(upbeat electronic music) >> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018 brought to you by Hosho. >> OK, welcome back everyone. We're live in Las Vegas for HoshoCon. I'm John Furrier, the host of theCUBE. This is the first inaugural security conference around blockchain. Our next guest is John Kirch, who's the Chief Evangelist for Sentinel Protocol. Great to see you, thanks for coming on. Hey, it's great to be here, John. Thank you very much for inviting me. >> I love the shirt, I got my CUBE shirt here. You got your shirt on. Cool crowd here. So, before you get into some of the things you guys are working on, what's the scene here like, for people who aren't here, this is the first ever blockchain security conference around in the industry. What are the type of people that are here? And what's going on? Why is this important? >> Well, that's a really good question. I mean, I can think back and I remember meeting the president of Hosho. For the first time back in New York at Consensus. And he was giving a presentation, and I thought it was fantastic presentation, but we broke ice, we shook hands. And then we bumped into each other again in Soul. And then I was also talking to Tim Draper not too long ago. And Tim said, he was coming out here to Las Vegas to give a presentation. And he is one of our key investors. So we thought, it would be a good idea for us to show up as well. And we believe that many times in trade shows and other types of seminar series, there's too much emphasis on fintech and not on security. And the reason why I say that, is basically in the blockchain crypto world, right now one of the major challenges holding back the growth and the success is the lack of security. Not in a core blockchain technology, but in the Dapps and in the other connected applications. People are getting hacked. And there's different types of hackings, everything from Phishing, to malware, to DNS engine hacking, to smart contracts, web applications, I mean. >> The surface area is large. >> It, many different vectors, and it's complex. Something needs to be done about it in order to unlock the potential of blockchain crypto. >> Yeah, and I also love this event because one, it's, well first of anything is always good because it's present on creation, and you don't know, there might be another one, if it's around the next year or not. But I think this one seems like it's got the right people at it that it would grow. Because, remember. >> Yeah. >> The security is the number one problem, it should be seamless, it's complicated, multiple keys to deal with, multiple chains, never mind in the surface area for hacking. So I think blockchain is going to be a sea-change. We all know that, all tech alpha entrepreneurs are getting that. The complexity around the software is the key. What do you guys, how do you guys look at this? Because you guys are in the business to solve this problem. >> Right. >> What's the answer here? >> Well, we'd look at it from a experience point of view of cybersecurity. What I mean by that is that we have a lot of people on the team that come from companies like Palo Alto Networks, and F5, and Fortinet, I come from Darktrace, and other cybersecurity companies as well. But we'd look at it from the point of view, what did we do in the past, what were the problems, how can we leverage these technologies. What's wrong with the stuff that we did before, and how can we correct those gaps and provide a better product that's more usable, easier to install, and then has the multi-vector analysis capabilities to do the, not just antivirus, for instance, but how about AI, machine learning for detecting new anomalies and behavior or newer threats and attacks, or sandboxing. But how do we solve the problem is really our main focus. >> So I got to ask you question. A lot of people in the industry that are smart or trying to attack this problem, there's two schools of thoughts. We are going to get the software, going to get to the AI, got to do all the stuff over here, and then there's radical view is, Hey, the old model isn't working for blockchain, 'cause it's a different architecture, it's decentralized, so you can't just take network protocol stacks and say, Hey this is your security stack in the old network model to decentralize. So it needs a redo. >> Right. >> A refresh or a do-over. >> Right, right. >> So, this is, seems to be tension that's productive but still contentious. >> Right. >> What's the answer, because your old Juniper, Cisco switches might not be the perimeter-based firewall model, >> I'd love that question. >> We need a do-over or not? >> So, we are the world's first crowdsourced threat intelligence platform. I didn't say product, I said platform. And that means multiple various different types of products on our platform, but in addition to that, one of the biggest problems today is the need to update. Let's say, if you're looking at things from an antivirus point of view, if you haven't updated your database, your system, then you've got vulnerabilities that you haven't addressed. And so we don't need to be updated. Our system is running on a decentralized blockchain, and therefore is connected to APIs, to different types of endpoints. We are platform-agnostic, so we could connect to IoT-type devices or, you know, other types of, mobile telephones, or to PCs, servers, and so on. And, by having this collective cybersecurity intelligence, by definition, that means we have a richer, wider database of more information, than if you license a product from, let's say, any one of the antivirus vendors. You get that company's intelligence and support services only. But we're doing it, where we're taking company A plus B, plus C, plus this white hat hacker, plus this individual here, and we're, basically, combining all that together and offering it to our clients. >> And so, is it the single source of truth or knowledge around trust, how's the trust factor come in. 'Cause, if I'm a company I want to know that everything I'm running is updated. I want to know what it is first, and then it's updated. >> And you know, in this decentralized trustless world, there is, from our point of view, a need for an organization that can be trusted by people who have been hacked or experienced suspicious activity. So, we are addressing that, so we have a team of people called the Sentinels, and they are tested and certified by our internal cybersecurity experts, as having the capabilities and the knowledge and experience to contribute. And when those people make contributions, in terms of cybersecurity intelligence, we award them with points, and those points can be converted to fiat or into other crypto tokens. >> So you're tokenizing the contribution. >> We are. >> Relative to the crowdsourcing. >> Exactly. >> So this is like CrowdStrike, or is it different? >> Oh, it's different, I think, from CrowdStrike, because CrowdStrike, while it's a very good company and very good product, what we're doing is that we're combining blacklist with whitelist and we're providing the reporting service. And so, and we're running it on a blockchain, and the blockchain has certain elements that are very very good in terms immutability, or a very high type of resilience factor, or traceability, and so we're really taking our product and focusing it on the blockchain crypto world, but quite frankly, what we're building, because we're utilizing the technology in the optimal manner, it is also applicable to the conventional cybersecurity world too. And I expect that it'll be very commonly used there tomorrow. >> So, it's portable in the sense of the function. You can actually bring this to the class of cybersecurity, known detection type identification. >> I could be using it for Goldman Sachs or Bank of America, or, let's say, this hotel. >> Some of the global cybersecurity landscape, how would you, you know, if someone's putting their toe in the water for the first time. You're obviously in the trenches doing cutting edge work, certainly folks in Washington, D.C., around the world, have cyber conversations, from general Keith Alexander, there's new companies got some interesting things going on there. To kind of grokking it, what's so this, there's crowdsourcing, how would you brake up the cybersecurity market, 'cause cyber intelligence is a big part of regional cloud deployments now, Amazon's going to have a region in the Middle East. I'm sure they got their DNS monitored well. But you have network points and you have software running on them. How is the market sliced up? Is there categories, like, that are cleanly defined? How do you view that? >> Well, you know, I look at things from a point of view of having started in the cybersecurity world, John, back in 1998. And that was when I introduced the company called WatchGuard to the Japanese market, and also did that in Korea as well. But we pioneered the use of Linux appliances. Would you believe that? (John laughing) And we also pioneered managed security services. And so, one of the things that I learned over time as the cybersecurity world increased in complexity, I mean, back there it was easy, all you needed was an antivirus and you needed network firewall. >> And you had proprietary software too, open source wasn't as prevalent. >> Exactly, but things keep on getting ratcheted up, the complexity factor is growing. And now we look at cybersecurity and there are so many different types of products and services. And so it really comes down to understanding the security policy of the end user, of the organization or the individual. What type of PC they're using? Is it IBM, is it Apple? For them putting together a security policy and then bringing in different types of products that, basically, help that individual or that organization to satisfy that policy. And then tuning that over time. Most people don't think about that part, but the tuning process is also very important. So, and then educating people too, so. >> What's a number one industry problem that industry needs to solve as an industry, and then, what is the biggest concern that end users or organizations will have? Well, I think that biggest problem out there right now that hasn't been solved, is what's going on in front of our very eyes, this, the hacking of these exchanges and wallets. I mean, those organizations have lost now over three billion dollars, cumulative over the past few years, and then over one billion dollars this year. I mean, that's a lot of money. >> It's a lot of cash. >> And somebody needs to do something. >> And nobody knows where it goes, I mean, >> Well, actually we do know where it goes. Because, actually, that's the video I wanted to show today after my presentation, but there just wasn't enough time. We analyzed the Zaif hacking that happened just a few weeks ago. >> How much did they take? >> It was about 60 million dollars. But we analyzed that, and using crowdsourced information, we analyzed the transactions and so forth, and we found, believe it or not, that a large portion of those stolen Bitcoins were washed and went through Binance, the world's largest crypto exchange. And so, if they utilized our technology, to understand that the coins that are going through them were stolen, we would do a lot to increase the cost factor for monetizing stolen Bitcoins, we would help Binance to protect themselves. >> So the laundering of the coins, >> Yes. >> You could, basically, put a penalty on that, or >> Well, I don't look at it from a penalty point of view. I look at it from the point of view of helping people to make transactions that are kosher, that meet with their corporate policy, that comply with law, that enable them to ensure, that what they are doing is correct. >> So, you tracked the address, how do you know they are being washed, from that specific >> We, basically, track the addresses, we were able to track the addresses and I can show you a video later, if you like to, where we did just that. >> Yeah, I would like to get a copy of that. >> And the information, this is on the blockchain, show that the coins went through Binance. >> So, meaning the old classic IT operations, you always had the network management's piece, this is, again, can be a big part of traceability and accountability piece of it. >> Correct. >> This is important. >> Yeah, in fact, you know, it's really important that when you think about this world. For instance, if I were to give you five dollars. >> Thanks. >> And you were to get ripped off, and somebody took that five dollars from you, how would, John, how would you trace that five dollars? >> I would track the guy around that had stole it, find out where it is, but if I don't know who's took it, then... >> If you went to the police and ask them for help, do you think they could help you analyze and trace that and audit? >> Well, in San Francisco they break into cars and just take whatever they want. The police don't even show up. >> Right, but that's relying on luck, do you know, did he open the right car, >> I wouldn't. I wouldn't know who had this. >> But, you know, that's one of the great things is that with the blockchain technology, if you use it correctly, you can trace, many times, not all the time. But it does offer us very... >> 'Cause there's a digital footprint. >> Yeah. >> There's definitely a traceability aspect. >> And that's one of the nice advantages. So, I'd rather give you Bitcoin than the five-dollar bill. >> Yeah, I'll take the Bitcoin, it probably is worth more than the five. Money is going away, paper money, I don't now have a need for. Talk about the aspect of Bitcoin in cryptocurrency, as it relates to the funding of security attacks, because that's been a big concern, people trying to figure that out. Have you guys made any progress on tracking the funding, the underground funding for security attacks. >> Well, when you think about it, and when you think about the funding of security attacks, it's now teams, and a lot of these teams are very well trained and educated. >> And they're making some good money too. >> Yeah, and so they're making good money, they've monetized this. And all it takes is one time that they break in. And, so, once they break in, and you're compromised, so you have to defend every every time, and do it well, but they only need to break in once. But in terms of that, >> One bad day. >> The one bad day. >> One bad second. >> And your company's gone. >> Yeah. >> But the funding of these endeavors is getting more and more sophisticated, the money involved is becoming much much more bigger, and we need to ratchet up our defenses, so that we can provide an adequate response. >> So, what is the answer for me, let's just say, hypothetically, you know, I get, you know, 50 million in Bitcoin for theCUBE bank, for our community, and going to use that Bitcoin to have people have flourish with content, and I got to store it somewhere. >> Yeah. >> What do I do? >> Well. >> What's my answer? Do I call Binance and say, Hey if you going to wash and launder that, I might as well put it with you, because if you're the home for all the money. >> Well, I think that the optimal solution is to get it off the network, put it into a cold wallet, and safeguard that private key in a way that is very very secure. Do not leave it, you know, on your PC, don't tape it to your screen, but basically safeguard that privat key very well. Put it into a deposit box at a bank, that might be a good idea. >> Or multiple deposit boxes spread across. >> Yeah. >> With instructions, in case, >> But don't leave it, don't leave it in your wallet >> Yeah. >> And don't leave it on, writing on the chalkboard either, above your desk. >> Yeah (chuckling). >> But, I mean, basically, >> Or don't write it down where the surveillance cameras watching you write it down. >> And you might want to use a multisig wallet as well, and that will also increase the security as well. >> All right, well, what's the story with you guys? Give us a quick update on the Sentinel Protocol, the company. How big are you guys? You mentioned Draper funded you guys. What's the status? >> Well, you know, we started earlier this year, back in January, and now we have 30 security professionals, our headquarters are in Singapore, we have another big office up in Seoul, Korea, we have a third office in Tokyo. We now have over 42 partners. I'm very proud to say that we've got, amongst those partners, at least 10 exchanges and wallets signed on with us directly, that are very interested in using our technology, integrated into their applications. >> Yeah. >> And so, >> And why they work with you, for a hedge, for security, for insurance, what's the rationale? It's forensics, for data, what's the value for them? >> Once they've been hacked, it's pretty hard to recover. A lot of these companies that are hacked, in fact, it ends with the company closing, or being sold. So, basically, what they're trying to do is leverage our security to detect the threats and the attacks, you know, in a proactive online manner before they get damaged. And then, by doing that, they can enhance their branding, that's services they're providing to their clients, and they can also help to maximize the stability and growth of their organization, as well as, >> It's a heat shield. >> The future life. >> It's a shield for them. >> It's a shield, yes. >> So they're being proactive on the security front. >> Exactly. >> So minimize any damages that potentially could get through. >> You know, right now, John, unfortunately, if you get hacked, it's a wild, wild West, it's every man up to himself. >> Yeah, it's a total stage coach. >> Nobody's going to help you. >> With the mask on, no one knows who it is. You got to do some sort of real forensics and get lucky. >> Yeah. >> Sounds like it's hit or miss, right? >> Yeah, if you get lucky, you're a lucky man, I'll tell you, because most of the people out there are not getting lucky. >> Yeah. So, we're working together with our partners to, basically, solve this problem. >> And how much money did you guys raise? >> We raised approximately eight million dollars, but it was 25,000 Ethereum. >> OK, congratulations. >> Not at all, thank you very much. >> Well thanks for coming on. Great to meet you last night at dinner. Security is at the top of the agenda. We are here, this is theCUBE coverage, part of our ongoing 2018 blockchain cryptocurrency, now digital money coverage. Of course, as you know, we've been covering Bitcoin and blockchain on our blog since 2011, and more coverage here at HoshoCon, the first security conference dedicated to discuss security on the blockchain and the new digital assets that is now money. I'm John Furrier, stay with us for more after this short break. (upbeat electronic music)