>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back to Vegas. Guys. We're happy that you're here. Lisa Martin here covering with Dave Valante, Palo Alto Networks Ignite 22. We're at MGM Grand. This is our first day, Dave of two days of cube coverage. We've been having great conversations with the ecosystem with Palo Alto executives, with partners. One of the things that they have is unit 42. We're gonna be talking with them next about cyber intelligence. And the threat data that they get is >>Incredible. Yeah. They have all the data, they know what's going on, and of course things are changing. The state of play changes. Hold on a second. I got a text here. Oh, my Netflix account was frozen. Should I click on this link? Yeah. What do you think? Have you had a, it's, have you had a little bit more of that this holiday season? Yeah, definitely. >>Unbelievable, right? A lot of smishing going on. >>Yeah, they're very clever. >>Yeah, we're very pleased to welcome back one of our alumni to the queue. Wendy Whitmore is here, the SVP of Unit 42. Welcome back, Wendy. Great to have >>You. Thanks Lisa. So >>Unit 42 created back in 2014. One of the things that I saw that you said in your keynote this morning or today was everything old is still around and it's co, it's way more prolific than ever. What are some of the things that Unit 42 is seeing these days with, with respect to cyber threats as the landscape has changed so much the last two years alone? >>You know, it, it has. So it's really interesting. I've been responding to these breaches for over two decades now, and I can tell you that there are a lot of new and novel techniques. I love that you already highlighted Smishing, right? In the opening gate. Right. Because that is something that a year ago, no one knew what that word was. I mean, we, it's probably gonna be invented this year, right? But that said, so many of the tactics that we have previously seen, when it comes to just general espionage techniques, right? Data act filtration, intellectual property theft, those are going on now more than ever. And you're not hearing about them as much in the news because there are so many other things, right? We're under the landscape of a major war going on between Russia and Ukraine of ransomware attacks, you know, occurring on a weekly basis. And so we keep hearing about those, but ultimately these nations aid actors are using that top cover, if you will, as a great distraction. It's almost like a perfect storm for them to continue conducting so much cyber espionage work that like we may not be feeling that today, but years down the road, they're, the work that they're doing today is gonna have really significant impact. >>Ransomware has become a household word in the last couple of years. I think even my mom knows what it is, to some degree. Yeah. But the threat actors are far more sophisticated than they've ever written. They're very motivated. They're very well funded. I think I've read a stat recently in the last year that there's a ransomware attack once every 11 seconds. And of course we only hear about the big ones. But that is a concern that goes all the way up to the board. >>Yeah. You know, we have a stat in our ransomware threat report that talks about how often victims are posted on leak sites. And I think it's once every seven minutes at this point that a new victim is posted. Meaning a victim has had their data, a victim organization had their data stolen and posted on some leak site in the attempt to be extorted. So that has become so common. One of the shifts that we've seen this year in particular and in recent months, you know, a year ago when I was at Ignite, which was virtual, we talked about quadruple extortion, meaning four different ways that these ransomware actors would go out and try to make money from these attacks in what they're doing now is often going to just one, which is, I don't even wanna bother with encrypting your data now, because that means that in order to get paid, I probably have to decrypt it. Right? That's a lot of work. It's time consuming. It's kind of painstaking. And so what they've really looked to do now is do the extortion where they simply steal the data and then threaten to post it on these leak sites, you know, release it other parts of the web and, and go from there. And so that's really a blending of these techniques of traditional cyber espionage with intellectual property theft. Wow. >>How trustworthy are those guys in terms of, I mean, these are hackers, right? In terms of it's really the, the hacker honor system, isn't it? I mean, if you get compromised like that, you really beholden to criminals. And so, you >>Know, so that's one of the key reasons why having the threat intelligence is so important, right? Understanding which group that you're dealing with and what their likelihood of paying is, what's their modus operandi. It's become even more important now because these groups switch teams more frequently than NFL trades, you know, free agents during the regular season, right? Or players become free agents. And that's because their infrastructure. So the, you know, infrastructure, the servers, the systems that they're using to conduct these attacks from is actually largely being disrupted more from law enforcement, international intelligence agencies working together with public private partnerships. So what they're doing is saying, okay, great. All that infrastructure that I just had now is, is burned, right? It's no longer effective. So then they'll disband a team and then they'll recruit a new team and it's constant like mixing and matching in players. >>All that said, even though that's highly dynamic, one of the other areas that they pride themselves on is customer service. So, and I think it's interesting because, you know, when I said they're not wanting to like do all the decryption? Yeah. Cuz that's like painful techni technical slow work. But on the customer service side, they will create these customer service portals immediately stand one up, say, you know, hey it's, it's like an Amazon, you know, if you've ever had to return a package on Amazon for example, and you need to click through and like explain, you know, Hey, I didn't receive this package. A portal window pops up, you start talking to either a bot or a live agent on the backend. In this case they're hu what appeared to be very much humans who are explaining to you exactly what happened, what they're asking for, super pleasant, getting back within minutes of a response. And they know that in order for them to get paid, they need to have good customer service because otherwise they're not going to, you know, have a business. How, >>So what's the state of play look like from between nation states, criminals and how, how difficult or not so difficult is it for you to identify? Do you have clear signatures? My understanding in with Solar Winds it was a little harder, but maybe help us understand and help our audience understand what the state of play is right now. >>One of the interesting things that I think is occurring, and I highlighted this this morning, is this idea of convergence. And so I'll break it down for one example relates to the type of malware or tools that these attackers use. So traditionally, if we looked at a nation state actor like China or Russia, they were very, very specific and very strategic about the types of victims that they were going to go after when they had zero day. So, you know, new, new malware out there, new vulnerabilities that could be exploited only by them because the rest of the world didn't know about it. They might have one organization that they would target that at, at most, a handful and all very strategic for their objective. They wanted to keep that a secret as long as possible. Now what we're seeing actually is those same attackers going towards one, a much larger supply chain. >>So, so lorenzen is a great example of that. The Hafnia attacks towards Microsoft Exchange server last year. All great examples of that. But what they're also doing is instead of using zero days as much, or you know, because those are expensive to build, they take a lot of time, a lot of funding, a lot of patience and research. What they're doing is using commercially available tools. And so there's a tool that our team identified earlier this year called Brute Rael, C4 or BRC four for short. And that's a tool that we now know that nation state actors are using. But just two weeks ago we invested a ransomware attack where the ransomware actor was using that same piece of tooling. So to your point, yak can get difficult for defenders when you're looking through and saying, well wait, they're all using some of the same tools right now and some of the same approaches when it comes to nation states, that's great for them because they can blend into the noise and it makes it harder to identify as >>Quickly. And, and is that an example of living off the land or is that B BRC four sort of a homegrown hacker tool? Is it, is it a, is it a commercial >>Off the shelf? So it's a tool that was actually, so you can purchase it, I believe it's about 2,500 US dollars for a license. It was actually created by a former Red teamer from a couple well-known companies in the industry who then decided, well hey, I built this tool for work, I'm gonna sell this. Well great for Red teamers that are, you know, legitimately doing good work, but not great now because they're, they built a, a strong tool that has the ability to hide amongst a, a lot of protocols. It can actually hide within Slack and teams to where you can't even see the data is being exfiltrated. And so there's a lot of concern. And then now the reality that it gets into the wrong hands of nation state actors in ransomware actors, one of the really interesting things about that piece of malware is it has a setting where you can change wallpaper. And I don't know if you know offhand, you know what that means, but you know, if that comes to mind, what you would do with it. Well certainly a nation state actor is never gonna do something like that, right? But who likes to do that are ransomware actors who can go in and change the background wallpaper on a desktop that says you've been hacked by XYZ organization and let you know what's going on. So pretty interesting, obviously the developer doing some work there for different parts of the, you know, nefarious community. >>Tremendous amount of sophistication that's gone on the last couple of years alone. I was just reading that Unit 42 is now a founding member of the Cyber Threat Alliance includes now more than 35 organizations. So you guys are getting a very broad picture of today's threat landscape. How can customers actually achieve cyber resilience? Is it achievable and how do you help? >>So I, I think it is achievable. So let me kind of parse out the question, right. So the Cyber Threat Alliance, the J C D C, the Cyber Safety Review Board, which I'm a member of, right? I think one of the really cool things about Palo Alto Networks is just our partnerships. So those are just a handful. We've got partnerships with over 200 organizations. We work closely with the Ukrainian cert, for example, sharing information, incredible information about like what's going on in the war, sharing technical details. We do that with Interpol on a daily basis where, you know, we're sharing information. Just last week the Africa cyber surge operation was announced where millions of nodes were taken down that were part of these larger, you know, system of C2 channels that attackers are using to conduct exploits and attacks throughout the world. So super exciting in that regard and it's something that we're really passionate about at Palo Alto Networks in terms of resilience, a few things, you know, one is visibility, so really having a, an understanding of in a real, as much of real time as possible, right? What's happening. And then it goes into how you, how can we decrease operational impact. So that's everything from network segmentation to wanna add the terms and phrases I like to use a lot is the win is really increasing the time it takes for the attackers to get their work done and decreasing the amount of time it takes for the defenders to get their work done, right? >>Yeah. I I call it increasing the denominator, right? And the ROI equation benefit over or value, right? Equals equals or benefit equals value over cost if you can increase the cost to go go elsewhere, right? Absolutely. And that's the, that's the game. Yeah. You mentioned Ukraine before, what have we learned from Ukraine? I, I remember I was talking to Robert Gates years ago, 2016 I think, and I was asking him, yeah, but don't we have the best cyber technology? Can't we attack? He said, we got the most to lose too. Yeah. And so what have we learned from, from Ukraine? >>Well, I, I think that's part of the key point there, right? Is you know, a great offense essentially can also be for us, you know, deterrent. So in that aspect we have as an, as a company and or excuse me, as a country, as a company as well, but then as partners throughout all parts of the world have really focused on increasing the intelligence sharing and specifically, you know, I mentioned Ukrainian cert. There are so many different agencies and other sorts throughout the world that are doing everything they can to share information to help protect human life there. And so what we've really been concerned with, with is, you know, what cyber warfare elements are going to be used there, not only how does that impact Ukraine, but how does it potentially spread out to other parts of the world critical infrastructure. So you've seen that, you know, I mentioned CS rrb, but cisa, right? >>CISA has done a tremendous job of continuously getting out information and doing everything they can to make sure that we are collaborating at a commercial level. You know, we are sharing information and intelligence more than ever before. So partners like Mania and CrowdStrike, our Intel teams are working together on a daily basis to make sure that we're able to protect not only our clients, but certainly if we've got any information relevant that we can share that as well. And I think if there's any silver lining to an otherwise very awful situation, I think the fact that is has accelerated intelligence sharing is really positive. >>I was gonna ask you about this cause I think, you know, 10 or so years ago, there was a lot of talk about that, but the industry, you know, kind of kept things to themselves, you know, a a actually tried to monetize some of that private data. So that's changing is what I'm hearing from you >>More so than ever more, you know, I've, I mentioned I've been in the field for 20 years. You know, it, it's tough when you have a commercial business that relies on, you know, information to, in order to pay people's salaries, right? I think that has changed quite a lot. We see the benefit of just that continuous sharing. There are, you know, so many more walls broken down between these commercial competitors, but also the work on the public private partnership side has really increased some of those relationships. Made it easier. And you know, I have to give a whole lot of credit and mention sisa, like the fact that during log four J, like they had GitHub repositories, they were using Slack, they were using Twitter. So the government has really started pushing forward with a lot of the newer leadership that's in place to say, Hey, we're gonna use tools and technology that works to share and disseminate information as quickly as we can. Right? That's fantastic. That's helping everybody. >>We knew that every industry, no, nobody's spared of this. But did you notice in the last couple of years, any industries in particular that are more vulnerable? Like I think of healthcare with personal health information or financial services, any industries kind of jump out as being more susceptible than others? >>So I think those two are always gonna be at the forefront, right? Financial services and healthcare. But what's been really top of mind is critical infrastructure, just making sure right? That our water, our power, our fuel, so many other parts of right, the ecosystem that go into making sure that, you know, we're keeping, you know, houses heated during the winter, for example, that people have fresh water. Those are extremely critical. And so that is really a massive area of focus for the industry right now. >>Can I come back to public-private partnerships? My question is relates to regulations because the public policy tends to be behind tech, the technology industry as an understatement. So when you take something like GDPR is the obvious example, but there are many, many others, data sovereignty, you can't move the data. Are are, are, is there tension between your desire as our desire as an industry to share data and government's desire to keep data private and restrict that data sharing? How is that playing out? How do you resolve that? >>Well I think there have been great strides right in each of those areas. So in terms of regulation when it comes to breaches there, you know, has been a tendency in the past to do victim shaming, right? And for organizations to not want to come forward because they're concerned about the monetary funds, right? I think there's been tremendous acceleration. You're seeing that everywhere from the fbi, from cisa, to really working very closely with organizations to, to have a true impact. So one example would be a ransomware attack that occurred. This was for a client of ours within the United States and we had a very close relationship with the FBI at that local field office and made a phone call. This was 7:00 AM Eastern time. And this was an organization that had this breach gone public, would've made worldwide news. There would've been a very big impact because it would've taken a lot of their systems offline. >>Within the 30 minutes that local FBI office was on site said, we just saw this piece of malware last week, we have a decryptor for it from another organization who shared it with us. Here you go. And within 60 minutes, every system was back up and running. Our teams were able to respond and get that disseminated quickly. So efforts like that, I think the government has made a tremendous amount of headway into improving relationships. Is there always gonna be some tension between, you know, competing, you know, organizations? Sure. But I think that we're doing a whole lot to progress it, >>But governments will make exceptions in that case. Especially for something as critical as the example that you just gave and be able to, you know, do a reach around, if you will, on, on onerous regulations that, that ne aren't helpful in that situation, but certainly do a lot of good in terms of protecting privacy. >>Well, and I think there used to be exceptions made typically only for national security elements, right? And now you're seeing that expanding much more so, which I think is also positive. Right. >>Last question for you as we are wrapping up time here. What can organizations really do to stay ahead of the curve when it comes to, to threat actors? We've got internal external threats. What can they really do to just be ahead of that curve? Is that possible? >>Well, it is now, it's not an easy task so I'm not gonna, you know, trivialize it. But I think that one, having relationships with right organizations in advance always a good thing. That's a, everything from certainly a commercial relationships, but also your peers, right? There's all kinds of fantastic industry spec specific information sharing organizations. I think the biggest thing that impacts is having education across your executive team and testing regularly, right? Having a plan in place, testing it. And it's not just the security pieces of it, right? As security responders, we live these attacks every day, but it's making sure that your general counsel and your head of operations and your CEO knows what to do. Your board of directors, do they know what to do when they receive a phone call from Bloomberg, for example? Are they supposed supposed to answer? Do your employees know that those kind of communications in advance and training can be really critical and make or break a difference in an attack. >>That's a great point about the testing but also the communication that it really needs to be company wide. Everyone at every level needs to know how to react. Wendy, it's been so great having, >>Wait one last question. Sure. Do you have a favorite superhero growing up? >>Ooh, it's gotta be Wonder Woman. Yeah, >>Yeah, okay. Yeah, so cuz I'm always curious, there's not a lot of women in, in security in cyber. How'd you get into it? And many cyber pros like wanna save the world? >>Yeah, no, that's a great question. So I joined the Air Force, you know, I, I was a special agent doing computer crime investigations and that was a great job. And I learned about that from, we had an alumni day and all these alumni came in from the university and they were in flight suits and combat gear. And there was one woman who had long blonde flowing hair and a black suit and high heels and she was carrying a gun. What did she do? Because that's what I wanted do. >>Awesome. Love it. We >>Blonde >>Wonder Woman. >>Exactly. Wonder Woman. Wendy, it's been so great having you on the program. We, we will definitely be following unit 42 and all the great stuff that you guys are doing. Keep up the good >>Work. Thanks so much Lisa. Thank >>You. Day our pleasure. For our guest and Dave Valante, I'm Lisa Martin, live in Las Vegas at MGM Grand for Palo Alto Ignite, 22. You're watching the Cube, the leader in live enterprise and emerging tech coverage.

>>Welcome to this cube conversation with 40 net. I'm your host. Lisa Martin, Derek Minky is back. He's the chief security insights and global threat alliances at 40 minutes, 40 guard labs, Derek. Welcome back to the program. >>Likewise, we've talked a lot this year. And of course, when I saw that there are, uh, you guys have predictions from 40 guard labs, global threat intelligence and research team about the cyber threat landscape for 2022. I thought it was going to be a lot to talk about with Derek here. So let's go ahead and dig. Right in. First of all, one of the things that caught my attention was the title of the press release about the predictions that was just revealed. The press release says 40 guard labs, predict cyber attacks aimed at everything from crypto wallets to satellite internet, nothing. There is no surface that is safe anymore. Talk to me about some of the key challenges that organizations in every industry are facing. >>Yeah, absolutely. So this is a, as you said, you, you had the keyword there surface, right? That, and that attack surface is, is open for attack. That's the attack surface that we talk about it is literally be pushed out from the edge to space, like a lot of these places that had no connection before, particularly in OT environments off grid, we're talking about, uh, you know, um, uh, critical infrastructure, oil and gas, as an example, there's a lot of these remote units that were living out there that relied on field engineers to go in and, uh, you know, plug into them. They were air gapped, those such low. Those are the things that are going to be accessible by Elio's low earth orbit satellites. And there are 4,000 of those out there right now. There's going to be over 30,000. We're talking Starlink, we're talking at least four or five other competitors entering this space, no pun intended. And, um, and that's a big deal because that it's a gateway. It opens the door for cyber criminals to be able to have accessibility to these networks. And so security has to come, you know, from, uh, friends of mine there, right. >>It absolutely does. We've got this fragmented perimeter tools that are siloed, the expand and very expanded attack surface, as you just mentioned, but some of the other targets, the 5g enabled edge, the core network, of course, the home environment where many of us still are. >>Yeah, yeah, definitely. So that home environment like the edge, it is a, uh, it's, it's the smart edge, right? So we have things called edge access Trojans. These are Trojans that will actually impact and infect edge devices. And if you think about these edge devices, we're talking things that have machine learning and, and auto automation built into them a lot of privilege because they're actually processing commands and acting on those commands in a lot of cases, right? Everything from smart office, smart home option, even until the OT environment that we're talking about. And that is a juicy target for attackers, right? Because these devices naturally have more privileged. They have APIs and connectivity to a lot of these things where they could definitely do some serious damage and be used as these pivot within the network from the edge. Right. And that's, that's a key point there. >>Let's talk about the digital wallet that we all walk around with. You know, we think out so easy, we can do quick, simple transactions with apple wallet, Google smart tab, Venmo, what have you, but that's another growing source of that, where we need to be concerned, right? >>Yeah. So I, I I've, I've worn my cyber security hat for over 20 years and 10 years ago, even we were talking all about online banking Trojans. That was a big threat, right? Because a lot of financial institutions, they hadn't late ruled out things like multifactor authentication. It was fairly easy to get someone's bank credentials go in siphoned fans out of an account. That's a lot harder nowadays. And so cyber criminals are shifting tactics to go after the low hanging fruit, which are these digital wallets and often cryptocurrency, right? We've actually seen this already in 40 guard labs. Some of this is already starting to happen right now. I expect this to happen a lot more in 20, 22 and beyond. And it's because, you know, these wallets are, um, hold a lot of whole lot of value right now, right. With the crypto. And they can be transferred easily without having to do a, like a, you know, EFT is a Meijer transfers and all those sorts of things that includes actually a lot of paperwork from the financial institutions. And, you know, we saw something where they were actually hijacking these wallets, right. Just intercepting a copy and paste command because it takes, you know, it's a 54 character address people aren't typing that in all the time. So when they're sending or receiving funds, they're asking what we've actually seen in malware today is they're taking that, intercepting it and replacing it with the attackers. Well, it's simple as that bypassing all the, you know, authentication measures and so forth. >>And is that happening for the rest of us that don't have a crypto wallet. So is that happening for folks with apple wallets? And is that a growing threat concern that people need to be? It is >>Absolutely. Yeah. So crypto wallets is, is the majority of overseeing, but yeah, no, no digital wallet is it's unpatched here. Absolutely. These are all valid targets and we are starting to see activity in. I am, >>I'm sure going after those stored credentials, that's probably low-hanging fruit for the attackers. Another thing that was interesting that the 2022 predictions threat landscape, uh, highlighted was the e-sports industry and the vulnerabilities there. Talk to me about that. That was something that I found surprising. I didn't realize it was a billion dollar revenue, a year industry, a lot of money, >>A lot of money, a lot of money. And these are our full-blown platforms that have been developed. This is a business, this isn't, you know, again, going back to what we've seen and we still do see the online gaming itself. We've seen Trojans written for that. And oftentimes it's just trying to get into, and user's gaming account so that they can steal virtual equipment and current, you know, there there's virtual currencies as well. So there was some monetization happening, but not on a grand scale. This is about a shift attackers going after a business, just like any organization, big business, right. To be able to hold that hostage effectively in terms of DDoSs threats, in terms of vulnerabilities, in terms of also, you know, crippling these systems with ransomware, like we've already seen starting to hit OT, this is just another big target. Right. Um, and if you think about it, these are live platforms that rely on low latency. So very quick connections, anything that interrupts that think about the Olympics, right on sports environment, it's a big deal to them. And there's a lot of revenue that could be lost in cybercriminals fully realizes. And this is why, you know, we're predicting that e-sports is going to be a, um, a big target for them moving forward. >>Got it. And tell, let's talk about what's going on with brands. So when you and I spoke a few months ago, I think it was ransomware was up nearly 11 X in the first half of a calendar year, 2021. What are you seeing from an evolution perspective, uh, in the actual ransomware, um, actions themselves as well as what the, what the cyber criminals are evolving to. >>Yeah. So to where it's aggressive, destructive, not good words, right. But, but this is what we're seeing with ransomware. Now, again, they're not just going after data as the currency, we're seeing, um, destructive capabilities put into ransomware, including wiper malware. So this used to be just in the realm of, uh, APTT nation state attacks. We saw that with should moon. We saw that with dark soil back in 2013, so destructive threats, but in the world of apt and nation state, now we're seeing this in cyber crime. We're seeing it with ransomware and this, I expect to be a full-blown tactic for cyber criminals simply because they have the, the threat, right. They've already leveraged a lot of extortion and double extortion schemes. We've talked about that. Now they're going to be onboarding this as a new threat, basically planting these time bombs. He's ticking time bombs, holding systems for, for, for ransom saying, and probably crippling a couple of, to show that they mean business and saying, unless you pay us within a day or two, we're going to take all of these systems offline. We're not just going to take them offline. We're going to destroy them, right. That's a big incentive for people to, to, to pay up. So they're really playing on that fear element. That's what I mean about aggressive, right? They're going to be really shifting tactics, >>Aggressive and destructive, or two things you don't want in a cybersecurity environment or to be called by your employer. Just wanted to point that out. Talk to me about wiper malware. Is this new emerging, or is this something that's seeing a resurgence because this came up at the Olympics in the summer, right? >>Absolutely. So a resurgence in, in a sort of different way. Right. So, as I said, we have seen it before, but it's been not too prevalent. It's been very, uh, it's, it's been a niche area for them, right. It's specifically for these very highly targeted attack. So yes, the Olympics, in fact, two times at the Olympics in Tokyo, but also in the last summer Olympics as well. We also saw it with, as I mentioned in South Korea at dark school in 2013, we saw it an OT environment with the moon as an example, but we're talking handfuls here. Uh, unfortunately we have blogged about three of these in the last month to month and a half. Right. And that, and you know, this is starting to be married with ransomware, which is particularly a very dangerous cause it's not just my wiper malware, but couple that with the ransom tactics. >>And that's what we're starting to see is this new, this resurgent. Yes. But a completely new form that's taking place. Uh, even to the point I think in the future that it could, it could severely a great, now what we're seeing is it's not too critical in a sense that it's not completely destroying the system. You can recover the system still we're talking to master boot records, those sorts of things, but in the future, I think they're going to be going after the formal firmware themselves, essentially turning some of these devices into paperweights and that's going to be a very big problem. >>Wow. That's a very scary thought that getting to the firmware and turning those devices into paperweights. One of the things also that the report talked about that that was really interesting. Was that more attacks against the supply chain and Linux, particularly talk to us about that. What did you find there? What does it mean? What's the threat for organizations? >>Yeah. So we're seeing a diversification in terms of the platforms that cyber criminals are going after. Again, it's that attack surface, um, lower hanging fruit in a sense, uh, because they've, you know, for a fully patched versions of windows, 10 windows 11, it's harder, right. For cyber criminals than it was five or 10 years ago to get into those systems. If we look at the, uh, just the prevalence, the amount of devices that are out there in IOT and OT environments, these are running on Linux, a lot of different flavors and forms of Linux, therefore this different security holes that come up with that. And that's, that's a big patch management issue as an example too. And so this is what we, you know, we've already seen it with them or I bought net and this was in our threat landscape report, or I was the number one threat that we saw. And that's a Linux-based bot net. Now, uh, Microsoft has rolled out something called WSL, which is a windows subsystem for Linux and windows 10 and windows 11, meaning that windows supports Linux now. So that all the code that's being written for botnets, for malware, all that stuff is able to run on, on new windows platforms effectively. So this is how they're trying to expand their, uh, attack surface. And, um, that ultimately gets into the supply chain because again, a lot of these devices in manufacturing and operational technology environments rely quite heavily actually on Linux. >>Well, and with all the supply chain issues that we've been facing during the pandemic, how can organizations protect themselves against this? >>Yeah. So this, this is a big thing, right? And we talked about also the weaponization of artificial intelligence, automation and all of these, there's a lot going on as you know, right from the threats a lot to get visibility on a lot, to be able to act quickly on that's a big key metric. There is how quick you can detect these and respond to them for that. You need good threat intelligence, of course, but you also truly need to enable, uh, uh, automation, things like SD wan, a mesh architecture as well, or having a security fabric that can actually integrate devices that talk to each other and can detect these threats and respond to them quickly. That's a very important piece because if you don't stop these attacks well, they're in that movement through the attack chain. So the kill chain concept we talk about, um, the risk is very high nowadays where, you know, everything we just talked about from a ransomware and destructive capabilities. So having those approaches is very important. Also having, um, you know, education and a workforce trained up is, is equally as important to, to be, you know, um, uh, to, to be aware of these threats. >>I'm glad you brought up that education piece and the training, and that's something that 49 is very dedicated to doing, but also brings up the cybersecurity skills gap. I know when I talked with Kenzie, uh, just a couple months ago at the, um, PGA tournament, it was talking about, you know, big investments in what 40 guard, 40, 40 net is doing to help reduce that gap. But the gap is still there. How do I teach teams not get overloaded with the expanding service? It seems like the surface, the surface has just, there is no limit anymore. So how does, how does it teams that are lean and small help themselves in the fact that the threat is landscape is, is expanding. The criminals are getting smarter or using AI intelligent automation, what our it teams do >>Like fire with fire. You got to use two of the same tools that they're using on their side, and you need to be able to use in your toolkit. We're talking about a security operation center perspective to have tools like, again, this comes to the threat intelligence to get visibility on these things. We're talking Simmons, sor uh, we have, you know, 40 AI out now, uh, deception products, all these sorts of things. These are all tools that need that, that, uh, can help, um, those people. So you don't have to have a, you know, uh, hire 40 or 50 people in your sock, right? It's more about how you can work together with the tools and technology to get, have escalation paths to do more people, process procedure, as we talk about to be able to educate and train on those, to be able to have incident response planning. >>So what do you do like, because inevitably you're going to be targeted, probably interacts where attack, what do you do? Um, playing out those scenarios, doing breach and attack simulation, all of those things that comes down to the skills gaps. So it's a lot about that education and awareness, not having to do that. The stuff that can be handled by automation and AI and, and training is you're absolutely right. We've dedicated a lot with our NSC program at 49. We also have our 40 net security academy. Uh, you know, we're integrating with those secondary so we can have the skillsets ready, uh, for, for new graduates. As an example, there's a lot of progress being made towards that. We've even created a new powered by 40 guard labs. There is a 40 guard labs play in our NSC seven as an example, it's, uh, you know, for, um, uh, threat hunting and offensive security as an example, understanding really how attackers are launching their, their campaigns and, um, all those things come together. But that's the good news actually, is that we've come a long way. We actually did our first machine learning and AI models over 10 years ago, Lisa, this isn't something new to us. So the technology has gone a long way. It's just a matter of how we can collaborate and obviously integrate with that for the, on the skills gap. >>And one more question on the actual threat landscape, were there any industries that came up in particular, as we talked about e-sports we talked about OT and any industries that came up in particular as, as really big hotspots that companies and organizations really need to be aware of. >>Yeah. So also, uh, this is part of OT about ICS critical infrastructure. That's a big one. Uh, absolutely there we're seeing, uh, also cyber-criminals offering more crime services now on dark web. So CAS, which is crime as a service, because it used to be a, again, a very specialized area that maybe only a handful of organized criminal organizations could actually, um, you know, launch attacks and, and impact to those targets where they're going after those targets. Now they're offering services right on to other coming cyber criminals, to be able to try to monetize that as well. Again, we're seeing this, we actually call it advanced persistent cybercrime APC instead of an apt, because they're trying to take cyber crime to these targets like ICS, critical infrastructure, um, healthcare as well is another one, again, usually in the realm of APMT, but now being targeted more by cybercriminals in ransomware, >>I've heard of ransomware as a service, is that a subcategory of crime as a service? >>Absolutely. Yeah. It is phishing as a service ransomware as, and service DDoSs as a service, but not as, as many of these subcategories, but a ransomware as a service. That's a, another big problem as well, because this is an affiliate model, right. Where they hire partners and pay them commission, uh, if they actually get payments of ransom, right? So they have literally a middle layer in this network that they're pushing out to scale their attacks, >>You know, and I think that's the last time we talked about ransomware, we talked about it's a matter of, and I talk to customers all the time who say, yes, it's a matter of when, not, if, is, is this the same sentiment? And you think for crime as a service in general, the attacks on e-sports on home networks, on, uh, internet satellites in space, is this just a matter of when, not if across the board? >>Well, yeah, absolutely. Um, you know, but the good news is it doesn't have to be a, you know, when it happens, it doesn't have to be a catastrophic situation. Again, that's the whole point about preparedness and planning and all the things I talked about, the filling the skills gap in education and having the proper, proper tools in place that will mitigate that risk. Right. And that's, and that's perfectly acceptable. And that's the way we should handle this from the industry, because we process we've talked about this, people are over a hundred billion threats a day in 40 guard labs. The volume is just going to continue to grow. It's very noisy out there. And there's a lot of automated threats, a lot of attempts knocking on organizations, doors, and networks, and, you know, um, phishing emails being sent out and all that. So it's something that we just need to be prepared for just like you do for a natural disaster planning and all these sorts of other things in the physical world. >>That's a good point. It doesn't have to be aggressive and destructive, but last question for you, how can, how is 4d guard helping companies in every industry get aggressive and disruptive against the threats? >>Yeah. Great, great, great question. So this is something I'm very passionate about, uh, as you know, uh, where, you know, we, we don't stop just with customer protection. Of course, that is as a security vendor, that's our, our primary and foremost objective is to protect and mitigate risk to the customers. That's how we're doing. You know, this is why we have 24 7, 365 operations at 40 guy labs. Then we're helping to find the latest and greatest on threat intelligence and hunting, but we don't stop there. We're actually working in the industry. Um, so I mentioned this before the cyber threat Alliance to, to collaborate and share intelligence on threats all the way down to disrupt cybercrime. This is what big target of ours is, how we can work together to disrupt cyber crime. Because unfortunately they've made a lot of money, a lot of profits, and we need to reduce that. We need to send a message back and fight that aggressiveness and we're we're on it, right? So we're working with Interpol or project gateway with the world economic forum, the partnership against cyber crime. It's a lot of initiatives with other, uh, you know, uh, the, uh, the who's who of cyber security in the industry to work together and tackle this collaboratively. Um, the good news is there's been some steps of success to that. There's a lot more, we're doing the scale of the efforts. >>Excellent. Well, Derek as always great and very informative conversation with you. I always look forward to these seeing what's going on with the threat landscape, the challenges, the increasing challenges, but also the good news, the opportunities in it, and what 40 guard is doing 40 left 40 net, excuse me, I can't speak today to help customers address that. And we always appreciate your insights and your time we look forward to talking to you and unveiling the next predictions in 2022. >>All right. Sounds good. Thanks, Lisa. >>My pleasure for Derek manky. I'm Lisa Martin. You're watching this cube conversation with 40 net. Thanks for watching.

>> Welcome to this Cube Conversation, I'm Lisa Martin. I'm joined by Derek Manky next, the Chief Security Insights and Global Threat Alliances at Fortiguard Labs. Derek, welcome back to the program. >> Hey, it's great to be here again. A lot of stuff's happened since we last talked. >> So Derek, one of the things that was really surprising from this year's Global Threat Landscape Report is a 10, more than 10x increase in ransomware. What's going on? What have you guys seen? >> Yeah so this is massive. We're talking over a thousand percent over a 10x increase. This has been building Lisa, So this has been building since December of 2020. Up until then we saw relatively low high watermark with ransomware. It had taken a hiatus really because cyber criminals were going after COVID-19 lawyers and doing some other things at the time. But we did see a seven fold increase in December, 2020. That has absolutely continued this year into a momentum up until today, it continues to build, never subsided. Now it's built to this monster, you know, almost 11 times increase from, from what we saw back last December. And the reason, what's fueling this is a new verticals that cyber criminals are targeting. We've seen the usual suspects like telecommunication, government in position one and two. But new verticals that have risen up into this third and fourth position following are MSSP, and this is on the heels of the Kaseya attack of course, that happened in 2021, as well as operational technology. There's actually four segments, there's transportation, automotive, manufacturing, and then of course, energy and utility, all subsequent to each other. So there's a huge focus now on, OT and MSSP for cyber criminals. >> One of the things that we saw last year this time, was that attackers had shifted their focus away from enterprise infrastructure devices, to home networks and consumer grade products. And now it looks like they're focusing on both. Are you seeing that? >> Yes, absolutely. In two ways, so first of all, again, this is a kill chain that we talk about. They have to get a foothold into the infrastructure, and then they can load things like ransomware on there. They can little things like information stealers as an example. The way they do that is through botnets. And what we reported in this in the first half of 2021 is that Mirai, which is about a two to three-year old botnet now is number one by far, it was the most prevalent botnet we've seen. Of course, the thing about Mirai is that it's an IOT based botnet. So it sits on devices, sitting inside consumer networks as an example, or home networks, right. And that can be a big problem. So that's the targets that cyber criminals are using. The other thing that we saw that was interesting was that one in four organizations detected malvertising. And so what that means Lisa, is that cyber criminals are shifting their tactics from going just from cloud-based or centralized email phishing campaigns to web born threats, right. So they're infecting sites, waterhole attacks, where, you know, people will go to read their daily updates as an example of things that they do as part of their habits. They're getting sent links to these sites that when they go to it, it's actually installing those botnets onto those systems, so they can get a foothold. We've also seen scare tactics, right. So they're doing new social engineering lures, pretending to be human resource departments. IT staff and personnel, as an example, with popups through the web browser that look like these people to fill out different forms and ultimately get infected on home devices. >> Well, the home device use is proliferate. It continues because we are still in this work from home, work from anywhere environment. Is that, you think a big factor in this increase from 7x to nearly 11x? >> It is a factor, absolutely. Yeah, like I said, it's also, it's a hybrid of sorts. So a lot of that activity is going to the MSSP angle, like I said to the OT. And to those new verticals, which by the way, are actually even larger than traditional targets in the past, like finance and banking, is actually lower than that as an example. So yeah, we are seeing a shift to that. And like I said, that's, further backed up from what we're seeing on with the, the botnet activity specifically with Mirai too. >> Are you seeing anything in terms of the ferocity, we know that the volume is increasing, are they becoming more ferocious, these attacks? >> Yeah, there is a lot of aggression out there, certainly from, from cyber criminals. And I would say that the velocity is increasing, but the amount, if you look at the cyber criminal ecosystem, the stakeholders, right, that is increasing, it's not just one or two campaigns that we're seeing. Again, we're seeing, this has been a record cases year, almost every week we've seen one or two significant, cyber security events that are happening. That is a dramatic shift compared to last year or even, two years ago too. And this is because, because the cyber criminals are getting deeper pockets now. They're becoming more well-funded and they have business partners, affiliates that they're hiring, each one of those has their own methodology, and they're getting paid big. We're talking up to 70 to 80% commission, just if they actually successfully, infect someone that pays for the ransom as an example. And so that's really, what's driving this too. It's a combination of this kind of perfect storm as we call it, right. You have this growing attack surface, work from home environments and footholds into those networks, but you have a whole bunch of other people now on the bad side that are orchestrating this and executing the attacks too. >> So what can organizations do to start- to slow down or limit the impacts of this growing ransomware as a service? >> Yeah, great question. Everybody has their role in this, I say, right? So if we look at, from a strategic point of view, we have to disrupt cyber crime, how do we do that? It starts with the kill chain. It starts with trying to build resilient networks. So things like ZTA and a zero trust network access, SD-WAN as an example for protecting that WAN infrastructure. 'Cause that's where the threats are floating to, right. That's how they get the initial footholds. So anything we can do on the preventative side, making networks more resilient, also education and training is really key. Things like multi-factor authentication are all key to this because if you build that preventatively and it's a relatively small investment upfront Lisa, compared to the collateral damage that can happen with these ransomware paths, the risk is very high. That goes a long way, it also forces the attackers to- it slows down their velocity, it forces them to go back to the drawing board and come up with a new strategy. So that is a very important piece, but there's also things that we're doing in the industry. There's some good news here, too, that we can talk about because there's things that we can actually do apart from that to really fight cyber crime, to try to take the cyber criminals offline too. >> All right, hit me with the good news Derek. >> Yeah, so a couple of things, right. If we look at the botnet activity, there's a couple of interesting things in there. Yes, we are seeing Mirai rise to the top right now, but we've seen big problems of the past that have gone away or come back, not as prolific as before. So two specific examples, EMOTET, that was one of the most prolific botnets that was out there for the past two to three years, there is a take-down that happened in January of this year. It's still on our radar but immediately after that takedown, it literally dropped to half of the activity it had before. And it's been consistently staying at that low watermark now at that half percentage since then, six months later. So that's very good news showing that the actual coordinated efforts that were getting involved with law enforcement, with our partners and so forth, to take down these are actually hitting their supply chain where it hurts, right. So that's good news part one. Trickbot was another example, this is also a notorious botnet, takedown attempt in Q4 of 2020. It went offline for about six months in our landscape report, we actually show that it came back online in about June this year. But again, it came back weaker and now the form is not nearly as prolific as before. So we are hitting them where it hurts, that's that's the really good news. And we're able to do that through new, what I call high resolution intelligence that we're looking at too. >> Talk to me about that high resolution intelligence, what do you mean by that? >> Yeah, so this is cutting edge stuff really, gets me excited, keeps me up at night in a good way. 'Cause we we're looking at this under the microscope, right. It's not just talking about the what, we know there's problems out there, we know there's ransomware, we know there's a botnets, all these things, and that's good to know, and we have to know that, but we're able to actually zoom in on this now and look at- So we, for the first time in the threat landscape report, we've published TTPs, the techniques, tactics, procedures. So it's not just talking about the what, it's talking about the how, how are they doing this? What's their preferred method of getting into systems? How are they trying to move from system to system? And exactly how are they doing that? What's the technique? And so we've highlighted that, it's using the MITRE attack framework TTP, but this is real time data. And it's very interesting, so we're clearly seeing a very heavy focus from cyber criminals and attackers to get around security controls, to do defense innovation, to do privilege escalation on systems. So in other words, trying to be common administrator so they can take full control of the system. As an example, lateral movement, there's still a preferred over 75%, 77 I believe percent of activity we observed from malware was still trying to move from system to system, by infecting removable media like thumb drives. And so it's interesting, right. It's a brand new look on these, a fresh look, but it's this high resolution, is allowing us to get a clear image, so that when we come to providing strategic guides and solutions in defense, and also even working on these takedown efforts, allows us to be much more effective. >> So one of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. You said, I don't think that we've hit that ceiling yet, but are we at an inflection point? Data showing that we're at an inflection point here with being able to get ahead of this? >> Yeah, I would like to believe so, there is still a lot of work to be done unfortunately. If we look at, there's a recent report put out by the Department of Justice in the US saying that, the chance of a criminal to be committing a crime, to be caught in the US is somewhere between 55 to 60%, the same chance for a cyber criminal lies less than 1%, well 0.5%. And that's the bad news, the good news is we are making progress in sending messages back and seeing results. But I think there's a long road ahead. So, there's a lot of work to be done, We're heading in the right direction. But like I said, they say, it's not just about that. It's, everyone has their role in this, all the way down to organizations and end users. If they're doing their part of making their networks more resilient through this, through all of the, increasing their security stack and strategy. That is also really going to stop the- really ultimately the profiteering that wave, 'cause that continues to build too. So it's a multi-stakeholder effort and I believe we are getting there, but I continue to still, I continue to expect the ransomware wave to build in the meantime. >> On the end-user front, that's always one of the vectors that we talk about, it's people, right? There's so much sophistication in these attacks that even security folks and experts are nearly fooled by them. What are some of the things that you're saying that governments are taking action on some recent announcements from the White House, but other organizations like Interpol, the World Economic Forum, Cyber Crime Unit, what are some of the things that governments are doing that you're seeing that as really advantageous here for the good guys? >> Yeah, so absolutely. This is all about collaboration. Governments are really focused on public, private sector collaboration. So we've seen this across the board with Fortiguard Labs, we're on the forefront with this, and it's really exciting to see that, it's great. There's always been a lot of will to work together, but we're starting to see action now, right? Interpol is a great example, they recently this year, held a high level forum on ransomware. I actually spoke and was part of that forum as well too. And the takeaways from that event were that we, this was a message to the world, that public, private sector we need. They actually called ransomware a pandemic, which is what I've referred to it as before in itself as well too. Because it is becoming that much of a problem and that we need to work together to be able to create action, action against this, measure success, become more strategic. The World Economic Forum were leading a project called the Partnership Against Cyber Crime Threat Map Project. And this is to identify, not just all this stuff we talked about in the threat landscape report, but also looking at, things like, how many different ransomware gangs are there out there. What do the money laundering networks look like? It's that side of the supply chain to map out, so that we can work together to actually take down those efforts. But it really is about this collaborative action that's happening and it's innovation and there's R&D behind this as well, that's coming to the table to be able to make it impactful. >> So it sounds to me like ransomware is no longer a- for any organization in any industry you were talking about the expansion of verticals. It's no longer a, "If this happens to us," but a matter of when and how do we actually prepare to remediate, prevent any damage? >> Yeah, absolutely, how do we prepare? The other thing is that there's a lot of, with just the nature of cyber, there's a lot of connectivity, there's a lot of different, it's not just always siloed attacks, right. We saw that with Colonial obviously, this year where you have attacks on IT, that can affect consumers, right down to consumers, right. And so for that very reason, everybody's infected in this. it truly is a pandemic I believe on its own. But the good news is, there's a lot of smart people on the good side and that's what gets me excited. Like I said, we're working with a lot of these initiatives. And like I said, some of those examples I called up before, we're actually starting to see measurable progress against this as well. >> That's good, well never a dull day I'm sure in your world. Any thing that you think when we talk about this again, in a few more months of the second half of 2021, anything you predict crystal ball wise that we're going to see? >> Yeah, I think that we're going to continue to see more of the, I mean, ransomware, absolutely, more of the targeted attacks. That's been a shift this year that we've seen, right. So instead of just trying to infect everybody for ransom, as an example, going after some of these new, high profile targets, I think we're going to continue to see that happening from the ransomware side and because of that, the average costs of these data breaches, I think they're going to continue to increase, it already did in 2021 as an example, if we look at the cost of a data breach report, it's gone up to about $5 million US on average, I think that's going to continue to increase as well too. And then the other thing too is, I think that we're going to start to see more, more action on the good side like we talked about. There was already a record amount of takedowns that have happened, five takedowns that happened in January. There were arrests made to these business partners, that was also new. So I'm expecting to see a lot more of that coming out towards the end of the year too. >> So as the challenges persist, so do the good things that are coming out of this. Where can folks go to get this first half 2021 Global Threat Landscape? What's the URL that they can go to? >> Yeah, you can check it out, all of our updates and blogs including the threat landscape reports on blog.fortinet.com under our threat research category. >> Excellent, I read that blog, it's fantastic. Derek, always a pleasure to talk to you. Thanks for breaking this down for us, showing what's going on. Both the challenging things, as well as the good news. I look forward to our next conversation. >> Absolutely, it was great chatting with you again, Lisa. Thanks. >> Likewise for Derek Manky, I'm Lisa Martin. You're watching this Cube Conversation. (exciting music)

>>Welcome to this cube conversation. I'm Lisa Martin. I'm joined by Derek manky next, the chief security insights and global threat alliances at 40 guard labs. Derek. Welcome back. >>Yeah, it's great to be here again. So then, uh, uh, a lot of stuff's happened since we last talked. >>One of the things that was really surprising from this year's global threat landscape report is a 10 more than 10 X increase in ransomware. What's going on? What have you guys seen? >>Yeah, so, uh, th th this is, is massive. We're talking about a thousand percent over a 10, a 10 X increase. This has been building police. So this, this has been building since, uh, December of 2020 up until then we saw relatively low, uh, high watermark with ransomware. Um, it had taken a hiatus really because cyber criminals were going after COVID-19 lawyers and doing some other things at the time, but we did see us a seven fold increase in December, 2020. That is absolutely continued. Uh, continued this year into a momentum up until today. It continues to build never subsided. Now it's built to this monster, you know, almost 11 times increase from, from what we saw back last December and what the, uh, the reason what's fueling. This is a new verticals that cyber criminals are targeting. We've seen the usual suspects like telecommunication government and, uh, position one and two, but new verticals that have risen up into this, uh, third and fourth position following our MSSP. And this is on the heels of the Casia attack. Of course, that happened in 2021, as well as operational technology. There's actually four segments, there's transportation, uh, automotive manufacturing, and then of course, energy and utility all subsequent to each other. So there's a huge focus now on, on OTA and MSSP for cybercriminals. >>One of the things that we saw last year, this time was that attackers had shifted their focus away from enterprise infrastructure devices, to home networks and consumer grade products. And now it looks like they're focusing on both. Are you seeing that? >>Yes, absolutely. I in two ways. So first of all, again, this is a kill chain that we talk about. They have to get a foothold into the infrastructure, and then they can load things like ransomware on there. They can little things like information Steelers as an example, the way they do that is through botnets. And, uh, what we reported in this, um, in the first half of 2021 is that Mariah, which is about a two to three-year old button that now is, is number one by far, it was the most prevalent bond that we've seen. Of course, the thing about Mariah is that it's an IOT based bot net. So it sits on devices, uh, sitting inside a consumer networks as an example, or home networks, right? And that, that can be a big problem. So that's the targets that cyber criminals are using. The other thing that we saw that was interesting was that one in four organizations detected malvertising. >>And so what that means at least, is that cyber criminals are shifting their tactics from going just from cloud-based or centralized email phishing campaigns to a web born threats, right? So they're infecting sites, waterhole attacks, where people would go to read their, their, their daily updates as an example of things that they do as part of their habits. Um, they're getting sent links to these sites that when they go to it, it's actually installing those botnets onto those systems. So they can get a foothold. We've also seen scare tactics, right? So they're doing new social engineering Lewis pretending to be human resource departments, uh, you know, uh, uh, it staff and personnel, as an example, with pop-ups through the web browser that looked like these people to fill out different forms and ultimately get infected on, on a home devices. >>Well, the home device we use is proliferate. It continues because we are still in this work from home work, from anywhere environment. Is that when you think a big factor in this increased from seven X to nearly 11 X, >>It is a factor. Absolutely. Yeah. Like I said, it's, it's also, it's a hybrid of sorts. So, so a lot of that activity is going to the MSSP, uh, angle, like I said, uh, to, to the OT. And so to those verticals, which by the way, are actually even larger than traditional targets in the past, like, uh, finance and banking is actually lower than that as an example. So yeah, we are seeing a shift to that. And like I said, that's, that's further, uh, backed up from what we're seeing on with the, the, the, the botnet activity specifically with Veronica too. Are >>You seeing anything in terms of the ferocity? We know that the volume is increasing. Are they becoming more ferocious? These attacks? >>Yeah. Yeah. There, there is. There's a lot of aggression out there, certainly from, from criminals. And I would say that the velocity is increasing, but the amount of, if you look at the cyber criminal ecosystem, the, the stakeholders, right. Um, that is increasing, it's not just one or two campaigns that we're seeing. Again, we're seeing, this has been a record cases here almost every week. We've seen one or two significant, you know, cyber security events that are happening. That is a dramatic shift compared to, to, to last year or even, you know, two years ago too. And this is because, um, because the cyber criminals are getting deeper pockets now, they're, they're becoming more well-funded and they have business partners, affiliates that they're hiring each one of those has their own methodology, and they're getting paid big. We're talking up to 70 to 80% commission, just if they actually successfully, you know, in fact, someone that pays for the ransom as an example. And so that's really, what's driving this too. It's, it's, it's a combination of this kind of perfect storm as we call it. Right. You have this growing attack surface and work from home, uh, environments, um, and footholds into those networks. But you have a whole bunch of other people now on the bad side that are orchestrating this and executing the attacks too. >>What can organizations do to start to slow down or limit the impacts of this growing ransomware as a service? >>Yeah, great question. Um, everybody has their role in this, I say, right? So, uh, if we look at, from a strategic point of view, we have to disrupt cyber crime. How do we do that? Um, it starts with the kill chain. It starts with trying to build resilient networks. So things like a ZTE and a zero trust network access, a SD LAN as an example, as an example for producting that land infrastructure on, because that's where the threats are floating to, right? That's how they get the initial footholds. So anything we can do on the, on the, you know, preventative, preventative side, making, uh, networks more resilient, um, also education and training is really key. Things like multi-factor authentication are all key to this because if you build that, uh, uh, preventatively and that's a relatively small investment upfront, Lisa compared to the collateral damage that can happen with these ransomware, it passes, the risk is very high. Um, that goes a long way. It also forces the attackers to it slows down their velocity. It forces them to go back to the drawing board and come up with a new strategy. So that is a very important piece, but there's also things that we're doing in the industry. There's some good news here too, uh, that we can talk about because there's, there's things that we can actually do. Um, apart from that to, to really fight cyber crime, to try to take the cyber criminal cell phone. >>All right. Hit me with the good news Derek. >>Yeah. So, so a couple of things, right. If we look at the bot net activity, there's a couple of interesting things in there. Yes, we are seeing Mariah rise to the top right now, but we've seen big problems of the past that have gone away or come back, not as prolific as before. So two specific examples, a motel that was one of the most prolific botnets that was out there for the past two to three years, there is a take-down that happened in January of this year. Uh, it's still on our radar, but immediately after that takedown, it literally dropped to half of the activity. It hadn't before. And it's been consistently staying at that low watermark now had that half percentage since, since that six months later. So that's very good news showing that the actual coordinated efforts that we're getting involved with law enforcement, with our partners and so forth to take down, these are actually hitting their supply chain where it hurts. >>Right. So that's good news part one trick. Bob was another example. This is also a notorious spot net take down attempt in Q4 of 2020. It went offline for about six months. Um, in our landscape report, we actually show that it came back online, uh, in about June this year. But again, it came down, it came back weaker and another form is not nearly as prolific as before. So we are hitting them where it hurts. That's, that's the really good news. And we're able to do that through new, um, what I call high resolution intelligence. >>Talk to me about that high resolution intelligence. What do you mean by that? >>Yeah, so this is cutting edge stuff really gets me excited and keeps, keeps me up at night in a good way. Uh, cause we're, we're looking at this under the microscope, right? It's not just talking about the why we know there's problems out there. We know there's, there's ransomware. We know there's the botnets, all these things, and that's good to know, and we have to know that, but we're able to actually zoom in on this now and look at it. So we, for the first time in the threat landscape report, we've published TTPs, the techniques, tactics procedures. So it's not just talking about the, what it's talking about, the how, how are they doing this? What's their preferred method of getting into systems? How are they trying to move from system to system and exactly how are they doing that? What's the technique. And so we've highlighted that it's using the MITRE attack framework TTP, but this is real-time data. >>And it's very interesting. So we're clearly seeing a very heavy focus from cyber criminals and attackers to get around security controls, to do defensive, Asian, to do privilege escalation on systems. So in other words, trying to be common administrator so they can take full control of the system. Uh, as an example, a lateral movement on there's still a preferred over 75%, 77, I believe percent of activity we observed from malware was still trying to move from system to system by infecting removable media like thumb drives. And so it's interesting, right? It's a brand new look on the, these a fresh look, but it's this high resolution is allowing us to get a clear image so that when we come to providing strategic guidance and solutions of defense, and also even working on these, take down that Fritz, it allows us to be much more effective. So >>One of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. You said, I don't think that we've hit that, that ceiling yet, but are we at an inflection points, the data showing that we're at an inflection point here with being able to get ahead of this? >>Yeah, I, I, I would like to believe so. Um, it, there is still a lot of work to be done. Unfortunately, if we look at, you know, there is a, a recent report put out by the department of justice in the S saying that, you know, the chance of, uh, criminal, uh, to be committing a crime, but to be caught in the U S is somewhere between 55 to 60%, the same chance for a cyber criminal lies less than 1% above 0.5%. And that's the bad news. The good news is we are making progress and sending messages back and seeing results. But I think there's a long road ahead. So, um, you know, there there's a lot of work to be done. We're heading in the right direction. But like I said, they say, it's not just about that. It's everyone has, has their role in this all the way down to organizations and end users. If they're doing their part and making their networks more resilient through this, through all the, you know, increasing their security stack and strategy, um, that is also really going to stop the, you know, really ultimately the profiteering, uh, that, that wave, you know, cause that continues to build too. So it's, it's a multi-stakeholder effort and I believe we are, we are getting there, but I continue to still, uh, you know, I continue to expect the ransomware wave to build. In the meantime, >>On the end user front, that's always one of the vectors that we talk about it's people, right? It's there's so there's so much sophistication in these attacks that even security folks and experts are nearly fooled by them. What are some of the things that you're saying that governments are taking action on some recent announcements from the white house, but other organizations like Interpol, the world, economic forum, cyber crime unit, what are some of the things that governments are doing that you're seeing that as really advantageous here for the good guys? >>Yeah, so absolutely. This is all about collaboration. Governments are really focused on public private sector collaboration. Um, so we've seen this across the board, uh, with 40 guard labs, we're on the forefront with this, and it's really exciting to see that it's great. Uh, there, there, there's always been a lot of will work together, but we're starting to see action now. Right. Um, Interpol is a great example. They recently this year held a high level forum on ransomware. I was actually spoken was part of that forum as well too. And the takeaways from that event were that we, this was a message to the world, that public private sector we need. They actually called ransomware a pandemic, which is what I've referred to it as before in itself as well too, because it is becoming that much of a problem and that we need to work together to be able to create action, action action against this measure, success become more strategic. >>The world economic forum, uh, were, were, uh, leading a project called the partnership against cyber crime threat map project. And this is to identify not just all this stuff we talked about in the threat landscape report, but also looking at, um, you know, things like how many different ransomware gangs are there out there. Uh, what are their money laundering networks look like? It's that side of the side of the supply chains of apple so that we can work together to actually take down those efforts. But it really is about this collaborative action that's happening and it's, um, innovation and there's R and D behind this as well. That's coming to the table to be able to make, you know, make it impactful. >>So it sounds to me like ransomware is no longer a for any organization in any, any industry you were talking about the expansion of verticals, it's no longer a, if this happens to us, but a matter of when and how do we actually prepare to remediate prevent any damage? Yeah, >>Absolutely. How do we prepare? The other thing is that there's a lot of, um, you know, with just the nature of, of, of cyber, there's a lot of, uh, connectivity. There's a lot of different, uh, it's not just always siloed attacks. Right? We saw that with colonial obviously this year where you have the talks on, on it that can affect consumers right now to consumers. Right. And so for that very reason, um, everybody's infected in this, uh, it, it truly is a pandemic, I believe on its own. Uh, but the good news is there's a lot of smart people, uh, on the good side and, you know, that's what gets me excited. Like I said, we're working with a lot of these initiatives and like I said, some of those examples I called up before, we're actually starting to see measurable progress against this as well. >>That's good. Well, never adult day, I'm sure. In your world, any thing that you think when we talk about this again, in a few more months of the second half of 2021, anything that, that you predict crystal ball wise that we're going to see? >>Yeah. I think that we're going to continue to see more of the, I mean, ransomware, absolutely. More of the targeted attacks. That's been a shift this year that we've seen. Right. So instead of just trying to infect everybody for ransom, but as an example of going after some of these new, um, you know, high profile targets, I think we're going to continue to see that happening from there. Add some more side on, on, and because of that, the average costs of these data breaches, I think they're going to continue to increase. Um, they had already did, uh, in, uh, 20, uh, 2021, as an example, if we look at the cost of the data breach report, it's gone up to about $5 million us on average, I think that's going to continue to increase as well too. And then the other thing too, is I think that we're going to start to see more, um, more, more action on the good side. Like we talked about, there was already a record amount of take downs that have happened five take downs that happened in January. Um, there were, uh, arrests made to these business partners that was also new. So I'm expecting to see a lot more of that coming out, uh, uh, towards the end of the year, too. >>So as the challenges persist, so do the good things that are coming out of this. They're working folks go to get this first half 2021 global threat landscape. What's the URL that they can go to. >>Yeah, you can check it all, all of our updates and blogs, including the threat landscape reports on blog about 40 nine.com under our threat research category. >>Excellent. I read that blog. It's fantastic. Derek, always a pleasure to talk to you. Thanks for breaking this down for us showing what's going on. Both the challenging things, as well as the good news. I look forward to our next conversation. >>Absolutely. It's great. Chatting with you again, Lisa. Thanks. >>Likewise for Derek manky. I'm Lisa Martin. You're watching this cube conversation.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

(bright upbeat music) >> Announcer: From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE Conversation. >> Well happy New Year, one and all welcome to 2021 in Cube Conversation continuing our ongoing series. I hope your New Year is off to a great start. I know that the end of 2020 was a very good one for Ivanti. And Jim Schaper, the CEO is going to join us to talk about that as is Nayaki Nayyar, or rather the EVP and the Chief Product Officer. So Nayaki and Jim, good to have you here with you on theCUBE and Happy New Year to you. >> Thank you, John. Happy New Year to you. 2020, I think for a lot of us couldn't get out of here quick enough. Although we had some great things happen to our company at the very end of the year. So anxious to talk to you about it and we appreciate the opportunity. >> You bet. So we're talking about two major acquisitions that you made that both closed near the end of the year back in December, not too long ago. One with Pulse Secure, the other with MobileIron. Two companies that provide you with additional expertise in terms of mobile security and the enterprise security space. And so Jim, if you would, let's first talk about just for the big picture, the acquisitions that were made and what those moves will do for you going forward. >> Okay, great, John. We closed both acquisitions interestingly enough, on December 2nd. We've been fortunate to have them part of our company now for about the last 30 days. One of the things that we made a decision on a number of months ago was that we had a real opportunity in the markets that we serve to really build our business more quickly through a series of acquisitions that strategically made sense for us, our investors and more importantly our customers. And that really is why we chose MobileIron and Pulse, for different reasons but nonetheless all very consistent with our longterm strategy of securing the end points on every network, in every location around the world. And so consequently, when you think about it and we've all witnessed here over the last 30 days or so, all of the security breaches, all of the things that go along with that, and our real focus is ensuring that every company and every individual on their network, outside their firewall, inside their firewall, on any device is secure. And so with these two particular acquisitions, in addition to the assets that we already had as a part of Ivanti, really puts us in a competitively advantaged position to deliver to the edge, and Nayaki will talk about this. The ability to secure those devices and ensure that they're secure from phishing expeditions or breaches or all of those kinds of things. So these two particular acquisitions really puts us on the map and puts us in a leadership position in the security market. So we're thrilled to have both of them. >> Before I go off to Nayaki, I want to follow with the point that you've made Jim talking about security breaches. We're all well aware. You know, the news from what we've been hearing out from the federal level about the state actors and the kind of these infiltrations of major US systems if not international systems. Some Interpol data, I read 207 some odd percent increase in breaches just in the post COVID time or in the COVID time, the past year. That gets your attention, does it not? And what does that say to you about the aggressive nature of these kinds of activities? >> Well, that they're getting more sophisticated every day and they're getting more aggressive. I think one of the most frightening conversations I had was a briefing with our chief security officer about how many attempted breaches of our network and our systems that he sees every single day. And we're able to identify what foreign actors are really trying to penetrate our systems or what are they trying to do. But the one thing I will leave you with is they're becoming much more sophisticated, whether you're inside the firewall or whether you're on your iPhone as an extension of the network, there the level of sophistication is startling. And unfortunately in many cases, as evidenced by the recent breaches, you don't even know you've had a breach for could be months, weeks, days. And so what damage is done. And so as we look forward, and as Nayaki kind of walks you through our product strategy, what you're going to hear a lot of is how do we self protect? How do we self-learn the devices at the edge, on the end of the networks, such that they can recognize foreign actors or any breach capability that somebody is trying to employ? And so, yeah, it's frightening how sophisticated and how frequent they have become. >> I think the one thing that really struck me as I read about the breaches was not so much the damage that has been done, but the damage that could be done prospectively and about which we have no idea. You don't know, it's like somebody lurking in your closet and they're going to stay there for a couple of months and wait for the time that maybe your guard is even more down. So I was, that's what shocks me. And they Nayaki, let's talk about your strategy then. You picked up obviously a couple of companies, one in the, kind of the enterprise IT space. Now the one in the VPN space, add into your already extensive portfolio. So I imagine from your office, wearing the hat of the chief product officer, you're just to look in your chops right now. You've got a lot more resources at your disposal. >> Yeah, we are very very busy John, but to Jim's point, one of the trends we are seeing in the market as we enter into the post COVID era, where everyone is working from anywhere, be it from home, be it from office, while on the move, every organization, every enterprise is struggling with this. What we call this explosive growth of devices. Devices being mobile devices, client-based devices, IoT devices, the data that is being generated from these devices, and to your point, the cybersecurity threats. It is predicted that there has been 30000% increase in the cybersecurity threats that are being targeted primarily at the remote workers. So you can imagine whether it's phishing attacks, malware attacks, I mean just an explosive growth of devices, data, cybersecurity attacks at the remote workers. So organizations need automation to be able to address this growth and this complexity which is where Ivanti's focus in discovering all the devices and managing those devices. So as we bring the MobileIron portfolio and Ivanti's portfolio together, now we can help our customers manage every type of devices be it Windows devices, Mac devices, Linux, iOS, Android devices, and secure those devices. The zero trust access that users need, the remote users need, all the way from cloud access to the endpoint is what the strength of both MobileIron and Pulse brings to our entire portfolio holistically. So we are truly excited for our customers. Now they can leverage our entire end to end stack to discover, manage secure and service all those devices that they now have to service for their employees. >> Explain to me, or just walk me through zero trust in terms of how you define that. I've read about trust nothing, verify everything, those kinds of explanations. But if you would, from your perspective, what does zero trust encompass, not only on your side, but on your client's side? Because you want to give them tools to do things for themselves to self heal and self serve and those kinds of things. >> So, zero trust is you don't trust anything. You validate and certify everything. So the access users have on your network, the access they have on the mobile devices, the applications they are accessing, the data that they are accessing. So being able to validate every access that they have when they come into your network is what the whole zero trust access really means. So, the combination of Ivanti's portfolio and also Pulse that zero trust access all the way from as users are accessing that network data, cloud data, endpoint data, is where our entire zero trust access truly differentiates. And as we bring that with our UEM portfolio with the MobileIron, there is no other vendor in the market that has that holistic offering, internal offering. >> I'm sorry, go ahead, please. >> It's interesting, John, you talk about timing is everything, right? And when we began discussions with MobileIron, it was right before COVID hit. And we had a great level of expertise inside the pre-acquisition of Ivanti to be able to secure the end points at the desktop level. But we struggled a bit with having all of the capabilities that we needed to manage mobile devices and tablets and basically anything that is attached to the network. That's what they really brought to us. And having done a number of acquisitions historically in my career, this was probably the easiest integration that we had simply because we did what they didn't do and they did what we didn't do. And then they brought some additional technologies. But what's really changed in the environment because of this work from home or work from anywhere as as we like to articulate it, is you've got multiple environments that you've got to manage. It isn't just, what's on the end of the VPN, the network, it's what's on the end points of the cloud. What kind of cloud are you running? You're running a public cloud, you're running a private cloud. Is it a hybrid environment? And so the ability to and the need to be able to do that is pretty significant. And so that's one of the real advantages that both the Pulse as well as the MobileIron acquisitions really brought to the combined offering from a product standpoint. >> Yeah, I'd like to follow up on that then, just because the cloud environment provides so many benefits, obviously, but it also provides this huge layer of complexity that comes on top of all this because you just talked about it. You can have public, you can have hybrid cloud, you can have on-prem, whatever, right? You have all these options. And yet you, Ivanti, are having to provide security on multiple levels and multiple platforms or multiple environments. And how much more complex or challenging is your mission now because of consumer demand and the capabilities the technology is providing your clients. >> Well, it's certainly more complex and Nayaki is better equipped to probably talk in detail about this. But if you just take a step back and think about it, you think about internet of things, right? I used to have a thermostat. And that thermostat control was controlled by the thermostat on the wall. Now everything is on WiFi. If I've got a problem, I had a a problem with a streaming music capability which infected other parts of my home network. And so everything is, that's just one example of how complicated and how wired everything is really become. Except when it comes to the mobile devices, which are still always remote. You've always got it with you. I don't what it was like for you, John, but you know, historically I've used my phone on email, texts and phone calls. Now it's actually a business tool. But it's a remote business tool that you still have to secure, you still have to manage and you still have to find an identify on the end of the network. That's where we really come into play. Nayaki, anything you want to add to that? >> Yeah, so, to Jim's point, John, and to your question also, as customers have what we call the multi-cloud offering. There are public clouds, private clouds, on-prem data centers, devices on the edge, and as you extend into the IOT world, being able to provide that seamless access, this is a zero trust access all the way from the cloud applications to the applications that are running on-prem, in your data centers and also the applications that are running on your devices and the IoT applications, is what that entire end to end zero trust access, is where our competitive strength resides with Pulse coming into our portfolio. Before Ivanti didn't have this. We were primarily a patch management vendor in the security space, but now we truly extend beyond that patch to this end to end access all the way from cloud to edge is what we call. And then when we combine that with our UEM portfolio in our endpoint management with MobileIron and also service management, that convergence of positive three pillars is where we truly differentiate and compete and win in the market. >> Nayaki, how does internet of things factor into this? Cause I look at sensor technology, I'm just thinking about all the billions of what you have now, right? With whether it's farming or agricultural inputs, business inputs, meteorological, or whatever. I'm sure, you're considering this as well as part of a major play of yours in terms of providing IoT security. How more proliferated is that now and how much of that is kind of in your concern zone you might say? >> Yeah, absolutely. So, just taking these trends we have in managing the end points, we will extend that into the IoT world also. John, when we say IoT world, in an industry where the devices are like healthcare devices. So, stay tuned, in January release we'll be releasing how we will be discovering managing and securing for the healthcare devices like Siemens devices, Bayer devices, Canon devices. So, you're spot on how we can leverage the strength we have in managing end points. Also IoT devices, that same capabilities that we can bring to each of the industry verticals. Now we're not trying to solve the entire vertical market but certain industry verticals where we have a strong footprint. Healthcare is a strong footprint for us. Telcos is a strong footprint for us. So that's where you will see us extending into those IoT devices too. >> Okay, so, in going forward, Jim, if you would just, let's talk about your 2021 in terms of how you further integrate these offerings that you've acquired right now. All of a sudden you've got 30 days of, you know, which is snap of a finger. But what do you see how 2021 is going to lay out, especially with distributed workforces, right? We know that's here. That's a new normal. And with a whole new set of demands on networks and certainly the need for security. >> That's exactly correct, John. I mean, everything is changed and it's never going back to the way it was. You know, everybody has their own definition of the new normal. I guess my definition is at some point in time when things do return to some form of normality, a portion of our workforce will always work from home. To what degree remains to be seen. I don't think we're different from virtually any other industry or any other company. It does put increased demands ,complexity and requirements around how you run your internal IT business. But as Nayaki talked about kind of our virtual service desk offering where you're not going to have a service desk anymore. It's got to be virtual. Well, you have to be able to still provide those services outside of your normal network. And so that's going to be a continued big push for us. I'm incredibly pleased with the way in which the employee bases of the acquired companies have really folded in and become one with our company. And I think as we all recognize cultural differences between organizations can be quite significant and an impediment to really moving forward. Fortunately for us, we have found that both of these organizations fit really nicely from an employee, from a values perspective, from a goals and objectives perspective. And so we did most of the heavy lifting on all the integration shortly after we closed the transactions on the 2nd of December. And so we've moved beyond what I would call the normal kind of concerns and asked around what's going to happen in this and that. We're now kind of heads down in what's the long-term integration going to look like from a product standpoint. We're already looking at additional acquisitions that will continue to take us deeper and wider into our three product pillars, as Nayaki described. And that'll be an ongoing kind of steady dose of acquisitions as we continue to supplement our organic growth within organic growth. >> But you've got to answer my question. I was going to ask you, you founded the company four years ago. There were two big acquisitions back in 2017. We waited four years Jim, until you dip back into that pole again. So the plan, maybe not to wait four years before moving on. >> No trust me, you won't be waiting another four years. Now you've got to bear in mind, John. I wasn't here four years ago. >> That's right, okay. Fair enough. That's okay. I want to thank you both for the time today. Congratulations on sealing those deals back in December and we certainly wish you all the best going forward. And of course, a very happy and a very safe new year for you and yours. >> Same to you, John. Thanks so much for the time. And so it was a pleasure to spend time with you today. >> Thank you, John. Happy New Year again. Thank you. Thank you. (upbeat music)

>>from around the globe If the cube with digital coverage of M I t. Chief data officer and Information quality symposium brought to you by Silicon Angle Media >>Hello, everyone. This is Day Volonte and welcome back to our continuing coverage of the M I t. Chief Data Officer CDO I Q event Interpol Bhandari is here. He's a leading voice in the CDO community and a longtime Cubillan Interpol. Great to see you. Thanks for coming on for this. Especially >>program. My pleasure. >>So when you you and I first met, you laid out what I thought was, you know, one of the most cogent frameworks to understand what a CDO is job was where the priority should be. And one of those was really understanding how, how, how data contributes to the monetization of station aligning with lines of business, a number of other things. And that was several years ago. A lot of change since then. You know, we've been doing this conference since probably twenty thirteen and back then, you know, Hadoop was coming on strong. A lot of CEOs didn't want to go near the technology that's beginning to change. CDOs and cto Zehr becoming much more aligned at the hip. The reporting organizations have changed. But I love your perspective on what you've observed as changing in the CDO roll over the last half decade or so. >>Well, did you know that I became chief data officer in two thousand six? December two thousand and six And I have done this job four times four major overnight have created of the organization from scratch each time. Now, in December of two thousand six, when I became chief data officer, there were only four. Chief Data Officer, uh, boom and I was the first in health care, and there were three, three others, you know, one of the Internet one and credit guns one and banking. And I think I'm the only one actually left standing still doing this job. That's a good thing or a bad thing. But like, you know, it certainly has allowed me to love the craft and then also scripted down to the level that, you know, I actually do think of it purely as a craft. That is. I know, going into a mutual what I'm gonna do. They were on the central second. No, the interesting things that have unfolded. Obviously, the professions taken off There are literally thousands off chief data officers now, and there are plenty off changes. I think the main change, but the job is it's, I think, a little less daunting in terms off convincing the senior leadership that it's need it because I think the awareness at the CEO level is much, much, much better than what it waas in two thousand six. Across the world. Now, having said that, I think it is still only awareness and don't think that there's really a deep understanding of those levels. And so there's a lot off infusion, which is why you will. You kind of think this is my period. But you saw all these professions take off with C titles, right? Chief Data officer, chief analytics officer, chief digital officer and chief technology officer. See, I off course is being there for a long time. And but I think these newer see positions. They're all very, very related, and they all kind of went to the same need which had to do with enterprise transformation, digital transformation, that enterprises chief digital officer, that's another and and people were all trying to essentially feel the elephants and they could only see part of it at the senior levels, and they came up with which have a role you know, seemed most meaningful to them. But really, all of us are trying to do the same job, which is to accelerate digital transformation in the enterprise. Your comment about you kind of see that the seat eels and sea deals now, uh, partnering up much more than in the past, and I think that's in available the major driving force full. That is, in my view, anyway. It's is artificial intelligence as people try to infuse artificial intelligence. Well, then it's very technical field. Still, it's not something that you know you can just hand over to somebody who has the business jobs, but not the deep technical chops to pull that off. And so, in the case off chief data officers that do have the technical jobs, you'll see them also pretty much heading up the I effort in total and you know, as I do for the IBM case, will be building the Data and AI Enablement internal platform for for IBM. But I think in other cases you you've got Chief date officers who are coming in from a different angle. You know, they built Marghera but the CTO now, because they have to. Otherwise you cannot get a I infused into the organization. >>So there were a lot of other priorities, obviously certainly digital transformation. We've been talking about it for years, but still in many organisations, there was a sense of, well, not on my watch, maybe a sense of complacency or maybe just other priorities. Cove. It obviously has changed that now one hundred percent of the companies that we talked to are really putting this digital transformation on the front burner. So how has that changed the role of CDO? Has it just been interpolate an acceleration of that reality, or has it also somewhat altered the swim lanes? >>I think I think it's It's It's Bolt actually, so I have a way of looking at this in my mind, the CDO role. But if you look at it from a business perspective, they're looking for three things. The CEO is looking for three things from the CDO. One is you know this person is going to help with the revenue off the company by enabling the production of new products, new products of resulting in new revenue and so forth. That's kind of one aspect of the monetization. Another aspect is the CEO is going to help with the efficiency within the organization by making data a lot more accessible, as well as enabling insights that reduce into and cycle time for major processes. And so that's another way that they have monitor. And the last one is a risk reduction that they're going to reduce the risk, you know, as regulations. And as you have cybersecurity exposure on incidents that you know just keep keep accelerating as well. You're gonna have to also step in and help with that. So every CDO, the way their senior leadership looks at them is some mix off three. And in some cases, one has given more importance than the other, and so far, but that's how they are essentially looking at it now. I think what digital transformation has done is it's managed to accelerate, accelerate all three off these outcomes because you need to attend to all three as you move forward. But I think that the individual balance that's struck for individuals reveals really depends on their ah, their company, their situation, who their peers are, who is actually leading the transformation and so >>forth, you know, in the value pie. A lot of the early activity around CDO sort of emanated from the quality portions of the organization. It was sort of a compliance waited roll, not necessarily when you started your own journey here. Obviously been focused on monetization how data contributes to that. But But you saw that generally, organizations, even if they didn't have a CDO, they had this sort of back office alliance thing that has totally changed the the in the value equation. It's really much more about insights, as you mentioned. So one of the big changes we've seen in the organization is that data pipeline you mentioned and and cycle time. And I'd like to dig into that a little bit because you and I have talked about this. This is one of the ways that a chief data officer and the related organizations can add the most value reduction in that cycle time. That's really where the business value comes from. So I wonder if we could talk about that a little bit and how that the constituents in the stakeholders in that in that life cycle across that data pipeline have changed. >>That's a very good question. Very insightful questions. So if you look at ah, company like idea, you know, my role in totally within IBM is to enable Ibn itself to become an AI enterprise. So infuse a on into all our major business processes. You know, things like our supply chain lead to cash well, process, you know, our finance processes like accounts receivable and procurement that soulful every major process that you can think off is using Watson mouth. So that's the That's the That's the vision that's essentially what we've implemented. And that's how we are using that now as a showcase for clients and customers. One of the things that be realized is the data and Ai enablement spots off business. You know, the work that I do also has processes. Now that's the pipeline you refer to. You know, we're setting up the data pipeline. We're setting up the machine learning pipeline, deep learning blank like we're always setting up these pipelines, And so now you have the opportunity to actually turn the so called EI ladder on its head because the Islander has to do with a first You collected data, then you curated. You make sure that it's high quality, etcetera, etcetera, fit for EI. And then eventually you get to applying, you know, ai and then infusing it into business processes. And so far, But once you recognize that the very first the earliest creases of work with the data those themselves are essentially processes. You can infuse AI into those processes, and that's what's made the cycle time reduction. And although things that I'm talking about possible because it just makes it much, much easier for somebody to then implement ai within a lot enterprise, I mean, AI requires specialized knowledge. There are pieces of a I like deep learning, but there are, you know, typically a company's gonna have, like a handful of people who even understand what that is, how to apply it. You know how models drift when they need to be refreshed, etcetera, etcetera, and so that's difficult. You can't possibly expect every business process, every business area to have that expertise, and so you've then got to rely on some core group which is going to enable them to do so. But that group can't do it manually because I get otherwise. That doesn't scale again. So then you come down to these pipelines and you've got to actually infuse AI into these data and ai enablement processes so that it becomes much, much easier to scale across another. >>Some of the CEOs, maybe they don't have the reporting structure that you do, or or maybe it's more of a far flung organization. Not that IBM is not far flung, but they may not have the ability to sort of inject AI. Maybe they can advocate for it. Do you see that as a challenge for some CEOs? And how do they so to get through that, what's what's the way in which they should be working with their constituents across the organization to successfully infuse ai? >>Yeah, that's it's. In fact, you get a very good point. I mean, when I joined IBM, one of the first observations I made and I in fact made it to a senior leadership, is that I didn't think that from a business standpoint, people really understood what a I met. So when we talked about a cognitive enterprise on the I enterprise a zaydi em. You know, our clients don't really understand what that meant, which is why it became really important to enable IBM itself to be any I enterprise. You know that. That's my data strategy. Your you kind of alluded to the fact that I have this approach. There are these five steps, while the very first step is to come up with the data strategy that enables a business strategy that the company's on. And in my case, it was, Hey, I'm going to enable the company because it wants to become a cloud and cognitive company. I'm going to enable that. And so we essentially are data strategy became one off making IBM. It's something I enterprise, but the reason for doing that the reason why that was so important was because then we could use it as a showcase for clients and customers. And so But I'm talking with our clients and customers. That's my role. I'm really the only role I'm playing is what I call an experiential selling there. I'm saying, Forget about you know, the fact that we're selling this particular product or that particular product that you got GPU servers. We've got you know what's an open scale or whatever? It doesn't really matter. Why don't you come and see what we've done internally at scale? And then we'll also lay out for you all the different pain points that we have to work through using our products so that you can kind of make the same case when you when you when you apply it internally and same common with regard to the benefit, you know the cycle, time reduction, some of the cycle time reductions that we've seen in my process is itself, you know, like this. Think about metadata business metadata generating that is so difficult. And it's again, something that's critical if you want to scale your data because you know you can't really have a good catalogue of data if you don't have good business, meditate. Eso. Anybody looking at what's in your catalog won't understand what it is. They won't be able to use it etcetera. And so we've essentially automated business metadata generation using AI and the cycle time reduction that was like ninety five percent, you know, haven't actually argue. It's more than that, because in the past, most people would not. For many many data sets, the pragmatic approach would be. Don't even bother with the business matter data. Then it becomes just put somewhere in the are, you know, data architecture somewhere in your data leg or whatever, you have data warehouse, and then it becomes the data swamp because nobody understands it now with regard to our experience applying AI, infusing it across all our major business processes are average cycle time reduction is seventy percent, so just a tremendous amount of gains are there. But to your point, unless you're able to point to some application at scale within the enterprise, you know that's meaningful for the enterprise, Which is kind of what the what the role I play in terms of bringing it forward to our clients and customers. It's harder to argue. I'll make a case or investment into A I would then be enterprise without actually being able to point to those types of use cases that have been scaled where you can demonstrate the value. So that's extremely important part of the equation. To make sure that that happens on a regular basis with our clients and customers, I will say that you know your point is vomited a lot off. Our clients and customers come back and say, Tell me when they're having a conversation. I was having a conversation just last week with major major financial service of all nations, and I got the same point saying, If you're coming out of regulation, how do I convince my leadership about the value of a I and you know, I basically responded. He asked me about the scale use cases You can show that. But perhaps the biggest point that you can make as a CDO after the senior readership is can we afford to be left up? That is the I think the biggest, you know, point that the leadership has to appreciate. Can you afford to be left up? >>I want to come back to this notion of seventy percent on average, the cycle time reduction. That's astounding. And I want to make sure people understand the potential impacts. And, I would say suspected many CEOs, if not most understand sort of system thinking. It's obviously something that you're big on but often times within organisations. You might see them trying to optimize one little portion of the data lifecycle and you know having. Okay, hey, celebrate that success. But unless you can take that systems view and reduce that overall cycle time, that's really where the business value is. And I guess my we're real question around. This is Every organization has some kind of Northstar, many about profit, and you can increase revenue are cut costs, and you can do that with data. It might be saving lives, but ultimately to drive this data culture, you've got to get people thinking about getting insights that help you with that North Star, that mission of the company, but then taking a systems view and that's seventy percent cycle time reduction is just the enormous business value that that drives, I think, sometimes gets lost on people. And these air telephone numbers in the business case aren't >>yes, No, absolutely. It's, you know, there's just a tremendous amount of potential on, and it's it's not an easy, easy thing to do by any means. So we've been always very transparent about the Dave. As you know, we put forward this this blueprint right, the cognitive enterprise blueprint, how you get to it, and I kind of have these four major pillars for the blueprint. There's obviously does this data and you're getting the data ready for the consummation that you want to do but also things like training data sets. How do you kind of run hundreds of thousands of experiments on a regular basis, which kind of review to the other pillar, which is techology? But then the last two pillars are business process, change and the culture organizational culture, you know, managing organizational considerations, that culture. If you don't keep all four in lockstep, the transformation is usually not successful at an end to end level, then it becomes much more what you pointed out, which is you have kind of point solutions and the role, you know, the CEO role doesn't make the kind of strategic impact that otherwise it could do so and this also comes back to some of the only appointee of you to do. If you think about how do you keep those four pillars and lock sync? It means you've gotta have the data leader. You also gotta have the technology, and in some cases they might be the same people. Hey, just for the moment, sake of argument, let's say they're all different people and many, many times. They are so the data leader of the technology of you and the operations leaders because the other ones own the business processes as well as the organizational years. You know, they've got it all worked together to make it an effective conservation. And so the organization structure that you talked about that in some cases my peers may not have that. You know, that's that. That is true. If the if the senior leadership is not thinking overall digital transformation, it's going to be difficult for them to them go out that >>you've also seen that culturally, historically, when it comes to data and analytics, a lot of times that the lines of business you know their their first response is to attack the quality of the data because the data may not support their agenda. So there's this idea of a data culture on, and I want to ask you how self serve fits into that. I mean, to the degree that the business feels as though they actually have some kind of ownership in the data, and it's largely, you know, their responsibility as opposed to a lot of the finger pointing that has historically gone on. Whether it's been decision support or enterprise data, warehousing or even, you know, Data Lakes. They've sort of failed toe live up to that. That promise, particularly from a cultural standpoint, it and so I wonder, How have you guys done in that regard? How did you get there? Many Any other observations you could make in that regard? >>Yeah. So, you know, I think culture is probably the hardest nut to crack all of those four pillars that I back up and you've got You've got to address that, Uh, not, you know, not just stop down, but also bottom up as well. As you know, period. Appear I'll give you some some examples based on our experience, that idea. So the way my organization is set up is there is a obviously a technology on the other. People who are doing all the data engineering were kind of laying out the foundational technical elements or the transformation. You know, the the AI enabled one be planning networks, and so so that are those people. And then there is another senior leader who reports directly to me, and his organization is all around adoptions. He's responsible for essentially taking what's available in the technology and then working with the business areas to move forward and make this make and infuse. A. I do the processes that the business and he is looking. It's done in a bottom upwards, deliberately set up, designed it to be bottom up. So what I mean by that is the team on my side is fully empowered to move forward. Why did they find a like minded team on the other side and go ahead and do it? They don't have to come back for funding they don't have, You know, they just go ahead and do it. They're basically empowered to do that. And that particular set up enabled enabled us in a couple of years to have one hundred thousand internal users on our Central data and AI enabled platform. And when I mean hundred thousand users, I mean users who were using it on a monthly basis. We company, you know, So if you haven't used it in a month, we won't come. So there it's over one hundred thousand, even very rapidly to that. That's kind of the enterprise wide storm. That's kind of the bottom up direction. The top down direction Waas the strategic element that I talked with you about what I said, Hey, be our data strategy is going to be to create, make IBM itself into any I enterprise and then use that as a showcase for plants and customers That kind of and be reiterated back. And I worked the senior leadership on that view all the time talking to customers, the central and our senior leaders. And so that's kind of the air cover to do this, you know, that mix gives you, gives you that possibility. I think from a peer to peer standpoint, but you get to these lot scale and to end processes, and that there, a couple of ways I worked that one way is we've kind of looked at our enterprise data and said, Okay, therefore, major pillars off data that we want to go after data, tomato plants, data about our offerings, data about financial data, that s and then our work full student and then within that there are obviously some pillars, like some sales data that comes in and, you know, been workforce. You could have contractors. Was his employees a center But I think for the moment, about these four major pillars off data. And so let me map that to end to end large business processes within the company. You know, the really large ones, like Enterprise Performance Management, into a or lead to cash generation into and risk insides across our full supply chain and to and things like that. And we've kind of tied these four major data pillars to those major into and processes Well, well, yes, that there's a mechanism they're obviously in terms off facilitating, and to some extent one might argue, even forcing some interaction between teams that are the way they talk. But it also brings me and my peers much closer together when you set it up that way. And that means, you know, people from the HR side people from the operation side, the data side technology side, all coming together to really move things forward. So all three tracks being hit very, very hard to move the culture fall. >>Am I also correct that you have, uh, chief data officers that reporting to you whether it's a matrix or direct within the division's? Is that right? >>Yeah, so? So I mean, you know, for in terms off our structure, as you know, way our global company, we're also far flung company. We have many different products in business units and so forth. And so, uh, one of the things that I realized early on waas we are going to need data officers, each of those business units and the business units. There's obviously the enterprise objective. And, you know, you could think of the enterprise objectives in terms of some examples based on what I said in the past, which is so enterprise objective would be We've gotta have a data foundation by essentially making data along these four pillars. I talked about clients offerings, etcetera, you know, very accessible self service. You have mentioned south, so thank you. This is where the South seven speaks. Comes it right. So you can you can get at that data quickly and appropriately, right? You want to make sure that the access control, all that stuff is designed out and you're able to change your policies and you'd swap manual. But, you know, those things got implemented very rapidly and quickly. And so you've got you've got that piece off off the off the puzzle due to go after. And then I think the other aspect off off. This is, though, when you recognize that every business unit also has its own objectives and they are looking at some of those things somewhat differently. So I'll give you an example. We've got data any our product units. Now, those CEOs right there, concern is going to be a lot more around the products themselves And how were monetizing those box and so they're not per se concerned with, You know, how you reduce the enter and cycle time off IBM in total supply chain so that this is my point. So they but they're gonna have substantial considerations and objectives that they want to accomplish. And so I recognize that early on, and we came up with this notion off a data officer council and I helped staff the council s. So this is why that's the Matrix to reporting that we talked about. But I selected some of the key Blair's that we have in those units, and I also made sure they were funded by the unit. So they report into the units because their paycheck is actually determined. Pilot unit and which makes them than aligned with the objectives off the unit, but also obviously part of my central approach so that I can disseminate it out to the organization. It comes in very, very handy when you are trying to do things across the company as well. So when we you know GDP our way, we have to get the company ready for Judy PR, I would say that this mechanism became a key key aspect of what enabled us to move forward and do it rapidly. Trouble them >>be because you had the structure that perhaps the lines of business weren't. Maybe is concerned about GDP are, but you had to be concerned with it overall. And this allowed you to sort of hiding their importance, >>right? Because think of in the case of Jeannie PR, they have to be a company wide policy and implementation, right? And if he did not have that structure already in place, it would have made it that much harder. Do you get that uniformity and consistency across the company, right, You know, So you will have to in the weapon that structure, but we already have it because way said Hey, this is around for data. We're gonna have these types of considerations that they are. And so we have this thing regular. You know, this man network that meat meets regularly every month, actually, and you know, when things like GDP are much more frequently than that, >>right? So that makes sense. We're out of time. But I wonder if we could just close if you could address the M I t CDO audience that probably this is the largest audience, Believe or not, now that it's that's virtual definitely expanded the audience, but it's still a very elite group. And the reason why I was so pleased that you agreed to do this is because you've got one of the more complex organizations out there and you've succeeded. And, ah, a lot of the hard, hard work. So what? What message would you leave the M I t CDO audience Interpol? >>So I would say that you know, it's it's this particular professional. Receiving a profession is, uh, if I have to pick one trait of let me pick two traits, I think what is your A change agent? So you have to be really comfortable with change things are going to change, the organization is going to look to you to make those changes. And so that's what aspect off your job, you know, may or may not be part of me immediately. But the those particular set of skills and characteristics and something that you know, one has to, uh one has to develop or time, And I think the other thing I would say is it's a continuous looming jaw. So you continue sexism and things keep changing around you and changing rapidly. And, you know, if you just even think just in terms off the subject areas, I mean this Syria today you've got to understand technology. Obviously, you've gotta understand data you've got to understand in a I and data science. You've got to understand cybersecurity. You've gotta understand the regulatory framework, and you've got to keep all that in mind, and you've got to distill it down to certain trends. That's that's happening, right? I mean, so this is an example of that is that there's a trend towards more regulation around privacy and also in terms off individual ownership of data, which is very different from what's before the that's kind of weather. Bucket's going and so you've got to be on top off all those things. And so the you know, the characteristic of being a continual learner, I think is a is a key aspect off this job. One other thing I would add. And this is All Star Coleman nineteen, you know, prik over nineteen in terms of those four pillars that we talked about, you know, which had to do with the data technology, business process and organization and culture. From a CDO perspective, the data and technology will obviously from consent, I would say most covert nineteen most the civil unrest. And so far, you know, the other two aspects are going to be critical as we move forward. And so the people aspect of the job has never bean, you know, more important down it's today, right? That's something that I find myself regularly doing the stalking at all levels of the organization, one on a one, which is something that we never really did before. But now we find time to do it so obviously is doable. I don't think it's just it's a change that's here to stay, and it ships >>well to your to your point about change if you were in your comfort zone before twenty twenty two things years certainly taking you out of it into Parliament. All right, thanks so much for coming back in. The Cuban addressing the M I t CDO audience really appreciate it. >>Thank you for having me. That my pleasant >>You're very welcome. And thank you for watching everybody. This is Dave a lot. They will be right back after this short >>break. You're watching the queue.

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a CUBE conversation. >> Hi everyone. Welcome to this CUBE Conversation. I'm John Furrier host of theCUBE here in the CUBEs, Palo Alto studios during the COVID crisis. We're quarantine with our crew, but we got the remote interviews. Got two great guests here from Fortinet FortiGuard Labs, Derek Mankey, Chief Security Insights and global threat alliances at Fortinet FortiGuard Labs. And Aamir Lakhani who's the Lead Researcher for the FortiGuard Labs. You guys is great to see you. Derek, good to see you again, Aamir, good to meet you too. >> It's been a while and it happens so fast. >> It just seems was just the other day, Derek, we've done a couple of interviews in between a lot of flow coming out of Fortinet FortiGuard, a lot of action, certainly with COVID everyone's pulled back home, the bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security in terms of action, bad actors are at an all time high, new threats. Here's going on, take us through what you guys are doing. What's your team makeup look like? What are some of the roles and you guys are seeing on your team and how does that transcend to the market? >> Yeah, sure, absolutely. So you're right. I mean like I was saying earlier that is, this always happens fast and furious. We couldn't do this without a world class team at FortiGuard Labs. So we've grown our team now to over 235 globally. There's different rules within the team. If we look 20 years ago, the rules used to be just very pigeonholed into say antivirus analysis, right? Now we have to account for, when we're looking at threats, we have to look at that growing attack surface. We have to look at where are these threats coming from? How frequently are they hitting? What verticals are they hitting? What regions, what are the particular techniques, tactics, procedures? So we have threat. This is the world of threat intelligence, of course, contextualizing that information and it takes different skill sets on the backend. And a lot of people don't really realize the behind the scenes, what's happening. And there's a lot of magic happening, not only from what we talked about before in our last conversation from artificial intelligence and machine learning that we do at FortiGuard Labs and automation, but the people. And so today we want to focus on the people and talk about how on the backend we approached a particular threat, we're going to talk to the word ransom and ransomware, look at how we dissect threats, how correlate that, how we use tools in terms of threat hunting as an example, and then how we actually take that to that last mile and make it actionable so that customers are protected. I would share that information with keys, right, until sharing partners. But again, it comes down to the people. We never have enough people in the industry, there's a big shortage as we know, but it's a really key critical element. And we've been building these training programs for over a decade with them FortiGuard Labs. So, you know John, this to me is exactly why I always say, and I'm sure Aamir can share this too, that there's never a adult day in the office and all we hear that all the time. But I think today, all of you is really get an idea of why that is because it's very dynamic and on the backend, there's a lot of things that we're doing to get our hands dirty with this. >> You know the old expression startup plan Silicon Valley is if you're in the arena, that's where the action is. And it's different than sitting in the stands, watching the game. You guys are certainly in that arena and you got, we've talked and we cover your, the threat report that comes out frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware, what's going on? What's the state of the ransomware situation? Set the stage because that's still continues to be threat. I don't go a week, but I don't read a story about another ransomware. And then at least I hear they paid 10 million in Bitcoin or something like, I mean, this is real, that's a real ongoing threat. What is it? >> The (indistinct) quite a bit. But yeah. So I'll give sort of the 101 and then maybe we can pass it to Aamir who is on the front lines, dealing with this every day. You know if we look at the world of, I mean, first of all, the concept of ransom, obviously you have people that has gone extended way way before cybersecurity in the world of physical crime. So of course, the world's first ransom where a virus is actually called PC Cyborg. This is a 1989 around some payment that was demanded through P.O Box from the voters Panama city at the time, not too effective on floppiness, a very small audience, not a big attack surface. Didn't hear much about it for years. Really, it was around 2010 when we started to see ransomware becoming prolific. And what they did was, what cyber criminals did was shift on success from a fake antivirus software model, which was, popping up a whole bunch of, setting here, your computer's infected with 50 or 60 viruses, PaaS will give you an antivirus solution, which was of course fake. People started catching on, the giggles out people caught on to that. So they, weren't making a lot of money selling this fraudulent software, enter ransomware. And this is where ransomware, it really started to take hold because it wasn't optional to pay for this software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer that the encryption, couldn't decrypt it, but any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw, we've seen things like master boot record, MVR, ransomware. This is persistent. It sits before your operating system, when you boot up your computer. So it's hard to get rid of it. Very strong public private key cryptography. So each victim is effective with the direct key, as an example, the list goes on and I'll save that for the demo today, but that's basically, it's just very, it's prolific. We're seeing shuts not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted around some cases that are going after critical business. Essentially it's like a DoS holding revenue streams go ransom too. So the ransom demands are getting higher because of this as well. So it's complicated. >> Was mentioning Aamir, why don't you weigh in, I mean, 10 million is a lot. And we reported earlier in this month. Garmin was the company that was hacked, IT got completely locked down. They pay 10 million, Garmin makes all those devices. And as we know, this is impact and that's real numbers. I mean, it's not other little ones, but for the most part, it's nuance, it's a pain in the butt to full on business disruption and extortion. Can you explain how it all works before we go to the demo? >> You know, you're absolutely right. It is a big number and a lot of organizations are willing to pay that number, to get their data back. Essentially their organization and their business is at a complete standstill when they don't pay, all their files are inaccessible to them. Ransomware in general, what it does end up from a very basic overview is it basically makes your files not available to you. They're encrypted. They have essentially a passcode on them that you have to have the correct passcode to decode them. A lot of times that's in a form of a program or actually a physical password you have to type in, but you don't get that access to get your files back unless you pay the ransom. A lot of corporations these days, they are not only paying the ransom. They're actually negotiating with the criminals as well. They're trying to say, "Oh, you want 10 million? "How about 4 million?" Sometimes that goes on as well. But it's something that organizations know that if they didn't have the proper backups and the hackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicated files. So sometimes you don't have a choice in organizations. Will pay the ransom. >> And it's, they're smart, there's a business. They know the probability of buy versus build or pay versus rebuild. So they kind of know where to attack. They know that the tactics and it's vulnerable. It's not like just some kitty script thing going on. This is real sophisticated stuff it's highly targeted. Can you talk about some use cases there and what goes on with that kind of a attack? >> Absolutely. The cyber criminals are doing reconnaissance and trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. So there's a lot of attacks going on. We usually, what we're finding now is ransomware is sometimes the last stage of an attack. So an attacker may go into an organization. They may already be taking data out of that organization. They may be stealing customer data, PII, which is personal identifiable information, such as social security numbers, or driver's licenses, or credit card information. Once they've done their entire tap. Once they've gone everything, they can. A lot of times their end stage, their last attack is ransomware. And they encrypt all the files on the system and try and motivate the victim to pay as fast as possible and as much as possible as well. >> I was talking to my buddy of the day. It's like casing the joint there, stay, check it out. They do their recon, reconnaissance. They go in identify what's the best move to make, how to extract the most out of the victim in this case, the target. And it really is, I mean, it's just to go on a tangent, why don't we have the right to bear our own arms? Why can't we fight back? I mean, at the end of the day, Derek, this is like, who's protecting me? I mean, what to protect my, build my own arms, or does the government help us? I mean, at some point I got a right to bear my own arms here. I mean, this is the whole security paradigm. >> Yeah. So, I mean, there's a couple of things. So first of all, this is exactly why we do a lot of, I was mentioning the skill shortage in cyber cybersecurity professionals as an example. This is why we do a lot of the heavy lifting on the backend. Obviously from a defensive standpoint, you obviously have the red team, blue team aspect. How do you first, there's what is to fight back by being defensive as well, too. And also by, in the world of threat intelligence, one of the ways that we're fighting back is not necessarily by going and hacking the bad guys because that's illegal jurisdictions. But how we can actually find out who these people are, hit them where it hurts, freeze assets, go after money laundering networks. If you follow the cash transactions where it's happening, this is where we actually work with key law enforcement partners, such as Interpol as an example, this is the world of threat intelligence. This is why we're doing a lot of that intelligence work on the backend. So there's other ways to actually go on the offense without necessarily weaponizing it per se, right? Like using, bearing your own arms as you said, there there's different forms that people may not be aware of with that. And that actually gets into the world of, if you see attacks happening on your system, how you can use the security tools and collaborate with threat intelligence. >> I think that's the key. I think the key is these new sharing technologies around collective intelligence is going to be a great way to kind of have more of an offensive collective strike. But I think fortifying, the defense is critical. I mean, that's, there's no other way to do that. >> Absolutely, I mean, we say this almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cybercriminal to operate. And there's many ways to do that, right? You can be a pain to them by having a very rigid, hardened defense. That means if it's too much effort on their end, I mean, they have ROIs and in their sense, right? It's too much effort on there and they're going to go knocking somewhere else. There's also, as I said, things like disruption, so ripping infrastructure offline that cripples them, whack-a-mole, they're going to set up somewhere else. But then also going after people themselves, again, the cash networks, these sorts of things. So it's sort of a holistic approach between- >> It's an arms race, better AI, better cloud scale always helps. You know, it's a ratchet game. Aamir, I want to get into this video. It's a ransomware four minute video. I'd like you to take us through as you the Lead Researcher, take us through this video and explain what we're looking at. Let's roll the video. >> All right. Sure. So what we have here is we have the victims that's top over here. We have a couple of things on this victim's desktop. We have a batch file, which is essentially going to run the ransomware. We have the payload, which is the code behind the ransomware. And then we have files in this folder. And this is where you would typically find user files and a real world case. This would be like Microsoft or Microsoft word documents, or your PowerPoint presentations, or we're here we just have a couple of text files that we've set up. We're going to go ahead and run the ransomware. And sometimes attackers, what they do is they disguise this. Like they make it look like an important word document. They make it look like something else. But once you run the ransomware, you usually get a ransom message. And in this case, a ransom message says, your files are encrypted. Please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address. I usually they look a little more complicated, but this is our fake Bitcoin address. But you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as researchers, we see files like this all the time. We see ransomware all the time. So we use a variety of tools, internal tools, custom tools, as well as open source tools. And what you're seeing here is an open source tool. It's called the Cuckoo Sandbox, and it shows us the behavior of the ransomware. What exactly is ransomware doing. In this case, you can see just clicking on that file, launched a couple of different things that launched basically a command executable, a power shell. They launched our windows shell. And then at, then add things on the file. It would basically, you had registry keys, it had on network connections. It changed the disk. So that's kind of gives us a behind the scenes, look at all the processes that's happening on the ransomware. And just that one file itself, like I said, does multiple different things. Now what we want to do as a researchers, we want to categorize this ransomware into families. We want to try and determine the actors behind that. So we dump everything we know in a ransomware in the central databases. And then we mine these databases. What we're doing here is we're actually using another tool called Maldito and use custom tools as well as commercial and open source tools. But this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking Maldito to look through our database and say like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system, because that helps us identify maybe where the ransomware is connecting to, where it's going to other processes that I may be doing. In this case, we can see multiple IP addresses that are connected to it. So we can possibly see multiple infections. We can block different external websites that we can identify a command and control system. We can categorize this to a family, and sometimes we can even categorize this to a threat actor as claimed responsibility for it. So it's essentially visualizing all the connections and the relationship between one file and everything else we have in our database. And this example, of course, I'd put this in multiple ways. We can save these as reports, as PDF type reports or usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets, when we're researching file-based attacks, when we're researching IP reputation, we have a lot of different IOC or indicators of compromise that we can correlate where attacks go through and maybe even detect new types of attacks as well. >> So the bottom line is you got the tools using combination of open source and commercial products to look at the patterns of all ransomware across your observation space. Is that right? >> Exactly. I showed you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic, that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At FortiGuard Labs, the intelligence that we acquire, that product, that product of intelligence it's consumed directly by our prospects. >> So take me through what what's actually going on, what it means for the customer. So FortiGuard Labs, you're looking at all the ransomware, you seeing the patterns, are you guys proactively looking? Is it, you guys are researching, you look at something pops in the radar. I mean, take us through what goes on and then how does that translate into a customer notification or impact? >> So, yeah, John, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be (indistinct) as we look for some of the solutions we talked about before, and if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can see. So you got to get your hands on visibility. We call these IOC indicators of compromise. So this is usually something like an actual executable file, like the virus or the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that SEED, we call it a SEED. We can do threat hunting from there. So we can analyze that, right? If we have to, it's a piece of malware or a botnet, we can do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things. And we really, it's similar to the world of CSI, right? These different dots that they're connecting, we're doing that at hyper-scale. And we use that through these tools that Aamir was talking about. So it's really a lifecycle of getting the malware incoming, seeing it first, analyzing it, and then doing action on that. So it's sort of a three step process. And the action comes down to what Aamir was saying, waterfall and that to our customers, so that they're protected. But then in tandem with that, we're also going further and I'm sharing it if applicable to say law enforcement partners, other threat Intel sharing partners too. And it's not just humans doing that. So the proactive piece, again, this is where it comes to artificial intelligence, machine learning. There's a lot of cases where we're automatically doing that analysis without humans. So we have AI systems that are analyzing and actually creating protection on its own too. So it's quite interesting that way. >> It say's at the end of the day, you want to protect your customers. And so this renders out, if I'm a Fortinet customer across the portfolio, the goal here is protect them from ransomware, right? That's the end game. >> Yeah. And that's a very important thing. When you start talking to these big dollar amounts that were talking earlier, it comes to the damages that are done from that- >> Yeah, I mean, not only is it good insurance, it's just good to have that fortification. So Derek, I going to ask you about the term the last mile, because, we were, before we came on camera, I'm a band with junkie always want more bandwidth. So the last mile, it used to be a term for last mile to the home where there was telephone lines. Now it's fiber and wifi, but what does that mean to you guys in security? Does that mean something specific? >> Yeah, absolutely. The easiest way to describe that is actionable. So one of the challenges in the industry is we live in a very noisy industry when it comes to cybersecurity. What I mean by that is that because of that growing attacks for FIS and you have these different attack factors, you have attacks not only coming in from email, but websites from DoS attacks, there's a lot of volume that's just going to continue to grow is the world that 5G and OT. So what ends up happening is when you look at a lot of security operations centers for customers, as an example, there are, it's very noisy. It's you can guarantee almost every day, you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs. And when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually start to say, "Hey, this looks like an attack." I'm going to go investigate it and block it. So this is where the last mile comes in, because a lot of the times that, these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because the reality is if it's just humans doing it, that last mile is often going back to your bandwidth terms. There's too much latency. So how do you reduce that latency? That's where the automation, the AI machine learning comes in to solve that last mile problem to automatically add that protection. It's especially important 'cause you have to be quicker than the attacker. It's an arms race, like you said earlier. >> I think what you guys do with FortiGuard Labs is super important, not only for the industry, but for society at large, as you have kind of all this, shadow, cloak and dagger kind of attack systems, whether it's national security international, or just for, mafias and racketeering, and the bad guys. Can you guys take a minute and explain the role of FortiGuards specifically and why you guys exist? I mean, obviously there's a commercial reason you built on the Fortinet that trickles down into the products. That's all good for the customers, I get that. But there's more at the FortiGuards. And just that, could you guys talk about this trend and the security business, because it's very clear that there's a collective sharing culture developing rapidly for societal benefit. Can you take a minute to explain that? >> Yeah, sure. I'll give you my thoughts, Aamir will add some to that too. So, from my point of view, I mean, there's various functions. So we've just talked about that last mile problem. That's the commercial aspect. We created a through FortiGuard Labs, FortiGuard services that are dynamic and updated to security products because you need intelligence products to be able to protect against intelligent attacks. That's just a defense again, going back to, how can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that we do, but we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court. And because of that, a lot of these cyber criminals reign free, and that's been a big challenge in the industry. So this has been close my heart over 10 years, I've been building a lot of these key relationships between private public sector, as an example, but also private sector, things like Cyber Threat Alliance. We're a founding member of the Cyber Threat Alliance. We have over 28 members in that Alliance, and it's about sharing intelligence to level that playing field because attackers roam freely. What I mean by that is there's no jurisdictions for them. Cyber crime has no borders. They can do a million things wrong and they don't care. We do a million things right, one thing wrong and it's a challenge. So there's this big collaboration. That's a big part of FortiGuard. Why exists too, as to make the industry better, to work on protocols and automation and really fight this together while remaining competitors. I mean, we have competitors out there, of course. And so it comes down to that last mile problems on is like, we can share intelligence within the industry, but it's only intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. >> Aamir, what's your take on this societal benefit? Because, I would say instance, the Sony hack years ago that, when you have nation States, if they put troops on our soil, the government would respond, but yet virtually they're here and the private sector has to fend for themselves. There's no support. So I think this private public partnership thing is very relevant, I think is ground zero of the future build out of policy because we pay for freedom. Why don't we have cyber freedom if we're going to run a business, where is our help from the government? We pay taxes. So again, if a military showed up, you're not going to see companies fighting the foreign enemy, right? So again, this is a whole new changeover. What's your thought? >> It really is. You have to remember that cyber attacks puts everyone on an even playing field, right? I mean, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that. Anyone can basically come up to speed on cyber weapons as long as an internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies. But absolutely I think a lot of us, from a personal standpoint, a lot of us have seen research does I've seen organizations fail through cyber attacks. We've seen the frustration, we've seen, like besides organization, we've seen people like, just like grandma's lose their pictures of their other loved ones because they kind of, they've been attacked by ransomware. I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But I will add that at least here in the U.S. the federal government actually has a lot of partnerships and a lot of programs to help organizations with cyber attacks. The US-CERT is always continuously updating, organizations about the latest attacks and regard is another organization run by the FBI and a lot of companies like Fortinet. And even a lot of other security companies participate in these organizations. So everyone can come up to speed and everyone can share information. So we all have a fighting chance. >> It's a whole new wave of paradigm. You guys are on the cutting edge. Derek always great to see you, Aamir great to meet you remotely, looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >> Pleasure as always. >> Okay. Keep conversation here. I'm John Furrier, host of theCUBE. Great insightful conversation around security ransomware with a great demo. Check it out from Derek and Aamir from FortiGuard Labs. I'm John Furrier. Thanks for watching.

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation hi buddy welcome this special digital presentation where we're covering the topic of data ops and specifically how IBM is really operationalizing and automating the data pipeline with data ops and with me is Interpol Bhandari who is the global chief data officer at IBM in Nepal has always great to see you thanks for coming on my pleasure you know the standard throw away question from guys like me is you know what keeps the chief data officer up at night well I know what's keeping you up at night it's kovat 19 how are you doing it's keeping keeping all of us yeah for sure so how you guys making out as a leader I'm interested in you know how you have responded with whether it's you know communications obviously you're doing much more stuff you know remotely you're not on airplanes certainly like you used to be but but what was your first move when you actually realized this was going to require a shift well I think one of the first things that I did was to test the ability of my organization who worked remotely this was well before the the recommendations came in from the government but just so that we wanted you know to be sure that this is something that we could pull off if there were extreme circumstances where even everybody was good and so that was one of the first things we did along with that I think another major activity that we embarked on is even that we had created this central data and AI platform for IBM using our hybrid multi cloud approach how could that be adapting very very quickly you helped with the covert situation but those were the two big items that my team embarked on very quickly and again like I said this is well before there was any recommendations from the government or even internally within IBM any recommendations but B we decided that we wanted to run ahead and make sure that we were ready to ready to operate in that fashion and I believe a lot of my colleagues did the same yeah there's a there's a conversation going on right now just around productivity hits that people may be taking because they really weren't prepared it sounds like you're pretty comfortable with the productivity impact that you're achieving oh I'm totally comfortable with the productivity in fact I will tell you that while we've gone down this spot we've realized that in some cases the productivity is actually going to be better when people are working from home and they're able to focus a lot more on the work aspect you know and this could this runs the gamut from the nature of the job where you know somebody who basically needs to be in the front of a computer and is remotely taking care of operations you know if they don't have to come in their productivity is gonna go up somebody like myself who had a long drive into work you know which I would use on phone calls but now that entire time is can be used a lot more productivity but not maybe in a lot more productive manner so there is a we realize that that there's going to be some aspects of productivity that will actually be helped by the situation provided you're able to deliver the services that you deliver with the same level of quality and satisfaction that you've always done now there were certain other aspects where you know productivity is going to be affected so you know my team there's a lot of whiteboarding that gets done there are lots of informal conversations that spark creativity but those things are much harder to replicate in a remote in life so we've got a sense of you know where we have to do some work what things together versus where we were actually going to be more productive but all in all they are very comfortable that we can pull this off no that's great I want to stay on Kovac for a moment and in the context of just data and data ops and you know why now obviously with a crisis like this it increases the imperative to really have your data act together but I want to ask you both specifically as it relates to Co vid why data ops is so important and then just generally why at this this point in our time so I mean you know the journey we've been on they you know when I joined our data strategy centered around the cloud data and AI mainly because IBM's business strategy was around that and because there wasn't the notion of ái in enterprise right there was everybody understood what AI means for the consumer but for the enterprise people don't really understand what it meant so our data strategy became one of actually making IBM itself into an AI and a BA and then using that as a showcase for our clients and customers who look a lot like us to make them into a eye on the prize and in a nutshell what that translated to was that one had to in few AI into the workflow of the key business processes of enterprise so if you think about that workflow is very demanding why do you have to be able to deliver data and insights on time just when it's needed otherwise you can essentially slow down the whole workflow of a major process with but to be able to pull all that off you need to have your own data very very streamlined so that a lot of it is automated and you're able to deliver those insights as the people who are involved in the workflow needed so we've spent a lot of time while we were making IBM into an AI enterprise and infusing AI into our keepers and thus processes into essentially a data ops pipeline that was very very streamlined which then allowed us to very quickly adapt to the covert 19 situation and I'll give you one specific example that we'll go to you know how one would say one could essentially leverage that capability that I just talked about to do this so one of the key business processes that we had taken aim at was our supply chain you know we're a global company and our supply chain is critical we have lots of suppliers and they are all over the globe and we have different types of products so that you know it has a multiplicative fact is we go from each of those you have other additional suppliers and you have events you have other events you have calamities you have political events so we have to be able to very quickly understand the risk associated with any of those events with regard to our supply chain and make appropriate adjustments on the fly so that was one of the key applications that we built on our central data and the Aqua and as part of a data ops pipeline that meant he ingested the ingestion of the several hundred sources of data had to be blazingly fast and also refreshed very very quickly also we had to then aggregate data from the outside from external sources that had to do with weather related events that had to do with political events social media feeds etcetera and overlay that on top of our map of interest with regard to our supply chain sites and also where they were supposed to deliver we'd also weaved in our capabilities here to track those shipments as they flowed and have that data flow back as well so that we would know exactly where where things were this is only possible because we had a streamlined data ops capability and we had built this central data Nai platform for IBM now you flip over to the covert 19 situation when go with 19 you know emerged and we began to realize that this was going to be a significant significant pandemic what we were able to do very quickly was to overlay the Kovach 19 incidents on top of our sites of interest as well as pick up what was being reported about those sites of interest and provide that over to our business continuity so this became an immediate exercise that we embarked but it wouldn't have been possible if you didn't have the foundation of the data ops pipeline as well as that central data Nai platform in place to help you do that very very quickly and adapt so so what I really like about this story and something that I want to drill into is it essentially a lot of organizations have a real tough time operationalizing AI and fusing it to use your word and the fact that you're doing it is really a good proof point that I want to explore a little bit so you're essentially there was a number of aspects of what you just described there was the data quality piece with your data quality in theory anyway is gonna go up with more data if you can handle it and the other was speed time to insight so you can respond more quickly if it's think about this Kovan situation if your days behind or weeks behind which is not uncommon you know sometimes even worse you just can't respond I mean these things change daily sometimes certainly within the day so is that right that's kind of the the business outcome and objective that you guys were after yes you know so trauma from an infused AI into your business processes by the overarching outcome metric that one focuses on is end to end cycle so you take that process the end-to-end process and you're trying to reduce the end-to-end cycle time by you know several factors several orders of magnitude we did for instance in my organization that have to do with the generation of metadata is data about data and that's usually a very time-consuming process and we've reduced that by over 95% by using AI you actually help in the metadata generation itself and that's applied now across the board for many different business processes that you know iBM has that's the same kind of principle that was you you'll be able to do that so that foundation essentially enables you to go after that cycle time reduction right off the bat so when you get to a situation like of open 19 situation which demands urgent action your foundation is already geared to deliver on that so I think actually we might have a graphic and then the second graphic guys if you bring up this second one I think this is Interpol what you're talking about here that sort of 95 percent reduction guys if you could bring that up would take a look at it so this is maybe not a co vid use case yeah here it is so that 95 percent reduction in in cycle time improving and data quality what we talked about there's actually some productivity metrics right this is what you're talking about here in this metadata example correct yeah yes the middle do that right it's so central to everything that one does with data I mean it's basically data about data and this is really the business metadata that we're talking about which is once you have data in your data Lee if you don't have business metadata describing what that data is then it's very hard for people who are trying to do things to determine whether they can even whether they even have access to the right data and typically this process has been done manually because somebody looks at the data they looks at the fields and they describe it and it could easily take months and what we did was we essentially use a deep learning and a natural language processing approach looked at all the data that we've had historically over an idea and we've automated the metadata generation so whether it was you know you were talking about both the data relevant for probit team or for supply chain or for a receivable process any one of our business processes this is one of those fundamental steps that one must go through to be able to get your data ready for action and if you were able to take that cycle time for that step and reduce it by 95% you can imagine the acceleration yeah and I liked it we were saying before you talk about the end to end a concept you're applying system thinking here which is very very important because you know a lot of a lot of points that I talked you'll they'll be they're so focused on one metric may be optimizing one component of that end to end but it's really the overall outcome that you're trying to achieve you you may sometimes you know be optimizing one piece but not the whole so that systems thinking is is very very important isn't it the system's thinking is extremely important overall no matter you know where you're involved in the process of designing the system but if you're the data guy it's incredibly important because not only does that give you an insight into the cycle time reduction but it also gives it clues you in into what standardization is necessary in the data so that you're able to support an eventual out you know a lot of people will go down the path of data governance and creation of data standard and you can easily boil the ocean trying to do that but if you actually start with an end-to-end view of your key processes and that by extension the outcomes associated with those processes as well as the user experience at the end of those processes and kind of then work backwards as to what are the standards that you need for the data that's going to feed into all that that's how you arrive at you know a viable practical data standards effort that you can essentially push forward with so there's there are multiple aspects when you take that end-to-end system you that helps the chief later one of the other tenets of data ops is really the ability across the organization for everybody to have visibility communications it's very key we've got another graphic that I want to show around the organizational you know in the right regime and this is a complicated situation for a lot of people but it's imperative guys if you bring up the first graphic it's imperative that organizations you know fine bring in the right stakeholders and actually identify those individuals that are going to participate so that there's full visibility everybody understands what their their roles are they're not in in silos so a guys if you could show us that first graphic that would be great but talk about the organization and the right regime they're Interpol yes yes I believe you're going to what you're gonna show up is actually my organization but I think it's yes it's very very illustrative of what one has to set up to be able to pull off the kind of impact you know so let's say we talked about that central data and AI platform that's driving the entire enterprise and you're infusing AI into key business processes like the supply chain you then create applications like the operational risk insights that we talked about and then extend it over to a faster merging and changing situation like the overt nineteen you need an organization that obviously reflects the technical aspects of the plan right so you have to have the data engineering arm and in my case there's a lot of emphasis around because that's one of those skill set areas that's really quite rare and but also very very powerful so they're the major technology arms of that there's also the governance arm that I talked about where you have to produce a set of standards and implement them and enforce them so that you're able to make this end-to-end impact but then there's also there's a there's an adoption where there's a there's a group that reports in to me very very you know empowered which essentially has to convince the rest of the organization to adopt but the key to their success has been in power in the sense that they are empowered to find like-minded individuals in our key business processes who are also empowered and if they agree they just move forward and go ahead and do it because you know we've already provided the central capabilities by central I don't mean they're all in one location we're completely global and you know it's it's it's a hybrid multi-cloud set up but it's central in the sense that it's one source to come for for trusted data as well as the expertise that you need from an AI standpoint to be able to move forward and deliver the business outcome so when these business schemes come together with the adoption that's where the magic hand so that's another another aspect of the organization that's critical and then we've also got a data officer council that I chair and that has to do with the people who are the chief data officer z' of the individual business units that we have and they're kind of my extended team into the rest of the organization and we leverage that bolt from a adoption of the platform standpoint but also in terms of defining and enforcing standard it helps us do want to come back the Ovid talked a little bit about business resiliency people I think you've probably seen the news that IBM's you know providing super computer resources to the government to fight coronavirus you've also just announced that some some RTP folks are helping first responders and nonprofits and providing capabilities for no charge which is awesome I mean it's the kind of thing look I'm sensitive the companies like IBM you know you don't want to appear to be ambulance-chasing in these times however IBM and other big tech companies you're in a position to help and that's what you're doing here so maybe you could talk a little bit about what you're doing in this regard and then we'll tie it up with just business resiliency and the importance of data right right so you know I'd explained the operational risk insights application that we had which we were using internally and be covert nineteen even be using it we were using it primarily to assess the risk to our supply chain from various events and then essentially react very very quickly to those through those events so you could manage the situation well we realize that this is something that you know several non government NGOs that big they could essentially use the ability because they have to manage many of these situations like natural disasters and so we've given that same capability to the NGOs to you and to help them to help them streamline their planning and their thinking by the same token but you talked about Oh with nineteen that same capability with the poet mine team data overlaid on top of them essentially becomes a business continuity planning and resilience because let's say I'm a supply chambers right now I can look the incidence of probe ignite and I can and I know where my suppliers are and I can see the incidence and I can say oh yes know this supplier and I can see that the incidence is going up this is likely to be affected let me move ahead and start making plans backup plans just in case it reaches a crisis level then on the other hand if you're somebody in our revenue planning you know on the finance side and you know where your keep clients and customers are located again by having that information overlaid with those sites you can make your own judgments and you can make your own assessment to do that so that's how it translates over into a business continuity and resilient resilience planning - we are internally doing that now - every department you know that's something that we are actually providing them this capability because we could build rapidly on what we had already done and to be able to do that and then as we get inside into what each of those departments do with that data because you know once they see that data once they overlay it to their sites of interest and this is you know anybody and everybody in IBM because no matter what department they're in there are going to be sites of interest that are going to be affected and they have an understanding of what those sites of interest mean in the context of the planning that they're doing and so they'll be able to make judgments but as we gain a better understanding of that we will automate those capabilities more and more for each of those specific areas and now you're talking about a comprehensive approach an AI approach to business continuity and resilience planning in the context of a large complicated organization like IBM which obviously will be of great interest to enterprise clients and customers right one of the things that we're researching now is trying to understand you know what about this crisis is gonna be permanent some things won't be but but we think many things will be there's a lot of learnings do you think that organizations will rethink business resiliency in this context that they might sub optimize profitability for example to be more prepared for crises like this with better business resiliency and what role would data play in that so no it's a very good question and timely question Dave so I mean clearly people have understood that with regard to such a pandemic the first line of beef right is it is it's not going to be so much on the medicine side because the vaccine is not even we won't be available for a period of time it has to go to development so the first line of defense is actually to take a quarantine like a pro like we've seen play out across the world and then that in effect results in an impact on the businesses right in the economic climate and the businesses there's an impact I think people have realized this now they will obviously factor this in into their into how they do business will become one of those things from if this is time talking about how this becomes permanent I think it's going to become one of those things that if you're a responsible enterprise you are going to be planning for you're going to know how to implement this on the second go-around so obviously you put those frameworks and structures in place and there will be a certain cost associated with them and one could argue that that could eat into the profitability on the other hand what I would say is because these two points really that these are fast emerging fluid situations you have to respond very very quickly to those you will end up laying out a foundation pretty much like we did which enables you to really accelerate your pipeline right so the data ops pipelines we talked about there there's a lot of automation so that you can react very quickly you know data ingestion very very rapidly that you're able to you know do that kind of thing the metadata generation just the entire pipeline that we're talking about that you're able to respond and very quickly bring in new data and then aggregated at the right levels infuse it into the workflows and then deliver it to the right people at the right time I will you know that will become a must now but once you do that you could argue that there is a cost associated with doing that but we know that the cycle time reductions on things like that they can run you know I mean I gave you the example of 95 percent you know on average we see like a 70% end to end cycle time era where we've implemented the approach that's been pretty pervasive with an idea across a business process so that in a sense in in essence then actually becomes a driver for profitability so yes it might you know this might back people into doing that but I would argue that that's probably something that's going to be very good long term for the enterprises involved and they'll be able to leverage that in their in their business and I think that just the competitive pressure of having to do that will force everybody down that path mean but I think it'll be eventually a good that end and cycle time compression is huge and I like what you're saying because it's it's not just a reduction in the expected loss during a crisis there's other residual benefits to the organization Interpol thanks so much for coming on the cube and sharing this really interesting and deep case study I know there's a lot more information out there so really appreciate your time all right take care buddy thanks for watching and this is Dave Allante for the cube and we will see you next time [Music]

>>from the Cube Studios in Palo Alto and Boston connecting with thought leaders all around the world. This is a cube conversation. >>Hi, everybody. This is Dave Volante with Cuban. Welcome to the special digital presentation. We're really digging into how IBM is operational izing and automating the AI and data pipeline not only for its clients, but also for itself. And with me is Julie Lockner, who looks after offering management and IBM Data and AI portfolio really great to see you again. >>Great, great to be here. Thank you. Talk a >>little bit about the role you have here at IBM. >>Sure, so my responsibility in offering >>management and the data and AI organization is >>really twofold. One is I lead a team that implements all of the back end processes, really the operations behind any time we deliver a product from the Data and AI team to the market. So think about all of the release cycle management are seeing product management discipline, etcetera. The other role that I play is really making sure that I'm We are working with our customers and making sure they have the best customer experience and a big part of that is developing the data ops methodology. It's something that I needed internally >>from my own line of business execution. But it's now something that our customers are looking for to implement in their shops as well. >>Well, good. I really want to get into that. So let's let's start with data ops. I mean, I think you know, a lot of people are familiar with Dev Ops. Not maybe not everybody's familiar with data ops. What do we need to know about data? >>Well, I mean, you bring up the point that everyone knows Dev ops. And in fact, I think you know what data ops really >>does is bring a lot of the benefits that Dev Ops did for application >>development to the data management organizations. So when we look at what is data ops, it's a data management. Uh, it is a data management set of principles that helps organizations bring business ready data to their consumers. Quickly. It takes it borrows from Dev ops. Similarly, where you have a data pipeline that associates a business value requirement. I have this business initiative. It's >>going to drive this much revenue or this must cost >>savings. This is the data that I need to be able to deliver it. How do I develop that pipeline and map to the data sources Know what data it is? Know that I can trust it. So ensuring >>that it has the right quality that I'm actually using, the data that it was meant >>for and then put it to use. So in in history, most data management practices deployed a waterfall like methodology. Our implementation methodology and what that meant is all the data pipeline >>projects were implemented serially, and it was done based on potentially a first in first out program management office >>with a Dev Ops mental model and the idea of being able to slice through all of the different silos that's required to collect the data, to organize it, to integrate it, the validate its quality to create those data integration >>pipelines and then present it to the dashboard like if it's a Cognos dashboard >>or a operational process or even a data science team, that whole end to end process >>gets streamlined through what we're pulling data ops methodology. >>So I mean, as you well know, we've been following this market since the early days of Hadoop people struggle with their data pipelines. It's complicated for them, there's a a raft of tools and and and they spend most of their time wrangling data preparing data moving data quality, different roles within the organization. So it sounds like, you know, to borrow from from Dev Ops Data offices is all about streamlining that data pipeline, helping people really understand and communicate across. End the end, as you're saying, But but what's the ultimate business outcome that you're trying to drive? >>So when you think about projects that require data to again cut costs Teoh Artemia >>business process or drive new revenue initiatives, >>how long does it take to get from having access to the data to making it available? That duration for every time delay that is spent wasted trying to connect to data sources, trying to find subject matter experts that understand what the data means and can verify? It's quality, like all of those steps along those different teams and different disciplines introduces delay in delivering high quality data fat, though the business value of data ops is always associated with something that the business is trying to achieve but with a time element so if it's for every day, we don't have this data to make a decision where either making money or losing money, that's the value proposition of data ops. So it's about taking things that people are already doing today and figuring out the quickest way to do it through automation or work flows and just cutting through all the political barriers >>that often happens when these data's cross different organizational boundaries. >>Yes, sir, speed, Time to insights is critical. But in, you know, with Dev Ops, you really bringing together of the skill sets into, sort of, you know, one Super Dev or one Super ops. It sounds with data ops. It's really more about everybody understanding their role and having communication and line of sight across the entire organization. It's not trying to make everybody else, Ah, superhuman data person. It's the whole It's the group. It's the team effort, Really. It's really a team game here, isn't it? >>Well, that's a big part of it. So just like any type of practice, there's people, aspects, process, aspects and technology, right? So people process technology, and while you're you're describing it, like having that super team that knows everything about the data. The only way that's possible is if you have a common foundation of metadata. So we've seen a surgeons in the data catalog market in the last, you know, 67 years. And what what the what? That the innovation in the data catalog market has actually enabled us to be able >>to drive more data ops pipelines. >>Meaning as you identify data assets you captured the metadata capture its meaning. You capture information that can be shared, whether they're stakeholders, it really then becomes more of a essential repository for people don't really quickly know what data they have really quickly understand what it means in its quality and very quickly with the right proper authority, like privacy rules included. Put it to use >>for models, um, dashboards, operational processes. >>Okay. And we're gonna talk about some examples. And one of them, of course, is IBM's own internal example. But help us understand where you advise clients to start. I want to get into it. Where do I get started? >>Yeah, I mean, so traditionally, what we've seen with these large data management data governance programs is that sometimes our customers feel like this is a big pill to swallow. And what we've said is, Look, there's an operator. There's an opportunity here to quickly define a small project, align into high value business initiative, target something that you can quickly gain access to the data, map out these pipelines and create a squad of skills. So it includes a person with Dev ops type programming skills to automate an instrument. A lot of the technology. A subject matter expert who understands the data sources in it's meeting the line of business executive who translate bringing that information to the business project and associating with business value. So when we say How do you get started? We've developed A I would call it a pretty basic maturity model to help organizations figure out. Where are they in terms of the technology, where are they in terms of organizationally knowing who the right people should be involved in these projects? And then, from a process perspective, we've developed some pretty prescriptive project plans. They help you nail down. What are the data elements that are critical for this business business initiative? And then we have for each role what their jobs are to consolidate the data sets map them together and present them to the consumer. We find that six week projects, typically three sprints, are perfect times to be able to a timeline to create one of these very short, quick win projects. Take that as an opportunity to figure out where your bottlenecks are in your own organization, where your skill shortages are, and then use the outcome of that six week sprint to then focus on billing and gaps. Kick off the next project and iterating celebrate the success and promote the success because >>it's typically tied to a business value to help them create momentum for the next one. >>That's awesome. I want to get into some examples, I mean, or we're both Massachusetts based. Normally you'd be in our studio and we'd be sitting here for face to face of obviously with Kobe. 19. In this crisis world sheltering in place, you're up somewhere in New England. I happened to be in my studio, but I'm the only one here, so relate this to cove it. How would data ops, or maybe you have a, ah, a concrete example in terms of how it's helped, inform or actually anticipate and keep up to date with what's happening with both. >>Yeah, well, I mean, we're all experiencing it. I don't think there's a person >>on the planet who hasn't been impacted by what's been going on with this Cupid pandemic prices. >>So we started. We started down this data obscurity a year ago. I mean, this isn't something that we just decided to implement a few weeks ago. We've been working on developing the methodology, getting our own organization in place so that we could respond the next time we needed to be able todo act upon a data driven decision. So part of the step one of our journey has really been working with our global chief data officer, Interpol, who I believe you have had an opportunity to meet with an interview. So part of this year Journey has been working with with our corporate organization. I'm in a line of business organization where we've established the roles and responsibilities we've established the technology >>stack based on our cloud pack for data and Watson knowledge padlock. >>So I use that as the context. For now, we're faced with a pandemic prices, and I'm being asked in my business unit to respond very quickly. How can we prioritize the offerings that are going to help those in critical need so that we can get those products out to market? We can offer a 90 day free use for governments and hospital agencies. So in order for me to do that as a operations lead or our team, I needed to be able to have access to our financial data. I needed to have access to our product portfolio information. I needed to understand our cloud capacity. So in order for me to be able to respond with the offers that we recently announced and you'll you can take a look at some of the examples with our Watson Citizen Assistant program, where I was able to provide the financial information required for >>us to make those products available from governments, hospitals, state agencies, etcetera, >>that's a That's a perfect example. Now, to set the stage back to the corporate global, uh, the chief data office organization, they implemented some technology that allowed us to, in just data, automatically classify it, automatically assign metadata, automatically associate data quality so that when my team started using that data, we knew what the status of that information >>was when we started to build our own predictive models. >>And so that's a great example of how we've been partnered with a corporate central organization and took advantage of the automated, uh, set of capabilities without having to invest in any additional resources or head count and be able to release >>products within a matter of a couple of weeks. >>And in that automation is a function of machine intelligence. Is that right? And obviously, some experience. But you couldn't you and I when we were consultants doing this by hand, we couldn't have done this. We could have done it at scale anyway. It is it is it Machine intelligence and AI that allows us to do this. >>That's exactly right. And you know, our organization is data and AI, so we happen to have the research and innovation teams that are building a lot of this technology, so we have somewhat of an advantage there, but you're right. The alternative to what I've described is manual spreadsheets. It's querying databases. It's sending emails to subject matter experts asking them what this data means if they're out sick or on vacation. You have to wait for them to come back, and all of this was a manual process. And in the last five years, we've seen this data catalog market really become this augmented data catalog, and the augmentation means it's automation through AI. So with years of experience and natural language understanding, we can home through a lot of the metadata that's available electronically. We can calm for unstructured data, but we can categorize it. And if you have a set of business terms that have industry standard definitions through machine learning, we can automate what you and I did as a consultant manually in a matter of seconds. That's the impact that AI is have in our organization, and now we're bringing this to the market, and >>it's a It's a big >>part of where I'm investing. My time, both internally and externally, is bringing these types >>of concepts and ideas to the market. >>So I'm hearing. First of all, one of the things that strikes me is you've got multiple data, sources and data that lives everywhere. You might have your supply chain data in your er p. Maybe that sits on Prem. You might have some sales data that's sitting in a sas in a cloud somewhere. Um, you might have, you know, weather data that you want to bring in in theory. Anyway, the more data that you have, the better insights that you could gather assuming you've got the right data quality. But so let me start with, like, where the data is, right? So So it's it's anywhere you don't know where it's going to be, but you know you need it. So that's part of this right? Is being able >>to get >>to the data quickly. >>Yeah, it's funny. You bring it up that way. I actually look a little differently. It's when you start these projects. The data was in one place, and then by the time you get through the end of a project, you >>find out that it's moved to the cloud, >>so the data location actually changes. While we're in the middle of projects, we have many or even during this this pandemic crisis. We have many organizations that are using this is an opportunity to move to SAS. So what was on Prem is now cloud. But that shouldn't change the definition of the data. It shouldn't change. It's meaning it might change how you connect to it. It might also change your security policies or privacy laws. Now, all of a sudden, you have to worry about where is that data physically located? And am I allowed to share it across national boundaries right before we knew physically where it waas. So when you think about data ops, data ops is a process that sits on top of where the data physically resides. And because we're mapping metadata and we're looking at these data pipelines and automated work flows, part of the design principles are to set it up so that it's independent of where it resides. However, you have to have placeholders in your metadata and in your tool chain, where we're automating these work flows so that you can accommodate when the data decides to move. Because the corporate policy change >>from on prem to cloud. >>And that's a big part of what Data ops offers is the same thing. By the way, for Dev ops, they've had to accommodate building in, you know, platforms as a service versus on from the development environments. It's the same for data ops, >>and you know, the other part that strikes me and listening to you is scale, and it's not just about, you know, scale with the cloud operating model. It's also about what you were talking about is you know, the auto classification, the automated metadata. You can't do that manually. You've got to be able to do that. Um, in order to scale with automation, That's another key part of data office, is it not? >>It's a well, it's a big part of >>the value proposition and a lot of the part of the business case. >>Right then you and I started in this business, you know, and big data became the thing. People just move all sorts of data sets to these Hadoop clusters without capturing the metadata. And so as a result, you know, in the last 10 years, this information is out there. But nobody knows what it means anymore. So you can't go back with the army of people and have them were these data sets because a lot of the contact was lost. But you can use automated technology. You can use automated machine learning with natural, understand natural language, understanding to do a lot of the heavy lifting for you and a big part of data ops, work flows and building these pipelines is to do what we call management by exception. So if your algorithms say 80% confident that this is a phone number and your organization has a low risk tolerance, that probably will go to an exception. But if you have a you know, a match algorithm that comes back and says it's 99% sure this is an email address, right, and you have a threshold that's 98%. It will automate much of the work that we used to have to do manually. So that's an example of how you can automate, eliminate manual work and have some human interaction based on your risk threshold. >>That's awesome. I mean, you're right, the no schema on write said. I throw it into a data lake. Data Lake becomes a data swamp. We all know that joke. Okay, I want to understand a little bit, and maybe you have some other examples of some of the use cases here, but there's some of the maturity of where customers are. It seems like you've got to start by just understanding what data you have, cataloging it. You're getting your metadata act in order. But then you've got you've got a data quality component before you can actually implement and get yet to insight. So, you know, where are customers on the maturity model? Do you have any other examples that you can share? >>Yeah. So when we look at our data ops maturity model, we tried to simplify, and I mentioned this earlier that we try to simplify it so that really anybody can get started. They don't have to have a full governance framework implemented to to take advantage of the benefits data ops delivers. So what we did is we said if you can categorize your data ops programs into really three things one is how well do you know your data? Do you even know what data you have? The 2nd 1 is, and you trust it like, can you trust it's quality? Can you trust it's meeting? And the 3rd 1 is Can you put it to use? So if you really think about it when you begin with what data do you know, write? The first step is you know, how are you determining what data? You know? The first step is if you are using spreadsheets. Replace it with a data catalog. If you have a department line of business catalog and you need to start sharing information with the department's, then start expanding to an enterprise level data catalog. Now you mentioned data quality. So the first step is do you even have a data quality program, right. Have you even established what your criteria are for high quality data? Have you considered what your data quality score is comprised of? Have you mapped out what your critical data elements are to run your business? Most companies have done that for there. They're governed processes. But for these new initiatives And when you identify, I'm in my example with the covert prices, what products are we gonna help bring to market quickly? I need to be able to >>find out what the critical data elements are. And can I trust it? >>Have I even done a quality scan and have teams commented on it's trustworthiness to be used in this case, If you haven't done anything like that in your organization, that might be the first place to start. Pick the critical data elements for this initiative, assess its quality, and then start to implement the work flows to re mediate. And then when you get to putting it to use, there's several methods for making data available. One is simply making a gate, um, are available to a small set of users. That's what most people do Well, first, they make us spreadsheet of the data available, But then, if they need to have multiple people access it, that's when, like a Data Mart might make sense. Technology like data virtualization eliminates the need for you to move data as you're in this prototyping phase, and that's a great way to get started. It doesn't cost a lot of money to get a virtual query set up to see if this is the right join or the right combination of fields that are required for this use case. Eventually, you'll get to the need to use a high performance CTL tool for data integration. But Nirvana is when you really get to that self service data prep, where users can weary a catalog and say these are the data sets I need. It presents you a list of data assets that are available. I can point and click at these columns I want as part of my data pipeline and I hit go and automatically generates that output or data science use cases for it. Bad news, Dashboard. Right? That's the most mature model and being able to iterate on that so quickly that as soon as you get feedback that that data elements are wrong or you need to add something, you can do it. Push button. And that's where data obscurity should should bring organizations too. >>Well, Julie, I think there's no question that this covert crisis is accentuated the importance of digital. You know, we talk about digital transformation a lot, and it's it's certainly riel, although I would say a lot of people that we talk to we'll say, Well, you know, not on my watch. Er, I'll be retired before that all happens. Well, this crisis is accelerating. That transformation and data is at the heart of it. You know, digital means data. And if you don't have data, you know, story together and your act together, then you're gonna you're not gonna be able to compete. And data ops really is a key aspect of that. So give us a parting word. >>Yeah, I think This is a great opportunity for us to really assess how well we're leveraging data to make strategic decisions. And if there hasn't been a more pressing time to do it, it's when our entire engagement becomes virtual like. This interview is virtual right. Everything now creates a digital footprint that we can leverage to understand where our customers are having problems where they're having successes. You know, let's use the data that's available and use data ops to make sure that we can generate access. That data? No, it trust it, Put it to use so that we can respond to >>those in need when they need it. >>Julie Lockner, your incredible practitioner. Really? Hands on really appreciate you coming on the Cube and sharing your knowledge with us. Thank you. >>Thank you very much. It was a pleasure to be here. >>Alright? And thank you for watching everybody. This is Dave Volante for the Cube. And we will see you next time. >>Yeah, yeah, yeah, yeah, yeah

>>Yeah, >>from the Cube Studios in Palo Alto and Boston. It's the Cube covering IBM. Think brought to you by IBM. >>Everybody, this is Dave Vellante of the Cube. Welcome back. The continuous coverage that we're running here of the IBM Think Digital 2020 Experience. I'm with Radica Gunnar, who is a longtime Cube alum. She's the vice president for Data and AI. Expert labs and learning Radica. Always a pleasure. I wish we were seeing each other face to face in San Francisco. But, you know, we have to make the best. >>Always a pleasure to be with you, Dave. >>So, listen, um, we last saw each other in Miami Attain IBM data event. You hear a lot of firsts in the industry. You hear about Cloud? First, you hear about data. First hear about AI first. I'm really interested in how you see AI first coming customers. They want to operationalize ai. They want to be data first. They see cloud, you know, is basic infrastructure to get there, but ultimately they want insights out of data. And that's where AI comes in. What's your point of view on this? >>I think any client that's really trying to establish how to be able to develop a AI factory in their organization so that they're embedding AI across the most pervasive problems that they have in their order. They need to be able to start first with the data. That's why we have the AI ladder, where we really think the foundation is about how clients organized there to collect their data, organize their data, analyze it, infuse it in the most important applications and, of course, use that whole capability to be able to modernize what they're doing. So we all know to be able to have good ai, you need a good foundational information, architecture and the US A lot of the first steps we have with our clients is really starting with data doing an analysis of where are you with the data maturity? Once you have that, it becomes easier to start applying AI and then to scale AI across the business. >>So unpack that a little bit and talk about some of the critical factors and the ingredients that are really necessary to be successful. What are you seeing with customers? >>Well, to be successful with, a lot of these AI projects have mentioned. It starts with the data, and when we come to those kind of characteristics, you would often think that the most important thing is the technology. It's not that is a myth. It's not the reality. What we found is some of the most important things start with really understanding and having a sponsor who understands the importance of the AI capabilities that you're trying to be able to drive through business. So do you have the right hunger and curiosity of across your organization from top to bottom to really embark on a lot of these AI project? So that's cultural element. I would say that you have to be able to have that in beds within it, like the skills capabilities that you need to be able to have, not just by having the right data scientists or the right data engineers, but by having every person who is going to be able to touch these new applications and to use these new applications, understand how AI is going to impact them, and then it's really about the process. You know, I always talk about AI is not a thing. It's an ingredient that makes everything else better, and that means that you have to be able to change your processes. Those same applications that had Dev ops process is to be able to put it in production. Need to really consider what it means to have something that's ever changing, like AI as part of that which is also really critical. So I think about it as it is a foundation in the data, the cultural changes that you need to have from top to bottom of the organization, which includes the skills and then the process components that need to be able to change. >>Do you really talking about like Dev ops for AI data ops, I think is a term that's gonna gaining popularity of you guys have applied some of that in internally. Is that right? >>Yeah, it's about the operations of the AI life cycle in, and how you can automate as much of that is possible by AI. They're as much as possible, and that's where a lot of our investments in the Data and AI space are going into. How do you use AI for AI to be able to automate that whole AI life site that you need to be able to have in it? Absolutely >>So I've been talking a lot of C. XO CEO CEOs. We've held some C so and CEO roundtables with our data partner ET are. And one of the things that's that's clear is they're accelerating certain things as a result of code 19. There's certainly much more receptive to cloud. Of course, the first thing you heard from them was a pivot to work from home infrastructure. Many folks weren't ready, so okay, but the other thing that they've said is even in some hard hit industries, we've essentially shut down all spending, with the exception of very, very critical things, including, interestingly, our digital transformation. And so they're still on that journey. They realized the strategic imperative. Uh, and they don't want to lose out. In fact, they want to come out of this stronger AI is a critical part of that. So I'm wondering what you've seen specifically with respect to the pandemic and customers, how they're approaching ai, whether or not you see it accelerating or sort of on the same track. What are you seeing out there with clients? >>You know, this is where, um in pandemics In areas where, you know, we face a lot of uncertainty. I am so proud to be an IBM. Er, um, we actually put out offer when the pandemic started in a March timeframe. Teoh Many of our organizations and communities out there to be able to use our AI technologies to be able to help citizens really understand how Kobe 19 was gonna affect them. What are the symptoms? Where can I get tested? Will there be school tomorrow? We've helped hundreds of organizations, and not only in the public sector in the healthcare sector, across every sector be able to use AI capabilities. Like what we have with Watson assistant to be able to understand how code in 19 is impacting their constituents. As I mentioned, we have hundreds of them. So one example was Children's health care of Atlanta, where they wanted to be able to create an assistant to be able to help parents really understand what symptoms are and how to handle diagnosis is so. We have been leveraging a lot of AI technologies, especially right now, to be able to help, um, not just citizens and other organizations in the public and healthcare sector, but even in the consumer sector, really understand how they can use AI to be able to engage with their constituents a lot more closely. That's one of the areas where we have done quite a bit of work, and we're seeing AI actually being used at a much more rapid rate than ever >>before. Well, I'm excited about this because, you know, we were talking about the recovery, What there's a recovery look like is it v shaped? Nobody really expects that anymore. But maybe a U shaped. But the big concern people have, you know, this w shape recovery. And I'm hopeful that machine intelligence and data can be used to just help us really understand the risks. Uh, and then also getting out good quality information. I think it's critical. Different parts of the country in the world are gonna open at different rates. We're gonna learn from those experiences, and we need to do this in near real time. I mean, things change. Certainly there for a while they were changing daily. They kind of still are. You know, maybe we're on a slower. Maybe it's three or four times a week now, but that pace of change is critical and, you know, machine machines and the only way to keep up with that wonder if you could comment. >>Well, machines are the only way to keep, and not only that, but you want to be able to have the most up to date relevant information that's able to be communicated to the masses and ways that they can actually consume that data. And that's one of the things that AI and one of the assistant technologies that we have right now are able to do. You can continually update and train them such that they can continually engage with that end consumer and that end user and be able to give them the answers they want. And you're absolutely right, Dave. In this world, the answers change every single day and that kind of workload, um, and and the man you can't leave that alone to human laborers. Even human human labors need an assistant to be able to help them answer, because it's hard for them to keep up with what the latest information is. So using AI to be able to do that, it's absolutely critical, >>and I want to stress that I said machines you can't do without machines. And I believe that, but machines or a tool for humans to ultimately make the decisions in a crisis like this because, you see, I mean, I know we have a global audience, but here in the United States, you got you have 50 different governors making decisions about when and how certainly the federal government putting down guidelines. But the governor of Georgia is going to come back differently than the governor of New York, Different from the governor of California. They're gonna make different decisions, and they need data. And AI and Machine intelligence will inform that ultimately their public policy is going to be dictated by a combination of things which obviously includes, you know, machine intelligence. >>Absolutely. I think we're seeing that, by the way, I think many of those governors have made different decisions at different points, and therefore their constituents need to really have a place to be able to understand that as well. >>You know, you're right. I mean, the citizens ultimately have to make the decision while the governor said sick, safe to go out. You know, I'm gonna do some of my own research and you know, just like if you're if you're investing in the stock market, you got to do your own research. It's your health and you have to decide. And to the extent that firms like IBM can provide that data, I think it's critical. Where does the cloud fit in all this? I mentioned the cloud before. I mean, it seems to be critical infrastructure to get information that will talk about >>all of the capabilities that we have. They run on the IBM cloud, and I think this is where you know, when you have data that needs to be secured and needs to be trusted. And you need these AI capabilities. A lot of the solutions that I talked about, the hundreds of implementations that we have done over the past just six weeks. If you kind of take a look at 6 to 8 weeks, all of that on the IBM Public cloud, and so cloud is the thing that facilitates that it facilitates it in a way where it is secure. It is trusted, and it has the AI capabilities that augmented >>critical. There's learning in your title. Where do people go toe? Learn more How can you help them learn about AI And I think it started or keep going? >>Well, you know, we think about a lot of these technologies as it isn't just about the technology. It is about the expertise and the methodologies that we bring to bear. You know, when you talk about data and AI, you want to be able to blend the technology with expertise. Which is why are my title is expert labs that come directly from the labs and we take our learnings through thousands of different clients that we have interacted with, working with the technologies in the lab, understanding those outcomes and use cases and helping our clients be successful with their data and AI projects. So we that's what we do That's our mission. Love doing that every day. >>Well, I think this is important, because I mean, ah company, an organization the size of IBM, a lot of different parts of that organization. So I would I would advise our audience the challenge IBM and say, Okay, you've got that expertise. How are you applying that expertise internally? I mean, I've talked into public Sorry about how you know the data. Science is being applied within IBM. How that's then being brought out to the customers. So you've actually you've got a Petri dish inside this massive organization and it sounds like, you know, through the, you know, the expert labs. And so the Learning Center's you're sort of more than willing to and aggressively actually sharing that with clients. >>Yeah, I think it's important for us to not only eat our own dog food, so you're right. Interpol, The CDO Office Depot office we absolutely use our own technology is to be able to drive the insights we need for our large organization and through the learnings that we have, not only from ourselves but from other clients. We should help clients, our clients and our communities and organizations progress their use of their data and their AI. We really firmly believe this is the only way. Not only these organizations will progress that society as a whole breast, that we feel like it's part of our mission, part of our duty to make sure that it isn't just a discussion on the technology. It is about helping our clients and the community get to the outcomes that they need to using ai. >>Well, guy, I'm glad you invoke the dog food ing because, you know, we use that terminology a lot. A lot of people marketing people stepped back and said, No, no, it's sipping our champagne. Well, to get the champagne takes a lot of work, and the grapes at the early stages don't taste that pain I have to go through. And so that's why I think it's a sort of an honest metaphor, but critical your you've been a friend of the Cube, but we've been on this data journey together for many, many years. Really appreciate you coming on back on the Cube and sharing with the think audience. Great to see you stay safe. And hopefully we'll see you face to face soon. >>All right. Thank you. >>Alright. Take care, my friend. And thank you for watching everybody. This is Dave Volante for the Cube. You're watching IBM think 2020. The digital version of think we'll be right back after this short break. >>Yeah, yeah, yeah.

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation hi everybody this is David on tape with the cube and welcome to the special digital presentation we're really digging into how IBM is operationalizing and automating the AI and data pipeline not only for its clients but also for itself and with me is Julie Lochner who looks after offering management and IBM's data and AI portfolio Julie great to see you again okay great to be here thank you talk a little bit about the role you have here at IBM sure so my responsibility in offering management in the data and AI organization is really twofold one is I lead a team that implements all of the back-end processes really the operations behind anytime we deliver a product from the data AI team to the market so think about all of the release cycle management pricing product management discipline etc the other roles that I play is really making sure that um we are working with our customers and making sure they have the best customer experience and a big part of that is developing the data ops methodology it's something that I needed internally from my own line of business execution but it's now something that our customers are looking for to implement in their shops as well well good I really want to get into that and so let's let's start with data ops I mean I think you know a lot of people are familiar with DevOps not maybe not everybody's familiar with the data Ops what do we need to know about data well I mean you bring up the point that everyone knows DevOps and and then in fact I think you know what data Ops really does is bring a lot of the benefits that DevOps did for application development to the data management organizations so when we look at what is data ops it's a data management it's a it's a data management set of principles that helps organizations bring business ready data to their consumers quickly it takes it borrows from DevOps similarly where you have a data pipeline that associates a business value requirement I have this business initiative it's gonna drive this much revenue or this much cost savings this is the data that I need to be able to deliver it how do I develop that pipeline and map to the data sources know what data it is know that I can trust it so ensuring that it has the right quality that I'm actually using the data that it was meant for and then put it to use so in in history most dated management practices deployed a waterfall like methodology or implementation methodology and what that meant is all the data pipeline projects were implemented serially and it was dawn based on potentially a first-in first-out program management office with a DevOps mental model and the idea of being able to slice through all of the different silos that's required to collect the data to organize it to integrate it to validate its quality to create those data integration pipelines and then present it to the dashboard like if it's a Cognos dashboard for a operational process or even a data science team that whole end-to-end process gets streamlined through what we're calling data ops methodology so I mean as you well know we've been following this market since the early days of a dupe and people struggle with their data pipelines it's complicated for them there's a raft of tools and and and they spend most of their time wrangling data preparing data improving data quality different roles within the organization so it sounds like you know to borrow from from DevOps data OPS's is all about REME lining that data pipeline helping people really understand and communicate across end to end as you're saying but but what's the ultimate business outcome that you're trying to drive so when you think about projects that require data to again cut cost to automate a business process or drive new revenue initiatives how long does it take to get from having access to the data to making it available that duration for every time delay that is spent wasted trying to connect to data sources trying to find subject matter experts that understand what the data means and can verify its quality like all of those steps along those different teams and different disciplines introduces delay in delivering high quality data fast so the business value of data Ops is always associated with something that the business is trying to achieve but with a time element so if it's for every day we don't have this data to make a decision we're either making money or losing money that's the value proposition of data ops so it's about taking things that people are already doing today and figuring out the quickest way to do it through automation through workflows and just cutting through all of the political barriers that often happens when these data's cross different organizational boundaries yeah so speed time to insights is critical but to in and then you know with DevOps you're really bringing together the skill sets into sort of you know one super dev or one super ops it sounds with data ops it's really more about everybody understanding their role and having communication and line-of-sight across the entire organization it's not trying to make everybody a superhuman data person it's the whole it's the group it's the team effort really it's really a team game here isn't it well that's a big part of it so just like any type of practice there's people aspects process aspects and technology right so people process technology and while you're you're describing it like having that super team that knows everything about the data the only way that's possible is if you have a common foundation of metadata so we've seen a surgeons in the data catalog market and last you know six seven years and what what the what that the innovation in the data catalog market has actually enabled us to be able to drive more data ops pipelines meaning as you identify data assets you've captured the metadata you capture its meaning you capture information that can be shared whether they're stakeholders it really then becomes more of a essential repository for people to really quickly know what data they have really quickly understand what it means in its quality and very quickly with the right proper authority like privacy rules included put it to use for models you know dashboards operational processes okay and and we're gonna talk about some examples and one of them of course is ibm's own internal example but but help us understand where you advise clients to start I want to get into it where do I get started yeah I mean so traditionally what we've seen with these large data management data governance programs is that sometimes our customers feel like this is a big pill to swallow and what we've said is look there's an opera there's an opportunity here to quickly define a small project align it to a high-value business initiative target something that you can quickly gain access to the data map out these pipelines and create a squad of skills so it includes a person with DevOps type programming skills to automate an instrument a lot of the technology a subject matter expert who understands the data sources and its meaning a line of business executive who can translate bringing that information to the business project and associating with business value so when we say how do you get started we've developed a I would call it a pretty basic maturity model to help organizations figure out where are they in terms of the technology where are they in terms of organizationally knowing who the right people should be involved in these projects and then from a process perspective we've developed some pretty prescriptive project plans that help you nail down what are the data elements that are critical for this business business initiative and then we have for each role what their jobs are to consolidate the datasets map them together and present them to the consumer we find that six-week projects typically three sprints are perfect times to be able to in a timeline to create one of these very short quick win projects take that as an opportunity to figure out where your bottlenecks are in your own organization where your skill shortages are and then use the outcome of that six-week sprint to then focus on filling in gaps kick off the next project and iterate celebrate the success and promote the success because it's typically tied to a business value to help them create momentum for the next one all right that's awesome I want to now get into some examples I mean or you're we're both massachusetts-based normally you'd be in our studio and we'd be sitting here face-to-face obviously with kovat 19 in this crisis we're all sheltering in place you're up in somewhere in New England I happen to be in my studio believe it but I'm the only one here so relate this to kovat how would data ops or maybe you have a concrete example in in terms of how it's helped inform or actually anticipate and keep up-to-date with what's happening with building yeah well I mean we're all experiencing it I don't think there's a person on the planet who hasn't been impacted by what's been going on with this coded pandemic crisis so we started we started down this data obscurity a year ago I mean this isn't something that we just decided to implement a few weeks ago we've been working on developing the methodology getting our own organization in place so that we could respond the next time we needed to be able to you know act upon a data-driven decision so part of step one of our journey has really been working with our global chief data officer Interpol who I believe you have had an opportunity to meet with an interview so part of this year journey has been working with with our corporate organization I'm in the line of business organization where we've established the roles and responsibilities we've established the technology stack based on our cloud pack for data and Watson knowledge catalog so I use that as the context for now we're faced with a pandemic crisis and I'm being asked in my business unit to respond very quickly how can we prioritize the offerings that are gonna help those in critical need so that we can get those products out to market we can offer a you know 90-day free use for governments and Hospital agencies so in order for me to do that as a operations lead for our team I needed to be able to have access to our financial data I needed to have access to our product portfolio information I needed to understand our cloud capacity so in order for me to be able to respond with the offers that we recently announced you know you can take a look at some of the examples with our Watson citizen assistant program where I was able to provide the financial information required for us to make those products available for governments hospitals state agencies etc that's a that's a perfect example now to to set the stage back to the corporate global chief data office organization they implemented some technology that allowed us to ingest data automatically classify it automatically assign metadata automatically associate data quality so that when my team started using that data we knew what the status of that information was when we started to build our own predictive models and so that's a great example of how we've partnered with a corporate central organization and took advantage of the automated set of capabilities without having to invest in any additional resources or headcount and be able to release products within a matter of a couple of weeks and in that automation is a function of machine intelligence is that right and obviously some experience but but you couldn't you and I when we were consultants doing this by hand we couldn't have done this we could have done it at scale anyways it is it machine intelligence an AI that allows us to do this that's exactly right and as you know our organization is data and AI so we happen to have the a research and innovation teams that are building a lot of this technology so we have somewhat of an advantage there but you're right the alternative to what I've described is manual spreadsheets it's querying databases it's sending emails to subject matter experts asking them what this data means if they're out sick or on vacation you have to wait for them to come back and all of this was a manual process and in the last five years we've seen this data catalog market really become this augmented data catalog and that augmentation means it's automation through AI so with years of experience and natural language understanding we can comb through a lot of the metadata that's available electronically we can comb through unstructured data we can categorize it and if you have a set of business terms that have industry standard definitions through machine learning we can automate what you and I did as a consultant manually in a matter of seconds that's the impact the AI is had in our organization and now we're bringing this to the market and it's a it's a big part of where I'm investing my time both internally and externally is bringing these types of concepts and ideas to the market so I'm hearing first of all one of the things that strikes me is you've got multiple data sources and data lives everywhere you might have your supply chain data and your ERP maybe that sits on Prem you might have some sales data that's sitting in the SAS store in a cloud somewhere you might have you know a weather data that you want to bring in in theory anyway the more data that you have the better insights that you can gather assuming you've got the right data quality but so let me start with like where the data is right so so it sits anywhere you don't know where it's gonna be but you know you need it so that that's part of this right is being able to read it quickly yeah it's funny you bring it up that way I actually look a little differently it's when you start these projects the data was in one place and then by the time you get through the end of a project you find out that it's a cloud so the data location actually changes while we're in the middle of projects we have many or coming even during this this pandemic crisis we have many organizations that are using this as an opportunity to move to SAS so what was on Prem is now cloud but that shouldn't change the definition of the data it shouldn't change its meaning it might change how you connect to it um it might also change your security policies or privacy laws now all of a sudden you have to worry about where is that data physically located and am I allowed to share it across national boundaries right before we knew physically where it was so when you think about data ops data ops is a process that sits on top of where the data physically resides and because we're mapping metadata and we're looking at these data pipelines and automated workflows part of the design principles are to set it up so that it's independent of where it resides however you have to have placeholders in your metadata and in your tool chain where we oughta mating these workflows so that you can accommodate when the data decides to move because of corporate policy change from on-prem to cloud then that's a big part of what data Ops offers it's the same thing by the way for DevOps they've had to accommodate you know building in you know platforms as a service versus on from the development environments it's the same for data ops and you know the other part that strikes me and listening to you is scale and it's not just about you know scale with the cloud operating model it's also about what you're talking about is you know the auto classification the automated metadata you can't do that manually you've got to be able to do that in order to scale with automation that's another key part of data Ops is it not it's well it's a big part of the value proposition and a lot of a part of the business base right then you and I started in this business you know and Big Data became the thing people just move all sorts of data sets to these Hadoop clusters without capturing the metadata and so as a result you know in the last 10 years this information is out there but nobody knows what it means anymore so you can't go back with the army of people and have them query these data sets because a lot of the contact was lost but you can use automated technology you can use automated machine learning with natural under Snatcher Alang guaa Jing to do a lot of the heavy lifting for you and a big part of data ops workflows and building these pipelines is to do what we call management-by-exception so if your algorithms say you know 80% confident that this is a phone number and your organization has a you know low risk tolerance that probably will go to an exception but if you have a you know a match algorithm that comes back and says it's 99 percent sure this is an email address right and you I have a threshold that's 98% it will automate much of the work that we used to have to do manually so that's an example of how you can automate eliminate manual work and have some human interaction based on your risk threshold now that's awesome I mean you're right the no schema on right said I throw it into a data leg the data link becomes the data swap we all know that joke okay I want to understand a little bit and maybe you have some other examples of some of the use cases here but there's some of the maturity of where customers are I mean it seems like you got to start by just understanding what data you have cataloging it you're getting your metadata act in order but then you've got a you've got a data quality component before you can actually implement and get yet to insight so you know where our customers on the on the maturity model do you have any other examples that you can share yeah so when we look at our data ops maturity model we tried to simplify it I mentioned this earlier that we try to simplify it so that really anybody can get started they don't have to have a full governance framework implemented to take advantage of the benefits data ops delivers so what we did we said if you can categorize your data ops programs into really three things one is how well do you know your data do you even know what data you have the second one is and you trust it like can you trust its quality can you trust its meeting and the third one is can you put it to use so if you really think about it when you begin with what data do you know right the first step is you know how are you determining what data you know the first step is if you are using spreadsheets replace it with a data catalog if you have a department line of business catalog and you need to start sharing information with the departments then start expanding to an enterprise level data catalog now you mentioned data quality so the first step is do you even have a data quality program right have you even established what your criteria are for high quality data have you considered what your data quality score is comprised of have you mapped out what your critical data elements are to run your business most companies have done that for they're they're governed processes but for these new initiatives and when you identify I'm in my example with the Kovach crisis what products are we gonna help bring to market quickly I need to be able to find out what the critical data elements are and can I trust it have I even done a quality scan and have teams commented on its trustworthiness to be used in this case if you haven't done anything like that in your organization that might be the first place to start pick the critical data elements for this initiative assess its quality and then start to implement the workflows to remediate and then when you get to putting it to use there's several methods for making data available you know one is simply making a data Mart available to a small set of users that's what most people do well first they make a spreadsheet of the data available but then if they need to have multiple people access it that's when like a data Mart might make sense technology like data virtualization eliminates the need for you to move data as you're in this prototyping phase and that's a great way to get started it doesn't cost a lot of money to get a virtual query set up to see if this is the right join or the right combination of fields that are required for this use case eventually you'll get to the need to use a high performance ETL tool for data integration but Nirvana is when you really get to that self-service data prep where users can query a catalog and say these are the data sets I need it presents you a list of data assets that are available I can point and click at these columns I want as part of my you know data pipeline and I hit go and it automatically generates that output for data science use cases for a Cognos dashboard right that's the most mature model and being able to iterate on that so quickly that as soon as you get feedback that that data elements are wrong or you need to add something you can do it push button and that's where data observation to bring organizations to well Julie I think there's no question that this kovat crisis is accentuated the importance of digital you know we talk about digital transformation a lot and it's it's certainly real although I would say a lot of people that we talk to will say well you know not on my watch or I'll be retired before that all happens will this crisis is accelerating that transformation and data is at the heart of it you know digital means data and if you don't have your data you know story together and your act together then you're gonna you're not going to be able to compete and data ops really is a key aspect of that so you know give us a parting word all right I think this is a great opportunity for us to really assess how well we're leveraging data to make strategic decisions and if there hasn't been a more pressing time to do it it's when our entire engagement becomes virtual like this interview is virtual write everything now creates a digital footprint that we can leverage to understand where our customers are having problems where they're having successes you know let's use the data that's available and use data ops to make sure that we can iterate access that data know it trust it put it to use so that we can respond to those in need when they need it Julie Locker your incredible practitioner really hands-on really appreciate you coming on the Kuban and sharing your knowledge with us thank you okay thank you very much it was a pleasure to be here all right and thank you for watching everybody this is Dave Volante for the cube and we will see you next time [Music]