>>We work with and we cover some of the old guard, older companies like Dell EMC, HPE, Oracle, IBM, Microsoft. And they're doing really good work pivoting and trying to be ready for this new wave. It's not just not a blockchain. It's just how the world works. Cloud, you know, IOT, but decentralized cannot be ignored. Are they ready? Do you think they're ready? Do you think they even understand what's coming and >>No, no, they're not ready. And it's not, to me. It's not even about just blockchain. I mean, blockchain technology they can adopt. The bigger issue is digital disruption and digital disruption is all about the data at the core of the organization and, and business models that are built around data. And if you think about the history of companies, it's human expertise and data is bolted on, and we've seen this time and time again. But if you look at the top five market cap companies, Facebook, Amazon, Google, et cetera, they're data companies. Data is at the center and they take human expertise and wrap it around there. So the future is going to be about innovation with data, with artificial intelligence and cloud economics, and the old guard doesn't have those things. Blockchain fits in there. To me, blockchain is about building out a new distributed web and on top of the old web and rewarding those who are building it. So it's a new form of open source where the builders get paid.

>> Announcer: Live from Las Vegas, it's theCUBE, covering IBM Think 2018. Brought to you by IBM. >> Welcome back to theCUBE. We are live at the inaugural IBM Think 2018 event. I'm Lisa Martin with Dave Vellante. And our first guest, on day one of our coverage, is Jerry Thompson, the Chief Revenue Officer of Identity Guard. Hey Jerry, welcome to theCUBE. >> Thank you, well, it's a pleasure to be here. >> So tell us about Identity Guard. What are you guys, what do you do and how are you working with IBM? >> Yeah, Identity Guard is a, is a subsidiary of Intersections. We are a publicly-traded company and we're only in the identity and privacy space. So we, today, protect about 1.4 million people's identities. They, it's a subscription-based service. And two and a half years ago, we made the decision to, to basically invent identity 2.0 and the only way to do that was to use artificial intelligence technology, so we went to Watson to do that. >> This is a giant leap that you mentioned. >> Huge. >> So let's kind of, maybe, break that down a little bit and really talk about what you're doing here that was really transformative. >> Yeah, so, identity protection companies today only look at structured data. And, basically, we look at structured data and we look at it in arrears, so we can't do anything proactive or preventive. We knew if we used Watson in an AI technology, we could monitor unstructured data, which is probably 90% of all the data out there about any of us. And in order, in doing so, we could do preventive and predictive analysis of your personal information, privacy and your identity. So there was a quantum leap to go from just reacting to actually proactively protecting people's identity and privacy. >> So could you take us through, sort of, the journey that you went on to go from, sort of, where you were to where you are now and where you're headed? >> Yeah so, I mean, it starts like every other company with Watson. We took the tour of the Watson building. Went upstairs to the glass conference rooms and in that conference room, waiting for us, was the CIO of Watson. >> Dave: When was this? >> Two and a half years ago. >> Okay. >> And we explained the problem we were trying to solve. And from that day forward, IBM has been an amazing partner for us, amazing partner. So we did all of the things. We went through a Scrum, we wrote some product code, we did, you know, proof of concept, and when we were convinced that we could actually reinvent this industry, we went all-in. >> Keep going. >> And that was two and a half years ago. >> So, so, so a lot of people would say "Okay, Watson's a heavy lift, "you got to have a lot of services." It sounds like you did but the outcome is really what you're driving toward. So what was the outcome you were looking for and what'd you have to do to get there? >> Yeah so, I mean, at the highest level, we wanted to protect not only your financial and credit data, but all of the data that's out there about you and your partner, spouse, wife and kids. And in order to do that you need a processing engine that actually is intelligent. So that was the journey in Watson. We have found it to be not a big, heavy lift. We had the right kind of data scientists and we knew the problems we were trying to solve. Not in the abstract, in the particular. We defined the stories and the categories that we wanted to play in. We defined the product as we wanted to launch it. We knew it was going to be a one to two year run because you have to invent it, create it, then you have to play with it, right? You have to run it through the machine, so, >> Iterate. >> Right, and iterate. So, in order to do that, we knew the timeframe so we were never frustrated. And, along that journey, we came up with other things that we thought would be amazing to include in the service so, like cyberbullying technology, geolocation technology. All kinds of other things where only Watson would help us do that. >> And, and the data scientists were on your team >> Our team, yeah. or IBM brought those to the table? Okay, so you >> Yeah, no, IBM always let us reference their, but we have a handful in Virginia and some more in California in our development center. >> So you're one of the lucky ones who had a team, a bench, of data scientists >> Yes. >> at your disposal to go, is that right? >> Yeah, I wouldn't say a deep bench, but we've added to it over time, as you, as you get into the way you want to solve this problem. >> And, and how, specifically, are you using Watson? Can you give us, add some color on the APIs that you're using >> Sure. >> and how you're applying them? >> So we use natural-language processing because we pour amazing amount of data through the Watson funnel. Social media data, geolocation, Alchemy News. And we need the natural-language to actually jump and, and search for key words and key intimates. We use emotion analysis API, sentiment analysis API for context. So we're reading social media posts, your kids' posts. Your kid might say "Boy, I killed it "on the soccer field today." That's not a threat, right, that's just a statement. You have to add context to the statement. In order to do that, we use emotion and sentiment APIs. We use visual image recognition for inappropriate things that might be coming through. We use Alchemy News, which I believe is Discovery today. We're in the process, with the help of IBM, to create a library, a language, around emojis. Some emojis can be very threatening in the way they're used and the context they're used. You have to be able to read it, intelligently read it, and then put it in context to the string of texts or Instagram posts or whatever, that are going back and forth. So we, we've really taken this holistic view of what Watson can do, help us do for unstructured data and, in that process, it made our ability to monitor structured data better. We learned a lot. So we actually got benefits on both sides of our business. >> So you talked about this quantum leap that, that you made to identity 2.0. Also, what you're doing, in your space is quite pioneering in that, you're >> Yes. >> the only, first and only company, in the space that's using AI. Cyberbullying is such a hot, very challenging topic and, and sadly one that's very much needed in terms of identity. >> Right. >> But why do you think it is that, that Identity Guard is, is so pioneering in this space? >> Yeah, you know, we've always been, we, first of all, Identity Guard invented the identity business 23 years ago. We're the first ones to ever do it, first ones to do credit scores, reports. So we've always innovated in this space. The, the challenge for us as a public company, our biggest competitor is the credit bureaus, right? And the credit bureaus are low-cost providers and, and, candidly, I think they stamp out innovation in our field because they just want it to be about credit data. They don't want it to be about other things. So it was time for somebody to take this leap to predictive and preventive technologies, not just reactive. The rear view mirror can tell you a lot but it can't help you protect today, and that's what we've been doing in our space. >> Well the dossier from a credit bureau is so limited. >> Right. >> It doesn't provide context. You know, your score goes up or down for weird reasons. 'Cause people are doing credit pulls or whatever it is. You don't really have a context of what's going on there. So, so my question to you, Jerry, is where do you see innovation going in this space? Obviously data is involved and the credit bureaus have data but where is innovation going to come from in the next five to 10 years? >> Yeah, you know, I think it's the, we're going to figure out how to harvest data that's out there and then score that data so that we can help you and your family stay safe. Nobody today wants to have no internet, right? The internet's opened up an amazing amount of capability for people. But, but you have to have a way to play in it without it being too dangerous. And I believe we can use Watson. That's our, it's been our theory from day one. We can use Watson to level the playing field, right? Not, not really get an advantage, but to level the playing field, especially for families where not everybody is aware of all of the malfeasance that's out there on the internet, right? >> Right. >> People are always looking to harvest our data and to use it in a malicious way. Especially kids and minors, right? They're at risk for cyber, you know, predation and stalking and cyberbullying and, and parents today know it's a big issue. >> Okay, go ahead please Lisa. >> I was just going to say, in terms of expectations, you're saying it's to level the playing field with the cyber criminals, the stalkers, in the next, you know, can we look at timeframe? Think that you'll get ahead of that to start actually preventing some of this cyberbullying going on? >> You know, I, that's a good question. I will tell you right now, our ambition is to level the playing field. It's tilted this way today. I think what will happen is technology's like geolocation. It seems, first of all geolocation is not really relevant without Watson Discovery, right? You need all of this massive data going on in the locations that you're relevant in to help us protect you. But I believe, based on the early science that we're doing with IBM, that we can actually help a kid, somebody's stalking them from, you know, four states away but it says it's the little boy across town, we can actually stop things like that happening using the processing and the algorithms that we're doing using Watson. So there are, there are relevant areas that I think we can have a massive impact on the privacy and the protection of people and their families. >> I want to come back to innovation, so data is clearly a key component of that. You're extending the data model into unstructured data. I'm hearing that, correct? >> Yes. >> Also, AI, machine intelligence is another part of that. What about scale? Scale and network effects >> Yeah. >> and that sort of component of innovation. >> That had to be >> Does that come from cloud, is that where it's coming from? >> That had to be part of this. So we, along with all of our competitors in the existing 1.0 business, we use a hard-coded platform. >> Right. >> Right, I mean, if you want to change something, you have to get out a sledgehammer and a chisel and it takes a year. We built Watson using AWS, so we've used all the best tools, the fastest tools. We've run scale testing, you know, and, and the beautiful thing about our business, we're a digital business, right, so our factory's open 24 hours a day, 365 days a year. Our shopping carts never close. You can always, you know, subscribe to the Identity Guard With Watson service. So we needed the cloud to give us the scale. We also needed the platform to be able to plug in and unplug the APIs. Some partners may not want social media monitoring. Some partners may not want this, so we didn't have to hard-code our product. We actually built three services and we can unplug any of the services. >> So, when you say you're a digital business, it strikes me that your data model is not in a bunch of silos. >> Correct. >> You've got a data model that's accessible, maybe through sets of APIs, et cetera, that your human experts can go attack. >> Correct. >> Is that a fair assertion? >> Yeah, that's fair. One other thing about Watson. We were going to use Watson from day one, I was convinced. And I was the one that took the company on this journey. But the other thing I like about Watson is that you don't, Watson doesn't keep the data, right? We talked to the other big players in this field and one of their mandates is, they always keep the data. All of it. And, and Watson shreds the data and we don't keep all the data. So think of all the social media and other data that flows through this funnel. People out there want to keep it so then they can reverse profile consumers or cohorts or, Watson shreds the data. You're not in the, you're not in the spoofing or spying business, nor are we. So that was also a really important consideration. >> Yeah, I said that at the top, that you're, you're going to hear this from Ginni tomorrow. I can almost guarantee ya, she's going to say that we're not in the business of trying to re-mine your data and re-target. >> Right. >> But, so that was, I was going to ask you why Watson. That was one reason. What about the quality of the, of the machine intelligence? >> Yeah. >> You hear a lot, you know, you hang around Silicon Valley, "Oh yeah, Watson." How does it compare, in your view? >> Yeah. >> You're a practitioner who's, you know, you're familiar with all this. >> So they have more refined, first of all, more APIs, right? More, some of them not relevant to us, the medical ones, which are amazing and fascinating, >> Yeah, but, yeah. >> but they had more structured APIs and a better road map on where they were going. And what we found from day one is that, if we defined something, they would say "We'll jump in and help", right? It's really important when you're the first one, you know, the tip of the spear, you don't know, you don't know what you don't know. And we found from day one, the IBM team has treated us like we're General Electric, right? Or General Motors, right? We're just, you know, a couple of hundred million dollar company trying to make a big difference in a important space. And they have treated us like a Fortune 100 company from day one and really appreciate it. >> So as >> And their science is so good. >> Sorry there, as the CRO, going from identity 1.0 to 2.0, this journey that you're on. You mentioned competition. How many, talk to us about the actual financial impact to the company that you can say that you've been able to achieve on this journey to identity 2.0. Presumably, leaving some of your competition back in the 1.0 land. >> Yeah, yeah, actually, our competition will be behind us for at least a couple years 'cause it takes a couple years. You know, you don't do this quickly. So we are out, we launched, we launched Watson in December. We actually launched, we distribute our product through partners, most of it, 90%. 10%, people come to our site and sign up online but we launched 21 partners in January, 11 in February, 13 in March we'll launch. So by the end of the year, we predict we'll have about 200 Watson partners distributing our product, which would give us a huge head start and advantage over anybody else. Once you see what we're doing and you see what else, the 1.0 version, it's almost impossible to pick 1.0. It's impossible, right? So our job is to get more, create more awareness in the distribution channels so that people are, are understand that Watson is out there and available. >> And, and this is a subscription service, I think you said, upfront? >> Yeah. >> And you've got different tiers, etc? >> Yes, yes. >> And you guys have a couple of, of sessions >> that you're participating in at the event? >> We do. >> Yeah, I know that we're on tomorrow afternoon and I believe Wednesday morning. >> Great. >> So, yeah. >> Well Jerry, thanks so much for stopping by theCUBE >> You're welcome. >> and sharing what you guys at Identity Guard are doing with data, >> Thank you. >> I mean, it's fascinating. >> Appreciate you talking to us. >> Dave: Thanks for coming on. >> Yeah, thanks, pleasure. >> And we want to thank you for watching theCUBE. I'm Lisa Martin with Dave Vellante again. This is day one of theCUBE's three days of coverage at the inaugural IBM Think 2018. Stick around, we'll be right back with our next guest after a short break. (bright music)

>> Hello everyone. Welcome to theCUBEs coverage of Compute Engineered for your Hybrid World sponsored by HPE and Intel. Today we're going to dive into advanced performance of VDI with the fourth gen Intel Zion scalable processors. Hello I'm John Furrier, the host of theCUBE. My guests today are Alan Chu, Director of Data Center Performance and Competition for Intel as well as Denis Kondakov who's the VDI product manager at HPE, and also joining us is Cynthia Sustiva, CAD/CAM product manager at HPE. Thanks for coming on, really appreciate you guys taking the time. >> Thank you. >> So accelerating VDI to the Edge. That's the topic of this topic here today. Let's get into it, Dennis, tell us about the new HPE ProLiant DL321 Gen 11 server. >> Okay, absolutely. Hello everybody. So HP ProLiant DL320 Gen 11 server is the new age center CCO and density optimized compact server, compact form factor server. It enables to modernize and power at the next generation of workloads in the diverse rec environment at the Edge in an industry standard designed with flexible scale for advanced graphics and compute. So it is one unit, one processor rec optimized server that can be deployed in the enterprise data center as well as at the remote office at end age. >> Cynthia HPE has announced another server, the ProLiant ML350. What can you tell us about that? >> Yeah, so the HPE ProLiant ML350 Gen 11 server is a powerful tower solution for a wide range of workloads. It is ideal for remote office compute with NextGen performance and expandability with two processors in tower form factor. This enables the server to be used not only in the data center environment, but also in the open office space as a powerful workstation use case. >> Dennis mentioned both servers are empowered by the fourth gen Intel Zion scale of process. Can you talk about the relationship between Intel HPE to get this done? How do you guys come together, what's behind the scenes? Share as much as you can. >> Yeah, thanks a lot John. So without a doubt it takes a lot to put all this together and I think the partnership that HPE and Intel bring together is a little bit of a critical point for us to be able to deliver to our customers. And I'm really thrilled to say that these leading Edge solutions that Dennis and Cynthia just talked about, they're built on the foundation of our fourth Gen Z on scalable platform that's trying to meet a wide variety of deployments for today and into the future. So I think the key point of it is we're together trying to drive leading performance with built-in acceleration and in order to deliver a lot of the business values to our customers, both HP and Intels, look to scale, drive down costs and deliver new services. >> You got the fourth Gen Z on, you got the Gen 11 and multiple ProLiants, a lot of action going on. Again, I love when these next gens come out. Can each of you guys comment and share what are the use cases for each of the systems? Because I think what we're looking at here is the next level innovation. What are some of the use cases on the systems? >> Yeah, so for the ML350, in the modern world where more and more data are generated at the Edge, we need to deploy computer infrastructure where the data is generated. So smaller form factor service will satisfy the requirements of S&B customers or remote and branch offices to deliver required performance redundancy where we're needed. This type of locations can be lacking dedicated facilities with strict humidity, temperature and noise isolation control. The server, the ML350 Gen 11 can be used as a powerful workstation sitting under a desk in the office or open space as well as the server for visualized workloads. It is a productivity workhorse with the ability to scale and adapt to any environment. One of the use cases can be for hosting digital workplace for manufacturing CAD/CAM engineering or oil and gas customers industry. So this server can be used as a high end bare metal workstation for local end users or it can be virtualized desktop solution environments for local and remote users. And talk about the DL320 Gen 11, I will pass it on to Dennis. >> Okay. >> Sure. So when we are talking about age of location we are talking about very specific requirements. So we need to provide solution building blocks that will empower and performance efficient, secure available for scaling up and down in a smaller increments than compared to the enterprise data center and of course redundant. So DL 320 Gen 11 server is the perfect server to satisfy all of those requirements. So for example, S&B customers can build a video solution, for example starting with just two HP ProLiant TL320 Gen 11 servers that will provide sufficient performance for high density video solution and at the same time be redundant and enable it for scaling up as required. So for VGI use cases it can be used for high density general VDI without GP acceleration or for a high performance VDI with virtual VGPU. So thanks to the modern modular architecture that is used on the server, it can be tailored for GPU or high density storage deployment with software defined compute and storage environment and to provide greater details on your Intel view I'm going to pass to Alan. >> Thanks a lot Dennis and I loved how you're both seeing the importance of how we scale and the applicability of the use cases of both the ML350 and DL320 solutions. So scalability is certainly a key tenant towards how we're delivering Intel's Zion scalable platform. It is called Zion scalable after all. And we know that deployments are happening in all different sorts of environments. And I think Cynthia you talked a little bit about kind of a environmental factors that go into how we're designing and I think a lot of people think of a traditional data center with all the bells and whistles and cooling technology where it sometimes might just be a dusty closet in the Edge. So we're defining fortunes you see on scalable to kind of tackle all those different environments and keep that in mind. Our SKUs range from low to high power, general purpose to segment optimize. We're supporting long life use cases so that all goes into account in delivering value to our customers. A lot of the latency sensitive nature of these Edge deployments also benefit greatly from monolithic architectures. And with our latest CPUs we do maintain quite a bit of that with many of our SKUs and delivering higher frequencies along with those SKUs optimized for those specific workloads in networking. So in the end we're looking to drive scalability. We're looking to drive value in a lot of our end users most important KPIs, whether it's latency throughput or efficiency and 4th Gen Z on scalable is looking to deliver that with 60 cores up to 60 cores, the most builtin accelerators of any CPUs in the market. And really the true technology transitions of the platform with DDR5, PCIE, Gen five and CXL. >> Love the scalability story, love the performance. We're going to take a break. Thanks Cynthia, Dennis. Now we're going to come back on our next segment after a quick break to discuss the performance and the benefits of the fourth Gen Intel Zion Scalable. You're watching theCUBE, the leader in high tech coverage, be right back. Welcome back around. We're continuing theCUBE's coverage of compute engineer for your hybrid world. I'm John Furrier, I'm joined by Alan Chu from Intel and Denis Konikoff and Cynthia Sistia from HPE. Welcome back. Cynthia, let's start with you. Can you tell us the benefits of the fourth Gen Intel Zion scale process for the HP Gen 11 server? >> Yeah, so HP ProLiant Gen 11 servers support DDR five memory which delivers increased bandwidth and lower power consumption. There are 32 DDR five dim slots with up to eight terabyte total on ML350 and 16 DDR five dim slots with up to two terabytes total on DL320. So we deliver more memory at a greater bandwidth. Also PCIE 5.0 delivers an increased bandwidth and greater number of lanes. So when we say increased number of lanes we need to remember that each lane delivers more bandwidth than lanes of the previous generation plus. Also a flexible storage configuration on HPDO 320 Gen 11 makes it an ideal server for establishing software defined compute and storage solution at the Edge. When we consider a server for VDI workloads, we need to keep the right balance between the number of cords and CPU frequency in order to deliver the desire environment density and noncompromised user experience. So the new server generation supports a greater number of single wide and global wide GPU use to deliver more graphic accelerated virtual desktops per server unit than ever before. HPE ProLiant ML 350 Gen 11 server supports up to four double wide GPUs or up to eight single wide GPUs. When the signing GPU accelerated solutions the number of GPUs available in the system and consistently the number of BGPUs that can be provisioned for VMs in the binding factor rather than CPU course or memory. So HPE ProLiant Gen 11 servers with Intel fourth generation science scalable processors enable us to deliver more virtual desktops per server than ever before. And with that I will pass it on to Alan to provide more details on the new Gen CPU performance. >> Thanks Cynthia. So you brought up I think a really great point earlier about the importance of achieving the right balance. So between the both of us, Intel and HPE, I'm sure we've heard countless feedback about how we should be optimizing efficiency for our customers and with four Gen Z and scalable in HP ProLiant Gen 11 servers I think we achieved just that with our built-in accelerator. So built-in acceleration delivers not only the revolutionary performance, but enables significant offload from valuable core execution. That offload unlocks a lot of previously unrealized execution efficiency. So for example, with quick assist technology built in, running engine X, TLS encryption to drive 65,000 connections per second we can offload up to 47% of the course that do other work. Accelerating AI inferences with AMX, that's 10X higher performance and we're now unlocking realtime inferencing. It's becoming an element in every workload from the data center to the Edge. And lastly, so with faster and more efficient database performance with RocksDB, we're executing with Intel in-memory analytics accelerator we're able to deliver 2X the performance per watt than prior gen. So I'll say it's that kind of offload that is really going to enable more and more virtualized desktops or users for any given deployment. >> Thanks everyone. We still got a lot more to discuss with Cynthia, Dennis and Allen, but we're going to take a break. Quick break before wrapping things up. You're watching theCUBE, the leader in tech coverage. We'll be right back. Okay, welcome back everyone to theCUBEs coverage of Compute Engineered for your Hybrid World. I'm John Furrier. We'll be wrapping up our discussion on advanced performance of VDI with the fourth gen Intel Zion scalable processers. Welcome back everyone. Dennis, we'll start with you. Let's continue our conversation and turn our attention to security. Obviously security is baked in from day zero as they say. What are some of the new security features or the key security features for the HP ProLiant Gen 11 server? >> Sure, I would like to start with the balance, right? We were talking about performance, we were talking about density, but Alan mentioned about the balance. So what about the security? The security is really important aspect especially if we're talking about solutions deployed at the H. When the security is not active but other aspects of the environment become non-important. And HP is uniquely positioned to deliver the best in class security solution on the market starting with the trusted supply chain and factories and silicon route of trust implemented from the factory. So the new ISO6 supports added protection leveraging SPDM for component authorization and not only enabled for the embedded server management, but also it is integrated with HP GreenLake compute ops manager that enables environment for secure and optimized configuration deployment and even lifecycle management starting from the single server deployed on the Edge and all the way up to the full scale distributed data center. So it brings uncompromised and trusted solution to customers fully protected at all tiers, hardware, firmware, hypervisor, operational system application and data. And the new intel CPUs play an important role in the securing of the platform. So Alan- >> Yeah, thanks. So Intel, I think our zero trust strategy toward security is a really great and a really strong parallel to all the focus that HPE is also bringing to that segment and market. We have even invested in a lot of hardware enabled security technologies like SGX designed to enhance data protection at rest in motion and in use. SGX'S application isolation is the most deployed, researched and battle tested confidential computing technology for the data center market and with the smallest trust boundary of any solution in market. So as we've talked about a little bit about virtualized use cases a lot of virtualized applications rely also on encryption whether bulk or specific ciphers. And this is again an area where we've seen the opportunity for offload to Intel's quick assist technology to encrypt within a single data flow. I think Intel and HP together, we are really providing security at all facets of execution today. >> I love that Software Guard Extension, SGX, also silicon root of trust. We've heard a lot about great stuff. Congratulations, security's very critical as we see more and more. Got to be embedded, got to be completely zero trust. Final question for you guys. Can you share any messages you'd like to share with the audience each of you, what should they walk away from this? What's in it for them? What does all this mean? >> Yeah, so I'll start. Yes, so to wrap it up, HPR Proliant Gen 11 servers are built on four generation science scalable processors to enable high density and extreme performance with high performance CDR five memory and PCI 5.0 plus HP engine engineered and validated workload solutions provide better ROI in any consumption model and prefer by a customer from Edge to Cloud. >> Dennis? >> And yeah, so you are talking about all of the great features that the new generation servers are bringing to our customers, but at the same time, customer IT organization should be ready to enable, configure, support, and fine tune all of these great features for the new server generation. And this is not an obvious task. It requires investments, skills, knowledge and experience. And HP is ready to step up and help customers at any desired skill with the HP Greenlake H2 cloud platform that enables customers for cloud like experience and convenience and the flexibility with the security of the infrastructure deployed in the private data center or in the Edge. So while consuming all of the HP solutions, customer have flexibility to choose the right level of the service delivered from HP GreenLake, starting from hardwares as a service and scale up or down is required to consume the full stack of the hardwares and software as a service with an option to paper use. >> Awesome. Alan, final word. >> Yeah. What should we walk away with? >> Yeah, thanks. So I'd say that we've talked a lot about the systems here in question with HP ProLiant Gen 11 and they're delivering on a lot of the business outcomes that our customers require in order to optimize for operational efficiency or to optimize for just to, well maybe just to enable what they want to do in, with their customers enabling new features, enabling new capabilities. Underpinning all of that is our fourth Gen Zion scalable platform. Whether it's the technology transitions that we're driving with DDR5 PCIA Gen 5 or the raw performance efficiency and scalability of the platform in CPU, I think we're here for our customers in delivering to it. >> That's great stuff. Alan, Dennis, Cynthia, thank you so much for taking the time to do a deep dive in the advanced performance of VDI with the fourth Gen Intel Zion scalable process. And congratulations on Gen 11 ProLiant. You get some great servers there and again next Gen's here. Thanks for taking the time. >> Thank you so much for having us here. >> Okay, this is theCUBEs keeps coverage of Compute Engineered for your Hybrid World sponsored by HP and Intel. I'm John Furrier for theCUBE. Accelerate VDI at the Edge. Thanks for watching.

>>Hey everyone, welcome to this event, HPE Compute Security. I'm your host, Lisa Martin. Kevin Dee joins me next Senior director, future Surfer Architecture at hpe. Kevin, it's great to have you back on the program. >>Thanks, Lisa. I'm glad to be here. >>One of the topics that we're gonna unpack in this segment is, is all about cybersecurity. And if we think of how dramatically the landscape has changed in the last couple of years, I was looking at some numbers that H P V E had provided. Cybercrime will reach 10.5 trillion by 2025. It's a couple years away. The average total cost of a data breach is now over 4 million, 15% year over year crime growth predicted over the next five years. It's no longer if we get hit, it's when it's how often. What's the severity? Talk to me about the current situation with the cybersecurity landscape that you're seeing. >>Yeah, I mean the, the numbers you're talking about are just staggering and then that's exactly what we're seeing and that's exactly what we're hearing from our customers is just absolutely key. Customers have too much to lose. The, the dollar cost is just, like I said, staggering. And, and here at HP we know we have a huge part to play, but we also know that we need partnerships across the industry to solve these problems. So we have partnered with, with our, our various partners to deliver these Gen 11 products. Whether we're talking about partners like a M D or partners like our Nick vendors, storage card vendors. We know we can't solve the problem alone. And we know this, the issue is huge. And like you said, the numbers are staggering. So we're really, we're really partnering with, with all the right players to ensure we have a secure solution so we can stay ahead of the bad guys to try to limit the, the attacks on our customers. >>Right. Limit the damage. What are some of the things that you've seen particularly change in the last 18 months or so? Anything that you can share with us that's eye-opening, more eye-opening than some of the stats we already shared? >>Well, there, there's been a massive number of attacks just in the last 12 months, but I wouldn't really say it's so much changed because the amount of attacks has been increasing dramatically over the years for many, many, many years. It's just a very lucrative area for the bad guys, whether it's ransomware or stealing personal data, whatever it is, it's there. There's unfortunately a lot of money to be made into it, made from it, and a lot of money to be lost by the good guys, the good guys being our customers. So it's not so much that it's changed, it's just that it's even accelerating faster. So the real change is, it's accelerating even faster because it's becoming even more lucrative. So we have to stay ahead of these bad guys. One of the statistics of Microsoft operating environments, the number of tax in the last year, up 50% year over year, that's a huge acceleration and we've gotta stay ahead of that. We have to make sure our customers don't get impacted to the level that these, these staggering number of attacks are. The, the bad guys are out there. We've gotta protect, protect our customers from the bad guys. >>Absolutely. The acceleration that you talked about is, it's, it's kind of frightening. It's very eye-opening. We do know that security, you know, we've talked about it for so long as a, as a a C-suite priority, a board level priority. We know that as some of the data that HPE e also sent over organizations are risking are, are listing cyber risks as a top five concern in their organization. IT budgets spend is going up where security is concerned. And so security security's on everyone's mind. In fact, the cube did, I guess in the middle part of last, I did a series on this really focusing on cybersecurity as a board issue and they went into how companies are structuring security teams changing their assumptions about the right security model, offense versus defense. But security's gone beyond the board, it's top of mind and it's on, it's in an integral part of every conversation. So my question for you is, when you're talking to customers, what are some of the key challenges that they're saying, Kevin, these are some of the things the landscape is accelerating, we know it's a matter of time. What are some of those challenges and that they're key pain points that they're coming to you to help solve? >>Yeah, at the highest level it's simply that security is incredibly important to them. We talked about the numbers. There's so much money to be lost that what they come to us and say, is security's important for us? What can you do to protect us? What can you do to prevent us from being one of those statistics? So at a high level, that's kind of what we're seeing at a, with a little more detail. We know that there's customers doing digital transformations. We know that there's customers going hybrid cloud, they've got a lot of initiatives on their own. They've gotta spend a lot of time and a lot of bandwidth tackling things that are important to their business. They just don't have the bandwidth to worry about yet. Another thing which is security. So we are doing everything we can and partnering with everyone we can to help solve those problems for customers. >>Cuz we're hearing, hey, this is huge, this is too big of a risk. How do you protect us? And by the way, we only have limited bandwidth, so what can we do? What we can do is make them assured that that platform is secure, that we're, we are creating a foundation for a very secure platform and that we've worked with our partners to secure all the pieces. So yes, they still have to worry about security, but there's pieces that we've taken care of that they don't have to worry about and there's capabilities that we've provided that they can use and we've made that easy so they can build su secure solutions on top of it. >>What are some of the things when you're in customer conversations, Kevin, that you talk about with customers in terms of what makes HPE E'S approach to security really unique? >>Well, I think a big thing is security is part of our, our dna. It's part of everything we do. Whether we're designing our own asics for our bmc, the ilo ASIC ILO six used on Gen 11, or whether it's our firmware stack, the ILO firmware, our our system, UFI firmware, all those pieces in everything we do. We're thinking about security. When we're building products in our factory, we're thinking about security. When we're think designing our supply chain, we're thinking about security. When we make requirements on our suppliers, we're driving security to be a key part of those components. So security is in our D N a security's top of mind. Security is something we think about in everything we do. We have to think like the bad guys, what could the bad guy take advantage of? What could the bad guy exploit? So we try to think like them so that we can protect our customers. >>And so security is something that that really is pervasive across all of our development organizations, our supply chain organizations, our factories, and our partners. So that's what we think is unique about HPE is because security is so important and there's a whole lot of pieces of our reliance servers that we do ourselves that many others don't do themselves. And since we do it ourselves, we can make sure that security's in the design from the start, that those pieces work together in a secure manner. So we think that gives us a, an advantage from a security standpoint. >>Security is very much intention based at HPE e I was reading in some notes, and you just did a great job of talking about this, that fundamental security approach, security is fundamental to defend against threats that are increasingly complex through what you also call an uncompromising focus to state-of-the-art security and in in innovations built into your D N A. And then organizations can protect their infrastructure, their workloads, their data from the bad guys. Talk to us briefly in our final few minutes here, Kevin, about fundamental uncompromising protected the value in it for me as an HPE customer. >>Yeah, when we talk about fundamental, we're talking about the those fundamental technologies that are part of our platform. Things like we've integrated TPMS and sorted them down in our platforms. We now have platform certificates as a standard part of the platform. We have I dev id and probably most importantly, our platforms continue to support what we really believe was a groundbreaking technology, Silicon Root of trust and what that's able to do. We have millions of lines of firmware code in our platforms and with Silicon Root of trust, we can authenticate all of those lines of firmware. Whether we're talking about the the ILO six firmware, our U E I firmware, our C P L D in the system, there's other pieces of firmware. We authenticate all those to make sure that not a single line of code, not a single bit has been changed by a bad guy, even if the bad guy has physical access to the platform. >>So that silicon route of trust technology is making sure that when that system boots off and that hands off to the operating system and then eventually the customer's application stack that it's starting with a solid foundation, that it's starting with a system that hasn't been compromised. And then we build other things into that silicon root of trust, such as the ability to do the scans and the authentications at runtime, the ability to automatically recover if we detect something has been compromised, we can automatically update that compromised piece of firmware to a good piece before we've run it because we never want to run firmware that's been compromised. So that's all part of that Silicon Root of Trust solution and that's a fundamental piece of the platform. And then when we talk about uncompromising, what we're really talking about there is how we don't compromise security. >>And one of the ways we do that is through an extension of our Silicon Root of trust with a capability called S Spdm. And this is a technology that we saw the need for, we saw the need to authenticate our option cards and the firmware in those option cards. Silicon Root Prota, Silicon Root Trust protects against many attacks, but one piece it didn't do is verify the actual option card firmware and the option cards. So we knew to solve that problem we would have to partner with others in the industry, our nick vendors, our storage controller vendors, our G vendors. So we worked with industry standards bodies and those other partners to design a capability that allows us to authenticate all of those devices. And we worked with those vendors to get the support both in their side and in our platform side so that now Silicon Rivers and trust has been extended to where we protect and we trust those option cards as well. >>So that's when, when what we're talking about with Uncompromising and with with Protect, what we're talking about there is our capabilities around protecting against, for example, supply chain attacks. We have our, our trusted supply chain solution, which allows us to guarantee that our server, when it leaves our factory, what the server is, when it leaves our factory, will be what it is when it arrives at the customer. And if a bad guy does anything in that transition, the transit from our factory to the customer, they'll be able to detect that. So we enable certain capabilities by default capability called server configuration lock, which can ensure that nothing in the server exchange, whether it's firmware, hardware, configurations, swapping out processors, whatever it is, we'll detect if a bad guy did any of that and the customer will know it before they deploy the system. That gets enabled by default. >>We have an intrusion detection technology option when you use by the, the trusted supply chain that is included by default. That lets you know, did anybody open that system up, even if the system's not plugged in, did somebody take the hood off and potentially do something malicious to it? We also enable a capability called U EFI secure Boot, which can go authenticate some of the drivers that are located on the option card itself. Those kind of capabilities. Also ilo high security mode gets enabled by default. So all these things are enabled in the platform to ensure that if it's attacked going from our factory to the customer, it will be detected and the customer won't deploy a system that's been maliciously attacked. So that's got >>It, >>How we protect the customer through those capabilities. >>Outstanding. You mentioned partners, my last question for you, we've got about a minute left, Kevin is bring AMD into the conversation, where do they fit in this >>AMD's an absolutely crucial partner. No one company even HP can do it all themselves. There's a lot of partnerships, there's a lot of synergies working with amd. We've been working with AMD for almost 20 years since we delivered our first AM MD base ProLiant back in 2004 H HP ProLiant, DL 5 85. So we've been working with them a long time. We work with them years ahead of when a processor is announced, we benefit each other. We look at their designs and help them make their designs better. They let us know about their technology so we can take advantage of it in our designs. So they have a lot of security capabilities, like their memory encryption technologies, their a MD secure processor, their secure encrypted virtualization, which is an absolutely unique and breakthrough technology to protect virtual machines and hypervisor environments and protect them from malicious hypervisors. So they have some really great capabilities that they've built into their processor, and we also take advantage of the capabilities they have and ensure those are used in our solutions and in securing the platform. So a really such >>A great, great partnership. Great synergies there. Kevin, thank you so much for joining me on the program, talking about compute security, what HPE is doing to ensure that security is fundamental, that it is unpromised and that your customers are protected end to end. We appreciate your insights, we appreciate your time. >>Thank you very much, Lisa. >>We've just had a great conversation with Kevin Depu. Now I get to talk with David Chang, data center solutions marketing lead at a md. David, welcome to the program. >>Thank, thank you. And thank you for having me. >>So one of the hot topics of conversation that we can't avoid is security. Talk to me about some of the things that AMD is seeing from the customer's perspective, why security is so important for businesses across industries. >>Yeah, sure. Yeah. Security is, is top of mind for, for almost every, every customer I'm talking to right now. You know, there's several key market drivers and, and trends, you know, in, out there today that's really needing a better and innovative solution for, for security, right? So, you know, the high cost of data breaches, for example, will cost enterprises in downtime of, of the data center. And that time is time that you're not making money, right? And potentially even leading to your, to the loss of customer confidence in your, in your cust in your company's offerings. So there's real costs that you, you know, our customers are facing every day not being prepared and not having proper security measures set up in the data center. In fact, according to to one report, over 400 high-tech threats are being introduced every minute. So every day, numerous new threats are popping up and they're just, you know, the, you know, the bad guys are just getting more and more sophisticated. So you have to take, you know, measures today and you have to protect yourself, you know, end to end with solutions like what a AM MD and HPE has to offer. >>Yeah, you talked about some of the costs there. They're exorbitant. I've seen recent figures about the average, you know, cost of data breacher ransomware is, is close to, is over $4 million, the cost of, of brand reputation you brought up. That's a great point because nobody wants to be the next headline and security, I'm sure in your experiences. It's a board level conversation. It's, it's absolutely table stakes for every organization. Let's talk a little bit about some of the specific things now that A M D and HPE E are doing. I know that you have a really solid focus on building security features into the EPIC processors. Talk to me a little bit about that focus and some of the great things that you're doing there. >>Yeah, so, you know, we partner with H P E for a long time now. I think it's almost 20 years that we've been in business together. And, and you know, we, we help, you know, we, we work together design in security features even before the silicons even, you know, even born. So, you know, we have a great relationship with, with, with all our partners, including hpe and you know, HPE has, you know, an end really great end to end security story and AMD fits really well into that. You know, if you kind of think about how security all started, you know, in, in the data center, you, you've had strategies around encryption of the, you know, the data in, in flight, the network security, you know, you know, VPNs and, and, and security on the NS. And, and even on the, on the hard drives, you know, data that's at rest. >>You know, encryption has, you know, security has been sort of part of that strategy for a a long time and really for, you know, for ages, nobody really thought about the, the actual data in use, which is, you know, the, the information that's being passed from the C P U to the, the, the memory and, and even in virtualized environments to the, the, the virtual machines that, that everybody uses now. So, you know, for a long time nobody really thought about that app, you know, that third leg of, of encryption. And so a d comes in and says, Hey, you know, this is things that as, as the bad guys are getting more sophisticated, you, you have to start worrying about that, right? And, you know, for example, you know, you know, think, think people think about memory, you know, being sort of, you know, non-persistent and you know, when after, you know, after a certain time, the, the, you know, the, the data in the memory kind of goes away, right? >>But that's not true anymore because even in in memory data now, you know, there's a lot of memory modules that still can retain data up to 90 minutes even after p power loss. And with something as simple as compressed, compressed air or, or liquid nitrogen, you can actually freeze memory dams now long enough to extract the data from that memory module for up, you know, up, up to two or three hours, right? So lo more than enough time to read valuable data and, and, and even encryption keys off of that memory module. So our, our world's getting more complex and you know, more, the more data out there, the more insatiable need for compute and storage. You know, data management is becoming all, all the more important, you know, to keep all of that going and secure, you know, and, and creating security for those threats. It becomes more and more important. And, and again, especially in virtualized environments where, you know, like hyperconverged infrastructure or vir virtual desktop memories, it's really hard to keep up with all those different attacks, all those different attack surfaces. >>It sounds like what you were just talking about is what AMD has been able to do is identify yet another vulnerability Yes. Another attack surface in memory to be able to, to plug that hole for organizations that didn't, weren't able to do that before. >>Yeah. And, you know, and, and we kind of started out with that belief that security needed to be scalable and, and able to adapt to, to changing environments. So, you know, we, we came up with, you know, the, you know, the, the philosophy or the design philosophy that we're gonna continue to build on those security features generational generations and stay ahead of those evolving attacks. You know, great example is in, in the third gen, you know, epic C P U, that family that we had, we actually created this feature called S E V S N P, which stands for SECURENESS Paging. And it's really all around this, this new attack where, you know, your, the, the, you know, it's basically hypervisor based attacks where people are, you know, the bad actors are writing in to the memory and writing in basically bad data to corrupt the mem, you know, to corrupt the data in the memory. So s e V S and P is, was put in place to help, you know, secure that, you know, before that became a problem. And, you know, you heard in the news just recently that that becoming a more and more, more of a bigger issue. And the great news is that we had that feature built in, you know, before that became a big problem. >>And now you're on the fourth gen, those epic crosses talk of those epic processes. Talk to me a little bit about some of the innovations that are now in fourth gen. >>Yeah, so in fourth gen we actually added, you know, on top of that. So we've, we've got, you know, the sec the, the base of our, our, what we call infinity guard is, is all around the secure boot. The, you know, the, the, the, the secure root of trust that, you know, that we, we work with HPE on the, the strong memory encryption and the S E V, which is the secure encrypted virtualization. And so remember those s s and p, you know, incap capabilities that I talked about earlier. We've actually, in the fourth gen added two x the number of sev v s and P guests for even higher number of confidential VMs to support even more customers than before. Right? We've also added more guest protection from simultaneous multi threading or S M T side channel attacks. And, you know, while it's not officially part of Infinity Guard, we've actually added more APEC acceleration, which greatly benefits the security of those confidential VMs with the larger number of VCPUs, which basically means that you can build larger VMs and still be secured. And then lastly, we actually added even stronger a e s encryption. So we went from 128 bit to 256 bit, which is now military grade encryption on top of that. And, you know, and, and that's really, you know, the de facto crypto cryptography that is used for most of the applications for, you know, customers like the US federal government and, and all, you know, the, is really an essential element for memory security and the H B C applications. And I always say if it's good enough for the US government, it's good enough for you. >>Exactly. Well, it's got to be, talk a little bit about how AMD is doing this together with HPE a little bit about the partnership as we round out our conversation. >>Sure, absolutely. So security is only as strong as the layer below it, right? So, you know, that's why modern security must be built in rather than, than, you know, bolted on or, or, or, you know, added after the fact, right? So HPE and a MD actually developed this layered approach for protecting critical data together, right? Through our leadership and, and security features and innovations, we really deliver a set of hardware based features that, that help decrease potential attack surfaces. With, with that holistic approach that, you know, that safeguards the critical information across system, you know, the, the entire system lifecycle. And we provide the confidence of built-in silicon authentication on the world's most secure industry standard servers. And with a 360 degree approach that brings high availability to critical workloads while helping to defend, you know, against internal and external threats. So things like h hp, root of silicon root of trust with the trusted supply chain, which, you know, obviously AMD's part of that supply chain combined with AMD's Infinity guard technology really helps provide that end-to-end data protection in today's business. >>And that is so critical for businesses in every industry. As you mentioned, the attackers are getting more and more sophisticated, the vulnerabilities are increasing. The ability to have a pa, a partnership like H P E and a MD to deliver that end-to-end data protection is table stakes for businesses. David, thank you so much for joining me on the program, really walking us through what am MD is doing, the the fourth gen epic processors and how you're working together with HPE to really enable security to be successfully accomplished by businesses across industries. We appreciate your insights. >>Well, thank you again for having me, and we appreciate the partnership with hpe. >>Well, you wanna thank you for watching our special program HPE Compute Security. I do have a call to action for you. Go ahead and visit hpe com slash security slash compute. Thanks for watching.

(upbeat music) >> Hello, everyone and welcome back to fabulous Las Vegas, Nevada, where we are here on the show floor at AWS re:Invent. We are theCUBE. I am Savannah Peterson, joined with John Furrier. John, afternoon, day two, we are in full swing. >> Yes. >> What's got you most excited? >> Just got lunch, got the food kicking in. No, we don't get coffee. (Savannah laughing) >> Way to bring the hype there, John. >> No, there's so many people here just in Amazon. We're back to 2019 levels of crowd. The interest levels are high. Next gen, cloud security, big part of the keynote. This next segment, I am super excited about. CUBE Alumni, going back to 2013, 10 years ago he was on theCUBE. Now, 10 years later we're at re:Invent, looking forward to this guest and it's about security, great topic. >> I don't want to delay us anymore, please welcome Mark. Mark, thank you so much for being here with us. Massive day for you and the team. I know you oversee three different units at Amazon, Inspector, Detective, and the most recently announced, Security Lake. Tell us about Amazon Security Lake. >> Well, thanks Savannah. Thanks John for having me. Well, Security Lake has been in the works for a little bit of time and it got announced today at the keynote as you heard from Adam. We're super excited because there's a couple components that are really unique and valuable to our customers within Security Lake. First and foremost, the foundation of Security Lake is an open source project we call OCFS, Open Cybersecurity Framework Schema. And what that allows is us to work with the vendor community at large in the security space and develop a language where we can all communicate around security data. And that's the language that we put into Security Data Lake. We have 60 vendors participating in developing that language and partnering within Security Lake. But it's a communal lake where customers can bring all of their security data in one place, whether it's generated in AWS, they're on-prem, or SaaS offerings or other clouds, all in one location in a language that allows analytics to take advantage of that analytics and give better outcomes for our customers. >> So Adams Selipsky big keynote, he spent all the bulk of his time on data and security. Obviously they go well together, we've talked about this in the past on theCUBE. Data is part of security, but this security's a little bit different in the sense that the global footprint of AWS makes it uniquely positioned to manage some security threats, EKS protection, a very interesting announcement, runtime layer, but looking inside and outside the containers, probably gives extra telemetry on some of those supply chains vulnerabilities. This is actually a very nuanced point. You got Guard Duty kind of taking its role. What does it mean for customers 'cause there's a lot of things in this announcement that he didn't have time to go into detail. Unpack all the specifics around what the security announcement means for customers. >> Yeah, so we announced four items in Adam's keynote today within my team. So I'll start with Guard Duty for EKS runtime. It's complimenting our existing capabilities for EKS support. So today Inspector does vulnerability assessment on EKS or container images in general. Guard Duty does detections of EKS workloads based on log data. Detective does investigation and analysis based on that log data as well. With the announcement today, we go inside the container workloads. We have more telemetry, more fine grain telemetry and ultimately we can provide better detections for our customers to analyze risks within their container workload. So we're super excited about that one. Additionally, we announced Inspector for Lambda. So Inspector, we released last year at re:Invent and we focused mostly on EKS container workloads and EC2 workloads. Single click automatically assess your environment, start generating assessments around vulnerabilities. We've added Lambda to that capability for our customers. The third announcement we made was Macy sampling. So Macy has been around for a while in delivering a lot of value for customers providing information around their sensitive data within S3 buckets. What we found is many customers want to go and characterize all of the data in their buckets, but some just want to know is there any sensitive data in my bucket? And the sampling feature allows the customer to find out their sensitive data in the bucket, but we don't have to go through and do all of the analysis to tell you exactly what's in there. >> Unstructured and structured data. Any data? >> Correct, yeah. >> And the fourth? >> The fourth, Security Data Lake? (John and Savannah laughing) Yes. >> Okay, ocean theme. data lake. >> Very complimentary to all of our services, but the unique value in the data lake is that we put the information in the customer's control. It's in their S3 bucket, they get to decide who gets access to it. We've heard from customers over the years that really have two options around gathering large scale data for security analysis. One is we roll our own and we're security engineers, we're not data engineers. It's really hard for them to build these distributed systems at scale. The second one is we can pick a vendor or a partner, but we're locked in and it's in their schemer and their format and we're there for a long period of time. With Security Data Lake, they get the best of both worlds. We run the infrastructure at scale for them, put the data in their control and they get to decide what use case, what partner, what tool gives them the most value on top of their data. >> Is that always a good thing to give the customers too much control? 'Cause you know the old expression, you give 'em a knife they play with and they they can cut themselves, I mean. But no, seriously, 'cause what's the provisions around that? Because control was big part of the governance, how do you manage the security? How does the customer worry about, if I have too much control, someone makes a mistake? >> Well, what we finding out today is that many customers have realized that some of their data has been replicated seven times, 10 times, not necessarily maliciously, but because they have multiple vendors that utilize that data to give them different use cases and outcomes. It becomes costly and unwieldy to figure out where all that data is. So by centralizing it, the control is really around who has access to the data. Now, ultimately customers want to make those decisions and we've made it simple to aggregate this data in a single place. They can develop a home region if they want, where all the data flows into one region, they can distribute it globally. >> They're in charge. >> They're in charge. But the controls are mostly in the hands of the data governance person in the company, not the security analyst. >> So I'm really curious, you mentioned there's 60 AWS partner companies that have collaborated on the Security lake. Can you tell us a little bit about the process? How long does it take? Are people self-selecting to contribute to these projects? Are you cherry picking? What does that look like? >> It's a great question. There's three levels of collaboration. One is around the open source project that we announced at Black Hat early in this year called OCSF. And that collaboration is we've asked the vendor community to work with us to build a schema that is universally acceptable to security practitioners, not vendor specific and we've asked. >> Savannah: I'm sorry to interrupt you, but is this a first of its kind? >> There's multiple schemes out there developed by multiple parties. They've been around for multiple years, but they've been built by a single vendor. >> Yeah, that's what I'm drill in on a little bit. It sounds like the first we had this level of collaboration. >> There's been collaborations around them, but in a handful of companies. We've really gone to a broad set of collaborators to really get it right. And they're focused around areas of expertise that they have knowledge in. So the EDR vendors, they're focused around the scheme around EDR. The firewall vendors are focused around that area. Certainly the cloud vendors are in their scope. So that's level one of collaboration and that gets us the level playing field and the language in which we'll communicate. >> Savannah: Which is so important. >> Super foundational. Then the second area is around producers and subscribers. So many companies generate valuable security data from the tools that they run. And we call those producers the publishers and they publish the data into Security Lake within that OCSF format. Some of them are in the form of findings, many of them in the form of raw telemetry. Then the second one is in the subscriber side and those are usually analytic vendors, SIM vendors, XDR vendors that take advantage of the logs in one place and generate analytic driven outcomes on top of that, use cases, if you will, that highlight security risks or issues for customers. >> Savannah: Yeah, cool. >> What's the big customer focus when you start looking at Security Lakes? How do you see that planning out? You said there's a collaboration, love the open source vibe on that piece, what data goes in there? What's sharing? 'Cause a big part of the keynote I heard today was, I heard clean rooms, I've cut my antenna up. I'd love to hear that. That means there's an implied sharing aspect. The security industry's been sharing data for a while. What kind of data's in that lake? Give us an example, take us through. >> Well, this a number of sources within AWS, as customers run their workloads in AWS. We've identified somewhere around 25 sources that will be natively single click into Amazon Security Lake. We were announcing nine of them. They're traditional network logs, BBC flow, cloud trail logs, firewall logs, findings that are generated across AWS, EKS audit logs, RDS data logs. So anything that customers run workloads on will be available in data lake. But that's not limited to AWS. Customers run their environments hybridly, they have SaaS applications, they use other clouds in some instances. So it's open to bring all that data in. Customers can vector it all into this one single location if they decide, we make it pretty simple for them to do that. Again, in the same format where outcomes can be generated quickly and easily. >> Can you use the data lake off on premise or it has to be in an S3 in Amazon Cloud? >> Today it's in S3 in Amazon. If we hear customers looking to do something different, as you guys know, we tend to focus on our customers and what they want us to do, but they've been pretty happy about what we've decided to do in this first iteration. >> So we got a story about Silicon Angle. Obviously the ingestion is a big part of it. The reporters are jumping in, but the 53rd party sources is a pretty big number. Is that coming from the OCSF or is that just in general? Who's involved? >> Yeah, OCSF is the big part of that and we have a list of probably 50 more that want to join in part of this. >> The other big names are there, Cisco, CrowdStrike, Peloton Networks, all the big dogs are in there. >> All big partners of AWS, anyway, so it was an easy conversation and in most cases when we started having the conversation, they were like, "Wow, this has really been needed for a long time." And given our breadth of partners and where we sit from our customers perspective in the center of their cloud journey that they've looked at us and said, "You guys, we applaud you for driving this." >> So Mark, take us through the conversations you're having with the customers at re:Inforce. We saw a lot of meetings happening. It was great to be back face to face. You guys have been doing a lot of customer conversation, security Data Lake came out of that. What was the driving force behind it? What were some of the key concerns? What were the challenges and what's now the opportunity that's different? >> We heard from our customers in general. One, it's too hard for us to get all the data we need in a single place, whether through AWS, the industry in general, it's just too hard. We don't have those resources to data wrangle that data. We don't know how to pick schema. There's multiple ones out there. Tell us how we would do that. So these three challenges came out front and center for every customer. And mostly what they said is our resources are limited and we want to focus those resources on security outcomes and we have security engines. We don't want to focus them on data wrangling and large scale distributed systems. Can you help us solve that problem? And it came out loud and clear from almost every customer conversation we had. And that's where we took the challenge. We said, "Okay, let's build this data layer." And then on top of that we have services like Detective and Guard Duty, we'll take advantage of it as well. But we also have a myriad of ISV third parties that will also sit on top of that data and render out. >> What's interesting, I want to get your reaction. I know we don't have much time left, but I want to get your thoughts. When I see Security Data Lake, which is awesome by the way, love the focus, love how you guys put that together. It makes me realize the big thing in re:Invent this year is this idea of specialized solutions. You got instances for this and that, use cases that require certain kind of performance. You got the data pillars that Adam laid out. Are we going to start seeing more specialized data lakes? I mean, we have a video data lake. Is there going to be a FinTech data lake? Is there going to be, I mean, you got the Great Lakes kind of going on here, what is going on with these lakes? I mean, is that a trend that Amazon sees or customers are aligning to? >> Yeah, we have a couple lakes already. We have a healthcare lake and a financial lake and now we have a security lake. Foundationally we have Lake Formation, which is the tool that anyone can build a lake. And most of our lakes run on top of Lake Foundation, but specialize. And the specialization is in the data aggregation, normalization, enridgement, that is unique for those use cases. And I think you'll see more and more. >> John: So that's a feature, not a bug. >> It's a feature, it's a big feature. The customers have ask for it. >> So they want roll their own specialized, purpose-built data thing, lake? They can do it. >> And customer don't want to combine healthcare information with security information. They have different use cases and segmentation of the information that they care about. So I think you'll see more. Now, I also think that you'll see where there are adjacencies that those lakes will expand into other use cases in some cases too. >> And that's where the right tools comes in, as he was talking about this ETL zero, ETL feature. >> It be like an 80, 20 rule. So if 80% of the data is shared for different use cases, you can see how those lakes would expand to fulfill multiple use cases. >> All right, you think he's ready for the challenge? Look, we were on the same page. >> Okay, we have a new challenge, go ahead. >> So think of it as an Instagram Reel, sort of your hot take, your thought leadership moment, the clip we're going to come back to and reference your brilliance 10 years down the road. I mean, you've been a CUBE veteran, now CUBE alumni for almost 10 years, in just a few weeks it'll be that. What do you think is, and I suspect, I think I might know your answer to this, so feel free to be robust in this. But what do you think is the biggest story, key takeaway from the show this year? >> We're democratizing security data within Security Data Lake for sure. >> Well said, you are our shortest answer so far on theCUBE and I absolutely love and respect that. Mark, it has been a pleasure chatting with you and congratulations, again, on the huge announcement. This is such an exciting day for you all. >> Thank you Savannah, thank you John, pleasure to be here. >> John: Thank you, great to have you. >> We look forward to 10 more years of having you. >> Well, maybe we don't have to wait 10 years. (laughs) >> Well, more years, in another time. >> I have a feeling it'll be a lot of security content this year. >> Yeah, pretty hot theme >> Very hot theme. >> Pretty odd theme for us. >> Of course, re:Inforce will be there this year again, coming up 2023. >> All the res. >> Yep, all the res. >> Love that. >> We look forward to see you there. >> All right, thanks, Mark. >> Speaking of res, you're the reason we are here. Thank you all for tuning in to today's live coverage from AWS re:Invent. We are in Las Vegas, Nevada with John Furrier. My name is Savannah Peterson. We are theCUBE and we are the leading source for high tech coverage. (upbeat music)

>>Hey everyone, welcome to this cube conversation. I'm your host Lisa Martin, and I have the pleasure of welcoming back our most prolific guest on the cube in its history, the CMO of Fin Ad, Eric Herzog. Eric, it's great to see you. Welcome back, >>Lisa. It's great to be here. Love being on the cube. I think this might be number 55 or 56. Been doing 'em a long time with the Cube. You guys are great. >>You, you have, and we always recognize you lately with the Hawaiian shirts. It's your brand that's, that's the Eric Hizo brand. We love it. But I like the pin, the infin nut pin on brand. Thank you. >>Yeah. Oh, gotta be on brand. >>Exactly. So talk about the current IT landscape. So much change we've seen in the last couple of years. Specifically, what are some of the big challenges that you are talking with enterprise customers and cloud service providers? About what, what are some of those major things on their minds? >>So there's a couple things. First of all is obviously with the Rocky economy and even before covid, just for storage in particular, CIOs hate storage. I've been doing this now since 1986. I have never, ever, ever met a CIO at any company I've bid with. And I've been with four of the biggest storage companies on this planet. Never met a cio. Used to be a storage guy. So they know they need it, but boy, they really don't like it. So the storage admins have to manage more and more storage. Exabytes, exabytes, it just ballooning for what a storage admin has to do. Then you then have the covid and is it recession? No. Is it a growth? And then clearly what's happened in the last year with what's going on in Europe and the, is it a recession, the inflation. So they're always looking to, how do we cut money on storage yet still get what we need for our applications, workloads, and use cases. So that's definitely the biggest, the first topic. >>So never met a CIO that was a storage admin or as a fan, but as you point out, they need it. And we've seen needs changing in customer landscapes, especially as the threat landscape has changed so dramatically the last couple of years. Ransomware, you've said it before, I say it too. It's no longer if it's when it's how often. It's the frequency. We've gotta be able to recover. Backups are being targeted. Talk to me about some of, in that landscape, some of the evolutions of customer challenges and maybe those CIOs going, We've gotta make sure that our, our storage data is protected. >>So it's starting to change. However, historically with the cio and then when they started hiring CISOs or security directors, whatever they had, depending on the company size, it was very much about protecting the edge. Okay, if you will, the moat and the wall of the castle. Then it was the network in between. So keep the streets inside the castle clean. Then it was tracking down the bad guy. So if they did get over, the issue is, if I remember correctly, the sheriff of Nottingham never really caught Robinhood. So the problem is the dwell time where the ransomware malware's hidden on storage could be as much as 200 days. So I think they're starting to realize at the security level now, forget, forget the guys on the storage side, the security guys, the cso, the CIO, are starting to realize that if you're gonna have a comprehensive cybersecurity strategy, must include storage. And that is new >>That, well, that's promising then. That's new. I mean obviously promising given the, the challenges and the circumstances. So then from a storage perspective, customers that are in this multi-cloud hybrid cloud environment, you talked about the the edge cloud on-prem. What are some of the key things from a storage perspective that customers have to achieve these days to be secure as data volumes continue to grow and spread? >>So what we've done is implement on both primary storage and secondary storage and technology called infin safe. So Infin Safe has the four legs of the storage cyber security stool. So first of all is creating an air gap. In this case, a logical air gap can be local or remote. We create an immutable snapshot, which means it can't be changed, it can't be altered, so you can't change it. We have a fenced forensic environment to check out the storage because you don't wanna recover. Again, malware and rans square can is hidden. So you could be making amenable snapshots of actually malware, ransomware, and never know you're doing it right. So you have to check it out. Then you need to do a rapid recovery. The most important thing if you have an attack is how fast can you be up and going with recovery? So we have actually instituted now a number of cyber storage security guarantees. >>We will guarantee the SLAs on a, the snapshot is absolutely immutable. So they know that what they're getting is what they were supposed to be getting. And then also we are guaranteeing recovery times on primary storage. We're guaranteeing recovery of under one minute. We'll make the snapshot available under one minute and on secondary storage under 20 minutes. So those are things you gotta look for from a security perspective. And then the other thing you gotta practice, in my world, ransomware, malware, cyber tech is basically a disaster. So yes, you got the hurricane, yes, you got the flood, yes, you got the earthquake. Yes, you got the fire in the building. Yes you got whatever it may be. But if you don't practice malware, ransomware, recoveries and protection, then it might as well be a hurricane or earthquake. It will take your data, >>It will take your data on the numbers of customers that pay ransom is pretty high, isn't it? And and not necessarily able to recover their data. So it's a huge risk. >>So if you think about it, the government documented that last year, roughly $6 trillion was spent either protecting against ransomware and malware or paying ransomware attacks. And there's been several famous ones. There was one in Korea, 72 million ransom. It was one of the Korea's largest companies. So, and those are only the ones that make the news. Most of 'em don't make the news. Right. >>So talk to me then, speaking and making the news. Nobody wants to do that. We, we know every industry is vulnerable to this. Some of the ones that might be more vulnerable, healthcare, government, public sector education. I think the Los Angeles Unified School district was just hit as well in September. They >>Were >>What, talk to me about how infin out is helping customers really dial down the risk when the threat actors are becoming more and more sophisticated? >>Well, there's a couple things. First of all, our infin safe software comes free on our main product. So we have a product called infin Guard for Secondary Storage and it comes for free on that. And then our primary storage product's called the Infin Box. It also comes for free. So they don't have to use it, but we embed it. And then we have reference architectures that we give them our ses, our solutions architects and our technical advisors all up to speed on why they should do it, how they should do it. We have a number of customers doing it. You know, we're heavily concentrated the global Fortune 2000, for example, we publicly announced that 26% of the Fortune 50 use our technology, even though we're a small company. So we go to extra lengths to a B, educated on our own front, our own teams, and then B, make sure they portray that to the end users and our channel partners. But the end users don't pay a dime for the software that does what I just described, it's free, it's included when you get you're Infin box or you're ingar, it's included at no charge. >>That's pretty differentiating from a competitive standpoint. I might, I would guess >>It is. And also the guarantee. So for example, on primary storage, okay, whether you'd put your Oracle or put your SAP or I Mongo or your sequel or your highly transactional workloads, right? Your business finance workload, all your business critical stuff. We are the first and only storage company that offers a primary guarantee on cyber storage resilience. And we offer two of them on primary storage. No other vendor offers a guarantee, which we do on primary storage. Whether you the first and right now as of here we are sitting in the middle of October. We are still the only vendor that offers anything on primary storage from a guaranteed SLA on primary storage for cyber storage resilience. >>Let's talk about those guarantees. Walk me through what you just announced. There's been a a very, a lot of productivity at Infin DAT in 2022. A lot of things that you've announced but on crack some of the things you're announcing. Sure. Talk to me specifically about those guarantees and what's in it for me as a customer. It sounds pretty obvious, but I'd love to hear it from you. >>Okay, so we've done really three different types of guarantees. The first one is we have a hundred percent availability guarantee on our primary storage. And we've actually had that for the last, since 2019. So it's a hundred percent availability. We're guaranteed no downtime, a hundred percent availability, which for our customer base being heavily concentrated, the global Fortune 2000 large government enterprises, big universities and even smaller companies, we do a lot of business with CSPs and MSPs. In fact, at the Flash Memory Summit are Infin Box ssa All Flash was named the best product for hyperscaler deployment. Hyperscaler basically means cloud servers provider. So they need a hundred percent availability. So we have a guarantee on that. Second guarantee we have is a performance guarantee. We'll do an analysis, we look at all their workloads and then we will guarantee in writing what the performance should be based on which, which of our products they want to buy are Infin Box or Infin Box ssa, which is all flash. >>Then we have the third one is all about cyber resilience. So we have two on our Infin box, our Infin box SSA for primary storage, which is a one the immutability of the snapshot and immediately means you can't erase the data. Right? Camp tamper with it. Second one is on the recovery time, which is under a minute. We just announced in the middle of October that we are doing a similar cyber storage resilience guarantee on our ARD secondary product, which is designed for backup recovery, et cetera. We will also offer the immutably snapshot guarantee and also one on the recoverability of that data in under 20 minutes. In fact, we just did a demo at our live launch earlier this week and we demoed 20 petabytes of Veeam backup data recovered in 12 minutes. 12 >>Minutes 2012. >>20 petabytes In >>12 bytes in 12 minutes. Yes. That's massive. That's massively differentiating. But that's essential for customers cuz you know, in terms of backups and protecting the data, it's all about recovery >>A and once they've had the attack, it's how fast you get back online, right? That that's what happens if they've, if they can't stop the attack, can't stop the threat and it happens. They need to get that back as fast as they can. So we have the speed of recovery on primary stores, the first in the industry and we have speed on the backup software and we'll do the same thing for a backup data set recovery as well. Talk >>To me about the, the what's in it for me, For the cloud service providers, they're obviously the ones that you work with are competing with the hyperscalers. How does the guarantees and the differentiators that Fin out is bringing to market? How do you help those cloud SPS dial up their competitiveness against the big cheeses? >>Well, what we do is we provide that underlying infrastructure. We, first of all, we only sell things that are petabyte in scale. That's like always sell. So for example, on our in fitter guard product, the raw capacity is over four petabytes. And the effective capacity, cuz you do data reduction is over 85 petabytes on our newest announced product, on our primary storage product, we now can do up to 17 petabytes of effective capacity in a single rack. So the value to the service rider is they can save on what slots? Power and floor. A greener data center. Yeah, right. Which by the way is not just about environmentals, but guess what? It also translate into operational expense. >>Exactly. CapEx office, >>With a lot of these very large systems that we offer, you can consolidate multiple products from our competitors. So for example, with one of the competitors, we had a deal that we did last quarter 18 competitive arrays into one of ours. So talk about saving, not just on all of the operational expense, including operational manpower, but actually dramatically on the CapEx. In fact, one of our Fortune 500 customers in the telco space over the last five years have told us on CapEx alone, we've saved them $104 million on CapEx by consolidating smaller technology into our larger systems. And one of the key things we do is everything is automated. So we call it autonomous automation use AI based technology. So once you install it, we've got several public references who said, I haven't touched this thing in three or four years. It automatically configures itself. It automatically adjusts to changes in performance and new apps. When I put in point a new app at it automatically. So in the old days the storage admin would optimize performance for a new application. We don't do that, we automatically do it and autonomously the admin doesn't even click a button. We just sense there's new applications and we automate ourselves and configure ourselves without the admin having to do anything. So that's about saving operational expense as well as operational manpower. >>Absolutely. I was, one of the things that was ringing in my ear was workforce productivity and obviously those storage admins being able to to focus on more strategic projects. Can't believe the CIOs aren't coming around yet. But you said there's, there's a change, there's a wave coming. But if we think about the the, the what's in it for me as a customer, the positive business outcomes that I'm hearing, lower tco, your greener it, which is key. So many customers that we talk to are so focused on sustainability and becoming greener, especially with an on-prem footprint, workforce productivity. Talk about some of the other key business outcomes that you're helping customers achieve and how it helps them to be more competitive. >>Sure. So we've got a, a couple different things. First of all, storage can't go down. When the storage goes down, everyone gets blamed. Mission. When an app goes down, no one really thinks about it. It's always the storage guy's fault. So you want to be a hundred percent available. And that's today's businesses, and I'd actually argue it's been this way for 20 years are 24 by seven by 365. So that's one thing that we deliver. Second thing is performance. So we have public references talk about their SAP workload that used to take two hours, now takes 20 minutes, okay? We have another customer that was doing SAP queries. They improved their performance three times, Not 3%, not 3%, three times. So 300% better performance just by using our storages. They didn't touch the sap, they didn't touch the servers. All they do is to put our storage in there. >>So performance relates basically to applications, workloads and use cases and productivity beyond it. So think the productivity of supply chain guys, logistics guys, the shipping guys, the finance guys, right? All these applications that run today's enterprises. So we can automate all that. And then clearly the cyber threat. Yeah, that is a huge issue. And every CIO is concerned about the cyber threat. And in fact, it was interesting, Fortune magazine did a survey of CEOs, and this was last May, the number one concern, 66% in that may survey was cyber security number one concern. So this is not just a CIO thing, this is a CEO thing and a board level >>Thing. I was gonna say it's at at the board level that the cyber security threats are so real, they're so common. No one wants to be the next headline, like the colonial pipeline, right? Or the school districts or whatnot. And everybody is at risk. So then what you're enabling with what you've just announced, the all the guarantees on the SLAs, the massively fast recovery times, which is critical in cyber recovery. Obviously resilience is is key there. Modern data protection it sounds like to me. How do you define that and and what are customers looking for with respect to modern cyber resilience versus data protection? >>Yeah, so we've got normal data protection because we work with all the backup vendors. Our in ARD is what's known as a purpose built backup appliance. So that allows you to back at a much faster rate. And we work all the big back backup vendors, IBM spectrum Protect, we work with veritas vem com vault, oracle arm, anybody who does backup. So that's more about the regular side, the traditional backup. But the other part of modern data protection is infusing that with the cyber resilience. Cuz cyber resilience is a new thing. Yes, from a storage guy perspective, it hasn't been around a long time. Many of our competitors have almost nothing. One or two of our competitors have a pretty robust, but they don't guarantee it the way we guarantee it. So they're pretty good at it. But the fact that we're willing to put our money where our mouth is, we think says we price stand above and then most of the other guys in the storage industry are just starting to get on the bandwagon of having cyber resilience. >>So that changes what you do from data protection, what would call modern data protection is a combination of traditional backup recovery, et cetera. Now with this influence and this infusion of cybersecurity cyber resilience into a storage environment. And then of course we've also happened to add it on primary storage as well. So whether it's primary storage or backup and archive storage, we make sure you have that right cyber resilience to make it, if you will, modern data protection and diff different from what it, you know, the old backup of your grandfather, father, son backup in tape or however you used to do it. We're well beyond that now we adding this cyber resilience aspect. Well, >>From a cyber resilience perspective, ransomware, malware, cyber attacks are, that's a disaster, right? But traditional disaster recovery tools aren't really built to be able to pull back that data as quickly as it sounds like in Trinidad is able to facilitate. >>Yeah. So one of the things we do is in our reference architectures and written documentation as well as when we do the training, we'd sell the customers you need to practice, if you practice when there's a fire, a flood, a hurricane, an earthquake or whatever is the natural disaster you're practicing that you need to practice malware and ran somewhere. And because our recovery is so rapid and the case of our ingar, our fenced environment to do the testing is actually embedded in it. Several of our competitors, if you want the fenced environment, you have to buy a second product with us. It's all embedded in the one item. So A, that makes it more effective from a CapEx and opex perspective, but it also makes it easier. So we recommend that they do the practice recoveries monthly. Now whether they do it or not separate issue, but at least that's what we're recommending and say, you should be doing this on a monthly basis just like you would practice a disaster, like a hurricane or fire or a flood or an earthquake. Need to be practicing. And I think people are starting to hear it, but they don't still think more about, you know, the flood. Yeah. Or about >>The H, the hurricane. >>Yeah. That's what they think about. They not yet thinking about cybersecurity as really a disaster model. And it is. >>Absolutely. It is. Is is the theme of cyber resilience, as you said, this is a new concept, A lot of folks are talking about it, applying it differently. Is that gonna help dial up those folks just really being much more prepared for that type of cyber disaster? >>Well, we've made it so it's automated. Once you set up the immutable snapshots, it just does its thing. You don't set it and forget it. We create the logical air back. Once you do it, same thing. Set it and forget it. The fence forensic environment, easy to deploy. You do have to just configure it once and then obviously the recovery is almost instantaneous. It's under a minute guaranteed on primary storage and under 20 minutes, like I told you when we did our launch this week, we did 20 petabytes of Veeam backup data in 12 minutes. So that's pretty incredible. That's a lot of data to have recovered in 12 minutes. So the more automated we make it, which is what our real forte is, is this autonomous automation and automating as much as possible and make it easy to configure when you do have to configure. That's what differentiates what we do from our perspective. But overall in the storage industry, it's the recognition finally by the CISOs and the CIOs that, wait a second, maybe storage might be an essential part of my corporate cybersecurity strategy. Yes. Which it has not been historically, >>But you're seeing that change. Yes. >>We're starting to see that change. >>Excellent. So talk to me a little bit before we wrap here about the go to market one. Can folks get their hands on the updates to in kindergar and Finn and Safe and Penta box? >>So all these are available right now. They're available now either through our teams or through our, our channel partners globally. We do about 80% of our business globally through the channel. So whether you talk to us or talk to our channel partners, we're there to help. And again, we put our money where your mouth is with those guarantees, make sure we stand behind our products. >>That's awesome. Eric, thank you so much for joining me on the program. Congratulations on the launch. The the year of productivity just continues for infinit out is basically what I'm hearing. But you're really going in the extra mile for customers to help them ensure that the inevitable cyber attacks, that they, that they're complete storage environment on prem will be protected and more importantly, recoverable Very quickly. We appreciate your insights and your input. >>Great. Absolutely love being on the cube. Thank you very much for having us. Of >>Course. It's great to have you back. We appreciate it. For Eric Herzog, I'm Lisa Martin. You're watching this cube conversation live from Palo Alto.

>>Welcome to this cube conversation with 40 net. I'm your host. Lisa Martin, Derek Minky is back. He's the chief security insights and global threat alliances at 40 minutes, 40 guard labs, Derek. Welcome back to the program. >>Likewise, we've talked a lot this year. And of course, when I saw that there are, uh, you guys have predictions from 40 guard labs, global threat intelligence and research team about the cyber threat landscape for 2022. I thought it was going to be a lot to talk about with Derek here. So let's go ahead and dig. Right in. First of all, one of the things that caught my attention was the title of the press release about the predictions that was just revealed. The press release says 40 guard labs, predict cyber attacks aimed at everything from crypto wallets to satellite internet, nothing. There is no surface that is safe anymore. Talk to me about some of the key challenges that organizations in every industry are facing. >>Yeah, absolutely. So this is a, as you said, you, you had the keyword there surface, right? That, and that attack surface is, is open for attack. That's the attack surface that we talk about it is literally be pushed out from the edge to space, like a lot of these places that had no connection before, particularly in OT environments off grid, we're talking about, uh, you know, um, uh, critical infrastructure, oil and gas, as an example, there's a lot of these remote units that were living out there that relied on field engineers to go in and, uh, you know, plug into them. They were air gapped, those such low. Those are the things that are going to be accessible by Elio's low earth orbit satellites. And there are 4,000 of those out there right now. There's going to be over 30,000. We're talking Starlink, we're talking at least four or five other competitors entering this space, no pun intended. And, um, and that's a big deal because that it's a gateway. It opens the door for cyber criminals to be able to have accessibility to these networks. And so security has to come, you know, from, uh, friends of mine there, right. >>It absolutely does. We've got this fragmented perimeter tools that are siloed, the expand and very expanded attack surface, as you just mentioned, but some of the other targets, the 5g enabled edge, the core network, of course, the home environment where many of us still are. >>Yeah, yeah, definitely. So that home environment like the edge, it is a, uh, it's, it's the smart edge, right? So we have things called edge access Trojans. These are Trojans that will actually impact and infect edge devices. And if you think about these edge devices, we're talking things that have machine learning and, and auto automation built into them a lot of privilege because they're actually processing commands and acting on those commands in a lot of cases, right? Everything from smart office, smart home option, even until the OT environment that we're talking about. And that is a juicy target for attackers, right? Because these devices naturally have more privileged. They have APIs and connectivity to a lot of these things where they could definitely do some serious damage and be used as these pivot within the network from the edge. Right. And that's, that's a key point there. >>Let's talk about the digital wallet that we all walk around with. You know, we think out so easy, we can do quick, simple transactions with apple wallet, Google smart tab, Venmo, what have you, but that's another growing source of that, where we need to be concerned, right? >>Yeah. So I, I I've, I've worn my cyber security hat for over 20 years and 10 years ago, even we were talking all about online banking Trojans. That was a big threat, right? Because a lot of financial institutions, they hadn't late ruled out things like multifactor authentication. It was fairly easy to get someone's bank credentials go in siphoned fans out of an account. That's a lot harder nowadays. And so cyber criminals are shifting tactics to go after the low hanging fruit, which are these digital wallets and often cryptocurrency, right? We've actually seen this already in 40 guard labs. Some of this is already starting to happen right now. I expect this to happen a lot more in 20, 22 and beyond. And it's because, you know, these wallets are, um, hold a lot of whole lot of value right now, right. With the crypto. And they can be transferred easily without having to do a, like a, you know, EFT is a Meijer transfers and all those sorts of things that includes actually a lot of paperwork from the financial institutions. And, you know, we saw something where they were actually hijacking these wallets, right. Just intercepting a copy and paste command because it takes, you know, it's a 54 character address people aren't typing that in all the time. So when they're sending or receiving funds, they're asking what we've actually seen in malware today is they're taking that, intercepting it and replacing it with the attackers. Well, it's simple as that bypassing all the, you know, authentication measures and so forth. >>And is that happening for the rest of us that don't have a crypto wallet. So is that happening for folks with apple wallets? And is that a growing threat concern that people need to be? It is >>Absolutely. Yeah. So crypto wallets is, is the majority of overseeing, but yeah, no, no digital wallet is it's unpatched here. Absolutely. These are all valid targets and we are starting to see activity in. I am, >>I'm sure going after those stored credentials, that's probably low-hanging fruit for the attackers. Another thing that was interesting that the 2022 predictions threat landscape, uh, highlighted was the e-sports industry and the vulnerabilities there. Talk to me about that. That was something that I found surprising. I didn't realize it was a billion dollar revenue, a year industry, a lot of money, >>A lot of money, a lot of money. And these are our full-blown platforms that have been developed. This is a business, this isn't, you know, again, going back to what we've seen and we still do see the online gaming itself. We've seen Trojans written for that. And oftentimes it's just trying to get into, and user's gaming account so that they can steal virtual equipment and current, you know, there there's virtual currencies as well. So there was some monetization happening, but not on a grand scale. This is about a shift attackers going after a business, just like any organization, big business, right. To be able to hold that hostage effectively in terms of DDoSs threats, in terms of vulnerabilities, in terms of also, you know, crippling these systems with ransomware, like we've already seen starting to hit OT, this is just another big target. Right. Um, and if you think about it, these are live platforms that rely on low latency. So very quick connections, anything that interrupts that think about the Olympics, right on sports environment, it's a big deal to them. And there's a lot of revenue that could be lost in cybercriminals fully realizes. And this is why, you know, we're predicting that e-sports is going to be a, um, a big target for them moving forward. >>Got it. And tell, let's talk about what's going on with brands. So when you and I spoke a few months ago, I think it was ransomware was up nearly 11 X in the first half of a calendar year, 2021. What are you seeing from an evolution perspective, uh, in the actual ransomware, um, actions themselves as well as what the, what the cyber criminals are evolving to. >>Yeah. So to where it's aggressive, destructive, not good words, right. But, but this is what we're seeing with ransomware. Now, again, they're not just going after data as the currency, we're seeing, um, destructive capabilities put into ransomware, including wiper malware. So this used to be just in the realm of, uh, APTT nation state attacks. We saw that with should moon. We saw that with dark soil back in 2013, so destructive threats, but in the world of apt and nation state, now we're seeing this in cyber crime. We're seeing it with ransomware and this, I expect to be a full-blown tactic for cyber criminals simply because they have the, the threat, right. They've already leveraged a lot of extortion and double extortion schemes. We've talked about that. Now they're going to be onboarding this as a new threat, basically planting these time bombs. He's ticking time bombs, holding systems for, for, for ransom saying, and probably crippling a couple of, to show that they mean business and saying, unless you pay us within a day or two, we're going to take all of these systems offline. We're not just going to take them offline. We're going to destroy them, right. That's a big incentive for people to, to, to pay up. So they're really playing on that fear element. That's what I mean about aggressive, right? They're going to be really shifting tactics, >>Aggressive and destructive, or two things you don't want in a cybersecurity environment or to be called by your employer. Just wanted to point that out. Talk to me about wiper malware. Is this new emerging, or is this something that's seeing a resurgence because this came up at the Olympics in the summer, right? >>Absolutely. So a resurgence in, in a sort of different way. Right. So, as I said, we have seen it before, but it's been not too prevalent. It's been very, uh, it's, it's been a niche area for them, right. It's specifically for these very highly targeted attack. So yes, the Olympics, in fact, two times at the Olympics in Tokyo, but also in the last summer Olympics as well. We also saw it with, as I mentioned in South Korea at dark school in 2013, we saw it an OT environment with the moon as an example, but we're talking handfuls here. Uh, unfortunately we have blogged about three of these in the last month to month and a half. Right. And that, and you know, this is starting to be married with ransomware, which is particularly a very dangerous cause it's not just my wiper malware, but couple that with the ransom tactics. >>And that's what we're starting to see is this new, this resurgent. Yes. But a completely new form that's taking place. Uh, even to the point I think in the future that it could, it could severely a great, now what we're seeing is it's not too critical in a sense that it's not completely destroying the system. You can recover the system still we're talking to master boot records, those sorts of things, but in the future, I think they're going to be going after the formal firmware themselves, essentially turning some of these devices into paperweights and that's going to be a very big problem. >>Wow. That's a very scary thought that getting to the firmware and turning those devices into paperweights. One of the things also that the report talked about that that was really interesting. Was that more attacks against the supply chain and Linux, particularly talk to us about that. What did you find there? What does it mean? What's the threat for organizations? >>Yeah. So we're seeing a diversification in terms of the platforms that cyber criminals are going after. Again, it's that attack surface, um, lower hanging fruit in a sense, uh, because they've, you know, for a fully patched versions of windows, 10 windows 11, it's harder, right. For cyber criminals than it was five or 10 years ago to get into those systems. If we look at the, uh, just the prevalence, the amount of devices that are out there in IOT and OT environments, these are running on Linux, a lot of different flavors and forms of Linux, therefore this different security holes that come up with that. And that's, that's a big patch management issue as an example too. And so this is what we, you know, we've already seen it with them or I bought net and this was in our threat landscape report, or I was the number one threat that we saw. And that's a Linux-based bot net. Now, uh, Microsoft has rolled out something called WSL, which is a windows subsystem for Linux and windows 10 and windows 11, meaning that windows supports Linux now. So that all the code that's being written for botnets, for malware, all that stuff is able to run on, on new windows platforms effectively. So this is how they're trying to expand their, uh, attack surface. And, um, that ultimately gets into the supply chain because again, a lot of these devices in manufacturing and operational technology environments rely quite heavily actually on Linux. >>Well, and with all the supply chain issues that we've been facing during the pandemic, how can organizations protect themselves against this? >>Yeah. So this, this is a big thing, right? And we talked about also the weaponization of artificial intelligence, automation and all of these, there's a lot going on as you know, right from the threats a lot to get visibility on a lot, to be able to act quickly on that's a big key metric. There is how quick you can detect these and respond to them for that. You need good threat intelligence, of course, but you also truly need to enable, uh, uh, automation, things like SD wan, a mesh architecture as well, or having a security fabric that can actually integrate devices that talk to each other and can detect these threats and respond to them quickly. That's a very important piece because if you don't stop these attacks well, they're in that movement through the attack chain. So the kill chain concept we talk about, um, the risk is very high nowadays where, you know, everything we just talked about from a ransomware and destructive capabilities. So having those approaches is very important. Also having, um, you know, education and a workforce trained up is, is equally as important to, to be, you know, um, uh, to, to be aware of these threats. >>I'm glad you brought up that education piece and the training, and that's something that 49 is very dedicated to doing, but also brings up the cybersecurity skills gap. I know when I talked with Kenzie, uh, just a couple months ago at the, um, PGA tournament, it was talking about, you know, big investments in what 40 guard, 40, 40 net is doing to help reduce that gap. But the gap is still there. How do I teach teams not get overloaded with the expanding service? It seems like the surface, the surface has just, there is no limit anymore. So how does, how does it teams that are lean and small help themselves in the fact that the threat is landscape is, is expanding. The criminals are getting smarter or using AI intelligent automation, what our it teams do >>Like fire with fire. You got to use two of the same tools that they're using on their side, and you need to be able to use in your toolkit. We're talking about a security operation center perspective to have tools like, again, this comes to the threat intelligence to get visibility on these things. We're talking Simmons, sor uh, we have, you know, 40 AI out now, uh, deception products, all these sorts of things. These are all tools that need that, that, uh, can help, um, those people. So you don't have to have a, you know, uh, hire 40 or 50 people in your sock, right? It's more about how you can work together with the tools and technology to get, have escalation paths to do more people, process procedure, as we talk about to be able to educate and train on those, to be able to have incident response planning. >>So what do you do like, because inevitably you're going to be targeted, probably interacts where attack, what do you do? Um, playing out those scenarios, doing breach and attack simulation, all of those things that comes down to the skills gaps. So it's a lot about that education and awareness, not having to do that. The stuff that can be handled by automation and AI and, and training is you're absolutely right. We've dedicated a lot with our NSC program at 49. We also have our 40 net security academy. Uh, you know, we're integrating with those secondary so we can have the skillsets ready, uh, for, for new graduates. As an example, there's a lot of progress being made towards that. We've even created a new powered by 40 guard labs. There is a 40 guard labs play in our NSC seven as an example, it's, uh, you know, for, um, uh, threat hunting and offensive security as an example, understanding really how attackers are launching their, their campaigns and, um, all those things come together. But that's the good news actually, is that we've come a long way. We actually did our first machine learning and AI models over 10 years ago, Lisa, this isn't something new to us. So the technology has gone a long way. It's just a matter of how we can collaborate and obviously integrate with that for the, on the skills gap. >>And one more question on the actual threat landscape, were there any industries that came up in particular, as we talked about e-sports we talked about OT and any industries that came up in particular as, as really big hotspots that companies and organizations really need to be aware of. >>Yeah. So also, uh, this is part of OT about ICS critical infrastructure. That's a big one. Uh, absolutely there we're seeing, uh, also cyber-criminals offering more crime services now on dark web. So CAS, which is crime as a service, because it used to be a, again, a very specialized area that maybe only a handful of organized criminal organizations could actually, um, you know, launch attacks and, and impact to those targets where they're going after those targets. Now they're offering services right on to other coming cyber criminals, to be able to try to monetize that as well. Again, we're seeing this, we actually call it advanced persistent cybercrime APC instead of an apt, because they're trying to take cyber crime to these targets like ICS, critical infrastructure, um, healthcare as well is another one, again, usually in the realm of APMT, but now being targeted more by cybercriminals in ransomware, >>I've heard of ransomware as a service, is that a subcategory of crime as a service? >>Absolutely. Yeah. It is phishing as a service ransomware as, and service DDoSs as a service, but not as, as many of these subcategories, but a ransomware as a service. That's a, another big problem as well, because this is an affiliate model, right. Where they hire partners and pay them commission, uh, if they actually get payments of ransom, right? So they have literally a middle layer in this network that they're pushing out to scale their attacks, >>You know, and I think that's the last time we talked about ransomware, we talked about it's a matter of, and I talk to customers all the time who say, yes, it's a matter of when, not, if, is, is this the same sentiment? And you think for crime as a service in general, the attacks on e-sports on home networks, on, uh, internet satellites in space, is this just a matter of when, not if across the board? >>Well, yeah, absolutely. Um, you know, but the good news is it doesn't have to be a, you know, when it happens, it doesn't have to be a catastrophic situation. Again, that's the whole point about preparedness and planning and all the things I talked about, the filling the skills gap in education and having the proper, proper tools in place that will mitigate that risk. Right. And that's, and that's perfectly acceptable. And that's the way we should handle this from the industry, because we process we've talked about this, people are over a hundred billion threats a day in 40 guard labs. The volume is just going to continue to grow. It's very noisy out there. And there's a lot of automated threats, a lot of attempts knocking on organizations, doors, and networks, and, you know, um, phishing emails being sent out and all that. So it's something that we just need to be prepared for just like you do for a natural disaster planning and all these sorts of other things in the physical world. >>That's a good point. It doesn't have to be aggressive and destructive, but last question for you, how can, how is 4d guard helping companies in every industry get aggressive and disruptive against the threats? >>Yeah. Great, great, great question. So this is something I'm very passionate about, uh, as you know, uh, where, you know, we, we don't stop just with customer protection. Of course, that is as a security vendor, that's our, our primary and foremost objective is to protect and mitigate risk to the customers. That's how we're doing. You know, this is why we have 24 7, 365 operations at 40 guy labs. Then we're helping to find the latest and greatest on threat intelligence and hunting, but we don't stop there. We're actually working in the industry. Um, so I mentioned this before the cyber threat Alliance to, to collaborate and share intelligence on threats all the way down to disrupt cybercrime. This is what big target of ours is, how we can work together to disrupt cyber crime. Because unfortunately they've made a lot of money, a lot of profits, and we need to reduce that. We need to send a message back and fight that aggressiveness and we're we're on it, right? So we're working with Interpol or project gateway with the world economic forum, the partnership against cyber crime. It's a lot of initiatives with other, uh, you know, uh, the, uh, the who's who of cyber security in the industry to work together and tackle this collaboratively. Um, the good news is there's been some steps of success to that. There's a lot more, we're doing the scale of the efforts. >>Excellent. Well, Derek as always great and very informative conversation with you. I always look forward to these seeing what's going on with the threat landscape, the challenges, the increasing challenges, but also the good news, the opportunities in it, and what 40 guard is doing 40 left 40 net, excuse me, I can't speak today to help customers address that. And we always appreciate your insights and your time we look forward to talking to you and unveiling the next predictions in 2022. >>All right. Sounds good. Thanks, Lisa. >>My pleasure for Derek manky. I'm Lisa Martin. You're watching this cube conversation with 40 net. Thanks for watching.

>>Good morning from Los Angeles, Lisa Martin here at Qube con cloud native con north America, 2021. This is the cubes third day, a wall-to-wall coverage. So great to be back at an event in person I'm excited to be joined by Vince Wang, senior director of products at 49. We're going to talk security and Kubernetes then welcome to the program. >>Thank you for having me. >>So I always love talking to 40 minutes. Cybersecurity is something that is such an impersonal interest of mine. The fording that talks about the importance of integrating security and compliance and the dev sec ops workflow across the container life cycle. Why is this important and how do you help companies achieve it? >>Well, as companies are making digital innovations, they're trying to move faster and as to move faster, or many companies are shifting towards a cloud native approach, uh, rapid integrations, rapid development, and rapid deployment, uh, but sometimes speed, you know, there's a benefit to that, but there's also the downside of that, where, you know, you can lose track of issues and you can, uh, introduce a human error in a problem. So as part of the, as part of the, the, the means to deliver fast while maintaining his six year approach, where both the company and the organizations delivering it and their end customers, it's important to integrate security throughout the entire life cycle. From the moment you start planning and development, and people's in process to when you're developing it and then deploying and running in production, um, the entire process needs to be secured, monitored, and, um, and vetted regularly with good quality, um, processes, deep visibility, and an integrated approach to the problem. Um, and I think the other thing to also consider is in this day and age with the current situation with COVID, there's a lot of, uh, development of employment in terms of what I call NASA dental Baltic cloud, where you're deploying applications in random places, in places that are unplanned because you need speed and that, uh, diversity of infrastructure and diversity of, uh, of clouds and development and things to consider then, uh, produces a lot of, uh, you know, uh, opportunities for security and, and challenges to come about. >>And we've seen so much change from a security perspective, um, the threat landscape over the last 18 months. So it's absolutely critical that the integration happens shifting left. Talk to us about now let's switch topics. Application teams are adopting CIC D uh, CICB workflows. Why does security need to be at the center of that adoption? >>Well, it goes back to my earlier point where when you're moving fast, your organizations are doing, um, you're building, deploying, running continuously and monitoring, and then improving, right? So the idea is you're, you're creating smaller, incremental changes, throwing it to the cloud, running it, adjusting it. So then you're, you're rapidly integrating and you're rapidly developing and delivery. And again, it comes down to that, that rapid nature, uh, things can happen. There's, there's more, uh, more points of touching and there's more points of interactions. And, you know, and again, when you're moving that fast, it's really easy to, um, miss things along the way. So as you have security as a core fundamental element of that DNA, as you're building it, uh, that that's in parallel with everything you're doing, you just make sure that, um, when you do deliver something that is the most secure application possible, you're not exposing your customers or your organizations to unforeseen risks that just kind of sits there. >>Uh, and I think part of that is if you think about cloud infrastructure, misconfiguration is still number one, uh, biggest problem with, uh, with security on the, in the cloud space, there's, uh, tasks and vulnerabilities those, we all know, and there's there's means to control that, but the configurations, when you're storing the data, the registries, all these different considerations that go into a cloud environment, those are the things that organizations need visibility on. And, um, the ability to, to adopt their processes, to be proactive in those things and know what they, uh, do. They just need to know what, what then, where are they're operating in, um, to kind of make these informed decisions. >>That visibility is key. When you're talking with customers in any industry, what are the top three, let's say recommendations to say, here's how you can reduce your exposure to security vulnerabilities in the CIS CD pipeline. What are some of the things that you recommend there to reduce the risk? >>There's a couple, oh, obviously security as a fundamental practice. We've been talking about that. So that's number one, key number. The second thing that I would say would be, uh, when you're adopting solutions, you need to consider the fact that there is a very much of a heterogeneous environment in today's, uh, ecosystem, lots of different clouds, lots of different tools. So integration is key. The ability to, um, have choices of deployment, uh, in terms of where you wanted to play. You don't want to deploy based upon the technology limitations. You want to deploy and operate your business to meet your business needs and having the right of integrations and toolings to, uh, have that flexibility. Now, option is key. And I think the third thing is once you have security, the choices, then you can treat, you create a situation where there's a lot of, uh, you know, process overhead and operational overhead, and you need a platform, a singular cybersecurity platform to kind of bring it all in that can work across multiple technologies and environments, and still be able to control at the visibility and consolidate, uh, policies and nationally consistent across all closet points. >>So we're to the DevOps folks, what are some of the key considerations that they need to take into >>Account to ensure that their container strategy isn't compromising security? Well, I think it comes down to having to think outside of just dev ops, right? You have to, we talk about CIC D you have to think beyond just the build process beyond just where things live. You have to think continuous life cycles and using a cyber security platform that brings it together, such as we have the Fortinet security fabric that does that tying a lot of different integration solutions. We work well within their core, but theirs have the ability to integrate well into various environments that provide that consistent policies. And I think that's the other thing is it's not just about integration. It's about creating that consistency across class. And the reality is also for, I think today's dev ops, many organizations are in transition it's, you know, as, as much as we all think and want to kind of get to that cloud native point in time, the reality is there's a lot of legacy things. >>And so dev ops set ups, the DevSecOps, all these different kind of operational functions need to consider the fact that everything is in transition. There are legacy applications, they are new cloud native top first type of application delivery is using containers of various technologies. And there needs to be a, again, that singular tool, the ability to tie this all together as a single pane of glass, to be able to then navigate emerge between legacy deployments and applications with the new way of doing things and the future of doing things with cloud native, uh, and it comes down again to, to something like the Fortinet security fabric, where we're tying things together, having solutions that can deploy on any cloud, securing any application on any cloud while bringing together that consistency, that visibility and the single point management, um, and to kind of lower that operational overhead and introduce security as part of the entire life cycle. >>Do you have a Vincent example of a customer that 49 has worked with that has done this, that you think really shows the value of what you're able to enable them to achieve? >>We do. We do. We have lots of customers, so can name any one specific customer for various reasons, you know, it's security after all. Um, but the, the most common use cases when customers look at it, that when you, we talked to a CIO, CSO CTO is I think that's a one enter they ask us is, well, how do we, how do we manage in this day and age making these cloud migrations? Everyone? I think the biggest challenge is everyone is in a different point in time in their cloud journey. Um, there's if you talk to a handful of customers or a rueful customers, you're not going to find one single organization that's going to be at the same point in time that matches them yet another person, another organization, in terms of how they're going about their cloud strategies, where they're deploying it at what stage of evolution there are in their organizational transformations. >>Um, and so what they're looking for is that, that that's the ability to deploy and security any application on any topic throughout their entire application life cycle. Um, and so, so the most common things that, that our customers are looking for, um, and, you know, they're doing is they're looking to secure things on the network and then interconnected to the cloud with, uh, to deliver that superior, uh, application experience. So they were deploying something like the security fabric. Uh, again, you know, Fordanet has a cybersecurity approach to that point and securing the native environments. They're looking at dev ops, they're deploying tooling to provide, uh, you know, security posture management, plus a few posture management to look at the things that are doing that, the registries, their environment, the dev environment, to then securing their cloud, uh, networks, uh, like what we do with our FortiGate solutions, where we're deploying things from the dev ops. >>I feel secure in the cloud environment with our FortiGate environments across all the various multitudes of cloud providers, uh, like, uh, AWS Azure, Google cloud, and that time that together with, with some secure, um, interconnections with SD LAN, and then tying that into the liver and productions, um, on the web application side. So it's a very much a continuous life cycle, and we're looking at various things. And again, the other example we have is because of the different places in different, uh, in terms of Tod journeys, that the number one key is the ability to then have that flexibility deployment to integrate well into existing infrastructure and build a roadmap out for, uh, cloud as they evolve. Because when you talk to customers today, um, they're not gonna know where they're going to be tomorrow. They know they need to get there. Uh, they're not sure how they're going to get there. And so what they're doing now is they're getting to cloud as quickly as they can. And then they're looking for flexibility to then kind of adjust and they need a partner like Fordanet to kind of bring that partnership and advisorship to, uh, to those organizations as they make their, their, their strategies clearer and, uh, adjust to new business demands. >>Yeah. That partnership is key there. So afforded it advocates, the importance of taking a platform approach to the application life cycle. Talk to me about what that means, and then give me like the top three considerations that customers need to be considering for this approach. >>Sure. Number one is how flexible is that deployment in terms of, do you, do customers have the option to secure and deploy any application, any cloud, do they have the flexibility of, um, integrating security into their existing toolings and then, uh, changing that out as they need, and then having a partner and a customer solution that kind of grows with that? I think that's the number one. Number two is how well are these, uh, integrations or these flexible options tied together? Um, like what we do with the security fabric, where everything kind of starts with, uh, the idea of a central management console that's, you know, uh, and consistent policies and security, um, from the get-go. And I think the third is, is looking at making sure that the, the, the security integrations, the secure intelligence is done in real time, uh, with a quality source of information, uh, and, and points of, uh, of responsiveness, um, what we do with four guard labs. >>For example, we have swell of large, um, machine learning infrastructure where have supported by all the various customer inputs and great intelligence organizations, but real time intelligence and percussion as part of that deployment life cycle. Again, this kind of really brings it all together, where organizations looking for application security and, and trying to develop in a CSED fashion. And you have the ability to then have security from the get, go hide ident to the existing toolings for flexibility, visibility, and then benefits from security all along the way with real time, you know, uh, you know, leading edge security, that then kind of brings that, that sense of confidence and reassurance as they're developing, they don't need to worry about security. Security should just be part of that. And they just need to worry about solving the customer problems and, uh, and, you know, delivering business outcomes and results. >>That's it, right? It's all about those business outcomes, but delivering that competence is key. Vince, thank you for joining me on the program today, talking through what 49 is doing, how you're helping customers to integrate security and compliance into the dev dev sec ops workflow. We appreciate your insights. >>Thank you so much for your time. I really appreciate it. My >>Pleasure for vents Wang. I'm Lisa Martin. You're watching the cube live from Los Angeles, uh, cube con and cloud native con 21 stick around at Dave Nicholson will join me next with my next guest.

>>Hello, and welcome back to the cubes coverage of coop con cloud native con 2021. We're here in person at a real event. I'm John farrier host of the cube, but Dave Nicholson, Michael has got great guests here. Two founders of brand new startup, one week old cable on ASCII and Dave Lawrence, uh, with chain guard, former Google employees, open source community members decided to start a company with five other people on total five total. Congratulations. Welcome to the cube. >>Thank you. Thank you for >>Having us. So tell us like a product, you know, we know you don't have a price. So take us through the story because this is one of those rare moments. We got great chance to chat with you guys just a week into the new forms company and the team. What's the focus, what's the vision. >>How far back do you want to go with this story >>And why you left Google? So, you know, we're a gin and tonics. We get a couple of beers I can do that. We can do that. Let's just take over the world. >>Yeah. So we both been at Google, uh, for awhile. Um, the last couple of years we've been really worried about and focused on open-source security risk and supply chain security in general and software. Um, it's been a really interesting time as you probably noticed, uh, to be in that space, but it wasn't that interesting two years ago or even a year and a half ago. Um, so we were doing a bunch of this work at Google and the open source. Nobody really understood it. People kind of looked at us funny at talks and conferences. Um, and then beginning of this year, a bunch of attacks started happening, uh, things in the headlines like solar winds, solar winds attack, like you say, it attack all these different ransomware things happening. Uh, companies and governments are getting hit with supply chain attacks. So overnight people kind of started caring and being really worried about the stuff that we've been doing for a while. So it was a pretty cool thing to be a part of. And it seemed like a good time to start a company and keep your >>Reaction to this startup. How do you honestly feel, I suppose, feeling super excited. Yeah. >>I am really excited. I was in stars before Google. So then I went to Google where there for seven, I guess, Dan, a little bit longer, but I was there for seven years on the product side. And then yeah, we, we, the open source stuff, we were really there for protecting Google and we both came from cloud before that working on enterprise product. So then sorta just saw the opportunity, you know, while these companies trying to scramble and then sort of figure out how to better secure themselves. So it seemed like a perfect, >>The start-up bug and you back in the start up, but it's the timing's perfect. I got to say, this is a big conversation supply chain from whether it's components and software now, huge attack vector, people are taking advantage of it super important. So I'm really glad you're doing it. But first explain to the folks watching what is supply chain software? What's the challenge? What is the, what is the supply chain security challenge or problem? >>Sure. Yeah, it's the metaphor of software supply chain. It's just like physical supply chain. That's where the name came from. And it, it really comes down to how the code gets from your team's keyboard, your team's fingers on those keyboards into your production environment. Um, and that's just the first level of it. Uh, cause nobody writes all of the code. They use themselves. We're here at cloud native con it's hundreds of open source vendors, hundreds of open libraries that people are reusing. So your, your trust, uh, radius and your attack radius extends to not just your own companies, your own developers, but to everyone at this conference. And then everyone that they rely on all the way out. Uh, it's quite terrifying. It's a surface, the surface area explode pretty quickly >>And people are going and the, and the targeting to, because everyone's touching the code, it's open. It's a lot of action going on. How do you solve the problem? What is the approach? What's the mindset? What's the vision on the problems solving solutions? >>Yeah, that's a great question. I mean, I think like you said, the first step is awareness. Like Dan's been laughing, he's been, he felt like a crazy guy in the corner saying, you know, stop building software underneath your desk and you know, getting companies, >>Hey, we didn't do, why don't you tell them? I was telling him for five years. >>Yeah. But, but I think one of his go-to lines was like, would you pick up a thumb drive off the side of the street and plug it into your computer? Probably not. But when you download, you know, an open source package or something, that's actually can give you more privileges and production environments and it's so it's pretty scary. Um, so I think, you know, for the last few years we've been working on a number of open source projects in this space. And so I think that's where we're going to start is we're going to look at those and then try to grow out the community. And we're, we're watching companies, even like solar winds, trying to piece these parts together, um, and really come up with a better solution for themselves. >>Are there existing community initiatives or open source efforts that are underway that you plan to participate in or you chart? Are you thinking of charting a new >>Path? >>Oh, it's that looks like, uh, Thomas. Yeah, the, the SIG store project we kicked off back in March, if you've covered that or familiar with that at all. But we kicked that off back in March of 2021 kind of officially we'd look at code for awhile before then the idea there was to kind of do what let's encrypted, uh, for browsers and Webster, um, security, but for code signing and open source security. So we've always been able to get code signing certificates, but nobody's really using them because they're expensive. They're complicated, just like less encrypted for CAS. They made a free one that was automated and easy to use for developers. And now people do without thinking about it in six stores, we tried to do the same thing for open source and just because of the headlines that were happening and all of the attacks, the momentum has just been incredible. >>Is it a problem that people just have to just get on board with a certain platform or tool or people have too many tools, they abandoned them there, their focus shifts is there. Why what's the, what's the main problem right now? >>Well, I think, you know, part of the problem is just having the tools easy enough for developers are going to want to use them and it's not going to get in our way. I think that's going to be a core piece of our company is really nailing down the developer experience and these toolings and like the co-sign part of SIG store that he was explaining, like it's literally one command line to sign, um, a package, assign a container and then one line to verify on the other side. And then these organizations can put together sort of policies around who they trust and their system like today it's completely black box. They have no idea what they're running and takes a re >>You have to vape to rethink and redo everything pretty much if they want to do it right. If they just kind of fixing the old Europe's sold next solar with basically. >>Yeah. And that's why we're here at cloud native con when people are, you know, the timing is perfect because people are already rethinking how their software gets built as they move it into containers and as they move it into Kubernetes. So it's a perfect opportunity to not just shift to Kubernetes, but to fix the way you build software from this, >>What'd you say is the most prevalent change mindset change of developers. Now, if you had to kind of, kind of look at it and say, okay, current state-of-the-art mindset of a developer versus say a few years ago, is it just that they're doing things modularly with more people? Or is it more new approaches? Is there a, is there a, >>I think it's just paying attention to your building release process and taking it seriously. This has been a theme for, since I've been in software, but you have these very fancy production data centers with physical security and all these levels of, uh, Preston prevention and making sure you can't get in there, but then you've got a Jenkins machine that's three years old under somebody's desk building the code that goes into there. >>It gets socially engineered. It gets at exactly. >>Yeah. It's like the, it's like the movies where they, uh, instead of breaking into jail, they hide in the food delivery truck. And it's, it's that, that's the metaphor that I like perfectly. The fence doesn't work. If your truck, if you open the door once a week, it doesn't matter how big defenses. Yeah. So that's >>Good Dallas funny. >>And I, I think too, like when I used to be an engineer before I joined Google, just like how easy it is to bring in a third party package or something, you know, you need like an image editing software, like just go find one off the internet. And I think, you know, developers are slowly doing a mind shift. They're like, Hey, if I introduce a new dependency, you know, there's going to be, I'm going to have to maintain this thing and understand >>It's a little bit of a decentralized view too. Also, you got a little bit of that. Hey, if you sign it, you own it. If it tracks back to you, okay, you are, your fingerprints are, if you will, or on that chain of >>Custody and custody. >>Exactly. I was going to say, when I saw chain guard at first of course, I thought that my pant leg riding a bike, but then of course the supply chain things coming in, like on a conveyor belt, conveyor, conveyor belt. But that, that whole question of chain of custody, it isn't, it isn't as simple as a process where someone grabs some code, embeds it in, what's going on, pushes it out somewhere else. That's not the final step typically. Yeah. >>So somebody else grabs that one. And does it again, 35 more times, >>The one, how do you verify that? That's yeah, it seems like an obvious issue that needs to be addressed. And yet, apparently from what you're telling us for quite a while, people thought you were a little bit in that, >>And it's not just me. I mean, not so Ken Thompson of bell labs and he wrote the book >>He wrote, yeah, it was a seatbelt that I grew >>Up on in the eighties. He gave a famous lecture called uh, reflections on trusting trust, where he pranked all of his colleagues at bell labs by putting a back door in a compiler. And that put back doors into every program that compiled. And he was so clever. He even put it in, he made that compiler put a backdoor into the disassembler to hide the back door. So he spent weeks and, you know, people just kind of gave up. And I think at that point they were just like, oh, we can't trust any software ever. And just forgot about it and kept going on and living their lives. So this is a 40 year old problem. We only care about it now. >>It's totally true. A lot of these old sacred cows. So I would have done life cycles, not really that relevant anymore because the workflows are changing. These new Bev changes. It's complete dev ops is taken over. Let's just admit it. Right. So if we have ops is taken over now, cloud native apps are hitting the scene. This is where I think there's a structural industry change, not just the community. So with that in mind, how do you guys vector into that in terms of a market entry? What's just thinking around product. Obviously you got a higher, did you guys raise some capital in process? A little bit of a capital raise five, no problem. Todd market, but product wise, you've got to come in, get the beachhead. >>I mean, we're, we're, we're casting a wide net right now and talking to as many customers like we've met a lot of these, these customer potential customers through the communities, you know, that we've been building and we did a supply chain security con helped with that event, this, this Monday to negative one event and solar winds and Citibank were there and talking about their solutions. Um, and so I think, you know, and then we'll narrow it down to like people that would make good partners to work with and figure out how they think they're solving the problem today. And really >>How do you guys feel good? You feel good? Well, we got Jerry Chen coming off from gray lock next round. He would get a term sheet, Jerry, this guy's got some action on it in >>There. Probably didn't reply to him on LinkedIn. >>He's coming out with Kronos for him. He just invested 200 million at CrossFit. So you guys should have a great time. Congratulations on the leap. I know it's comfortable to beat Google, a lot of things to work on. Um, and student startups are super fun too, but not easy. None of the female or, you know, he has done it before, so. Right. Cool. What do you think about today? Did the event here a little bit smaller, more VIP event? What's your takeaway on this? >>It's good to be back in person. Obviously we're meeting, we've been associating with folks over zoom and Google meets for a while now and meeting them in person as I go, Hey, no hard to recognize behind the mask, but yeah, we're just glad to sort of be back out in a little bit of normalization. >>Yeah. How's everything in Austin, everyone everyone's safe and good over there. >>Yeah. It's been a long, long pandemic. Lots of ups and downs, but yeah. >>Got to get the music scene back. Most of these are comes back in the house. Everything's all back to normal. >>Yeah. My hair doesn't normally look like this. I just haven't gotten a haircut since this also >>You're going to do well in this market. You got a term sheet like that. Keep the hair, just to get the money. I think I saw your LinkedIn profile and I was wondering it's like, which version are we going to get? Well, super relevant. Super great topic. Congratulations. Thanks for coming on. Sharing the story. You're in the queue. Great jumper. Dave Nicholson here on the cube date, one of three days we're back in person of course, hybrid event. Cause the cube.net for all more footage and highlights and remote interviews. So stay tuned more coverage after this short break.

>>From around the globe. It's the cube covering Fortinet security summit brought to you by Fortinet. >>Welcome back to the cube. Lisa Martin here at the Fordham het championship security summit. Napa valley has been beautiful and gracious to us all day. We're very pleased to be here. I'm very pleased to welcome a first-timer to the cube. Rupesh Chuck Chuck Xi, VP a T and T cybersecurity and edge solutions at, at and T cybersecurity. Refresh. Welcome. >>Thank you. Thank you so much for having me, Lisa, I'm looking forward to our conversation today. >>Me too. First of all, it's we're in Napa we're outdoors. It's beautiful venue, no complaints, right? We're at a golf PGA tournament. Very exciting. Talk to me about the at and T Fordanet relationship. Give me, give me an, a good insight into the partnership. >>Sure, sure. So, as you said, you know, beautiful weather in California, Napa it's my first time. Uh, so it's kind of a new experience for me going back to your question in terms of the relationship between eight P and T and Ford in that, uh, a long lasting, you know, 10 plus years, you know, hand in hand in terms of the product, the technology, the capabilities that we are brought together in the security space for our customers. So a strategic relationship, and I'm so thrilled to be here today as a, Fordanet invited us to be part of the championship. Tommy, >>Talk to me. So your role VP of, and T cybersecurity and edge solutions, give me an, a deep dive into what's in your purview. >>Sure, sure. So I, uh, sort of, you know, run the PNL or the profit and loss center for product management for all of at and T cybersecurity and ed solutions and the whole concept behind putting the teams together is the convergence in networking and security. Um, so, you know, we are supporting the entire customer continuum, whether it's a fortune 50, the fortune 1000 to mid-market customers, to small businesses, to, you know, government agencies, you know, whether it's a local government agency or a school district or a federal agency, et cetera. And my team and I focus on bringing new product and capabilities to the marketplace, you know, working with our sales team from an enablement perspective, go to market strategy. Um, and the whole idea is about, uh, you know, winning in the marketplace, right? So delivering growth and revenue to the business, >>Competitive differentiation. So we've seen so much change in the last year and a half. I know that's an epic understatement, but we've also seen the proliferation at the edge. What are some of the challenges that you're seeing and hearing from customers where that's concerned >>As you stated, right. There's a lot happening in the edge. And sometimes the definition for edge varies when you talk with different people, uh, the way we look at it is, you know, definitely focused on the customer edge, right? So if you think about many businesses, whether I am a, a quick serve restaurant or I'm a banking Institute or a financial services or an insurance agency, or I'm a retail at et cetera, you know, lots of different branches, lots of different transformation taking place. So one way of approaching it is that when you think about the customer edge, you see a lot of virtualization, software driven, a lot of IOT endpoints, et cetera, taking place. So the cyber landscape becomes more important. Now you're connecting users, devices, capabilities, your point of sale system to a multi-cloud environment, and that, you know, encryption of that data, the speed at which it needs to happen, all of that is very important. And as we think ahead with 5g and edge compute and what that evolution revolution is going to bring, it's going to get even more excited because to me, those are kind of like in a playgrounds of innovation, but we want to do it right and keep sort of, you know, cyber and security at the core of it. So we can innovate and keep the businesses safe. >>How do you help customers to kind of navigate edge cybersecurity challenges and them not being synonymous? >>That's a great, great question. You know, every day I see, you know, different teams, different agendas, different kinds of ways of approaching things. And what I tell customers and even my own teams is that, look, we have to have a, a blueprint and architecture, a vision, you know, what are the business outcomes that we want to achieve? What the customer wants to achieve. And then start to look at that kind of technology kind of convergence that is taking place, and especially in the security and the networking space, significant momentum on the convergence and utilize that convergence to create kind of full value stack solutions that can be scaled, can be delivered. So you are not just one and done, but it's a continuous innovation and improvement. And in the security space, you need that, right. It's never going to be one and done. No >>We've seen so much change in the last year. We've seen obviously this rapid pivot to work from home that was overnight for millions and millions of people. We're still in that too. A fair amount. There's a good amount of people that are still remote, and that probably will be permanently there's. Those that are going to be hybrid threat landscape bloated. I was looking at and talking with, um, 40 guard labs and the, the nearly 11 X increase in the last 12 months in ransomware is insane. And the ransomware as a business has exploded. So security is a board level conversation for businesses I assume in any. >>Absolutely. Absolutely. I agree with you, it's a board level conversation. Security is not acknowledged the problem about picking a tool it's about, you know, the business risk and what do we need to do? Uh, you mentioned a couple of interesting stats, right? So we've seen, uh, you know, two things I'll share. One is we've seen, you know, 440 petabytes of data on the at and T network in one average business day. So 440 petabytes of data. Most people don't know what it is. So you can imagine the amount of information. So you can imagine the amount of security apparatus that you need, uh, to Tofino, protect, and defend and provide the right kind of insights. And then the other thing that VOC and along the same lines of what you were mentioning is significant, you know, ransomware, but also significant DDoSs attacks, right? So almost like, you know, we would say around 300% plus said, DDoSs mitigations that we did from last year, you know, year over year. >>So a lot of focus on texting the customer, securing the end points, the applications, the data, the network, the devices, et cetera. Uh, the other two points that I want to mention in this space, you know, again, going back to all of this is happening, right? So you have to focus on this innovation at the, at the speed of light. So, you know, artificial intelligence, machine learning, the software capabilities that are more, forward-looking have to be applied in the security space ever more than ever before, right. Needs these do, we're seeing alliances, right? We're seeing this sort of, you know, crowdsourcing going on of action on the good guys side, right? You see the national security agencies kind of leaning in saying, Hey, let's together, build this concept of a D because we're all going to be doing business. Whether it's a public to public public, to private, private, to private, all of those different entities have to work together. So having security, being a digital trust, >>Do you think that the Biden administrations fairly recent executive order catalyst of that? >>I give it, you know, the president and the, the administration, a lot of, you know, kudos for kind of, and then taking it head on and saying, look, we need to take care of this. And I think the other acknowledgement that it is not just hunting or one company or one agency, right? It's the whole ecosystem that has to come together, not just national at the global level, because we live in a hyper connected world. Right. And one of the things that you mentioned was like this hybrid work, and I was joking with somebody the other day that, and really the word is location, location, location, thinking, network security, and networking. The word is hybrid hybrid hybrid because you got a hybrid workforce, the hybrid cloud, you have a hybrid, you have a hyper-connected enterprise. So we're going to be in this sort of, you know, hybrid for quite some time are, and it has to >>Be secure and an org. And it's, you know, all the disruption of folks going to remote work and trying to get connected. One beyond video conference saying, kids are in school, spouse working, maybe kids are gaming. That's been, the conductivity alone has been a huge challenge. And Affordanet zooming a lot there with links to us, especially to help that remote environment, because we know a lot of it's going to remain, but in the spirit of transformation, you had a session today here at the security summit, talked about transformation, formation plan. We talk about that word at every event, digital transformation, right? Infrastructure transformation, it security. What context, where you talking about transformation in it today? What does it transformation plan mean for your customers? >>That's a great question because I sometimes feel, you know, overused term, right? Then you just take something and add it. It's it? Transformation, network, transformation, digital transformation. Um, but what we were talking today in, in, in the morning was more around and sort of, you know, again, going back to the network security and the transformation that the customers have to do, we hear a lot about sassy and the convergence we are seeing, you know, SD van takeoff significantly from an adoption perspective application, aware to experiences, et cetera, customers are looking at doing things like internet offload and having connectivity back into the SAS applications. Again, secure connectivity back into the SAS applications, which directly ties to their outcomes. Um, so the, the three tenants of my conversation today was, Hey, make sure you have a clear view on the business outcomes that you want to accomplish. Now, the second was work with a trusted advisor and at and T and in many cases is providing that from a trusted advisor perspective. And third, is that going back to the one and done it is not a one and done, right? This is a, is a continuous process. So sometimes we have to be thinking about, are we doing it in a way that we will always be future ready, will be always be able to deal with the security threats that we don't even know about today. So yeah, >>You bring up the term future ready. And I hear that all the time. When you think of man, we really weren't future ready. When the pandemic struck, there was so much that wasn't there. And when I was talking with 49 earlier, I said, you know, how much, uh, has the pandemic been a, uh, a catalyst for so much innovation? I imagine it has been the same thing that >>Absolutely. And, you know, I remember, you know, early days, February, March, where we're all just trying to better understand, right? What is it going to be? And the first thing was, Hey, we're all going to work remote, is it a one week? Is it a two week thing? Right? And then if you're like the CIO or the CSO or other folks who are worried about how am I going to give the productivity tools, right. Businesses in a one customer we work with, again, tobacco innovation was said, Hey, I have 20,000 call center agents that I need to take remote. How do you deliver connectivity and security? Because that call center agent is the bloodline for that business interacting with their end customers. So I think, you know, it is accelerated what would happen over 10 years and 18 months, and it's still unknown, right? So we're still discovering the future. >>There's a, there will be more silver linings to come. I think we'll learn to pick your brain on, on sassy adoption trends. One of the things I noticed in your abstract of your session here was that according to Gardner, the convergence of networking and security into the sassy framework is the most vigorous technology trend. And coming out of 2020, seeing that that's a big description, most vigorous, >>It's a big, big description, a big statement. And, uh, we are definitely seeing it. You know, we saw some of that, uh, in the second half of last year, as the organizations were getting more organized to deal with, uh, the pandemic and the change then coming into this year, it's even more accelerated. And what I mean by that is that, you know, I look at sort of, you know, three things, right? So one is going back to the hybrid work, remote work, work from anywhere, right. So how do you continue to deliver a differentiated experience, highly secure to that workforce? Because productivity, human capital very important, right? The second is that there's a back and forth on the branch transformation. So yes, you know, restaurants are opening back up. Retailers are opening back up. So businesses are thinking about how do I do that branch transformation? And then the third is explosive business IOT. So the IOT end points, do you put into manufacturing, into airports in many industries, we continue to see that. So when you think about sassy and the framework, it's about delivering a, a framework that allows you to protect and secure all of those endpoints at scale. And I think that trend is real. I've seen customer demand, we've signed a number of deals. We're implementing them as we speak across all verticals, healthcare, retail, finance, manufacturing, transportation, government agencies, small businesses, mid-sized businesses. >>Nope, Nope. Not at all. Talk to me about, I'm curious, you've been at, at and T a long time. You've seen a lot of innovation. Talk, talk to me about your perspectives on seeing that, and then what to you think as a silver lining that has come out of the, the acceleration of the last 18 months. >>She and I, I get the question, you know, I've been with at and T long time. Right. And I still remember the day I joined at T and T labs. So it was one of my kind of dream coming out of engineering school. Every engineer wants to go work for a brand that is recognized, right. And I, I drove from Clemson, South Carolina to New Jersey Homedale and, uh, I'm still, you know, you can see I'm still having the smile on my face. So I've, you know, think innovation is key. And that's what we do at, at and T I think the ability to, um, kind of move fast, you know, I think what the pandemic has taught us is the speed, right? The speed at which we have to move the speed at which we have to collaborate the speed at which we have to deliver, uh, to agility has become, you know, the differentiator for all of us. >>And we're focusing on that. I also feel that, uh, you know, there have been times where, you know, product organizations, technology organizations, you know, we struggle with jumping this sort of S-curve right, which is, Hey, I'm holding onto something. Do I let go or not? Let go. And I think the pandemic has taught us that you have to jump the S-curve, you have to accelerate because that is where you need to be in, in a way, going back to the sassy trend, right. It is something that is real, and it's going to be there for the next three to five years. So let's get ready. >>I call that getting comfortably uncomfortable, no businesses safe if they rest on their laurels these days. I think we've learned that, speaking of speed, I wanna, I wanna get kind of your perspective on 5g, where you guys are at, and when do you think it's going to be really impactful to, you know, businesses, consumers, first responders, >>The 5g investments are happening and they will continue to happen. And if you look at what's happened with the network, what at and T has announced, you know, we've gotten a lot of kudos for whatever 5g network for our mobile network, for our wireless network. And we are starting to see that, that innovation and that innovation as we anticipated is happening for the enterprise customers first, right? So there's a lot of, you know, robotics or warehouse or equipment that needs to sort of, you know, connect at a low latency, high speed, highly secure sort of, you know, data movements, compute edge that sits next to the, to the campus, you know, delivering a very different application experience. So we're seeing that, you know, momentum, uh, I think on the consumer side, it is starting to come in and it's going to take a little bit more time as the devices and the applications catch up to what we are doing in the network. And if you think about, you know, the, the value creation that has happened on, on the mobile networks is like, if you think about companies like Uber or left, right, did not exist. And, uh, many businesses, you know, are dependent on that network. And I think, uh, it will carry on. And I think in the next year or two, we'll see firsthand the outcomes and the value that it is delivering you go to a stadium at and T stadium in Dallas, you know, 5g enabled, you know, that the experience is very different. >>I can't wait to go to a stadium again and see it came or live music. Oh, that sounds great. Rubbish. Thank you so much for joining me today, talking about what a T and T is doing with 49, the challenges that you're helping your customers combat at the edge and the importance of really being future. Ready? >>Yes. Thank you. Thank you so much. Really appreciate you having me. Thanks for 49 to invite us to be at this event. Yes. >>Thank you for refresh talk. She I'm Lisa Martin. You're watching the cube at the 40 net championship security summits.

>>Welcome to this cube conversation. I'm Lisa Martin. I'm joined by Derek manky next, the chief security insights and global threat alliances at 40 guard labs. Derek. Welcome back. >>Yeah, it's great to be here again. So then, uh, uh, a lot of stuff's happened since we last talked. >>One of the things that was really surprising from this year's global threat landscape report is a 10 more than 10 X increase in ransomware. What's going on? What have you guys seen? >>Yeah, so, uh, th th this is, is massive. We're talking about a thousand percent over a 10, a 10 X increase. This has been building police. So this, this has been building since, uh, December of 2020 up until then we saw relatively low, uh, high watermark with ransomware. Um, it had taken a hiatus really because cyber criminals were going after COVID-19 lawyers and doing some other things at the time, but we did see us a seven fold increase in December, 2020. That is absolutely continued. Uh, continued this year into a momentum up until today. It continues to build never subsided. Now it's built to this monster, you know, almost 11 times increase from, from what we saw back last December and what the, uh, the reason what's fueling. This is a new verticals that cyber criminals are targeting. We've seen the usual suspects like telecommunication government and, uh, position one and two, but new verticals that have risen up into this, uh, third and fourth position following our MSSP. And this is on the heels of the Casia attack. Of course, that happened in 2021, as well as operational technology. There's actually four segments, there's transportation, uh, automotive manufacturing, and then of course, energy and utility all subsequent to each other. So there's a huge focus now on, on OTA and MSSP for cybercriminals. >>One of the things that we saw last year, this time was that attackers had shifted their focus away from enterprise infrastructure devices, to home networks and consumer grade products. And now it looks like they're focusing on both. Are you seeing that? >>Yes, absolutely. I in two ways. So first of all, again, this is a kill chain that we talk about. They have to get a foothold into the infrastructure, and then they can load things like ransomware on there. They can little things like information Steelers as an example, the way they do that is through botnets. And, uh, what we reported in this, um, in the first half of 2021 is that Mariah, which is about a two to three-year old button that now is, is number one by far, it was the most prevalent bond that we've seen. Of course, the thing about Mariah is that it's an IOT based bot net. So it sits on devices, uh, sitting inside a consumer networks as an example, or home networks, right? And that, that can be a big problem. So that's the targets that cyber criminals are using. The other thing that we saw that was interesting was that one in four organizations detected malvertising. >>And so what that means at least, is that cyber criminals are shifting their tactics from going just from cloud-based or centralized email phishing campaigns to a web born threats, right? So they're infecting sites, waterhole attacks, where people would go to read their, their, their daily updates as an example of things that they do as part of their habits. Um, they're getting sent links to these sites that when they go to it, it's actually installing those botnets onto those systems. So they can get a foothold. We've also seen scare tactics, right? So they're doing new social engineering Lewis pretending to be human resource departments, uh, you know, uh, uh, it staff and personnel, as an example, with pop-ups through the web browser that looked like these people to fill out different forms and ultimately get infected on, on a home devices. >>Well, the home device we use is proliferate. It continues because we are still in this work from home work, from anywhere environment. Is that when you think a big factor in this increased from seven X to nearly 11 X, >>It is a factor. Absolutely. Yeah. Like I said, it's, it's also, it's a hybrid of sorts. So, so a lot of that activity is going to the MSSP, uh, angle, like I said, uh, to, to the OT. And so to those verticals, which by the way, are actually even larger than traditional targets in the past, like, uh, finance and banking is actually lower than that as an example. So yeah, we are seeing a shift to that. And like I said, that's, that's further, uh, backed up from what we're seeing on with the, the, the, the botnet activity specifically with Veronica too. Are >>You seeing anything in terms of the ferocity? We know that the volume is increasing. Are they becoming more ferocious? These attacks? >>Yeah. Yeah. There, there is. There's a lot of aggression out there, certainly from, from criminals. And I would say that the velocity is increasing, but the amount of, if you look at the cyber criminal ecosystem, the, the stakeholders, right. Um, that is increasing, it's not just one or two campaigns that we're seeing. Again, we're seeing, this has been a record cases here almost every week. We've seen one or two significant, you know, cyber security events that are happening. That is a dramatic shift compared to, to, to last year or even, you know, two years ago too. And this is because, um, because the cyber criminals are getting deeper pockets now, they're, they're becoming more well-funded and they have business partners, affiliates that they're hiring each one of those has their own methodology, and they're getting paid big. We're talking up to 70 to 80% commission, just if they actually successfully, you know, in fact, someone that pays for the ransom as an example. And so that's really, what's driving this too. It's, it's, it's a combination of this kind of perfect storm as we call it. Right. You have this growing attack surface and work from home, uh, environments, um, and footholds into those networks. But you have a whole bunch of other people now on the bad side that are orchestrating this and executing the attacks too. >>What can organizations do to start to slow down or limit the impacts of this growing ransomware as a service? >>Yeah, great question. Um, everybody has their role in this, I say, right? So, uh, if we look at, from a strategic point of view, we have to disrupt cyber crime. How do we do that? Um, it starts with the kill chain. It starts with trying to build resilient networks. So things like a ZTE and a zero trust network access, a SD LAN as an example, as an example for producting that land infrastructure on, because that's where the threats are floating to, right? That's how they get the initial footholds. So anything we can do on the, on the, you know, preventative, preventative side, making, uh, networks more resilient, um, also education and training is really key. Things like multi-factor authentication are all key to this because if you build that, uh, uh, preventatively and that's a relatively small investment upfront, Lisa compared to the collateral damage that can happen with these ransomware, it passes, the risk is very high. Um, that goes a long way. It also forces the attackers to it slows down their velocity. It forces them to go back to the drawing board and come up with a new strategy. So that is a very important piece, but there's also things that we're doing in the industry. There's some good news here too, uh, that we can talk about because there's, there's things that we can actually do. Um, apart from that to, to really fight cyber crime, to try to take the cyber criminal cell phone. >>All right. Hit me with the good news Derek. >>Yeah. So, so a couple of things, right. If we look at the bot net activity, there's a couple of interesting things in there. Yes, we are seeing Mariah rise to the top right now, but we've seen big problems of the past that have gone away or come back, not as prolific as before. So two specific examples, a motel that was one of the most prolific botnets that was out there for the past two to three years, there is a take-down that happened in January of this year. Uh, it's still on our radar, but immediately after that takedown, it literally dropped to half of the activity. It hadn't before. And it's been consistently staying at that low watermark now had that half percentage since, since that six months later. So that's very good news showing that the actual coordinated efforts that we're getting involved with law enforcement, with our partners and so forth to take down, these are actually hitting their supply chain where it hurts. >>Right. So that's good news part one trick. Bob was another example. This is also a notorious spot net take down attempt in Q4 of 2020. It went offline for about six months. Um, in our landscape report, we actually show that it came back online, uh, in about June this year. But again, it came down, it came back weaker and another form is not nearly as prolific as before. So we are hitting them where it hurts. That's, that's the really good news. And we're able to do that through new, um, what I call high resolution intelligence. >>Talk to me about that high resolution intelligence. What do you mean by that? >>Yeah, so this is cutting edge stuff really gets me excited and keeps, keeps me up at night in a good way. Uh, cause we're, we're looking at this under the microscope, right? It's not just talking about the why we know there's problems out there. We know there's, there's ransomware. We know there's the botnets, all these things, and that's good to know, and we have to know that, but we're able to actually zoom in on this now and look at it. So we, for the first time in the threat landscape report, we've published TTPs, the techniques, tactics procedures. So it's not just talking about the, what it's talking about, the how, how are they doing this? What's their preferred method of getting into systems? How are they trying to move from system to system and exactly how are they doing that? What's the technique. And so we've highlighted that it's using the MITRE attack framework TTP, but this is real-time data. >>And it's very interesting. So we're clearly seeing a very heavy focus from cyber criminals and attackers to get around security controls, to do defensive, Asian, to do privilege escalation on systems. So in other words, trying to be common administrator so they can take full control of the system. Uh, as an example, a lateral movement on there's still a preferred over 75%, 77, I believe percent of activity we observed from malware was still trying to move from system to system by infecting removable media like thumb drives. And so it's interesting, right? It's a brand new look on the, these a fresh look, but it's this high resolution is allowing us to get a clear image so that when we come to providing strategic guidance and solutions of defense, and also even working on these, take down that Fritz, it allows us to be much more effective. So >>One of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. You said, I don't think that we've hit that, that ceiling yet, but are we at an inflection points, the data showing that we're at an inflection point here with being able to get ahead of this? >>Yeah, I, I, I would like to believe so. Um, it, there is still a lot of work to be done. Unfortunately, if we look at, you know, there is a, a recent report put out by the department of justice in the S saying that, you know, the chance of, uh, criminal, uh, to be committing a crime, but to be caught in the U S is somewhere between 55 to 60%, the same chance for a cyber criminal lies less than 1% above 0.5%. And that's the bad news. The good news is we are making progress and sending messages back and seeing results. But I think there's a long road ahead. So, um, you know, there there's a lot of work to be done. We're heading in the right direction. But like I said, they say, it's not just about that. It's everyone has, has their role in this all the way down to organizations and end users. If they're doing their part and making their networks more resilient through this, through all the, you know, increasing their security stack and strategy, um, that is also really going to stop the, you know, really ultimately the profiteering, uh, that, that wave, you know, cause that continues to build too. So it's, it's a multi-stakeholder effort and I believe we are, we are getting there, but I continue to still, uh, you know, I continue to expect the ransomware wave to build. In the meantime, >>On the end user front, that's always one of the vectors that we talk about it's people, right? It's there's so there's so much sophistication in these attacks that even security folks and experts are nearly fooled by them. What are some of the things that you're saying that governments are taking action on some recent announcements from the white house, but other organizations like Interpol, the world, economic forum, cyber crime unit, what are some of the things that governments are doing that you're seeing that as really advantageous here for the good guys? >>Yeah, so absolutely. This is all about collaboration. Governments are really focused on public private sector collaboration. Um, so we've seen this across the board, uh, with 40 guard labs, we're on the forefront with this, and it's really exciting to see that it's great. Uh, there, there, there's always been a lot of will work together, but we're starting to see action now. Right. Um, Interpol is a great example. They recently this year held a high level forum on ransomware. I was actually spoken was part of that forum as well too. And the takeaways from that event were that we, this was a message to the world, that public private sector we need. They actually called ransomware a pandemic, which is what I've referred to it as before in itself as well too, because it is becoming that much of a problem and that we need to work together to be able to create action, action action against this measure, success become more strategic. >>The world economic forum, uh, were, were, uh, leading a project called the partnership against cyber crime threat map project. And this is to identify not just all this stuff we talked about in the threat landscape report, but also looking at, um, you know, things like how many different ransomware gangs are there out there. Uh, what are their money laundering networks look like? It's that side of the side of the supply chains of apple so that we can work together to actually take down those efforts. But it really is about this collaborative action that's happening and it's, um, innovation and there's R and D behind this as well. That's coming to the table to be able to make, you know, make it impactful. >>So it sounds to me like ransomware is no longer a for any organization in any, any industry you were talking about the expansion of verticals, it's no longer a, if this happens to us, but a matter of when and how do we actually prepare to remediate prevent any damage? Yeah, >>Absolutely. How do we prepare? The other thing is that there's a lot of, um, you know, with just the nature of, of, of cyber, there's a lot of, uh, connectivity. There's a lot of different, uh, it's not just always siloed attacks. Right? We saw that with colonial obviously this year where you have the talks on, on it that can affect consumers right now to consumers. Right. And so for that very reason, um, everybody's infected in this, uh, it, it truly is a pandemic, I believe on its own. Uh, but the good news is there's a lot of smart people, uh, on the good side and, you know, that's what gets me excited. Like I said, we're working with a lot of these initiatives and like I said, some of those examples I called up before, we're actually starting to see measurable progress against this as well. >>That's good. Well, never adult day, I'm sure. In your world, any thing that you think when we talk about this again, in a few more months of the second half of 2021, anything that, that you predict crystal ball wise that we're going to see? >>Yeah. I think that we're going to continue to see more of the, I mean, ransomware, absolutely. More of the targeted attacks. That's been a shift this year that we've seen. Right. So instead of just trying to infect everybody for ransom, but as an example of going after some of these new, um, you know, high profile targets, I think we're going to continue to see that happening from there. Add some more side on, on, and because of that, the average costs of these data breaches, I think they're going to continue to increase. Um, they had already did, uh, in, uh, 20, uh, 2021, as an example, if we look at the cost of the data breach report, it's gone up to about $5 million us on average, I think that's going to continue to increase as well too. And then the other thing too, is I think that we're going to start to see more, um, more, more action on the good side. Like we talked about, there was already a record amount of take downs that have happened five take downs that happened in January. Um, there were, uh, arrests made to these business partners that was also new. So I'm expecting to see a lot more of that coming out, uh, uh, towards the end of the year, too. >>So as the challenges persist, so do the good things that are coming out of this. They're working folks go to get this first half 2021 global threat landscape. What's the URL that they can go to. >>Yeah, you can check it all, all of our updates and blogs, including the threat landscape reports on blog about 40 nine.com under our threat research category. >>Excellent. I read that blog. It's fantastic. Derek, always a pleasure to talk to you. Thanks for breaking this down for us showing what's going on. Both the challenging things, as well as the good news. I look forward to our next conversation. >>Absolutely. It's great. Chatting with you again, Lisa. Thanks. >>Likewise for Derek manky. I'm Lisa Martin. You're watching this cube conversation.

>>Welcome back to the cubes coverage of dr khan 2021. I'm john for your host of the cube. We're here with Amanda Silver, corporate vice president, product developer division at Microsoft. Amanda, Great to see you you were on last year, Dr khan. Great to see you again a full year later were remote. Thanks for coming on. I know you're super busy with build happening this week as well. Thanks for making the time to come on the cube for Dr khan. >>Thank you so much for having me. Yeah, I'm joining you like many developers around the globe from my personal home office, >>developers really didn't skip a beat during the pandemic and again, it was not a good situation but developers, as you talked about last year on the front lines, first responders to creating value quite frankly, looking back you were pretty accurate in your prediction, developers did have an impact this year. They did create the kind of change that really changed the game for people's lives, whether it was developing solutions from a medical standpoint or even keeping systems running from call centres to making sure people got their their their goods or services and checks and and and kept sanity together. So. >>Yeah absolutely. I mean I think I think developers you know get the M. V. P. Award for this year because you know at the end of the day they are the digital first responders to the first responders and the pivot that we've had to make over the past year in terms of supporting remote telehealth, supporting you know online retail, curbside pickup. All of these things were done through developers being the ones pushing the way forward remote learning. You know my kids are learning at home right behind me right now so you might hear them during the interview that's happening because developers made that happen. >>I don't think mom please stop hogging the band with, they've got a gigabit. Stop it. Don't be streaming. My kids are all game anyway, Hey, great to have you on and you have to get the great keynote, exciting to see you guys continue the collaboration with Docker uh with GIT hub and Microsoft, A great combination, it's a 123 power punch of value. You guys are really kind of killing it. We heard from scott and dan has been on the cube. What's your thoughts on the partnership with the developer division team at Microsoft with Doctor, What's it all about this year? What's the next level? >>Well, I mean, I think, I think what's really awesome about this partnership is that we all have, we all are basically sharing a common mission. What we want to do is make sure that we're empowering developers, that we're focused on their productivity and that we're delivering value to them so they can do their job better so that they can help others. So that's really kind of what drives us day in and day out. So what we focus on is developer productivity. And I think that's a lot of what dana was talking about in her session, the developer division. Specifically, we really try to make sure that we're improving the state of the art from modern developers. So we want to make sure that every keystroke that they take, every mouse move that they make, it sounds like a song but every every one of those matter because we want to make sure that every developers writing the code that only they can write and in terms of the partnership and how that's going. You know my team and the darker team have been collaborating a ton on things like dr desktop and the Doctor Cli tool integrations. And one of the things that we do is we think about pain points and various workflows. We want to make sure that we're shaving off the edges of all of the user experience is the developers have to go through to piece all of these applications together. So one of the big pain points that we have heard from developers is that signing into the Azure cloud and especially our sovereign clouds was challenging. So we contributed back to uh back to doctor to actually make it easier to sign into these clouds. And so dr developers can now use dr desktop and the Doctor Cli to actually change the doctor context so that its Azure. So that makes it a lot easier to connect the other. Oh, sorry, go ahead. No, I was just >>going to say, I love the reference of the police song. Every breath you take, every >>mouth moving. Great, >>great line there. Uh, but I want to ask you while you're on this modern cloud um, discussion, what is I mean we have a lot of developers here at dr khan. As you know, you guys know developers in your ecosystem in core competency. From Microsoft, Kublai khan is a very operator like focus developed. This is a developer conference. You guys have build, what is the state of the art for a modern cloud developer? Could you just share your thoughts because this comes up a lot. You know, what's through the art? What's next jan new guard guard? It's his legacy. What is the state of the art for a modern cloud developer? >>Fantastic question. And extraordinarily relevant to this particular conference. You know what I think about often times it's really what is the inner loop and the outer loop look like in terms of cycle times? Because at the end of the day, what matters is the time that it takes for you to make that code change, to be able to see it in your test environment and to be able to deploy it to production and have the confidence that it's delivering the feature set that you need it to. And it's, you know, it's secure, it's reliable, it's performance, that's what a developer cares about at the end of the day. Um, at the same time, we also need to make sure that we're growing our team to meet our demand, which means we're constantly on boarding new developers. And so what I take inspiration from our, some of the tech elite who have been able to invest significant amounts in, in tuning their engineering systems, they've been able to make it so that a new developer can join a team in just a couple of minutes or less that they can actually make a code change, see that be reflected in their application in just a few seconds and deploy with confidence within hours. And so our goal is to actually be able to take that state of the art metric and democratize that actually bring it to as many of our customers as we possibly can. >>You mentioned supply chain earlier in securing that. What are you guys doing with Docker and how to make that partnership better with registries? Is there any update there in terms of the container registry on Azure? >>Yeah, I mean, you know, we, we we have definitely seen recent events and and it almost seems like a never ending attacks that that you know, increasingly are getting more and more focused on developer watering holes is how we think about it. Kind of developers being a primary target um for these malicious hackers. And so what it's more important than ever that every developer um and Microsoft especially uh really take security extraordinarily seriously. Our engineers are working around the clock to make sure that we are responding to every security incident that we hear about and partnering with our customers to make sure that we're supporting them as well. One of the things that we announced earlier this week at Microsoft build is that we've actually taken, get have actions and we've now integrated that into the Azure Security Center. And so what this means is that, you know, we can now do things like scan for vulnerabilities. Um look at things like who is logging in, where things like that and actually have that be tracked in the Azure security center so that not just your developers get that notification but also your I. T. Operations. Um In terms of the partnership with dR you know, this is actually an ongoing partnership to make sure that we can provide more guidance to developers to make sure that they are following best practices like pulling from a private registry like Docker hub or at your container registry. So I expect that as time goes on will continue to more in partnership in this space >>and that's going to give a lot of confidence. Actually, productivity wise is going to be a big help for developers. Great stuff is always good, good progress. They're moving the needle. >>Last time we >>spoke we talked about tools and setting Azure as the doctor context duty tooling updates here at dot com this year. That's notable. >>Yeah, I mean, I think, you know, there's one major thing that we've been working on which has a big dependency on docker is get help. Code space is now one of the biggest pain points that developers have is setting up a new DEV box, which they often have to do when they are on boarding a new employee or when they're starting a new project or even if they're just kicking the tires on a new technology that they want to be able to evaluate and sometimes creating a developer environment can actually take hours um and especially when you're trying to create a developer environment that matches somebody else's developer environment that can take like a half a day and you can spend all of your time just debugging the differences in environment variables, for example, um, containers actually makes that much easier. So what you can do with this, this services, you can actually create death environment spun up in the cloud and you can access it in seconds and you get from there are working coding environment and a runtime environment and this is repeatable via containers. So it means that there's no inadvertent differences introduced by each DEV. And you might be interested to know that underneath this is actually using Docker files and dr composed to orchestrate the debits and the runtime bits for a whole bunch of different stacks. And so this is something that we're actually working on in collaboration with the with the doctor team to have a common the animal format. And in fact this week we actually introduced a couple of app templates so that everybody can see this all in action. So if you check out a ca dot m s forward slash app template, you can see this in action yourself. >>You guys have always had such a strong developer community and one thing I love about cloud as it brings more agility, as we always talk about. But when you start to see the enterprise grow into, the direction is going now, it's almost like the developer communities are emerging, it's no longer about all the Lennox folks here and the dot net folks there, you've got windows, you've got cloud, >>it's almost >>the the the solidification of everyone kind of coming together. Um and visual studio, for instance, last year, I think you were talking about that to having to be interrogated dr composed, et cetera. >>How do you see >>this melting pot emerging? Because at the end of the day, you pick the language you love and you got devops, which is infrastructure as code doesn't matter. So give us your take on where we are with that whole progress of of making that happen. >>Well, I mean I definitely think that, you know, developer environments and and kind of, you know, our approach to them don't need to be as dogmatic as they've been in the past. I really think that, you know, you can pick the right tool and language and stand developer stack for your team, for your experience and you can be productive and that's really our goal. And Microsoft is to make sure that we have tools for every developer and every team so that they can build any app that they want to want to create. Even if that means that they're actually going to end up ultimately deploying that not to our cloud, they're going to end up deploying it to AWS or another another competitive cloud. And so, you know, there's a lot of things that we've been doing to make that really much easier. We have integrated container tools in visual studio and visual studio code and better cli integrations like with the doctor context that we had talked about a little bit earlier. We continue to try to make it easier to build applications that are targeting containers and then once you create those containers it's much easier to take it to another environment. One of the examples of this kind of work is now that we have WsL and the Windows subsystem for Lennox. This makes it a lot easier for developers who prefer a Windows operating system as their environment and maybe some tools like Visual Studio that run on Windows, but they can still target Lennox with as their production environment without any impedance mismatch. They can actually be as productive as they would be if they had a Linux box as their Os >>I noticed on this session, I got to call this out. I want to get your reaction to it interesting. Selection of Microsoft talks, the container based development. Visual studio code is one that's where you're going to show some some some container action going on with note and Visual Studio code. And then you get the machine learning with Azure uh containers in the V. S. Code. Interesting how you got, you know, containers with V. S. And now you've got machine learning. What does that tell the world about where Microsoft's at? Because in a way you got the cutting edge container management on one side with the doctor integration. Now you get the machine learning which everyone's talking about shifting, left more automation. Why are these sessions so important? Why should people attend? And what's the what's the bottom line? >>Well, like I said, like containers basically empower developer productivity. Um that's what creates the reputable environments, that's what allows us to make sure that, you know, we're productive as soon as we possibly can be with any text act that we want to be able to target. Um and so that's kind of almost the ecosystem play. Um it's how every developer can contribute to the success of others and we can amor ties the kinds of work that we do to set up an environment. So that's what I would say about the container based development that we're doing with both visual studio and visual studio code. Um in terms of the machine learning development, uh you know, the number of machine learning developers in the world is relatively small, but it's growing and it's obviously a very important set of developers because to train a machine learning uh to train an ml model, it actually requires a significant amount of compute resources, and so that's a perfect opportunity to bring in the research that are in a public cloud. Um What's actually really interesting about that particular develop developer stack is that it commonly runs on things like python. And for those of you who have developed in python, you know, just how difficult it is to actually set up a python environment with the right interpreter, with the right run time, with the right libraries that can actually get going super quickly, um and you can be productive as a developer. And so it's actually one of the hardest, most challenging developer stacks to actually set up. And so this allows you to become a machine learning developer without having to spend all of your time just setting up the python runtime environment. >>Yeah, it's a nice, nice little call out on python, it's a double edged sword. It's easier to sling code around on one hand, when you start getting working then you gotta it gets complicated can get well. Um Well the great, great call out there on the island, but good, good, good project. Let me get your thoughts on this other tool that you guys are talking about project tie. Uh This is interesting because this is a trend that we're seeing a lot of conversations here on the cube about around more too many control planes. Too many services. You know, I no longer have that monolithic application. I got micro micro applications with microservices. What the hell is going on with my services? >>Yeah, I mean, I think, you know, containers brought an incredible amount of productivity in terms of having repeatable environments, both for dev environments, which we talked about a lot on this interview already, but also obviously in production and test environments. Super important. Um and with that a lot of times comes the microservices architecture that we're also moving to and the way that I view it is the microservices architecture is actually accompanied by businesses being more focused on the value that they can actually deliver to customers. And so they're trying to kind of create separations of concerns in terms of the different services that they're offering, so they can actually version and and kind of, you know, actually improve each of these services independently. But what happens when you start to have many microservices working together in a SAS or in some kind of aggregate um service environment or kind of application environment is it starts to get unwieldy, it's really hard to make it so that one micro service can actually address another micro service. They can pass information back and forth. And you know what used to be maybe easy if you were just building a client server application because, you know, within the server tear all of your code was basically contained in the same runtime environment. That's no longer the case when every microservices actually running inside of its own container. So the question is, how can we improve program ability by making it easier for one micro service that's being used in an application environment, be to be able to access another another service and kind of all of that context. Um and so, you know, you want to be able to access the service is the the api endpoint, the containers, the ingress is everything, make everything work together as though it felt just as easy as as um you know, server application development. Um And so what this means as well is that you also oftentimes need to get all of these different containers running at the same time and that can actually be a challenge in the developer and test loop as well. So what project tie does is it improves the program ability and it actually allows you to just write a command like thai run so that you can actually in stan she ate all of these containers and get them up and running and basically deploy and run your application in that environment and ultimately make the dev testing or loop much faster >>than productivity gain. Right. They're making it simple to stand up. Great, great stuff. Let me ask you a question as we kind of wrap down here for the folks here at Dakar Con, are >>there any >>special things you'd like to talk about the development you think are important for the developers here within this space? It's very dynamic. A lot of change happening in a good way. Um, but >>sometimes it's hard to keep >>track of all the cool stuff happening. Could you take a minute to, to share your thoughts on what you think are the most important develops developments in this space? That that might be interesting to ducker con attendees. >>I think the most important things are to recognize that developer environments are moving to containerized uh, environments themselves so that they can be repeated, they can be shared, the work, configuring them can be amortized across many developers. That's important thing. Number one important thing. Number two is it doesn't matter as much what operating system you're running as your chrome, you know, desktop. What matters is ultimately the production environment that you're targeting. And so I think now we're in a world where all of those things can be mixed and matched together. Um and then I think the next thing is how can we actually improve microservices, uh programming development together um so that it's easier to be able to target multiple micro services that are working in aggregate uh to create a single service experience or a single application. And how do we improve the program ability for that? >>You know, you guys have been great supporters of DACA and the community and open source and software developers as they transform and become quite frankly the superheroes for the transformation, which is re factoring businesses. So this has been a big thing. I'd love to get your thoughts on how this is all coming together inside Microsoft, you've got your division, you get the developer division, you got GIT hub, got Azure. Um, and then just historically, and he put this up last year army of an ecosystem. People who have been contributing encoding with Microsoft and the partners for many, many decades. >>Yes. The >>heart Microsoft now, how's it all working? What's the news? I get Lincoln, Lincoln, but there's no yet developer model there yet, but probably is soon. >>Um Yeah, I mean, I think that's a pretty broad question, but in some ways I think it's interesting to put it in the context of Microsoft's history. You know, I think when I think back to the beginning of my career, it was kind of a one stack shop, you know, we was all about dot net and you know, of course we want to dot net to be the best developer environment that it can possibly be. We still actually want that. We still want that need to be the most productive developer environment. It could we could possibly build. Um but at the same time, I think we have to recognize that not all developers or dot net developers and we want to make sure that Azure is the most productive cloud for developers and so to do that, we have to make sure that we're building fantastic tools and platforms to host java applications, javascript applications, no Js applications, python applications, all of those things, you know, all of these developers in the world, we want to make sure it can be productive on our tools and our platforms and so, you know, I think that's really kind of the key of you know what you're speaking of because you know, when I think about the partnership that I have with the GIT hub team or with the Azure team or with the Azure Machine learning team or the Lincoln team, um A lot of it actually comes down to helping empower developers, improving their productivity, helping them find new developers to collaborate with, um making sure that they can do that securely and confidently and they can basically respond to their customers as quickly as they possibly can. Um and when, when we think about partnering inside of Microsoft with folks like linkedin or office as an example, a lot of our partnership with them actually comes down to improving their colleagues efficiency. We build the developer tools that office and lengthen are built on top of and so every once in a while we will make an improvement that has, you know, 5% here, 3% there and it turns into an incredible amount of impact in terms of operations, costs for running these services. >>It's interesting. You mentioned earlier, I think there's a time now we're living in a time where you don't have to be dogmatic anymore, you can pick what you like and go with it. Also that you also mentioned just now this idea of distributed applications, distributed computing. You know, distributed applications and microservices go really well together. Especially with doctor. >>Can you share >>your thoughts on the framework that you guys released called Dapper? >>Yeah, yeah. We recently released Dapper. It's called D A P R. You can look it up on GIT hub and it's a programming model for common microservices pattern, two common microservices patterns that make it really easy and automatic to create those kinds of microservices. So you can choose to work with your favorite state stores or databases or pub sub components and get things like cloud events for free. You can choose either http or g R B C so that you can get mesh capabilities like service discovery and re tries and you can bring your own secret store and easily be able to call it from any environment variable. It's also like I was talking about earlier, multi lingual. Um so you don't need to embrace dot net, for example, as you're programming language to be able to benefit from Dapper, it actually supports many programming languages and Dapper itself is actually written and go. Um and so, you know, all developers can benefit from something like Dapper to make it easier to create microservices applications. >>I mean, always great to have you on great update. Take a minute to give an update on what's going on with your division. I know you had to build conference this week. V. S has got the new preview title. We just talked about what are the things you want to get to plug in for? Take a minute to get to plug in for what you're working on, your goals, your objectives hiring, give us the update. >>Yeah, sure. I mean, you know, we we built integrated container tools in visual studio uh and the Doctor extension and Visual Studio code and cli extensions. Uh and you know, even in this most recent release of our Visual Studio product, Visual Studio 16 10, we added some features to make it easier to use DR composed better. So one of the examples of this is that you can actually have uh Oftentimes you need to be able to use multiple doctor composed files together so that you can actually configure various different container environments for a single single application. But it's hard sometimes to create the right Yeah. My file so that you can actually invoke it and invoke the the container and the micro services that you need. And so what this allows you to do is to actually have just a menu of the different doctor composed files so that you can select the runtime and test environment that you need for the subset of the portion of the application that you're working on at the end of the day. This is always about developer productivity. You know, like I said, every keystroke matters. Um and we want to make sure that you as a developer can focus on the code that only you can Right. >>Amanda Silver, corporate vice president product development division of Microsoft. Always great to see you and chat with you remotely soon. We'll be back in in real life with real events soon as we come out of the pandemic and thanks for sharing your insight and congratulations on your success this year and and congratulations on your announcement here at Dakar Gone. >>Thank you so much for having me. >>Okay Cube coverage for Dunkirk on 2021. I'm John for your host of the Cube. Thanks for watching. Mhm

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.