>> Live from Atlanta, Georgia, it's The Cube, covering Citrix Synergy Atlanta 2019. Brought to you by Citrix. >> Welcome back to The Cube. Lisa Martin with Keith Townsend, continuing The Cube's two day coverage of Citrix Synergy 2019. We are very excited to be speaking with one of the Citrix innovation award nominees, ZF Group. We've got Walter Scherer, senior manager of IT workplace foundation. Hi Walter. >> Hello, nice to be here. >> And Greg Lehofer, manager of client virtualization. Greg, great to have you on The Cube. >> Thank you very much. >> So, first congratulations to ZF Group for the Innovation Award nomination. We hear there were over one thousand nominees. Pretty exciting to get to the top three, one of the top three finalists. So Walter let's start with you, tell our audience who ZF is and what you're doing with Citrix. >> So ZF is a global system provider, we enable next generation of mobility. So for us it's very important to invest in technology fields like integrated safety, electricity, like automated driving, that's very important for us so we see the future, the world will change so we see it every day and therefore it's very very important for us that we push innovation, that we push internet of things, and we push the digitalization. That's a must for us. >> So you guys are supplying a company that supplies systems for IC, your passenger cars, commercial vehicles and industrial technology. >> Yeah. >> Across Germany or is this to cross Europe? >> That's globally so we have around 40 confidants where we have locations. Where we have well organized globally and therefore it's very important for us to bring the right product for the future, for our customer. >> Wow so Greg tell us about the landscape, that's 40 countries, tell us how big is the infrastructure to support all of them? >> It's very big, so the transformation of IT is very important for us as Walter mentioned before, so yeah we start to build up a bigger infrastructure now, a virtual infrastructure because in the past we have a lot of water in place and so it's all from from ZF and now we are able that the external service providers and we have a lot of external service provider in place around the globe so that they can bring their own devices now in ZF and can use virtual desktops and so yeah for us the effort is not too big because the infrastructure is more central at the moment and so yeah, we are searching for new ways how we can make that more efficient for us and more easier and manage them and yeah we are looking at cloud infrastructures at the moment and yeah we are working very close together with Citrix and that technology and yeah, for us we are very proud that we are now nominated for the prize and yeah. >> So again about scale, how many partners worldwide do you have? So number of devices connecting to your infrastructure, how big is your customer base? >> So we have a lot of customers there so for our project because of course you mentioned, so we have off-road vehicles, we have product concerning the automotive areas, we have commercial areas so that's a lot of individual customers that we all have there. So and therefore we have to bring the right outcome so with Microsoft or with Citrix technologies and of course with the partnership with Microsoft that's very important too for us and so we have to bring the right infrastructure in place, especially in the user centric experience approach that's very important too for us and therefore we have the good partnership with Citrix so and with Citrix we have a really big and powerful systems in place, product to portfolio, so that will help us in this journey. >> Let's talk about that journey Greg, when you started working with Citrix to virtualize the environment, talk to us about how you went about that from a mobility perspective and what is that enabling your business to achieve for your customers? >> For our customers you have global graphic we have customers all over the world, they are always on airports and traveling around the world and so it's very important for us that we are transformate the IT in that way that the customer is able to work all over the world, anytime anywhere with any device. It's very important for the customers and for a new generation X to work with every device and yeah there is big transformation at the moment in place so yeah we with Citrix it's make it easier for us that we can provide all customers with every device a workplace or an application, that application the customers need or our employees need to work to collaborate all over the world with other engineers and so on on collaborate topics and on tasks and on projects and yeah with that technology, with private cloud and now with public clouds they are able to work with all kinds of devices everywhere in a secure way, and that is important for us because security is one of the important factors for us because when you are traveling all around the world and connecting from every place, security in our perspective yeah, it's very important and so with that technology-- >> And if you are looking for the flexible platforms that's very important, the solutions that Citrix have embized with The Cloud system so that brings us in the situation that we could manage all the platforms that we have in place locally today and if you connected to The Cloud. So therefore we have a common plan so to administrate and manage all the Citrix environments. >> So I imagine there's a large range of applications that you're deploying, you guys seem to provide a lot of services, what type of application data and tasks are happening remotely with your users? Like what's a typical transaction that a user will conduct while they're sitting at a airport? >> So that's what Gregor said so that's very important with the device strategy to treat the promote it with any device anywhere and to each time so and therefore we could provide a virtual desktop so that's independent from the device so we have maybe for collaboration that's a very similar topic, so we have solutions for our third parties, for the contractors and so it could give them a small solution, the Citrix mobile desktop, the mobile app so they have the possibility to connect to ZF and the infrastructure and so we are very flexible about that. So the only what they need, they need a device, they need a browser that's it. So that's the solution from Citrix. >> In terms of the operational efficiencies that you have presumably gained from working with Citrix, sounds like your users as well as your end-user customers are benefiting from the virtualized infrastructure that you've put in place, but talk to us about from an operational perspective, how much more efficient is your organization now? >> From our perspective, it's more efficient because as I mentioned before in the past they we have to give all our external service providers as an example hardware from ZF, and so it's a very big benefit, a lot of doings for our IT to prepare the desktop to make them secure the hardware and so on and now we are not longer responsible for that order because the external bring their own hardware and we only provide them a VDI on a secure way, a NetScaler gateway in that case and though they can connect and we only take care about our workplace and they take care of their hardware and so yeah for us it's much better because our effort is not so big and that is very good and yeah, and so as an example the workplace from Citrix, the new, it's very, very good for our customers because the users intrecities is very high because a lot of tools or applications they need has put the time SAP and read the emails, have a look at the chat, have a look at teams and so on, it's all in one platform and saves a lot of time. And time, everybody knows is very important for us and yeah when we can save time it's very perfect for us. >> Let's dive into that time savings, how long does it take you to onboard a new partner now versus before you had Citrix? >> Now-- >> For the deposit there was a lot of processes and they need I would say days, so in the meantime we have to push a party so internal SATA should automatically create an image, a VDI for example for the the customer, that's it. So and of course in the background we have to set the right direction, the right access, what systems they have in use, (mumbles) and that's it. >> So it sounds like it takes the business processes longer to onboard a customer like, so you have to sign a deal, get involved with a partner and IT it sounds like it's moving way faster than the actual business itself. >> Yeah as I mentioned it's a very fast process in the mean time so you have a portal you could go there so that to request what they need and then there's automatic behind that and so we could create automatically this request for him. >> So it used to take days to onboard a partner, now with Citrix workspace, it's hours, minutes to onboard a partner, how much time can you quantify that time savings? >> I would say if you consider the whole process, it needs some hours so because it's not only the Citrix onboarding, the Citrix onboarding goes very fast. So then the you have to create the operating system and so on, the imaging, so to bring the applications to the client, what they need I would say that needs hours. >> Or days to hours, so big time savings and also what you were talking about Greg I couldn't help but think that now that you don't have to provide all of this hardware to your partners, there's probably a massive cost savings as well that ZF has achieved, can you talk about that? >> Absolutely, from the cost perspective we save a lot of money and the other benefit is that the external can bring the hardware we'll work with. So normally we have one device and the external have to work with that and now he can bring his-- >> Whatever they choose. >> Right right, yeah right. Any device and that is very benefit for them because they can work with smart phones, they can work with tablet or they can work with a notebook as they like and from our perspective, yeah as you mention before you save a lot of money because it's yeah we only have to provide the virtual desktop and yeah we can provide them in a very quick way and we have workflows for that and yeah it's great for us. >> What feedback have they given you now that the process is so much faster for them but also they're able to use whatever device they're already familiar with, I imagine from a customer satisfaction perspective this new experience that you're enabling has really probably driven up your customer loyalty. The customers happier, more satisfied? >> The customers more happier of course so and the important topic for us is the customer is happy, they have a fast solution, it is mobile so and we have the access under control, that's very interesting for us. >> Well making your customers happy is always a top priority and we hear that you're doing that very well, we want to congratulate ZF on your nomination. >> Thank you very much. >> For the Innovation Award, we know that the voting goes through till tomorrow when the winner will be announced, we wish you the best of luck and thank you both for joining Keith and me on The Cube this afternoon. >> Thank you very much. >> Thank you, for Keith Townsend, I'm Lisa Martin. You're watching The Cube, live from Citrix Synergy 2019, thanks for watching. (upbeat music)

(upbeat music) >> From our studios in the heart of Silicon Valley, Palo Alto, California, this is a Cube conversation. >> Welcome back, everybody, Jeff Frick here with the Cube. We're in our Palto Alto studios today for a Cube conversation, kind of an interesting conversation around trying to connect big enterprises who are always trying to be innovative with small companies who are usually innovative but don't necessarily have the connections the big companies that have a little bit more resources and might be interested in the things that they're working on. Really doing that through podcasts, which is a really growing venue. It's been going on for a while, but we're seeing a big uptake in, I think, the consumption of podcasts, who's doing podcasts, the brands behind podcasts. So we're really happy to have them all the way from Texas. It's Erin Gregor and Syya Yasotornrat, the cofounders of Innovation Calling. So welcome. >> Thank you for having us. >> Thank for having us. >> Absolutely, so did I get the description right of Innovation Calling, or give everyone kind of your overview of what you guys are up to. >> Yeah, so Innovation Calling was developed with the fact of there's, being in Dallas, we've got a lot of large corporations with innovation labs. They're trying to stand out. They're trying to connect with great talent, but a lot of these people, everybody's got an innovation lab, and we've talked about this before. If you're in the Fortune 500, you are a tech company whether you like it or not. And so we just saw this potential to highlight these companies to be able to hopefully get talent. And then on the other side enterprise companies are trying to connect with start-ups, established start-ups, not ideas, but established and there's a lot to sift through. Hopefully the goal of the podcast is to highlight these companies and help with that sifting and help with the talent pool and really connecting the creators with the companies that are trying to create. >> What's kind of the objective of that matching 'cause clearly it's not a hiring, you're not a hiring service. >> Right. >> You're talking about companies, not people, so what's kind of the objective? What's kind of your best case if this connection works? >> So for us our best case scenario is, obviously, we are at the forefront of innovation with emerging technologies today. Obviously Silicon Valley has a lot of talent and a lot of corporations already in that space, but when you think of the mid-tier, second-tier cities like Dallas, for example, you don't have as many tech workers, but there's still need for that type of talent, right? >> Right. >> With podcasting as our venue and medium to communicate that, we also realized that there was a great potential for these corporations to leverage podcasting as a way to communicate and do their outreach. Again, we're on those mid-tier second-tier cities where you might not have the plethora of folks here in the Bay Area. >> Right, right, but even if they connect with that company, are you thinking that there's going to be some type of technical alliance, some type of partnership, an OEM agreement, or what again kind of if you're pitching this to the small company, what am I like "Yay! You're finally getting" Ya know I listened to your podcast the other day. You had a woman on from Erickson, and I'm building some 5G widget. What's kind of my anticipated outcome of participating and kind of following your funnel and connecting with Erickson? >> So we have a couple of different ways. First of all, we can through us, we've actually made a lot of handshakes, so that's what I love to do is help create the handshakes and we've done that personally. The other side is we are taking the next step and doing live events. So that podcast that you talked about was a series of women in tech leadership where it's not just a live podcasting event but a networking event. So we're really taking the next step in creating these opportunities that you can be in the same room more exclusive type room that we're putting together, a lot of invite only perspective, but helping to make those connections where I see somebody from Erickson is going to be there, I want to make sure and now I can actually be in person and make that happen too. >> Okay. Why podcast? How did you come to use podcast as kind of your medium? >> So I think there's been a tradition in the last five six years that podcast does have the potential to blow up. I think now in 2019 we've actually hit that threshold where there's actually consumer response and with enough studies what they've discovered is most podcast listeners are actually educated business professionals. They tend to lean towards technology, yet you don't see a lot of technology-branded podcasts. And so we looked at the market. A lot of hobbyist type and personal branded podcasts, but we think now is the right time for corporations to make the investment to understand that the medium of traditional advertising is actually evolving and podcast is leading that forefront. You're seeing a lot of huge investments. Actually here there's a hundred million dollar plus investments for the purpose of growing the podcast community. >> Is that for the infrastructure? Or is that for the actual talent and the community and the content generation? >> Yes, the answer is yes, it's everything. (laughter) A company that does a lot of production but builds the community too. >> So I listen to Malcolm Gladwell's all the time. We got to interview him at Quickbooks Connect a couple years ago. You know, really interesting podcast. There's guys like Joe Rogan and stuff that obviously got a ton of great pub when he had Elon Musk on, who smoked not really a joint but kind of a joint and that, but I'm curious on the business side, are there some kind of lighthouse podcasts that you guys see that you use either as an example for what you're trying to develop or as an example to show? I'm just going to keep using Erickson just 'cause it's top of mind from what I just watched. To show them to say hey this is the type of thing that you guys should be trying to do. Who are some of your favorites? >> I'm a big fan of Hackable McAfee that has rolled out. When you think of tech branding and that is what we do focus on is technology based corporations, we tend to lead toward speeds and feeds. That's kind of our, we're engineered background folks in general, right? But I thought Hackable does a great job of pulling in some technology but then using stories or using events of being hacked, for example, something that the audience can relate to. And it's a storytelling, and that's the story arc that I think in general we're helping corporations understand the value of storytelling. It's not just about a product. It's not just selling a cup per se, but the story around it. How good that cup of coffee will feel when you drink it or you know, the experience or memories that you have it evokes. >> So how far are you along on your journey? You have a number of podcasts up already on your site. Are you the first inning, the third inning, is this still kind of early days or where are you in your development of your concept and your company? >> Well, we have a couple of different components to our business, so the podcast has What I was telling you about too we have a network component, we've got a consulting services. Our goal for Innovation Calling was let's first prove the concept. Let's plug into a network. Let's make sure we We'll be the test case essentially, and we've proven that. So from that perspective of that component, we're hitting, we're almost at 100,000 downloads of our podcasts. You know, we're doing pretty well with that. And now as we build it's the next component, so we're bringing on a couple customers from a consulting basis and we help not just with the production but with the promotion. So you spoke earlier about, I always kind of look at if the tree falls in the forest but no one was there to hear it, did it actually happen? I feel that saying fits with a lot of corporate podcasts. They're out there, but no one knows they're out there. So are you going to continue spending that kind of money on production and time with your employees if you're not going to do anything to promote it. And no one knows it exists? So we help on both sides of that scale. >> So on your podcast, which has been the women in tech theme, is that kind of the theme you're going to continue, or is that kind of a launching thing and you're going to turn into other themes? >> That's just a component. So Innovation Calling, there's men on the actual podcast. But we started that specific series to yes talk about the technology perspective of women, but how did you get there? What's your story of growing? So that's just a segment of that podcast again to bring in to really theme the live events to help grow that community on a segment basis? So as that grows, our goal is to do a couple different other types of segments. We talked about a channel. The idea of that yesterday with a client, so we want to actually take the bigger part of Innovation Calling and niche it down bit by bit on the live event scale. >> And then on the event side, how often are you doing them? What's the format, how many people, frequency, and what's the format? >> Syya is ready to go. >> She's ready to go. >> Let me tell you, I'm ready to go. First off, there's wine and hors d'oeuvres, so if we can't wine you and dine you I suppose, but no, really again we're about building community first and foremost. The Dallas Fort Worth area is making great strides in the entrepreneurial side. Big investments to get major corporations to come in the area, so we think this is a great opportunity for these folk to come together. A lot of folks from outside of town, who are looking to build their network again because they've been relocated. And then, you know, our themes. Women in technology is our first theme because, quite frankly we're sort of biased a little bit towards that. >> Well it's a good theme. >> Got to help our people. >> But again it is a very casual format right now. It's interview-based. >> Is it a hundred people? Five hundred people? >> We actually started and we want it to be intimate. We want the value of the network to actually make genuine connections as opposed to if it gets too large, I feel like some individual might be left off the side. So we actually started off our very first one that sold out was forty people and we did not want more than that in a room. Quite frankly then it gets claustrophobic. >> What about frequency? >> Once a month. >> Once a month. >> Our goal is to keep the size about 75-100 of those, max out at 100, but make sure to Syya's point keep them at an intimate scale. >> What about geography? Obviously you guys are based out of Dallas Fort Worth area. You're here in Silicon Valley. What's kind of your geographic plan? How do you see this kind of evolving? >> Absolutely. We would love to share this across the United States. Again we want to make sure Dallas is viable, proves a point. It is a second-tier city versus something like the Silicon Valley area or Chicago, New York, etc. We are not trying to create a brand new women in technology group, if you will. We're actually working in collaboration with existing women technology groups. We're just simply leveraging the networking opportunity through live podcasting. Again, growing the podcast medium. >> Yeah, I would say by early 2020 our goal is to be in, to come out here and to be able to have an audience to do a live event. We actually had drinks with someone last night about that collaboration, so we'd love to grow it on a perspective and be able to do it in different communities 'cause I've been podcasting for about five years through other businesses and the live event, it's just really. I mean you know you do live interviews. >> I do a lot of live events. >> There's just something special about that connection and then being there live to do the interview. It's a really fun format. >> Right. So do you have any upcoming guests you can plug or share with us today on your next couple podcasts? >> Our next event is actually April 9th. (laughter) (mumbles) April 9th and we're going to have Crystal Christensen, VP of Tech Support at SonicWall. We're very excited to have her onboard. We're still in confirmation, but we're going to be expecting folks from SalesForce, HPE, and Facebook for our next events. >> Okay, great. Where do people go to listen to the podcasts? >> Innovationcalling.com >> All right. Well Syya, Erin, thanks for stopping by. Hopefully you have a good successful couple of days in Silicon Valley and safe travels home. >> Thank you. >> Thank you very much for having us, Jeff. Appreciate it. >> She's Erin, she's Syya, I'm Jeff. You're watching the Cube. We're at our Palo Alto studios for our Cube conversation. Thanks for watching. We'll catch ya next time. (upbeat music)

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.