>>from around the globe. It's the Cube with digital coverage of Dell Technologies. World Digital Experience Brought to you by Dell Technologies. Hey, welcome back. You're ready. Jeffrey here with the Cube. Welcome back to our ongoing coverage of Dell Technology World 2020. The Digital Experience. I'm coming to you from Palo Alto. It's a digital event, just like everything else in 2020. But we're excited to have our next guest. I think he's coming in all the way from Atlanta, Georgia. He's Jim Shook, the director of cyber security and compliance practice at Del Technology. Jim, Great to see you. >>Thanks, Jeff. It's quite the title there. Thanks for getting all that out. >>I have a big posted notes so that, uh, that's very helpful. But, you know, it's it's actually kind of an interesting thing because you have compliance and cybersecurity and your title, and it's it's It's interesting relationship between compliance as a motivator of behavior versus you know, you need to go a lot further than just what the compliance says. So I'm curious if you can talk about that relationship between yeah, we need to be compliant, and we need to follow the rules. But you need to think a lot bigger than that. >>Yeah, definitely. I mean, there's so many different standards out there and requirements. So typically, what we'll see on the regulatory side is very much a minimum baseline, and leading the way, as usual in the cybersecurity space, will be financial and health care organizations. That's particularly true in the US, but pretty much globally, at least on the financial side. So they'll set some baselines. A lot of industries don't really have many. And so what we look at many times is just general risk to the business. And, of course, if you're a publicly traded company, that might trigger some SEC requirements or other things like that. But again, we really look at those requirements as minimum baselines, and you have to work up from there based on the organization's risk profile. >>Yeah, yeah, and we see that we see that, too, with privacy and a whole a whole bunch of stuff where traditionally the regs and the compliance kind of lag, you know where the technologies and where the markets moving. So let's before we get too deep into it. Let's let's talk about the cove it impact because obviously a huge thing. Insecurity, Uh, you know, a light switch moment in mid March when everybody had to work from home. So suddenly your tax surfaces increase exponentially. People are working out of home environments that you don't necessarily know what's going on there. Who's going on there, The shared networks with the spouse and the kids and and everybody else. And but now we're, you know, 678 months into this. This is something that's going to be going on for a while, and even the new normal will have some type of a hybrid relationship with with, you know, an increased level of remote remote work once they work from home. But it's really work from anywhere. So I wonder if you could share your thoughts about how things have transitioned from you know, what happened in mid March, taking care of your own business and your own people to, you know, then taking care of your customers and the emergencies that they had. But now really thinking in terms of more of kind of a long term, fundamental shift in the security profile that people have with all their data and information >>Yeah. Gosh, it's been really interesting. I think organizations have done an amazing job when you think about the things that they've had to get done just really overnight. So a lot has been written about the pandemic, and you mentioned Jeff to really that expanded threats surface. All of a sudden, you've got people working from home. There wasn't enough VPN capacity. A lot of places. I talked to some organizations. Employees just took their desktop off of their desk and brought it home so it wasn't really ready toe work at a remote location. But organizations really adapted well to it. Meanwhile, that was opportunity for the criminals, and they've taken it. But Jeff, one of the things that I think about two is to an extent, this is the new normal, not necessarily the work from home, but the shift that's going to consistently happen in cybersecurity. Things change. The criminals air really smart, they adapt. So that was work from home. What's the next thing going to be? There's I O T. There's remote devices. There will be some vulnerabilities. We just have to get used to this pace and continue it. Unfortunately, >>right, right, right Yeah, it's always it's always a little bit of, Ah, a cat and mouse game, Right? But what? And then one of the other trends that we're seeing, I don't know, maybe more visibility or maybe higher profile is is the ransomware attacks, right? So we've seen, you know, kind of this thing really interesting continuation of different types of security threats between just the the local kid who's just trying to do it because it's fun versus, you know, competitive stuff where people are trying to take out their competitors versus nation states and nation states being, um, you know, kind of driving these attacks. But the ransom, the ransom where we've seen before, but it seems to be increasing in frequency. Maybe we're just hearing about it. What's special about ransom, where as a specific type of security threat. >>So I started this practice about five years ago, and at that point, ransom or was just barely a blip, it was really about destruction and the way that we talk about it in the cybersecurity spaces. There's this triad, these three components of our data that we're trying to protect. So one of those is confidentiality, and that traces back to the attacks you're talking about. That's when somebody steals your data. You don't want them to do that. That breaks the confidentiality of the data. And that's really where the cybersecurity controls kind of grew up around, that you didn't want credit cards, intellectual property, healthcare information. And that's still a problem with ransom, where they're affecting the availability of the data or the integrity of the data. And those were the other two prongs that go with confidentiality. And so these attacks. That's why they feel different. Their impact in your ability to access the data, which in many cases can shut a business down. There have been headlines over the last couple of months. Some businesses that really were closed off for components of their business that were shut down, and it's because they didn't have their data or their systems, and then eventually they either found a way to recover them. Or perhaps in many cases, the speculation is they paid the ransom to get the data back, >>right. And of course, the problem with ever paying a ransom, um, is that you don't necessarily know you're going to get the data back. That you may just be encouraging them to hit you again. Eso paying the ransom is is not necessarily the best solution. And then then, in talking about this thing, turns out that in fact, not only may it not be the right solution, you may be breaking the law. This is a pretty interesting thing. I had no idea that there's really laws dictating, you know, I guess responding to a criminal threat. What? Where does that go? What's that from? >>Yeah, that's we've talked about this for a while. But it wasn't until about two weeks ago that some information was released from the Department of Treasury. So the idea here is that every not every country, many countries, the US among them have lists of countries and organizations that you can't do business with. So essentially a prohibited or sanctions list. And, as it turns out, many of the ransomware bad actors and Jeff is actually real name of one of them evil court. It sounds like a movie or a book, but that's one of the ransomware bad actors there on those lists. So if you get attacked by an organization that's on the list and you pay them. You have now completed a transaction with a prohibited entity and you're subject to potential sanctions. There was a lot written about this being a new law, or the US came up with this law, and that's not the case. The laws have been on the books for a while. It was the Department of Treasury, kind of issuing some guidance, just nudging people. Hey, by the way, you shouldn't be doing this and some of the research I've done a lot of countries have these laws. So while it's just the US that came out with this advisory, which was very public and certainly a big wake up call, these laws exist in a lot of other countries. So organizations really need to be prepared for what they're going to do if they get hit with the Ransomware attack. Not really counting on paying the ransom for the reasons that you said, Plus, it may be against the law. >>And just to make sure I understand you, it's against the law because you're effectively doing business by having a financial transaction with one of these, prohibited either organizations or they're in a prohibited country complete. >>That's correct Yeah, mostly about the organization, um, and then an interesting component of this and we won't get into too much of the weeds on the legal side. But the law is actually a strict liability. So that means it doesn't matter whether you knew or should have known that the entity was on a prohibited list. The mere fact of having that transaction makes you liable. And then the way that the the regulations are written, you can't get someone else to do your dirty work for you. So if you are facilitating that transaction anyway, you may be running afoul of those laws. >>Jesus. One more thing to worry about where you're trying to get business. You're trying to get your business back up and running, but specifically with with with ransomware and why it's different. I mean, there's been business continuity, planning forever. You know, you guys have backup and recovery solutions. Uh, you know, there's so much effort around that What's different here? Is it just because of the time in which you have to respond the availability of those backups toe to come back and get in production? What makes Ransomware so special from a business continuity perspective besides the fact that you're not allowed to pay him because it might be breaking the law. >>Ah, lot, You hit on a couple things there. So we've known forever that with D R. Disaster recovery One of the major things you're doing there is your replicating data quickly so that if you lose sight A you can pop up its site B With ransomware, you're replicating the corrupted data, so you lose that with backups. The bad guys know, just like you mentioned that if you have a backup, you could use that to recover. So they are more frequently now gathering their credentials and attacking the backup. So many cases we see the backups being deleted or otherwise destroyed. And that's really where we have focused with our power. Protect cyber recovery solution is creating a new, extra offline air gapped copy of the most critical applications. That's not going to be susceptible to the attack or the follow up attack that deletes the data. >>So let's jump into that a little bit, um, in a little bit more detailed. So this is a special solution, really targeted, um, as a defense against Ransomware because of the special attributes that ransom where, uh, e guess threatens threatens or the fact that they they also go after your backup in recovery at the same time, knowing you're gonna use that to basically lower the value of their ransom attack. That's crazy. >>Yeah, they're smart. You know, these these Attackers air smart. There's billions of dollars at stake. E think organizations like Evil Corp estimates are they could be making hundreds of millions of dollars. So they're they're not even small businesses. They're almost industries unto themselves. They have advanced tactics, They're leveraging capabilities, and they have. They have products, essentially. So when you think about your production data, your backups, your disaster recovery, those air, all in environments, that they're not accessible on the Internet. But that's where you're doing business. So there is access there. There's employees that have access, and the bad guys find ways to get in through spear phishing attacks, where they're sending emails that look like they're from somebody else and they get a foothold. Once they have that foothold, they can leverage that access to get throughout that production environment. They have access to that data, and they deleted with cyber recovery. What we're doing is we're creating a vaulted environment that's offline. They can't get there from from where they are, so they can't get access to that data. We lock it down, we analyze it, we make sure that it's good and then this happens automatically and day over day. So you've always got that copy of data. If your worst case scenario develops and you lose your production environment, that happens. You've got this copy of data for your most critical applications. You don't want to copy everything in there, but you can use to actually recover and that recover capability. Jeff is one of the pillars of a cyber security structure, so we focus a lot, kind of like you said before. What's different about these attacks? We focus a lot on protecting data and detecting bad guys. This is the recover capability that is part of all these frameworks, >>right? So there's a lot to unpack there before we get into the recovery. And kinda actually, why don't we just start there and then I want to get into the air gap because that's a great That's a great thing to dig in on the recovery what's kind of your targeted s l A Is it based on the size of the application? Um, is it based on on, you know, a different level of service. I mean, what is what is the hope? If I buy into this this solution that I can get my recovery and get back into business if I choose, not toe to pay these guys? What? What does it? What does that kind of look like? >>Most of the time, we're providing a product that our customers are deploying, and then we have some partners that will deployed as a service to, so the SLS may vary, but what we're targeting is a very secure environment, and you can look at how it's architected and think about the technologies. If it's properly operated, you can't get there. You can't get to the data. So the points that we're really looking at is how frequently do we want to update that data? So in other words, how much data can you afford to lose? And then how long will it take you to recover? And both of those? You can leverage the technologies to shorten those up to kind of your requirements. So loosely speaking, the in the shorter you make the time may cost you a little bit more money, a little bit more effort. But you can tighten those up pretty much what your requirements are going to be, >>right? Right? And then let's talk about air gaps because air gaps. That means something very, very specific. It literally means classically right, an air gap. There is a space in between these systems until electrons learn how to jump. Um, they're they're they're physically separated. Um, but that's harder and harder to do, right, because everything is now a P I based, and everything is an app that's based on a bunch of other APS, and there's calls and there's, you know, everything is so interconnected now. But you talked about something specifically said, an automated air gap. And you also said that you know, we're putting this data where it is not connected for some period of time. So I wonder if you could explain a little bit more detail how that works, how it's usually configured, um t to reintroduce an air gap into this crazy connected world. >>Yeah, it's kind of going backward to go forward in a lot of ways. When we're careful about the term, we'll use the term logical air gap because you're right, Jeff on Air Gap is there's a gap, and what we're doing is we're manipulating that air gap in a way that most of the time that data are are safe. Data are vaulted, data is on the other side of the air gap, so you can't get there. But we'll bring it up in air. Gap will logically enable that air gap so that there is a connection which enables us to update the data that's in the vault, and then we'll bring that connection back down. And the way that we've architected the solution is that even when it's enabled like that, we've minimized the capability to get into the vault. So, really, if you're a bad actor, if you know everything that's going on, you might be able to prevent the update. But you can't get into the vault unless you're physically there. And, of course, we put some controls on that so that even insiders are very limited what they can do if they get inside the vault and the A. P. T s, the advanced persistent threats. People who are coming from other countries. Since they're not physically there, they can't access that data. >>That's good. So it's on its off, but it's usually off most of the time, so the bad guys can't get across there. >>Yeah, and again it's It's important that even when it's on it za minimal exposure there. So you think about our triad, the confidentiality, integrity, availability. You know, we're blocking them from getting in so they can maybe do a denial of service type of attack. But that's it. They can't get into break into the vault and break things and destroy the data like they would in production. >>I want to shift gears a little bit gym, and I've I've gone to our essay, I think, for the last three or four years of fact, I think it was the last big live event we did in 2020 before everything came to a screeching halt. And, you know, one of the things I find interesting about the security industry is this one of these opportunities for cooperative Shin um within the security industry that even though you might work for a company that competes with another company. You know there's opportunities to work with your peers at other companies. So you have more of a unified front against the bad guys as well as learn from what's going on. Uh, with some of the other you know, people. So you can learn from the from the attacks that they're surfacing. There's interesting, uh, organization called Sheltered Harbor that it came across and doing research for this. You guys have joined it. It was basically it looks like it was built around 100 30. This this article is from earlier in the years. Probably groaning is from February 130 participating financial institutions, which collectively hold 72% of all deposit accounts and 71% of all U. S retail brokerage assets. It's a big organization focused on security, Del joined not as a financial institution but as a vendor. I wonder if you can share what this organizations all about. Why did you guys join and what? Where you see some of the benefits both for you as well as your customers? >>Yeah, there's a lot there, Jeff. I've been part of that process for a little bit over two years and kicked it off after we identified. Sheltered Harbor is an organization that we wanted to work with. So, as you said, founded by some of the banks and credit unions and other financial institutions in the US, and what's unique about it is it's designed to protect the U. S. Financial system and consumer confidence. It's not actually designed to protect the bank. So of course, that's an outcome there if you're protecting consumer confidence than it's better for the banks. But that's really the goal. And so it's a standards based organization that looked at the problem of what happens if a bank it's attacked, what happens to the customers. So they actually came up with the specifications, which follows so closely to what we do with cyber recovery. They identified important data. They built requirements, not technologies, but capabilities that a vault would need to have to protect that data. And then the process is to recover that data if an event occurred. So we talked to the team for a while. We're very proud of what we've been able to accomplish with them is the only solution provider in their advisory program, and the work that we've done with the power protect cyber recovery solution. We have some more news coming out. I'm not permitted toe announce it yet. It's pretty soon, so stay tuned, and it's just been a really great initiative for us to work with, and the team over there is fantastic. >>So I just one or two. If you can share your thoughts as as the role of security has changed over the last several years from, you know, kind of a perimeter based point of view and you know, protection and walls and, uh, firewalls and and and all these things which is completely broken down now to more of a integrated security approach and baking security into your data to your encryption to your applications, your access devices, etcetera and really integrating security more into the broader flow of product development and and delivery and and how that's impacted the security of the of the customers and impacted professionals like you that are trying to look down the road and get ahead of the next. You know, kind of two or three bad things that are coming. How is that security posture really benefited everybody out there? >>It gets a really difficult problem that we just keep working at it again. We don't have a goal, because if we're targeting here, the threat actors is a bad actors. They're gonna be here. I was reading an article today about how they're already the bad actors already employing machine learning to improve what they're doing and how they target their phishing attacks and things like that. So thinking about things like security by design is great. We have millions billions of devices, and if we start from the ground up that those devices have security built in, it makes the rest of the job a lot easier. But that whole integration process is really important to I mentioned before the recovery capability and protect and detect Well, if you look at the nice cybersecurity framework has five pillars that have capabilities within each one, and we need to keep focusing on our capabilities in those space, we can't do one and not the other. So we do multi factor authentication. But we need to look at encryption for our devices. We need to build from the ground up. We need to have those recover capabilities. It's just kind of a never ending process. But I feel like one of the most important things that we've done over the last year, partly driven by the changes that we've had, is that we're finally recognizing that cyber security is a business issue. It's not a nightie issue. So if your digital and your assets are digital, how can you confine this to a nightie group? It's It's the business. It's risk. Let's understand what risk is acceptable cover the risk that isn't and treated like a business process that it ISS. >>That's great, because because I always often wonder, you know, if you think of it as an insurance problem, you know, then you're gonna be in trouble because you can't You can't just lock everything down, right? You gotta you gotta do business. And you always think of the, you know, ships or safest, uh, at harbor. But that's not what ships are built for, right? You can't just lock everything down, but if you take it more of a business approach, so you're you're measuring investments and risk and putting dollar amounts on it. Then you can start to figure out how much should I invest in security because you can't spend ah, 100% of your revenue on security. What is the happy medium? How do you decide and how do you apply that investment where, you know, it's kind of a portfolio strategy problem >>it is. And and that's one of the areas that again my five years in the building, the practice we've seen organizations start to move to. So you want to protect your most important assets the best. And then there are things that you still want to protect, but you can't afford the time, the budget, the operational expense of protecting everything. So let's understand what really drives this business if I'm a law firm might be my billion and document management systems and health care. It's a electronic medical record and manufacturing the manufacturing systems. So let's protect the most important things the best and then kind of moved down from there. We have to understand what those systems are before we can actually protect them. And that's where the business really needs to work more closely. And they are with the I T teams with cyber security teams, >>right, and like, I like a lot of big problems, right? You gotta break it down. You gotta You gotta prioritize. You gotta, you know, start just knocking off what's important and not so overwhelmed by, you know, trying to protect everything to the same degree. This is not practical, and it's not not a good investment. >>That's exactly the case. And there's the ongoing discussions about shortage of people in the cybersecurity space, which there are. But there are things that we can do that to really maximize what those people do, get them to focus on the higher level capabilities and let the tools do some of the things that the tools air good at. >>Right. So, you know, you triggered one last point and we'll wrap on this, but I'll give you the last word. Aziz, you look forward. Two things like automation and two things like artificial intelligence and machine learning that you can apply to make those professionals more effective on automate some stuff. Um, how do you see that evolving? And does that give you big smiles or frowns as you think about your use of AI in a nml versus the bad guys, they have some of the same tools as well. >>They dio and look, we have to use those to keep up. I'll give you example with with power, protect cyber recovery. We already use AI and ML to analyze the data that's in our vault. So how do you know that the data is good? We're not gonna have somebody in the vault looking through the files by leveraging those capabilities. We could give a verdict on that data. And so you know that it's good. I think we we have to continue to be careful that we understand what the tools are. We deploy them in the right way. You can't deploy tool just to deploy honor because it's hot or because it's interesting that goes back to understanding the systems that we need to protect the risks that we can accept or perhaps cover with insurance and the risks that gosh, we really can't accept. We need to make sure that the business continues to operate here, so I think it's great. Um, the communities have really come together. There's more information sharing than ever has gone on. And that's really one of our big weapons against the bad actors. >>All right, Well, Jim, thank you so much for sharing your insight. I think your job security is locked in for the foreseeable future. We didn't even get into five G and I o t and ever increasing attack, surface and sophistication of the bad guys. So thank you for doing what you do and helping keep us safe. Keep your data safe and keeping our companies running. >>Thank you for the opportunity. >>Alright, He's Jim. Mom. Jeff. Thanks for watching the cubes. Continuous coverage of Dell Technology World 2020. The Digital Experience. Thanks for watching. We'll see you next time.

(sleek electronic music) >> Hey, welcome back, everybody. Jeff Frick here with the Cube at the RSA Conference in downtown San Francisco. And we got a really special guest that we grabbed out of the hallway, out of the airplanes, Tamara McCleary, the CEO of Thulium. She's the only person I know that goes to more conferences than me and Ray Wang together, I think. (laughs) Tamara, great to see you. >> Oh my goodness, it is so awesome to find you here! >> Absolutely. So, what do you think of the show? 40,000 people. >> It is absolutely bloody freaking crazy right now. And it is, the show has grown just immensely year after year. And there's so much going on. It's absolute craziness. In fact, it's so busy, I had hard time finding you. >> I know. (laughs) So do you feel more secure with all these fine professionals looking out for you? >> You know what? I actually think right here, right now, we are in the midst of geeks with capes. These are the new superheroes. My cybersecurity superheroes right here. >> Well I'm glad. Because the keynote was a little dark this morning. (laughs) John Lithgow got up there and basically said everything is going to fall apart, except for the heroes with capes that are going to keep our cars running, hospitals up, TV stations going, the lights on. >> Wait a minute, you're not suggesting that fear is being used as a motivator for cybersecurity, are you? >> Well, yeah, we don't want to get into that. I mean, the whole, you know, governments like to influence other government's elections. That's never happened before either. >> Well, you know, the other this is, it would be very scary if you didn't follow you on the Cube because you've got the cutting edge in the know information. >> That's right. We have all the tech-athletes like you. (laughs) >> A tech-athlete! So, what have you see so far? Who are you working for here? What have you kind of seen? What's the, uh, what's the vibe? >> Well I am here on a press pass, so I am covering and talking about what's going on here at the conference. And lots of new cool things that I'm interested in and that is, you know we're talking a lot about the internet of things, we're talking a lot about threats. And you're looking at AI, right? What's AI got to do with security? And what I find interesting is that we have to future forward into, all right, with this machine to machine, machines talking to machines. Machines really are going to be the new cyber attacker. Right? >> Right, right. >> So it's machines having to combat other machines who are posing cyber threats. So I think that's, I don't know. I really geek out on the futuristic stuff. So I'm very interested in seeing how companies are harnessing AI in the cybersecurity space. >> Right. Well we just had an instant guest said, you know, you can be a bad guy on AWS, launch your threat against a customer on AWS, and get paid through AWS. >> What? >> I mean, the whole thing happens inside of the cloud in Seattle. It's amazing. >> Wait a minute. That sounds like a show on Mr. Robot. Right, with Evil Corp! >> It could be. And that's before, no, then they flash to the nest, right? The dark shadow on the nest. >> Ooh! >> As they cut to commercial. (laughs) So what else you got going on this year? I mean, you are literally all over the place. We love to keep track of you on Twitter. We see your airplane pictures taking off and landing in cities all around the world. What do you have on the agenda? What's coming up next? >> Next is Mobile World Congress in Barcelona. >> In Barcelona? >> I'm really excited to be there. >> 'Cause 5G is all the rage, right? >> Yes. >> Big part of IOT. >> Yes, and there's going to be a lot of unveiling going on at Barcelona and I'm excited. >> Spanish ham, which is always good. (laughs) Olives. >> Are you going to be there? >> We are going to cover it from Palo Alto for the people that don't want to go on the airplane ride. So we're going to cover Mobile World Congress from the Palo Alto studio. It'll be kind of that follow the sun thing. You guys will cover it early in the morning, we'll pick up the coverage as you guys are out having good ham, red wine, and olives. >> So I got to remember that I shouldn't be tweeting you after a certain hour, because you're going to know. >> We'll definitely pick them up and retweet them. All right, Tamara, well, thanks. I know you're a busy lady. Thanks for taking a few minutes to stop by and say hi. >> Thank you. >> And find us in this big sea of people. >> Woo! Awesome! >> All right, she's Tamara McClearl. I'm Jeff Rick. And you're watching the Cube. Thanks for watching. (sleek electronic music) (upbeat electronic music)