our Studios in the heart of Silicon Valley Palo Alto California this is a cute conversation hello and welcome to the cube studios in Palo Alto California for another cube conversation where we go in-depth with thought leaders driving innovation across the tech industry I'm your host Peter Burris almost everybody's heard of the term black hat and white hat and it constitutes groups of individuals that are either attacking or defending security challenges it's been an arms race for the past 10 20 30 years as the world has become more digital and an arms race that many of us are concern that black hats appear to have the upper hand but there's new developments in technology and new classes of tooling that are actually racing to the aid of white hats and could very well upset that equilibrium in favor of the white hats to have that conversation about the Ascension of the white hats we're joined by Derek manky who's chief security insights and global threat alliances lead at Ford Annette dereck thanks for joining us for another cube conversation it's always a pleasure speaking yeah all right Derrick let's start what's going on afforda labs at four Dannette so 2019 we've seen a ton of development a lot pretty much on track with our predictions when we talked last year obviously a big increase in volume thanks offense of automation we're also seeing low volume attacks that are disrupting big business models I'm talking about targeted ransom attacks right you know criminals that are able to get into networks caused millions of dollars of damages thanks to critical revenue streams being out usually in the public sector we've seen a lot of this we've seen a rise in sophistication the adversary's are not slowing down AET s advanced evasion techniques are on the rise and so you know to do this and for the guard loves to be able to track this and map this we're not just relying on blogs anymore and you know 40 50 page white papers so we're actually looking at that playbooks now mapping the adversary's understanding their tools techniques procedures how they're operating why they're operating who are they hitting on and what what might be their next move so that's a big development on the intelligence sides here all right so I mentioned upfront this notion that the white hats may be ascending I'm implying a prediction here tell us a little bit about what we see on the horizon for that concept of the white hats ascending and specifically why is there reason to be optimistic yeah so as it's it's it's been gloomy for you for decades like he said and for many reasons right and I think those reasons there are no secrets I mean cyber criminals and black hats have always been able to move very you know with with agility right I'm sorry crime has no borders it's often a slap on the wrist that they get they can do a million things are on they don't care there's no ethics and quite frankly no no rules by right on the white hand side we've always had rules binding us we've had to we've had to take due care and we've had to move methodically which slows us down so a lot of that comes in place because of frameworks because of technology as well having to move um after it's in able to it with frameworks so specifically with you know making corrective action and things like that so those are the challenges that we face against but you know like thinking ahead to to 2020 particularly with the use of artificial intelligence everybody talks about AI you know it's it's impacted our daily lives but when it comes to cybersecurity on the white hat side um you know a proper AI and machine learning model it takes time you think it can take you years in fact in our case in our experience about four to five years before we can actually roll it out to production but the good news is that we have been investing and when I say we I'm just talking to the industry in general and wait we've been investing into this technology because quite frankly we've had to it takes a lot of data it takes a lot of smart minds a lot of investment a lot of processing power and that foundation has now been set over the last five years if we look at the blackcats it's not the case and why because they've been enjoying living off the land on a low-hanging truth path of least resistance because they've been able to so one of the things that's changing that equilibrium then is the availability of AI as you said it could take four or five years to get to a point we've actually got useful AI is it can have an impact I guess that means that we've been working on these things for four or five years what's the state of the art with AI as it pertains to security and are we seeing different phases of development start to emerge as we gain more experience with these technologies yeah absolutely and it's quite exciting right ai isn't this universal brain that's that's always good the world's problems that everyone thinks it might right it's very specific it relies on machine learning models each machine learning model is very specific to its task right I mean you know voice learning technology versus autonomous vehicle driving versus cybersecurity it's very different when it comes to the swimming purposes so so in essence the way I look at it you know there's three generations of AI we have generation 1 which was the past generation 2 which is a current where we are now and the generation 3 is where we're going so generation 1 was pretty simple right it was just a central processing lyrtle of machine learning model that'll take in data they'll correlate that data and then take action based off of it some simple inputs simple output right generation to where we're currently sitting is more advances looking at pattern recognition more advanced inputs are distributed models where we have the you know sensor is lying around networks I'm talking about even IOT devices security appliances and so forth but still report up to this centralized brain that's learning and acting on things but where things get really interesting moving forward in 2020 gets into this third generation where you have especially you know moving towards about computer sorry I'm computing where you have localized learning notes that are actually processing and learning so you can think of them as these mini brains instead of having this monolithic centralized brain you have individual learning modes individual brains doing their own machine learning that are actually connected to each other learning from each other speaking to each other it's a very powerful model we actually refer to this as federated machine learning in our industry so we've been first phase we simply use statistics to correlate events take action yeah now we're doing exceptions pattern recognition or exceptions and building patterns and in the future we're going to be able to further distribute at that so that increasingly the AI is going to work with other AI so that the aggregate this federated aggregate gets better I got that right yeah absolutely and what's the advantage of that a couple of things I'm it's very similar to the human immune system right I mean if you have you know if I were to cut my finger on my hand what's gonna happen well localized white blood cells get localized not nothing from a foreign entity or further away in my body are gonna come to the rescue and start healing right it's the same idea it's because it's interconnected within the nervous system it's the same idea of this federated machine learning right if security appliance is to detect a threat locally on-site its able to alert other security appliances so that they can actually take action on this and learn from that as well so connected machine learning models it means that that you know by properly implementing these these AI this federated AI machine learning models in an organization that that system is able to actually in an auto you may pick up what that threat is be able to act on that threat which means it's able to respond to these threats quicker shut them down to the point where it can be you know virtually instantaneous right before you know that the damage is done and bleeding starts happening so the common time safe common baseline is constantly getting better even as we're giving opportunities for local local managers to perform the work in response to local conditions so that takes us to the next notion of we've got this federated a la a I on the horizon how are people how is the role of people security professionals going to change what kind of recipes are they going to follow to ensure that they are working in a maximally productive way with these new capabilities these new federated capabilities especially as we think about the introduction of 5g and greater density of devices and faster speeds and lower latencies yeah so you know that the the the the world of cyber computer cyber security has always been incredibly complex so we're trying to simplify that and that's where again this this federated machine learning comes into place particularly with playbooks so you know if we look at 2019 and where we're going in 2020 we've put a lot of a lot of groundwork quite frankly into pioneering the work of playbooks right so when I say playbooks I'm talking about adversary's playbook knowing the offense knowing the tools techniques procedures the way that these cybercrime operations are moving right and the black hats are moving the more that we can understand that the more we can predict their next move and that centralized language right once you know that offense we can start to create automated Blue Team playbook so defensive play books that a human that that's a security technology can automatically integrate and respond to it but to getting back to your question we can actually create human readable sea cecil guides that can actually say look there's a threat here's why it's a problem here's here here are the gaps in your security that we've identified if you're some recommended course of action as my deity right so that's that's where the humans and the machines are really going to be worked working together and and quite frankly moving speed being able to do that a machine level but also being being able to simplify a complex landscape that is where we can actually gain traction right that this is part of that ascendancy of the white hat because because it's it's allowing us to move in a more agile nature it's an it's allowing us to gain ground against heat actors and quite frankly it allows us to start disrupting their business model right it's more resilient Network in the future this leads to the whole notion of self-healing networks as well that quite frankly just makes it a big pain it disrupts your business model it forces them to go back to the drawing board - well it also seems as though when we start talking about 5g that the speeds as I said the speeds the dentin see the reduced latency the the potential for a bad thing to propagate very quickly demands that we have a more consistent coherent response at both the Machine level but also at the people level we 5g into this conversation what's what will be the impact of 5g on how these playbooks and AI start to come together over the next few years yeah it's it's it's it's gonna be very impactful it's gonna take a couple of years and we're just at the dawn of 5g right now but if you think of 5g you're talking about a lot more volume essentially as we move to the future we're entering into the age of five G and edge computing and 5g and edge computing is gonna start eating the cloud in a sense that more of that processing power that was in the cloud is starting to shift now towards edge computing right this is that on-premises so it is gonna allow models like I was talking about federated machine learning models at first from the the white hats point of view which I again I think we are in the driver's seat and in a better you know more advantageous position here because we have more experience again like I said we've been doing this for years where the black hats quite frankly haven't yes they're toying with it but not to the same level at scale that we have but you know you know it's I'm always a realist this isn't a completely rosy picture I mean there it is optimistic that we are able to get this upper hand it has to be done right but if we think about the weaponization of 5g that's also very large problem right last year we're talking about sworn networks right the idea of sworn networks is a whole bunch of devices that can connect to each other share intelligence and then act to do something like a large-scale DDoS attack that's absolutely in the in the realm of possibility when it comes to the weaponization of 5g as well so one of the things I guess the last question I want to ask you is you noted that these play books incorporate the human element in ways that are uniquely human so having C so readable recipes for how people have to respond does that also elevate the conversation with the business and does allows us to do a better job of understanding risk pricing risk and appropriately investing to manage and assure the business against risk in the right way absolutely absolutely it does yeah yeah because the more you know about going back to the playbook some more you know about the office and their tools you know you the more you know about how much of a danger it is what sort of targets they're after right I mean if they're just going trying to look to to to collect a little bit of information on you know to do some reconnaissance that first phase attack might not cause a lot of damage but if this group is knowing to go in hit hard steal intellectual property shut down critical business streams to do s that in the past we know and we've seen has caused four or five million dollars from one you know from one breach that's a very good way to start classifying risk so yeah I mean it's all about really understanding the picture first on the offense and that's exactly what these automated playbook guides are going to be doing on the on the on the blue team and again not only from a CSE suite perspective certainly that on the human level but the nice thing about the play books is because we've done the research the threat hunting and understood this you know from a machine level it's also able to put a lot of those automated let's say day-to-day decisions making security operation center is so I'm talking about like sect DevOps much more efficient to so he's talking about more density at the edge amongst these devices I also want to bring back one last thought here and that is you said that historically some of the black hats have been able to act with a degree of impunity they haven't necessarily been hit hard there a lot of slapping on the wrist as I think you said talk about how the playbooks and AI is going to allow them to more appropriately share data with others that can help both now but also in some of the forensics and the the enforcement side namely the the legal and policing world how are we going to share the responsibility or how is that going to change over the next few years to incorporate some of the folks that actually can then turn a defense into a legal attack illumination this is what I call it right so again if we look at the current state we've made great strides great progress you know working with law enforcement so we've set up public private sector relationships we need to do that have security experts working with law enforcement law enforcement working on there and to train process prosecutors to understand cybercrime and so forth that foundation has been set but it's still slow-moving you know there's only a limited amount of playbooks right now it takes a lot of work to unearth and and and do to really move the needle what we need to do again like we're talking about is to integrate artificial intelligence with playbooks the more that we understand about groups the more that we do this threat illumination the more we have cover about them the more we know about them and by doing that we can start to form predictive models right basically I always say old habits die hard so you know if an attacker goes in hits a network and they're successful following a certain sequence of patterns they're likely going to follow that say that's that same sequence on their next victim or their next target so the more that we understand about that the more that we can forecast eight from a mitigation standpoint but the also by the same token the more correlation we're doing on these playbooks the more machine learning we're doing on this playbooks the more we were able to do attribution and attribution is the Holy Grail it's always been the toughest thing to do when it comes to research but by combining the framework that we're using with playbooks and AI machine learning it's a very very powerful recipe and that's that's what we need to get right and move forward in the right direction Derrick McKey ordinance chief of security insights and threat alliances thanks again for being on the cube it's a pleasure anytime happy to talk and I want to thank you for joining us for another cube conversation I'm Peter Burris see you next time [Music]

our Studios in the heart of Silicon Valley Palo Alto California this is a cute conversation hello and welcome to the cube studios in Palo Alto California for another cube conversation where we go in-depth with thought leaders driving innovation across the tech industry I'm your host Peter Burris almost everybody's heard of the term black hat and white hat and it constitutes groups of individuals that are either attacking or defending security challenges it's been an arms race for the past 10 20 30 years as the world has become more digital and an arms race that many of us are concern that black hats appear to have the upper hand but there's new developments in technology and new classes of tooling that are actually racing to the aid of white hats and could very well upset that equilibrium in favor of the white hats to have that conversation about the Ascension of the white hats we're joined by Derek manky who's chief security insights and global threat alliances lead at Ford Annette dereck thanks for joining us for another cube conversation it's always a pleasure speaking yeah all right Derrick let's start what's going on afforda labs at four Dannette so 2019 we've seen a ton of development a lot pretty much on track with our predictions when we talked last year obviously a big increase in volume thanks offense of automation we're also seeing low volume attacks that are disrupting big business models I'm talking about targeted ransom attacks right you know criminals that are able to get into networks caused millions of dollars of damages thanks to critical revenue streams being out usually in the public sector we've seen a lot of this we've seen a rise in sophistication the adversary's are not slowing down AET s advanced evasion techniques are on the rise and so you know to do this and for the guard loves to be able to track this and map this we're not just relying on blogs anymore and you know 40 50 page white papers so we're actually looking at that playbooks now mapping the adversary's understanding their tools techniques procedures how they're operating why they're operating who are they hitting on and what what might be their next move so that's a big development on the intelligence sides here all right so I mentioned upfront this notion that the white hats may be ascending I'm implying a prediction here tell us a little bit about what we see on the horizon for that concept of the white hats ascending and specifically why is there reason to be optimistic yeah so as it's it's it's been gloomy for you for decades like he said and for many reasons right and I think those reasons there are no secrets I mean cyber criminals and black hats have always been able to move very you know with with agility right I'm sorry crime has no borders it's often a slap on the wrist that they get they can do a million things are on they don't care there's no ethics and quite frankly no no rules by right on the white hand side we've always had rules binding us we've had to we've had to take due care and we've had to move methodically which slows us down so a lot of that comes in place because of frameworks because of technology as well having to move um after it's in able to it with frameworks so specifically with you know making corrective action and things like that so those are the challenges that we face against but you know like thinking ahead to to 2020 particularly with the use of artificial intelligence everybody talks about AI you know it's it's impacted our daily lives but when it comes to cybersecurity on the white hat side um you know a proper AI and machine learning model it takes time you think it can take you years in fact in our case in our experience about four to five years before we can actually roll it out to production but the good news is that we have been investing and when I say we I'm just talking to the industry in general and wait we've been investing into this technology because quite frankly we've had to it takes a lot of data it takes a lot of smart minds a lot of investment a lot of processing power and that foundation has now been set over the last five years if we look at the blackcats it's not the case and why because they've been enjoying living off the land on a low-hanging truth path of least resistance because they've been able to so one of the things that's changing that equilibrium then is the availability of AI as you said it could take four or five years to get to a point we've actually got useful AI is it can have an impact I guess that means that we've been working on these things for four or five years what's the state of the art with AI as it pertains to security and are we seeing different phases of development start to emerge as we gain more experience with these technologies yeah absolutely and it's quite exciting right ai isn't this universal brain that's that's always good the world's problems that everyone thinks it might right it's very specific it relies on machine learning models each machine learning model is very specific to its task right I mean you know voice learning technology versus autonomous vehicle driving versus cybersecurity it's very different when it comes to the swimming purposes so so in essence the way I look at it you know there's three generations of AI we have generation 1 which was the past generation 2 which is a current where we are now and the generation 3 is where we're going so generation 1 was pretty simple right it was just a central processing lyrtle of machine learning model that'll take in data they'll correlate that data and then take action based off of it some simple inputs simple output right generation to where we're currently sitting is more advances looking at pattern recognition more advanced inputs are distributed models where we have the you know sensor is lying around networks I'm talking about even IOT devices security appliances and so forth but still report up to this centralized brain that's learning and acting on things but where things get really interesting moving forward in 2020 gets into this third generation where you have especially you know moving towards about computer sorry I'm computing where you have localized learning notes that are actually processing and learning so you can think of them as these mini brains instead of having this monolithic centralized brain you have individual learning modes individual brains doing their own machine learning that are actually connected to each other learning from each other speaking to each other it's a very powerful model we actually refer to this as federated machine learning in our industry so we've been first phase we simply use statistics to correlate events take action yeah now we're doing exceptions pattern recognition or exceptions and building patterns and in the future we're going to be able to further distribute at that so that increasingly the AI is going to work with other AI so that the aggregate this federated aggregate gets better I got that right yeah absolutely and what's the advantage of that a couple of things I'm it's very similar to the human immune system right I mean if you have you know if I were to cut my finger on my hand what's gonna happen well localized white blood cells get localized not nothing from a foreign entity or further away in my body are gonna come to the rescue and start healing right it's the same idea it's because it's interconnected within the nervous system it's the same idea of this federated machine learning right if security appliance is to detect a threat locally on-site its able to alert other security appliances so that they can actually take action on this and learn from that as well so connected machine learning models it means that that you know by properly implementing these these AI this federated AI machine learning models in an organization that that system is able to actually in an auto you may pick up what that threat is be able to act on that threat which means it's able to respond to these threats quicker shut them down to the point where it can be you know virtually instantaneous right before you know that the damage is done and bleeding starts happening so the common time safe common baseline is constantly getting better even as we're giving opportunities for local local managers to perform the work in response to local conditions so that takes us to the next notion of we've got this federated a la a I on the horizon how are people how is the role of people security professionals going to change what kind of recipes are they going to follow to ensure that they are working in a maximally productive way with these new capabilities these new federated capabilities especially as we think about the introduction of 5g and greater density of devices and faster speeds and lower latencies yeah so you know that the the the the world of cyber computer cyber security has always been incredibly complex so we're trying to simplify that and that's where again this this federated machine learning comes into place particularly with playbooks so you know if we look at 2019 and where we're going in 2020 we've put a lot of a lot of groundwork quite frankly into pioneering the work of playbooks right so when I say playbooks I'm talking about adversary's playbook knowing the offense knowing the tools techniques procedures the way that these cybercrime operations are moving right and the black hats are moving the more that we can understand that the more we can predict their next move and that centralized language right once you know that offense we can start to create automated Blue Team playbook so defensive play books that a human that that's a security technology can automatically integrate and respond to it but to getting back to your question we can actually create human readable sea cecil guides that can actually say look there's a threat here's why it's a problem here's here here are the gaps in your security that we've identified if you're some recommended course of action as my deity right so that's that's where the humans and the machines are really going to be worked working together and and quite frankly moving speed being able to do that a machine level but also being being able to simplify a complex landscape that is where we can actually gain traction right that this is part of that ascendancy of the white hat because because it's it's allowing us to move in a more agile nature it's an it's allowing us to gain ground against heat actors and quite frankly it allows us to start disrupting their business model right it's more resilient Network in the future this leads to the whole notion of self-healing networks as well that quite frankly just makes it a big pain it disrupts your business model it forces them to go back to the drawing board - well it also seems as though when we start talking about 5g that the speeds as I said the speeds the dentin see the reduced latency the the potential for a bad thing to propagate very quickly demands that we have a more consistent coherent response at both the Machine level but also at the people level we 5g into this conversation what's what will be the impact of 5g on how these playbooks and AI start to come together over the next few years yeah it's it's it's it's gonna be very impactful it's gonna take a couple of years and we're just at the dawn of 5g right now but if you think of 5g you're talking about a lot more volume essentially as we move to the future we're entering into the age of five G and edge computing and 5g and edge computing is gonna start eating the cloud in a sense that more of that processing power that was in the cloud is starting to shift now towards edge computing right this is that on-premises so it is gonna allow models like I was talking about federated machine learning models at first from the the white hats point of view which I again I think we are in the driver's seat and in a better you know more advantageous position here because we have more experience again like I said we've been doing this for years where the black hats quite frankly haven't yes they're toying with it but not to the same level at scale that we have but you know you know it's I'm always a realist this isn't a completely rosy picture I mean there it is optimistic that we are able to get this upper hand it has to be done right but if we think about the weaponization of 5g that's also very large problem right last year we're talking about sworn networks right the idea of sworn networks is a whole bunch of devices that can connect to each other share intelligence and then act to do something like a large-scale DDoS attack that's absolutely in the in the realm of possibility when it comes to the weaponization of 5g as well so one of the things I guess the last question I want to ask you is you noted that these play books incorporate the human element in ways that are uniquely human so having C so readable recipes for how people have to respond does that also elevate the conversation with the business and does allows us to do a better job of understanding risk pricing risk and appropriately investing to manage and assure the business against risk in the right way absolutely absolutely it does yeah yeah because the more you know about going back to the playbook some more you know about the office and their tools you know you the more you know about how much of a danger it is what sort of targets they're after right I mean if they're just going trying to look to to to collect a little bit of information on you know to do some reconnaissance that first phase attack might not cause a lot of damage but if this group is knowing to go in hit hard steal intellectual property shut down critical business streams to do s that in the past we know and we've seen has caused four or five million dollars from one you know from one breach that's a very good way to start classifying risk so yeah I mean it's all about really understanding the picture first on the offense and that's exactly what these automated playbook guides are going to be doing on the on the on the blue team and again not only from a CSE suite perspective certainly that on the human level but the nice thing about the play books is because we've done the research the threat hunting and understood this you know from a machine level it's also able to put a lot of those automated let's say day-to-day decisions making security operation center is so I'm talking about like sect DevOps much more efficient to so he's talking about more density at the edge amongst these devices I also want to bring back one last thought here and that is you said that historically some of the black hats have been able to act with a degree of impunity they haven't necessarily been hit hard there a lot of slapping on the wrist as I think you said talk about how the playbooks and AI is going to allow them to more appropriately share data with others that can help both now but also in some of the forensics and the the enforcement side namely the the legal and policing world how are we going to share the responsibility or how is that going to change over the next few years to incorporate some of the folks that actually can then turn a defense into a legal attack illumination this is what I call it right so again if we look at the current state we've made great strides great progress you know working with law enforcement so we've set up public private sector relationships we need to do that have security experts working with law enforcement law enforcement working on there and to train process prosecutors to understand cybercrime and so forth that foundation has been set but it's still slow-moving you know there's only a limited amount of playbooks right now it takes a lot of work to unearth and and and do to really move the needle what we need to do again like we're talking about is to integrate artificial intelligence with playbooks the more that we understand about groups the more that we do this threat illumination the more we have cover about them the more we know about them and by doing that we can start to form predictive models right basically I always say old habits die hard so you know if an attacker goes in hits a network and they're successful following a certain sequence of patterns they're likely going to follow that say that's that same sequence on their next victim or their next target so the more that we understand about that the more that we can forecast eight from a mitigation standpoint but the also by the same token the more correlation we're doing on these playbooks the more machine learning we're doing on this playbooks the more we were able to do attribution and attribution is the Holy Grail it's always been the toughest thing to do when it comes to research but by combining the framework that we're using with playbooks and AI machine learning it's a very very powerful recipe and that's that's what we need to get right and move forward in the right direction Derrick McKey ordinance chief of security insights and threat alliances thanks again for being on the cube it's a pleasure anytime happy to talk and I want to thank you for joining us for another cube conversation I'm Peter Burris see you next time [Music]

[Music] hi I'm Peter Burris and welcome to another Cube conversation from the cube studios here in beautiful Palo Alto California today we're going to talk about some new things that are happening in the security world obviously this is one of the most important domains within the technology industry and increasingly because of digital business in business overall now to do that we've asked Eric manki to come back Derick is the chief of security insights and global threat alliances at Fort Net Derek welcome back to the cube absolutely the same feel the same way Derek okay so we're going to get into some some predictions about what the bad guys are doing and some predictions about what the defenses are doing how we're going to see them defense opportunities improve but let's set the stage because predictions always are made on some platforms some understanding of where we are and that has also changed pretty dramatically so what's the current state in the overall security world Derek yeah so what we saw this year in 2019 a lot is a big increase on automation and I'm talking from an attackers point of view I think we talked about this a little bit earlier in the year so what we've been seeing is the use of frameworks to enhance sort of the day-to-day cycles that cyber criminals and attackers are using to make their you know criminal operations is that much more efficient sort of a well-oiled machine so we're seeing toolkits that are taking you know things within the attack cycle and attack change such as reconnaissance penetration you know exploitation getting into systems and just making that that much quicker so that that window to attack the time to breach has been shrinking thanks to a lot of these crime kits and services that are offered out there now one other comment on this or another question that I might have on this is that so speed is becoming an issue but also the risk as digital business takes on a larger four portion of overall business activities that ultimately the risks and costs of doing things wrong is also going up if I got the right yeah absolutely for sure and you know it's one of those things that it's the longer that a cybercriminal has a foothold in your system or has the opportunity to move laterally and gain access to other systems maybe it's your I o T or you know other other platforms the higher the risk right like the deeper down they are within an attack cycle the higher the risk and because of these automated toolkits are allowing allowing them to facilitate that it's a catalyst really right they can get into the system they can actually get out that much quicker the risk is a much higher and we're talking about risk we're talking about things like intellectual property exfiltration client information this sort of stuff that can be quite damaging to organizations so with the new foundation of speed is becoming an increasingly important feature probably think about security and the risks are becoming greater because digital assets are being recognized as more valuable why do you take us through some of the four Donets predictions on some of the new threats or the threat landscape how's the threat landscape changing yeah so as I said we've already seen this shift in automation so what I would call the basics I mean knowing the target trying to break into that target right when it comes to breaking into the target cyber criminals right now they're following the path of least resistance right they're finding easy ways that they can get into IOT devices I into other systems in our world when we talk about penetration or breaking into systems it's through zero days right so the idea of a zero day is essentially a cyber weapon there's movies and Hollywood that have been made off of this you look at attacks like Stuxnet in the past they all use zero day vulnerabilities to get into systems all right so the idea of one of the predictions we're seeing is that cyber criminals are gonna start to use artificial intelligence right so we talk about machine learning models and artificial intelligence to actually find these zero days for them so in the world of an attacker to find a zero day they have to do a practice called fuzzing and fuzzing is basically trying to trick up computer code right so you're throwing unverified parameters out at your turn T of throwing and unanticipated sequences into code parameters and and input validation and so forth to the point that the code crashes and that's from an attackers point of view that's when you take control of that code this how you know finding weapons into system cyber weapons in this systems work it typically takes a lot of a lot of resource it takes a lot of cycles it takes a lot of intelligence that takes a lot of time to discovery we can be talking on month for longer it's one of the predictions that we're hitting on is that you know cyber criminals are gonna start to use artificial intelligence fuzzing or AI F as I call it to be able to use AI to do all of that you know intelligent work for them so you know basically having a system that will find these gateways if you will these these you know new vulnerabilities into systems so sustained use of AI F to corrupt models so that they can find vulnerabilities that can then be exploited yeah absolutely and you know when it comes to the world of hacking and fuzzing it's one of the toughest things to do it is the reason that zero days are worth so much money you know they can suffer hundreds of thousands of dollars on darknet and in the cyber criminal you know economy so it's because they're talk talk to finally take a lot of resources a lot of intelligence and a lot of effort to be able to not only find the vulnerability but then actively attack it and exploit it right there's two phases to that yeah so the idea is by using part of the power of artificial intelligence that cyber criminals will start to leverage that and harness it in a bad way to be able to not only discover you know these vulnerabilities but also create that weapon right create the exploit so that they can find more you know more holes if you will or more angles to be able to get into systems now another one is that virtualization is happening in you know what the good guys as we virtualized resources but is it also being exploited or does it have the potential be exploited by the bad guys as well especially in a swarming approach yeah virtualization for sure absolutely so the thing about virtualization too is you often have a lot of virtualization being centralizes especially when we talk about cloud right so you have a lot of potential digital assets you know valuable digital assets that could be physically located in one area so when it comes to using things like artificial intelligence fuzzing not only can it be used to find different vulnerabilities or ways into systems it can also be combined with something like I know we've talked about the const that's warm before so using you know multiple intelligence infected pieces of code that can actually try to break into other virtual resources as well so virtualization asked definitely it because of in some cases close proximity if you will between hypervisors and things like this it's also something of concern for sure now there is a difference between AI fai fuzzing and machine learning talk to us a little bit about some of the trends or some of the predictions that pertain to the advancement of machine learning and how bad guys are going to exploit that sure so machine learning is a core element that is used by artificial intelligence right if you think of artificial intelligence it's a larger term it can be used to do intelligent things but it can only make those decisions based off of a knowledge base right and that's where machine learning comes into place machine learning is it's data it's processing and it's time right so there's various machine learning learning models that are put in place it can be used from everything from autonomous vehicles to speech recognition to certainly cybersecurity and defense that we can talk about but you know the other part that we're talking about in terms of reductions is that it can be used like any tool by the bad guys so the idea is that machine learning can be used to actually study code you know from from a black hat attacker point of view to studying weaknesses in code and that's the idea of artificial intelligence fuzzing is that machine learning is used to find software flaws it finds the weak spots in code and then it actually takes those sweet spots and it starts probing starts trying to attack a crisis you know to make the code crash and then when it actually finds that it can crash the code and that it can try to take advantage of that that's where the artificial intelligence comes in right so the AI engine says hey I learned that this piece of software or this attack target has these weak pieces of code in it that's for the AI model so the I fuzzy comes into place to say how can I actually take advantage how can i exploit this right so that's where the AI trussing comes into play so we've got some predictions about how black hats and bad guys are going to use AI and related technologies to find new vulnerabilities new ways of exploiting things and interacting new types of value out of a business what are the white hats got going for them what are their some of the predictions on some of the new classes of defense that we're going to be able to put to counter some of these new classes of attacks yeah so that's that's you know that's honestly some of the good news I believe you know it's always been an armor an arms race between the bad guys and the good guys that's been going on for decades in terms of cybersecurity often you know the the bad guys are in a favorable position because they can do a million things wrong and they don't care right from the good guys standpoint we can do a million things right one thing wrong and that's an issue so we have to be extra diligent and careful with what we do but with that said you know as an example of 49 we've deployed our forty guard AI right so this is six years in the making six years using machine learning using you know precise models to get higher accuracy low false positives to deploy this at reduction so you know when it comes to the defensive mechanism I really think that we're in the drivers position quite frankly we have better technology than the Wild West that they have out on the bad guys side you know from an organization point of view how do you start combating this sort of onslaught of automation in AI from from the bad guys side well you gotta fight fire with fire right and what I mean by that is you have to have an intelligent security system you know perimeter based firewalls and gateways they don't cut it anymore right you need threat intelligence you need systems that are able to orchestrate and automate together so in different security products and in your security stack or a security fabric that can talk to each other you know share intelligence and then actually automate that so I'm talking about things like creating automated security policies based off of you know threat intelligence finding that a potential threat is trying to get into your network that sort of speed through that integration on the defensive side that intelligence speed is is is the key for it I mean without that any organization is gonna be losing the arms race and I think one of the things that is also happening is we're seeing a greater willingness perhaps not to share data but to share information about the bad things that are happening and I know that fort and it's been something at the vanguard of ensuring that there's even better clearing for this information and then driving that back into code that actually further automates how customers respond to things if I got that right yeah you hit a dead-on absolutely you know that is one of the key things that were focused on is that we realized we can't win this war alone right nobody can on a single point of view so we're doing things like interoperating with security partners we have a fabric ready program as an example we're doing a lot of work in the industry working with as an example Interpol and law enforcement to try to do attribution but though the whole endgame what we're trying to do is to the strategy is to try to make it more expensive for cyber criminals to operate so we obviously do that as a vendor you know through good technology our security fabric I integrated holistic security fabric and approach to be able to make it tougher you know for attackers to get into systems but at the same time you know we're working with law enforcement to find out who these guys are to go after attribution prosecution cut off the head of the snake as I call it right to try to hit cyber criminal organizations where it hurts we're also doing things across vendor in the industry like cyber threat Alliance so you know forty knots a founding member of the cyber threat Alliance we're working with other security vendors to actually share real time information is that speed you know message that we're talking about earlier to share real time information so that each member can take that information and put it into you something actionable right in our case when we get intelligence from other vendors in the cyber threat Alliance as an example we're putting that into our security fabric to protect our customers in new real-time so in sum we're talking about a greater value from being attacked being met with a greater and more cooperative use of technology and process to counter those attacks all right yeah absolutely so open collaboration unified collaboration is is definitely key when it comes to that as well you know the other thing like I said is is it's the is the technology piece you know having integration another thing from the defensive side too which is becoming more of a topic recently is deception deception techniques this is a fascinating area to me right because the idea of deception is the way it sounds instead of to deceive criminals when they're coming knocking on your door into your network so it's really what I call like the the house of a thousand mirrors right so they get into your network and they think they're going to your data store but is it really your data store right it's like it's there's one right target and a thousand wrong targets it's it's a it's a defensive strategy that organizations can play to try to trip up cyber criminals right it makes them slower it makes them more inaccurate it makes them go on the defensive and back to the drawing board which is something absolutely I think we have to do so it's very interesting promising you know technology moving forward in 2019 to essentially fight back against the cyber criminals and to make it more expensive to get access to whatever it is that they want Derek max Lilly yeah Derrick McKey chief of security insights and global threat Alliance this is for net thanks once again for being on the cube it's a pleasure anytime look forward to the next chat and from Peter Burroughs and all of us here at the cube in Palo Alto thank you very much for watching this cube conversation until next time you