>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Welcome to the cubes coverage here in Moscone in San Francisco for RSA copper's 2020. I'm John hosted the cube and you know, cyber security is the hottest thing. Transforming businesses and you know, old. It has to transform into not only playing defense but playing off fence and understand the threats, how to organize around it. And that's really been a big part of this new next generation architecture operations and just mindset. We've got a great guest here to share his perspective. Luke Wilson, who's the vice president, intelligence for four IQ hot startup but also former FBI counter terrorism of right other DOD state department. Uh, tons of experience on both sides. Now on the commercial side. Luke, thanks for coming on. Thanks for having me. So obviously your background gives you a unique perspective and you know, I've been in uh, in the commercial side, I haven't done any government service like you have, but I can tell you it in the enterprise it's been boring. >>Oh yeah. He has storage, provisioning, storage, business servers, cloud comes in, it gets exciting. Yeah. Startups are doing cloud native lot more robust scale and you starting to see the new applications with that, the security perimeter is gone. It's now a huge surface area. So the enterprise has to get more FBI like or more smarter around how they organize, how they hire. Yeah. This is your, this is your world. Yes, it is. What's your take on this? What's it, what's your view of the industry right now? Well, I think right now what you're seeing is this change from, uh, you know, I hate to be cliche about it, but for years we've been playing whack-a-mole against the bad guys. I've see Matt, you know, uh, at my time at the FBI and various government, different agencies there, um, we're starting to see a shift of alright, we want, they want to know, okay, how is this happening to them? >>So it's just not the, the, what's happened. It's like who's behind it. And you know, in today's, in today's, uh, arena with the, you know, with cyber security, you have to start figuring out what entity is behind these attacks, uh, what they're going after. So you can start protecting that, but then also using that information, that intelligence from there, sharing it with other business sectors and then also turn in that big backend side so you can have some kind of preventive maintenance as well. I mean, you've got a lot going on. There used to be a nice little neat little industry in a box security by some software. You've got the servers, you have firewalls, all that nice stuff. Now you're talking about elaboration. Operating models are changing. A whole new dimension and open source has given a, an ability to cloak, whether it's nation States can now be operating under stealth mode. >>Oh yeah. You have all kinds of new dynamics. What is, what does the company do? You know, how do people solve this? There, there is no one answer or that, you know, it's got, it's gonna take a community, uh, the community of protectors and, uh, groups that want to help solve these issues. Uh, you know, and law enforcement, we always say, you know, it's a, it's a cat and mouse game. We catch up to them and then they change a little, you know, maybe a little bit here and there and then we catch up to him again and, uh, we're just gonna keep playing that game. But you know, uh, businesses, commercial businesses are starting to get into that, into that mode as well of, Hey, just because I defeated something today doesn't mean it's going to be right back at my door tomorrow. You know, you and I saw each other last night at the general Alexander's, uh, talk, uh, and he's always been all about offense, defense and understanding visibility and signals. >>Um, you know, there's a lot to do there. Um, you got to know where things are coming from. There's a lot of shared responsibility, but shared work, right? It's like, yes, we want, there's a lot of redundancy going on in security now. Oh yeah. And within and without pumping. So the collaboration, you mentioned the big part, how do you see that evolving that you work with the FBI counterterrorism, you kind of see how this kind of thinking renders itself. How does that work in a commercial world? How do you see that evolving? Well, you have certain cyber centers that are built for that kind of model, uh, for, uh, helping, you know, commercial, uh, industries, uh, deal with that threat. You know, there's no, uh, one tool, one company that can protect itself from a nation state attack. Uh, we've seen that, you know, so, uh, the best thing that's happening right now is people are starting to understand in order to get the entire, um, I would say the topology of the attack, that's that that's affecting you. >>You're going to have to share this information. You're going to have to learn from other groups. Uh, law enforcement, intelligence agencies are sharing. Um, and, you know, it's quite frankly, it's, it's, we're kind of late in the game of sharing, which the criminals have been doing this now for years, you know, sharing that information and understanding who to attack them, when to attack. Yeah. And they've been been winning. So I gotta ask you, as someone who's been in the industry now, and I'm book both sides, you look at RSA this year, um, besides the headline of the coronavirus who's got a backdrop to all of this, there's still a huge show here and, and the trends are changing. It seems to be the scene game, whack a mole on steroids, but now you've got cloud. What's new out there that, that's getting you excited? What do you think people should be paying attention to? >>Why? I think what people should be paying attention to is now a lot of the, I would say the products and the tools that are coming out are actually being developed by people who are practitioners have been in that space and understand what it takes in order to defeat, uh, the, the types of criminals that you're facing every day. Um, you know, I, I see a lot of products, uh, getting into the, the hoop, you know, and for me, I think that's a very, uh, a very strong point now that you can't just keep saying, I closed this court and that court in this sport and we're good. No, they're just gonna change little thing and come right back in. Um, so I see a lot of tools or act or identification or identification time attribution, um, people are trying to get to the who in this space now in order to turn that back around for prevention as well. >>So something where normally this is, you know, an FBI, uh, uh, you know, a federal government, uh, uh, agency trying to figure out the who, a lot of the tools and, and some of the, uh, you know, the data today is helping out with that for private industry. So that are great point gradient site by the way. I love that. I love that angle on that. What about meal time? Because now real time is a big one and people are overworked. It's a pile of threat detection out there. Like, Hey, there's some stuff happening in another company. So people are buying feeds. I get it right now. You need a data processing perspective. You've got to get the data. How does that, how do you see that whole challenge become an opportunity? Well, you know, uh, we're a data driven society now, right? So everything has data connected to it. >>Um, you know, and, and you're getting that amount of data stream float into your commercial entity. You know, first of all, it needs to be automated. You're going to have, you know, a lot, a lot of data to sift and sort through to understand what's actually happening here. So I think the, the, you know, that that live feed going real time is very helpful, but also content, uh, you know, put some context context behind that and having and having that, that information fully digested so you can understand what's the threat, how's it coming at you. And then using that for prevention. Super exciting time. I want to get into your experience and how that translates into maybe your advice for people that are kinda kind of waking up from lack of multiple, kind of being more of a kind of a versatile athlete, if you will, athletes, cyber athletes. >>Um, but I gotta ask you about, um, the idea of threats that are coming in that you seen in the FBI that enterprises should be paying attention. Because I'll give you an example. I'll say, Luke, I'm good. My it department covering this for years. I don't really have anything that's valuable, right? So I'm good. I got my patches done, so I don't really need to buy anything from you or I'm good, right? Not everyone's saying that, but that can be the mentality at different spectrum of, all right, so what do, what do you say to that? Well, you know, besides, I'm an idiot, you know, we see that a lot and I think, um, you have to, that, that's a very big naive approach about it. Um, you know, you also have to start thinking about, are you good with your insider threat? Are you good with your third party risks, you know, threats. >>Um, so there's so many things going down the line. When you look at what it takes for, let's say a large financial institution to run, would it take for a large, uh, company like an Uber or Lyft to run? Um, you know, there's, there's threats there and if you're saying you don't have any threats and you're, you're, you're OK, then uh, you know, I would say that's a, that's another, it's being polite, being polite. What you're saying is, no, you're not. Okay. Well, I mean, cause if, think about it, if you're just running a main small little manufacturing operation, I don't have any IP, but your operations is your IP. You might be exposed for ransomware or some, you know what I'm saying? There's always disruption. This has been kind of an interesting, there's a mindset. It's not just what you think you have. There's a holistic view. >>What's your take on the reaction to that? Yeah. It isn't the holistic view. You have to take that approach. You've seen what's happening nowadays, especially within the ransomware. Uh, you know, it's, it may come from a third party that basically didn't secure their systems, but they knew exactly what they went with, the cyber criminal, exactly what they were doing because they solely wanted to attack you and they knew the weakest link was three steps down from you. And so that's exactly where they went to. You know, I love these conversations and not, you know, a lot. I'm a Patriot and I love to help our country. I do my best. I don't really serve in the government, but one of the things I feel strongly about and people know I rant about this all the time when I'm on the cube is that digital war is happening and I really believe that, you know, our, we're a free society. >>You can't lock every door in this country. You've got borders, physical borders, so digital borders or if we're open society, you can't really be defensive all the time. Yeah. So if someone does strike us, our answers especially been counter strike back with a vengeance. Exactly. Which is how the deterrent is. But digitally, where's that line? I mean if you drop chips in Manhattan, you know you're, we're a tapping attack. What's the digital drawing in your opinion? Because this is something that Noah's talking about, but it's kind of paper cuts is that there's a line of knowing is are we being attacked? It's the who. What's your view on this? I know it's a new emerging area. Yeah. Aye. Aye. Aye. I seem to I think a little bit on both sides here. I want to do something back, but I don't think I'm most special, especially commercial businesses. >>Understand what that means. Actually find some attribution and then say, you know, it is this entity or this country that's doing that and it's kind of a slippery slope when you start getting out of that cutting edge societal issue. Because I mean the government has a military to protect me, right? But if I'm a cyber company, I going to build my own military digital military. Now what are we talking about here? I mean, it's interesting. It's, it's again, that's why I start seeing a lot. If you look at the place, you know around here you start looking at some of these tools, they are offensive weapons. When you look at them, these are weapons to understand, well not weapons, but tools to understand who and you already know what happened. And so now you get the who and the why, right? Yeah. You can't really strike back. >>But what you could do is turn that back inward and say, okay, I'm going to start preventing this stuff. Yeah. Right. But then also, Hey, I can go to the, you know, the FBI and say, here's a nice neat packet of information on what happened to me and who we believe it to be. And that's where that conversation starts to happen. And I'm really excited by the digital twin and the simulation environments where you can start having flex, you can flex scenarios to do, use some of this scenario based planning so you can protect and plan for scenarios which is reacting to it. Yeah. Yeah. The digital training space, when he got there, you know, and it just like you stated earlier, right? You know, the, the, the United States military goes out here and trains for certain scenarios all the time. Companies have to start doing that because that's what's happening to them. >>You know, they're, you're right on the money. I love the insight. Thanks for sharing. Greetings. I love that you got to get the reps and you got to do the operations. You got to nail that. So just give a quick plug before IQ. Thanks for sharing your awesome insight. What do you guys do and what are you guys all about? What's your value proposition? Great. Yeah, we're, we're identity intelligence company. Oh, what that means is that we have tools and products that's going to allow our clients get to that who, you know, uh, and we also have tools that allow them to get to the what as well. So we're on both sides of a, of the fence there. Um, we're trying to get left of boom, what they call it. Um, but our data and our intelligence allows us clients to find the bad guy. >>A very simple, we have some AI and machine learning built into there where it's almost like a click of a button, I can expand and figure out who these individuals are and understand their TTPs. And what we want to do is make automation of these different types of tools easier and faster for the clients to use. So you want to bring intelligence into their visibility space or data space or, yes, I actionable intelligence. Yeah. So basically in their, into their digital space of understanding, you know, their attack surface, understanding what problems that they're having. And then we have, um, you know, like I said, a lot of tools and, and, and, and, and, um, it's, I would call it tell who calls you out, who's the customer, who's the buyer, the IOC show? Is it, uh, uh, off-gas? What's the, who's buying your stuff? So mainly what we're into a lot of, um, cyber fraud, fusion centers, just like that. >>Law enforcement intelligence agencies. Um, I would say, you know, I, I know for a fact that I wouldn't use this, you know, if I had this tool and the FBI. Um, and, and, and a lot of, you know, if you have a large digital footprint, uh, we have cryptocurrency companies using this as well. Um, you know, you're, you're seeing some, some, some pretty bad guys attacking your systems, trying to defraud you. Our product helps you out with that. Right. Luke, great conversation. Thanks for coming on. Appreciate RSA coverage. Taking the show. What's the hot thing at the show? What's your favorite moment here? What's, what's the big story here at RSA? I w I would say, uh, for me it's this, uh, sit in the one, uh, Ashton Martin sit now, you know, every year there's something different. You know, I go to these Bitcoin conferences and I see they usually have Lamborghinis out for it. And now I think this is happening. So yeah, I don't know if we're trending in that direction now. Get in that car and we're gonna erase away. Great. Luke Wilson, VP of intelligence before I Q a here inside the cube, the cube coverage show our say I'm John furrier. Thanks for watching.