forum were leading a project called the Partnership Against Cyber Crime Threat Map Project. And this is to identify, not just all this stuff we talked about in the threat landscape report, but also looking at, things like, how many different ransomware gangs are there out there. What do the money laundering networks look like? It's that side of the supply chain to map out, so that we can work together to actually take down those efforts. But it really is about this collaborative action that's happening and it's innovation and there's R&D behind this as well, that's coming to the table to be able to make it impactful. >> So it sounds to me like ransomware is no longer a- for any organization in any industry you were talking about the expansion of verticals. It's no longer a, "If this happens to us," but a matter of when and how do we actually prepare to remediate, prevent any damage? >> Yeah, absolutely, how do we prepare? The other thing is that there's a lot of, with just the nature of cyber, there's a lot of connectivity, there's a lot of different, it's not just always siloed attacks, right. We saw that with Colonial obviously, this year where you have attacks on IT, that can affect consumers, right down to consumers, right. And so for that very reason, everybody's infected in this. it truly is a pandemic I believe on its own. But the good news is, there's a lot of smart people on the good side and that's what gets me excited. Like I said, we're working with a lot of these initiatives. And like I said, some of those examples I called up before, we're actually starting to see measurable progress against this as well. >> That's good, well never a dull day I'm sure in your world. Any thing that you think when we talk about this again, in a few more months of the second half of 2021, anything you predict crystal ball wise that we're going to see? >> Yeah, I think that we're going to continue to see more of the, I mean, ransomware, absolutely, more of the targeted attacks. That's been a shift this year that we've seen, right. So instead of just trying to infect everybody for ransom, as an example, going after some of these new, high profile targets, I think we're going to continue to see that happening from the ransomware side and because of that, the average costs of these data breaches, I think they're going to continue to increase, it already did in 2021 as an example, if we look at the cost of a data breach report, it's gone up to about $5 million US on average, I think that's going to continue to increase as well too. And then the other thing too is, I think that we're going to start to see more, more action on the good side like we talked about. There was already a record amount of takedowns that have happened, five takedowns that happened in January. There were arrests made to these business partners, that was also new. So I'm expecting to see a lot more of that coming out towards the end of the year too. >> So as the challenges persist, so do the good things that are coming out of this. Where can folks go to get this first half 2021 Global Threat Landscape? What's the URL that they can go to? >> Yeah, you can check it out, all of our updates and blogs including the threat landscape reports on blog.fortinet.com under our threat research category. >> Excellent, I read that blog, it's fantastic. Derek, always a pleasure to talk to you. Thanks for breaking this down for us, showing what's going on. Both the challenging things, as well as the good news. I look forward to our next conversation. >> Absolutely, it was great chatting with you again, Lisa. Thanks. >> Likewise for Derek Manky, I'm Lisa Martin. You're watching this Cube Conversation. (exciting music)
SUMMARY :
Welcome to this Cube Hey, it's great to be here again. So Derek, one of the things Now it's built to this monster, you know, One of the things that So that's the targets that Well, the home device So a lot of that activity but the amount, if you look at that we can talk about because with the good news Derek. of the activity it had before. So it's not just talking about the what, So one of the things that 'cause that continues to build too. What are some of the things And this is to identify, So it sounds to me like And so for that very reason, that we're going to see? more of the targeted attacks. so do the good things that including the threat landscape I look forward to our next conversation. chatting with you again, Lisa. Likewise for Derek
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Derek | PERSON | 0.99+ |
Lisa Martin | PERSON | 0.99+ |
January | DATE | 0.99+ |
Interpol | ORGANIZATION | 0.99+ |
Fortiguard Labs | ORGANIZATION | 0.99+ |
Derek Manky | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
2021 | DATE | 0.99+ |
December, 2020 | DATE | 0.99+ |
one | QUANTITY | 0.99+ |
last year | DATE | 0.99+ |
10 | QUANTITY | 0.99+ |
December of 2020 | DATE | 0.99+ |
White House | ORGANIZATION | 0.99+ |
Lisa | PERSON | 0.99+ |
0.5% | QUANTITY | 0.99+ |
blog.fortinet.com | OTHER | 0.99+ |
Department of Justice | ORGANIZATION | 0.99+ |
77 | QUANTITY | 0.99+ |
US | LOCATION | 0.99+ |
World Economic Forum | ORGANIZATION | 0.99+ |
third | QUANTITY | 0.99+ |
two | QUANTITY | 0.99+ |
7x | QUANTITY | 0.99+ |
this year | DATE | 0.99+ |
five takedowns | QUANTITY | 0.99+ |
Both | QUANTITY | 0.99+ |
both | QUANTITY | 0.99+ |
less than 1% | QUANTITY | 0.99+ |
first time | QUANTITY | 0.99+ |
today | DATE | 0.99+ |
two ways | QUANTITY | 0.98+ |
two years ago | DATE | 0.98+ |
six months later | DATE | 0.98+ |
about $5 million | QUANTITY | 0.98+ |
two specific examples | QUANTITY | 0.98+ |
Global Threat Alliances | ORGANIZATION | 0.98+ |
last December | DATE | 0.98+ |
COVID-19 | OTHER | 0.98+ |
Cyber Crime Unit | ORGANIZATION | 0.98+ |
Global Threat Landscape Report | TITLE | 0.98+ |
60% | QUANTITY | 0.97+ |
over 75% | QUANTITY | 0.97+ |
fourth position | QUANTITY | 0.97+ |
four segments | QUANTITY | 0.97+ |
January of this year | DATE | 0.97+ |
One | QUANTITY | 0.97+ |
two campaigns | QUANTITY | 0.96+ |
four organizations | QUANTITY | 0.96+ |
second half of 2021 | DATE | 0.95+ |
this year | DATE | 0.95+ |
55 | QUANTITY | 0.95+ |
over a thousand percent | QUANTITY | 0.94+ |
EMOTET | ORGANIZATION | 0.94+ |
each one | QUANTITY | 0.93+ |
Colonial | ORGANIZATION | 0.93+ |
three-year old | QUANTITY | 0.92+ |
first | QUANTITY | 0.91+ |
half percentage | QUANTITY | 0.91+ |
about six months | QUANTITY | 0.9+ |
June this year | DATE | 0.89+ |
three years | QUANTITY | 0.88+ |
almost 11 times | QUANTITY | 0.87+ |
up to 70 | QUANTITY | 0.85+ |
more than 10x increase | QUANTITY | 0.83+ |
first half of 2021 | DATE | 0.83+ |
seven fold increase | QUANTITY | 0.82+ |
pandemic | EVENT | 0.82+ |
Global Threat Landscape | TITLE | 0.81+ |
position one | QUANTITY | 0.8+ |
Mirai | ORGANIZATION | 0.79+ |
Fortinet | ORGANIZATION | 0.79+ |
80% commission | QUANTITY | 0.78+ |
Derek Manky, Fortinet | CUBEConversation
>>Welcome to this cube conversation. I'm Lisa Martin. I'm joined by Derek manky next, the chief security insights and global threat alliances at 40 guard labs. Derek. Welcome back. >>Yeah, it's great to be here again. So then, uh, uh, a lot of stuff's happened since we last talked. >>One of the things that was really surprising from this year's global threat landscape report is a 10 more than 10 X increase in ransomware. What's going on? What have you guys seen? >>Yeah, so, uh, th th this is, is massive. We're talking about a thousand percent over a 10, a 10 X increase. This has been building police. So this, this has been building since, uh, December of 2020 up until then we saw relatively low, uh, high watermark with ransomware. Um, it had taken a hiatus really because cyber criminals were going after COVID-19 lawyers and doing some other things at the time, but we did see us a seven fold increase in December, 2020. That is absolutely continued. Uh, continued this year into a momentum up until today. It continues to build never subsided. Now it's built to this monster, you know, almost 11 times increase from, from what we saw back last December and what the, uh, the reason what's fueling. This is a new verticals that cyber criminals are targeting. We've seen the usual suspects like telecommunication government and, uh, position one and two, but new verticals that have risen up into this, uh, third and fourth position following our MSSP. And this is on the heels of the Casia attack. Of course, that happened in 2021, as well as operational technology. There's actually four segments, there's transportation, uh, automotive manufacturing, and then of course, energy and utility all subsequent to each other. So there's a huge focus now on, on OTA and MSSP for cybercriminals. >>One of the things that we saw last year, this time was that attackers had shifted their focus away from enterprise infrastructure devices, to home networks and consumer grade products. And now it looks like they're focusing on both. Are you seeing that? >>Yes, absolutely. I in two ways. So first of all, again, this is a kill chain that we talk about. They have to get a foothold into the infrastructure, and then they can load things like ransomware on there. They can little things like information Steelers as an example, the way they do that is through botnets. And, uh, what we reported in this, um, in the first half of 2021 is that Mariah, which is about a two to three-year old button that now is, is number one by far, it was the most prevalent bond that we've seen. Of course, the thing about Mariah is that it's an IOT based bot net. So it sits on devices, uh, sitting inside a consumer networks as an example, or home networks, right? And that, that can be a big problem. So that's the targets that cyber criminals are using. The other thing that we saw that was interesting was that one in four organizations detected malvertising. >>And so what that means at least, is that cyber criminals are shifting their tactics from going just from cloud-based or centralized email phishing campaigns to a web born threats, right? So they're infecting sites, waterhole attacks, where people would go to read their, their, their daily updates as an example of things that they do as part of their habits. Um, they're getting sent links to these sites that when they go to it, it's actually installing those botnets onto those systems. So they can get a foothold. We've also seen scare tactics, right? So they're doing new social engineering Lewis pretending to be human resource departments, uh, you know, uh, uh, it staff and personnel, as an example, with pop-ups through the web browser that looked like these people to fill out different forms and ultimately get infected on, on a home devices. >>Well, the home device we use is proliferate. It continues because we are still in this work from home work, from anywhere environment. Is that when you think a big factor in this increased from seven X to nearly 11 X, >>It is a factor. Absolutely. Yeah. Like I said, it's, it's also, it's a hybrid of sorts. So, so a lot of that activity is going to the MSSP, uh, angle, like I said, uh, to, to the OT. And so to those verticals, which by the way, are actually even larger than traditional targets in the past, like, uh, finance and banking is actually lower than that as an example. So yeah, we are seeing a shift to that. And like I said, that's, that's further, uh, backed up from what we're seeing on with the, the, the, the botnet activity specifically with Veronica too. Are >>You seeing anything in terms of the ferocity? We know that the volume is increasing. Are they becoming more ferocious? These attacks? >>Yeah. Yeah. There, there is. There's a lot of aggression out there, certainly from, from criminals. And I would say that the velocity is increasing, but the amount of, if you look at the cyber criminal ecosystem, the, the stakeholders, right. Um, that is increasing, it's not just one or two campaigns that we're seeing. Again, we're seeing, this has been a record cases here almost every week. We've seen one or two significant, you know, cyber security events that are happening. That is a dramatic shift compared to, to, to last year or even, you know, two years ago too. And this is because, um, because the cyber criminals are getting deeper pockets now, they're, they're becoming more well-funded and they have business partners, affiliates that they're hiring each one of those has their own methodology, and they're getting paid big. We're talking up to 70 to 80% commission, just if they actually successfully, you know, in fact, someone that pays for the ransom as an example. And so that's really, what's driving this too. It's, it's, it's a combination of this kind of perfect storm as we call it. Right. You have this growing attack surface and work from home, uh, environments, um, and footholds into those networks. But you have a whole bunch of other people now on the bad side that are orchestrating this and executing the attacks too. >>What can organizations do to start to slow down or limit the impacts of this growing ransomware as a service? >>Yeah, great question. Um, everybody has their role in this, I say, right? So, uh, if we look at, from a strategic point of view, we have to disrupt cyber crime. How do we do that? Um, it starts with the kill chain. It starts with trying to build resilient networks. So things like a ZTE and a zero trust network access, a SD LAN as an example, as an example for producting that land infrastructure on, because that's where the threats are floating to, right? That's how they get the initial footholds. So anything we can do on the, on the, you know, preventative, preventative side, making, uh, networks more resilient, um, also education and training is really key. Things like multi-factor authentication are all key to this because if you build that, uh, uh, preventatively and that's a relatively small investment upfront, Lisa compared to the collateral damage that can happen with these ransomware, it passes, the risk is very high. Um, that goes a long way. It also forces the attackers to it slows down their velocity. It forces them to go back to the drawing board and come up with a new strategy. So that is a very important piece, but there's also things that we're doing in the industry. There's some good news here too, uh, that we can talk about because there's, there's things that we can actually do. Um, apart from that to, to really fight cyber crime, to try to take the cyber criminal cell phone. >>All right. Hit me with the good news Derek. >>Yeah. So, so a couple of things, right. If we look at the bot net activity, there's a couple of interesting things in there. Yes, we are seeing Mariah rise to the top right now, but we've seen big problems of the past that have gone away or come back, not as prolific as before. So two specific examples, a motel that was one of the most prolific botnets that was out there for the past two to three years, there is a take-down that happened in January of this year. Uh, it's still on our radar, but immediately after that takedown, it literally dropped to half of the activity. It hadn't before. And it's been consistently staying at that low watermark now had that half percentage since, since that six months later. So that's very good news showing that the actual coordinated efforts that we're getting involved with law enforcement, with our partners and so forth to take down, these are actually hitting their supply chain where it hurts. >>Right. So that's good news part one trick. Bob was another example. This is also a notorious spot net take down attempt in Q4 of 2020. It went offline for about six months. Um, in our landscape report, we actually show that it came back online, uh, in about June this year. But again, it came down, it came back weaker and another form is not nearly as prolific as before. So we are hitting them where it hurts. That's, that's the really good news. And we're able to do that through new, um, what I call high resolution intelligence. >>Talk to me about that high resolution intelligence. What do you mean by that? >>Yeah, so this is cutting edge stuff really gets me excited and keeps, keeps me up at night in a good way. Uh, cause we're, we're looking at this under the microscope, right? It's not just talking about the why we know there's problems out there. We know there's, there's ransomware. We know there's the botnets, all these things, and that's good to know, and we have to know that, but we're able to actually zoom in on this now and look at it. So we, for the first time in the threat landscape report, we've published TTPs, the techniques, tactics procedures. So it's not just talking about the, what it's talking about, the how, how are they doing this? What's their preferred method of getting into systems? How are they trying to move from system to system and exactly how are they doing that? What's the technique. And so we've highlighted that it's using the MITRE attack framework TTP, but this is real-time data. >>And it's very interesting. So we're clearly seeing a very heavy focus from cyber criminals and attackers to get around security controls, to do defensive, Asian, to do privilege escalation on systems. So in other words, trying to be common administrator so they can take full control of the system. Uh, as an example, a lateral movement on there's still a preferred over 75%, 77, I believe percent of activity we observed from malware was still trying to move from system to system by infecting removable media like thumb drives. And so it's interesting, right? It's a brand new look on the, these a fresh look, but it's this high resolution is allowing us to get a clear image so that when we come to providing strategic guidance and solutions of defense, and also even working on these, take down that Fritz, it allows us to be much more effective. So >>One of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. You said, I don't think that we've hit that, that ceiling yet, but are we at an inflection points, the data showing that we're at an inflection point here with being able to get ahead of this? >>Yeah, I, I, I would like to believe so. Um, it, there is still a lot of work to be done. Unfortunately, if we look at, you know, there is a, a recent report put out by the department of justice in the S saying that, you know, the chance of, uh, criminal, uh, to be committing a crime, but to be caught in the U S is somewhere between 55 to 60%, the same chance for a cyber criminal lies less than 1% above 0.5%. And that's the bad news. The good news is we are making progress and sending messages back and seeing results. But I think there's a long road ahead. So, um, you know, there there's a lot of work to be done. We're heading in the right direction. But like I said, they say, it's not just about that. It's everyone has, has their role in this all the way down to organizations and end users. If they're doing their part and making their networks more resilient through this, through all the, you know, increasing their security stack and strategy, um, that is also really going to stop the, you know, really ultimately the profiteering, uh, that, that wave, you know, cause that continues to build too. So it's, it's a multi-stakeholder effort and I believe we are, we are getting there, but I continue to still, uh, you know, I continue to expect the ransomware wave to build. In the meantime, >>On the end user front, that's always one of the vectors that we talk about it's people, right? It's there's so there's so much sophistication in these attacks that even security folks and experts are nearly fooled by them. What are some of the things that you're saying that governments are taking action on some recent announcements from the white house, but other organizations like Interpol, the world, economic forum, cyber crime unit, what are some of the things that governments are doing that you're seeing that as really advantageous here for the good guys? >>Yeah, so absolutely. This is all about collaboration. Governments are really focused on public private sector collaboration. Um, so we've seen this across the board, uh, with 40 guard labs, we're on the forefront with this, and it's really exciting to see that it's great. Uh, there, there, there's always been a lot of will work together, but we're starting to see action now. Right. Um, Interpol is a great example. They recently this year held a high level forum on ransomware. I was actually spoken was part of that forum as well too. And the takeaways from that event were that we, this was a message to the world, that public private sector we need. They actually called ransomware a pandemic, which is what I've referred to it as before in itself as well too, because it is becoming that much of a problem and that we need to work together to be able to create action, action action against this measure, success become more strategic. >>The world economic forum, uh, were, were, uh, leading a project called the partnership against cyber crime threat map project. And this is to identify not just all this stuff we talked about in the threat landscape report, but also looking at, um, you know, things like how many different ransomware gangs are there out there. Uh, what are their money laundering networks look like? It's that side of the side of the supply chains of apple so that we can work together to actually take down those efforts. But it really is about this collaborative action that's happening and it's, um, innovation and there's R and D behind this as well. That's coming to the table to be able to make, you know, make it impactful. >>So it sounds to me like ransomware is no longer a for any organization in any, any industry you were talking about the expansion of verticals, it's no longer a, if this happens to us, but a matter of when and how do we actually prepare to remediate prevent any damage? Yeah, >>Absolutely. How do we prepare? The other thing is that there's a lot of, um, you know, with just the nature of, of, of cyber, there's a lot of, uh, connectivity. There's a lot of different, uh, it's not just always siloed attacks. Right? We saw that with colonial obviously this year where you have the talks on, on it that can affect consumers right now to consumers. Right. And so for that very reason, um, everybody's infected in this, uh, it, it truly is a pandemic, I believe on its own. Uh, but the good news is there's a lot of smart people, uh, on the good side and, you know, that's what gets me excited. Like I said, we're working with a lot of these initiatives and like I said, some of those examples I called up before, we're actually starting to see measurable progress against this as well. >>That's good. Well, never adult day, I'm sure. In your world, any thing that you think when we talk about this again, in a few more months of the second half of 2021, anything that, that you predict crystal ball wise that we're going to see? >>Yeah. I think that we're going to continue to see more of the, I mean, ransomware, absolutely. More of the targeted attacks. That's been a shift this year that we've seen. Right. So instead of just trying to infect everybody for ransom, but as an example of going after some of these new, um, you know, high profile targets, I think we're going to continue to see that happening from there. Add some more side on, on, and because of that, the average costs of these data breaches, I think they're going to continue to increase. Um, they had already did, uh, in, uh, 20, uh, 2021, as an example, if we look at the cost of the data breach report, it's gone up to about $5 million us on average, I think that's going to continue to increase as well too. And then the other thing too, is I think that we're going to start to see more, um, more, more action on the good side. Like we talked about, there was already a record amount of take downs that have happened five take downs that happened in January. Um, there were, uh, arrests made to these business partners that was also new. So I'm expecting to see a lot more of that coming out, uh, uh, towards the end of the year, too. >>So as the challenges persist, so do the good things that are coming out of this. They're working folks go to get this first half 2021 global threat landscape. What's the URL that they can go to. >>Yeah, you can check it all, all of our updates and blogs, including the threat landscape reports on blog about 40 nine.com under our threat research category. >>Excellent. I read that blog. It's fantastic. Derek, always a pleasure to talk to you. Thanks for breaking this down for us showing what's going on. Both the challenging things, as well as the good news. I look forward to our next conversation. >>Absolutely. It's great. Chatting with you again, Lisa. Thanks. >>Likewise for Derek manky. I'm Lisa Martin. You're watching this cube conversation.
SUMMARY :
the chief security insights and global threat alliances at 40 guard labs. So then, uh, uh, a lot of stuff's happened since we last talked. One of the things that was really surprising from this year's global threat landscape report is a 10 uh, December of 2020 up until then we saw relatively low, One of the things that we saw last year, this time was that attackers had shifted their focus away from enterprise So first of all, again, this is a kill chain that we talk about. So they're doing new social engineering Lewis pretending to be human resource departments, uh, Well, the home device we use is proliferate. So, so a lot of that activity is going to the MSSP, uh, angle, like I said, We know that the volume is increasing. It's, it's, it's a combination of this kind of perfect storm as we call it. It also forces the attackers to it slows Hit me with the good news Derek. Uh, it's still on our radar, but immediately after that takedown, it literally dropped to half of the activity. So we are hitting them where it hurts. What do you mean by that? It's not just talking about the why we know there's It's a brand new look on the, these a fresh look, but it's this high One of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. of justice in the S saying that, you know, the chance of, uh, criminal, uh, to be committing On the end user front, that's always one of the vectors that we talk about it's people, right? because it is becoming that much of a problem and that we need to work together to be able to create action, And this is to identify not just all this stuff we talked about in the threat landscape uh, on the good side and, you know, that's what gets me excited. anything that, that you predict crystal ball wise that we're going to see? So I'm expecting to see a lot more of that coming out, uh, uh, So as the challenges persist, so do the good things that are coming out of this. Yeah, you can check it all, all of our updates and blogs, including the threat landscape reports on blog about 40 nine.com under Both the challenging things, as well as the good news. Chatting with you again, Lisa. I'm Lisa Martin.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Lisa Martin | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
December, 2020 | DATE | 0.99+ |
January | DATE | 0.99+ |
December of 2020 | DATE | 0.99+ |
Interpol | ORGANIZATION | 0.99+ |
2021 | DATE | 0.99+ |
Lisa | PERSON | 0.99+ |
one | QUANTITY | 0.99+ |
77 | QUANTITY | 0.99+ |
Derek Manky | PERSON | 0.99+ |
apple | ORGANIZATION | 0.99+ |
last year | DATE | 0.99+ |
third | QUANTITY | 0.99+ |
two specific examples | QUANTITY | 0.99+ |
two | QUANTITY | 0.99+ |
Derek manky | PERSON | 0.99+ |
about $5 million | QUANTITY | 0.99+ |
less than 1% | QUANTITY | 0.99+ |
40 guard labs | QUANTITY | 0.99+ |
today | DATE | 0.99+ |
both | QUANTITY | 0.99+ |
Bob | PERSON | 0.98+ |
COVID-19 | OTHER | 0.98+ |
two years ago | DATE | 0.98+ |
fourth position | QUANTITY | 0.98+ |
six months later | DATE | 0.98+ |
seven fold | QUANTITY | 0.98+ |
Both | QUANTITY | 0.98+ |
this year | DATE | 0.98+ |
Veronica | PERSON | 0.98+ |
last December | DATE | 0.98+ |
first time | QUANTITY | 0.98+ |
two ways | QUANTITY | 0.98+ |
four organizations | QUANTITY | 0.97+ |
10 X | QUANTITY | 0.97+ |
U S | LOCATION | 0.97+ |
January of this year | DATE | 0.97+ |
Casia | ORGANIZATION | 0.97+ |
over 75% | QUANTITY | 0.97+ |
Mariah | PERSON | 0.97+ |
One | QUANTITY | 0.96+ |
60% | QUANTITY | 0.96+ |
two campaigns | QUANTITY | 0.96+ |
10 more than 10 X | QUANTITY | 0.95+ |
seven X | QUANTITY | 0.95+ |
June this year | DATE | 0.95+ |
Mariah | TITLE | 0.94+ |
Lewis | PERSON | 0.94+ |
55 | QUANTITY | 0.93+ |
half percentage | QUANTITY | 0.93+ |
three-year old | QUANTITY | 0.93+ |
second half of 2021 | DATE | 0.93+ |
2020 | DATE | 0.93+ |
pandemic | EVENT | 0.92+ |
each one | QUANTITY | 0.91+ |
first | QUANTITY | 0.9+ |
zero | QUANTITY | 0.9+ |
Q4 | DATE | 0.9+ |
Fortinet | PERSON | 0.88+ |
Steelers | ORGANIZATION | 0.88+ |
20 | DATE | 0.86+ |
five take downs | QUANTITY | 0.86+ |
up to 70 | QUANTITY | 0.86+ |
almost 11 times | QUANTITY | 0.85+ |
end | DATE | 0.84+ |
about six months | QUANTITY | 0.83+ |
first half of | DATE | 0.83+ |
four segments | QUANTITY | 0.83+ |
first half 2021 | DATE | 0.83+ |
80% commission | QUANTITY | 0.83+ |
ZTE | ORGANIZATION | 0.81+ |
about a thousand percent | QUANTITY | 0.76+ |
Asian | OTHER | 0.76+ |
11 X | QUANTITY | 0.73+ |
three years | QUANTITY | 0.72+ |
Derek Manky, FortiGuard Labs | CUBE Conversation 2021
(upbeat music) >> Welcome to this CUBE conversation. I am Lisa Martin, excited to welcome back one of our distinguished alumni, Derek Manky joins me next. Chief security Insights and Global Threat Alliances at Fortinet's FortiGuard Labs. Derek, welcome back to the program. >> Yes, it's great to be here and great to see you again, Lisa. Thanks for having me. >> Likewise, yeah, so a lot has happened. I know we've seen you during this virtual world, but so much has happened with ransomware in the last year. It's unbelievable, we had this dramatic shift to a distributed workforce, you had personal devices on in network perimeters and non-trusted devices or trusted devices on home networks and lots of change there. Talk to me about some of the things that you and FortiGuard Labs have seen with respect to the evolution of ransomware. >> Yeah, sure, so it's becoming worse, no doubt. We highlighted this in our Threat Landscape Report. If we just take a step back looking at ransomware itself, it actually started in the late 1980s. And it didn't, that was very, they relied on snail mail. It was obviously there was no market for it at the time. It was just a proof of concept, a failed experiment if you will. But it really started getting hot a decade ago, 10 years ago but the technology back then wasn't the cryptography they're using, the technique wasn't as strong as easily reversed. And so they didn't really get to a lot of revenue or business from the cyber criminal perspective. That is absolutely not the case today. Now they have very smart cryptography they're experts when say they, the cyber criminals at their game. They know there's a lot of the attack surfaces growing. There's a lot of vulnerable people out there. There's a lot of vulnerable devices. And this is what we saw in our threat landscape group. What we saw at seven times increase in ransomware activity in the second half of 2020. And that momentum is continuing in 2021. It's being fueled by what you just talked about. By the work from anywhere, work from home environment a lot of vulnerable devices unpatched. And these are the vehicles that the ransomware is the payload of course, that's the way that they're monetizing this. But the reality is that the attack surface has expanded, there's more vulnerable people and cyber criminals are absolutely capitalizing on that. >> Right, we've even seen cyber criminals capitalizing on the pandemic fears with things that were around the World Health Organization or COVID-19 or going after healthcare. Did you see an uptick in healthcare threats and activities as well in the last year? >> Yeah, definitely, so I would start to say that first of all, the... Nobody is immune when it comes to ransomware. This is such again, a hot target or a technique that the cybercriminals are using. So when we look at the verticals, absolutely healthcare is in the top five that we've seen, but the key difference is there's two houses here, right? You have what we call the broad blanketed ransomware attacks. So these aren't going after any particular vertical. They're really just trying to spray as much as they can through phishing campaigns, not through... there's a lot of web traffic out there. We see a lot of things that are used to open playing on that COVID-19 theme we got, right? Emails from HR or taxes and scams. It's all related to ransomware because these are how they're trying to get the masses to open that up, pay some data sorry, pay some cryptocurrency to get access to their data back. Oftentimes they're being held for extortions. They may have photos or video or audio captures. So it's a lot of fear they're trying to steal these people but probably the more concern is just what you talked about, healthcare, operational technology. These are large business revenue streams. These are take cases of targeted ransoms which is much different because instead of a big volumetric attack, these are premeditated. They're going after with specific targets in mind specific social engineering rules. And they know that they're hitting the corporate assets or in the case of healthcare critical systems where it hurts they know that there's high stakes and so they're demanding high returns in terms of ransoms as well. >> With respect to the broad ransomware attacks versus targeted a couple of questions to kind of dissect that. Are the targeted attacks, are they in like behind the network firewall longer and faster, longer and getting more information? Are they demanding higher ransom versus the broader attacks? What's what are some of the distinctions there besides what you mentioned? >> Yeah, absolutely so the targeted texts are more about execution, right? So if we look at the attack chain and they're doing more in terms of reconnaissance, they're spending more cycles and investment really on their end in terms of weaponization, how they can actually get into the system, how they can remain undetected, collecting and gathering information. What we're seeing with groups like Ragnar Locker as an example, they're going in and they're collecting in some cases, terabytes of information, a lot, they're going after definitely intellectual property, things like source code, also PII for customers as an example, and they're holding them. They have a whole business strategy and plan in mind on their place, right? They hold them for ransom. They're often, it's essentially a denial of service in some cases of taking a revenue stream or applications offline so a business can't function. And then what they're doing is that they're actually setting up crime services on their end. They, a lot of the the newest ransom notes that we're seeing in these targeted attacks are setting up channels to what they call a live chat support channel that the victim would log into and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. And they're trying to have in their point of view they're trying frame this as a good thing and say, we're going to show you that our technology works. We can decrypt some of the files on your system as an example just to prove that we are who we say we are but then they go on to say, instead of $10 million, we can negotiate down to 6 million, this is a good deal, you're getting 30% off or whatever it is but the fact is that they know by the time they've gotten to this they've done all their homework before that, right? They've done the targets, they've done all the things that they can to know that they have the organization in their grasp, right? >> One of the things that you mentioned just something I never thought about as ransomware as a business, the sophistication level is just growing and growing and growing and growing. And of course, even other bad actors, they have access to all the emerging technologies that the good guys do. But talk to me about this business of ransomware because that's what it seems like it really has become. >> Absolutely, it is massively sad. If you look at the cybercrime ecosystem like the way that they're actually pulling this off it's not just one individual or one cyber crime ring that, let's say five to 10 people that are trying to orchestrate this. These are big rings, we actually work closely as an example to, we're doing everything from the FortiGuard Labs with following the latest ransomware trends doing the protection and mitigation but also working to find out who these people are, what are their tactics and really attribute it and paint a picture of these organizations. And they're big, we worked on some cases where there's over 50 people just in one ransomware gang. One of the cases we worked on, they were making over $60 million US in three months, as an example. And in some cases, keep in mind one of these targeted attacks like in terms of ransom demands and the targeted cases they can be an excess of $10 million just for one ransom attack. And like I said, we're seeing a seven times increase in the amount of attack activity. And what they're doing in terms of the business is they've set up affiliate marketing. Essentially, they have affiliates in the middle that will actually distribute the ransomware. So they're basically outsourcing this to other individuals. If they hit people with their ransomware and the people pay then the affiliate in the middle will actually get a commission cut of that, very high, typically 40 to 50%. And that's really what's making this lucrative business model too. >> Wow, My jaw is dropping just the sophistication but also the different levels to which they've put a business together. And unfortunately, for every industry it sounds very lucrative, so how then Derek do organizations protect themselves against this, especially knowing that a lot of this work from home stuff is going to persist. Some people want to stay home, what not. The proliferation of devices is only going to continue. So what are organizations start and how can you guys help? >> Start with the people, so we'll talk about three things, people, technology and processes. The people, unfortunately, this is not just about ransomware but definitely applies to ransomware but any attack, humans are still often the weakest link in terms of education, right? A lot of these ransomware campaigns will be going after people using nowadays seems like tax themes purporting to be from the IRS as an example or human resources departments or governments and health authorities, vaccination scams all these things, right? But what they're trying to do is to get people to click on that link, still to open up a malicious attachment that will then infect them with the ransomware. This of course, if an employee is up to date and hones their skills so that they know basically a zero trust mentality is what I like to talk about. You wouldn't just invite a stranger into your house to open a package that you didn't order but people are doing this a lot of the times with email. So really starting with the people first is important. There's a lot of free training information and security. There is awareness training, we offer that at Fortinet. There's even advanced training we do through our NSC program as an example. But then on top of that there's things like phishing tests that you can do regularly, penetration testing as well, exercises like that are very important because that is really the first line of defense. Moving past that you want to get into the technology piece. And of course, there's a whole, this is a security fabric. There's a whole array of solutions. Like I said, everything needs to be integrated. So we have an EDR and XDR as an example sitting on the end point, cause oftentimes they still need to get that ransomware payload to run on the end point. So having a technology like EDR goes a long way to be able to detect the threat, quarantine and block it. There's also of course a multi-factor authentication when it comes to identifying who's connecting to these environments. Patch management, we talk about all the time. That's part of the technology piece. The reality is that we highlight in the threat landscape report the software vulnerabilities that these rats more gangs are going after are two to three years old. They're not breaking within the last month they're two to three years old. So it's still about the patch management cycle, having that holistic integrated security architecture and the fabric is really important. NAC network access control is zero trust, network access is really important as well. One of the biggest culprits we're seeing with these ransom attacks is using IOT devices as launchpads as an example into networks 'cause they're in these work from home environments and there's a lot of unsecured or uninspected devices sitting on those networks. Finally process, right? So it's always good to have it all in your defense plan training and education, technology for mitigation but then also thinking about the what if scenario, right? So incident response planning, what do we do if we get hit? Of course we never recommend to pay the ransom. So it's good to have a plan in place. It's good to identify what your corporate assets are and the likely targets that cyber-criminals are going to go after and make sure that you have rigid security controls and threat intelligence like FortiGuard Labs applied to that. >> Yeah, you talk about the weakest link they are people I know you and I talked about that on numerous segments. It's one of the biggest challenges but I've seen some people that are really experts in security read a phishing email and almost fall for it. Like it looked so legitimately from like their bank for example. So in that case, what are some of the things that businesses can do when it looks so legitimate that it probably is going to have a unfortunately a good conversion rate? >> Yeah, so this is what I was talking about earlier that these targeted attacks especially when it comes to spear, when it comes to the reconnaissance they got so clever, it can be can so realistic. That's the, it becomes a very effective weapon. That's why the sophistication and the risk is rising like I said but that's why you want to have this multilayered approach, right? So if that first line of defense does yield, if they do click on the link, if they do try to open the malicious attachment, first of all again through the next generation firewall Sandboxing solutions like that, this technology is capable of inspecting that, acting like is this, we even have a FortiAI as an example, artificial intelligence, machine learning that can actually scan this events and know is this actually an attack? So that element goes a long way to actually scrub it like content CDR as well, content disarm as an example this is a way to actually scrub that content. So it doesn't actually run it in the first place but if it does run again, this is where EDR comes in like I said, at the end of the day they're also trying to get information out of the network. So having things like a Platinum Protection through the next generation firewall like with FortiGuard security subscription services is really important too. So it's all about that layered approach. You don't want just one single point of failure. You really want it, this is what we call the attack chain and the kill chain. There's no magic bullet when it comes to attackers moving, they have to go through a lot of phases to reach their end game. So having that layer of defense approach and blocking it at any one of those phases. So even if that human does click on it you're still mitigating the attack and protecting the damage. Keep in mind a lot of damages in some cases kind of a million dollars plus. >> Right, is that the average ransom, 10 million US dollars. >> So the average cost of data breaches that we're seeing which are often related to ransom attacks is close to that in the US, I believe it's around just under $9 million about 8.7 million, just for one data breach. And often those data breaches now, again what's happening is that the data it's not just about encrypting the data, getting access because a lot of organizations part of the technology piece and the process that we recommend is backups as well of data. I would say, organizations are getting better at that now but it's one thing to back up your data. But if that data is breached again, cybercriminals are now moving to this model of extorting that saying, unless you pay us this money we're going to go out and make this public. We're going to put it on paste and we're going to sell it to nefarious people on the dark web as well. >> One more thing I want to ask you in terms of proliferation we talked about the distributed workforce but one of the things, and here we are using Zoom to talk to each other, instead of getting to sit together in person we saw this massive proliferation in collaboration tools to keep people connected, families businesses. I talked a bit a lot of businesses who initially will say, oh we're using Microsoft 365 and they're protecting the data while they're not or Salesforce or Slack. And that shared responsibility model is something that I've been hearing a lot more about lately that businesses needing to recognize for those cloud applications that we're using and in which there's a lot of data traversing it could include PII or IP. We're responsible for that as the customer to protect our data, the vendor's responsible for protecting the integrity of the infrastructure. Share it with us a little bit about that in terms of your thoughts on like data protection and backup for those SaaS applications. >> Yeah, great question, great question tough one. It is so, I mean ultimately everybody has to have, I believe it has to have their position in this. It's not, it is a collaborative environment. Everyone has to be a stakeholder in this even down to the end users, the employees being educated and up-to-date as an example, the IT departments and security operation centers of vendors being able to do all the threat intelligence and scrubbing. But then when you extend that to the public cloud what is the cloud security stack look at, right? How integrated is that? Are there scrubbing and protection controls sitting on the cloud environments? What data is being sent to that, should it be cited center as an example? what's the retention period? How long does the data live on there? It's the same thing as when you go out and you buy one of these IOT devices as an example from say, a big box store and you go and just plug it into your network. It's the same questions we should be asking, right? What's the security like on this device model? Who's making it, what data is it going to ask for me? The same thing when you're installing an application on your mobile phone, this is what I mean about that zero trust environment. It should be earned trust. So it's a big thing, right? To be able to ask those questions and then only do it on a sort of need to know and medium basis. The good news is that a lot of CloudStack now and environments are integrating security controls. We integrated quite well with Fortinet as an example but this is an issue of supply chain. It's really important to know what lives upstream and how they're handling the data and how they're protecting it absolutely. >> Such interesting information and it's a topic ransomware that we could continue talking about, Derek, thank you for joining me on the program today updating us on what's going on, how it's evolving and ultimately what organizations in any industry need to do with protecting people and technology and processes to really start reducing their risks. I thank you so much for joining me today. >> All right it's a pleasure, thank you. >> Likewise Derek Manky I'm Lisa Martin. You're watching this CUBE conversation. (upbeat music)
SUMMARY :
I am Lisa Martin, excited to welcome back and great to see you again, Lisa. ransomware in the last year. that the ransomware on the pandemic fears with things that the cybercriminals are using. Are the targeted attacks, are they in like They, a lot of the the newest One of the things that you mentioned One of the cases we worked but also the different levels lot of the times with email. of the things that businesses can do and protecting the damage. Right, is that the average is that the data it's not just We're responsible for that as the customer It's the same thing as when you go out on the program today updating (upbeat music)
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Lisa Martin | PERSON | 0.99+ |
30% | QUANTITY | 0.99+ |
Derek Manky | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
FortiGuard Labs | ORGANIZATION | 0.99+ |
2021 | DATE | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
two | QUANTITY | 0.99+ |
$10 million | QUANTITY | 0.99+ |
Lisa | PERSON | 0.99+ |
seven times | QUANTITY | 0.99+ |
10 million | QUANTITY | 0.99+ |
40 | QUANTITY | 0.99+ |
five | QUANTITY | 0.99+ |
World Health Organization | ORGANIZATION | 0.99+ |
One | QUANTITY | 0.99+ |
three years | QUANTITY | 0.99+ |
US | LOCATION | 0.99+ |
over $60 million | QUANTITY | 0.99+ |
two houses | QUANTITY | 0.99+ |
6 million | QUANTITY | 0.99+ |
last year | DATE | 0.99+ |
10 people | QUANTITY | 0.99+ |
today | DATE | 0.99+ |
late 1980s | DATE | 0.99+ |
three months | QUANTITY | 0.99+ |
IRS | ORGANIZATION | 0.99+ |
one | QUANTITY | 0.99+ |
first line | QUANTITY | 0.99+ |
10 years ago | DATE | 0.98+ |
over 50 people | QUANTITY | 0.98+ |
Microsoft | ORGANIZATION | 0.97+ |
pandemic | EVENT | 0.97+ |
50% | QUANTITY | 0.97+ |
about 8.7 million | QUANTITY | 0.97+ |
one individual | QUANTITY | 0.97+ |
last month | DATE | 0.96+ |
one single point | QUANTITY | 0.96+ |
one ransom attack | QUANTITY | 0.96+ |
Threat Landscape Report | TITLE | 0.96+ |
Ragnar Locker | PERSON | 0.96+ |
one thing | QUANTITY | 0.96+ |
a decade ago | DATE | 0.96+ |
three things | QUANTITY | 0.96+ |
first | QUANTITY | 0.93+ |
COVID-19 | OTHER | 0.92+ |
NAC | ORGANIZATION | 0.9+ |
million dollars | QUANTITY | 0.89+ |
second half of 2020 | DATE | 0.89+ |
Salesforce | ORGANIZATION | 0.87+ |
CloudStack | TITLE | 0.87+ |
one ransomware gang | QUANTITY | 0.87+ |
under $9 million | QUANTITY | 0.86+ |
CUBE | ORGANIZATION | 0.86+ |
Global Threat Alliances | ORGANIZATION | 0.86+ |
first place | QUANTITY | 0.85+ |
three years old | QUANTITY | 0.84+ |
zero trust | QUANTITY | 0.84+ |
Slack | ORGANIZATION | 0.82+ |
FortiGuard | TITLE | 0.81+ |
top five | QUANTITY | 0.78+ |
one data breach | QUANTITY | 0.77+ |
One more thing | QUANTITY | 0.75+ |
one cyber crime ring | QUANTITY | 0.75+ |
One of the cases | QUANTITY | 0.66+ |
lot of vulnerable | QUANTITY | 0.57+ |
vulnerable | QUANTITY | 0.56+ |
2020 109 Derek Manky V1
(upbeat music) >> Welcome to this CUBE conversation. I am Lisa Martin, excited to welcome back one of our distinguished alumni, Derek Manky joins me next. Chief security Insights and Global Threat Alliances at Fortinet's FortiGuard Labs. Derek, welcome back to the program. >> Yes, it's great to be here and great to see you again, Lisa. Thanks for having me. >> Likewise, yeah, so a lot has happened. I know we've seen you during this virtual world, but so much has happened with ransomware in the last year. It's unbelievable, we had about 14 months ago, this dramatic shift to a distributed workforce, you had personal devices on in network perimeters and non-trusted devices or trusted devices on home networks and lots of change there. Talk to me about some of the things that you and FortiGuard Labs have seen with respect to the evolution of ransomware. >> Yeah, sure, so it's becoming worse, no doubt. We highlighted this in our Threat Landscape Report. If we just take a step back looking at ransomware itself, it actually started in the late 1980s. And it didn't, that was very, they relied on snail mail. It was obviously there was no market for it at the time. It was just a proof of concept, a failed experiment if you will. But it really started getting hot a decade ago, 10 years ago but the technology back then wasn't the cryptography they're using, the technique wasn't as strong as easily reversed. And so they didn't really get to a lot of revenue or business from the cyber criminal perspective. That is absolutely not the case today. Now they have very smart cryptography they're experts when say they, the cyber criminals at their game. They know there's a lot of the attack surfaces growing. There's a lot of vulnerable people out there. There's a lot of vulnerable devices. And this is what we saw in our threat landscape group. What we saw at seven times increase in ransomware activity in the second half of 2020. And that momentum is continuing in 2021. It's being fueled by what you just talked about. By the work from anywhere, work from home environment a lot of vulnerable devices unpatched. And these are the vehicles that the ransomware is the payload of course, that's the way that they're monetizing this. But the reality is that the attack surface has expanded, there's more vulnerable people and cyber criminals are absolutely capitalizing on that. >> Right, we've even seen cyber criminals capitalizing on the pandemic fears with things that were around the World Health Organization or COVID-19 or going after healthcare. Did you see an uptick in healthcare threats and activities as well in the last year? >> Yeah, definitely, so I would start to say that first of all, the... Nobody is immune when it comes to ransomware. This is such again, a hot target or a technique that the cybercriminals are using. So when we look at the verticals, absolutely healthcare is in the top five that we've seen, but the key difference is there's two houses here, right? You have what we call the broad blanketed ransomware attacks. So these aren't going after any particular vertical. They're really just trying to spray as much as they can through phishing campaigns, not through... there's a lot of web traffic out there. We see a lot of things that are used to open playing on that COVID-19 theme we got, right? Emails from HR or taxes and scams. It's all related to ransomware because these are how they're trying to get the masses to open that up, pay some data sorry, pay some cryptocurrency to get access to their data back. Oftentimes they're being held for extortions. They may have photos or video or audio captures. So it's a lot of fear they're trying to steal these people but probably the more concern is just what you talked about, healthcare, operational technology. These are large business revenue streams. These are take cases of targeted ransoms which is much different because instead of a big volumetric attack, these are premeditated. They're going after with specific targets in mind specific social engineering rules. And they know that they're hitting the corporate assets or in the case of healthcare critical systems where it hurts they know that there's high stakes and so they're demanding high returns in terms of ransoms as well. >> With respect to the broad ransomware attacks versus targeted a couple of questions to kind of dissect that. Are the targeted attacks, are they in like behind the network firewall longer and faster, longer and getting more information? Are they demanding higher ransom versus the broader attacks? What's what are some of the distinctions there besides what you mentioned? >> Yeah, absolutely so the targeted texts are more about execution, right? So if we look at the attack chain and they're doing more in terms of reconnaissance, they're spending more cycles and investment really on their end in terms of weaponization, how they can actually get into the system, how they can remain undetected, collecting and gathering information. What we're seeing with groups like Ragnar Locker as an example, they're going in and they're collecting in some cases, terabytes of information, a lot, they're going after definitely intellectual property, things like source code, also PII for customers as an example, and they're holding them. They have a whole business strategy and plan in mind on their place, right? They hold them for ransom. They're often, it's essentially a denial of service in some cases of taking a revenue stream or applications offline so a business can't function. And then what they're doing is that they're actually setting up crime services on their end. They, a lot of the the newest ransom notes that we're seeing in these targeted attacks are setting up channels to what they call a live chat support channel that the victim would log into and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. And they're trying to have in their point of view they're trying frame this as a good thing and say, we're going to show you that our technology works. We can decrypt some of the files on your system as an example just to prove that we are who we say we are but then they go on to say, instead of $10 million, we can negotiate down to 6 million, this is a good deal, you're getting 30% off or whatever it is but the fact is that they know by the time they've gotten to this they've done all their homework before that, right? They've done the targets, they've done all the things that they can to know that they have the organization in their grasp, right? >> One of the things that you mentioned just something I never thought about as ransomware as a business, the sophistication level is just growing and growing and growing and growing. And of course, even other bad actors, they have access to all the emerging technologies that the good guys do. But talk to me about this business of ransomware because that's what it seems like it really has become. >> Absolutely, it is massively sad. If you look at the cybercrime ecosystem like the way that they're actually pulling this off it's not just one individual or one cyber crime ring that, let's say five to 10 people that are trying to orchestrate this. These are big rings, we actually work closely as an example to, we're doing everything from the FortiGuard Labs with following the latest around some of the trends doing the protection and mitigation but also working to find out who these people are, what are their tactics and really attribute it and paint a picture of these organizations. And they're big, we're working some cases where there's over 50 people just in one ransomware gang. One of the cases we worked on, they were making over $60 million US in three months, as an example. And in some cases, keep in mind one of these targeted attacks like in terms of ransom demands and the targeted cases they can be an excess of $10 million just for one ransom attack. And like I said, we're seeing a seven times increase in the amount of attack activity. And what they're doing in terms of the business is they've set up affiliate marketing. Essentially, they have affiliates in the middle that will actually distribute the ransomware. So they're basically outsourcing this to other individuals. If they hit people with their ransomware and the people pay then the affiliate in the middle will actually get a commission cut of that, very high, typically 40 to 50%. And that's really what's making this lucrative business model too. >> Wow, My jaw is dropping just the sophistication but also the different levels to which they've put a business together. And unfortunately, for every industry it sounds very lucrative, so how then Derek do organizations protect themselves against this, especially knowing that a lot of this work from home stuff is going to persist. Some people want to stay home, what not. The proliferation of devices is only going to continue. So what are organizations start and how can you guys help? >> Start with the people, so we'll talk about three things, people, technology and processes. The people, unfortunately, this is not just about ransomware but definitely applies to ransomware but any attack, humans are still often the weakest link in terms of education, right? A lot of these ransomware campaigns will be going after people using nowadays seems like tax themes purporting to be from the IRS as an example or human resources departments or governments and health authorities, vaccination scams all these things, right? But what they're trying to do is to get people to click on that link, still to open up a malicious attachment that will then infect them with the ransomware. This of course, if an employee is up to date and hones their skills so that they know basically a zero trust mentality is what I like to talk about. You wouldn't just invite a stranger into your house to open a package that you didn't order but people are doing this a lot of the times with email. So really starting with the people first is important. There's a lot of free training information and security. There is awareness training, we offer that at Fortinet. There's even advanced training we do through our NSC program as an example. But then on top of that there's things like phishing tests that you can do regularly, penetration testing as well, exercises like that are very important because that is really the first line of defense. Moving past that you want to get into the technology piece. And of course, there's a whole, this is a security fabric. There's a whole array of solutions. Like I said, everything needs to be integrated. So we have an EDR and XDR as an example sitting on the end point, cause oftentimes they still need to get that ransomware payload to run on the end point. So having a technology like EDR goes a long way to be able to detect the threat, quarantine and block it. There's also of course a multi-factor authentication when it comes to identifying who's connecting to these environments. Patch management, we talk about all the time. That's part of the technology piece. The reality is that we highlight in the threat landscape report the software vulnerabilities that these rats more gangs are going after are two to three years old. They're not breaking within the last month they're two to three years old. So it's still about the patch management cycle, having that holistic integrated security architecture and the fabric is really important. NAC network access control is zero trust, network access is really important as well. One of the biggest culprits we're seeing with these ransom attacks is using IOT devices as launchpads as an example into networks 'cause they're in these work from home environments and there's a lot of unsecured or uninspected devices sitting on those networks. Finally process, right? So it's always good to have it all in your defense plan training and education, technology for mitigation but then also thinking about the what if scenario, right? So incident response planning, what do we do if we get hit? Of course we never recommend to pay the ransom. So it's good to have a plan in place. It's good to identify what your corporate assets are and the likely targets that cyber-criminals are going to go after and make sure that you have rigid security controls and threat intelligence like FortiGuard Labs applied to that. >> Yeah, you talk about the weakest link they are people I know you and I talked about that on numerous segments. It's one of the biggest challenges but I've seen some people that are really experts in security read a phishing email and almost fall for it. Like it looked so legitimately from like their bank for example. So in that case, what are some of the things that businesses can do when it looks so legitimate that it probably is going to have a unfortunately a good conversion rate? >> Yeah, so this is what I was talking about earlier that these targeted attacks especially when it comes to spear, when it comes to the reconnaissance they got so clever, it can be can so realistic. That's the, it becomes a very effective weapon. That's why the sophistication and the risk is rising like I said but that's why you want to have this multilayered approach, right? So if that first line of defense does yield, if they do click on the link, if they do try to open the malicious attachment, first of all again through the next generation firewall Sandboxing solutions like that, this technology is capable of inspecting that, acting like is this, we even have a FortiAI as an example, artificial intelligence, machine learning that can actually scan this events and know is this actually an attack? So that element goes a long way to actually scrub it like content CDR as well, content disarm as an example this is a way to actually scrub that content. So it doesn't actually run it in the first place but if it does run again, this is where EDR comes in like I said, at the end of the day they're also trying to get information out of the network. So having things like a Platinum Protection through the next generation firewall like with FortiGuard security subscription services is really important too. So it's all about that layered approach. You don't want just one single point of failure. You really want it, this is what we call the attack chain and the kill chain. There's no magic bullet when it comes to attackers moving, they have to go through a lot of phases to reach their end game. So having that layer of defense approach and blocking it at any one of those phases. So even if that human does click on it you're still mitigating the attack and protecting the damage. Keep in mind a lot of damages in some cases kind of a million dollars plus. >> Right, is that the average ransom, 10 million US dollars. >> So the average cost of data breaches ever seen which are often related to ransom attacks is close to that in the US, I believe it's around just under $9 million about 8.7 million, just for one data breach. And often those data breaches now, again what's happening is that the data it's not just about encrypting the data, getting access because a lot of organizations part of the technology piece and the process that we recommend is backups as well of data. I would say, organizations are getting better at that now but it's one thing to back up your data. But if that data is breached again, cybercriminals are now moving to this model of extorting that saying, unless you pay us this money we're going to go out and make this public. We're going to put it on piece and we're going to sell it to nefarious people on the dark web as well. >> One more thing I want to ask you in terms of proliferation we talked about the distributed workforce but one of the things, and here we are using Zoom to talk to each other, instead of getting to sit together in person we saw this massive proliferation in collaboration tools to keep people connected, families businesses. I talked a bit a lot of businesses who initially will say, oh we're using Microsoft 365 and they're protecting the data while they're not or Salesforce or Slack. And that shared responsibility model is something that I've been hearing a lot more about lately that businesses needing to recognize for those cloud applications that we're using and in which there's a lot of data traversing it could include PII or IP. We're responsible for that as the customer to protect our data, the vendor's responsible for protecting the integrity of the infrastructure. Share it with us a little bit about that in terms of your thoughts on like data protection and backup for those SaaS applications. >> Yeah, great question, great question tough one. It is so, I mean ultimately everybody has to have, I believe it has to have their position in this. It's not, it is a collaborative environment. Everyone has to be a stakeholder in this even down to the end users, the employees being educated and up-to-date as an example, the IT departments and security operation centers of vendors being able to do all the threat intelligence and scrubbing. But then when you extend that to the public cloud what is the cloud security stack look at, right? How integrated is that? Are there scrubbing and protection controls sitting on the cloud environments? What data is being sent to that, should it be cited center as an example? what's the retention period? How long does the data live on there? It's the same thing as when you go out and you buy one of these IOT devices as an example from say, a big box store and you go and just plug it into your network. It's the same questions we should be asking, right? What's the security like on this device model? Who's making it, what data is it going to ask for me? The same thing when you're installing an application on your mobile phone, this is what I mean about that zero trust environment. It should be earned trust. So it's a big thing, right? To be able to ask those questions and then only do it on a sort of need to know and medium basis. The good news is that a lot of CloudStack now and environments are integrating security controls. We integrated quite well with Fortinet as an example but this is an issue of supply chain. It's really important to know what lives upstream and how they're handling the data and how they're protecting it absolutely. >> Such interesting information and it's a topic ransomware that we could continue talking about, Derek, thank you for joining me on the program today updating us on what's going on, how it's evolving and ultimately what organizations in any industry need to do with protecting people and technology and processes to really start reducing their risks. I thank you so much for joining me today. >> All right it's a pleasure, thank you. >> Likewise Derek Manky I'm Lisa Martin. You're watching this CUBE conversation. (upbeat music)
SUMMARY :
I am Lisa Martin, excited to welcome back and great to see you again, Lisa. ransomware in the last year. that the ransomware on the pandemic fears with things that the cybercriminals are using. Are the targeted attacks, are they in like They, a lot of the the newest One of the things that you mentioned One of the cases we worked but also the different levels lot of the times with email. of the things that businesses can do and protecting the damage. Right, is that the average is that the data it's not just We're responsible for that as the customer It's the same thing as when you go out on the program today updating (upbeat music)
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Lisa Martin | PERSON | 0.99+ |
30% | QUANTITY | 0.99+ |
Derek | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
two | QUANTITY | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
One | QUANTITY | 0.99+ |
2021 | DATE | 0.99+ |
World Health Organization | ORGANIZATION | 0.99+ |
$10 million | QUANTITY | 0.99+ |
10 million | QUANTITY | 0.99+ |
FortiGuard Labs | ORGANIZATION | 0.99+ |
Lisa | PERSON | 0.99+ |
40 | QUANTITY | 0.99+ |
seven times | QUANTITY | 0.99+ |
US | LOCATION | 0.99+ |
five | QUANTITY | 0.99+ |
over $60 million | QUANTITY | 0.99+ |
two houses | QUANTITY | 0.99+ |
last year | DATE | 0.99+ |
three months | QUANTITY | 0.99+ |
pandemic | EVENT | 0.99+ |
today | DATE | 0.99+ |
10 people | QUANTITY | 0.99+ |
late 1980s | DATE | 0.99+ |
6 million | QUANTITY | 0.99+ |
over 50 people | QUANTITY | 0.98+ |
one | QUANTITY | 0.98+ |
10 years ago | DATE | 0.98+ |
first line | QUANTITY | 0.98+ |
50% | QUANTITY | 0.98+ |
IRS | ORGANIZATION | 0.98+ |
about 8.7 million | QUANTITY | 0.98+ |
Microsoft | ORGANIZATION | 0.97+ |
Ragnar Locker | PERSON | 0.97+ |
last month | DATE | 0.96+ |
a decade ago | DATE | 0.95+ |
one single point | QUANTITY | 0.95+ |
COVID-19 | OTHER | 0.95+ |
one ransom attack | QUANTITY | 0.95+ |
one individual | QUANTITY | 0.95+ |
first | QUANTITY | 0.94+ |
CloudStack | TITLE | 0.93+ |
three things | QUANTITY | 0.93+ |
CUBE | ORGANIZATION | 0.92+ |
NAC | ORGANIZATION | 0.92+ |
zero trust | QUANTITY | 0.91+ |
first place | QUANTITY | 0.89+ |
about 14 months ago | DATE | 0.89+ |
Salesforce | ORGANIZATION | 0.89+ |
three years old | QUANTITY | 0.88+ |
under $9 million | QUANTITY | 0.88+ |
one thing | QUANTITY | 0.86+ |
Slack | ORGANIZATION | 0.84+ |
one data breach | QUANTITY | 0.83+ |
one ransomware gang | QUANTITY | 0.83+ |
million dollars | QUANTITY | 0.83+ |
Threat Landscape Report | TITLE | 0.83+ |
second half of 2020 | DATE | 0.83+ |
zero | QUANTITY | 0.81+ |
top five | QUANTITY | 0.81+ |
Global Threat Alliances | ORGANIZATION | 0.8+ |
one cyber crime | QUANTITY | 0.77+ |
One more thing | QUANTITY | 0.72+ |
couple | QUANTITY | 0.7+ |
FortiGuard | TITLE | 0.67+ |
2020 109 | OTHER | 0.59+ |
Zoom | ORGANIZATION | 0.54+ |
Derek Manky Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs
>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.
SUMMARY :
but now they have to be wary of software updates in the digital supply chain, Thanks so much for, for the invitation to speak. So first I wonder if you could explain for the audience, what is for guard labs Um, and, but, you know, so it's, it's everything from, uh, customer protection first And it's, it's critical because like you said, you can, you can minimize the um, that is, uh, the, you know, that that's digestible. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the uh, natural disasters as an example, you know, um, trying to do charity Um, people started to become, we did a lot of education around this. on, um, uh, you know, targeting the digital supply chain as an example. in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from um, you know, a lot of ramp up work on their end, a lot of time developing the, on, um, you know, social engineering, um, using, uh, topical themes. So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks is designed by design, uh, to say that, you know, um, you know, in fact, uh, ransomware is not a new of, um, you know, damages that can happen from that. and cameras and, you know, thermostats, uh, with 75% Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, you know, home entertainment systems, uh, network attached storage as well, you know, big pharma healthcare, uh, where and it's, it's, it's, uh, you know, very unfortunate, but obviously with So maybe in the time remaining, we can talk about remediation strategies. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. Um, so, you know, we, we need, I always say we can't win this war alone. cybercriminals moved out, uh, you know, um, uh, that, but working together, we can have that whole, you know, that holistic effect. Uh, I know you guys mentioned that Uh, everything you can see is on our threat research blog on, uh, And thanks for the work that you and your teams do. And, uh, rest assured we will still be there 24 seven, And thank you for watching everybody.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Dave Vellante | PERSON | 0.99+ |
2006 | DATE | 0.99+ |
Derek Mackie | PERSON | 0.99+ |
1989 | DATE | 0.99+ |
2014 | DATE | 0.99+ |
Ian Gregor | PERSON | 0.99+ |
five | QUANTITY | 0.99+ |
15 years | QUANTITY | 0.99+ |
75% | QUANTITY | 0.99+ |
Derek | PERSON | 0.99+ |
Dave Volante | PERSON | 0.99+ |
20 | QUANTITY | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
two | QUANTITY | 0.99+ |
$60 million | QUANTITY | 0.99+ |
Interpol | ORGANIZATION | 0.99+ |
two types | QUANTITY | 0.99+ |
Robert Gates | PERSON | 0.99+ |
last year | DATE | 0.99+ |
Derek Manky | PERSON | 0.99+ |
first half | QUANTITY | 0.99+ |
U S government | ORGANIZATION | 0.99+ |
12 months | QUANTITY | 0.99+ |
40 guard labs | QUANTITY | 0.99+ |
today | DATE | 0.99+ |
FortiGuard Labs | ORGANIZATION | 0.99+ |
one case | QUANTITY | 0.99+ |
one day | QUANTITY | 0.99+ |
first | QUANTITY | 0.99+ |
last summer | DATE | 0.99+ |
ORGANIZATION | 0.99+ | |
half a year | QUANTITY | 0.99+ |
a month | QUANTITY | 0.98+ |
three weeks | QUANTITY | 0.98+ |
one | QUANTITY | 0.98+ |
both attacks | QUANTITY | 0.98+ |
COVID-19 | OTHER | 0.98+ |
this year | DATE | 0.98+ |
10 plus years ago | DATE | 0.98+ |
Security Insights | ORGANIZATION | 0.98+ |
over two years | QUANTITY | 0.98+ |
Interfor | ORGANIZATION | 0.98+ |
two years ago | DATE | 0.97+ |
two times a year | QUANTITY | 0.96+ |
million dollars | QUANTITY | 0.96+ |
40 grand labs | QUANTITY | 0.96+ |
Zero trust | QUANTITY | 0.96+ |
four months | QUANTITY | 0.95+ |
Derek manky | PERSON | 0.95+ |
Jericho | PERSON | 0.95+ |
millions of dollars a day | QUANTITY | 0.95+ |
One | QUANTITY | 0.95+ |
40 net | QUANTITY | 0.94+ |
pandemic | EVENT | 0.94+ |
COVID | OTHER | 0.94+ |
thousands of people | QUANTITY | 0.94+ |
over 5 million censorship | QUANTITY | 0.94+ |
four | QUANTITY | 0.93+ |
twice a year | QUANTITY | 0.92+ |
one thing | QUANTITY | 0.9+ |
40 guard.com | OTHER | 0.9+ |
a hundred billion | QUANTITY | 0.89+ |
about 50 | QUANTITY | 0.89+ |
six years old | QUANTITY | 0.89+ |
Chief | PERSON | 0.89+ |
over 40 different languages | QUANTITY | 0.88+ |
three | QUANTITY | 0.87+ |
about two | QUANTITY | 0.86+ |
Stuxnet attacks | EVENT | 0.86+ |
zero-day weapons | QUANTITY | 0.86+ |
Q4 | DATE | 0.86+ |
21 years | QUANTITY | 0.85+ |
Maseca pro | ORGANIZATION | 0.85+ |
two years old | QUANTITY | 0.85+ |
Global Threat Alliances | ORGANIZATION | 0.83+ |
EMBARGO Derek Manky Chief, Security Insights & Global Threat Alliances, FortiGuard Labs
>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.
SUMMARY :
but now they have to be wary of software updates in the digital supply chain, Thanks so much for, for the invitation to speak. So first I wonder if you could explain for the audience, what is for guard labs Um, and, but, you know, so it's, it's everything from, uh, customer protection first And it's, it's critical because like you said, you can, you can minimize the um, that is, uh, the, you know, that that's digestible. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the uh, natural disasters as an example, you know, um, trying to do charity Um, people started to become, we did a lot of education around this. on, um, uh, you know, targeting the digital supply chain as an example. in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from um, you know, a lot of ramp up work on their end, a lot of time developing the, on, um, you know, social engineering, um, using, uh, topical themes. So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks is designed by design, uh, to say that, you know, um, you know, in fact, uh, ransomware is not a new of, um, you know, damages that can happen from that. and cameras and, you know, thermostats, uh, with 75% Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, you know, home entertainment systems, uh, network attached storage as well, you know, big pharma healthcare, uh, where and it's, it's, it's, uh, you know, very unfortunate, but obviously with So maybe in the time remaining, we can talk about remediation strategies. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. Um, so, you know, we, we need, I always say we can't win this war alone. cybercriminals moved out, uh, you know, um, uh, that, but working together, we can have that whole, you know, that holistic effect. Uh, I know you guys mentioned that Uh, everything you can see is on our threat research blog on, uh, And thanks for the work that you and your teams do. And, uh, rest assured we will still be there 24 seven, And thank you for watching everybody.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Dave Vellante | PERSON | 0.99+ |
2006 | DATE | 0.99+ |
Derek Mackie | PERSON | 0.99+ |
1989 | DATE | 0.99+ |
2014 | DATE | 0.99+ |
Ian Gregor | PERSON | 0.99+ |
five | QUANTITY | 0.99+ |
15 years | QUANTITY | 0.99+ |
75% | QUANTITY | 0.99+ |
Derek | PERSON | 0.99+ |
20 | QUANTITY | 0.99+ |
Dave Volante | PERSON | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
two | QUANTITY | 0.99+ |
$60 million | QUANTITY | 0.99+ |
Interpol | ORGANIZATION | 0.99+ |
two types | QUANTITY | 0.99+ |
Robert Gates | PERSON | 0.99+ |
last year | DATE | 0.99+ |
FortiGuard Labs | ORGANIZATION | 0.99+ |
first half | QUANTITY | 0.99+ |
U S government | ORGANIZATION | 0.99+ |
12 months | QUANTITY | 0.99+ |
40 guard labs | QUANTITY | 0.99+ |
today | DATE | 0.99+ |
one case | QUANTITY | 0.99+ |
one day | QUANTITY | 0.99+ |
first | QUANTITY | 0.99+ |
last summer | DATE | 0.99+ |
ORGANIZATION | 0.99+ | |
half a year | QUANTITY | 0.99+ |
a month | QUANTITY | 0.98+ |
three weeks | QUANTITY | 0.98+ |
one | QUANTITY | 0.98+ |
both attacks | QUANTITY | 0.98+ |
COVID-19 | OTHER | 0.98+ |
this year | DATE | 0.98+ |
10 plus years ago | DATE | 0.98+ |
EMBARGO | PERSON | 0.98+ |
over two years | QUANTITY | 0.98+ |
Interfor | ORGANIZATION | 0.98+ |
two years ago | DATE | 0.97+ |
two times a year | QUANTITY | 0.96+ |
million dollars | QUANTITY | 0.96+ |
40 grand labs | QUANTITY | 0.96+ |
Zero trust | QUANTITY | 0.96+ |
four months | QUANTITY | 0.95+ |
Derek manky | PERSON | 0.95+ |
Jericho | PERSON | 0.95+ |
millions of dollars a day | QUANTITY | 0.95+ |
One | QUANTITY | 0.95+ |
40 net | QUANTITY | 0.94+ |
pandemic | EVENT | 0.94+ |
COVID | OTHER | 0.94+ |
thousands of people | QUANTITY | 0.94+ |
over 5 million censorship | QUANTITY | 0.94+ |
four | QUANTITY | 0.93+ |
twice a year | QUANTITY | 0.92+ |
one thing | QUANTITY | 0.9+ |
40 guard.com | OTHER | 0.9+ |
Derek Manky | PERSON | 0.89+ |
a hundred billion | QUANTITY | 0.89+ |
about 50 | QUANTITY | 0.89+ |
six years old | QUANTITY | 0.89+ |
over 40 different languages | QUANTITY | 0.88+ |
Chief | PERSON | 0.87+ |
Security Insights & Global Threat Alliances | ORGANIZATION | 0.87+ |
three | QUANTITY | 0.87+ |
about two | QUANTITY | 0.86+ |
Stuxnet attacks | EVENT | 0.86+ |
zero-day weapons | QUANTITY | 0.86+ |
Q4 | DATE | 0.86+ |
21 years | QUANTITY | 0.85+ |
Maseca pro | ORGANIZATION | 0.85+ |
two years old | QUANTITY | 0.85+ |
cyber threat Alliance | ORGANIZATION | 0.83+ |
Derek Manky, Fortinet | CUBEConversation
>> From "The Cube studios" in Palo Alto and Boston, connecting with thought leaders all around the world. This, is a cube conversation. >> Welcome to this Cube Virtual conversation. I'm Lisa Martin and I'm excited to be talking to one of our cube alumni again, very socially distant, Derek Manky joins me the chief security insights and global for alliances, Fortinet's FortiGuard labs, Derek it's great to see you, even though virtually >> Yep, better safe better safe these days, right? But yeah, it's great to see you again and um I'm really looking forward to a great conversation, as always. >> Yeah! So Wow Has a lot changed since I last saw you? I-I think that's an epic understatement.. But each year we talk with you about the upcoming What's coming up in the threat landscape, what you guys are seeing Some of the attack trends. What are some of the things that you've seen in this very eventful year since we last spoke? >> Yeah.. a lot of a lot of things.. um.. Obviously.. uh.. with the pandemic there has been this big shift in landscape, right? So particularly uh Q3 Q4. So the last half of the year uh now we have a lot of things that were traditionally in corporate safeguards um you know, actual workstations, laptops that were sitting within networks and perimeters of-of organizations, that have obviously moved to work from home. And So, with that, comes a lot of new a-attack opportunities Um We track as, you know, threat until at 40 minutes, so 40 guard labs on a daily basis. And.. uh.. we are clearly seeing that and we're seeing a huge rise in things like um IOT targets, being the number one attacks, so consumer grade routers, um IOT devices, like printers and network attached storage. Those are um some of the most, favorite attack vehicles that cyber criminals are using to get into the-those devices. Of course, once they get in those devices, they can then move, laterally to compromise the..uh corporate laptop as an example. So those are-are very concerning The other thing has been that email that traditionally has been our number one um Another favorite attack platform always has! It's not going away but for the first time this year in.. um in about September, the second half, we saw a web based attacks taking priority for attackers and that's because of this new working environment. A lot of people I'm serving the websites from Again, these devices that were, not, were previously within Um you know, organizations email security is centralized a lot of the times but the web security always isn't. So that's another another shift that we've seen. We're now in the full-blown midst of the online shopping season um action and shopping season is almost every day now (laughter) since this summer >> Yep.. Yep.. >> And we've clearly seen that And we- Just from September up to October we saw over a trillion, not a billion, but a trillion new flows to shopping websites uh In just one month Um So that can- than number continues to rise and continues to rising quickly. >> Yeah. So the- the expanding threat landscape I've talked to a number of Companies the last few months that we're in this situation where it's suddenly It was a maybe 100% onsite workforce now going to work from home taking uh either desktops from uh their offices or using personal devices and that was a huge challenge that we were talking about with respect to endpoint and laptop security But interesting that you- you're seeing now this web security, I know phishing emails are getting more personal but the fact that um That website attacks are going up What are some of the things that you think, especially yo-you bring up a point we are we are now and maybe even s- more supercharged e-commerce season. How can businesses prepare a-and become proactive to defend against some of these things that, since now the threat surface is even bigger? >> Yeah. Multi-pronged approach. You know, Lisa, like we always say that, first of all, it's just like we have physical distancing, cyber distancing, just like we're doing now on this call. But same thing for reuse. I think there's always a false sense of security, right? When you're just in the home office, doing some browsing to a site, you really have to understand that these sites just by touching, literally touching it by going to the URL and clicking on that link you can get infected that easily. We're seeing that, there's a lot of these attacks being driven So, education, there's a lot of free programs. We have one on Fortinet information security awareness training. That is something that we continually need to hone the skills of end users first of all, so that's an easy win I would say, to my eyes in terms of organizations, but then this multi-pronged approach, right? So things like having EDR endpoint detection response, and being able to manage those end users while they're on on their devices at home Being able to have security and making sure those are up to date in terms of patches. So centralized management is important, two factor authentication, or multi-factor authentication Also equally as important. Doing things like network segmentation. For end users and the devices too. So there's a lot of these Things that you look at the risk that's associated The risk is always way higher than the investment upfront in terms of hours, in terms of security platforms. So the good thing is there's a lot of Solutions out there and it doesn't have to be complicated. >> That's good because we have enough complication everywhere else. But you bring up a point, you know, about humans, about education. We're kind of always that weakest link, but so many of us, now that are home, have distractions going on all around. So you might be going, "I've got to do some bill pay and go onto your bank" without thinking that that's that's now a threat landscape. What are some of the things that you're seeing that you think we're going to face in 2021, which is just around the corner? >> Yeah so So we're just talking about those IOT devices They're the main culprit right now. They can continue to be for a while We have this new class of threat emerging technology, which is edge computing. So people always talked about the perimeter of the perimeter being dead in other words, not just building up a wall on the outside, but understanding what's inside, right? That's been the case of IOT, but now edge computing is the emerging technology The main difference You know, we say, is that the edge devices are virtual assistant is the best example I could give, right? That, that users will be aware of in-home networks. Because these devices, traditionally, have more processing power, they handle more data, they have more access and privilege to devices like things like security systems, lights, as an example Beyond home networks, these edge devices are also As an example, being put into military and defense into critical infrastructure, field units for oil and gas and electricity as an example. So this is the new emerging threat, more processing power, more access and privilege, smarter decisions that are being made on those devices Those devices, are going to be targets for cyber criminals. And that's something, I think next year, we're going to see a lot of because it's a Bigger reward to the cyber criminal if they can get into it. And So targeting the edge is going to be a big thing. I think there's going to be a new class of threats. I'm calling these, I haven't heard this coined in the industry yet, but I'm calling these or "EAT"s or "Edge Access Trojans" because that's what it is, they compromise these devices. They can then control and get access to the data. If you think of a virtual assistant, and somebody that can actually compromise that device, think about that data. Voice data that's flowing through those devices that they can then use as a cleverly engineered, you know, attack a social engineering attack to phish a user as an example. >> Wow! I never thought about it from that perspective before Do you think, with all the talk about 5G, and what's coming with 5G, is that going to be an accelerator of some of these trends? Of some of these "EAT"s that you talk about? >> Yeah, definitely. Yeah So 5G is just a conduit. It's an accelerator. Absolutely um Catalyst called, if you will, It's here. Um, it's been deployed, not worldwide, but in many regions, it's going to continue to be 5G is all about, um, speed.. Um right? And so if you think about how swiftly these attacks are moving, you be abl- you need to be able to keep up with that from a defense standpoint, um Threats move without borders, they move without Uh, uh, Unfortunately, without restriction a lot of the time, right? Cyber crime has no borders. Um, the-they don't have rules, or if they have, they don't care about rules (laughter) So break those rules. So they are able to move quickly, right? And that's th- the problem with 5G, of course, is that these devices now can communicate quicker, they can launch even larger scale things like "DDOS", "Distributed Denial Of Service attacks". And That is, is a very big threat. And it also allows the other thing about 5G, Lisa, is that it allows.. um.. Peer to peer connectivity too. Right? So it's like Bluetooth, Um, Bluetooth's um enhanced in a sense, because now you have devices that interact with each other as well, by interacting with each other Um that also uh, you know, what are they talking about? What data are they passing? That's a whole new security inspection point that we need to And that's what I mean about this.. Um that's just It reconfirms that the.. Perimeters that. >> Right. Something we've been talking about, as you said for a while, but That's some pretty hard hitting evidence that it is, indeed, a thing of the past Something that we've talked to you about - with you in the past is Swarm attacks. Ho- What's, What's going on there? How are they progressing? >> Yeah, so this is a real threat, but there's good news, bad news. The Good news is this is a long progressing threat, which means we have more time to prepare. Bad news is we have seen developments in terms of weaponizing this, It's like anything.. Swarm is a tool. It can be as good.. DARPA, as an example, has invested a lot into this from military research, it's all around us now in terms of good applications things like for redundancy, right? Robotics, as an example, there's a lot of good things that come from Swarm technology, but.. There's use for If it's weaponized, It can have some very scary prospects. And that's what we're starting to see. There's a new botnet that was created this year. It is called the "HTH" this is written in Golang. So it's a language that basically allows it to infect any number of devices. It's not just your PC Right? It's the same, it's the same virus, but it can morph into all these different platforms, devices, whether it's a, an IOT device, an edge device But the main, characteristic of this is that it's able to actually have communication. They built a communication protocol into it. So the devices can pass files between each other, talk to each other They don't have a machine learning models yet, so in other words, they're not quote-in-quote "smart" yet, but that's coming. Once that intelligence starts getting baked in, then we have the weaponized Swarm technology And what this means, is that you know, when you have those devices that are making decisions on their own, talking to each other >> A: they're harder to kill. You take one down, another one takes its place. >> B: um They are able to move very swiftly, especially when that piggybacking leveraging on things like 5G. >> So . the I'm just blown away at all these things that you're talking about They are so So talk about how companies, and even individuals, can defend against this and become proactive. As we know one of the things we know about 2020 is all the uncertainty, we're going to continue to see uncertainty, but we also know that we- there's expectation.. globally, that a good amount of people are going to be working from home and connecting to corporate networks for a very long time. So, how can companies and people become proactive against these threats? >> Yes People process procedures and technology. So, we talked, as I really looked at this as a stacked approach, first of all, threats, as it is said, they're becoming quicker, the attack surface is larger, you need threat intelligence visibility This comes down to security platforms from a technology piece. So a security driven networking, AI driven security operations Centers These are new. But it's, it's becoming, as you can imagine, when we talked about critical, to fill that gap, to be able to move as quickly as the attackers you need to be able to use intelligent technology on your end. So people are just too slow. But we can still use people from the process, you know, making sure You know, Trying to understand what the risk is. So looking at threat intelligence reports, we put out weekly threat intelligence briefs as an example of as Fortiguard Labs, to be able to understand what the threats are, how to respond to those, how to prioritize them and then put the proper security measures in place. So, there are absolutely relevant technologies that exist today, And in fact now I think is the time to really get those in deployment before this becomes worse, as we're talking about. And then as I said earlier, there's also free things that can be just part of our daily lives, right? So we don't have this false sense of security. So understanding that that threat is real following up on the threat and being on doing education There's phishing services Again, phishing can be a good tool when it's used in a non-malicious way, to test people's skills sets as an example. So all of that combined is But the biggest thing is definitely relying on things like machine learning, artificial intelligence, to be able to work at speed with these threats. >> Right. So, you also have global threat alliances under your portfolio. Talk to me about how 40 net is working with global Alliance partners to fight this growing attack surface. >> Yeah. So this is the ecosystem. Every, every organization, whether it's private or public sector, has a different role to play in essence, right? So you look at things in the public sector, you have law enforcement, they're focused on attribution, so when we look at cyber crime, and if we find It's the hardest thing to do, but if we find out who these cyber criminals are, we can bring them to justice. Right? Our whole goal is to make it more expensive for the cyber criminals to operate, So by doing this, if we work with law enforcement and it leads to a successful arrest and prosecution, because we've done it in the past, that takes them off line to hit somewhere it hurts Law enforcement will typically work with intelligence leads to freeze assets, as an example from maybe ransom attacks that are happening. So that's one aspect, but then you have other things like working with national computer emergency response. So disrupting cyber crime, we work with national series. If we know that, you know, the bad guys are hosting stolen data or communication infrastructure in public, you know, servers, we can work with them to actually disrupt that, to take those servers offline. Then you have the private space. So this, you know Fortinet we're a founding member of the Cyber Threat Alliance. I'm on the steering committee there. And this is working with even competitors around in our space where we can share quickly up-to-date intelligence on, on attackers. We remain competitive on the technology itself, but, you know, we're working together to actually share as much as we know about the bad guys. And recently we're also a founding member of the "Center for Cyber Security", "C for C" with World Economic Forum. And This is another crucial effort that is basically trying to bridge all of that. To mend all of that together, right? Law enforcement, prosecutors, security vendors, intelligence organizations, all under one roof because we really do need that. It's an entire ecosystem to make this an effective fight. So it's, it's interesting because a lot of people, I don't think see what's happening behind the scenes a lot of the times, but there is a tremendous effort globally that's happening between all the players. So that's really good news. And the industry piece is something close to my heart. I've been involved in a lot of time and we continue to support. >> That's exciting. And that's something that is, you know, unfortunately, so very, very needed and will continue to be as emerging technologies evolve and we get to use them for good things. And to your point, that bad actors also get to take advantage of that for nefarious things as well. Derek it's always great to have you on the program, any particular things on the 40 net website that you would point viewers to to learn more about like the 20, 20 front landscape? >> Sure. You can always check out our blogs, So it's on blogged@fortynet.com, under "Threat Research", As I said on 40 guard.com, we also have our playbooks on there. We have podcasts, we have our updated threat intelligence briefs too. So those are always great to check out and just be rest assured that, you know, everything I've been talking about, we're doing a lot of that heavy lift on the backend. So by having working with managing security service providers and having all this intelligence baked in, organizations don't have to go and have a huge OPEX by you know, hiring, you know, trying to create a massive security center on their own. I mean, it's about this technology working together and that's that's what we're here for, its we can ask what do you guard lapse? >> Awesome Derek, thank you so much for joining me today in this Cube Conversation. Lots of exciting stuff going on at 40 net and 40 guard labs as always, which we expect, it's been great to have you. Thank you. >> It's a pleasure. Thanks Lisa. >> For Derek Manky. I'm Lisa Martin. You're watching the Virtual Cube.
SUMMARY :
leaders all around the world. I'm Lisa Martin and I'm excited to be to a great conversation, as always. What are some of the So the last half of the year uh Yep.. So that can- than number continues to rise are some of the things Yeah. and clicking on that link you can get infected that easily. and it doesn't have to be complicated. What are some of the things and privilege to devices are going to be targets So targeting the edge is going to be a big thing. So they are able to move quickly, right? Something that we've talked to you about - Yeah, so this is a real threat, It is called the "HTH" this is written in Golang. is that it's able to A: they're harder to kill. to move very swiftly, one of the things we know about to be able to understand I think is the time to really So all of that combined is to fight this growing attack surface. It's the hardest thing to do, If we know that, you know, It's an entire ecosystem to something that is, you know, its we can ask what do you guard lapse? it's been great to have you. It's a pleasure. I'm Lisa Martin.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Lisa Martin | PERSON | 0.99+ |
Center for Cyber Security | ORGANIZATION | 0.99+ |
Lisa | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
Palo Alto | LOCATION | 0.99+ |
Fortiguard Labs | ORGANIZATION | 0.99+ |
Boston | LOCATION | 0.99+ |
September | DATE | 0.99+ |
World Economic Forum | ORGANIZATION | 0.99+ |
October | DATE | 0.99+ |
100% | QUANTITY | 0.99+ |
2021 | DATE | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
next year | DATE | 0.99+ |
blogged@fortynet.com | OTHER | 0.99+ |
40 minutes | QUANTITY | 0.99+ |
Cyber Threat Alliance | ORGANIZATION | 0.99+ |
today | DATE | 0.99+ |
one month | QUANTITY | 0.99+ |
over a trillion | QUANTITY | 0.99+ |
FortiGuard | ORGANIZATION | 0.99+ |
one aspect | QUANTITY | 0.98+ |
two factor | QUANTITY | 0.98+ |
one | QUANTITY | 0.98+ |
this year | DATE | 0.98+ |
first time | QUANTITY | 0.97+ |
pandemic | EVENT | 0.97+ |
each year | QUANTITY | 0.97+ |
40 guard labs | QUANTITY | 0.96+ |
second half | QUANTITY | 0.96+ |
20 | QUANTITY | 0.96+ |
2020 | DATE | 0.96+ |
C for C | ORGANIZATION | 0.95+ |
5G | ORGANIZATION | 0.93+ |
this summer | DATE | 0.93+ |
40 net | ORGANIZATION | 0.88+ |
The Cube studios | ORGANIZATION | 0.85+ |
last half of the year | DATE | 0.82+ |
Catalyst | ORGANIZATION | 0.8+ |
40 | QUANTITY | 0.75+ |
40 guard.com | OTHER | 0.73+ |
one roof | QUANTITY | 0.72+ |
not a billion | QUANTITY | 0.72+ |
a trillion | QUANTITY | 0.69+ |
last few months | DATE | 0.65+ |
Swarm | EVENT | 0.65+ |
DARPA | ORGANIZATION | 0.56+ |
Q3 Q4 | DATE | 0.56+ |
Threat | TITLE | 0.56+ |
CUBEConversation | ORGANIZATION | 0.54+ |
5G | OTHER | 0.44+ |
cube | ORGANIZATION | 0.44+ |
Golang | TITLE | 0.41+ |
net | LOCATION | 0.4+ |
Cube | ORGANIZATION | 0.31+ |
Derek Manky and Aamir Lakhani, FortiGuard Labs | CUBE Conversation, August 2020
>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation, >>Everyone. Welcome to this cube conversation. I'm John for host of the Cube here in the Cubes Palo Alto studios during the co vid crisis. Square Quarantine with our crew, but we got the remote interviews. Got great to get great guests here from 44 to guard Fortinet, 40 Guard Labs, Derek Manky chief Security Insights and Global Threat alliances. At 14 it's 40 guard labs and, um, are Lakhani. Who's the lead researcher for the Guard Labs. Guys, great to see you. Derek. Good to see you again. Um, are you meet you? >>Hey, it's it's it's been a while and that it happened so fast, >>it just seems, are say it was just the other day. Derek, we've done a couple interviews in between. A lot of flow coming out of Florida net for the guards. A lot of action, certainly with co vid everyone's pulled back home. The bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security. Uh, in terms of action, bad actors are at all time high new threats here is going on. Take us through what you guys were doing. What's your team makeup look like? What are some of the roles and you guys were seeing on your team? And how's that transcend to the market? >>Yeah, sure, Absolutely. So you're right. I mean, like, you know, like I was saying earlier this this is all this always happens fast and furious. We couldn't do this without, you know, a world class team at 40 guard labs eso we've grown our team now to over 235 globally. There's different rules within the team. You know, if we look 20 years ago, the rules used to be just very pigeonholed into, say, anti virus analysis. Right now we have Thio account for when we're looking at threats. We have to look at that growing attack surface. We have to look at where these threats coming from. How frequently are they hitting? What verticals are they hitting? You know what regions? What are the particular techniques? Tactics, procedures, You know, we have threat. This is the world of threat Intelligence, Of course. Contextualizing that information and it takes different skill sets on the back end, and a lot of people don't really realize the behind the scenes. You know what's happening on bears. A lot of magic happen not only from what we talked about before in our last conversation from artificial intelligence and machine learning, that we do a 40 yard labs and automation, but the people. And so today we want to focus on the people on and talk about you know how on the back ends, we approach a particular threat. We're going to talk to the world, a ransom and ransomware. Look at how we dissect threats. How correlate that how we use tools in terms of threat hunting as an example, And then how we actually take that to that last mile and and make it actionable so that, you know, customers are protected. How we share that information with Keith, right until sharing partners. But again it comes down to the people. We never have enough people in the industry. There's a big shortages, we know, but it it's a really key critical element, and we've been building these training programs for over a decade within 40 guard lab. So you know, you know, John, this this to me is why, exactly why, I always say, and I'm sure Americans share this to that. There's never a dull day in the office. I know we hear that all the time, but I think today you know, all the viewers really get a new idea of why that is, because this is very dynamic. And on the back end, there's a lot of things that doing together our hands dirty with this, >>you know, the old expression started playing Silicon Valley is if you're in the arena, that's where the action and it's different than sitting in the stands watching the game. You guys are certainly in that arena. And, you know, we've talked and we cover your your threat report that comes out, Um, frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware. What's going on? What's the state of the ransomware situation? Um, set the stage because that's still continues to be a threat. I don't go a week, but I don't read a story about another ransomware and then it leaks out. Yeah, they paid 10 million in Bitcoin or something like I mean, this Israel. That's a real ongoing threat. What is it, >>quite a bit? Yeah, eso I'll give sort of the one on one and then maybe capacity toe mark, who's on the front lines dealing with this every day. You know, if we look at the world of I mean, first of all, the concept to ransom, obviously you have people that that has gone extended way, way before, you know, cybersecurity. Right? Um, in the world of physical crime s Oh, of course. You know the world's first ransom, where viruses actually called PC cyborg. This is in 1989. The ransom payment was demanded to appeal box from leave. It was Panama City at the time not to effective on floppy disk. Very small audience. Not a big attack surface. I didn't hear much about it for years. Um, you know, in really it was around 2000 and 10. We started to see ransomware becoming prolific, and what they did was somewhat cybercriminals. Did was shift on success from ah, fake antivirus software model, which was, you know, popping up a whole bunch of, you know said your computer is infected with 50 or 60 viruses. Chaos will give you an anti virus solution, Which was, of course, fake. You know, people started catching on. You know, the giggles up people caught onto that. So they weren't making a lot of money selling this project software. Uh, enter Ransomware. And this is where ransomware really started to take hold because it wasn't optional to pay for the software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer the current. Uh, the encryption kind of decrypt it with any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw we've seen things like master boot record nbr around somewhere. This is persistent. It sits before your operating system when you boot up your computer. So it's hard to get rid of, um, very strong. Um, you know, public by the key cryptography that's being so each victim is infected with the different key is an example. The list goes on, and you know I'll save that for for the demo today. But that's basically it's It's very it's prolific and we're seeing shit. Not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted ransom cases that we're going after, you know, critical business. Essentially, it's like a D O s holding revenue streams around too. So the ransom demands were getting higher because of this is Well, it's complicated. >>Yeah, I was mentioning, Omar, I want you to weigh in. I mean, 10 million is a lot we reported earlier this month. Garment was the company that was act I t guy completely locked down. They pay 10 million. Um, garment makes all those devices and a Z. We know this is impacting That's real numbers. So I mean, it's another little ones, but for the most part, it's new. It's, you know, pain in the butt Thio full on business disruption and extortion. Can you explain how it all works before I got it? Before we go to the demo, >>you know, you're you're absolutely right. It is a big number, and a lot of organizations are willing to pay that number to get their data back. Essentially their organization and their business is at a complete standstill. When they don't pay, all their files are inaccessible to them. Ransomware in general, what does end up from a very basic or review is it basically makes your files not available to you. They're encrypted. They have a essentially a pass code on them that you have to have the correct pass code to decode them. Ah, lot of times that's in the form of a program or actually a physical password you have type in. But you don't get that access to get your files back unless you pay the ransom. Ah, lot of corporations these days, they are not only paying the ransom, they're actually negotiating with the criminals as well. They're trying to say, Oh, you want 10 million? How about four million? Sometimes that it goes on as well, but it's Ah, it's something that organizations know that if they don't have the proper backups and the Attackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicate files, so sometimes you don't have a choice, and organizations will will pay the ransom >>and it's you know they're smart. There's a business they know the probability of buy versus build or pay versus rebuild, so they kind of know where to attack. They know the tactics. The name is vulnerable. It's not like just some kitty script thing going on. This is riel system fistic ated stuff. It's and it's and this highly targeted. Can you talk about some use cases there and what's goes on with that kind of attack? >>Absolutely. The cybercriminals are doing reconnaissance. They're trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. Eh? So there's a lot of attacks going on. We usually we're finding now is ransomware is sometimes the last stage of an attack, so an attacker may go into on organization. They may already be taking data out of that organization. They may be stealing customer data P I, which is personal, identifiable information such as Social Security numbers or or driver's licenses or credit card information. Once they've done their entire attack, once they've gone, everything they can Ah, lot of times their end stage. There last attack is ransomware, and they encrypt all the files on the system and try and try and motivate the victim to pay as fast as possible and as much as possible as well. >>You know, it's interesting. I thought of my buddy today. It's like casing the joint. They check it out. They do their re kon reconnaissance. They go in, identify what's the move that's move to make. How to extract the most out of the victim in this case, Target. Um, and it really I mean, it's just go on a tangent, you know? Why don't we have the right to bear our own arms? Why can't we fight back? I mean, the end of the day, Derek, this is like, Who's protecting me? I mean, >>e do >>what? To protect my own, build my own army, or does the government help us? I mean, that's at some point, I got a right to bear my own arms here, right? I mean, this is the whole security paradigm. >>Yeah, so I mean, there's a couple of things, right? So first of all, this is exactly why we do a lot of that. I was mentioning the skills shortage and cyber cyber security professionals. Example. This is why we do a lot of the heavy lifting on the back end. Obviously, from a defensive standpoint, you obviously have the red team blue team aspect. How do you first, Um, no. There is what is to fight back by being defensive as well, too, and also by, you know, in the world that threat intelligence. One of the ways that we're fighting back is not necessarily by going and hacking the bad guys, because that's illegal in jurisdictions, right? But how we can actually find out who these people are, hit them where it hurts. Freeze assets go after money laundering that works. You follow the cash transactions where it's happening. This is where we actually work with key law enforcement partners such as Inter Pool is an example. This is the world, the threat intelligence. That's why we're doing a lot of that intelligence work on the back end. So there's other ways toe actually go on the offense without necessarily weaponizing it per se right like he's using, you know, bearing your own arms, Aziz said. There's different forms that people may not be aware of with that and that actually gets into the world of, you know, if you see attacks happening on your system, how you how you can use security tools and collaborate with threat intelligence? >>Yeah, I think that I think that's the key. I think the key is these new sharing technologies around collective intelligence is gonna be, ah, great way to kind of have more of an offensive collective strike. But I think fortifying the defense is critical. I mean, that's there's no other way to do that. >>Absolutely. I mean the you know, we say that's almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cyber criminal to operate. And there's many ways to do that right you could be could be a pain to them by by having a very rigid, hard and defense. That means that if if it's too much effort on their end, I mean, they have roos and their in their sense, right, too much effort on there, and they're gonna go knocking somewhere else. Um, there's also, you know, a zay said things like disruption, so ripping infrastructure offline that cripples them. Yeah, it's wack a mole they're going to set up somewhere else. But then also going after people themselves, Um, again, the cash networks, these sorts of things. So it's sort of a holistic approach between anything. >>Hey, it's an arms race. Better ai better cloud scale always helps. You know, it's a ratchet game. Okay, tomorrow I want to get into this video. It's of ransomware four minute video. I'd like you to take us through you to lead you to read. Researcher, >>take us >>through this video and, uh, explain what we're looking at. Let's roll the video. >>All right? Sure s. So what we have here is we have the victims. That's top over here. We have a couple of things on this. Victims that stop. We have ah, batch file, which is essentially going to run the ransom where we have the payload, which is the code behind the ransomware. And then we have files in this folder, and this is where you typically find user files and, ah, really world case. This would be like Microsoft Microsoft Word documents or your Power point presentations. Over here, we just have a couple of text files that we've set up we're going to go ahead and run the ransomware and sometimes Attackers. What they do is they disguise this like they make it look like a like, important word document. They make it look like something else. But once you run, the ransomware usually get a ransom message. And in this case, the ransom message says your files are encrypted. Uh, please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address that usually they look a little more complicated. But this is our fake Bitcoin address, but you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as the researchers, we see files like this all the time. We see ransomware all the all the time. So we use a variety of tools, internal tools, custom tools as well as open source tools. And what you're seeing here is open source tool is called the cuckoo sandbox, and it shows us the behavior of the ransomware. What exactly is a ransom we're doing in this case? You can see just clicking on that file launched a couple of different things that launched basically a command execute herbal, a power shell. It launched our windows shell and then it did things on the file. It basically had registry keys. It had network connections. It changed the disk. So this kind of gives us behind the scenes. Look at all the processes that's happening on the ransomware and just that one file itself. Like I said, there's multiple different things now what we want to do As researchers, we want to categorize this ransomware into families. We wanna try and determine the actors behind that. So we dump everything we know in the ransomware in the central databases. And then we mind these databases. What we're doing here is we're actually using another tool called malt ego and, uh, use custom tools as well as commercial and open source tools. But but this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking malty, go to look through our database and say, like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system because that helps us identify maybe where the ransom that's connecting to where it's going thio other processes that may be doing. In this case, we can see multiple I P addresses that are connected to it so we can possibly see multiple infections weaken block different external websites. If we can identify a command and control system, we can categorize this to a family. And sometimes we can even categorize this to a threat actor that has claimed responsibility for it. Eso It's essentially visualizing all the connections and the relationship between one file and everything else we have in our database in this example. Off course, we put this in multiple ways. We can save these as reports as pdf type reports or, you know, usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets when we're researching file based attacks when we're researching, um, you know, I P reputation We have a lot of different IOC's or indicators of compromise that we can correlate where attacks goes through and maybe even detective new types of attacks as well. >>So the bottom line is you got the tools using combination of open source and commercial products. Toe look at the patterns of all ransomware across your observation space. Is that right? >>Exactly. I should you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic that that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At four of our labs intelligence that we acquire that product, that product of intelligence, it's consumed directly by our projects. >>Also take me through what, what's actually going on? What it means for the customers. So border guard labs. You're looking at all the ransom where you see in the patterns Are you guys proactively looking? Is is that you guys were researching you Look at something pops on the radar. I mean, take us through What is what What goes on? And then how does that translate into a customer notification or impact? >>So So, yeah, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be a wear Some of the solutions we talked about before. And if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can't see. So you got to get your hands on visibility. We call these I, O. C s indicators a compromise. So this is usually something like, um, actual execute herbal file, like the virus from the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that seed, we call it a seed. We could do threat hunting from there, so we can analyze that right? If it's ah piece of malware or a botnet weaken do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things and we really you know, it's similar to the world of C. S. I write have these different gods that they're connecting. We're doing that at hyper scale on DWI. Use that through these tools that Omar was talking. So it's really a life cycle of getting, you know, the malware incoming seeing it first, um, analyzing it on, then doing action on that. Right? So it's sort of a three step process, and the action comes down to what tomorrow is saying water following that to our customers so that they're protected. But then in tandem with that, we're also going further. And I'm sharing it, if if applicable to, say, law enforcement partners, other threat Intel sharing partners to And, um, there's not just humans doing that, right? So the proactive peace again, This is where it comes to artificial intelligence machine learning. Um, there's a lot of cases where we're automatically doing that analysis without humans. So we have a I systems that are analyzing and actually creating protection on its own. Two. So it Zack white interest technology. >>A decision. At the end of the day, you want to protect your customers. And so this renders out if I'm afford a net customer across the portfolio. The goal here is to protect them from ransomware. Right? That's the end of game. >>Yeah, And that's a very important thing when you start talking these big dollar amounts that were talking earlier comes Thio the damages that air down from estimates. >>E not only is a good insurance, it's just good to have that fortification. Alright, So dark. I gotta ask you about the term the last mile because, you know, we were before we came on camera. You know, I'm band with junkie, always want more bandwidth. So the last mile used to be a term for last mile to the home where there was telephone lines. Now it's fiber and by five. But what does that mean to you guys and security is that Does that mean something specific? >>Yeah, Yeah, absolutely. The easiest way to describe that is actionable, right? So one of the challenges in the industry is we live in a very noisy industry when it comes thio cybersecurity. What I mean by that is because of that growing attacks for fists on do you know, you have these different attack vectors. You have attacks not only coming in from email, but websites from, you know, DDOS attacks. There's there's a lot of volume that's just going to continue to grow is the world of I G N O T. S O. What ends up happening is when you look at a lot of security operation centers for customers as an example, um, there are it's very noisy. It's, um you can guarantee that every day you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs, and when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually started to say, Hey, this looks like an attack. I'm gonna go investigate it and block it. So this is where the last mile comes in because ah, lot of the times that you know these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because The reality is, if it's just humans, doing it on that last mile is often going back to your bandwidth terms. There's too much too much lately. See right, So how do you reduce that late and see? That's where the automation the AI machine learning comes in. Thio solve that last mile problem toe automatically either protection. Especially important because you have to be quicker than the attacker. It's an arms race like E. >>I think what you guys do with four to Guard Labs is super important. Not like the industry, but for society at large, as you have kind of all this, you know, shadow, cloak and dagger kind of attacks systems, whether it's National Security international or just for, you know, mafias and racketeering and the bad guys. Can you guys take a minute and explain the role of 40 guards specifically and and why you guys exist? I mean, obviously there's a commercial reason you both on the four net that you know trickles down into the products. That's all good for the customers. I get that, but there's more to the fore to guard than just that. You guys talk about this trend and security business because it is very clear that there's a you know, uh, collective sharing culture developing rapidly for societal benefit. Can you take them into something that, >>Yeah, sure, I'll get my thoughts. Are you gonna that? So I'm going to that Teoh from my point of view, I mean, there's various functions, So we've just talked about that last mile problem. That's the commercial aspect we create through 40 yard labs, 40 yards, services that are dynamic and updated to security products because you need intelligence products to be ableto protect against intelligence attacks. That's just the defense again, going back to How can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that you do. But we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court, and because of that, a lot of these cybercriminals rain free. That's been a big challenge in the industry. So, you know, this has been close to my heart over 10 years, I've been building a lot of these key relationships between private public sector as an example, but also private sector things like Cyber Threat Alliance, where a founding member of the Cyber Threat Alliance, if over 28 members and that alliance. And it's about sharing intelligence to level that playing field because Attackers room freely. What I mean by that is there's no jurisdictions for them. Cybercrime has no borders. Um, they could do a million things, uh, wrong and they don't care. We do a million things right. One thing wrong, and it's a challenge. So there's this big collaboration that's a big part of 40 guard. Why exists to is to make the industry better. Thio, you know, work on protocols and automation and and really fight fight this together. Well, remaining competitors. I mean, we have competitors out there, of course, on DSO it comes down to that last mile problem. John is like we can share intelligence within the industry, but it's on Lee. Intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. And, >>um, are what's your take on this, uh, societal benefit because, you know, I've been saying since the Sony hack years ago that, you know, when you have nation states that if they put troops on our soil, the government would respond. Um, but yet virtually they're here, and the private sector's defend for themselves. No support. So I think this private public partnership thing is very relevant. I think is ground zero of the future build out of policy because, you know, we pay for freedom. Why don't we have cyber freedom is if we're gonna run a business. Where's our help from the government? Pay taxes. So again, if a military showed up, you're not gonna see, you know, cos fighting the foreign enemy, right? So, again, this is a whole new change over it >>really is. You have to remember that cyberattacks puts everyone on even playing field, right? I mean, you know, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that, right? Anyone can basically come up to speed on cyber weapons as long as they have an Internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies, you know, But absolutely that I think a lot of us, You know, from a personal standpoint, a lot of us have seen researchers have seen organizations fail through cyber attacks. We've seen the frustration we've seen. Like, you know, besides organization, we've seen people like, just like grandma's loser pictures of their, you know, other loved ones because they can being attacked by ransom, where I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But But I will add that the least here in the U. S. The federal government actually has a lot of partnerships and ah, lot of programs to help organizations with cyber attacks. Three us cert is always continuously updating, you know, organizations about the latest attacks. Infra Guard is another organization run by the FBI, and a lot of companies like Fortinet and even a lot of other security companies participate in these organizations so everyone can come up to speed and everyone share information. So we all have a fighting chance. >>It's a whole new wave paradigm. You guys on the cutting edge, Derek? Always great to see a mark. Great to meet you remotely looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >>All right. Thank God. Pleasure is always >>okay. Q conversation here. I'm John for a host of the Cube. Great insightful conversation around security Ransomware with a great demo. Check it out from Derek and, um, are from 14 guard labs. I'm John Ferrier. Thanks for watching.
SUMMARY :
from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. I'm John for host of the Cube here in the Cubes Palo Alto studios during What are some of the roles and you guys were seeing on your team? I know we hear that all the time, but I think today you know, all the viewers really get a new idea you know, the old expression started playing Silicon Valley is if you're in the arena, that's where the action and it's different You know, if we look at the world of I mean, first of all, the concept to ransom, obviously you have people that that has gone It's, you know, pain in the butt Thio full on business disruption and lot of times that's in the form of a program or actually a physical password you have type and it's you know they're smart. in the fastest way possible to pay the ransom as well. I mean, the end of the day, To protect my own, build my own army, or does the government help us? the world of, you know, if you see attacks happening on your system, how you how you can use security I mean, that's there's no other way to do that. I mean the you know, we say that's almost every week, I'd like you to take us through you to lead you to read. Let's roll the video. and this is where you typically find user files and, ah, So the bottom line is you got the tools using combination of open source and commercial So our own customers have the ability to detect the same type of threats that we're detecting as well. You're looking at all the ransom where you see in the patterns Are you guys proactively looking? Then we go investigate those malicious things and we really you know, it's similar to the world of C. At the end of the day, you want to protect your customers. Yeah, And that's a very important thing when you start talking these big dollar amounts that were talking earlier comes I gotta ask you about the term the last mile because, you know, we were before we came on camera. ah, lot of the times that you know these logs, they light up like Christmas. I mean, obviously there's a commercial reason you both on the four net that you know because of the intelligence work that you do. I've been saying since the Sony hack years ago that, you know, when you have nation states that if they put troops I mean, you know, now don't have to have a country that has invested a lot in weapons Great to meet you remotely looking forward to meeting in person when the world comes back to normal I'm John for a host of the Cube.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Aamir Lakhani | PERSON | 0.99+ |
FBI | ORGANIZATION | 0.99+ |
Derek | PERSON | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
August 2020 | DATE | 0.99+ |
John | PERSON | 0.99+ |
Aziz | PERSON | 0.99+ |
Omar | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
Cyber Threat Alliance | ORGANIZATION | 0.99+ |
1989 | DATE | 0.99+ |
10 million | QUANTITY | 0.99+ |
Cyber Threat Alliance | ORGANIZATION | 0.99+ |
50 | QUANTITY | 0.99+ |
Panama City | LOCATION | 0.99+ |
Palo Alto | LOCATION | 0.99+ |
Keith | PERSON | 0.99+ |
John Ferrier | PERSON | 0.99+ |
40 yards | QUANTITY | 0.99+ |
40 yard | QUANTITY | 0.99+ |
Guard Labs | ORGANIZATION | 0.99+ |
tomorrow | DATE | 0.99+ |
60 viruses | QUANTITY | 0.99+ |
Boston | LOCATION | 0.99+ |
FortiGuard Labs | ORGANIZATION | 0.99+ |
today | DATE | 0.99+ |
One | QUANTITY | 0.99+ |
Lee | PERSON | 0.99+ |
each victim | QUANTITY | 0.99+ |
Infra Guard | ORGANIZATION | 0.98+ |
over 10 years | QUANTITY | 0.98+ |
Microsoft | ORGANIZATION | 0.98+ |
Thio | PERSON | 0.98+ |
Florida | LOCATION | 0.98+ |
14 guard labs | QUANTITY | 0.98+ |
four minute | QUANTITY | 0.98+ |
over 28 members | QUANTITY | 0.98+ |
20 years ago | DATE | 0.98+ |
over a decade | QUANTITY | 0.98+ |
five | QUANTITY | 0.98+ |
Cube Studios | ORGANIZATION | 0.98+ |
Christmas | EVENT | 0.98+ |
40 guard labs | QUANTITY | 0.97+ |
first half of 2020 | DATE | 0.97+ |
Two | QUANTITY | 0.97+ |
first ransom | QUANTITY | 0.97+ |
U. S. | LOCATION | 0.97+ |
Inter Pool | ORGANIZATION | 0.97+ |
a week | QUANTITY | 0.97+ |
three step | QUANTITY | 0.96+ |
first | QUANTITY | 0.96+ |
Intel | ORGANIZATION | 0.96+ |
Garment | ORGANIZATION | 0.96+ |
earlier this month | DATE | 0.95+ |
101 ransomware | QUANTITY | 0.95+ |
C. S. | PERSON | 0.95+ |
four million | QUANTITY | 0.95+ |
40 guards | QUANTITY | 0.95+ |
one | QUANTITY | 0.95+ |
One thing | QUANTITY | 0.94+ |
Three | QUANTITY | 0.94+ |
windows | TITLE | 0.93+ |
Cube | ORGANIZATION | 0.93+ |
over 235 | QUANTITY | 0.93+ |
both | QUANTITY | 0.93+ |
one file | QUANTITY | 0.93+ |
Target | ORGANIZATION | 0.92+ |
Alto | LOCATION | 0.9+ |
Sony | ORGANIZATION | 0.88+ |
four net | QUANTITY | 0.87+ |
Israel | LOCATION | 0.86+ |
Lakhani | PERSON | 0.81+ |
garment | ORGANIZATION | 0.8+ |
Bitcoin | OTHER | 0.8+ |
Silicon Valley | TITLE | 0.79+ |
Derek Manky and Aamir Lakhani, FortiGuard Labs | CUBE Conversation, August 2020
>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a CUBE conversation. >> Hi everyone. Welcome to this CUBE Conversation. I'm John Furrier host of theCUBE here in the CUBEs, Palo Alto studios during the COVID crisis. We're quarantine with our crew, but we got the remote interviews. Got two great guests here from Fortinet FortiGuard Labs, Derek Mankey, Chief Security Insights and global threat alliances at Fortinet FortiGuard Labs. And Aamir Lakhani who's the Lead Researcher for the FortiGuard Labs. You guys is great to see you. Derek, good to see you again, Aamir, good to meet you too. >> It's been a while and it happens so fast. >> It just seems was just the other day, Derek, we've done a couple of interviews in between a lot of flow coming out of Fortinet FortiGuard, a lot of action, certainly with COVID everyone's pulled back home, the bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security in terms of action, bad actors are at an all time high, new threats. Here's going on, take us through what you guys are doing. What's your team makeup look like? What are some of the roles and you guys are seeing on your team and how does that transcend to the market? >> Yeah, sure, absolutely. So you're right. I mean like I was saying earlier that is, this always happens fast and furious. We couldn't do this without a world class team at FortiGuard Labs. So we've grown our team now to over 235 globally. There's different rules within the team. If we look 20 years ago, the rules used to be just very pigeonholed into say antivirus analysis, right? Now we have to account for, when we're looking at threats, we have to look at that growing attack surface. We have to look at where are these threats coming from? How frequently are they hitting? What verticals are they hitting? What regions, what are the particular techniques, tactics, procedures? So we have threat. This is the world of threat intelligence, of course, contextualizing that information and it takes different skill sets on the backend. And a lot of people don't really realize the behind the scenes, what's happening. And there's a lot of magic happening, not only from what we talked about before in our last conversation from artificial intelligence and machine learning that we do at FortiGuard Labs and automation, but the people. And so today we want to focus on the people and talk about how on the backend we approached a particular threat, we're going to talk to the word ransom and ransomware, look at how we dissect threats, how correlate that, how we use tools in terms of threat hunting as an example, and then how we actually take that to that last mile and make it actionable so that customers are protected. I would share that information with keys, right, until sharing partners. But again, it comes down to the people. We never have enough people in the industry, there's a big shortage as we know, but it's a really key critical element. And we've been building these training programs for over a decade with them FortiGuard Labs. So, you know John, this to me is exactly why I always say, and I'm sure Aamir can share this too, that there's never a adult day in the office and all we hear that all the time. But I think today, all of you is really get an idea of why that is because it's very dynamic and on the backend, there's a lot of things that we're doing to get our hands dirty with this. >> You know the old expression startup plan Silicon Valley is if you're in the arena, that's where the action is. And it's different than sitting in the stands, watching the game. You guys are certainly in that arena and you got, we've talked and we cover your, the threat report that comes out frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware, what's going on? What's the state of the ransomware situation? Set the stage because that's still continues to be threat. I don't go a week, but I don't read a story about another ransomware. And then at least I hear they paid 10 million in Bitcoin or something like, I mean, this is real, that's a real ongoing threat. What is it? >> The (indistinct) quite a bit. But yeah. So I'll give sort of the 101 and then maybe we can pass it to Aamir who is on the front lines, dealing with this every day. You know if we look at the world of, I mean, first of all, the concept of ransom, obviously you have people that has gone extended way way before cybersecurity in the world of physical crime. So of course, the world's first ransom where a virus is actually called PC Cyborg. This is a 1989 around some payment that was demanded through P.O Box from the voters Panama city at the time, not too effective on floppiness, a very small audience, not a big attack surface. Didn't hear much about it for years. Really, it was around 2010 when we started to see ransomware becoming prolific. And what they did was, what cyber criminals did was shift on success from a fake antivirus software model, which was, popping up a whole bunch of, setting here, your computer's infected with 50 or 60 viruses, PaaS will give you an antivirus solution, which was of course fake. People started catching on, the giggles out people caught on to that. So they, weren't making a lot of money selling this fraudulent software, enter ransomware. And this is where ransomware, it really started to take hold because it wasn't optional to pay for this software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer that the encryption, couldn't decrypt it, but any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw, we've seen things like master boot record, MVR, ransomware. This is persistent. It sits before your operating system, when you boot up your computer. So it's hard to get rid of it. Very strong public private key cryptography. So each victim is effective with the direct key, as an example, the list goes on and I'll save that for the demo today, but that's basically, it's just very, it's prolific. We're seeing shuts not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted around some cases that are going after critical business. Essentially it's like a DoS holding revenue streams go ransom too. So the ransom demands are getting higher because of this as well. So it's complicated. >> Was mentioning Aamir, why don't you weigh in, I mean, 10 million is a lot. And we reported earlier in this month. Garmin was the company that was hacked, IT got completely locked down. They pay 10 million, Garmin makes all those devices. And as we know, this is impact and that's real numbers. I mean, it's not other little ones, but for the most part, it's nuance, it's a pain in the butt to full on business disruption and extortion. Can you explain how it all works before we go to the demo? >> You know, you're absolutely right. It is a big number and a lot of organizations are willing to pay that number, to get their data back. Essentially their organization and their business is at a complete standstill when they don't pay, all their files are inaccessible to them. Ransomware in general, what it does end up from a very basic overview is it basically makes your files not available to you. They're encrypted. They have essentially a passcode on them that you have to have the correct passcode to decode them. A lot of times that's in a form of a program or actually a physical password you have to type in, but you don't get that access to get your files back unless you pay the ransom. A lot of corporations these days, they are not only paying the ransom. They're actually negotiating with the criminals as well. They're trying to say, "Oh, you want 10 million? "How about 4 million?" Sometimes that goes on as well. But it's something that organizations know that if they didn't have the proper backups and the hackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicated files. So sometimes you don't have a choice in organizations. Will pay the ransom. >> And it's, they're smart, there's a business. They know the probability of buy versus build or pay versus rebuild. So they kind of know where to attack. They know that the tactics and it's vulnerable. It's not like just some kitty script thing going on. This is real sophisticated stuff it's highly targeted. Can you talk about some use cases there and what goes on with that kind of a attack? >> Absolutely. The cyber criminals are doing reconnaissance and trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. So there's a lot of attacks going on. We usually, what we're finding now is ransomware is sometimes the last stage of an attack. So an attacker may go into an organization. They may already be taking data out of that organization. They may be stealing customer data, PII, which is personal identifiable information, such as social security numbers, or driver's licenses, or credit card information. Once they've done their entire tap. Once they've gone everything, they can. A lot of times their end stage, their last attack is ransomware. And they encrypt all the files on the system and try and motivate the victim to pay as fast as possible and as much as possible as well. >> I was talking to my buddy of the day. It's like casing the joint there, stay, check it out. They do their recon, reconnaissance. They go in identify what's the best move to make, how to extract the most out of the victim in this case, the target. And it really is, I mean, it's just to go on a tangent, why don't we have the right to bear our own arms? Why can't we fight back? I mean, at the end of the day, Derek, this is like, who's protecting me? I mean, what to protect my, build my own arms, or does the government help us? I mean, at some point I got a right to bear my own arms here. I mean, this is the whole security paradigm. >> Yeah. So, I mean, there's a couple of things. So first of all, this is exactly why we do a lot of, I was mentioning the skill shortage in cyber cybersecurity professionals as an example. This is why we do a lot of the heavy lifting on the backend. Obviously from a defensive standpoint, you obviously have the red team, blue team aspect. How do you first, there's what is to fight back by being defensive as well, too. And also by, in the world of threat intelligence, one of the ways that we're fighting back is not necessarily by going and hacking the bad guys because that's illegal jurisdictions. But how we can actually find out who these people are, hit them where it hurts, freeze assets, go after money laundering networks. If you follow the cash transactions where it's happening, this is where we actually work with key law enforcement partners, such as Interpol as an example, this is the world of threat intelligence. This is why we're doing a lot of that intelligence work on the backend. So there's other ways to actually go on the offense without necessarily weaponizing it per se, right? Like using, bearing your own arms as you said, there there's different forms that people may not be aware of with that. And that actually gets into the world of, if you see attacks happening on your system, how you can use the security tools and collaborate with threat intelligence. >> I think that's the key. I think the key is these new sharing technologies around collective intelligence is going to be a great way to kind of have more of an offensive collective strike. But I think fortifying, the defense is critical. I mean, that's, there's no other way to do that. >> Absolutely, I mean, we say this almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cybercriminal to operate. And there's many ways to do that, right? You can be a pain to them by having a very rigid, hardened defense. That means if it's too much effort on their end, I mean, they have ROIs and in their sense, right? It's too much effort on there and they're going to go knocking somewhere else. There's also, as I said, things like disruption, so ripping infrastructure offline that cripples them, whack-a-mole, they're going to set up somewhere else. But then also going after people themselves, again, the cash networks, these sorts of things. So it's sort of a holistic approach between- >> It's an arms race, better AI, better cloud scale always helps. You know, it's a ratchet game. Aamir, I want to get into this video. It's a ransomware four minute video. I'd like you to take us through as you the Lead Researcher, take us through this video and explain what we're looking at. Let's roll the video. >> All right. Sure. So what we have here is we have the victims that's top over here. We have a couple of things on this victim's desktop. We have a batch file, which is essentially going to run the ransomware. We have the payload, which is the code behind the ransomware. And then we have files in this folder. And this is where you would typically find user files and a real world case. This would be like Microsoft or Microsoft word documents, or your PowerPoint presentations, or we're here we just have a couple of text files that we've set up. We're going to go ahead and run the ransomware. And sometimes attackers, what they do is they disguise this. Like they make it look like an important word document. They make it look like something else. But once you run the ransomware, you usually get a ransom message. And in this case, a ransom message says, your files are encrypted. Please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address. I usually they look a little more complicated, but this is our fake Bitcoin address. But you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as researchers, we see files like this all the time. We see ransomware all the time. So we use a variety of tools, internal tools, custom tools, as well as open source tools. And what you're seeing here is an open source tool. It's called the Cuckoo Sandbox, and it shows us the behavior of the ransomware. What exactly is ransomware doing. In this case, you can see just clicking on that file, launched a couple of different things that launched basically a command executable, a power shell. They launched our windows shell. And then at, then add things on the file. It would basically, you had registry keys, it had on network connections. It changed the disk. So that's kind of gives us a behind the scenes, look at all the processes that's happening on the ransomware. And just that one file itself, like I said, does multiple different things. Now what we want to do as a researchers, we want to categorize this ransomware into families. We want to try and determine the actors behind that. So we dump everything we know in a ransomware in the central databases. And then we mine these databases. What we're doing here is we're actually using another tool called Maldito and use custom tools as well as commercial and open source tools. But this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking Maldito to look through our database and say like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system, because that helps us identify maybe where the ransomware is connecting to, where it's going to other processes that I may be doing. In this case, we can see multiple IP addresses that are connected to it. So we can possibly see multiple infections. We can block different external websites that we can identify a command and control system. We can categorize this to a family, and sometimes we can even categorize this to a threat actor as claimed responsibility for it. So it's essentially visualizing all the connections and the relationship between one file and everything else we have in our database. And this example, of course, I'd put this in multiple ways. We can save these as reports, as PDF type reports or usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets, when we're researching file-based attacks, when we're researching IP reputation, we have a lot of different IOC or indicators of compromise that we can correlate where attacks go through and maybe even detect new types of attacks as well. >> So the bottom line is you got the tools using combination of open source and commercial products to look at the patterns of all ransomware across your observation space. Is that right? >> Exactly. I showed you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic, that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At FortiGuard Labs, the intelligence that we acquire, that product, that product of intelligence it's consumed directly by our prospects. >> So take me through what what's actually going on, what it means for the customer. So FortiGuard Labs, you're looking at all the ransomware, you seeing the patterns, are you guys proactively looking? Is it, you guys are researching, you look at something pops in the radar. I mean, take us through what goes on and then how does that translate into a customer notification or impact? >> So, yeah, John, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be (indistinct) as we look for some of the solutions we talked about before, and if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can see. So you got to get your hands on visibility. We call these IOC indicators of compromise. So this is usually something like an actual executable file, like the virus or the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that SEED, we call it a SEED. We can do threat hunting from there. So we can analyze that, right? If we have to, it's a piece of malware or a botnet, we can do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things. And we really, it's similar to the world of CSI, right? These different dots that they're connecting, we're doing that at hyper-scale. And we use that through these tools that Aamir was talking about. So it's really a lifecycle of getting the malware incoming, seeing it first, analyzing it, and then doing action on that. So it's sort of a three step process. And the action comes down to what Aamir was saying, waterfall and that to our customers, so that they're protected. But then in tandem with that, we're also going further and I'm sharing it if applicable to say law enforcement partners, other threat Intel sharing partners too. And it's not just humans doing that. So the proactive piece, again, this is where it comes to artificial intelligence, machine learning. There's a lot of cases where we're automatically doing that analysis without humans. So we have AI systems that are analyzing and actually creating protection on its own too. So it's quite interesting that way. >> It say's at the end of the day, you want to protect your customers. And so this renders out, if I'm a Fortinet customer across the portfolio, the goal here is protect them from ransomware, right? That's the end game. >> Yeah. And that's a very important thing. When you start talking to these big dollar amounts that were talking earlier, it comes to the damages that are done from that- >> Yeah, I mean, not only is it good insurance, it's just good to have that fortification. So Derek, I going to ask you about the term the last mile, because, we were, before we came on camera, I'm a band with junkie always want more bandwidth. So the last mile, it used to be a term for last mile to the home where there was telephone lines. Now it's fiber and wifi, but what does that mean to you guys in security? Does that mean something specific? >> Yeah, absolutely. The easiest way to describe that is actionable. So one of the challenges in the industry is we live in a very noisy industry when it comes to cybersecurity. What I mean by that is that because of that growing attacks for FIS and you have these different attack factors, you have attacks not only coming in from email, but websites from DoS attacks, there's a lot of volume that's just going to continue to grow is the world that 5G and OT. So what ends up happening is when you look at a lot of security operations centers for customers, as an example, there are, it's very noisy. It's you can guarantee almost every day, you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs. And when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually start to say, "Hey, this looks like an attack." I'm going to go investigate it and block it. So this is where the last mile comes in, because a lot of the times that, these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because the reality is if it's just humans doing it, that last mile is often going back to your bandwidth terms. There's too much latency. So how do you reduce that latency? That's where the automation, the AI machine learning comes in to solve that last mile problem to automatically add that protection. It's especially important 'cause you have to be quicker than the attacker. It's an arms race, like you said earlier. >> I think what you guys do with FortiGuard Labs is super important, not only for the industry, but for society at large, as you have kind of all this, shadow, cloak and dagger kind of attack systems, whether it's national security international, or just for, mafias and racketeering, and the bad guys. Can you guys take a minute and explain the role of FortiGuards specifically and why you guys exist? I mean, obviously there's a commercial reason you built on the Fortinet that trickles down into the products. That's all good for the customers, I get that. But there's more at the FortiGuards. And just that, could you guys talk about this trend and the security business, because it's very clear that there's a collective sharing culture developing rapidly for societal benefit. Can you take a minute to explain that? >> Yeah, sure. I'll give you my thoughts, Aamir will add some to that too. So, from my point of view, I mean, there's various functions. So we've just talked about that last mile problem. That's the commercial aspect. We created a through FortiGuard Labs, FortiGuard services that are dynamic and updated to security products because you need intelligence products to be able to protect against intelligent attacks. That's just a defense again, going back to, how can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that we do, but we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court. And because of that, a lot of these cyber criminals reign free, and that's been a big challenge in the industry. So this has been close my heart over 10 years, I've been building a lot of these key relationships between private public sector, as an example, but also private sector, things like Cyber Threat Alliance. We're a founding member of the Cyber Threat Alliance. We have over 28 members in that Alliance, and it's about sharing intelligence to level that playing field because attackers roam freely. What I mean by that is there's no jurisdictions for them. Cyber crime has no borders. They can do a million things wrong and they don't care. We do a million things right, one thing wrong and it's a challenge. So there's this big collaboration. That's a big part of FortiGuard. Why exists too, as to make the industry better, to work on protocols and automation and really fight this together while remaining competitors. I mean, we have competitors out there, of course. And so it comes down to that last mile problems on is like, we can share intelligence within the industry, but it's only intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. >> Aamir, what's your take on this societal benefit? Because, I would say instance, the Sony hack years ago that, when you have nation States, if they put troops on our soil, the government would respond, but yet virtually they're here and the private sector has to fend for themselves. There's no support. So I think this private public partnership thing is very relevant, I think is ground zero of the future build out of policy because we pay for freedom. Why don't we have cyber freedom if we're going to run a business, where is our help from the government? We pay taxes. So again, if a military showed up, you're not going to see companies fighting the foreign enemy, right? So again, this is a whole new changeover. What's your thought? >> It really is. You have to remember that cyber attacks puts everyone on an even playing field, right? I mean, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that. Anyone can basically come up to speed on cyber weapons as long as an internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies. But absolutely I think a lot of us, from a personal standpoint, a lot of us have seen research does I've seen organizations fail through cyber attacks. We've seen the frustration, we've seen, like besides organization, we've seen people like, just like grandma's lose their pictures of their other loved ones because they kind of, they've been attacked by ransomware. I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But I will add that at least here in the U.S. the federal government actually has a lot of partnerships and a lot of programs to help organizations with cyber attacks. The US-CERT is always continuously updating, organizations about the latest attacks and regard is another organization run by the FBI and a lot of companies like Fortinet. And even a lot of other security companies participate in these organizations. So everyone can come up to speed and everyone can share information. So we all have a fighting chance. >> It's a whole new wave of paradigm. You guys are on the cutting edge. Derek always great to see you, Aamir great to meet you remotely, looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >> Pleasure as always. >> Okay. Keep conversation here. I'm John Furrier, host of theCUBE. Great insightful conversation around security ransomware with a great demo. Check it out from Derek and Aamir from FortiGuard Labs. I'm John Furrier. Thanks for watching.
SUMMARY :
leaders all around the world. Derek, good to see you again, and it happens so fast. advantage of the situation. and automation, but the people. But for the folks that aren't in the weeds and I'll save that for the demo today, it's a pain in the butt to and the hackers are getting smart, They know that the tactics is sometimes the last stage of an attack. the best move to make, And that actually gets into the world of, the defense is critical. for the cybercriminal to operate. Let's roll the video. And this is where you would So the bottom line is you got the tools the ability to detect you look at something pops in the radar. So the proactive piece, again, It say's at the end of the day, it comes to the damages So Derek, I going to ask you because a lot of the times that, and the security business, because of the intelligence the government would respond, So it evens the playing field, Aamir great to meet you remotely, I'm John Furrier, host of theCUBE.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Derek | PERSON | 0.99+ |
John | PERSON | 0.99+ |
FBI | ORGANIZATION | 0.99+ |
Garmin | ORGANIZATION | 0.99+ |
Aamir Lakhani | PERSON | 0.99+ |
Aamir | PERSON | 0.99+ |
Derek Mankey | PERSON | 0.99+ |
August 2020 | DATE | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
10 million | QUANTITY | 0.99+ |
FortiGuard Labs | ORGANIZATION | 0.99+ |
John Furrier | PERSON | 0.99+ |
Palo Alto | LOCATION | 0.99+ |
Microsoft | ORGANIZATION | 0.99+ |
Derek Manky | PERSON | 0.99+ |
50 | QUANTITY | 0.99+ |
Cyber Threat Alliance | ORGANIZATION | 0.99+ |
Panama | LOCATION | 0.99+ |
Fortinet FortiGuard Labs | ORGANIZATION | 0.99+ |
FortiGuard | ORGANIZATION | 0.99+ |
today | DATE | 0.99+ |
FortiGuards | ORGANIZATION | 0.99+ |
60 viruses | QUANTITY | 0.99+ |
Christmas | EVENT | 0.99+ |
1989 | DATE | 0.99+ |
Boston | LOCATION | 0.99+ |
four minute | QUANTITY | 0.99+ |
over 10 years | QUANTITY | 0.99+ |
one | QUANTITY | 0.98+ |
Sony | ORGANIZATION | 0.98+ |
each victim | QUANTITY | 0.98+ |
first ransom | QUANTITY | 0.98+ |
first half of 2020 | DATE | 0.98+ |
over 28 members | QUANTITY | 0.98+ |
101 ransomware | QUANTITY | 0.98+ |
20 years ago | DATE | 0.98+ |
three step | QUANTITY | 0.98+ |
windows | TITLE | 0.97+ |
Maldito | TITLE | 0.97+ |
Interpol | ORGANIZATION | 0.97+ |
P.O Box | ORGANIZATION | 0.96+ |
first | QUANTITY | 0.96+ |
one file | QUANTITY | 0.96+ |
over 235 | QUANTITY | 0.96+ |
US-CERT | ORGANIZATION | 0.95+ |
Silicon Valley | LOCATION | 0.95+ |
FIS | ORGANIZATION | 0.94+ |
PowerPoint | TITLE | 0.94+ |
a week | QUANTITY | 0.94+ |
two great guests | QUANTITY | 0.94+ |
IOC | ORGANIZATION | 0.93+ |
2010 | DATE | 0.91+ |
one thing | QUANTITY | 0.9+ |
Bitcoin | OTHER | 0.9+ |
Renee Tarun, Fortinet & Derek Manky, FortiGuard Labs | CUBEConversation, March 2020
(soft music) >> Narrator: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world: this is a CUBE conversation. >> Everyone, welcome to this special cube conversation. We're here in the Palo Alto studios, where I am; here during this critical time during the corona virus and this work at home current situation across the United States and around the world. We've got a great interview here today around cybersecurity and the threats that are out there. The threats that are changing as a result of the current situation. We got two great guests; Derek Manky, Chief Security Insights and Global Threat Alliances at FortiGuard labs. And Renee Tarun, deputy Chief Information Security Officer with Fortinet net. Guys, thanks for remotely coming in. Obviously, we're working remotely. Thanks for joining me today on this really important conversation. >> It's a pleasure to be here. >> Thanks for having us. >> So Renee and Derek. Renee, I want to start with you as deputing CISO. There's always been threats. Every day is a crazy day. But now more than ever over the past 30 to 45 days we've seen a surge in activity with remote workers. Everyone's working at home. It's disrupting family's lives. How people do business. And also they're connected to the internet. So it's an endpoint. It's a (laughs) hackable environment. We've had different conversation with you guys about this. But now more than ever, it's an at scale problem. What is the impact of the current situation for that problem statement of from working at home, at scale. Are there new threats? What's happening? >> Yeah, I think you're seeing some organizations have always traditionally had that work at home ability. But now what you're seeing is now entire workforces that are working home and now some companies are scrambling to ensure that they have a secure work at home for teleworkers at scale. In addition some organizations that never had a work from home practice are now being forced into that and so a lot of organizations now are faced with the challenge that employees are now bringing their own device into connecting to their networks. 'Cause employees can't be bring their workstations home with them. And if they don't have a company laptop they're of course using their own personal devices. And some personal devices are used by their kids. They're going out to gaming sites that could be impacted with malware. So it creates a lot of different challenges from a security perspective that a lot of organizations aren't necessarily prepared for. It's not only from a security but also from a scalability perspective. >> When I'm at home working... I came into the studio to do this interview. So I really wanted to talk to you guys. But when I'm at home, this past couple weeks. My kids are home. My daughter is watching Netflix. My son's gaming, multiplayer gaming. The surface area from a personnel standpoint or people standpoint is increased. My wife's working at home. My daughters there, two daughters. So this is also now a social issue because there are more people on the WiFi, there's more bandwidth being used. There's more fear. This has been an opportunity for the hackers. This crime of fear using the current situation. So is it changing how you guys are recommending people protect themselves at home? Or is it just accelerating a core problem that you've seen before? >> Yeah, so I think it's not changing. It's changing in terms of priority. I mean, all the things that we've talked about before it's just becoming much more critical. I think, at this point in time. If you look at any histories that we've... Lessons we've learned from the past or haven't learned (laughs). That's something that is just front and center right now. We've seen attack campaigns on any high level news. Anything that's been front and center. And we've seen successful attack campaigns in the past owing to any sort of profile events. We had Olympic destroyer last last Olympic period, when we have them in Korea as an example, in South Korea. We've seen... I can go back 10 years plus and give a History timeline, every single there's been something dominating the news. >> John: Yeah. And there's been attack campaigns that are leveraged on that. Obviously this is a much higher focus now given the global news domination that's happening with COVID. The heightened fear and anxiety. Just the other day FortiGuard labs, we pulled up over 600 different phishing emails and scam attempts for COVID-19. And we're actively poring through those. I expect that number to increase. Everybody is trying to hop on this bandwagon. I was just talking to our teams from the labs today. Groups that we haven't seen active since about 2011, 2012. Malware campaign authors. They're riding this bandwagon right now as well. So it's really a suction if you will, for these cyber criminals. So all of the things that we recommend in the past, obviously being vigilant, looking at those links coming in. Obviously, there's a lot of impersonators. There's a lot of spoofing out there. People prefer pretending to be the World Health Organization. We wrote a blog on this a couple of weeks back. People have to have this zero trust mentality coming in. Is everyone trying to ride on this? Especially on social networks, on emails. Even phishing and voice vishing. So the voice phishing. You really have to put more... People have to put more of a safeguard up. Not only for their personal health like everyone's doing the social distancing but also virtual (laughs) social distancing when it comes to really trusting who's trying to send you these links. >> Well, I'm glad you guys have the FortiGuard guard labs there. And I think folks watching should check it out and keep sending us that data. I think watching the data is critical. Everyone's watching the data. They want the real data. You brought up a good point, Rene. I want to get your thoughts on this because the at scale thing really gets my attention because there's more people at home as I mentioned from a social construct standpoint. Work at home is opening up new challenges for companies that haven't been prepared. Even though ones that are prepared have known at scale. So you have a spectrum of challenges. The social engineering is the big thing on Phishing. You're seeing all kinds of heightened awareness. It is a crime of opportunity for hackers. Like Derek just pointed out. What's your advice? What's your vision of what's happening? How do you see it evolving? And what can people do to protect themselves? What's the key threats? And what steps are people taking? >> Yeah, I think, like Derek said, kind of similar how in the physical world we're washing our hands. We're keeping 6 feet away from people. We could distance from our adversaries, as well. Again when you're looking at your emails ensuring that you're only opening attachments from people that you know. Hovering over the links to ensure that they are from legitimate sources. And being mindful that when you're seeing these type of attacks coming in, whether they are coming through emails. Through your phones. Take a moment and pause and think about would someone be contacting me through my cell phone? Through sending me a text message? or emails asking me for personal information? Asking me for user IDs and passwords, credential and information. So you kind of need to take that second and really think before you start taking actions. And similar to opening attachments we've seen a lot of cases where someone attaches a PDF file to an email but when you open up the PDF it's actually a malware. So you need to be careful and think to yourself, was I expecting this attachment? Do I know the person? And take steps to actually follow up and call that person directly and say, "Hey, did you really send this to me? "Is this legitimate?" >> And the thing-- >> You got to to be careful what you're opening up. Which links you click on. But while I got you here, I want to get your opinion on this because there's digital attacks and then there's phone based attacks. We all have mobile phones. I know this might be a little bit too elementary, but I do want to get it out there. Can you define the difference in phishing and spear phishing for the folks that are trying to understand the difference in phishing and spear phishing techniques. >> The main difference is spear phishing is really targeting a specific individual, or within a specific role within a company. For example, targeting like the CEO or the CFO. So those are attacks that are specifically targeting a specific individual or specific role. Where phishing emails are targeting just mass people regardless of their roles and responsibilities. >> So I'm reading the blog post that you guys put out. Which I think everyone... I'll put the link on SiliconANGLE later. But it's on fortinet.com Under digital attacks you've got the phishing and spear phishing which is general targeting an email or individually spear spearing someone specifically. But you guys list social media deception, pre-texting and water holing as the key areas. Is that just based on statistics? Or just the techniques that people are using? Can you guys comment on and react to those different techniques? >> Yeah, so I think with the water holing specifically as well. The water holing attack refers to people that every day as part of their routine going to some sort of, usually a news source. It could be their favorite sites, social media, etc. Those sorts of sources because it's expected for people to go and drink from a water hole, are prime targets to these attackers. They can be definitely used for spear phishing but also for the masses for these phishing campaigns. Those are more effective. Attackers like to cast a wide net. And it's especially effective if you think of the climate that's happening right now, like you said earlier at the start of this conversation. That expanded attack surface. And also the usage of bandwidth and more platforms now applications. There's more traffic going to these sites simply. People have more time at home through telework. To virtually go to these sites. And so, yeah. Usually what we see in these water holing attacks can be definitely phishing sites that are set up on these pages. 'Cause they might have been compromised. So this is something even for people who are hosting these websites, right? There's always two sides of the coin. You got security of your client side security And your service side security-- >> So spear phishing is targeting an individual, water holing is the net that gets a lot of people and then they go from there. Can you guys, Renee or Derek talk about social media deception and pretexting. These are other techniques as well that are popular. Can you guys comment and define those? >> Yeah, so some of the pretexting that you're saying is what's happening is adversaries are either sending text, trying to get people to click on links, go to malicious sites. And they're also going setting up these fabricated stories and they're trying to call. Acting like they're a legitimate source. And again, trying to use tactics and a lot of times scare tactics. Trying to get people to divulge information, personal information. Credit card numbers, social security numbers, user IDs and passwords to gain access to either-- >> So misinformation campaigns would be an example that like, "I got a coven virus vaccine, put your credit card down now and get on the mailing list." Is that was that kind of the general gist there? >> Absolutely. >> Okay. >> And we've also seen as another example, and this was in one of our blogs I think about a couple weeks ago some of the first waves of these attacks that we saw was also again, impersonating to be the World Health Organization as part of pretexting. Saying that there's important alerts and updates that these readers must read in their regions, but they're of course malicious documents that are attached. >> Yeah, how do people just get educated on this? This is really challenging because if you're a nerd like us you can know what a URL looks like. And you can tell it's a host server or host name, it's not real. But when they're embedded in these social networks, how do you know? what's the big challenge? Just education and kind of awareness? >> Yeah, so I'll just jump in quickly on that. From my point of view, it's the whole ecosystem, right? There's no just one silver bullet. Education, cyber hygiene for sure. But beyond that obviously, this is where the security solutions pop in. So having that layered defense, right? That goes a long way of everything from anti-spam to antivirus. To be able to scan those malicious attachments. Endpoint security. Especially now in the telework force that we're dealing with having managed endpoint security from distributed enterprise angle is very important because all of these workstations that were within the corporate network before are now roaming--quote unquote--roaming or from home. So it's a multi-pronged approach, really. But education is of course a very good line of defense for our employees. And I think updated education on a weekly basis. >> Okay, before we get to the remote action steps, 'Cause I think the remote workers at scales like the critical problem that we're seeing now. I want to just close out this attack social engineering thing. There's also phone based attacks. We all have mobile phones, right? So we use such smartphones. There's other techniques in that. What are the techniques for the phone based attacks? >> Yeah, a lot of times you'll see adversaries, they're spoofing other phones. So what happens is that when you receive a call or a text it looks like it's coming from a number in your local area. So a lot of times that kind of gives you a false sense of security thinking in that it is a legitimate call when in reality they're simply just spoofing the number. And it's really coming from somewhere else in the country or somewhere else in the world. >> So I get a call from Apple support and it's not Apple support. They don't have a callback, that's spoofing? >> That's one way but also the number itself. When you see the number coming in. For example, I'm in the 410 area code. Emails coming in from my area code with my exchange is another example where it looks like it's someone that's either a close friend or someone within my community when in reality, it's not. >> And at the end of the day too the biggest red flags for these attacks are unsolicited information, right? If they're asking for any information always, always treat that as a red flag. We've seen this in the past. Just as an example with call centers, hotels too. Hackers have had access right to the switchboards to call guests rooms and say that there's a problem at the front desk and they just want to register the users information and they asked for credit card guest information to confirm all sorts of things. So again, anytime information is asked for always think twice. Try to verify. Callback numbers are a great thing. Same thing in social media if someone's messaging you, right? Try to engage in that dialect conversation, verify their identity. >> So you got-- >> That's also another good example of social media, is another form of essential engineering attacks is where people are creating profiles in say for example, LinkedIn. And they're acting like they're either someone from your company or a former colleague or friend as another way to try and make that human to human connection in order to do malicious things. >> Well, we've discussed with you guys in the past around LinkedIn as a feeding ground for spear phishing because, "Hey, here, don't tell your boss but here's "a PDF job opening paying huge salary. "You're qualified." Of course I'm going to look at that, right? So and a lot of that goes on. We see that happen a lot. I want to get your thoughts, Renee on the the vishing and phishing. Smishing is the legitimate source spoofing and vishing is the cloaking or spoofing, right? >> Yeah, smishing is really the text based attacks that you're seeing through your phones. Vishing is using more of a combination of someone that is using a phone based attack but also creating a fake profile, creating a persona. A fabricated story that's ultimately fake but believable. And to try and encourage you to provide information, sensitive information. >> Well, I really appreciate you guys coming on and talking about the attackers trying to take advantage of the current situation. The remote workers again, this is the big at scale thing. What are the steps that people can take, companies can take to protect themselves from or the at scale remote worker situation that could be going on for quite some time now? >> Yeah. So again, at that scale with people in this new normal as we call it, teleworking. Being at scale is... Everyone has to do their part. So I would recommend A from an IT standpoint, keeping all employees virtually in the loop. So weekly updates from security teams. The cyber hygiene practice, especially patch management is critically important too, right? You have a lot of these other devices connected to networks, like you said. IoT devices, all these things that are all prime attack targets. So keeping all the things that we've talked about before, like patch management. Be vigilant on that from an end user perspective. I think especially putting into the employees that they have to be aware that they are highly at risk for this. And I think there has to be... We talked about changes earlier. In terms of mentality education, cyber hygiene, that doesn't change. But I think the way that this isn't forced now, that starts with the change, right? That's a big focus point especially from an IT security standpoint. >> Well, Derek, keep that stat and keep those stats coming in to us. We are very interested. You got the insight. You're the chief of the insights and the global threat. You guys do a great job at FortiGuard guard labs. That's phenomenal. Renee, I'd like you to have the final word on the segment here and we can get back to our remote working and living. What is going on the mind of the CISO right now? Because again, a lot of people are concerned. They don't know how long it's going to last. Certainly we're now in a new normal. Whatever happens going forward as post pandemic world, what's going on in the mind of the CISO right now? What are they thinking? What are they planning for? What's going on? >> Yeah, I think there's a lot of uncertainty. And I think the remote teleworking, again, making sure that employees have secure remote access that can scale. I think that's going to be on the forefront. But again, making sure that people connecting remotely don't end up introducing additional potential vulnerabilities into your network. And again, just keeping aware. Working closely with the IT teams to ensure that we keep our workforces updated and trained and continue to be vigilant with our monitoring capabilities as well as ensuring that we're prepared for potential attacks. >> Well, I appreciate your insights, folks, here. This is great. Renee and Derek thanks for coming on. We want to bring you back in when should do a digital event here in the studio and get the data out there. People are interested. People are making changes. Maybe this could be a good thing. Make some lemonade out of the lemons that are in the industry right now. So thank you for taking the time to share what's going on in the cyber risks. Thank you. >> Thank you, we'll keep those stats coming. >> Okay, CUBE conversation here in Palo Alto with the remote guests. That's what we're doing now. We are working remotely with all of our CUBE interviews. Thanks for watching. I'm John Furrier, co-host to theCUBE. (soft music)
SUMMARY :
this is a CUBE conversation. We're here in the Palo Alto studios, where I am; But now more than ever over the past 30 to 45 days are now being forced into that I came into the studio to do this interview. I mean, all the things that we've talked about before I expect that number to increase. The social engineering is the big thing on Phishing. from people that you know. for the folks that are trying to understand For example, targeting like the CEO or the CFO. So I'm reading the blog post that you guys put out. that every day as part of their routine going to Can you guys comment and define those? Yeah, so some of the pretexting Is that was that kind of the general gist there? some of the first waves of these attacks that we saw And you can tell it's So having that layered defense, right? What are the techniques for the phone based attacks? So a lot of times that kind of gives you and it's not Apple support. For example, I'm in the 410 area code. And at the end of the day too that human to human connection So and a lot of that goes on. And to try and encourage you and talking about the attackers trying And I think there has to be... What is going on the mind of the CISO right now? I think that's going to be on the forefront. that are in the industry right now. I'm John Furrier, co-host to theCUBE.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Renee | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
John Furrier | PERSON | 0.99+ |
World Health Organization | ORGANIZATION | 0.99+ |
Renee Tarun | PERSON | 0.99+ |
John | PERSON | 0.99+ |
Apple | ORGANIZATION | 0.99+ |
FortiGuard | ORGANIZATION | 0.99+ |
March 2020 | DATE | 0.99+ |
Palo Alto | LOCATION | 0.99+ |
Korea | LOCATION | 0.99+ |
Rene | PERSON | 0.99+ |
6 feet | QUANTITY | 0.99+ |
ORGANIZATION | 0.99+ | |
two daughters | QUANTITY | 0.99+ |
FortiGuard Labs | ORGANIZATION | 0.99+ |
South Korea | LOCATION | 0.99+ |
United States | LOCATION | 0.99+ |
Olympic | EVENT | 0.99+ |
two sides | QUANTITY | 0.99+ |
today | DATE | 0.99+ |
Boston | LOCATION | 0.99+ |
twice | QUANTITY | 0.99+ |
COVID-19 | OTHER | 0.98+ |
over 600 different phishing emails | QUANTITY | 0.98+ |
Global Threat Alliances | ORGANIZATION | 0.98+ |
CUBE | ORGANIZATION | 0.98+ |
two great guests | QUANTITY | 0.97+ |
one way | QUANTITY | 0.97+ |
one | QUANTITY | 0.96+ |
410 | OTHER | 0.96+ |
second | QUANTITY | 0.94+ |
fortinet.com | OTHER | 0.92+ |
45 days | QUANTITY | 0.92+ |
theCUBE | ORGANIZATION | 0.92+ |
past couple weeks | DATE | 0.89+ |
first | EVENT | 0.89+ |
one silver bullet | QUANTITY | 0.87+ |
2011, | DATE | 0.87+ |
corona virus | OTHER | 0.87+ |
a couple weeks ago | DATE | 0.87+ |
Netflix | ORGANIZATION | 0.84+ |
CISO | ORGANIZATION | 0.83+ |
10 years | QUANTITY | 0.83+ |
zero trust | QUANTITY | 0.82+ |
waves | EVENT | 0.79+ |
Fortinet net | ORGANIZATION | 0.79+ |
30 | QUANTITY | 0.78+ |
lot of people | QUANTITY | 0.77+ |
COVID | OTHER | 0.77+ |
couple of weeks back | DATE | 0.76+ |
Chief Information Security Officer | PERSON | 0.73+ |
pandemic | EVENT | 0.72+ |
OTHER | 0.68+ | |
Fortinet | ORGANIZATION | 0.62+ |
period | DATE | 0.62+ |
SiliconANGLE | ORGANIZATION | 0.61+ |
Chief Security | PERSON | 0.59+ |
CUBEConversation | EVENT | 0.59+ |
coven | OTHER | 0.52+ |
2012 | DATE | 0.51+ |
single | QUANTITY | 0.49+ |
last | DATE | 0.34+ |
Derek Manky, FortiGuard Labs | RSAC USA 2020
>> Narrator: Live from San Francisco. It's theCUBE, covering RSA Conference 2020, San Francisco. Brought to you by, SiliconANGLE Media. >> Welcome back everyone. CUBE coverage here in Moscone in San Francisco for RSA, 2020. I'm John Furrier host of theCUBE. We've got a great guest here talking about cybersecurity and the impact with AI and the role of data. It's always great to have Derek Manky on Chief Security Insights Global Threat Alliances with FortiGuard Lab, part of Fortinet, FortiGuard Labs is great. Great organization. Thanks for coming on. >> It's a pleasure always to be here-- >> So you guys do a great threat report that we always cover. So it covers all the bases and it really kind of illustrates state of the art of viruses, the protection, threats, et cetera. But you're part of FortiGuard Labs. >> Yeah, that's right. >> Part of Fortinet, which is a security company, public. What is FortiGuard Labs? What do you guys do, what's your mission? >> So FortiGuard Labs has existed since day one. You can think of us as the intelligence that's baked into the product, It's one thing to have a world-class product, but you need a world-class intelligence team backing that up. We're the ones fighting those fires against cybercrime on the backend, 24/7, 365 on a per second basis. We're processing threat intelligence. We've got over 10 million attacks or processing just per minute, over a hundred billion events, in any given day that we have to sift through. We have to find out what's relevant. We have to find gaps that we might be missing detection and protection. We got to push that out to a customer base of 450,000 customers through FortiGuard services and 5 million firewalls, 5 million plus firewalls we have now. So it's vitally important. You need intelligence to be able to detect and then protect and also to respond. Know the enemy, build a security solution around that and then also be able to act quickly about it if you are under active attack. So we're doing everything from creating security controls and protections. So up to, real time updates for customers, but we're also doing playbooks. So finding out who these attackers are, why are they coming up to you. For a CSO, why does that matter? So this is all part of FortiGuard Labs. >> How many people roughly involved ? Take us a little inside the curtain here. What's going on? Personnel size, scope. >> So we're over 235. So for a network security vendor, this was the largest global SOC, that exists. Again, this is behind the curtain like you said. These are the people that are, fighting those fires every day. But it's a large team and we have experts to cover the entire attack surface. So we're looking at not just a viruses, but we're looking at as zero-day weapons, exploits and attacks, everything from cyber crime to, cyber warfare, operational technology, all these sorts of things. And of course, to do that, we need to really heavily rely on good people, but also automation and artificial intelligence and machine learning. >> You guys are walking on a tight rope there. I can only imagine how complex and stressful it is, just imagining the velocity alone. But one of the trends that's coming up here, this year at RSA and is kind of been talking about in the industry is the who? Who is the attacker because, the shifts could shift and change. You got nation states are sitting out there, they're not going to have their hands dirty on this stuff. You've got a lot of dark web activity. You've got a lot of actors out there that go by different patterns. But you guys have an aperture and visibility into a lot of this stuff. >> Absolutely. >> So, you can almost say, that's that guy. That's the actor. That's a really big part. Talk about why that's important. >> This is critically important because in the past, let's say the first generation of, threat intelligence was very flat. It was to watch. So it was just talking about here's a bad IP, here's a bad URL, here's a bad file block hit. But nowadays, obviously the attackers are very clever. These are large organizations that are run a lot of people involved. There's real world damages happening and we're talking about, you look at OT attacks that are happening now. There's, in some cases, 30, $40 million from targeted ransom attacks that are happening. These people, A, have to be brought to justice. So we need to understand the who, but we also need to be able to predict what their next move is. This is very similar to, this is what you see online or CSI. The police trynna investigate and connect the dots like, plotting the strings and the yarn on the map. This is the same thing we're doing, but on a way more advanced level. And it's very important to be able to understand who these groups are, what tools they use, what are the weapons, cyber weapons, if you will, and what's their next move potentially going to be. So there's a lot of different reasons that's important. >> Derek, I was riffing with another guest earlier today about this notion of, government protection. You've got a military troops drop on our shores and my neighborhood, the Russians drop in my neighborhood. Guess what, the police will probably come in, and, or the army should take care of it. But if I got to run a business, I got to build my own militia. There's no support out there. The government's not going to support me. I'm hacked. Damage is done. You guys are in a way providing that critical lifeline that guard or shield, if you will, for customers. And they're going to want more of it. So I've got to ask you the hard question, which is, how are you guys going to constantly be on the front edge of all this? Because at the end of the day, you're in the protection business. Threats are coming at the speed of milliseconds and nanoseconds, in memory. You need memory, you need database. You've got to have real time. It's a tsunami of attack. You guys are the front lines of this. You're the heat shield. >> Yes, absolutely. >> How do you take it to the next level? >> Yeah, so collaboration, integration, having a broad integrated platform, that's our bread and butter. This is what we do. End-to-end security. The attack surface is growing. So we have to be able to, A, be able to cover all aspects of that attack surface and again, have intelligence. So we're doing sharing through partners. We have our core intelligence network. Like I said, we're relying heavily on machine learning models. We're able to find that needle in the haystack. Like, as I said earlier, we're getting over a hundred billion potential threat events a day. We have to dissect that. We have to break it down. We have to say, is this affecting endpoint? Is this effect affecting operational technology? What vertical, how do we process it? How do we verify that this is a real threat? And then most importantly, get that out in time and speed to our customers. So I started with automation years ago, but now really the way that we're doing this is through broad platform coverage. But also machine learning models for and-- >> I want to dig into machine learning because, I love that needle in the haystack analogy, because, if you take that to the next step, you got to stack a needles now. So you find the needle in the haystack. Now you got a bunch of needles, where do you find that? You need AI, you got to have some help. But you still got the human component. So talk about how you guys are advising customers on how you're using machine learning and get that AI up and running for customers and for yourselves. >> So we're technology people. I always look at this as the stack. The stack model, the bottom of the stack, you have automation. You have layer one, layer two. That's like the basic things for, feeds, threat feeds, how we can push out, automate, integrate that. Then you have the human. So the layer seven. This is where our human experts are coming in to actually advise our customers. We're creating a threat signals with FortiGuard Labs as an example. These are bulletins that's a quick two to three page read that a CSO can pick up and say, here's what FortiGuard Labs has discovered this week. Is this relevant to my network? Do I have these protections in place. There's also that automated, and so, I refer to this as a centaur model. It's half human half machine and, the machines are driving a lot of that, the day to day mundane tasks, if you will, but also finding, collecting the needles of needles. But then ultimately we have our humans that are processing that, analyzing it, creating the higher level strategic advice. We recently, we've launched a FortiAI, product as well. This has a concept of a virtual-- >> Hold on, back up a second. What's it called? >> FortiAI. >> So it's AI components. Is it a hardware box or-- >> This is a on-premise appliance built off of five plus years of learning that we've done in the cloud to be able to identify threats and malware, understand what that malware does to a detailed level. And, where we've seen this before, where is it potentially going? How do we protect against it? Something that typically you would need, four to five headcount in your security operations center to do, we're using this as an assist to us. So that's why it's a virtual analyst. It's really a bot, if you will, something that can actually-- >> So it's an enabling opportunity for the customers. So is this virtual assistant built into the box. What does that do, virtual analyst. >> So the virtual analyst is able to, sit on premises. So it's localized learning, collect threats to understand the nature of those threats, to be able to look at the needles of the needles, if you will, make sense of that and then automatically generate reports based off of that. So it's really an assist tool that a network admin or a security analyst was able to pick up and virtually save hours and hours of time of resources. >> So, if you look at the history of like our technology industry from a personalization standpoint, AI and data, whether you're a media business, personalization is ultimately the result of good data AI. So personalization for an analyst, would be how not to screw up their job. (laughs) One level. The other one is to be proactive on being more offensive. And then third collaboration with others. So, you starting to see that kind of picture form. What's your reaction to that? >> I think it's great. There's stepping stones that we have to go through. The collaboration is not always easy. I'm very familiar with this. I mean I was, with the Cyber Threat Alliance since day one, I head up and work with our Global Threat Alliances. There's always good intentions, there's problems that can be created and obviously you have things like PII now and data privacy and all these little hurdles they have to come over. But when it works right together, this is the way to do it. It's the same thing with, you talked about the data naturally when he started building up IT stacks, you have silos of data, but ultimately those silos need to be connected from different departments. They need to integrate a collaborate. It's the same thing that we're seeing from the security front now as well. >> You guys have proven the model of FortiGuard that the more you can see, the more visibility you can see and more access to the data in real time or anytime scale, the better the opportunity. So I got to take that to the next level. What you guys are doing, congratulations. But now the customer. How do I team up with, if I'm a customer with other customers because the bad guys are teaming up. So the teaming up is now a real dynamic that companies are deploying. How are you guys looking at that? How is FortiGuard helping that? Is it through services? Is it through the products like virtual assistant? Virtual FortiAI? >> So you can think of this. I always make it an analogy to the human immune system. Artificial neural networks are built off of neural nets. If I have a problem and an infection, say on one hand, the rest of the body should be aware of that. That's collaboration from node to node. Blood cells to blood cells, if you will. It's the same thing with employees. If a network admin sees a potential problem, they should be able to go and talk to the security admin, who can go in, log into an appliance and create a proper response to that. This is what we're doing in the security fabric to empower the customer. So the customer doesn't have to always do this and have the humans actively doing those cycles. I mean, this is the integration. The orchestration is the big piece of what we're doing. So security orchestration between devices, that's taking that gap out from the human to human, walking over with a piece of paper to another or whatever it is. That's one of the key points that we're doing within the actual security fabric. >> So that's why silos is problematic. Because you can't get that impact. >> And it also creates a lag time. We have a need for speed nowadays. Threats are moving incredibly fast. I think we've talked about this on previous episodes with swarm technology, offensive automation, the weaponization of artificial intelligence. So it becomes critically important to have that quick response and silos, really create barriers of course, and make it slower to respond. >> Okay Derek, so I got to ask you, it's kind of like, I don't want to say it sounds like sports, but it's, what's the state of the art in the attack vectors coming in. What are you guys seeing as some of the best of breed tax that people should really be paying attention to? They may, may not have fortified down. What are SOCs looking at and what are security pros focused on right now in terms of the state of the art. >> So the things that keep people up at night. We follow this in our Threat Landscape Report. Obviously we just released our key four one with FortiGuard Labs. We're still seeing the same culprits. This is the same story we talked about a lot of times. Things like, it used to be a EternalBlue and now BlueKeep, these vulnerabilities that are nothing new but still pose big problems. We're still seeing that exposed on a lot of networks. Targeted ransom attacks, as I was saying earlier. We've seen the shift or evolution from ransomware from day to day, like, pay us three or $400, we'll give you access to your data back to going after targeted accounts, high revenue business streams. So, low volume, high risk. That's the trend that we're starting to see as well. And this is what I talk about for trying to find that needle in the haystack. This is again, why it's important to have eyes on that. >> Well you guys are really advanced and you guys doing great work, so congratulations. I got to ask you to kind of like, the spectrum of IT. You've got a lot of people in the high end, financial services, healthcare, they're regulated, they got all kinds of challenges. But as IT and the enterprise starts to get woke to the fact that everyone's vulnerable. I've heard people say, well, I'm good. I got a small little to manage, I'm only a hundred million dollar business. All I do is manufacturing. I don't really have any IP. So what are they going to steal? So that's kind of a naive approach. The answer is, what? Your operations and ransomware, there's a zillion ways to get taken down. How do you respond to that. >> Yeah, absolutely. Going after the crown jewels, what hurts? So it might not be a patent or intellectual property. Again, the things that matter to these businesses, how they operate day to day. The obvious examples, what we just talked about with revenue streams and then there's other indirect problems too. Obviously, if that infrastructure of a legitimate organization is taken over and it's used as a botnet and an orchestrated denial-of-service attack to take down other organizations, that's going to have huge implications. >> And they won't even know it. >> Right, in terms of brand damage, has legal implications as well that happened. This is going even down to the basics with consumers, thinking that, they're not under attack, but at the end of the day, what matters to them is their identity. Identity theft. But this is on another level when it comes to things to-- >> There's all kinds of things to deal with. There's, so much more advanced on the attacker side. All right, so I got to ask you a final question. I'm a business. You're a pro. You guys are doing great work. What do I do, what's my strategy? How would you advise me? How do I get my act together? I'm working the mall every day. I'm trying my best. I'm peddling as fast as I can. I'm overloaded. What do I do? How do I go the next step? >> So look for security solutions that are the assist model like I said. There's never ever going to be a universal silver bullet to security. We all know this. But there are a lot of things that can help up to that 90%, 95% secure. So depending on the nature of the threats, having a first detection first, that's always the most important. See what's on your network. This is things where SIM technology, sandboxing technology has really come into play. Once you have those detections, how can you actually take action? So look for a integration. Really have a look at your security solutions to see if you have the integration piece. Orchestration and integration is next after detection. Finally from there having a proper channel, are there services you looked at for managed incident response as an example. Education and cyber hygiene are always key. These are free things that I push on everybody. I mean we release weekly threat intelligence briefs. We're doing our quarterly Threat Landscape Reports. We have something called threat signals. So it's FortiGuard response to breaking industry events. I think that's key-- >> Hygiene seems to come up over and over as the, that's the foundational bedrock of security. >> And then, as I said, ultimately, where we're heading with this is the AI solution model. And so that's something, again that I think-- >> One final question since it's just popped into my head. I wanted, and that last one. But I wanted to bring it up since you kind of were, we're getting at it. I know you guys are very sensitive to this one topic cause you live it every day. But the notion of time and time elapsed is a huge concern because you got to know, it's not if it's when. So the factor of time is a huge variable in all kinds of impact. Positive and negative. How do you talk about time and the notion of time elapsing. >> That's great question. So there's many ways to stage that. I'll try to simplify it. So number one, if we're talking about breaches, time is money. So the dwell time. The longer that a threat sits on a network and it's not cleaned up, the more damage is going to be done. And we think of the ransom attacks, denial-of-service, revenue streams being down. So that's the incident response problem. So time is very important to detect and respond. So that's one aspect of that. The other aspect of time is with machine learning as well. This is something that people don't always think about. They think that, artificial intelligence solutions can be popped up overnight and within a couple of weeks they're going to be accurate. It's not the case. Machines learn like humans too. It takes time to do that. It takes processing power. Anybody can get that nowadays, data, most people can get that. But time is critical to that. It's a fascinating conversation. There's many different avenues of time that we can talk about. Time to detect is also really important as well, again. >> Let's do it, let's do a whole segment on that, in our studio, I'll follow up on that. I think it's a huge topic, I hear about all the time. And since it's a little bit elusive, but it kind of focuses your energy on, wait, what's going on here? I'm not reacting. (laughs) Time's a huge issue. >> I refer to it as a latency. I mean, latency is a key issue in cybersecurity, just like it is in the stock exchange. >> I mean, one of the things I've been talking about with folks here, just kind of in fun conversation is, don't be playing defense all the time. If you have a good time latency, you going to actually be a little bit offensive. Why not take a little bit more offense. Why play defense the whole time. So again, you're starting to see this kind of mentality not being, just an IT, we've got to cover, okay, respond, no, hold on the ballgame. >> That comes back to the sports analogy again. >> Got to have a good offense. They must cross offense. Derek, thanks so much. Quick plug for you, FortiGuard, share with the folks what you guys are up to, what's new, what's the plug. >> So FortiGuard Labs, so we're continuing to expand. Obviously we're focused on, as I said, adding all of the customer protection first and foremost. But beyond that, we're doing great things in industry. So we're working actively with law enforcement, with Interpol, Cyber Threat Alliance, with The World Economic Forum and the Center for Cyber Security. There's a lot more of these collaboration, key stakeholders. You talked about the human to human before. We're really setting the pioneering of setting that world stage. I think that is, so, it's really exciting to me. It's a lot of good industry initiatives. I think it's impactful. We're going to see an impact. The whole goal is we're trying to slow the offense down, the offense being the cyber criminals. So there's more coming on that end. You're going to see a lot great, follow our blogs at fortinet.com and all-- >> Great stuff. >> great reports. >> I'm a huge believer in that the government can't protect us digitally. There's going to be protection, heat shields out there. You guys are doing a good job. It's only going to be more important than ever before. So, congratulations. >> Thank you. >> Thanks for coming I really appreciate. >> Never a dull day as we say. >> All right, it's theCUBE's coverage here in San Francisco for RSA 2020. I'm John Furrier, your host. Thanks for watching. (upbeat music)
SUMMARY :
Brought to you by, SiliconANGLE Media. and the impact with AI and the role of data. and it really kind of illustrates state of the art of viruses, What do you guys do, what's your mission? and then protect and also to respond. How many people roughly involved ? And of course, to do that, But one of the trends that's coming up here, That's the actor. This is the same thing we're doing, So I've got to ask you the hard question, but now really the way that we're doing this I love that needle in the haystack analogy, the day to day mundane tasks, if you will, Hold on, back up a second. So it's AI components. to be able to identify threats and malware, So it's an enabling opportunity for the customers. So the virtual analyst is able to, sit on premises. The other one is to be proactive on being more offensive. It's the same thing that we're seeing that the more you can see, So the customer doesn't have to always do this So that's why silos is problematic. and make it slower to respond. focused on right now in terms of the state of the art. So the things that keep people up at night. I got to ask you to kind of like, the spectrum of IT. Again, the things that matter to these businesses, This is going even down to the basics with consumers, All right, so I got to ask you a final question. So depending on the nature of the threats, that's the foundational bedrock of security. is the AI solution model. So the factor of time is a huge variable So that's the incident response problem. but it kind of focuses your energy on, I refer to it as a latency. I mean, one of the things I've been talking about share with the folks what you guys are up to, You talked about the human to human before. that the government can't protect us digitally. I really appreciate. I'm John Furrier, your host.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Interpol | ORGANIZATION | 0.99+ |
Derek | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
Center for Cyber Security | ORGANIZATION | 0.99+ |
FortiGuard Labs | ORGANIZATION | 0.99+ |
John Furrier | PERSON | 0.99+ |
$400 | QUANTITY | 0.99+ |
95% | QUANTITY | 0.99+ |
five plus years | QUANTITY | 0.99+ |
FortiGuard | ORGANIZATION | 0.99+ |
San Francisco | LOCATION | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
FortiGuard Lab | ORGANIZATION | 0.99+ |
Cyber Threat Alliance | ORGANIZATION | 0.99+ |
5 million | QUANTITY | 0.99+ |
five | QUANTITY | 0.99+ |
two | QUANTITY | 0.99+ |
SiliconANGLE Media | ORGANIZATION | 0.99+ |
three | QUANTITY | 0.99+ |
450,000 customers | QUANTITY | 0.98+ |
fortinet.com | OTHER | 0.98+ |
one | QUANTITY | 0.98+ |
RSA Conference 2020 | EVENT | 0.98+ |
Moscone | LOCATION | 0.98+ |
RSA | ORGANIZATION | 0.98+ |
365 | QUANTITY | 0.98+ |
Global Threat Alliances | ORGANIZATION | 0.98+ |
One level | QUANTITY | 0.97+ |
RSA | EVENT | 0.97+ |
this week | DATE | 0.97+ |
four | QUANTITY | 0.97+ |
RSAC | ORGANIZATION | 0.97+ |
One final question | QUANTITY | 0.97+ |
EternalBlue | ORGANIZATION | 0.96+ |
over a hundred billion events | QUANTITY | 0.95+ |
this year | DATE | 0.95+ |
first | QUANTITY | 0.94+ |
30, $40 million | QUANTITY | 0.94+ |
first generation | QUANTITY | 0.94+ |
first detection | QUANTITY | 0.94+ |
three page | QUANTITY | 0.94+ |
one aspect | QUANTITY | 0.93+ |
over 10 million attacks | QUANTITY | 0.93+ |
over a hundred billion potential threat events a day | QUANTITY | 0.92+ |
Russians | PERSON | 0.92+ |
third collaboration | QUANTITY | 0.91+ |
one topic | QUANTITY | 0.9+ |
hundred million dollar | QUANTITY | 0.89+ |
Threat Landscape Report | TITLE | 0.88+ |
one thing | QUANTITY | 0.87+ |
years | DATE | 0.86+ |
5 million firewalls | QUANTITY | 0.85+ |
World Economic Forum | ORGANIZATION | 0.85+ |
day one | QUANTITY | 0.84+ |
90% | QUANTITY | 0.81+ |
layer one | QUANTITY | 0.78+ |
layer seven | QUANTITY | 0.76+ |
earlier today | DATE | 0.75+ |
zillion ways | QUANTITY | 0.74+ |
theCUBE | ORGANIZATION | 0.74+ |
over 235 | QUANTITY | 0.72+ |
RSA 2020 | TITLE | 0.72+ |
Narrator: Live | TITLE | 0.7+ |
second | QUANTITY | 0.69+ |
CSI | ORGANIZATION | 0.69+ |
nanoseconds | QUANTITY | 0.65+ |
PII | ORGANIZATION | 0.64+ |
key four one | QUANTITY | 0.63+ |
BlueKeep | ORGANIZATION | 0.63+ |
Security Insights Global Threat Alliances | ORGANIZATION | 0.62+ |
Derek Manky, Fortinet | CUBEConversation, November 2019
our Studios in the heart of Silicon Valley Palo Alto California this is a cute conversation hello and welcome to the cube studios in Palo Alto California for another cube conversation where we go in-depth with thought leaders driving innovation across the tech industry I'm your host Peter Burris almost everybody's heard of the term black hat and white hat and it constitutes groups of individuals that are either attacking or defending security challenges it's been an arms race for the past 10 20 30 years as the world has become more digital and an arms race that many of us are concern that black hats appear to have the upper hand but there's new developments in technology and new classes of tooling that are actually racing to the aid of white hats and could very well upset that equilibrium in favor of the white hats to have that conversation about the Ascension of the white hats we're joined by Derek manky who's chief security insights and global threat alliances lead at Ford Annette dereck thanks for joining us for another cube conversation it's always a pleasure speaking yeah all right Derrick let's start what's going on afforda labs at four Dannette so 2019 we've seen a ton of development a lot pretty much on track with our predictions when we talked last year obviously a big increase in volume thanks offense of automation we're also seeing low volume attacks that are disrupting big business models I'm talking about targeted ransom attacks right you know criminals that are able to get into networks caused millions of dollars of damages thanks to critical revenue streams being out usually in the public sector we've seen a lot of this we've seen a rise in sophistication the adversary's are not slowing down AET s advanced evasion techniques are on the rise and so you know to do this and for the guard loves to be able to track this and map this we're not just relying on blogs anymore and you know 40 50 page white papers so we're actually looking at that playbooks now mapping the adversary's understanding their tools techniques procedures how they're operating why they're operating who are they hitting on and what what might be their next move so that's a big development on the intelligence sides here all right so I mentioned upfront this notion that the white hats may be ascending I'm implying a prediction here tell us a little bit about what we see on the horizon for that concept of the white hats ascending and specifically why is there reason to be optimistic yeah so as it's it's it's been gloomy for you for decades like he said and for many reasons right and I think those reasons there are no secrets I mean cyber criminals and black hats have always been able to move very you know with with agility right I'm sorry crime has no borders it's often a slap on the wrist that they get they can do a million things are on they don't care there's no ethics and quite frankly no no rules by right on the white hand side we've always had rules binding us we've had to we've had to take due care and we've had to move methodically which slows us down so a lot of that comes in place because of frameworks because of technology as well having to move um after it's in able to it with frameworks so specifically with you know making corrective action and things like that so those are the challenges that we face against but you know like thinking ahead to to 2020 particularly with the use of artificial intelligence everybody talks about AI you know it's it's impacted our daily lives but when it comes to cybersecurity on the white hat side um you know a proper AI and machine learning model it takes time you think it can take you years in fact in our case in our experience about four to five years before we can actually roll it out to production but the good news is that we have been investing and when I say we I'm just talking to the industry in general and wait we've been investing into this technology because quite frankly we've had to it takes a lot of data it takes a lot of smart minds a lot of investment a lot of processing power and that foundation has now been set over the last five years if we look at the blackcats it's not the case and why because they've been enjoying living off the land on a low-hanging truth path of least resistance because they've been able to so one of the things that's changing that equilibrium then is the availability of AI as you said it could take four or five years to get to a point we've actually got useful AI is it can have an impact I guess that means that we've been working on these things for four or five years what's the state of the art with AI as it pertains to security and are we seeing different phases of development start to emerge as we gain more experience with these technologies yeah absolutely and it's quite exciting right ai isn't this universal brain that's that's always good the world's problems that everyone thinks it might right it's very specific it relies on machine learning models each machine learning model is very specific to its task right I mean you know voice learning technology versus autonomous vehicle driving versus cybersecurity it's very different when it comes to the swimming purposes so so in essence the way I look at it you know there's three generations of AI we have generation 1 which was the past generation 2 which is a current where we are now and the generation 3 is where we're going so generation 1 was pretty simple right it was just a central processing lyrtle of machine learning model that'll take in data they'll correlate that data and then take action based off of it some simple inputs simple output right generation to where we're currently sitting is more advances looking at pattern recognition more advanced inputs are distributed models where we have the you know sensor is lying around networks I'm talking about even IOT devices security appliances and so forth but still report up to this centralized brain that's learning and acting on things but where things get really interesting moving forward in 2020 gets into this third generation where you have especially you know moving towards about computer sorry I'm computing where you have localized learning notes that are actually processing and learning so you can think of them as these mini brains instead of having this monolithic centralized brain you have individual learning modes individual brains doing their own machine learning that are actually connected to each other learning from each other speaking to each other it's a very powerful model we actually refer to this as federated machine learning in our industry so we've been first phase we simply use statistics to correlate events take action yeah now we're doing exceptions pattern recognition or exceptions and building patterns and in the future we're going to be able to further distribute at that so that increasingly the AI is going to work with other AI so that the aggregate this federated aggregate gets better I got that right yeah absolutely and what's the advantage of that a couple of things I'm it's very similar to the human immune system right I mean if you have you know if I were to cut my finger on my hand what's gonna happen well localized white blood cells get localized not nothing from a foreign entity or further away in my body are gonna come to the rescue and start healing right it's the same idea it's because it's interconnected within the nervous system it's the same idea of this federated machine learning right if security appliance is to detect a threat locally on-site its able to alert other security appliances so that they can actually take action on this and learn from that as well so connected machine learning models it means that that you know by properly implementing these these AI this federated AI machine learning models in an organization that that system is able to actually in an auto you may pick up what that threat is be able to act on that threat which means it's able to respond to these threats quicker shut them down to the point where it can be you know virtually instantaneous right before you know that the damage is done and bleeding starts happening so the common time safe common baseline is constantly getting better even as we're giving opportunities for local local managers to perform the work in response to local conditions so that takes us to the next notion of we've got this federated a la a I on the horizon how are people how is the role of people security professionals going to change what kind of recipes are they going to follow to ensure that they are working in a maximally productive way with these new capabilities these new federated capabilities especially as we think about the introduction of 5g and greater density of devices and faster speeds and lower latencies yeah so you know that the the the the world of cyber computer cyber security has always been incredibly complex so we're trying to simplify that and that's where again this this federated machine learning comes into place particularly with playbooks so you know if we look at 2019 and where we're going in 2020 we've put a lot of a lot of groundwork quite frankly into pioneering the work of playbooks right so when I say playbooks I'm talking about adversary's playbook knowing the offense knowing the tools techniques procedures the way that these cybercrime operations are moving right and the black hats are moving the more that we can understand that the more we can predict their next move and that centralized language right once you know that offense we can start to create automated Blue Team playbook so defensive play books that a human that that's a security technology can automatically integrate and respond to it but to getting back to your question we can actually create human readable sea cecil guides that can actually say look there's a threat here's why it's a problem here's here here are the gaps in your security that we've identified if you're some recommended course of action as my deity right so that's that's where the humans and the machines are really going to be worked working together and and quite frankly moving speed being able to do that a machine level but also being being able to simplify a complex landscape that is where we can actually gain traction right that this is part of that ascendancy of the white hat because because it's it's allowing us to move in a more agile nature it's an it's allowing us to gain ground against heat actors and quite frankly it allows us to start disrupting their business model right it's more resilient Network in the future this leads to the whole notion of self-healing networks as well that quite frankly just makes it a big pain it disrupts your business model it forces them to go back to the drawing board - well it also seems as though when we start talking about 5g that the speeds as I said the speeds the dentin see the reduced latency the the potential for a bad thing to propagate very quickly demands that we have a more consistent coherent response at both the Machine level but also at the people level we 5g into this conversation what's what will be the impact of 5g on how these playbooks and AI start to come together over the next few years yeah it's it's it's it's gonna be very impactful it's gonna take a couple of years and we're just at the dawn of 5g right now but if you think of 5g you're talking about a lot more volume essentially as we move to the future we're entering into the age of five G and edge computing and 5g and edge computing is gonna start eating the cloud in a sense that more of that processing power that was in the cloud is starting to shift now towards edge computing right this is that on-premises so it is gonna allow models like I was talking about federated machine learning models at first from the the white hats point of view which I again I think we are in the driver's seat and in a better you know more advantageous position here because we have more experience again like I said we've been doing this for years where the black hats quite frankly haven't yes they're toying with it but not to the same level at scale that we have but you know you know it's I'm always a realist this isn't a completely rosy picture I mean there it is optimistic that we are able to get this upper hand it has to be done right but if we think about the weaponization of 5g that's also very large problem right last year we're talking about sworn networks right the idea of sworn networks is a whole bunch of devices that can connect to each other share intelligence and then act to do something like a large-scale DDoS attack that's absolutely in the in the realm of possibility when it comes to the weaponization of 5g as well so one of the things I guess the last question I want to ask you is you noted that these play books incorporate the human element in ways that are uniquely human so having C so readable recipes for how people have to respond does that also elevate the conversation with the business and does allows us to do a better job of understanding risk pricing risk and appropriately investing to manage and assure the business against risk in the right way absolutely absolutely it does yeah yeah because the more you know about going back to the playbook some more you know about the office and their tools you know you the more you know about how much of a danger it is what sort of targets they're after right I mean if they're just going trying to look to to to collect a little bit of information on you know to do some reconnaissance that first phase attack might not cause a lot of damage but if this group is knowing to go in hit hard steal intellectual property shut down critical business streams to do s that in the past we know and we've seen has caused four or five million dollars from one you know from one breach that's a very good way to start classifying risk so yeah I mean it's all about really understanding the picture first on the offense and that's exactly what these automated playbook guides are going to be doing on the on the on the blue team and again not only from a CSE suite perspective certainly that on the human level but the nice thing about the play books is because we've done the research the threat hunting and understood this you know from a machine level it's also able to put a lot of those automated let's say day-to-day decisions making security operation center is so I'm talking about like sect DevOps much more efficient to so he's talking about more density at the edge amongst these devices I also want to bring back one last thought here and that is you said that historically some of the black hats have been able to act with a degree of impunity they haven't necessarily been hit hard there a lot of slapping on the wrist as I think you said talk about how the playbooks and AI is going to allow them to more appropriately share data with others that can help both now but also in some of the forensics and the the enforcement side namely the the legal and policing world how are we going to share the responsibility or how is that going to change over the next few years to incorporate some of the folks that actually can then turn a defense into a legal attack illumination this is what I call it right so again if we look at the current state we've made great strides great progress you know working with law enforcement so we've set up public private sector relationships we need to do that have security experts working with law enforcement law enforcement working on there and to train process prosecutors to understand cybercrime and so forth that foundation has been set but it's still slow-moving you know there's only a limited amount of playbooks right now it takes a lot of work to unearth and and and do to really move the needle what we need to do again like we're talking about is to integrate artificial intelligence with playbooks the more that we understand about groups the more that we do this threat illumination the more we have cover about them the more we know about them and by doing that we can start to form predictive models right basically I always say old habits die hard so you know if an attacker goes in hits a network and they're successful following a certain sequence of patterns they're likely going to follow that say that's that same sequence on their next victim or their next target so the more that we understand about that the more that we can forecast eight from a mitigation standpoint but the also by the same token the more correlation we're doing on these playbooks the more machine learning we're doing on this playbooks the more we were able to do attribution and attribution is the Holy Grail it's always been the toughest thing to do when it comes to research but by combining the framework that we're using with playbooks and AI machine learning it's a very very powerful recipe and that's that's what we need to get right and move forward in the right direction Derrick McKey ordinance chief of security insights and threat alliances thanks again for being on the cube it's a pleasure anytime happy to talk and I want to thank you for joining us for another cube conversation I'm Peter Burris see you next time [Music]
**Summary and Sentiment Analysis are not been shown because of improper transcript**
ENTITIES
Entity | Category | Confidence |
---|---|---|
Peter Burris | PERSON | 0.99+ |
2019 | DATE | 0.99+ |
four | QUANTITY | 0.99+ |
2020 | DATE | 0.99+ |
Derrick McKey | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
November 2019 | DATE | 0.99+ |
40 | QUANTITY | 0.99+ |
five years | QUANTITY | 0.99+ |
Derek manky | PERSON | 0.99+ |
Silicon Valley | LOCATION | 0.99+ |
last year | DATE | 0.99+ |
third generation | QUANTITY | 0.99+ |
five million dollars | QUANTITY | 0.99+ |
first phase | QUANTITY | 0.99+ |
Derrick | PERSON | 0.99+ |
eight | QUANTITY | 0.98+ |
Palo Alto California | LOCATION | 0.97+ |
millions of dollars | QUANTITY | 0.97+ |
5g | QUANTITY | 0.97+ |
first | QUANTITY | 0.95+ |
five G | QUANTITY | 0.94+ |
each | QUANTITY | 0.94+ |
Dannette | ORGANIZATION | 0.93+ |
both | QUANTITY | 0.93+ |
decades | QUANTITY | 0.91+ |
Fortinet | ORGANIZATION | 0.9+ |
one | QUANTITY | 0.9+ |
Ford Annette | ORGANIZATION | 0.87+ |
one last thought | QUANTITY | 0.87+ |
three generations | QUANTITY | 0.85+ |
a couple of years | QUANTITY | 0.84+ |
last five years | DATE | 0.83+ |
a lot of work | QUANTITY | 0.8+ |
50 page | QUANTITY | 0.75+ |
sect DevOps | TITLE | 0.74+ |
one breach | QUANTITY | 0.73+ |
playbooks | COMMERCIAL_ITEM | 0.73+ |
past 10 20 30 years | DATE | 0.68+ |
years | QUANTITY | 0.66+ |
next few years | DATE | 0.63+ |
million | QUANTITY | 0.63+ |
about | QUANTITY | 0.62+ |
AET | ORGANIZATION | 0.6+ |
CSE | TITLE | 0.6+ |
couple of things | QUANTITY | 0.59+ |
about four | QUANTITY | 0.55+ |
2 | OTHER | 0.49+ |
generation 3 | QUANTITY | 0.46+ |
generation | OTHER | 0.46+ |
Blue | TITLE | 0.45+ |
1 | QUANTITY | 0.34+ |
Derek Manky, Fortinet | CUBEConversation, November 2019
our Studios in the heart of Silicon Valley Palo Alto California this is a cute conversation hello and welcome to the cube studios in Palo Alto California for another cube conversation where we go in-depth with thought leaders driving innovation across the tech industry I'm your host Peter Burris almost everybody's heard of the term black hat and white hat and it constitutes groups of individuals that are either attacking or defending security challenges it's been an arms race for the past 10 20 30 years as the world has become more digital and an arms race that many of us are concern that black hats appear to have the upper hand but there's new developments in technology and new classes of tooling that are actually racing to the aid of white hats and could very well upset that equilibrium in favor of the white hats to have that conversation about the Ascension of the white hats we're joined by Derek manky who's chief security insights and global threat alliances lead at Ford Annette dereck thanks for joining us for another cube conversation it's always a pleasure speaking yeah all right Derrick let's start what's going on afforda labs at four Dannette so 2019 we've seen a ton of development a lot pretty much on track with our predictions when we talked last year obviously a big increase in volume thanks offense of automation we're also seeing low volume attacks that are disrupting big business models I'm talking about targeted ransom attacks right you know criminals that are able to get into networks caused millions of dollars of damages thanks to critical revenue streams being out usually in the public sector we've seen a lot of this we've seen a rise in sophistication the adversary's are not slowing down AET s advanced evasion techniques are on the rise and so you know to do this and for the guard loves to be able to track this and map this we're not just relying on blogs anymore and you know 40 50 page white papers so we're actually looking at that playbooks now mapping the adversary's understanding their tools techniques procedures how they're operating why they're operating who are they hitting on and what what might be their next move so that's a big development on the intelligence sides here all right so I mentioned upfront this notion that the white hats may be ascending I'm implying a prediction here tell us a little bit about what we see on the horizon for that concept of the white hats ascending and specifically why is there reason to be optimistic yeah so as it's it's it's been gloomy for you for decades like he said and for many reasons right and I think those reasons there are no secrets I mean cyber criminals and black hats have always been able to move very you know with with agility right I'm sorry crime has no borders it's often a slap on the wrist that they get they can do a million things are on they don't care there's no ethics and quite frankly no no rules by right on the white hand side we've always had rules binding us we've had to we've had to take due care and we've had to move methodically which slows us down so a lot of that comes in place because of frameworks because of technology as well having to move um after it's in able to it with frameworks so specifically with you know making corrective action and things like that so those are the challenges that we face against but you know like thinking ahead to to 2020 particularly with the use of artificial intelligence everybody talks about AI you know it's it's impacted our daily lives but when it comes to cybersecurity on the white hat side um you know a proper AI and machine learning model it takes time you think it can take you years in fact in our case in our experience about four to five years before we can actually roll it out to production but the good news is that we have been investing and when I say we I'm just talking to the industry in general and wait we've been investing into this technology because quite frankly we've had to it takes a lot of data it takes a lot of smart minds a lot of investment a lot of processing power and that foundation has now been set over the last five years if we look at the blackcats it's not the case and why because they've been enjoying living off the land on a low-hanging truth path of least resistance because they've been able to so one of the things that's changing that equilibrium then is the availability of AI as you said it could take four or five years to get to a point we've actually got useful AI is it can have an impact I guess that means that we've been working on these things for four or five years what's the state of the art with AI as it pertains to security and are we seeing different phases of development start to emerge as we gain more experience with these technologies yeah absolutely and it's quite exciting right ai isn't this universal brain that's that's always good the world's problems that everyone thinks it might right it's very specific it relies on machine learning models each machine learning model is very specific to its task right I mean you know voice learning technology versus autonomous vehicle driving versus cybersecurity it's very different when it comes to the swimming purposes so so in essence the way I look at it you know there's three generations of AI we have generation 1 which was the past generation 2 which is a current where we are now and the generation 3 is where we're going so generation 1 was pretty simple right it was just a central processing lyrtle of machine learning model that'll take in data they'll correlate that data and then take action based off of it some simple inputs simple output right generation to where we're currently sitting is more advances looking at pattern recognition more advanced inputs are distributed models where we have the you know sensor is lying around networks I'm talking about even IOT devices security appliances and so forth but still report up to this centralized brain that's learning and acting on things but where things get really interesting moving forward in 2020 gets into this third generation where you have especially you know moving towards about computer sorry I'm computing where you have localized learning notes that are actually processing and learning so you can think of them as these mini brains instead of having this monolithic centralized brain you have individual learning modes individual brains doing their own machine learning that are actually connected to each other learning from each other speaking to each other it's a very powerful model we actually refer to this as federated machine learning in our industry so we've been first phase we simply use statistics to correlate events take action yeah now we're doing exceptions pattern recognition or exceptions and building patterns and in the future we're going to be able to further distribute at that so that increasingly the AI is going to work with other AI so that the aggregate this federated aggregate gets better I got that right yeah absolutely and what's the advantage of that a couple of things I'm it's very similar to the human immune system right I mean if you have you know if I were to cut my finger on my hand what's gonna happen well localized white blood cells get localized not nothing from a foreign entity or further away in my body are gonna come to the rescue and start healing right it's the same idea it's because it's interconnected within the nervous system it's the same idea of this federated machine learning right if security appliance is to detect a threat locally on-site its able to alert other security appliances so that they can actually take action on this and learn from that as well so connected machine learning models it means that that you know by properly implementing these these AI this federated AI machine learning models in an organization that that system is able to actually in an auto you may pick up what that threat is be able to act on that threat which means it's able to respond to these threats quicker shut them down to the point where it can be you know virtually instantaneous right before you know that the damage is done and bleeding starts happening so the common time safe common baseline is constantly getting better even as we're giving opportunities for local local managers to perform the work in response to local conditions so that takes us to the next notion of we've got this federated a la a I on the horizon how are people how is the role of people security professionals going to change what kind of recipes are they going to follow to ensure that they are working in a maximally productive way with these new capabilities these new federated capabilities especially as we think about the introduction of 5g and greater density of devices and faster speeds and lower latencies yeah so you know that the the the the world of cyber computer cyber security has always been incredibly complex so we're trying to simplify that and that's where again this this federated machine learning comes into place particularly with playbooks so you know if we look at 2019 and where we're going in 2020 we've put a lot of a lot of groundwork quite frankly into pioneering the work of playbooks right so when I say playbooks I'm talking about adversary's playbook knowing the offense knowing the tools techniques procedures the way that these cybercrime operations are moving right and the black hats are moving the more that we can understand that the more we can predict their next move and that centralized language right once you know that offense we can start to create automated Blue Team playbook so defensive play books that a human that that's a security technology can automatically integrate and respond to it but to getting back to your question we can actually create human readable sea cecil guides that can actually say look there's a threat here's why it's a problem here's here here are the gaps in your security that we've identified if you're some recommended course of action as my deity right so that's that's where the humans and the machines are really going to be worked working together and and quite frankly moving speed being able to do that a machine level but also being being able to simplify a complex landscape that is where we can actually gain traction right that this is part of that ascendancy of the white hat because because it's it's allowing us to move in a more agile nature it's an it's allowing us to gain ground against heat actors and quite frankly it allows us to start disrupting their business model right it's more resilient Network in the future this leads to the whole notion of self-healing networks as well that quite frankly just makes it a big pain it disrupts your business model it forces them to go back to the drawing board - well it also seems as though when we start talking about 5g that the speeds as I said the speeds the dentin see the reduced latency the the potential for a bad thing to propagate very quickly demands that we have a more consistent coherent response at both the Machine level but also at the people level we 5g into this conversation what's what will be the impact of 5g on how these playbooks and AI start to come together over the next few years yeah it's it's it's it's gonna be very impactful it's gonna take a couple of years and we're just at the dawn of 5g right now but if you think of 5g you're talking about a lot more volume essentially as we move to the future we're entering into the age of five G and edge computing and 5g and edge computing is gonna start eating the cloud in a sense that more of that processing power that was in the cloud is starting to shift now towards edge computing right this is that on-premises so it is gonna allow models like I was talking about federated machine learning models at first from the the white hats point of view which I again I think we are in the driver's seat and in a better you know more advantageous position here because we have more experience again like I said we've been doing this for years where the black hats quite frankly haven't yes they're toying with it but not to the same level at scale that we have but you know you know it's I'm always a realist this isn't a completely rosy picture I mean there it is optimistic that we are able to get this upper hand it has to be done right but if we think about the weaponization of 5g that's also very large problem right last year we're talking about sworn networks right the idea of sworn networks is a whole bunch of devices that can connect to each other share intelligence and then act to do something like a large-scale DDoS attack that's absolutely in the in the realm of possibility when it comes to the weaponization of 5g as well so one of the things I guess the last question I want to ask you is you noted that these play books incorporate the human element in ways that are uniquely human so having C so readable recipes for how people have to respond does that also elevate the conversation with the business and does allows us to do a better job of understanding risk pricing risk and appropriately investing to manage and assure the business against risk in the right way absolutely absolutely it does yeah yeah because the more you know about going back to the playbook some more you know about the office and their tools you know you the more you know about how much of a danger it is what sort of targets they're after right I mean if they're just going trying to look to to to collect a little bit of information on you know to do some reconnaissance that first phase attack might not cause a lot of damage but if this group is knowing to go in hit hard steal intellectual property shut down critical business streams to do s that in the past we know and we've seen has caused four or five million dollars from one you know from one breach that's a very good way to start classifying risk so yeah I mean it's all about really understanding the picture first on the offense and that's exactly what these automated playbook guides are going to be doing on the on the on the blue team and again not only from a CSE suite perspective certainly that on the human level but the nice thing about the play books is because we've done the research the threat hunting and understood this you know from a machine level it's also able to put a lot of those automated let's say day-to-day decisions making security operation center is so I'm talking about like sect DevOps much more efficient to so he's talking about more density at the edge amongst these devices I also want to bring back one last thought here and that is you said that historically some of the black hats have been able to act with a degree of impunity they haven't necessarily been hit hard there a lot of slapping on the wrist as I think you said talk about how the playbooks and AI is going to allow them to more appropriately share data with others that can help both now but also in some of the forensics and the the enforcement side namely the the legal and policing world how are we going to share the responsibility or how is that going to change over the next few years to incorporate some of the folks that actually can then turn a defense into a legal attack illumination this is what I call it right so again if we look at the current state we've made great strides great progress you know working with law enforcement so we've set up public private sector relationships we need to do that have security experts working with law enforcement law enforcement working on there and to train process prosecutors to understand cybercrime and so forth that foundation has been set but it's still slow-moving you know there's only a limited amount of playbooks right now it takes a lot of work to unearth and and and do to really move the needle what we need to do again like we're talking about is to integrate artificial intelligence with playbooks the more that we understand about groups the more that we do this threat illumination the more we have cover about them the more we know about them and by doing that we can start to form predictive models right basically I always say old habits die hard so you know if an attacker goes in hits a network and they're successful following a certain sequence of patterns they're likely going to follow that say that's that same sequence on their next victim or their next target so the more that we understand about that the more that we can forecast eight from a mitigation standpoint but the also by the same token the more correlation we're doing on these playbooks the more machine learning we're doing on this playbooks the more we were able to do attribution and attribution is the Holy Grail it's always been the toughest thing to do when it comes to research but by combining the framework that we're using with playbooks and AI machine learning it's a very very powerful recipe and that's that's what we need to get right and move forward in the right direction Derrick McKey ordinance chief of security insights and threat alliances thanks again for being on the cube it's a pleasure anytime happy to talk and I want to thank you for joining us for another cube conversation I'm Peter Burris see you next time [Music]
**Summary and Sentiment Analysis are not been shown because of improper transcript**
ENTITIES
Entity | Category | Confidence |
---|---|---|
Peter Burris | PERSON | 0.99+ |
2019 | DATE | 0.99+ |
four | QUANTITY | 0.99+ |
2020 | DATE | 0.99+ |
Derrick McKey | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
November 2019 | DATE | 0.99+ |
40 | QUANTITY | 0.99+ |
five years | QUANTITY | 0.99+ |
Derek manky | PERSON | 0.99+ |
Silicon Valley | LOCATION | 0.99+ |
last year | DATE | 0.99+ |
third generation | QUANTITY | 0.99+ |
five million dollars | QUANTITY | 0.99+ |
first phase | QUANTITY | 0.99+ |
Derrick | PERSON | 0.99+ |
eight | QUANTITY | 0.98+ |
Palo Alto California | LOCATION | 0.97+ |
millions of dollars | QUANTITY | 0.97+ |
5g | QUANTITY | 0.97+ |
first | QUANTITY | 0.95+ |
five G | QUANTITY | 0.94+ |
each | QUANTITY | 0.94+ |
Dannette | ORGANIZATION | 0.93+ |
both | QUANTITY | 0.93+ |
decades | QUANTITY | 0.91+ |
Fortinet | ORGANIZATION | 0.9+ |
one | QUANTITY | 0.9+ |
Ford Annette | ORGANIZATION | 0.87+ |
one last thought | QUANTITY | 0.87+ |
three generations | QUANTITY | 0.85+ |
a couple of years | QUANTITY | 0.84+ |
last five years | DATE | 0.83+ |
a lot of work | QUANTITY | 0.8+ |
50 page | QUANTITY | 0.75+ |
sect DevOps | TITLE | 0.74+ |
one breach | QUANTITY | 0.73+ |
playbooks | COMMERCIAL_ITEM | 0.73+ |
past 10 20 30 years | DATE | 0.68+ |
years | QUANTITY | 0.66+ |
next few years | DATE | 0.63+ |
million | QUANTITY | 0.63+ |
about | QUANTITY | 0.62+ |
AET | ORGANIZATION | 0.6+ |
CSE | TITLE | 0.6+ |
couple of things | QUANTITY | 0.59+ |
about four | QUANTITY | 0.55+ |
2 | OTHER | 0.49+ |
generation 3 | QUANTITY | 0.46+ |
generation | OTHER | 0.46+ |
Blue | TITLE | 0.45+ |
1 | QUANTITY | 0.34+ |
Derek Manky, Fortinet - Office of CISO | CUBEConversation, November 2019
(upbeat jazz music) [Woman] - From our Studios in the heart of Silicon Valley, Palo Alto, California, this is a CUBE conversation. >> Hello and welcome to theCUBE Studios in Palo Alto, California, for another CUBE conversation, where we go in depth with thought leaders driving innovation across tech industry. I'm your host Peter Burris. Almost everybody's heard of the term black-hat and white-hat. And it constitutes groups of individuals that are either attacking or defending security challenges. It's been an arms race for the past 10, 20, 30 years as the worlds become more digital. And an arms race that many of us are concerned that black-hats appear to have the upper hand. But there's new developments in technology and new classes of tooling that are actually racing to the aid of white-hats and could very well upset that equilibrium in favor of the white-hats. To have that conversation about the ascension of the white-hats, we're joined by Derek Manky, who's the Chief Security Insights & Global Threat Alliances lead at Fortinet. Derek, thanks for joining us for another CUBE conversation. >> It's always a pleasure speaking with you. [Peter] - All right. [Derek] - Happy to be here. >> Derek, let's start, what's going on at FortiLabs at Fortinet? >> So 2019, we've seen a ton of development, a lot pretty much on track with our predictions when we talked last year. Obviously a big increase in volume, thanks to offensive automation. We're also seeing low volume attacks that are disrupting big business models. I'm talking about targeted ransom attacks, right. But, you know, criminals that are able to get into networks, cause millions of dollars of damages thanks to critical revenue streams being held. Usually in the public sector we've seen a lot of this. We've seen a rise in sophistication's, the adversaries are not slowing down. AET's, the mass evasion techniques are on the rise. And so, you know, to do this on FortiGaurd Labs, to be able to track this and map this, we're not just relying on logs anymore and, you know, 40, 50 page white papers. So, we're actually looking at that playbooks now, mapping the adversaries, understanding their tools, techniques, procedures, how they're operating, why they're operating, who are they hitting and what might be their next moves. So that's a bit development on the intelligence side too. >> All right, so imagine a front this notion that the white-hats might be ascending. I'm implying a prediction here. Tell us a little bit about what we see on the horizon for that concept of the white-hats ascending and specifically, why is a reason to be optimistic? >> Yeah, so it's been gloomy for decades like you said. And for many reasons, right, and I think those reasons are no secrets. I mean, cyber criminals and black-hats have always been able to move very, you know, with agility right. Cyber crime has no borders. It's often a slap on the wrist that they get. They can do a million things wrong, they don't care, there's no ethics and quite frankly no rules binding them right. On the white-hand side, we've always had rules binding us, we've had to take due care and we've had to move methodically, which slows us down. So, a lot of that comes in place because of frameworks, because of technology as well, having to move after it's enabled to with frameworks, specifically with making corrective action and things like that. So, those are the challenges that we faced against. But you know like, thinking ahead to 2020, particularly with the use of artificial intelligence, everybody talks about AI, it's impacted our daily lives, but when it comes to cyber security, on the white-hat side a proctor AI and machine learning model takes times. It can take years. In fact in our case, our experience, about four to five years before we can actually roll it out to production. But the good news is, that we have been investing, and when I say we, I'm just talking to the industry in general and white-hat, we've been investing into this technology because quite frankly we've had to. It takes a lot of data, it takes a lot of smart minds, a lot of investment, a lot of processing power and that foundation has now been set over the last five years. If we look at the black-hats, it's not the case. And why? Because they've been enjoying living off the land on low hanging fruit. Path of least resistance because they have been able to. >> So, what are the things that's changing that, equilibrium then, is the availability of AI and as you said, it could take four, five years to get to a point where we've actually got useful AI that can have an impact. I guess that means that we've been working on these things for four, five years. What's the state of the art with AI as it pertains to security, and are we seeing different phases of development start to emerge as we gain more experience with these technologies? >> Yeah, absolutely. And it's quite exciting right. AI isn't this universal brain that solves the worlds problems that everyone thinks it might be right. It's very specific, it relies on machine learning models. Each machine learning model is very specific to it's task right, I mean, you know, voice learning technology versus autonomous vehicle jobbing versus cyber security, is very different when it comes to these learning purposes. So, in essence the way I look at it, you know, there's three generations of AI. We have generation one, which was the past. Generation two, which is the current, where we are now and the generation three is where we're going. So, generation one was pretty simple right. It was just a central processing alert machine learning model that will take in data, correlate that data and then take action based off of it. Some simple inputs, simple output right. Generation two where we're currently sitting is more advanced. It's looking at pattern recognition, more advanced inputs, distributed models where we have sensors lying around networks. I'm talking about even IoT devices, security appliances and so forth, that still record up to this centralized brain that's learning it and acting on things. But where things get really interesting moving forward in 2020 gets into this third generation where you have especially moving towards cloud computer, sorry, edge computing, is where you have localized learning nodes that are actually processing and learning. So you can think of them as these mini brains. Instead of having this monolithic centralized brain, you have individual learner nodes, individual brains doing their own machine learning that are actually connected to each other, learning from each other, speaking to each other. It's a very powerful model. We actually refer to this as federated machine learning in our industry. >> So we've been, first phase we simply used statistics to correlate events, take action, now we're doing acceptions, pattern recognition, or acceptions and building patterns, and in the future we're going to be able to further distribute that so that increasingly the AI is going to work with other AI so that the aggregate, this federated aggregate gets better, have I got that right? >> Yeah absolutely. And what's the advantage of that? A couple of things. It's very similar to the human immune system right. If you have, if I were to cut my finger on my hand, what's going to happen? Well, localized white blood cells, localized, nothing from a foreign entity or further away in my body, are going to come to the rescue and start healing that right. It's the same, it's because it's interconnected within the nervous system. It's the same idea of this federated machine learning model right. If a security appliance is to detect a threat locally on site, it's able to alert other security appliances so that they can actually take action on this and learn from that as well. So connected machine learning models. So it means that by properly implementing these AI, this federated AI machine earning models in an organization, that that system is able to actually in a auto-immune way be able to pick up what that threat is and be able to act on that threat, which means it's able to respond to these threat quicker or shut them down to the point where it can be you know, virtually instantaneous right, before the damage is done and bleeding starts happening. >> So the common baseline is continuously getting better even as we're giving opportunities for local managers to perform the work in response to local conditions. So that takes us to the next notion of, we've got this federated AI on the horizon, how are people, how is the world of people, security professionals going to change? What kind of recipes are they going to follow to insure that they are working in a maximally productive way with these new capabilities, these new federated capabilities, especially as we think about the introduction of 5G and greater density of devices and faster speeds in the relatancies? >> Yeah so, you know the world of cyber computer, cyber security has always been incredibly complex. So we're trying to simplify that and that's where again, this federated machine learning comes into place, particularly with playbooks, so if we look at 2019 and where we're going in 2020, we've put a lot of groundwork quite frankly and so pioneering the work of playbooks right. So when I say playbooks I'm talking about adversary playbooks, knowing the offense, knowing the tools, techniques, procedures, the way that these cyber crime operations are moving right and the black-hats are moving. The more that we can understand that, the more we can predict their next move and that centralized language right, once you know that offense, we can start to create automated blue team playbooks, so defensive playbooks. That security technology can automatically integrate and respond to it, but getting back to you question, we can actually create human readable CECO guides that can actually say, "Look, there's a threat," "here's why it's a problem," "here are the gaps in your security that we've identified," "here's some recommended course of action as an idea too." Right, so that's where the humans and the machines are really going to be working together and quite frankly moving at speed, being able to that at machine level but also being able to simplify a complex landscape, that is where we can actually gain traction right. This is part of that ascendancy of the white-hat because it's allowing us to move in a more agile nature, it's allowing us to gain ground against the attackers and quite frankly, it allows us to start disrupting their business model more right. It's a more resilient network. In the future this leads to the whole notion of self-healing that works as well that quite frankly just makes it a big pain, it disrupts your business model, it forces them to go back to the drawing board too. >> Well, it also seems as though, when we start talking about 5G, that the speeds, as I said the speeds, the dentancy, the reduced latency, the potential for a bad thing to propagate very quickly, demands that we have a more consistent, coherent response, at both the the machine level but also the people level. We 5G into this conversation. What's, what will be the impact to 5G on how these playbooks and AI start to come together over the next few years? >> Yeah, it's going to be very impactful. It is going to take a couple of years and we're just at the dawn of 5G right now. But if you think of 5G, your talking about a lot more volume, essentially as we move to the future, we're entering into the age of 5G and edge computing. And 5G and edge computing is going to start eating the cloud in a sense that more of that processing power that was in the cloud is starting to shift now towards edge computing right. This is at on Premis.it So, A; it is going to allow models like I was talking about, federated machine learning models and from the white-hats point of view, which again I think we are in the driver seat and a better, more advantageous position here, because we are more experienced again like I said, we've been doing this for years with black-hats quite frankly haven't. Yes, they're toying with it, but not in the same level and skill as we have. But, you know, (chuckles) I'm always a realist. This isn't a completely realsy picture, I mean, it is optimistic that we are able to get this upper hand. It has to be done right. But if we think about the weaponisation of 5G, that's also a very large problem right. Last year we're talking about swarm networks right, the idea of swarm networks is a whole bunch of devices that can connect to each other, share intelligence and then act to do something like a large scale DDoS attack. That's absolutely in the realm of possibility when it comes to the weaponisation of 5G as well. >> So one of the things, I guess the last question I want to ask you is, is you noted that these playbooks incorporate the human element in ways that are uniquely human. So, having CECO readable recipes for how people have to respond, does that also elevate the conversation with the business and does, allows us to do a better job of understanding risk, pricing risk and appropriately investing to manage and assure the business against risk in the right way? >> Absolutely. Absolutely it does, yeah. Yeah, because the more you know about going back to the playbooks, the more you know about the offense and their tools, the more you know about how much of a danger it is, what sort of targets they're after right. I mean if they're just going trying to look to collect a bit of information on, you know, to do some reconnaissance, that first phase attack might not cause a lot of damage, but if this group is known to go in, hit hard, steal intellectual property, shut down critical business streams through DoS, that in the past we know and we've seen has caused four, five million dollars from one breach, that's a very good way to start classifying risk. So yeah, I mean, it's all about really understanding the picture first on the offensive, and that's exactly what these automated playbook guides are going to be doing on the blue team and again, not only from a CoC perspective, certainly that on the human level, but the nice thing about the playbooks is because we've done the research, the threat hunting and understood this, you know from a machine level it's also able to put a lot of those automated, let's say day-to-day decisions, making security operation centers, so I'm talking about like SecDevOps, much more efficient too. >> So we've talked about more density at the edge amongst these devices, I also want to bring back one last thought here and that is, you said that historically some of the black-hats have been able to access with a degree of impunity, they have necessarily been hit hard, there's been a lot of slapping on the wrist as I think you said. Talk about how the playbooks and AI is going to allow us to more appropriately share data with others that can help both now but also in some of the forensics and the enforcement side, namely the legal and policing world. How are we going to share the responsibility, how is that going to change over the next few years to incorporate some of the folks that actually can then turn a defense into a legal attack? >> Threat elimination is what I call it right. So again, if we look at the current state, we've made great strides, great progress, you know, working with law enforcement, so we've set up public private sector relationships, we need to do that, have security experts working with law enforcement, law enforcements working on their end to train prosecutors to understand cyber crime and so forth. That foundation has been set, but it's still slow moving. You know, there's only a limited amount of playbooks right now. It takes a lot of work to unearth and do, to really move the needle, what we need to do, again like we're talking about, is to integrate a artificial intelligence with playbooks. The more that we understand about groups, the more that we do the threat illumination, the more that we uncover about them, the more we know about them, and by doing that we can start to form predictive models right. Based, I always say old habits die hard. So you know, if an attacker goes in, hits a network and their successful following a certain sequence of patterns, they're likely going to follow that same sequence on their next victim or their next target. So the more that we understand about that, the more that we can forecast A; from a mitigation standpoint, but the, also by the same token, the more correlation we're doing on these playbooks, the more machine learning we're doing on these playbooks, the more we're able to do attribution and attribution is the holy grail, it's always been the toughest thing to do when it comes to research. But by combing the framework that we're using with playbooks, and AI machine learning, it's a very very powerful recipe and that's what we need to get right and forward in the right direction. >> Derek Manky, Fortinet's Chief of Security Insights & Threat Alliances, thanks again for being on theCUBE. >> It's a pleasure. Anytime. Happy to talk. >> And I want to thank you for joining us for another CUBE conversation. I'm Peter Burris, see you next time. (upbeat jazz music) >> Yeah I thought it was pretty good. [Man] - That was great. [Derek] - Yeah, yeah.
SUMMARY :
in the heart of Silicon Valley, Palo Alto, California, that equilibrium in favor of the white-hats. [Derek] - Happy to be here. Usually in the public sector we've seen a lot of this. that the white-hats might be ascending. But the good news is, that we have been investing, What's the state of the art with AI So, in essence the way I look at it, you know, or shut them down to the point where it can be you know, and faster speeds in the relatancies? In the future this leads to the whole notion the potential for a bad thing to propagate very quickly, And 5G and edge computing is going to start eating the cloud does that also elevate the conversation with the business that in the past we know and we've seen has caused four, how is that going to change over the next few years So the more that we understand about that, Derek Manky, Fortinet's Chief of Security Insights Happy to talk. And I want to thank you for joining us Yeah I thought it was pretty good.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Derek | PERSON | 0.99+ |
Peter Burris | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
November 2019 | DATE | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
2019 | DATE | 0.99+ |
2020 | DATE | 0.99+ |
Last year | DATE | 0.99+ |
40 | QUANTITY | 0.99+ |
four | QUANTITY | 0.99+ |
Peter | PERSON | 0.99+ |
FortiLabs | ORGANIZATION | 0.99+ |
last year | DATE | 0.99+ |
Palo Alto, California | LOCATION | 0.99+ |
third generation | QUANTITY | 0.99+ |
FortiGaurd Labs | ORGANIZATION | 0.99+ |
first phase | QUANTITY | 0.98+ |
five years | QUANTITY | 0.98+ |
both | QUANTITY | 0.97+ |
four, five million dollars | QUANTITY | 0.97+ |
50 page | QUANTITY | 0.97+ |
CUBE | ORGANIZATION | 0.97+ |
first | QUANTITY | 0.96+ |
CISO | ORGANIZATION | 0.95+ |
one | QUANTITY | 0.94+ |
Silicon Valley, Palo Alto, California | LOCATION | 0.93+ |
three generations | QUANTITY | 0.93+ |
Each machine | QUANTITY | 0.92+ |
Global Threat Alliances | ORGANIZATION | 0.91+ |
about four | QUANTITY | 0.9+ |
Security Insights & Threat Alliances | ORGANIZATION | 0.9+ |
generation three | QUANTITY | 0.89+ |
one breach | QUANTITY | 0.89+ |
one last thought | QUANTITY | 0.87+ |
last five years | DATE | 0.86+ |
Generation two | QUANTITY | 0.84+ |
generation one | QUANTITY | 0.82+ |
decades | QUANTITY | 0.82+ |
theCUBE Studios | ORGANIZATION | 0.81+ |
years | QUANTITY | 0.77+ |
20 | QUANTITY | 0.76+ |
CECO | ORGANIZATION | 0.69+ |
AET | ORGANIZATION | 0.65+ |
millions of dollars | QUANTITY | 0.64+ |
CoC | ORGANIZATION | 0.63+ |
next few years | DATE | 0.62+ |
Chief | PERSON | 0.62+ |
SecDevOps | TITLE | 0.62+ |
years | DATE | 0.61+ |
Security Insights | ORGANIZATION | 0.57+ |
5G | OTHER | 0.55+ |
30 years | QUANTITY | 0.54+ |
couple | QUANTITY | 0.54+ |
Premis.it | ORGANIZATION | 0.53+ |
5G | QUANTITY | 0.51+ |
past 10 | DATE | 0.48+ |
playbooks | ORGANIZATION | 0.43+ |
5G | ORGANIZATION | 0.36+ |
Derek Collison, Synadia | KubeCon + CloudNativeCon NA 2019
>> Announcer: Live from San Diego, California, it's theCUBE, covering Kubecon and CloudNativeCon, brought to you by RedHat, a CloudNative computing foundation and it's ecosystem partners. >> Hi and welcome back to Kubecon, CloudNativeCon 2019 here in San Diego. I'm Stu Miniman and my cohost for three days of coverage is John Troyer, and happy to welcome back to the program, was on the keynote stage earlier at the conference, Derek Collison is the founder and CEO of Synadia. >> Yes, welcome. >> Stu: Showing the logo, thanks so much for joining us, Derek. >> Oh, thank you, I really appreciate it, it's been a while. >> Yeah, it has, so you know, we've known you for many years, had you on the program, you look at us, you've got one of those VIP logos 'cause you've been on the show a few times, and you've seen a couple of these waves. Latest thing, of course, you're talking a lot about NATS, but of course Cloud Foundry you built that, so you've seen a lot of these waves, but I want to start with something you said that I thought was really thought-provoking and interesting. A lot of people, we talk about the Cloud economy, talk about the data economy... You talk about the connective economy, so, explain to our audience a little bit what that means. >> So, the general gist of it is, hey, where's the innovation and where's the value coming out of information technology, IT, infrastructure and things like that, and for a long time, we were swept up in the Cloud economy, which was how you move from CapEx into OpEx, and things like that, and then of course it was all about data. And it still is about data, but if you notice, it's not the data moving to where you're trying to process things, now it's all of a sudden being distributed, and so you take that, and you take MicroServices, and you take all these things, and at least from my perspective, I see the value driving out of these systems now is in, how are they connected? How are you observing them, how are you securing them and trusting them? And I believe that's where the value in the next wave of innovation's going to come from. >> Yeah, it's funny, I hear sometimes we talk about the pendulum of technology, and I look in the ten years we've been doing this, really we're talking about the journey along the distributed architecture we've been trying to build, and it's not moving back and forth, but it's kind of... >> Derek: Circling. >> It's kind of circling, and some of the themes are repeating, but it's growing that along the way, so, give us NATS and messaging, how this plays into helping to solve that communication issue, it's the kind of thing, we read about in the Google papers as to, global distributed architectures. >> Yeah, so, the general gist is that NATS was built to power Cloud Foundry, right, and that was the deployment mechanism for applications and such like that. And NATS, just like a lot of the other technologies, was built for an itch I needed to scratch. And it was a silo technology. So about two years ago, we had the opportunity to actually think about if we wanted to make a business out of NATS, right? And any time you say open source and commercial entity, there's challenges, and I don't think anyone has all of the answers. But the answer we came up with internally as a team was, we need to build something that's value is greater than the sum of its parts. I personally, again, and a lot of people won't agree with me and that's okay, I don't believe in the open core model. I don't believe in the fact that you make certain enterprise features and certain open source features. However, what I do believe is that if we could take a communication technology and make it a true utility, like the global cellular now, or the Internet, and connect everything, we'd have these opportunities that no one could foresee, for example, with the web, or even with the global cellular network and what people think is about to happen with the 5G. So we took NATS, which is a very mature technology, made it multi-tinted, made it very, very forward-looking secure, made it run in any Cloud, Edge, IoT, with the hope that we could encourage people to connect everything, start isolated, but have the ability to say, hey, we want to start sharing data securely in an audited way, that it's drop-dead simple to do. It's not a, let's plan a six-month project to integrate your systems with these systems and things like that, and so that's the gist of what we're trying to do, and we believe that running this thing as a server as such that it's a utility, it's not just something for you or for you or for me, it's that we're all using the same thing and we're all connected if we want to be, we think there's value there. >> Derek, maybe let's go in a little bit on NATS, and the service you're running too, but maybe educate us a little bit on the landscape here. We've already talked about IoT, Cloud data, VAP messaging, and I think people understand, to a certain extent, what a messaging system is, sometimes it gets conflated with a streaming system, maybe you could talk about what NATS does really well, we've talked about security, we've talked about a few other things, you've teased already here, but how should we be thinking about NATS? >> Well, I think, outside of NATS, just in general, any type of way of communications, we need to think secure by default, right? We can't do what happened with the Internet, where we go, ooh, it'd be really nice to do these kind of things, but we need security. And we have to wait, as a group of excited individuals, probably 15 years to get that, we can't do that in this generation with IoT and things. But when you look at NATS, or any technology, there's essentially two types of patterns that anybody wants to support. A service-based pattern, where I ask you a question, you give me an answer, ninety-plus percent of distributed systems today, that's their main architectural pattern. So I'm coordinating and asking a lot of questions of these services, micro-services, you know, has become popular. Streaming is now becoming popular with things like Kafka and stuff like that, it's been around for a while, but that's the second, other pattern. So it's like, I'm emitting events or data streams or things like that, and they could be persisted or not, but essentially if you want to make it simple, it's services and streams, and for us, we wanted technology that did equally well in both of them, right, you didn't have to pick one technology for one pattern and another one for a different one. >> All right, let's talk a little bit about your business. So you talked a little bit about kind of the business model, so explain the business model, what you're doing, how that actually goes together? >> Yeah, and for the viewers, this is our take on it, which means it's advice, you get what you pay for, it's free, type of stuff, but, you know... Been around the block a little bit. So, when we started out, what we didn't want to do is ignore the old models. I don't think a long-term business model is the old models, meaning recurring support, consulting, NRE work type of stuff, but I've also seen startups that ignore that and say, "no, we're not going to do that at all." And I did a little bit of that with my prior company, so we embrace that, but we know long-term that's not going to be it. So we deploy a global network, we have a global network, it's available with a single URL, secure by default, runs in every Cloud, every major GO, and more importantly, you can extend it on your own, on your own servers, with the RN off to do that. And we believe that Saas model, that utility model where, again, its value is greater than the sum of its parts, allows us to keep everything open-source, but there's a value in being connected to this network. Multi-Cloud, Cloud to Edge, all that kind of stuff. And what we want is we want customers to slowly transition to that. I've been telling people there's basic cable, which is like, just the dial tone, then there's going to be premium channels on that, that you can pay for, like storage, DR, secrets, zero-trust mechanisms, anomaly detection around communication patterns. People might opt in and say, "ooh, we want to pay for those things 'cause they're interesting to us." And then the last piece of that pie is, there may be people who are running against the global utility, running their own servers, and they go, "that service right there inside of that system, we love it, we want it on premise, can we actually license it from you?" So it's a combination of softwares and service, license revenue, and recurring support. >> Okay, and so, are you enabling partners to deliver those services, is that Synadia does that themselves, where do those premium services come from? >> So, we're going to seed the market, but yeah, we want it to be an open marketplace, and what we will provide is things like billing and such like that, almost, not exactly, but almost like the app store, the Apple app store, where someone who just wants to write a simple service, and if people like it, they don't have to do much, they just have it run and it's receiving stuff and they just get paid. So we do think that's a federated model. Believe it or not, we also feel running the network on a global scale is also federated. So we've designed it such that we don't have to be the only operators. Matter of fact, if we're successful, we're the smallest operator going forward. But, the system is always interconnected, right, so if John's trying to connect in and he's connecting to a Google server, I can connect to that server also, even though Synadia might have actually granted me the rights to access the system. And so we're working on that, we're thinking about that, but Cloud providers are really good at running infrastructure and running services on that infrastructure. We want to embrace that, we just want to make sure that any user of the system, it's like a SIM card that's unlocked, essentially, right? You could go to any provider that you want and it works, that's what we want to make sure we set up for. >> Right, it seems like a great example of this next wave of companies that's being built on top of the existing Cloud infrastructure. You don't have to be a hoster yourself, you could take advantage of and partner with all the other infrastructure providers and interconnect them in several different ways. Maybe, Derek, could you give us an example of an app, what an app might look like that's globally distributed and what kind of messages would be being passed back and forth? >> Sure, so, we're about to release something on Synadia where we truly believe, at the base of everything, it's just sending messages. And so, most people think of NATS as a communication mechanism, and it is, but when we say storage or state storage, they kind of say, "oh, NATS doesn't do that." But we can send a message to a KV service that says KV.set, and I could send a message that says KV get and get it back. Now, what's interesting is, we can make that zero trust, meaning, it leaves your app totally encrypted, so none of our servers, none of Google, Amazon, or Azure's servers, actually even understand what the heck it is, but what's interesting is, you could connect to any of our servers worldwide, or even run your own servers, and connect to those, and it works, all the time. We have another one that's just a usage server, meaning it tells you how much usage you've been racking up, let's say, over the month, kind of like a cell bill. And the way we built it was, there's multiple servers that are running, collecting this data, totally independent, there's no consensus. Everyone has the same subject, NGS.usage, you send a request saying, "what's my usage for the last hour?" Yet the backend service, guaranteed secure, trusted, it receives a request that it knows it's John, knows it's Stu, knows it's Derek, and so it can say, "oh, I'm trying to get John's usage, I'm trying to get Stu's usage." Yet the user experience is, everyone does the same thing, which we think is extremely powerful. And you don't have to do anything unnatural to get that with a system like NATS, right, where we tried to put security first and really think hard about what it meant, and that wasn't fun, it wasn't easy, but we think it's important. >> Yeah. So, Derek, I want to kind of step up-level a second here, 'cause you've got some great viewpoints on things, so, there's some people that look at a show like this or look at the industry and say, "Ah, there's all this hype around multi-Cloud, but there's a lot of challenges." Does it become least common denominator? How do these things work together? My definition that I've been saying for a while, I'll use a phrase you've used a couple of times. If, for multi-Cloud to be real, the value that I get out of it has to be greater than the sum of its parts. You live through the PaaS and the post-PaaS era, you've done a number of environments here, so where are we today, where do we need to go as an industry, as a whole, to reach that value statement that we talk about? >> Yeah, that's a great question. Even from day one in Cloud Foundry, I've believed in multi-Cloud, but I've watched how the markets have actually reacted and what they are doing, and the first wave in my perspective was, posturing for better pricing. To be honest with you, it was Netflix go, "hey we're going to move to Google unless you give us a better price." And I've seen that time and time again. Where it becomes real, though, is, when there's a class of service in a given Cloud provider, that is extremely attractive. Amazon, just in terms of the breadth, Azure a lot for some of the big data stuff, Google a lot for some of the AI stuff they have. Where an organization has a legitimate use to say "we really need best of breed in AI," best of breed in, let's say, big data, and they want to run an app in Azure and an app in Google, and that's kind of the realest situation I've seen. The notion of running something that's truly oblivious and can run anywhere, it's possible, but your lowest common denominators compute and simple storage, and a lot of times, that's not actually distinguishing. So I still see a lot of pricing pressure, you know, posturing, around multi-Cloud, just as a negotiation tactic. Where I see it being real is, this class of app, we want to run it in this Cloud provider to access these services that are differentiating. >> Derek, you have been around for a few generations of Stack wars, PaaS wars, I don't know that they need a name. Any advice to application architects and technologists who are choosing technologies here? I mean, here at this conference, Kubernetes is kind of a common assumption for a lot of what people are doing, not everybody, but there's a lot of other parts that plug into it, and a lot of other decisions to be made about architectures, and about, everything from messaging, to security, to networking, to storage, and I can go on and on and on and on. So, I mean how... Again, you've seen this happen a couple times, people having to pick and make choices, worried about lock-in, whatever they're worried about, I don't know. What are your thoughts on what's the, what are the right ways to do this so you actually succeed? >> Yeah, you know, it's a great question. And yeah, I have seen the pendulum swing back and forth quite a bit, but I think for the viewers, I can simplify it, at least from my perspective. It goes between choice and simplicity. So if you look in even the PaaS wars versus IaS versus all that stuff, PaaS was a swing towards simplicity, get stuff done, you know what I mean? And then there was like, "oh, I can get stuff done, but I don't have enough choice." So we saw this swing back, and I think Kubernetes hit at the absolute perfect time to take advantage of, "hey, we need choice at these base layers," right? And the way Kubernetes was architected was to give you that full choice. So if a startup's coming along and saying, okay, given the fact that the pendulum's over here, knowing it's going to be swinging back, and at least in my opinion, we're swinging back for simplicity, concentrate on, how do you simplify what people are struggling with today? So at this conference, there's a tremendous amount of people, you can get a lot of insight into what's going on, ask 'em where it hurts, you know what I mean? What are you struggling with? How long have you been struggling with it? And then solve those problems, especially when the pendulum you know is starting to swing back around. Hey, can we do this in a more simplified way, why does it have to be so hard? Those are the big opportunities right now. But again, it'll swing this way, and it'll swing back, eventually it'll get to the middle, and then we'll pick a whole other class of problems to, you know, swing back and forth from. >> Well, you know, it actually, it's not surprising to me that you're actually echoing a comment that Steve Harrod made on the program yesterday, saying when he goes and talks to all the companies here, it's, tell me how you make my life better as a company, and that's what we need to focus on. That wave toward simplicity absolutely is something we see, it's something we've been driving toward from Kubernetes, but an area that you're spending some time in talking about at the keynote, Edge computing. And absolutely, we need simplicity for that to be able to come there. What are you seeing in the Edge space, what's real, customers you're talking to, give us a little bit of forward-looking as where you see that whole space going. >> Yeah, so, I mean, for me, Edge and IoT, you can define it a lot of different ways, but even for enterprise companies that are here, it's, hey, do you deploy a piece of software out into the field, or a hardware/software combination? So, Bose headsets, Peloton bikes, whatever, that's kind of an industrial IoT type of thing. I see a lot of people wanting to drag what they think works in Cloud out to the Edge. Kubernetes works here, we're going to drag it out here. We're just going to slim it up a little bit and package it. I don't know if that's the right answer. What I think we need to think about is how do we get data and compute, compute meaning processing of that data, securely in a trusted fashion out to the Edge, however that works? It doesn't necessarily mean we have to have all the same pieces, but you have to say, I want to push an update and I want it to go over the air so to speak to the Edge, I want to be able to trust that it's doing the right thing. And so I think there's a massive amount of opportunity around that, and in how do you move all those pieces around. And what we're trying to do at Synadia is encompassing both, right? So we started with the secure by default, trusting in the beginning, and then if we say, hey, it's just messages, and in the keynote, I talked a little bit about our excitement around web assembly. But where we get excited about it is, we give you a drop-dead easy system and say, I want to digitally sign that web assembly for use in this certain situation at the Edge. And then that shovels it out there, and the system looks at it, verifies that it was signed by John, and says, yep, I can run this now. And so we're looking very heavily at those types of opportunities. We don't care how the things are deployed per se, but I would say that I think as you get further out, I think you're going to see more common denominators around web assembly, secure and signed web assemblies, than on how we actually deploy them. So you're going to see lighter weight things, not to say that Kubernetes might not have relevance out there, but I don't think it's needed to get to where we want. We need that trust factor, ubiquitous, communications to really kind of light that field up. The other one at least that we feel we need to meet the customer where they're at, is most of the IoT type devices are MQTT. And so we talked also that in Q1, we're going to allow native MQTT apps to connect directly into a NATS server and the NGS ecosystem, meaning you get the best of both worlds as well. Then an Edge router's running a NATS server, could be a raspberry pie, thousands of devices all connecting in, we think that connectivity and trust will light up a lot of opportunities. >> All right, well, Derek, always a pleasure to catch up with you, thanks so much for the updates. >> Thank you guys, I really appreciate it. >> All right. John Troyer, I'm Stu Miniman, back with lots more coverage here at Kubecon CloudNativeCon, thanks for watching theCUBE.
SUMMARY :
brought to you by RedHat, of coverage is John Troyer, and happy to welcome Stu: Showing the logo, thanks so much it's been a while. Yeah, it has, so you know, we've known you it's not the data moving to where you're trying and I look in the ten years we've been doing this, that communication issue, it's the kind of thing, but have the ability to say, hey, we want to and the service you're running too, to get that, we can't do that in this generation So you talked a little bit about kind of Yeah, and for the viewers, this is our take You could go to any provider that you want You don't have to be a hoster yourself, And the way we built it was, statement that we talk about? and the first wave in my perspective was, for a lot of what people are doing, to take advantage of, "hey, we need choice for that to be able to come there. and the NGS ecosystem, meaning you get for the updates. back with lots more coverage here
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
John Troyer | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
Derek Collison | PERSON | 0.99+ |
Stu Miniman | PERSON | 0.99+ |
Steve Harrod | PERSON | 0.99+ |
John | PERSON | 0.99+ |
Amazon | ORGANIZATION | 0.99+ |
six-month | QUANTITY | 0.99+ |
San Diego | LOCATION | 0.99+ |
Synadia | ORGANIZATION | 0.99+ |
ninety-plus percent | QUANTITY | 0.99+ |
Bose | ORGANIZATION | 0.99+ |
15 years | QUANTITY | 0.99+ |
Netflix | ORGANIZATION | 0.99+ |
San Diego, California | LOCATION | 0.99+ |
ORGANIZATION | 0.99+ | |
RedHat | ORGANIZATION | 0.99+ |
ten years | QUANTITY | 0.99+ |
three days | QUANTITY | 0.99+ |
KubeCon | EVENT | 0.99+ |
Stu | PERSON | 0.99+ |
both | QUANTITY | 0.99+ |
second | QUANTITY | 0.99+ |
two types | QUANTITY | 0.99+ |
CapEx | ORGANIZATION | 0.98+ |
one | QUANTITY | 0.98+ |
Kafka | TITLE | 0.98+ |
CloudNative | ORGANIZATION | 0.98+ |
CloudNativeCon | EVENT | 0.98+ |
both worlds | QUANTITY | 0.97+ |
NATS | ORGANIZATION | 0.97+ |
Kubernetes | PERSON | 0.97+ |
Cloud Foundry | ORGANIZATION | 0.97+ |
yesterday | DATE | 0.97+ |
Q1 | DATE | 0.96+ |
one pattern | QUANTITY | 0.96+ |
Azure | TITLE | 0.94+ |
Azure | ORGANIZATION | 0.93+ |
Cloud | TITLE | 0.93+ |
Apple app store | TITLE | 0.93+ |
today | DATE | 0.92+ |
thousands of devices | QUANTITY | 0.92+ |
single | QUANTITY | 0.91+ |
PaaS | TITLE | 0.91+ |
CloudNativeCon 2019 | EVENT | 0.9+ |
Peloton | ORGANIZATION | 0.9+ |
Kubecon | EVENT | 0.9+ |
KV | ORGANIZATION | 0.87+ |
IaS | TITLE | 0.86+ |
about two years ago | DATE | 0.86+ |
first | EVENT | 0.85+ |
day one | QUANTITY | 0.83+ |
wave | EVENT | 0.82+ |
Edge | ORGANIZATION | 0.81+ |
CloudNativeCon NA 2019 | EVENT | 0.78+ |
NATS | TITLE | 0.77+ |
Edge | TITLE | 0.74+ |
app store | TITLE | 0.74+ |
Kubernetes | ORGANIZATION | 0.74+ |
zero trust | QUANTITY | 0.74+ |
OpEx | TITLE | 0.72+ |
Kubecon | ORGANIZATION | 0.72+ |
Derek Dicker, Micron | Micron Insight 2019
>>Live from San Francisco. It's the cube covering my groin. Insight 2019 brought to you by micron. >>Welcome back to pier 27 in San Francisco. I'm your host Dave Vellante with my cohost David foyer and this is the cube, the leader in live tech coverage. This is our live coverage of micron insight 2019 we were here last year talking about some of the big picture trends. Derek ticker is here, he's the general manager and vice president of the storage business unit at micro and great to see you again. Thank you so much for having me here. Welcome. So you know we talk about the super powers a lot, you know, cloud data, AI and these new workloads that are coming in. And this, this, I was talking to David earlier in our kickoff like how real is AI? And it feels like it's real. It's not just a bunch of vendor industry hype and it comes in a lot of different forms. Derek, what are you seeing in terms of the new workloads and the big trends in artificial intelligence? >>I think just on the, on the front end, you guys are absolutely right. The, the role of artificial intelligence in the world is, uh, is absolutely transformational. I was sitting in a meeting in the last couple of days and somebody was walking through a storyline that I have to share with you. That's a perfect example of why this is becoming mainstream. In Southern California at a children's hospital, there were a set of parents that had a few days old baby and this baby was going through seizures and no one could figure out what it was. And during the periods of time of the seizure, the child's brain activity was zero. There was no brain activity whatsoever. And what they did is they performed a CT scan, found nothing, check for infections, found nothing. And can you imagine a parent just sitting there dealing with their child and that situation, you feel hopeless. >>This particular institution is so much on the bleeding edge. They've been investing in personalized medicine and essentially what they were able to do was extract a sample of blood from that sample of blood within a matter of minutes. They were able to run an algorithm that could sift through 5 million genetic variants to go find a potential match for a genetic variant that existed within this child. They found one that was 0.01% of the population found a tiny, tiny, call it a less than a needle in the haystack. And what they were able to do is translate that actual insight into a treatment. And that treatment wasn't invasive. It didn't involve surgery. It involves supplements and providing this shower, just the nutrients that he needed to combat this genetic variant. But all of this was enabled through technology and through artificial intelligence in general. And a big part of the show that we're here at today is to talk about the industry coming together and discussing what are the great advances that are happening in that domain. >>It's just, it's super exciting to see something that touches that close to our life. I love that story and that's, that's why I love this event. I mean, well, obviously micron memories, you know, DRAM, NAND, et cetera, et cetera. But this event is all about connecting to the impacts on our lives. You take, you take that, I used to ask this question a lot of when will machines be able to make better diagnoses than, than doctors. And I think, you know, a lot people say, well they already can, but the real answer is it's really about the augmentation. Yeah. You know, machines helping doctors get to that, you know, very, you know, uh, a small probability 0.1001% yes. And it'd be able to act on it. That's really how AI is affecting our lives every day. >> Wholeheartedly agree. And actually that's a, that's a big part of our mission. >>Our mission is to transform how the world uses information to enrich life. That's the heart and soul of what you just described. Yeah. And we're actually, we're super excited about what we see happening in storage as a result of this. Um, one of the, one of the things that we've noticed as we've gotten engaged with a broad host of customers in the industry is that there's a lot of focus on artificial intelligence workloads being handled based on memory and memory bandwidth and larger amounts of memory being required. If you look at systems of today versus systems of tomorrow, based on the types of workloads that are evolving from machine learning, the need for DRAM is growing dramatically. Multiple factors, we see that, but what nobody ever talks about or rarely talks about is what's going on in the storage subsystem and one of the biggest issues that we've found over time or challenges that exist is as you look at the AI workloads going back to 2014 the storage bandwidth required was a few megabytes per second and called tens of, but if you just look every year, over time we're exceeding at gigabyte, two gigabytes of bandwidth required out of the storage subsystem. >>Forget the memory. The storage is being used as a cash in it flushes, but once you get into a case where you actually want to do more work on a given asset, which of course everybody wants to do from a TCO perspective, you need super high performance and capability. One of the things that that we uncovered was by delivering an SSD. This is our 9,300 drive. We actually balanced both the read IOPS and the ride IOPS at three gigs per second. And what we allow to have happened is not just what you can imagine as almost sequential work. You load up a bunch of data into a, into a training machine, the machine goes and processes on it, comes back with a result, load more data in by actually having a balanced read and write a model. Your ingest times go faster. So while you're working on a sequence, you can actually ingest more data into the system and it creates this overall efficiency. And it's these types of things that I think provided a great opportunity for innovation in the storage domain for these types of that's working >> requiring new architectures in storage, right? I mean, yeah, >>I mean, th th so one of the things that's happened in, in bringing SSDs in is that the old protocols were very slow, etc. And now we all the new protocols within in Vme and potentially even more new protocols coming in, uh, into this area. What's micron? What, how is micron making this thing happen? This speed that's gonna provide these insights? >>It's a fan fan. Fantastic question and you're absolutely right. The, the world of standards is something that we found over the course of time. If you can get a group of industry players wrapped around a given set of standards, you can create a large enough market and then people can innovate on top of that. And for us in the, in the storage domain, the big transitions had been in Sada and NBME. You see that happening today when we talked a little bit about maybe a teaser for what's coming a little later at, at our event, um, in some of the broader areas in the market, we're talking about how fabrics attach storage and infrastructure. And interestingly enough, where people are innovating quite a bit right now is around using the NBME infrastructure over fabrics themselves, which allows for shared storage across a network as opposed to just within a given server there. >>There's some fantastic companies that are out there that are actually delivering both software stacks and hardware accelerators to take advantage of existing NBME SSDs. But the protocol itself gets preserved. But then they can share these SSDs over a network, which takes a scenario where before you were locked with your storage stranded within a server and now you can actually distribute more broad. It's amazing difference, isn't it at that potential of looking at data over as broad an area as you want to. Absolutely. And being able to address it directly and having it done with standards and then having it done with low enough latency such that you aren't feeling severely disadvantaged, taking that SSD out of a box and making it available across a broad network. So you guys have a huge observation space. Uh, you sell storage to the enterprise, you sell storage to the cloud everywhere. >>I want to ask you about the macro because when you look at the traditional storage suppliers, you know, some of them are struggling right now. There aren't many guys that are really growing and gaining share because the cloud is eating away at that. You guys sell to the cloud. So that's fine. Moving, you know, arms dealer, whoever wins it may the best man win. Um, but, but at the same time, customers have ingested so much all flash. It's giving them head room and so they're like, Hey, I'm good for awhile. I used to have this spinning disc. I'd throw spinning disc at it at the problem till I said, give me performance headroom. That has changed. Now we certainly expect a couple of things that that will catch up and there'll be another step function. But there's also elasticity. Yes. Uh, you saw for instance, pure storage last quarter said, wow, hit the price dropped so fast, it actually hurt our revenues. >>And you'd say, well, wait a minute. If the price drops, we want people to buy more. There's no question that they will. It just didn't happen fast enough from the quarter. All of these interesting rip currents going on. I wonder what you're seeing in terms of the overall macro. Yeah. It's actually a fantastic question. If you go back in time and you look at the number of sequential quarters, when we had ASP decreases across the industry, it was more than six. And the duration from peak to trough on the spot markets was high double digit percentages. Not many markets go through that type of a transition. But as you suggested, there's this notion of elasticity that exists, which is once the price gets below a certain threshold, all of a sudden new markets open up. And we're seeing that happen today. We're seeing that happen in the client space. >>So, so these devices actually, they're going through this transition where companies are actually saying, you know what, we're going to design out the hard drive cages for all platforms across our portfolio going into the future. That's happening now. And it's happening largely because these price points are enabling that, that situation and the enterprise a similar nature in terms of average capacities and drives being deployed over time. So it's, I told you, I think the last time we saw John, I told just one of the most exciting times to be in the memory and storage industry. I'll hold true to that today. I, I'm super excited about it, but I just bought a new laptop and, and you know, I have, you know, a half a half a terabyte today and they said for 200 bucks you can get a terabyte. Yes. And so I said, Oh wow, I could take everything from 1983 and bring it, bring it over. >>Yeah. Interestingly, it was back ordered, you know, so I think, wow, it am I the only one, but this is going to happen. I mean, everybody's going to have, you know, make the price lower. Boom. They'll buy more. We, we, we believe that to be the case for the foreseeable future. Okay. Do you see yourself going in more into the capacity market as well with SSTs and I mean, this, this, this drop, let's do big opportunity or, yeah. Actually, you know, one of the areas that we feel particularly privileged to be able to, to engage in is the, the use of QLC technology, right. You know, quad level solar for bits per cell technology. We've integrated this into a family of, uh, of SSDs for the enterprise, or interestingly enough, we have an opportunity to displace hard drives at an even faster rate because the core capability of the products are more power efficient. >>They've got equal to, or better performance than existing hard drives. And when you look at the TCO across a Reed intensive workloads, it's actually, it's a no brainer to go replace those HDD workloads in the client space. There's segments of the market where we're seeing QLC to play today for higher, higher capacity value segments. And then there's another segment for performance. So it's actually each segment is opening up in a more dramatic way. So the last question, I know you got some announcements today. They haven't hit the wire yet, but what, can you show us a little leg, Derrick? What can you tell us? So I, I'll, I'll give you this much. The, um, the market today, if you go look in the enterprise segment is essentially NBME and SATA and SAS. And if you look at MDME in 20 2019 essential wearing crossover on a gigabyte basis, right? >>And it's gonna grow. It's gonna continue to grow. I mentioned earlier the 9,300 product that we use for machine learning, AI workloads, super high performance. There's a segment of the market that we haven't announced products in today that is a, a a mainstream portion of that market that looks very, very interesting to us. In addition, we can never forget that transitions in the enterprise take a really long time, right, and Sada is going to be around for a long time. It may be 15% of the market and 10% out a few years, but our customers are being very clear. We're going to continue to ship Satta for an extended period of time. The beautiful thing about about micron is we have wonderful 96 layer technology. There's a need in the market and both of the segments I described, and that's about as much as I can give you, I don't bet against data. Derek, thanks very much for coming on. Thank you guys so much. You're welcome. There's a lot of facts. Keep it right there, buddy. We'll be back at micron insight 2019 from San Francisco. You're watching the cube.
SUMMARY :
Insight 2019 brought to you by micron. he's the general manager and vice president of the storage business unit at micro and great to see you again. And can you imagine a parent And a big part of the show that we're here at today is to talk about the industry coming together and discussing what are the great And I think, you know, a lot people say, And actually that's a, that's a big part of our mission. That's the heart and soul of what you just described. And what we allow to have happened is not just what you can imagine as almost in bringing SSDs in is that the old protocols were very slow, If you can get a group of industry players So you guys have a huge I want to ask you about the macro because when you look at the traditional storage suppliers, If you go back in time and you look at the number of sequential quarters, when we had ASP I have, you know, a half a half a terabyte today and they said for 200 bucks you can get a I mean, everybody's going to have, you know, make the price lower. And when you look at the TCO across a Reed There's a segment of the market that we haven't announced products in
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
David | PERSON | 0.99+ |
Dave Vellante | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
2014 | DATE | 0.99+ |
Derek Dicker | PERSON | 0.99+ |
last year | DATE | 0.99+ |
San Francisco | LOCATION | 0.99+ |
Southern California | LOCATION | 0.99+ |
0.01% | QUANTITY | 0.99+ |
200 bucks | QUANTITY | 0.99+ |
15% | QUANTITY | 0.99+ |
1983 | DATE | 0.99+ |
SAS | ORGANIZATION | 0.99+ |
10% | QUANTITY | 0.99+ |
Derrick | PERSON | 0.99+ |
9,300 | QUANTITY | 0.99+ |
tens | QUANTITY | 0.99+ |
John | PERSON | 0.99+ |
SATA | ORGANIZATION | 0.99+ |
0.1001% | QUANTITY | 0.99+ |
Micron | ORGANIZATION | 0.99+ |
two gigabytes | QUANTITY | 0.99+ |
last quarter | DATE | 0.99+ |
today | DATE | 0.99+ |
One | QUANTITY | 0.99+ |
20 2019 | DATE | 0.99+ |
tomorrow | DATE | 0.99+ |
NBME | ORGANIZATION | 0.99+ |
one | QUANTITY | 0.98+ |
more than six | QUANTITY | 0.98+ |
both | QUANTITY | 0.98+ |
each segment | QUANTITY | 0.98+ |
zero | QUANTITY | 0.96+ |
micron | ORGANIZATION | 0.96+ |
Sada | ORGANIZATION | 0.96+ |
pier 27 | LOCATION | 0.95+ |
2019 | DATE | 0.95+ |
micron insight | ORGANIZATION | 0.95+ |
9,300 drive | QUANTITY | 0.93+ |
half a half a terabyte | QUANTITY | 0.91+ |
less than a needle | QUANTITY | 0.89+ |
three gigs per second | QUANTITY | 0.89+ |
gigabyte | QUANTITY | 0.87+ |
a minute | QUANTITY | 0.87+ |
5 million genetic variants | QUANTITY | 0.86+ |
David foyer | PERSON | 0.84+ |
layer | OTHER | 0.82+ |
both software | QUANTITY | 0.74+ |
year | QUANTITY | 0.74+ |
micron insight 2019 | ORGANIZATION | 0.74+ |
few days old | QUANTITY | 0.73+ |
few megabytes per second | QUANTITY | 0.7+ |
Micron Insight | ORGANIZATION | 0.7+ |
last couple of days | DATE | 0.69+ |
things | QUANTITY | 0.69+ |
MDME | ORGANIZATION | 0.59+ |
96 | QUANTITY | 0.59+ |
Insight | ORGANIZATION | 0.46+ |
Sada | TITLE | 0.4+ |
terabyte | QUANTITY | 0.37+ |
Satta | COMMERCIAL_ITEM | 0.35+ |
2019 | TITLE | 0.27+ |
Derek Manky, Fortinet | Fortinet Accelerate 2019
>> live from Orlando, Florida It's the que covering accelerate nineteen. Brought to you by important >> Hey, welcome back to the Cube. We are live at forty nine. Accelerate nineteen in Orlando, Florida I am Lisa Martin with Peter Births, and Peter and I are pleased to welcome one of our alumni back to the program during Mickey, the chief of security insights for forty nine. Derek. It's great to have you back on the program, >> so it's always a pleasure to be here. It's tze always good conversations. I really look forward to it and it's It's never a boring day in my office, so we're than happy to talk about this. >> Fantastic. Excellent. Well, we've been here for a few hours, talking with a lot of your leaders. Partners as well. The keynote this morning was energetic. Talked a lot about the evocation, talked a lot about the evolution of not just security and threat, but obviously of infrastructure, multi cloud hybrid environment in which we live. You have been with forty girl lives for a long time. Talk to us about the evolution that you've seen of the threat landscape and where we are today. >> Sure, Yeah, so you know? Yeah, I've been fifteen years now, forty guards. So I flashed back. Even a two thousand, for it was a vastly different landscape back there and Internet and even in terms of our security technology in terms of what the attack surface was like back then, you know, Ken Kennedy was talking about EJ computing, right? Because that's what you know. Seventy percent of data is not going to be making it to the cloud in the future. A lot of processing is happening on the edge on DH. Threats are migrating that way as well, right? But there's always this mirror image that we see with the threat landscape again. Threat landscape. Back in nineteen eighty nine, we started with the Morris Worm is very simple instructions. It took down about eighty percent of the Internet at the time, but he was It is very simple. It wasn't to quote unquote intelligence, right? Of course, if we look through the two thousands, we had a lot of these big worms that hit the scene like Conficker. I love you, Anna Kournikova. Blaster slammer. All these famous rooms I started Teo become peer to peer, right? So they were able to actually spread from network to network throughout organizations take down critical services and so forth. That was a big evolutionary piece at the time. Of course, we saw fake anti virus ransomware. Come on stage last. Whereas I called it, which was destructive Mauer That was a big shift that we saw, right? So actually physically wiping out data on systems these air typically in like star but warfare based attacks. And that takes us up to today, right? And what we're seeing today, of course, we're still seeing a lot of ransom attacks, but we're starting to see a big shift in technology because of this edge computing used case. So we're seeing now things like Swarm networks have talked about before us. So these are not only like we saw in the two thousand's threats that could shift very quickly from network to network talk to each other, right? In terms of worms and so forth. We're also seeing now in intelligence baked in. And that's a key difference in technology because these threats are actually able, just like machine to machine. Communication happens through a pea eye's protocols and so forth threats are able to do this a swell. So they ableto understand their own local environment and how to adapt to that local environment and capitalized on that effort on DH. That's a very, very big shift in terms of technology that we're seeing now the threat landscape. >> So a lot of those old threats were depending upon the action of a human being, right? So in many respects, the creativity was a combination of Can you spook somebody make it interesting so that they'll do something that was always creativity in the actual threat itself. What you're describing today is a world where it's almost like automated risk. We're just as we're trying to do automation to dramatically increase the speed of things, reduce the amount of manual intervention. The bad guy's doing the same thing with the swarms there, introducing technology that is almost an automated attack and reconfigures itself based on whatever environment, conditions of encounters. >> Yeah, and the interesting thing is, what's happening here is we're seeing a reduction in what I call a t t be a time to breach. So if you look at the attack lifecycle, everything does doesn't happen in the blink of an instant it's moving towards that right? But if you look at the good, this's what's to come. I mean, we're seeing a lot of indications of this already. So we work very closely with Miter, the minor attack framework. It describes different steps for the attack life cycle, right? You start with reconnaissance weaponization and how do you penetrator system moving the system? Collect data monetize out as a cyber criminal. So even things like reconnaissance and weaponization. So if you look at fishing campaigns, right, people trying to fish people using social engineering, understanding data points about them that's becoming automated, that you sought to be a human tryingto understand their target, try toe fish them so they could get access to their network. There's tool kits now that will actually do that on their own by learning about data points. So it's scary, yes, but we are seeing indications of that. And and look, the endgame to this is that the attacks were happening much, much quicker. So you've got to be on your game. You have to be that much quicker from the defensive point of view, of course, because otherwise, if successful breach happens, you know we're talking about some of these attacks. They could. They could be successful in matter of seconds or or minutes instead of days or hours like before. You know, we're talking about potentially millions dollars of revenue loss, you know, services. They're being taken out flying intellectual properties being reached. So far, >> though. And this is, you know, I think of health care alone and literally life and death situations. Absolutely. How is Fortinet, with your ecosystem of partners poised to help customers mitigate some of these impending risk changing risk >> coverage? Strengthen numbers. Right. So we have, ah, strong ecosystem, of course, through our public ready program. So that's a technology piece, right? And to end security, how we can integrate how we can use automation to, you know, push security policies instead of having an administrator having to do that. Humans are slow a lot of the time, so you need machine to machine speed. It's our fabric ready program. You know, we have over fifty seven partners there. It's very strong ecosystem. From my side of the House on Threat Intelligence. I had up our global threat alliances, right? So we are working with other security experts around the World Cyberthreat Alliance is a good example. We've created intelligence sharing platforms so that we can share what we call indicators of compromise. So basically, blueprints are fingerprints. You can call them of attacks as they're happening in real time. We can share that world wide on a platform so that we can actually get a heads up from other security vendors of something that we might not see on. We can integrate that into our security fabric in terms of adding new, new, you know, intelligence definitions, security packages and so forth. And that's a very powerful thing. Beyond that, I've also created other alliances with law enforcement. So we're working with Interpol that's attribution Base work right that's going after the source of the problem. Our end game is to make it more expensive for cyber criminals to operate. And so we're doing that through working with Interpol on law enforcement. As an example, we're also working with national computer emergency response, so ripping malicious infrastructure off line, that's all about partnership, right? So that's what I mean strengthen numbers collaboration. It's It's a very powerful thing, something close to my heart that I've been building up over over ten years. And, you know, we're seeing a lot of success and impact from it, I think. >> But some of the, uh if you go back and look at some of the old threats that were very invasive, very problematic moved relatively fast, but they were still somewhat slow. Now we're talking about a new class of threat that happens like that. It suggests that the arrangement of assets but a company like Ford and that requires to respond and provide valued customers has to change. Yes, talk a little about how not just the investment product, but also the investment in four guard labs is evolving. You talked about partnerships, for example, to ensure that you have the right set of resources able to be engaged in the right time and applied to the right place with the right automation. Talk about about that. >> Sure, sure. So because of the criticality of this nature way have to be on point every day. As you said, you mentioned health care. Operational technology is a big thing as well. You know, Phyllis talking about sci fi, a swell right. The cyber physical convergence so way have to be on our game and on point and how do we do that? A couple of things. One we need. People still way. Can't you know Ken was talking about his his speech in Davos at the World Economic Forum with three to four million people shortage in cyber security of professionals There's never going to be enough people. So what we've done strategically is actually repositioned our experts of forty guard labs. We have over two hundred thirty five people in forty guard lab. So as a network security vendor, it's the largest security operation center in the world. But two hundred thirty five people alone are going to be able to battle one hundred billion threat events that we process today. Forty guard lab. So so what we've done, of course, is take up over the last five years. Machine learning, artificial intelligence. We have real practical applications of a I and machine learning. We use a supervised learning set so we actually have our machines learning about threats, and we have our human experts. Instead of tackling the threat's one on one themselves on the front lines, they let them in. The machine learning models do that and their training the machine. Just it's It's like a parent and child relationship. It takes time to learn a CZ machines learn. Over time they started to become more and more accurate. The only way they become more accurate is by our human experts literally being embedded with these machines and training them >> apart for suspended training. But also, there's assortment ation side, right? Yeah, we're increasing. The machines are providing are recognizing something and then providing a range of options. Thie security, professional in particular, doesn't have to go through the process of discovery and forensics to figure out everything. Absolution is presenting that, but also presenting potential remedial remediation options. Are you starting to see that become a regular feature? Absolutely, and especially in concert with your two hundred thirty five experts? >> Yeah, absolutely. And that's that's a necessity. So in my world, that's what I refer to is actionable intelligence, right? There's a lot of data out there. There's a lot of intelligence that the world's becoming data centric right now, but sometimes we don't have too much data. Askew Mons, a CZ analysts administrators so absolutely remediation suggestions and actually enforcement of that is the next step is well, we've already out of some features in in forty six two in our fabric to be able to deal with this. So where I think we're innovating and pioneering in the space, sir, it's it's ah, matter of trust. If you have the machines O R. You know, security technology that's making decisions on its own. You really have to trust that trust doesn't happen overnight. That's why for us, we have been investing in this for over six years now for our machine learning models that we can very accurate. It's been a good success story for us. I think. The other thing going back to your original question. How do we stack up against this? Of course, that whole edge computing use case, right? So we're starting to take that machine learning from the cloud environment also into local environments, right? Because a lot of that data is unique, its local environments and stays there. It stays there, and it has to be processed that such too. So that's another shift in technology as we move towards edge computing machine learning an artificial intelligence is absolutely part of that story, too. >> You mentioned strengthen numbers and we were talking about. You know, the opportunity for Fortinet to help customers really beat successful here. I wanted to go back to forty guard labs for a second because it's a very large numbers. One hundred billion security events. Forty Guard labs ingests and analyzes daily. Really? Yes, that is a differentiator. >> Okay, that that's a huge huge differentiator. So, again, if I look back to when I started in two thousand four, that number would have been about five hundred thousand events today, compared to one hundred billion today. In fact, even just a year ago, we were sitting about seventy five to eighty billion, so that numbers increased twenty billion and say twenty percent right in in just a year. So that's that's going to continue to happen. But it's that absolutely huge number, and it's a huge number because we have very big visibility, right. We have our four hundred thousand customers worldwide. We have built a core intelligence network for almost twenty years now, since for Deena was founded, you know, we we worked together with with customers. So if customers wish to share data about attacks that are happening because attackers are always coming knocking on doors. Uh, we can digest that. We can learn about the attacks. We know you know what weapons that these cybercriminals they're trying to use where the cybercriminals are. We learned more about the cyber criminals, so we're doing a lot of big data processing. I have a date, a science team that's doing this, in fact, and what we do is processes data. We understand the threat, and then we take a multi pronged approach. So we're consuming that data from automation were pushing that out first and foremost to our customers. So that's that automated use case of pushing protection from new threats that we're learning about were contextualizing the threat. So we're creating playbooks, so that playbook is much like football, right? You have to know your your your offense, right? And you have to know how to best understand their tactics. And so we're doing that right. We're mapping these playbooks understanding, tactics, understanding where these guys are, how they operate. We take that to law enforcement. As I was saying earlier as an example, we take that to the Cyber Threat Alliance to tow our other partners. And the more that we learn about this attack surface, the more that we can do in terms of protection as well. But it's it's a huge number. We've had a scale and our data center massively to be able to support this over the years. But we are poised for scale, ability for the future to be able to consume this on our anti. So it's it's, um it's what I said You know the start. It's never a boring day in my office. >> How can it be? But it sounds like, you know, really the potential there to enable customers. Any industry too convert Transport sees for transform Since we talked about digital transformation transformed from being reactive, to being proactive, to eventually predictive and >> cost effective to write, this's another thing without cybersecurity skills gap. You know this. The solution shouldn't be for any given customer to try. Toe have two hundred and thirty people in their security center, right? This is our working relationship where we can do a lot of that proactive automation for them, you know, by the fabric by the all this stuff that we're doing through our investment in efforts on the back end. I think it's really important to and yeah, at the end of the day, the other thing that we're doing with that data is generating human readable reports. So we're actually helping our customers at a high level understand the threat, right? So that they can actually create policies on their end to be able to respond to this right hard in their own security. I deal with things like inside of threats for their, you know, networks. These air all suggestions that we give them based off of our experience. You know, we issue our quarterly threat landscape report as an example, >> come into cubes. Some of your people come in the Cuban >> talk about absolutely so That's one product of that hundred billion events that were processing every day. But like I said, it's a multi pronged approach. We're doing a lot with that data, which, which is a great story. I think >> it is. I wish we had more time. Derek, Thank you so much for coming by. And never a dull moment. Never a dull interview when you're here. We appreciate your time. I can't wait to see what that one hundred billion number is. Next year. A forty nine twenty twenty. >> It will be more. I can get you. >> I sound like a well, Derek. Thank you so much. We appreciate it for Peter Burress. I'm Lisa Martin. You're watching the Cube?
SUMMARY :
Brought to you by important It's great to have you back on the program, so it's always a pleasure to be here. of the threat landscape and where we are today. So these are not only like we saw in the two thousand's threats that could So a lot of those old threats were depending upon the action of a human being, right? And and look, the endgame to this is that the attacks were happening much, And this is, you know, I think of health care alone and literally life and death situations. We've created intelligence sharing platforms so that we can share what we call indicators of compromise. have the right set of resources able to be engaged in the So because of the criticality of this nature way have to be on the process of discovery and forensics to figure out everything. There's a lot of intelligence that the world's becoming data centric right now, You know, the opportunity for Fortinet to help customers So that's that's going to continue to happen. But it sounds like, you know, really the potential there to enable customers. So that they can actually create policies on their end to be able to respond to this right hard in their own Some of your people come in the Cuban talk about absolutely so That's one product of that hundred billion events that were processing Derek, Thank you so much for coming by. I can get you. Thank you so much.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Peter | PERSON | 0.99+ |
Ford | ORGANIZATION | 0.99+ |
Lisa Martin | PERSON | 0.99+ |
Peter Births | PERSON | 0.99+ |
Anna Kournikova | PERSON | 0.99+ |
Ken Kennedy | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
Ken | PERSON | 0.99+ |
Peter Burress | PERSON | 0.99+ |
Orlando, Florida | LOCATION | 0.99+ |
Interpol | ORGANIZATION | 0.99+ |
twenty percent | QUANTITY | 0.99+ |
Next year | DATE | 0.99+ |
fifteen years | QUANTITY | 0.99+ |
World Cyberthreat Alliance | ORGANIZATION | 0.99+ |
twenty billion | QUANTITY | 0.99+ |
Derek Manky | PERSON | 0.99+ |
Seventy percent | QUANTITY | 0.99+ |
millions dollars | QUANTITY | 0.99+ |
one hundred billion | QUANTITY | 0.99+ |
four hundred thousand customers | QUANTITY | 0.99+ |
House on Threat Intelligence | ORGANIZATION | 0.99+ |
three | QUANTITY | 0.99+ |
Phyllis | PERSON | 0.99+ |
Askew Mons | PERSON | 0.99+ |
two hundred thirty five experts | QUANTITY | 0.99+ |
today | DATE | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
about five hundred thousand events | QUANTITY | 0.99+ |
two hundred thirty five people | QUANTITY | 0.99+ |
World Economic Forum | EVENT | 0.99+ |
over fifty seven partners | QUANTITY | 0.98+ |
forty girl | QUANTITY | 0.98+ |
two thousands | QUANTITY | 0.98+ |
one hundred billion | QUANTITY | 0.98+ |
Mickey | PERSON | 0.98+ |
a year ago | DATE | 0.98+ |
one | QUANTITY | 0.98+ |
four million people | QUANTITY | 0.98+ |
eighty billion | QUANTITY | 0.97+ |
two thousand | QUANTITY | 0.97+ |
2019 | DATE | 0.97+ |
about seventy five | QUANTITY | 0.97+ |
over two hundred thirty five people | QUANTITY | 0.97+ |
about eighty percent | QUANTITY | 0.97+ |
over six years | QUANTITY | 0.97+ |
One | QUANTITY | 0.97+ |
Cyber Threat Alliance | ORGANIZATION | 0.96+ |
hundred billion events | QUANTITY | 0.96+ |
One hundred billion security events | QUANTITY | 0.95+ |
forty | QUANTITY | 0.94+ |
a year | QUANTITY | 0.93+ |
one hundred billion threat events | QUANTITY | 0.93+ |
over ten years | QUANTITY | 0.91+ |
forty guards | QUANTITY | 0.91+ |
two hundred and thirty people | QUANTITY | 0.91+ |
Davos | LOCATION | 0.89+ |
over | QUANTITY | 0.89+ |
two thousand four | QUANTITY | 0.88+ |
almost twenty years | QUANTITY | 0.86+ |
forty six two | QUANTITY | 0.85+ |
this morning | DATE | 0.83+ |
guard labs | ORGANIZATION | 0.82+ |
nineteen | QUANTITY | 0.81+ |
guard lab | ORGANIZATION | 0.79+ |
last five years | DATE | 0.79+ |
one product | QUANTITY | 0.77+ |
Forty | QUANTITY | 0.76+ |
Teo | PERSON | 0.71+ |
lab | ORGANIZATION | 0.67+ |
Cube | ORGANIZATION | 0.66+ |
Forty guard | QUANTITY | 0.66+ |
nineteen eighty | DATE | 0.65+ |
forty nine | DATE | 0.64+ |
first | QUANTITY | 0.64+ |
Conficker | TITLE | 0.63+ |
Guard | ORGANIZATION | 0.63+ |
Mauer | PERSON | 0.62+ |
forty nine twenty twenty | DATE | 0.61+ |
Miter | ORGANIZATION | 0.61+ |
second | QUANTITY | 0.6+ |
Joe Donahue, Hal Stern & Derek Seymour | AWS Executive Summit 2018
>> Live from Las Vegas, it's theCUBE! Covering the AWS Accenture Executive Summit. Brought to you by Accenture. >> Welcome back everyone to theCUBE's live coverage of the AWS Executive Summit here in Las Vegas. I'm your host, Rebecca Knight. We have three guests for this segment. We have Joe Donahue, managing director at Accenture. Hal Stern, AVP, IT Engineering Merck Research Labs. And Derek Seymour, Global Partner Leader Industry Verticals at AWS. Thank you so much for coming on theCUBE. >> Thank you! >> So, we're talking today about a new informatics research platform in the pharmaceutical/medical research industry. Will you paint a picture for us right now, Joe, of what it's like today. Sort of what medical research the time frame we're thinking about, the clunkiness of it all. >> Yeah, so it's a great question Rebecca. Drug discovery today generally takes more than a decade, it costs billions of dollars and has a lot of failures in excess of 90%. So it's not an exact science, we're generating more and more data. And at the same time, just our understanding of human disease biology continues to increase. These metrics haven't really changed. If you look back at the last coupe of decades, it's a 10 year plus process and that much money. So we're looking for ways that we can apply technology to really improve the odds of discovering a new drug that could help patients sooner and faster. >> And that will ultimately save lives. So it's a real social problem, a real problem. Why a platform for this? >> I think if you look at basic research, and you talk about basic blood sciences research, the lingua franca there is chemistry and biology. And we still don't really understand all the aspects, all the mechanisms of action that lead to chronic disease or lead to specific disease that we're interested in. So very, very much research is driven by the scientific method. You formulate a hypothesis based on some data, you run an experiment, you collect the data, you analyze it, and you start over again. So your ability to essentially cycle your data through that discovery process is absolutely critical. The problem is that we buy a lot of applications. And the applications were not designed to be able to interchange data freely. There is no platform to the sense of you have one on your phone, or you have one on your server operating system, where things were designed with a fairly small set of standards that say this is how you share data, this is how you represent it, this is how you access it. Instead we have these very top to bottom integrated applications that, quite honestly, they work together through a variety of copy and paste. Sometimes quite literal copy and paste mechanisms. And our goal in producing a platform is we would like to be able to first separate data from the applications to allow it to flow more freely around the cycle, that basic scientific method. Number two, to now start to allow component substitution. So we'll actually start to encourage more innovation in the space, bring in some of the new players. Make it easier to bring in new ideas is there better ways of analyzing the data or better ways of helping shape and formulate and curate those hypothesis. And finally, there's just a lot of parts of this that are fairly common. They're what we call pre competitive. Everybody has to do them. Everybody has to store data, everybody has to get lab instrument information. Everybody has to be able to go capture assay information. It's very hard to do it better than one of your competitors. So we should just all do it the same way. You see this happen in the cable industry, you see this happen at a variety of other industries where there are industry standards for how you accomplish basic commoditized things, and we haven't really had that. So one of the goals is, let's just sit down and find the first things to commoditize and go drive that economic advantage of being able to buy them as opposed to having to go build them bespoke each time. >> So this pre competitive element is really important. Derek, can you talk a little bit about how this platform in particular operates? >> Certainly. Our goal collectively as partners is to help pharma companies and researchers improve their efficiency and effectiveness in the drug discovery process. So the platform that we built brings together content and service and data from the pharma companies in a way that allows them, the researchers, a greater access to share that information. To do analysis, and to spend their time on researching the data and using their science and less on the work of managing an IT environment. So in that way we can both elevate their work and also take away, what we at AWS, call the undifferentiated heavy lifting of managing an IT environment. >> So you're doing the heavy lifting behind the scenes so that the researchers themselves can do what they do, which is focus on the science. So what have we seen so far? What kind of outcomes are we seeing? Particularly because it is in this pre competitive time. >> Well we've just really started, but we're getting a lot of excitement. Merck obviously is our first client, but our intent is that we'll have other pharmaceutical and biotech companies coming on board. And right now we've effectively started to create this two sided marketplace of pharma and biotech companies on one side and the key technology providers and content providers on the other side. We've effectively created that environment where the technology companies can plug in their secret sauce, you know via standardized APIs and micro services, and then the pharmaceutical and biotech companies can leverage those capabilities as part of this industry standard open platform that we're co creating. And so far we've started that process. The results are really encouraging. And the key thing is, you know really two fold. Get the word out there, we're doing that today here. Talking to other pharmaceutical and biotech companies. As well as not only the established technology providers in this space, but also the new comers. 'Cause this type of infrastructure, this type of platform, will enable the new innovative companies, the startup companies, to enter a market that traditionally has been very challenging to get into. Because there's so much data, there's so much legacy infrastructure. We're creating a mechanism that pharmaceutical researchers can take advantage of new technologies faster. For example, the latest algorithms on artificial intelligence and machine learning analyze all of this diverse data that's being generated. >> So that's for the startups, and that's sort of the promise of this kind of platform approach. But what about for a Merck, a established player in this. What kinds of things are you feeling and seeing inside the company? >> You think about this efficient frontier of what does is cost us to run the underlying technology systems that are foundational to our science? And you think about it, there are some things we do which are highly commoditized, we want them to be very efficient. And some things we do, which are very highly specialized, they're highly competitive, and it's okay if they're less efficient. You want to invest your money there. And you really want to invest more in things that are going to drive you a unique competitive advantage. And less in the things that are highly commoditized. The example I use frequently is you could go out and buy a barrel of oil, bring it home, refine it in your backyard, make your own gasoline. It's not recommended. It's messy, it really annoys the neighbors. Especially when it goes wrong. And it's not nearly as cost effective or as convenient as driving over to Exxon Mobil and filling up at the pump. If you're in New Jersey, having someone else even pump it for you. That's kind of the environment we're in right now today where we're refining that barrel of oil for every single application we have. So in doing this, we start to establish the base line of really thinking about refactoring our core applications into those things which can be driven by the economics of the commodity platform and those things which are going to give us unique advantage. We will see things I think, like improved adoption of data standards. We're going to see a lower barrier to entry for new applications, for new ideas. We're also going to see a lower barrier to exit. It'll be easier for us to adopt new ideas. Or to change or to substitute components because they really are built as part of a platform. And you see this, you look at, I would say over time things that have sedimented into AWS. It's been a remarkable story of starting with things that were basically resting our faces on a pausics file system and turned all the sudden into a seamless data base. By sedimenting well defined open source projects, we would like to see some of the same thing happen, where some of the core things we have to go do, entity registration, assay data captured, data management. They should be part of the platform. It's really hard to register an entity better than your competitor. What you do with it, how you describe what you're registering, how you capture intellectual property, how it drives your next invention. Completely bespoke, completely highly competitive. I'm going to keep that. But the underlying mechanics of it, to me it's file system stuff, it's data base stuff. We should leverage the economics of our industry. And again, leverage it as technologist ingredient. It's not the top level brand, chemistry and biology are the top level brand, technology's an ingredient brand we should really use the best ingredients we can. >> When you're hearing this conversation so related to life sciences, medical, bio/pharma research, what are sort of the best practices that have emerged, in terms of the way life sciences approaches its platform, and how it can be applied to other industries? >> What we've seen through the early collaboration with Merck and with Accenture is that bringing together these items in a secure environment, multi talent environment, managed by Accenture, run by AWS. We can put those tools in the hands of the researchers. We can provide them with work flow data analytics capabilities, reporting capabilities, to cover the areas that Hal is talking about so that they can elevate the work that they are doing. Over time, we expect to bring in more components. The application, the platform, will become more feature rich as we add additional third parties. And that's a key element in life science is that the science itself, while it may take place in (mumbles), it's a considerable collaboration across a number of research institutes. Both within the pharma and biotech community. Having this infrastructure in place where those companies and the researchers can come together in a secure manner, we're very proud to be supporting of that. >> So Joe, we started this conversation with you describing the state of medical research today, can you describe what you think it will be in 10 years from now as more pharmaceutical companies adopt this platform approach. And we're talking about the Mercks of the world, but then also those hungry start ups that are also. >> Sure, I think we're starting to see that transition actually happen now. And I think it's the recognition and you start to hear it as you hear some of the pharmaceutical CEO's talking about their business and the transformation. They've always talked about the science. They've always talked about the research. Now they're talking about data and informatics and they're realizing being a pharmaceutical company is not just about the science, it's about the data and you have to be as good and as efficient on the informatics and the IT side as you are on the science side. And that's the transition that we're going through right now. In 10 years, where we all hope we should be, is leveraging modern computing architectures. Existing platform technology to let the organizations focus on what's really important. And that's the science and the data that they generate for the benefit potentially of saving patient's lives in the future. >> So not only focusing on their core competencies, but then also that means that drug discovery will be quicker, that failure rates will go down. >> Even a 10 or 20% improvement in failure rates would be incredibly dramatic to the industry. >> And could save millions of lives. And improve lives and outcomes. Great, well thank you all so much for coming on theCUBE. It's been a really fun and interesting conversation. >> Same here, thank you Rebecca. >> Thank you, thank you. >> Thank you. >> I'm Rebecca Knight, we will have more of the AWS Executive Summit and theCUBE's live coverage coming up in just a little bit. (upbeat music)
SUMMARY :
Brought to you by Accenture. live coverage of the AWS Executive Summit here in Las Vegas. platform in the pharmaceutical/medical research industry. And at the same time, just our understanding And that will ultimately save lives. and find the first things to commoditize and go drive Derek, can you talk a little bit about So the platform that we built brings together so that the researchers themselves can do what they do, And the key thing is, you know really two fold. So that's for the startups, and that's sort of that are going to drive you a unique competitive advantage. is that the science itself, while it may take place So Joe, we started this conversation with you And that's the science and the data So not only focusing on their core competencies, Even a 10 or 20% improvement in failure rates Great, well thank you all so much for coming on theCUBE. of the AWS Executive Summit and theCUBE's live coverage
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Rebecca Knight | PERSON | 0.99+ |
Joe Donahue | PERSON | 0.99+ |
Rebecca | PERSON | 0.99+ |
Derek Seymour | PERSON | 0.99+ |
Exxon Mobil | ORGANIZATION | 0.99+ |
Hal Stern | PERSON | 0.99+ |
Accenture | ORGANIZATION | 0.99+ |
Joe | PERSON | 0.99+ |
AWS | ORGANIZATION | 0.99+ |
10 year | QUANTITY | 0.99+ |
10 | QUANTITY | 0.99+ |
New Jersey | LOCATION | 0.99+ |
Merck | ORGANIZATION | 0.99+ |
20% | QUANTITY | 0.99+ |
Las Vegas | LOCATION | 0.99+ |
Derek | PERSON | 0.99+ |
millions | QUANTITY | 0.99+ |
three guests | QUANTITY | 0.99+ |
billions of dollars | QUANTITY | 0.99+ |
more than a decade | QUANTITY | 0.99+ |
today | DATE | 0.99+ |
one side | QUANTITY | 0.98+ |
first client | QUANTITY | 0.98+ |
Both | QUANTITY | 0.97+ |
10 years | QUANTITY | 0.97+ |
AWS Executive Summit | EVENT | 0.97+ |
first | QUANTITY | 0.97+ |
Hal | PERSON | 0.97+ |
one | QUANTITY | 0.96+ |
two fold | QUANTITY | 0.96+ |
two sided | QUANTITY | 0.96+ |
theCUBE | ORGANIZATION | 0.94+ |
first things | QUANTITY | 0.94+ |
both | QUANTITY | 0.94+ |
each time | QUANTITY | 0.94+ |
Mercks | ORGANIZATION | 0.93+ |
IT Engineering Merck Research Labs | ORGANIZATION | 0.92+ |
AVP | ORGANIZATION | 0.88+ |
AWS Executive Summit 2018 | EVENT | 0.87+ |
Number two | QUANTITY | 0.86+ |
Accenture Executive Summit | EVENT | 0.83+ |
AWS | EVENT | 0.82+ |
one of | QUANTITY | 0.79+ |
90% | QUANTITY | 0.78+ |
Global Partner Leader | ORGANIZATION | 0.71+ |
single application | QUANTITY | 0.69+ |
excess | QUANTITY | 0.63+ |
goals | QUANTITY | 0.51+ |
Derek Manky, Fortinet | CUBEConversation, November 2018
[Music] hi I'm Peter Burris and welcome to another Cube conversation from the cube studios here in beautiful Palo Alto California today we're going to talk about some new things that are happening in the security world obviously this is one of the most important domains within the technology industry and increasingly because of digital business in business overall now to do that we've asked Eric manki to come back Derick is the chief of security insights and global threat alliances at Fort Net Derek welcome back to the cube absolutely the same feel the same way Derek okay so we're going to get into some some predictions about what the bad guys are doing and some predictions about what the defenses are doing how we're going to see them defense opportunities improve but let's set the stage because predictions always are made on some platforms some understanding of where we are and that has also changed pretty dramatically so what's the current state in the overall security world Derek yeah so what we saw this year in 2019 a lot is a big increase on automation and I'm talking from an attackers point of view I think we talked about this a little bit earlier in the year so what we've been seeing is the use of frameworks to enhance sort of the day-to-day cycles that cyber criminals and attackers are using to make their you know criminal operations is that much more efficient sort of a well-oiled machine so we're seeing toolkits that are taking you know things within the attack cycle and attack change such as reconnaissance penetration you know exploitation getting into systems and just making that that much quicker so that that window to attack the time to breach has been shrinking thanks to a lot of these crime kits and services that are offered out there now one other comment on this or another question that I might have on this is that so speed is becoming an issue but also the risk as digital business takes on a larger four portion of overall business activities that ultimately the risks and costs of doing things wrong is also going up if I got the right yeah absolutely for sure and you know it's one of those things that it's the longer that a cybercriminal has a foothold in your system or has the opportunity to move laterally and gain access to other systems maybe it's your I o T or you know other other platforms the higher the risk right like the deeper down they are within an attack cycle the higher the risk and because of these automated toolkits are allowing allowing them to facilitate that it's a catalyst really right they can get into the system they can actually get out that much quicker the risk is a much higher and we're talking about risk we're talking about things like intellectual property exfiltration client information this sort of stuff that can be quite damaging to organizations so with the new foundation of speed is becoming an increasingly important feature probably think about security and the risks are becoming greater because digital assets are being recognized as more valuable why do you take us through some of the four Donets predictions on some of the new threats or the threat landscape how's the threat landscape changing yeah so as I said we've already seen this shift in automation so what I would call the basics I mean knowing the target trying to break into that target right when it comes to breaking into the target cyber criminals right now they're following the path of least resistance right they're finding easy ways that they can get into IOT devices I into other systems in our world when we talk about penetration or breaking into systems it's through zero days right so the idea of a zero day is essentially a cyber weapon there's movies and Hollywood that have been made off of this you look at attacks like Stuxnet in the past they all use zero day vulnerabilities to get into systems all right so the idea of one of the predictions we're seeing is that cyber criminals are gonna start to use artificial intelligence right so we talk about machine learning models and artificial intelligence to actually find these zero days for them so in the world of an attacker to find a zero day they have to do a practice called fuzzing and fuzzing is basically trying to trick up computer code right so you're throwing unverified parameters out at your turn T of throwing and unanticipated sequences into code parameters and and input validation and so forth to the point that the code crashes and that's from an attackers point of view that's when you take control of that code this how you know finding weapons into system cyber weapons in this systems work it typically takes a lot of a lot of resource it takes a lot of cycles it takes a lot of intelligence that takes a lot of time to discovery we can be talking on month for longer it's one of the predictions that we're hitting on is that you know cyber criminals are gonna start to use artificial intelligence fuzzing or AI F as I call it to be able to use AI to do all of that you know intelligent work for them so you know basically having a system that will find these gateways if you will these these you know new vulnerabilities into systems so sustained use of AI F to corrupt models so that they can find vulnerabilities that can then be exploited yeah absolutely and you know when it comes to the world of hacking and fuzzing it's one of the toughest things to do it is the reason that zero days are worth so much money you know they can suffer hundreds of thousands of dollars on darknet and in the cyber criminal you know economy so it's because they're talk talk to finally take a lot of resources a lot of intelligence and a lot of effort to be able to not only find the vulnerability but then actively attack it and exploit it right there's two phases to that yeah so the idea is by using part of the power of artificial intelligence that cyber criminals will start to leverage that and harness it in a bad way to be able to not only discover you know these vulnerabilities but also create that weapon right create the exploit so that they can find more you know more holes if you will or more angles to be able to get into systems now another one is that virtualization is happening in you know what the good guys as we virtualized resources but is it also being exploited or does it have the potential be exploited by the bad guys as well especially in a swarming approach yeah virtualization for sure absolutely so the thing about virtualization too is you often have a lot of virtualization being centralizes especially when we talk about cloud right so you have a lot of potential digital assets you know valuable digital assets that could be physically located in one area so when it comes to using things like artificial intelligence fuzzing not only can it be used to find different vulnerabilities or ways into systems it can also be combined with something like I know we've talked about the const that's warm before so using you know multiple intelligence infected pieces of code that can actually try to break into other virtual resources as well so virtualization asked definitely it because of in some cases close proximity if you will between hypervisors and things like this it's also something of concern for sure now there is a difference between AI fai fuzzing and machine learning talk to us a little bit about some of the trends or some of the predictions that pertain to the advancement of machine learning and how bad guys are going to exploit that sure so machine learning is a core element that is used by artificial intelligence right if you think of artificial intelligence it's a larger term it can be used to do intelligent things but it can only make those decisions based off of a knowledge base right and that's where machine learning comes into place machine learning is it's data it's processing and it's time right so there's various machine learning learning models that are put in place it can be used from everything from autonomous vehicles to speech recognition to certainly cybersecurity and defense that we can talk about but you know the other part that we're talking about in terms of reductions is that it can be used like any tool by the bad guys so the idea is that machine learning can be used to actually study code you know from from a black hat attacker point of view to studying weaknesses in code and that's the idea of artificial intelligence fuzzing is that machine learning is used to find software flaws it finds the weak spots in code and then it actually takes those sweet spots and it starts probing starts trying to attack a crisis you know to make the code crash and then when it actually finds that it can crash the code and that it can try to take advantage of that that's where the artificial intelligence comes in right so the AI engine says hey I learned that this piece of software or this attack target has these weak pieces of code in it that's for the AI model so the I fuzzy comes into place to say how can I actually take advantage how can i exploit this right so that's where the AI trussing comes into play so we've got some predictions about how black hats and bad guys are going to use AI and related technologies to find new vulnerabilities new ways of exploiting things and interacting new types of value out of a business what are the white hats got going for them what are their some of the predictions on some of the new classes of defense that we're going to be able to put to counter some of these new classes of attacks yeah so that's that's you know that's honestly some of the good news I believe you know it's always been an armor an arms race between the bad guys and the good guys that's been going on for decades in terms of cybersecurity often you know the the bad guys are in a favorable position because they can do a million things wrong and they don't care right from the good guys standpoint we can do a million things right one thing wrong and that's an issue so we have to be extra diligent and careful with what we do but with that said you know as an example of 49 we've deployed our forty guard AI right so this is six years in the making six years using machine learning using you know precise models to get higher accuracy low false positives to deploy this at reduction so you know when it comes to the defensive mechanism I really think that we're in the drivers position quite frankly we have better technology than the Wild West that they have out on the bad guys side you know from an organization point of view how do you start combating this sort of onslaught of automation in AI from from the bad guys side well you gotta fight fire with fire right and what I mean by that is you have to have an intelligent security system you know perimeter based firewalls and gateways they don't cut it anymore right you need threat intelligence you need systems that are able to orchestrate and automate together so in different security products and in your security stack or a security fabric that can talk to each other you know share intelligence and then actually automate that so I'm talking about things like creating automated security policies based off of you know threat intelligence finding that a potential threat is trying to get into your network that sort of speed through that integration on the defensive side that intelligence speed is is is the key for it I mean without that any organization is gonna be losing the arms race and I think one of the things that is also happening is we're seeing a greater willingness perhaps not to share data but to share information about the bad things that are happening and I know that fort and it's been something at the vanguard of ensuring that there's even better clearing for this information and then driving that back into code that actually further automates how customers respond to things if I got that right yeah you hit a dead-on absolutely you know that is one of the key things that were focused on is that we realized we can't win this war alone right nobody can on a single point of view so we're doing things like interoperating with security partners we have a fabric ready program as an example we're doing a lot of work in the industry working with as an example Interpol and law enforcement to try to do attribution but though the whole endgame what we're trying to do is to the strategy is to try to make it more expensive for cyber criminals to operate so we obviously do that as a vendor you know through good technology our security fabric I integrated holistic security fabric and approach to be able to make it tougher you know for attackers to get into systems but at the same time you know we're working with law enforcement to find out who these guys are to go after attribution prosecution cut off the head of the snake as I call it right to try to hit cyber criminal organizations where it hurts we're also doing things across vendor in the industry like cyber threat Alliance so you know forty knots a founding member of the cyber threat Alliance we're working with other security vendors to actually share real time information is that speed you know message that we're talking about earlier to share real time information so that each member can take that information and put it into you something actionable right in our case when we get intelligence from other vendors in the cyber threat Alliance as an example we're putting that into our security fabric to protect our customers in new real-time so in sum we're talking about a greater value from being attacked being met with a greater and more cooperative use of technology and process to counter those attacks all right yeah absolutely so open collaboration unified collaboration is is definitely key when it comes to that as well you know the other thing like I said is is it's the is the technology piece you know having integration another thing from the defensive side too which is becoming more of a topic recently is deception deception techniques this is a fascinating area to me right because the idea of deception is the way it sounds instead of to deceive criminals when they're coming knocking on your door into your network so it's really what I call like the the house of a thousand mirrors right so they get into your network and they think they're going to your data store but is it really your data store right it's like it's there's one right target and a thousand wrong targets it's it's a it's a defensive strategy that organizations can play to try to trip up cyber criminals right it makes them slower it makes them more inaccurate it makes them go on the defensive and back to the drawing board which is something absolutely I think we have to do so it's very interesting promising you know technology moving forward in 2019 to essentially fight back against the cyber criminals and to make it more expensive to get access to whatever it is that they want Derek max Lilly yeah Derrick McKey chief of security insights and global threat Alliance this is for net thanks once again for being on the cube it's a pleasure anytime look forward to the next chat and from Peter Burroughs and all of us here at the cube in Palo Alto thank you very much for watching this cube conversation until next time you
**Summary and Sentiment Analysis are not been shown because of improper transcript**
ENTITIES
Entity | Category | Confidence |
---|---|---|
Peter Burris | PERSON | 0.99+ |
Derrick McKey | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
2019 | DATE | 0.99+ |
Derick | PERSON | 0.99+ |
six years | QUANTITY | 0.99+ |
Peter Burroughs | PERSON | 0.99+ |
Palo Alto | LOCATION | 0.99+ |
Eric manki | PERSON | 0.99+ |
November 2018 | DATE | 0.99+ |
each member | QUANTITY | 0.99+ |
Derek max Lilly | PERSON | 0.99+ |
hundreds of thousands of dollars | QUANTITY | 0.99+ |
cyber threat Alliance | ORGANIZATION | 0.98+ |
today | DATE | 0.97+ |
two phases | QUANTITY | 0.97+ |
Palo Alto California | LOCATION | 0.97+ |
cyber threat Alliance | ORGANIZATION | 0.97+ |
zero days | QUANTITY | 0.97+ |
one right target | QUANTITY | 0.97+ |
forty knots | QUANTITY | 0.97+ |
zero days | QUANTITY | 0.97+ |
Hollywood | ORGANIZATION | 0.97+ |
one | QUANTITY | 0.97+ |
Derek | PERSON | 0.97+ |
decades | QUANTITY | 0.96+ |
zero day | QUANTITY | 0.96+ |
zero days | QUANTITY | 0.95+ |
a thousand wrong targets | QUANTITY | 0.95+ |
zero day | QUANTITY | 0.95+ |
a thousand mirrors | QUANTITY | 0.93+ |
single point | QUANTITY | 0.93+ |
Fortinet | ORGANIZATION | 0.9+ |
one area | QUANTITY | 0.88+ |
one thing | QUANTITY | 0.88+ |
one of the key things | QUANTITY | 0.88+ |
a million | QUANTITY | 0.87+ |
one of the predictions | QUANTITY | 0.78+ |
four | QUANTITY | 0.78+ |
49 | QUANTITY | 0.77+ |
Fort Net Derek | ORGANIZATION | 0.76+ |
lot | QUANTITY | 0.75+ |
West | LOCATION | 0.75+ |
forty guard | QUANTITY | 0.73+ |
this year | DATE | 0.72+ |
one of the predictions | QUANTITY | 0.7+ |
million | QUANTITY | 0.7+ |
global threat Alliance | ORGANIZATION | 0.7+ |
one other | QUANTITY | 0.69+ |
one of those | QUANTITY | 0.68+ |
a lot of resource | QUANTITY | 0.68+ |
Donets | ORGANIZATION | 0.59+ |
earlier in the | DATE | 0.59+ |
most important domains | QUANTITY | 0.54+ |
things | QUANTITY | 0.49+ |
resources | QUANTITY | 0.49+ |
Wild | ORGANIZATION | 0.46+ |
Stuxnet | PERSON | 0.45+ |
Interpol | TITLE | 0.45+ |
insights | ORGANIZATION | 0.43+ |
Cube | ORGANIZATION | 0.42+ |
Derek Dicker, Micron | Micron Insight'18
>> Live from San Francisco, it's theCUBE, covering Micron Insight 2018. Brought to you by Micron. >> Welcome back to the Embarcadero everybody here in the heart of San Francisco. Actually at the bay of San Francisco. Golden Gate Bridge is that way, financial district over there, Nob Hill right up the street. You're watching theCUBE, the leader in live tech coverage. I'm Dave Vellante, this is David Floyer, and we're covering the Micron Insight 2018 event. People are starting to filter in. Any minute now we're going to start the keynotes from the executives. A lot of buzz going on, Derek Dicker is here. He's the corporate vice-president and general manager of the storage business unit emerging activity within Micron, great to see you again. >> Thank you very much for having me. It's a pleasure to be here. >> You're very welcome, yeah, so Micron used to be just a straight memory company. We're hearing, we heard at the investor day in May how you guys are diversifying, finding new use cases, new applications, you run the storage business, and of course David Floyer was one of the first, the first, in my opinion, to predict the demise of the hard disk, spinning disk, and it's a tailwind for you guys, but Derek, take us through your business unit, your role, and let's get into it. >> Sure, that sounds great. I appreciate the opportunity again to be here. The storage business unit within Micron is actually comprised across a couple of product areas. Primarily NAND and NAND components, and then also SSDs, solid state drives. As we like to say, and we've talked a bit more about it since Sanjay's arrival, we have a pretty material focus on accelerating what we call high value solutions. It's a big focus of ours, so not only are we developing the core technology in memory and storage, but we're attempting to build more and more products that add value to our customers in the S-System space. But that's generally the storage business focus. Within the company, we have three other business units that focus on compute and networking memory as well as the embedded business unit and then the mobile business unit. >> Talk about some of the big trends that you see, I mean, we've talked about for years, the all-flash data center. We clearly see that in the customers that we work with. Some of the spinning disk guys don't necessarily fully buy into that, but even they have been investing in flash technologies. What are you seeing? >> I tell you, there is no better time, in my opinion, than to be in the memory and storage industry. When you look at what the trends are that are coming out in time. If you go and you stare at how memory and storage has evolved just going back into the 80s or the PC era, a $35 billion average size of the total market. You get into the mobile space, when mobile era started with smart phones, we were looking at a $62 billion-ish, and then in '17 we cleared $120 billion in size of the market, and we actually see a lot of secular trends that are going to continue to take us forward. A couple of things that are particularly noteworthy for us. The first one is the emergence of artificial intelligence, and machine learning, and deep learning. We're going to hear quite a bit about it here at the event. But in terms of a value driver for the consumption of both memory, DRAM, as well as storage, we see it going phenomenally up in content in every server that's purchased out in time. That's one, I think with the evolution of 5G out in time, we're also going to see that smart phone devices are going to end up having more memory to add features like facial recognition we see today, becoming mainstream, multiple cameras, that drives more DRAM content, but then also on top of that, storage is increasing. We're seeing, even today, a terabyte being put into some of the high-end phones, and we know that that's going to waterfall out in time. So I think if you look at this combination of what's happening both in the devices, you look at what's happening in the infrastructure, then you couple that with the processing that needs to happen, it's just an awesome time to be affiliated with memory and storage. >> Yeah, well, I've been following this LAN marketplace for the last, almost 10 years isn't it? More than that. And it's just broken through completely in the last two or three years. What are your thoughts about pushing compute closer and closer to that memory, adding to, for example, the SSDs, the capability of doing smart work? It's very very close to where the data is originally going to be placed? >> It's a great area of quite a bit of R&D work that's going on right now, and I actually think I view this as kind of two stages. One is there's the proliferation of solid state, as you suggested, it's been coming over time. I actually see it increasing dramatically as we look forward, and one of the key technologies that I think is going to enable that is QLC. The fact that we're now at a point where we're putting four bits per cell into devices, SSDs are starting to show up, I think that just creates even more opportunity. And I'll talk a little bit about that in just a minute, but I want to answer your direct question as to how that's changing with AnIML. But I think the ability, once solid state is prolific, to be able to architect systems where you can actually have processing take place closer to the media is a very interesting area. It's right with a ton of research going on right now. People are just starting to implement it. I think there's quite a bit of potential sitting behind it. You know, our focus, of course, is we're deploying, and as quickly as we can, on two vectors. One is, how do we proliferate more solid state into the market as an industry, and the second is how do we add value when we build those solid state drives, so I think it's definitely very viable. >> Let's talk about the significance of QLC. David, your forecasts early on were very aggressive in terms of pricing declines for flash. We kind of, maybe got caught off, a little bit surprised by the-- >> I think we were caught off by the demand. >> Well the demand, but also the supply constraints kept prices up. >> Yeah. >> Okay so, it didn't actually happen as fast. How does QLC change that, Derek, and what's the significance of it? >> Well, the thing that I think is most exciting for us as Micron is we actually ended up delivering the world's first QLC device. It put a terabit of data on a single die, which was unprecedented, but then in addition to that, what we did was we actually built a solid state drive called the 5210 ION. This is a standard drive. It's the worlds first SSD built on the technology, and by being able to develop a solution early on, it allowed us to go engage with customers and find where the right workloads were where we could add the most value. QLC technology actually is perfectly aligned for super read intensive, very read intensive environments, and if you look at what's happening in the data center, we're actually seeing more and more workloads move into more read intensive workloads, and a good chunk of that is just because there's analytics going on. The data's being collected. It's being housed in on place, but as we've talked about quite a bit here at the event, we want to be able to deliver insight out of that data, which means we're going to be reading it quite a bit, and massaging it, and performing analytics on it. And what we're now seeing is what, in the days of the past, was a four to one read to write ratio, we're seeing as high as 5,000 to one and in some cases a million to one. So we get these heavily read intensive workloads coupled with the technology that's optimized for it. It's more power efficient than what rotating media solutions offer in certain workloads, we're starting to see these tremendous values coming out of these early engagements that we're having with customers. >> And does that have implications for longevity, or do you just make an assumption that the read/write ratio is still going to be more write intensive in terms of wear leveling and things like that? How does it change the reliability, if you will, of the technology? >> Actually the beauty is, we're able to deliver an enterprise class SSD with these read/write capabilities that are affiliated with these read intensive solutions, and we can fit within the workloads and the needs that people are talking about. So the drive writes per day that are required in a machine learning infrastructure, we believe we can address with QLC. Same thing with Hadoop style clusters and Ceph clusters. We've actually, as we've gone out and engaged each of our earlier customers, we're able to crank out reference architecture documents that we're now posting to our websites, and we're describing how we can actually leverage this technology to allow us to, in some cases, we'll better optimize where an SSD was used before. But in many, many cases we're actually in the process of displacing hard disk drives. >> So what are the limits of this QLC? How many more bits can we add? How many more layers can we add? >> So, it's actually a great question, David. In terms of what does a roadmap look like. I've been asked in the recent several hours, what the longevity for NAND looks like. And what I'll tell you is this, QLC NAND is just getting its start. What comes after that in terms of bits per cell, I don't think anybody's made any broad claims on. But from a layer stacking perspective, which is kind of the dimension upon which the industry is growing, for the foreseeable future, we see nothing that encumbers us from going substantially higher and higher layer count. Which I think is going to be great for our industry because it's going to allow us to deliver more bits in a given device, and hopefully, that'll allow us to get into markets that, historically, we haven't been able to approach. If you think about the demand elasticity dynamic that occur when we start to bring more and more costs down, the number of applications open up, not unlike the machine learning workloads I just mentioned or Hadoop workloads. We're starting to see more and more thirst and interest for replacing with solid state, just because it's more power efficient, allows for a cost structure that's better, and gives better performance too. >> I'm fond of saying that data's plentiful, insights aren't. You guys are a $30 billion company now. You're making some interesting announcements today that we're going to hear about a little later on that I won't divulge right now, but you're putting your hands in a lot of different places. When you're that size of a company, you can't help but, as you mentioned before, adding more value, becoming more of a systems focus. How do you help the industry go from just raw data to insights? What's your role in that? >> Oh, it's a phenomenal question and this is a major focus of the company. Not just in our business unit, but across all of the different business units in the company. We have a huge focus on sitting down with our customers and getting closer and closer to understanding what their workload needs are, where their paying points are, and then working with them to find solutions, and the beautiful part about it is, as Micron, we're the only company in the world that can combine together a 3D XPoint set of technologies, a NAND set of technologies, a DRAM set of technologies. We go sit down and talk about these challenges with those in mind, plus the emerging memories that we're developing to go develop better and better solutions. But after we're able to come to a solution, we put together a reference architecture, and we deploy it broadly. >> We've been trying to squint through 3D Xpoint and understand the right fit. It seems to us that one of the big advantages of flash was it had the, had this behind it. (laughs) It had the consumer volumes, thank you Steve Jobs. It's unclear whether or not 3D Xpoint will have that, maybe have the same, sort of, cost advantages, but the same time, it sounds like there's new and emerging applications. Like I said, we're trying to figure out. Have you guys figured out yet? You're obviously betting big on the technology. Help us understand where the fit is. >> Sure, I think, you know, if I look back in time, just at the storage hierarchy alone, I don't think the memory hierarchy's any different. You have these portions of the market where you build out hard disk drives, and we had DRAM before, and SSDs came along, and people started asking, not unlike several years back when we talked about the early parts. Hey, how big is this going to get? Cost structures may be prohibitive. But as innovation unfurled, the more time and investment got placed into it, we found new workloads, new use cases we were able to drive costs out, and we ended up slotting in solid state drives squarely. I think this is another tier of memory and storage. That's the beauty of the 3D XP technology. There's both memory semantics and storage semantics that are available for use. I think we're still scratching the surface on the early days, but I love what we're seeing from the customer base that we're engaging and targeting in this space. >> And people will pay up for that performance capability relative to flash. They'll pay down relative to DRAM. Is it, are you seeing a gradience for like the hyperscalers, for example, or is it, maybe the industrial internet? Where are you seeing the. >> It's fair, actually I think, you know, it's probably reasonable to say that, you know, the challenges of inserting a new memory tier into a system requires new programming algorithms, new APIs and interface. There's a lot of ecosystem that needs to be there, as well as, not to mention, you've got to have an ecosystem to go put memory products into a server, for instance, or any other platform. I think we're still early days of enabling all of this. And I also believe we're going to learn more and more where the value of this sits as we put it out there in a cost effective fashion. So I would say that people who control software environments are very, very well suited for this because they can take advantage of some of those challenges without having to have a whole ecosystem in place. I think there's going to be a continued ramp in acceleration as an industry we go build out that ecosystem. >> Well it's been amazing to watch Micron the last several years, I mean, the last several decades. When you were just a pure memory manufacturer which was diversified, you know, gorilla in this space. (laughs) You guys are really an extremely well run company. I mean, your financials have born that out. You're really transparent to the street providing great guidance and congratulations on all of the success. I'm looking forward to watching in the future. >> Oh thank you so much. It's a privilege to be part of the company, and I really appreciate your time today. >> Our pleasure, thanks for coming on theCUBE. All right, keep it right there everybody. We'll be back with our next guest right after this short break. You're watching theCUBE from Micron Insight 2018. (upbeat techno music)
SUMMARY :
Brought to you by Micron. here in the heart of San Francisco. It's a pleasure to be here. the first, in my opinion, to predict the demise I appreciate the opportunity again to be here. We clearly see that in the customers that we work with. that are going to continue to take us forward. in the last two or three years. and the second is how do we add value Let's talk about the significance of QLC. Well the demand, but also the supply and what's the significance of it? and in some cases a million to one. Actually the beauty is, we're able to deliver Which I think is going to be great for our industry that we're going to hear about a little later on and the beautiful part about it is, as Micron, It had the consumer volumes, thank you Steve Jobs. from the customer base that we're engaging for that performance capability relative to flash. There's a lot of ecosystem that needs to be there, on all of the success. It's a privilege to be part of the company, We'll be back with our next guest
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
David Floyer | PERSON | 0.99+ |
Dave Vellante | PERSON | 0.99+ |
Derek Dicker | PERSON | 0.99+ |
David | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
Micron | ORGANIZATION | 0.99+ |
Steve Jobs | PERSON | 0.99+ |
San Francisco | LOCATION | 0.99+ |
$62 billion | QUANTITY | 0.99+ |
$120 billion | QUANTITY | 0.99+ |
$35 billion | QUANTITY | 0.99+ |
5,000 | QUANTITY | 0.99+ |
first | QUANTITY | 0.99+ |
Golden Gate Bridge | LOCATION | 0.99+ |
two vectors | QUANTITY | 0.99+ |
$30 billion | QUANTITY | 0.99+ |
Nob Hill | LOCATION | 0.99+ |
second | QUANTITY | 0.99+ |
one | QUANTITY | 0.99+ |
both | QUANTITY | 0.98+ |
Micron Insight 2018 | EVENT | 0.98+ |
today | DATE | 0.98+ |
One | QUANTITY | 0.98+ |
Sanjay | PERSON | 0.98+ |
a million | QUANTITY | 0.98+ |
80s | DATE | 0.98+ |
'17 | DATE | 0.97+ |
four | QUANTITY | 0.97+ |
first one | QUANTITY | 0.97+ |
5210 ION | COMMERCIAL_ITEM | 0.97+ |
three | QUANTITY | 0.95+ |
2018 | DATE | 0.94+ |
each | QUANTITY | 0.94+ |
almost 10 years | QUANTITY | 0.93+ |
single die | QUANTITY | 0.93+ |
May | DATE | 0.93+ |
Micron Insight | ORGANIZATION | 0.87+ |
three years | QUANTITY | 0.87+ |
first QLC | QUANTITY | 0.87+ |
last several decades | DATE | 0.85+ |
four bits | QUANTITY | 0.8+ |
Xpoint | TITLE | 0.8+ |
last several years | DATE | 0.76+ |
two stages | QUANTITY | 0.75+ |
NAND | ORGANIZATION | 0.73+ |
first SSD | QUANTITY | 0.7+ |
years | QUANTITY | 0.64+ |
Micron Insight'18 | ORGANIZATION | 0.62+ |
Embarcadero | LOCATION | 0.62+ |
two | QUANTITY | 0.61+ |
AnIML | TITLE | 0.57+ |
terabit of data | QUANTITY | 0.56+ |
last | DATE | 0.52+ |
Micron | TITLE | 0.52+ |
theCUBE | ORGANIZATION | 0.51+ |
a minute | QUANTITY | 0.51+ |
5G | QUANTITY | 0.49+ |
XP | OTHER | 0.49+ |
3D | OTHER | 0.45+ |
years | DATE | 0.44+ |
3D | QUANTITY | 0.39+ |
Michael Allison & Derek Williams, State of Louisiana | Nutanix .NEXT 2018
>> Announcer: Live from New Orleans, Louisiana. It's theCUBE, covering .NEXT conference 2018, brought to you by Nutanix. >> Welcome back, we're here in New Orleans in the state of Louisiana, and to help Keith Townsend and myself, Stu Miniman, wrap up we're glad to have one more customer. We have the great state of Louisiana here with us, we have Michael Allison, who's the Chief Technology Officer. We also have Derek Williams, who's the Director of Data Center Operations. Gentleman, thanks so much for joining us. >> Thank you. >> Thanks for having us. >> All right, so I think we all know what the state of Louisiana is, hopefully most people can find it on a map, it's a nice easy shape to remember from my kids and the like. But, Michael, why don't we start with you? Talk to us first about kind of the purview of your group, your organization, and some of the kind of biggest challenges you've been facing in recent times. Sure, we are part of the Office of Technology Services, which is a consolidated IT organization for the state of Louisiana. We were organized about four years ago. Actually four years ago this July. And that brought in the 16 Federated IT groups into one large organization. And we have the purview of the executive branch, which includes those typical agencies like Children and Family Services, Motor Vehicles, Public Safety, Health and Hospitals, Labor, etc. >> And Derek, you've got the data center operations, so give us a little bit of a scope. We heard how many organizations in there, but what do you all have to get your arms around? >> Sure, so we had, you know, there's often a joke that we make that if they've ever made it we own one of each. So we had a little bit of every type of technology. So what we've really been getting our arms around is trying to standardize technologies, get a standard stack going, an enterprise level thing. And really what we're trying to do is become a service provider to those customers where we have standard lines of service and set enterprise level platforms that we migrate everybody onto. So do you actually have your own data centers? Your own hosting facilities? What's kind of the real estate look like? >> Absolutely, so we have, the state has two primary data centers that we utilize, and then we also use a number of cloud services as well as some third-party providers for offsite services. >> So obviously just like every other state in the union, you guys have plenty of money. >> Always. >> Way too many employees and just no challenges. Let's talk about what are the challenges? You know, coming together, bringing that many organizations together, there's challenges right off the bat. What are some of the challenges as you guys look to provide services to the great people of Louisiana? >> Well as Derek kind of eluded to, technology debt is deep. We have services that are aging at about 40 years old, that are our tier one services. And they were built in silos many, many years ago. So being able to do the application or actualization, being able to identify those services, then when we actually shift to the cultural side, actually bringing 16 different IT organizations into one, having all those individuals now work together instead of apart. And not in silos. That was probably one of the biggest challenges that we had over the last few years is really breaking down those cultural barriers and really coming together as one organization. >> Yeah I totally agree with that. The cultural aspect has been the biggest piece for us. Really getting in there and saying, you know a lot of small and medium size IT shops could get away without necessarily having the proper governance, structures in place, and a lot of people wore a lot of hats. So now we're about 800 strong in the Office of Technology Services, and that means people are very aligned to what they do operationally. And so that's been a big shift and kind of that cultural shift has really been where we've had to focus on to make that align properly to the business needs. >> Mike, what was the reason that led you down the path towards Nutanix? Maybe set us up with a little bit of the problem statement? We heard some of the heterogeneous nature and standardization which seems to fit into a theme we've heard lots of times with Nutanix. But was there a specific use case or what led you towards that path? Well, about four years ago the Department of Health and Hospitals really had a case where they needed to modernize their Medicaid services, eligibility and enrollment. CMS really challenged them to build an infrastructure that was in line with their MIDAS standards. There was modular, COTS, configuration over customization. Federal government no longer wants to build monolithic systems that don't integrate and are just big silos. So what we did was we gravitated to that project. We went to CMS and said, hey why don't we take what you're asking us to build and build it in a way that we can expand throughout the enterprise to not only affect the Department of Health but also Children of Family Services, and be able to expand it to Department of Corrections, etc. That was our use case, and having an anchor tenent with the Department of Health that has a partner with CMS really became the lynch pin in this journey. That was our first real big win. >> Okay how did you hear first about Nutanix? Was there a bake off you went through? >> It was, yes, very similar. It was the RP process took a year or so and we were actually going down the road of procuring some V blocks, and right before the Christmas vacations our Deputy CIO says hey, why don't you go look to see if there's other solutions that are out there? Challenge Derek, myself, and some others to really expand the horizons. Say, if we're going to kind of do this greenfield, what else is out there? And right before he got on his Christmas cruise he dropped that on our lap and about a month later we were going down the Dell Nutanix route. And to be honest it was very contentious, and it actually took a call from Michael Dell who I sent to voicemail twice before I realized who it was, but you know, those are the kind of decisions and the buy in from Dell executives that really allowed us to comfortably make this decision and move forward. >> So technology doesn't exactly move fast in any government because, you know, people process technology and especially in the government, people and process, as you guys have deployed Nutanix throughout your environment, what are some of the wins and what are some of the challenges? >> That's a funny point because we talk about this a lot. The fact that our choice was really between something like VBlock, which was an established player that had been for a long time, and something a little more bleeding edge. And part of the hesitancy to move to something like Nutanix was the idea that hey, we have a lot of restricted data, CJIS, HIPAA, all those kind of things across the board, RS1075 comes into play, and there was hesitancy to move to something new, but one of the things that we said exactly was we are not as agile as private sector. The procurement process, all the things that we have to do, put us a little further out. So it did come into play that when we look at that timeline the stuff that's bleeding edge now, by the time we have it out there in production it's probably going to be mainstream. So we had to hedge our bets a little. And you know, we really had to do our homework. Nutanix was, you know, kind of head and shoulders above a lot of what we looked at, and I had resiliency to it at first, so credit to the Deputy CIO, he made the right call, we came around on it, it's been awesome ever since you know, one of the driving things for us too was getting out there and really looking at the business case and talking to the customers. One of the huge things we kept hearing over and over was the HA aspect of it. You know, we need the high availability, we need the high availability. The other interesting thing that we have from the cost perspective is we are a cost recovery agency now that we're consolidated. So what you use you get charged for, you get a bill every month just like a commercial provider. You know, use this many servers, this much storage, you get that invoice for it. So we needed a way that we could have an environment that's scaled kind of at a linear cost that we could just kind of add these nodes to without having to go buy a new environment and have this huge kind of CAPX expenditure. And so at the end of the day it lived up to the hype and we went with Nutanix and we haven't regretted it, so. >> How are the vendors doing overall, helping you move to that really OP-X model, you said, love to hear what you're doing with cloud overall. Nutanix is talking about it. Dell's obviously talking about that. How are the vendors doing in general? And we'd love to hear specifically Dell Nutanix. >> We've had the luxury of having exceptionally good business partners. The example I'd like to give is, about four months into this project we realized that we were treated Nutanix as a traditional three-tier architecture. We were sending a lot of traffic more south. When we did the analysis we asked the question, a little cattywampus, it was how do we straighten this out? And so we posed a question on a Tuesday about how do we fix this, how do we drive the network back into the fabric? By Thursday we were on a phone call with VMWare. By the following Monday we had two engineers on site with a local partner with NSX Ninja. And we spent the next two months, with about different iterations of how to re-engineer the solution and really look at the full software-defined data center, not just software-defined storage and compute. It is really how do we then evolve this entire solution building upon Nutanix and then layering upon on top of that the VMWare solutions that kind of took us to that next level. >> Yeah and I think the key term in there is business partner. You know, it sounds a little corny to say, but we don't look at them as just vendors anymore. When we choose a technology or direction or an architecture, that is the direction we go for the entire state for that consolidated IT model. So, we don't just need a vendor. We need someone that has a vested interest in seeing us succeed with the technology, and that's what we've gotten out of Nutanix, out of Dell, and they've been willing to, you know, if there's an issue, they put the experts on site, it's not just we'll get some people on a call. They're going to be there next week, we're going to work with you guys and make it work. And it's been absolutely key in making this whole thing go. >> And as a CTO one of the challenges that we have is, as Derek has executed his cloud vision, is how do we take that and use it as an enabler, an accelerant to how we look at our service design, service architecture, how do we cloud optimize this? So as we're talking about CICD and all these little buzzwords that are out there, is how can we use this infrastructure to be that platform that kind of drives that from kind of a grass root, foundation up, whereas sometimes it's more of a pop down approach, we're taking somewhat of an opposite. And now we're in that position where we can now answer the question of now what, what do we do with it now? >> So sounds like you guys are a mixed VMWare, Nutanix hardware, I mean software, Dell hardware shop, foundation you've built the software-defined data center foundation, something that we've looked at for the past 10 years in IT to try and achieve, which is a precursor, or the foundation, to cloud. Nutanix has made a lot of cloud announcements. How does Nutanix's cloud announcements, your partnership with Dell match with what you guys plan when it comes to cloud? >> That's a perfect lead in for us. So you're absolutely right. We have had an active thought in our head that we need to move toward SDDC, software-defined data center is what we wanted to be at. Now that we've achieved it the next step for us is to say hey, whether it's an AWS or whomever, an Azure type thing, they are essentially an SDDC as well. How do we move workloads seamlessly up and down in a secure fashion? So the way we architected things in our SDDC, we have a lot of customers. We can't have lateral movement. So everything's microsegmentation across the board. What we've been pursuing is a way to move VM workloads essentially seamlessly up to the cloud and back down and have those microsegmentation rules follow whether it goes up or back down. That's kind of the zen state for us. It's been an interesting conference for us, because we've seen some competitors to that model. Some of the things Nutanix is rolling out, we're going to have to go back and take a very serious look at on that roadmap to see how it plays out. But, suddenly multicloud, if we can get to that state we don't care what cloud it's in. We don't have to learn separate stacks for different providers. That is a huge gap for us right now. We have highly available environment between two data centers where we run two setups active active that are load balanced. So the piece we're missing now is really an offsite DR that has that complete integration. So the idea that we could see a hurricane out in the golf, and 36, 48 hours away, and know that we might be having some issues. Being able to shift workloads up to the cloud, that's perfect for us. And you know, then cost comes into play. All that kind of stuff that we might have savings, economy of scale, all plays in perfectly for us. So we are super excited about where that's going and some of the technologies coming up are going to be things we're going to be evaluating very carefully over the next year. >> At the end of the day it's all about our constituents. We have to take data, turn it into information that they can consume at the pace that they want to. Whether it be traditional compute in a desktop or mobile or anywhere in between. It was our job to make sure that these services are available and usable when they need it, especially in the time of a disaster or just in day-to-day life. So that's the challenge that we have when delivering services to our citizens and constituents. >> All right, well Mike and Derek, really appreciate you sharing us the journey you've been on, how you're helping the citizens here in the great state of Louisiana. For Keith Townsend, I'm Stu Miniman. Thanks so much for watching our program. It's been a great two days here. Be sure to check out theCUBE.net for all of our programming. Thanks Nutanix and the whole crew here, and thank you for watching theCUBE. >> Thank you.
SUMMARY :
brought to you by Nutanix. We have the great state of Louisiana here with us, And we have the purview of the executive branch, but what do you all have to get your arms around? Sure, so we had, you know, there's often a joke and then we also use a number of cloud services So obviously just like every other state in the union, What are some of the challenges as you guys that we had over the last few years and kind of that cultural shift has really been and build it in a way that we can expand and we were actually going down the road of The procurement process, all the things that we have to do, How are the vendors doing overall, By the following Monday we had two engineers on site or an architecture, that is the direction we go And as a CTO one of the challenges that we have is, So sounds like you guys are a mixed VMWare, So the idea that we could see a hurricane out in the golf, So that's the challenge that we have Thanks Nutanix and the whole crew here,
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Mike | PERSON | 0.99+ |
Keith Townsend | PERSON | 0.99+ |
Derek Williams | PERSON | 0.99+ |
Stu Miniman | PERSON | 0.99+ |
Michael Allison | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
Michael | PERSON | 0.99+ |
Office of Technology Services | ORGANIZATION | 0.99+ |
Nutanix | ORGANIZATION | 0.99+ |
Louisiana | LOCATION | 0.99+ |
New Orleans | LOCATION | 0.99+ |
Dell | ORGANIZATION | 0.99+ |
Department of Health | ORGANIZATION | 0.99+ |
Thursday | DATE | 0.99+ |
AWS | ORGANIZATION | 0.99+ |
two days | QUANTITY | 0.99+ |
first | QUANTITY | 0.99+ |
two engineers | QUANTITY | 0.99+ |
New Orleans, Louisiana | LOCATION | 0.99+ |
Department of Corrections | ORGANIZATION | 0.99+ |
36, 48 hours | QUANTITY | 0.99+ |
two data centers | QUANTITY | 0.99+ |
Tuesday | DATE | 0.99+ |
next week | DATE | 0.99+ |
one | QUANTITY | 0.99+ |
two setups | QUANTITY | 0.99+ |
Michael Dell | PERSON | 0.99+ |
two primary data centers | QUANTITY | 0.99+ |
twice | QUANTITY | 0.98+ |
a year | QUANTITY | 0.98+ |
VMWare | TITLE | 0.98+ |
next year | DATE | 0.97+ |
Children of Family Services | ORGANIZATION | 0.97+ |
three-tier | QUANTITY | 0.97+ |
Christmas | EVENT | 0.96+ |
about a month later | DATE | 0.96+ |
Gentleman | PERSON | 0.96+ |
about four months | QUANTITY | 0.96+ |
Children and Family Services | ORGANIZATION | 0.96+ |
16 Federated IT groups | QUANTITY | 0.95+ |
about 40 years old | QUANTITY | 0.95+ |
NSX Ninja | ORGANIZATION | 0.94+ |
one organization | QUANTITY | 0.94+ |
four years ago | DATE | 0.94+ |
16 different IT organizations | QUANTITY | 0.94+ |
Department of Health and Hospitals | ORGANIZATION | 0.93+ |
2018 | DATE | 0.93+ |
about four years ago | DATE | 0.91+ |
One | QUANTITY | 0.9+ |
four years ago this July | DATE | 0.89+ |
one large organization | QUANTITY | 0.89+ |
each | QUANTITY | 0.87+ |
Data Center | ORGANIZATION | 0.87+ |
many years ago | DATE | 0.85+ |
Public Safety | ORGANIZATION | 0.85+ |
VBlock | TITLE | 0.85+ |
Nutanix | COMMERCIAL_ITEM | 0.79+ |
HIPAA | TITLE | 0.79+ |
about 800 strong | QUANTITY | 0.78+ |
Derek Manky, Fortinet | RSA North America 2018
>> Narrator: From downtown San Francisco it's the Cube covering RSA North America 2018. >> Hey, welcome back, everybody, Jeff Frick here at the Cube. We're at RSA's security conference, about 40,000 plus. I don't know, I got to get the number. The place is packed, it's a mob scene. Really excited to be here and joined by Derek Manky We saw Derek last year from Fortinet. Great to get an update, Derek, what do you think of the show this year? >> It's getting big for sure, as I said. That's an understatement. >> I know. >> This is my tenth year coming to RSA now, yeah. >> It's your tenth? >> And just to see how it's changed over 10 years is phenomenal. >> Alright. So, one of the things you want to talk about that you probably weren't talking about 10 years are swarms of bots. >> Yeah. >> What the heck is going on with swarms of bots? >> There's been a lot of changes on that front too, so the bad guys are clever, of course, right? If we look at 10 years ago, there was a lot of code, you know, crime kits, crime services that were being created for infrastructure. That led up to some more, you know, getting affiliates programs, kind of, business middle men to distribute crime. So, that drove a lot of the numbers up, but, literally, in the last three quarters, if we look at hacking activity, the number has doubled from FortiGuard labs. It's gone from 1.1 million to 2.2 to 4.4 million just over the last three quarters. So, we're looking at a exponential rise to attacks. The reason that's happening is because automation >> Right. >> And artificial intelligence is starting to be put into black cat code, and so the swarm concept, if you think of bees or ants in nature, what do they do? They work together, it's strength in numbers from a black cat's point of view. >> Right, right. >> They work together to achieve a common goal. So, it's intent based attacks, and that's what we're starting to see as precursors as some code, right? These IoT bot nets, we're actually seeing nodes within the bot net that can communicate to each other, say, "Hey, guys, I found this other target in the network. "Let's go launch a DDOS attack "or let's all try to take different "bits of file information from those targets." So, it's that swarm mentality where it takes the attacker more and more out of the loop. That means that the attack surge is also increasing in speed and becoming more agile too. >> So, the bad news, right, is the bad guys have all the same tools that the good guys have in terms of artificial intelligence, machine learning, automation, software to find and they don't have a lot of rules that they're supposed to follow as well. So, it kind of puts you in a tougher situation. >> Yeah, we're always in a tough situation for sure. You know, I would say, for sure, that when it comes to the tools, a lot of the tools are out there, they custom develop some tools. I would have to say on the technology side when it comes to security members especially collaborating together and the amount of infrastructure that we have set up, I think we have a foot up on the attackers there, we're at an advantage, but you're absolutely right, when it comes to rules, there are no rules when it comes to the black cat attackers and we have to be very careful of that, how we proceed, of course, right. >> And that's really the idea behind the alliance, right, so, that you guys are sharing information. >> Yeah. >> So, you're sharing best practices, you're picking up patterns. So, everybody's not out there all by themselves. >> Absolutely, it's strength in numbers concept on our end too. So, we look at Cyber Threat Alliance, Fortinet being out founding member working with all other leading security vendors in this space is how we can team up against the bad guys, share actionable intelligence, deploy that into our security controls which makes it a very effective solution, right. By teaming up, stacking up our security, it makes it much more expensive for cyber criminals to operate. >> Right, that's good. >> Yeah. >> That's a good thing. >> Yeah, yes. >> And then, what about kind of this integration of the knock and the sock? >> Yeah. >> Because security's so much more important for all aspects of the business, right? It's not layered on, it's not stand alone. It's really got to be integrated into the software, into the process and the operations. >> Absolutely, so, the good news is, if you look at things like we're doing with the security fabric, a lot of it is how do we integrate, how do we bring technology and intelligence down to the end user so that they don't have to do day-to-day mundane tasks, right? Talking about the swarm networks, what's happening on the black cats' side, attackers are gettin' much quicker so defense solutions have to be just as quick if not faster, and so that's what the knock sock integration is about, right, how we can take network's security visibility, put it into things like our FortiAnalyzer manager sim appliances, right, be able to bring those solutions so, again, to when it comes to a knock and sock operation, how do you bring visibility into threats? How do you respond to those threats? More importantly, how do you also have automated security defense, so agile defense, put up? >> Right. >> We talk about concepts like agile macrosegmentation, right? That's something we're doing with Fortinet, how we can look at attacks and actively lock down attacks as they're happening is a really concept, right? >> So, really, just to isolate 'em within kind of where they've caused the harm, keep 'em there until you can handle 'em and not let 'em just go bananas all over the orientation. >> Yeah, yeah, so you can think of it as, like, an active quarantine. We've also launched our threat intelligence services. So, this is bringing the why. There's a lot of intelligence out there. There's a lot of logs. We have, now,, threat intelligence services that we bring to security operation centers to show them here are the threats happening on your network. Here is why it is a threat. Here's the capabilities of the threat and here's how you respond to it. So, it helps from a CSOL perspective prioritized response on the incident response model to threats as well. >> Alright, well, Derek, we've got to let it go there. We are at a super crazy time crunch. >> I know. >> We'll get you back into the studio and have a little bit more time when it's not so crazy. >> Okay, I appreciate it. >> Alright, he's Derek Manky, I'm Jeff Frick. You're watching the Cube from RSA 2018, thanks for watchin'. (soft electronic beat)
SUMMARY :
Narrator: From downtown San Francisco it's the Cube I don't know, I got to get the number. It's getting big for sure, as I said. to RSA now, yeah. And just to see how it's changed So, one of the things you want to talk about that you So, that drove a lot of the numbers up, and so the swarm concept, if you think it takes the attacker more and more out of the loop. So, the bad news, right, is the bad guys the amount of infrastructure that we have set up, And that's really the idea behind the alliance, right, So, everybody's not out there all by themselves. So, we look at Cyber Threat Alliance, for all aspects of the business, right? So, really, just to isolate 'em within kind of on the incident response model to threats as well. We are at a super crazy We'll get you back into the studio Alright, he's Derek Manky, I'm Jeff Frick.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Jeff Frick | PERSON | 0.99+ |
Derek | PERSON | 0.99+ |
Derek Manky | PERSON | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
tenth year | QUANTITY | 0.99+ |
1.1 million | QUANTITY | 0.99+ |
tenth | QUANTITY | 0.99+ |
Cyber Threat Alliance | ORGANIZATION | 0.99+ |
last year | DATE | 0.99+ |
4.4 million | QUANTITY | 0.99+ |
FortiGuard | ORGANIZATION | 0.99+ |
this year | DATE | 0.99+ |
10 years ago | DATE | 0.97+ |
2.2 | QUANTITY | 0.97+ |
over 10 years | QUANTITY | 0.96+ |
RSA | ORGANIZATION | 0.94+ |
2018 | DATE | 0.93+ |
about 40,000 plus | QUANTITY | 0.91+ |
one | QUANTITY | 0.9+ |
agile | TITLE | 0.88+ |
10 years | QUANTITY | 0.8+ |
San Francisco | LOCATION | 0.79+ |
CSOL | ORGANIZATION | 0.77+ |
RSA | TITLE | 0.73+ |
FortiAnalyzer | TITLE | 0.69+ |
Cube | TITLE | 0.67+ |
last three quarters | DATE | 0.62+ |
North | LOCATION | 0.59+ |
Cube | ORGANIZATION | 0.58+ |
numbers | QUANTITY | 0.51+ |
RSA North | TITLE | 0.48+ |
America | ORGANIZATION | 0.41+ |
America | LOCATION | 0.29+ |
Derek Kerton, Autotech Council | Autotech Council 2018
>> Announcer: From Milpitas, California, at the edge of Silicon Valley, it's The Cube. Covering autonomous vehicles. Brought to you by Western Digital. >> Hey, welcome back everybody, Jeff Frick here with the Cube. We're at Western Digital in Milpitas, California at the Auto Tech Council, Autonomous vehicle meetup, get-together, I'm exactly sure. There's 300 people, they get together every year around a lot of topics. Today is all about autonomous vehicles, and really, this whole ecosystem of startups and large companies trying to solve, as I was just corrected, not the thousands of problems but the millions and billions of problems that are going to have to be solved to really get autonomous vehicles to their ultimate destination, which is, what we're all hoping for, is just going to save a lot of lives, and that's really serious business. We're excited to have the guy that's kind of running the whole thing, Derek Curtain. He's the chairman of the Auto Tech Council. Derek, saw you last year, great to be back, thanks for having us. >> Well, thanks for having me back here to chat. >> So, what's really changed in the last year, kind of contextually, since we were here before? I think last year it was just about, like, mapping for autonomous vehicles. >> Yes. >> Which is an amazing little subset. >> There's been a tremendous amount of change in one year. One thing I can say right off the top that's critically important is, we've had fatalities. And that really shifts the conversation and refocuses everybody on the issue of safety. So, there's real vehicles out there driving real miles and we've had some problems crop up that the industry now has to re-double down in their efforts and really focus on stopping those, and reducing those. What's been really amazing about those fatalities is, everybody in the industry anticipated, 'oh' when somebody dies from these cars, there's going to be the governments, the people, there's going to be a backlash with pitchforks, and they'll throw the breaks on the whole effort. And so we're kind of hoping nobody goes out there and trips up to mess it up for the whole industry because we believe, as a whole, this'll actually bring safety to the market. But a few missteps can create a backlash. What's surprising is, we've had those fatalities, there's absolutely some issues revealed there that are critically important to address. But the backlash hasn't happened, so that's been a very interesting social aspect for the industry to try and digest and say, 'wow, we're pretty lucky.' and 'Why did that happen?' and 'Great!' to a certain extent. >> And, obviously, horrible for the poor people that passed away, but a little bit of a silver lining is that these are giant data collection machines. And so the ability to go back after the fact, to do a postmortem, you know, we've all seen the video of the poor gal going across the street in the dark and they got the data off the one, 101 87. So luckily, you know, we can learn from it, we can see what happened and try to move forward. >> Yeah, it is, obviously, a learning moment, which is absolutely not worth the price we pay. So, essentially, these learning moments have to happen without the human fatalities and the human cost. They have to happen in software and simulations in a variety of ways that don't put people in the public at risk. People outside the vehicle, who haven't even chosen to adopt those risks. So it's a terrible cost and one too high to pay. And that's the sad reality of the whole situation. On the other hand, if you want to say silver lining, well, there is no fatalities in a silver lining but the upside about a fatality in the self-driving world is that in the human world we're used to, when somebody crashes a car they learn a valuable lesson, and maybe the people around them learned a valuable lesson. 'I'm going to be more careful, I'm not going to have that drink.' When an autonomous car gets involved in any kind of an accident, a tremendous number of cars learn the lesson. So it's a fleet learning and that lesson is not just shared among one car, it might be all Teslas or all Ubers. But something this serious and this magnitude, those lessons are shared throughout the industry. And so this extremely terrible event is something that actually will drive an improvement in performance throughout the industry. >> That's a really good, that's a super good point. Because it is not a good thing. But again, it's nice that we can at least see the video, we could call kind of make our judgment, we could see what the real conditions were, and it was a tough situation. What's striking to me, and it came up in one of the other keynotes is, on one hand is this whole trust issue of autonomous vehicles and Uber's a great example. Would you trust an autonomous vehicle? Or will you trust some guy you don't know to drive your daughter to the prom? I mean, it's a really interesting question. But now we're seeing, at least in the Tesla cases that have been highlighted, people are all in. They got a 100% trust. >> A little too much trust. >> They think level five, we're not even close to level five and they're reading or, you know, doing all sorts of interesting things in the car rather than using it as a driver assist technology. >> What you see there is that there's a wide range of customers, a wide range users and some of them are cautious, some of them will avoid the technology completely and some of them will abuse it and be over confident in the technology. In the case of Tesla, they've been able to point out in almost every one of their accidents where their autopilot is involved, they've been able to go through the logs and they've been able to exonerate themselves and say, 'listen, this was customer misbehavior. Not our problem. This was customer misbehavior.' And I'm a big fan, so I go, 'great!' They're right. But the problem is after a certain point, it doesn't matter who's fault it is if your tool can be used in a bad way that causes fatalities to the person in the car and, once again, to people outside the car who are innocent bystanders in this, if your car is a tool in that, you have reconsider the design of that tool and you have to reconsider how you can make this idiot proof or fail safe. And whether you can exonerate yourself by saying, 'the driver was doing something bad, the pedestrian was doing something bad,' is largely irrelevant. People should be able to make mistakes and the systems need to correct those mistakes. >> But, not to make excuses, but it's just ridiculous that people think they're driving a level five car. It's like, oh my goodness! Really. >> Yeah when growing up there was that story or the joke of somebody that had cruise control in the R.V. so they went in the back to fry up some bacon. And it was a running joke when I was a kid but you see now that people with level two autonomous cars are kind of taking that joke a little too far and making it real and we're not ready for that. >> They're not ready. One thing that did strike that is here today that Patty talked about, Patty Rob from Intel, is just with the lane detection and the forward-looking, what's the technical term? >> There's forward-looking radar for braking. >> For braking, the forward-looking radar. And the crazy high positive impact on fatalities just those two technologies are having today. >> Yeah and you see the Insurance Institute for Highway Safety and the entire insurance industry, is willing to lower your rates if you have some of these technologies built into your car because these forward-looking radars and lidars that are able to apply brakes in emergency situations, not only can they completely avoid an accident and save the insurer a lot of money and the driver's life and limb, but even if they don't prevent the accident, if they apply a brake where a human driver might not have or they put the break on one second before you, it could have a tremendous affect on the velocity of the impact and since the energy that's imparted in a collision is a function of the square of the velocity, if you have a small reduction of velocity, you could have a measurable impact on the energy that's delivered in that collision. And so just making it a little slower can really deliver a lot of safety improvements. >> Right, so want to give you a chance to give a little plug in terms of, kind of, what the Auto Tech Council does. 'Cause I think what's great with the automotive industry right, is clearly, you know, is born in the U.S. and in Detroit and obviously Japan and Europe those are big automotive presences. But there's so much innovation here and we're seeing them all set up these kind of innovation centers here in the Bay area, where there's Volkswagen or Ford and the list goes on and on. How is the, kind of, your mission of bringing those two worlds together? Working, what are some of the big hurdles you still have to go over? Any surprises, either positive or negative as this race towards autonomous vehicles seems to be just rolling down the track? >> Yeah, I think, you know, Silicone Valley historically a source of great innovation for technologies. And what's happened is that the technologies that Silicone Valley is famous for inventing, cloud-based technology and network technology, processing, artificial intelligence, which is machine learning, this all Silicone Valley stuff. Not to say that it isn't done anywhere else in the world, but we're really strong in it. And, historically, those may not have been important to a car maker in Detroit. And say, 'well that's great, but we had to worry about our transmission, and make these ratios better. And it's a softer transmission shift is what we're working on right now.' Well that era is still with us but they've layered on this extremely important software-based and technology-based innovation that now is extremely important. The car makers are looking at self-driving technologies, you know, the evolution of aid as technologies as extremely disruptive to their world. They're going to need to adopt like other competitors will. It'll shift the way people buy cars, the number of cars they buy and the way those cars are used. So they don't want to be laggards. No car maker in the world wants to come late to that party. So they want to either be extremely fast followers or be the leaders in this space. So to that they feel like well, 'we need to get a shoulder to shoulder with a lot of these innovation companies. Some of them are pre-existing, so you mentioned Patti Smith from Intel. Okay we want to get side by side with Intel who's based here in Silicone Valley. The ones that are just startups, you know? Outside I see a car right now from a company called Iris, they make driver monitoring software that monitors the state of the driver. This stuff's pretty important if your car is trading off control between the automated system and the driver, you need to know what the driver's state is. So that's startup is here in Silicone Valley, they want to be side by side and interacting with startups like that all the time. So as a result, the car companies, as you said, set up here in Silicone Valley. And we've basically formed a club around them and said, 'listen, that's great! We're going to be a club where the innovators can come and show their stuff and the car makers can come and kind of shop those wares. >> It's such crazy times because the innovation is on so many axis for this thing. Somebody used in the keynote care, or Case. So they're connected, they're autonomous, so the operation of them is changing, the ownership now, they're all shared, that's all changing. And then the propulsion in the motors are all going to electric and hybrid, that's all changing. So all of those factors are kind of flipping at the same time. >> Yeah, we just had a panel today and the subject was the changes in supply chain that Case is essentially going to bring. We said autonomy but electrification is a big part of that as well. And we have these historic supply chains that have been very, you know, everyone's going as far GM now, so GM will have these premier suppliers that give them their parts. Brake stores, motors that drive up and down the windows and stuff, and engine parts and such. And they stick year after year with the same suppliers 'cause they have good relationships and reliability and they meet their standards, their factories are co-located in the right places. But because of this Case notion and these new kinds of cars, new range of suppliers are coming into play. So that's great, we have suppliers for our piston rods, for example. Hey, they built a factory outside Detroit and in Lancing real near where we are. But we don't want piston rods anymore we want electric motors. We need rare earth magnets to put in our electric motors and that's a whole new range of suppliers. That supply either motors or the rare earth magnets or different kind of, you know, a switch that can transmit right amperage from your battery to your motor. So new suppliers but one of the things that panel turned up that was really interesting is, specifically, was, it's not just suppliers in these kind of brick and mortar, or mechanical spaces that car makers usually had. It's increasing the partners and suppliers in the technology space. So cloud, we need a cloud vendor or we got to build the cloud data center ourselves. We need a processing partner to sell us powerful processors. We can't use these small dedicated chips anymore, we need to have a central computer. So you see companies like Invidia and Intel going, 'oh, that's an opportunity for us we're keen to provide.' >> Right, exciting times. It looks like you're in the right place at the right time. >> It is exciting. >> Alright Derek, we got to leave it there. Congratulations, again, on another event and inserting yourself in a very disruptive and opportunistic filled industry. >> Yup, thanks a lot. >> He's Derek, I'm Jeff, you're watching The Cube from Western Digital Auto Tech Council event in Milpitas, California. Thanks for watching and see you next time. (electronic music)
SUMMARY :
Brought to you by Western Digital. that are going to have to be solved to really get kind of contextually, since we were here before? that the industry now has to re-double down And so the ability to go back after the fact, is that in the human world we're used to, But again, it's nice that we can at least see the video, to level five and they're reading or, you know, and the systems need to correct those mistakes. But, not to make excuses, but it's just ridiculous or the joke of somebody that had cruise control in the R.V. that Patty talked about, Patty Rob from Intel, And the crazy high positive impact on fatalities and save the insurer a lot of money and the list goes on and on. and the car makers can come and kind of shop those wares. so the operation of them is changing, and suppliers in the technology space. It looks like you're in the right place at the right time. and inserting yourself in a very disruptive Thanks for watching and see you next time.
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Derek | PERSON | 0.99+ |
Ford | ORGANIZATION | 0.99+ |
Jeff | PERSON | 0.99+ |
Jeff Frick | PERSON | 0.99+ |
Western Digital | ORGANIZATION | 0.99+ |
Volkswagen | ORGANIZATION | 0.99+ |
Uber | ORGANIZATION | 0.99+ |
Derek Curtain | PERSON | 0.99+ |
Japan | LOCATION | 0.99+ |
Derek Kerton | PERSON | 0.99+ |
Invidia | ORGANIZATION | 0.99+ |
Detroit | LOCATION | 0.99+ |
Patty | PERSON | 0.99+ |
Europe | LOCATION | 0.99+ |
U.S. | LOCATION | 0.99+ |
Auto Tech Council | ORGANIZATION | 0.99+ |
last year | DATE | 0.99+ |
Insurance Institute for Highway Safety | ORGANIZATION | 0.99+ |
Patti Smith | PERSON | 0.99+ |
100% | QUANTITY | 0.99+ |
millions | QUANTITY | 0.99+ |
Tesla | ORGANIZATION | 0.99+ |
Silicone Valley | LOCATION | 0.99+ |
Silicon Valley | LOCATION | 0.99+ |
Intel | ORGANIZATION | 0.99+ |
Patty Rob | PERSON | 0.99+ |
Autotech Council | ORGANIZATION | 0.99+ |
GM | ORGANIZATION | 0.99+ |
one car | QUANTITY | 0.99+ |
300 people | QUANTITY | 0.99+ |
Milpitas, California | LOCATION | 0.99+ |
one second | QUANTITY | 0.99+ |
two technologies | QUANTITY | 0.99+ |
today | DATE | 0.99+ |
101 87 | OTHER | 0.99+ |
The Cube | TITLE | 0.99+ |
Lancing | LOCATION | 0.98+ |
Today | DATE | 0.98+ |
Iris | ORGANIZATION | 0.98+ |
one | QUANTITY | 0.98+ |
two worlds | QUANTITY | 0.98+ |
one year | QUANTITY | 0.98+ |
Ubers | ORGANIZATION | 0.97+ |
Teslas | ORGANIZATION | 0.96+ |
thousands of problems | QUANTITY | 0.94+ |
One thing | QUANTITY | 0.93+ |
level five | QUANTITY | 0.93+ |
Bay | LOCATION | 0.93+ |
billions of problems | QUANTITY | 0.91+ |
Case | ORGANIZATION | 0.82+ |
Autotech Council 2018 | EVENT | 0.82+ |
level two | QUANTITY | 0.79+ |
Cube | ORGANIZATION | 0.77+ |
Digital Auto Tech Council | EVENT | 0.74+ |
level five car | QUANTITY | 0.65+ |
every one | QUANTITY | 0.59+ |
Western | ORGANIZATION | 0.53+ |
things | QUANTITY | 0.51+ |
Cube | COMMERCIAL_ITEM | 0.34+ |
Derek Manky, Fortinet | Fortinet Accelerate 2018
(upbeat techno music) >> Narrator: Live from Las Vegas, it's The Cube, covering Fortinet Accelerate '18, brought to you by Fortinet. >> Welcome back to The Cube's continuing coverage live from Fortinet Accelerate 2018. I'm Lisa Martin with The Cube, along with my co-host Peter Burris, and we're very excited to welcome a Cube alumni back to The Cube, Derek Manky, the global security strategist from Fortinet - welcome back! >> Derek: Thank you, it's always good to be here. We have great conversations. >> Lisa: We do. We're happy that you think that. So, lots of news coming out today. But, I want to kind of start with, maybe a top-down approach, the theme of the event: strength in numbers. >> Derek: Yes. >> Lisa: As a marketer I'm like, "What are they going to share?" And of course, Ken and a lot of your peers shared a lot of interesting statistics. From your standpoint - what you're doing with FortiGuard Labs, strength in numbers, help us understand that from the technology standpoint. What does that mean to you? >> Derek: Sure, sure. So, there's a couple aspects to that. First of all, I've always been a firm advocate that we can never win the war on cybercrime alone. We have to be able to collaborate; collaboration is a key aspect. The attack surface today now, just from if you look at the complexity of attacks, the attack surface is massive today. And it's going to continue to expand. I mean, 15 years ago, we're just dealing with you know, threats that would operate on IRC channels or something, you know, some websites, and just some spam attacks. Now, we have to deal with that in addition to this growing attack surface, right? Specifically, with IOMT - the Internet of Medical Things, OT, as well. You have within that OT umbrella, obviously, things like the connected vehicles and all of these different things, which I know you've seen here, also, at Accelerate. So, when we look at that attack surface, you need security in all aspects - end-to-end, right? And so, from a security architecture perspective, strength in numbers is important to have that whole coverage of the attack surface, right? That's not complex and easy to manage. At the same time, being able to inter-operate: that's another strength. You know, the more a structure is bonded or glued together, the more resilient it's going to become. That's the exact concept of the fabric, right? The more that we can inter-weave the fabric and connect the different nodes together and share intelligence, that becomes a much, much stronger structure. So, to me, the strength in numbers means collaboration, information flow, and also end-to-end coverage between the security solutions. >> Peter: But it also means, you know, the growing ecosystem; the need for additional expertise, greater specialization in people. Talk a little bit about how, from a strategy standpoint, Fortinet is helping prepare people for different types of inclusion, different types of participation; what it means to be great, in a security way. >> Derek: Yeah, absolutely. I think there's very (mumbles) We're taking a multi-pronged approach to that. If you look at things like our NSC training program - it's the largest in the industry - so, training other experts through our partners. Growing, doing that knowledge transfer in expertise onto new features, like we're doing here at Accelerate, is critically important. So, that's one aspect when you look at the ecosystem. When you look at something for FortiGuard, as an example, what we're doing. We have, traditionally, you know, we've trained up a very large team; we have 215 security experts at FortiGuard, which is, for a network security organization one of the largest in the world, if not the largest. >> Peter: And FortiGuard is a practical and active think tank, right? >> Derek: Absolutely, yeah. It's many things, it's reactive protection, it's proactive protection, it's - now we've just launched the FortiGuard AI, as well; artificial intelligence, machine learning, that's all the threat intelligence aspect. So, it's threat detection and response. Again, if you look at technology, when we started just with antivirus and intrusion prevention and things like this, it was very signature-based and reactive. We went from signature-based detections to anomaly-based detections. Now, the third generation of this is machine learning and deep learning And going back to your question: we don't ever want to replace humans - because humans are very important in this ecosystem - rather, repurpose them, right? So, what we're doing, as an example, is when we, you know, train our analysts. Instead of having them do day to day tasks like some signature creation or something like this, we can actually have AI systems replace that to identify a threat, respond to it, and then repurpose those humans for something more strategic, you know, looking at the context, "How bad is this threat?" "Why is it a threat?" "How do we respond to it?" "How do we work with partners and customers?" We've launched our threat intelligence service, as well. This is a good example of something we've used internally within FortiGuard to protect customers. Now, we're offering this as a service to customers for security operation centers. We also have our Forti analyzer product and incident response framework. These are all key components that we're empowering organizations to be able to respond those threats. But, again, strength in numbers, it's this ecosystem working together. So, fabric-ready partners is another good example of that strength in numbers, I think, too. >> Peter: Well, I remember the first time I walked into a knock and found the security person and their eyes were literally bleeding. (Derek chuckles) And it's nice to have AI be able to take that kind of a load off, to be looking at some of these challenges, some of these anomalies, things previously we expected people to be able to uncover. >> Derek: Yeah, and (mumbles) when we talk about AI, to me, it's a trust exercise, as well. When you talk about machine learning, it's an accuracy problem, right? "How accurate can the machines really be?" When we pass the torch, as I say, to the machines to be able to take on those day to day jobs, we have to be able to trust it, saying, "You're doing a good job and you're accurate." So, we're using supervised learning, right, where we have our human experts actually training the machines - that's a good use for them, instead of just doing the same cycles day to day, you know, as an example. That's another way that we're scaling out that way. I think it's absolutely required in today's day and age. If you look at the numbers, it's an exponential curve right now. Last year, one year ago today, on average we're seeing about a million hacking attempts in just a minute across the entire globe, right? Now, we're seeing that number up over four million. So, it's increased four-fold in just a year, and that's just going to continue to rise. So, having that automated defense and AI machine learning; machine learning's just a learning aspect; the AI is the actionable part - how we can take that intelligence and put that into the fabric so that the customer doesn't have to do that themselves. I mean, the customer doesn't always have to be involved in the security aspect of that, and that's how we start reducing on the complexity, too. >> Lisa: You mentioned a couple terms that I wanted to pivot on: proactive/reactive. One of the biggest challenges that we hear from the C-suite in this perspective is visibility, complexity, but also high TCO reactivity. Where is Fortinet enabling, when you talk to customers, that shift, that successful shift from reactive to proactive? >> Derek: Right, yeah. Good question, very good question. I think - just parallels - I mean, they're both always going to have to exist, that's just their nature. I mean, if you keep walking across, you know, it's like Frogger - if you keep walking across a busy highway, you're going to get hit eventually, 'cause there's that much traffic, that much attacks coming, right? So, again, the incident response angle - using detection systems and, you know, threat reporting, and this intelligence service to be able to, you know, alert on what sort of attacks are happening and how to prioritize that is one way on the reactive end. On the proactive end: consulting. We have a team of consulting engineers and specifically, ones on FortiGuard, so threat experts that are able to actually analyze. So, we have programs, like CTAP, as a cyberthreat assessment program that is able to able to go into these new networks as a free service and do assessments. So, audits and assessments on the state of security on that network - end-to-end, right? So, we're talking even up to the distributed enterprise level. It's very, very important because we're in a day and age of information overload, especially if you talk to, you know, most CSOs (chief security officer) I talk to, they say "Derek, I got so much traffic being thrown at me; I have all these security logs that are letting up - how do I prioritize and respond to that?" So, if you can understand who your enemy is - what they're up to, then you can start building an appropriate security strategy around that, as opposed to just building checkboxes and, you know, building a fort and thinking you're protected against everything. That's a very important part. And, of course, there's proactive security technologies: anomaly-based, you know, things like sandbox detection that we've already integrated into the fabric ecosystem. But, visibility is key first; know your enemy, understand it, then build up a stack around that. >> Peter: So you're a strategist? >> Derek: Yes. >> Peter: What's the difference between a security strategist and a strategist - a business strategist? And, specifically, how is security strategy starting to find its way into business strategy? >> Derek: Really good question. So, it's becoming blended, right, because security is a vital part of business today. So, if you look at some attacks that even happened last year, there's targeted attacks that are starting to go after big businesses; critical revenue streams and services, because these are high payouts, right? And so, you know, if you look at building a business, you have to identify what are your digital assets: that can include services, intellectual property, and what would happen if that service was, you know, if there was a denial-of-service attack on that? How much lead or revenue loss are you going to have versus the cost of implementing, you know, an adequate security structure around that? So, you know, security's a board-level discussion right now, right? And so, when I think you look at building up these businesses, security should be, by design, from the top down - let's start it there. >> Peter: But, is it finding its way, and we've asked this question a couple times - at least I have - is it finding its way into "Hey, my balance sheet is a source of competitive advantage; my sales force is a source of competitive advantage." Is your security capabilities a source of competitive advantage in a digital business? >> Derek: I would say absolutely, yeah. It's starting to find its way in there. If you look at regions like Australia, you know, they just implemented a mandatory breach disclosure, right, so then, any business that is earning, I think it's like over two million dollars in revenue, needs to, you know, have a certain security posture in place and be able to respond to that. And that's trust and brand recognition. So, because, having, you know, cases like this, building trust with your provider, especially if we talk about, you know, cloud services; I'm putting my data into your hands and trust. How well do you trust that? Of course, if there's good reputation and a powerful security solution, you know customers are going to feel safer doing that. It's like, are you going to, you know, put your gold in Fort Knox or are you going to put it, you know, bury it in your backyard? There's a definite relationship happening there. >> Lisa: I read (hesitates) I didn't read this report, but I saw it the other day that in 2017, a kind of cybercrime report that said by 2021, which isn't that far away, that the global impact will be six trillion dollars in cybercrime. >> Derek: Yeah. >> How do you see the public sector, the private sector working together to help mitigate that, where that cybercrime is concerned and the costs that are so varied and large. >> Derek: Yeah, it's not just cybercrime, either. It's cyberterrorism, these other aspects, especially if you're talking about public sector, if you're talking about critical infrastructure and also with, you know, energy sector and operational technology and all of these things, too. So, you know, it becomes very important for doing a collaboration in alliances - that's something that's actually close to my heart. You know, at FortiNet and FortiGuard, we've formed several strategic partnerships in alliance with public sector, mostly, you know, national computer emergency response, because we feel that we have a lot of intelligence. We're very good at what we do, you know, we can protect customers; detecting threats. But, if there's an attack happening on a national level, you know, we should be able to empower - to be able to work together to combat the threat. It's the same thing even with cybercrime, right? So, as an example, we work with law enforcement, as well with cybercrime, trying to find threat actors in the adversary; cybercriminals are running their own business, and the more expensive you can make it for them to operate, it slows down their operations. >> Peter: A COGS approach to competition. >> Derek: Yeah. (chuckles) Yeah, yeah. And, you know, they're always going to find the path of least resistance, right? That's the whole idea of security, strategy too, is, we call it the "attack chain," right, this layered security - that's the strength in numbers theme again, right; end-to-end security that makes the whole security chain stronger 'cause of that bond and that makes it more expensive for the cybercriminals to operate, too. So, as an example, like I said, national CERT, law enforcement; we're even teaming up in the private sector - a cyberthreat alliance, as well, that's been a very successful project; Fortinet's a founding member, I'm on the steering committee of the cyberthreat alliance. >> Peter: It was Ken's brainchild, wasn't it? >> Derek: Yeah, yep, yeah. And so, you know, we're competitors in the industry but we're actually - it's a friendly environment when we meet and it's actionable intelligence that's being shared. Again, it comes down to how well you can implement that technology, or that (hesitates) information in your technology - that's an important part. >> Lisa: So, here we are at Accelerate 2018 the - I think Ken was saying the 16th year of this event. What are you looking forward to in 2018 for Fortinet, looking at the strength of the partners - those behind us. What's exciting you about the opportunities that Fortinet has in 2018? >> Derek: It's never a boring day. (laughs) There's a lot of interesting opportunities to work with. I think it's - what's exciting to me is the vibe. People are very keen on this, right? If you look at our fabric-ready program, it's growing quite significantly and I think it's fantastic, there's a lot of people, you know, that are energized and willing to work in these programs. There's a lot of programs we can build at, specifically, FortiGuard, as well. Like I said, these threat intelligence services that we're offering to our partners now, which include, you know, proactive alerts, early warning systems. That empowerment and, you know, working together definitely excites me - there's a lot of opportunities there. And there's going to be a lot of, you know, challenges to overcome. If we look at the threat landscape right now, you know, one thing I'm talking about is swarm bots. It's this swarm intelligence - there's parallels here again; we talk about strength in numbers and what we're doing on our side. The bad guys are also teaming up and doing strength in numbers on their side, too. So, we're looking at on the horizon threats like this that are using, leveraging, their own learning mechanisms, being able to self-adapt to be much quicker to attack systems, right, because that's on the horizon - we're already seeing indications of that; we have to get this right. I think for the first time in the industry, you know, we're doing this right. You know, if you look at years past, cybercriminals, they can do a million things wrong and they don't care, right? So, we need to be able to overcome more hurdles. If we work together, which we're doing right now; I think for the first time, we have the opportunity to have an advantage over the cybercriminals, too. So, that's also exciting. >> Lisa: Definitely. We've heard a lot of, I think, conversation today along the spirit of collaboration, compatibility. So, that sentiment, I think, was well represented from your peers that we've spoken with today. >> Derek: Yeah. Everybody has a part to play, I think, right? And that's the thing - you mentioned the word "ecosystem" and that's exactly what it is, right? And that's another brilliant thing we're finding is that everybody brings some strength to the table, so that's another aspect, and I think people, you know, are realizing that organizations are realizing that they can actually play in these collaborations. >> Peter: It's not a zero sum game. >> Derek: No. >> Peter: It's not. I mean, there's so much diversity and so much opportunity and this digital transformation going to have touched so many different corners in so many different ways. >> Derek: Yeah. >> At this point in time, it's "How fast can we all work together to take advantage of the opportunities?" and not "Eh, I want that piece and I want that piece." because then the whole thing won't grow as fast. >> Derek: Yeah, and, you know, the other challenges - the technology challenge, and that's something we are addressing as well. Like, we're actually creating a solution to this - a framework, as we did with the cyberthreat alliance, but also with the fabric program, as well, so having those tools is very important, I think, as well, to help grow that ecosystem, right? >> Lisa: Exciting stuff, Derek. Thanks so much for joining us on The Cube and sharing some of the things that you're working on, and, it sounds, like you said earlier, never a dull moment; every day is a busy day. >> Derek: Absolutely not. Yeah, there's a long road ahead and I think there always will be. But, like I said, it's a lot of exciting times and it's good to see progress in the industry. >> Lisa: Absolutely. Well, thanks for your time. We look forward to our chat next year and to see what happens then. >> Derek: Okay, thank you so much! >> Lisa: Absolutely. We want to thank you for watching The Cube's continuing coverage of Fortinet Accelerate 2018. For Peter Burris, I'm Lisa Martin, and we'll be right back after a short break. (subtle electronic song)
SUMMARY :
Fortinet Accelerate '18, brought to you by Fortinet. to welcome a Cube alumni back to Derek: Thank you, it's always good to be here. We're happy that you think that. What does that mean to you? At the same time, being able to Peter: But it also means, you know, the So, that's one aspect when you look at the ecosystem. when we, you know, train our analysts. that kind of a load off, to be looking at day to day, you know, as an example. One of the biggest challenges that we hear and this intelligence service to be able to, you know, So, you know, security's a board-level discussion I have - is it finding its way into if we talk about, you know, cloud services; I'm a kind of cybercrime report that said by 2021, that cybercrime is concerned and the So, you know, it becomes very important for for the cybercriminals to operate, too. Again, it comes down to how well you can implement What are you looking forward to in 2018 for Fortinet, And there's going to be a lot of, you know, So, that sentiment, I think, was well represented And that's the thing - you mentioned the word a zero sum game. and so much opportunity and this of the opportunities?" Derek: Yeah, and, you know, the other and sharing some of the things that you're and it's good to see progress in the industry. and to see what happens then. We want to thank you for watching The Cube's
SENTIMENT ANALYSIS :
ENTITIES
Entity | Category | Confidence |
---|---|---|
Derek | PERSON | 0.99+ |
Peter Burris | PERSON | 0.99+ |
Peter | PERSON | 0.99+ |
Ken | PERSON | 0.99+ |
Lisa Martin | PERSON | 0.99+ |
2018 | DATE | 0.99+ |
Lisa | PERSON | 0.99+ |
Fortinet | ORGANIZATION | 0.99+ |
FortiNet | ORGANIZATION | 0.99+ |
FortiGuard | ORGANIZATION | 0.99+ |
Derek Manky | PERSON | 0.99+ |
Last year | DATE | 0.99+ |
2021 | DATE | 0.99+ |
2017 | DATE | 0.99+ |
FortiGuard Labs | ORGANIZATION | 0.99+ |
last year | DATE | 0.99+ |
next year | DATE | 0.99+ |
Accelerate | ORGANIZATION | 0.99+ |
six trillion dollars | QUANTITY | 0.99+ |
Cube | ORGANIZATION | 0.99+ |
third generation | QUANTITY | 0.99+ |
Australia | LOCATION | 0.99+ |
Fort Knox | LOCATION | 0.99+ |
16th year | QUANTITY | 0.99+ |
first time | QUANTITY | 0.98+ |
15 years ago | DATE | 0.98+ |
215 security experts | QUANTITY | 0.98+ |
One | QUANTITY | 0.98+ |
both | QUANTITY | 0.98+ |
over two million dollars | QUANTITY | 0.98+ |
The Cube | ORGANIZATION | 0.97+ |
one aspect | QUANTITY | 0.97+ |
today | DATE | 0.97+ |
Las Vegas | LOCATION | 0.96+ |
Fortinet Accelerate 2018 | TITLE | 0.96+ |
over four million | QUANTITY | 0.95+ |
First | QUANTITY | 0.94+ |