>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation. Hi, >>I'm stupid, man. And welcome to another cube conversation. I'm here in our Boston area studio. And of course, the intersection of networking and security has always been a hot topic. Even Mawr, if you look at it in 2020 everybody working from home their stresses and strains and a lot more changes than usual for what corporate I t has to deal with. Happy to welcome to the program. Tom Bonkowski. Hey, is the director of product marketing with Net Scout. We're gonna get into some of those topics. Um or Tom, thanks so much for joining us. Welcome. Alright. Eso you came to Donetsk out by way of the Arbor Networks acquisition. Ah, few years ago when I want to give our audience just a little bit about your background, what your team works on and we're gonna be talking about the the edge defense. A solution Said >>Sure. Yes, I I've been with Arbor Networks for over 10 years. I've been the director of product marketing for the DDOS line of products during that time and when we came over to Netsch e still have kind of continue that role. So I'm basically responsible for anything that you know to do with the Arbor Adidas Solutions. We have solutions for the service Friars of the world, large enterprises in the world. >>Yeah, maybe it would help if you just refresh our audience so, you know, generally out in the marketplace. You know d das? It's, you know, attacks on the internet. If I if I was, you know, a big provider technology. It's like, Hey, why can't I get to that website? Oh, they had a DDOS attack that hit them. But you know when when it comes to the enterprise you talked about about service brighter also, you know, when is this hitting them? You know, who are the ones causing this kind of thing? It just kind of give our audience a little bit of level. Said if you would in 2020. >>Oh, yeah. I mean, you know, Adidas attacks have been around for over 20 years. This isn't anything new, as you know, um, but the reality is is as that these attacks have been getting bigger. We're getting more frequent. They're getting more complex. Um, and like I said before, I've been here for over 10 years, and I feel like I say that every single year, but it is absolutely true. Um, and you know, the service Fridays of the world Bear the brunt of this. This problem, they're the ones taking on these large attacks. They're the ones trying to stop it not only to protect their own infrastructure, but also potentially the target, which could or could not be one of their customers. There's a lot of collateral damage associated with the details attacks, especially from a service buyer's perspective, because it impacts everything running on their backbone or in their whatever facility that this attack is flowing through. And then, obviously, you have potentially the target of these attacks, which could be any enterprise, any large government, whatever its very indiscriminate, uh, anyone could be a potential target on br. All >>right. And for for the enterprises themselves, you know, how are they making sure that they are protecting their perimeter? Where does Netsch out? You know, fit in tow, helping protect them against the sort of malicious >>attack. Yeah. So when When it comes to protecting your perimeter in particular. Let's let's talk about where we are today in this whole cove in 19 Pandemic. Um, a zoo. We all know this. This caused a massive work slash. Uh, you know, learn from home scenarios never seen before. And you know the quote. New perimeter is everyone who was once inside the organization now home coming back in, right. And, you know, the the Internet inbound Internet circuit, the firewall, the VPN, gateway, the load master all now coming from the opposite direction that maybe they were utilized in the past. Um, it is really the new perimeter, and it is has become very crucial to maintain business continuity, especially in this time. But as we'll talk about it also has become very vulnerable to to DDOs attacks in particular. And, you know, one of the areas that we'll talk about it is how one particular piece of that infrastructure, the VPN gateway, is actually become not only one of the most critical pieces in that chain of communication, but also one of the most vulnerable pieces to simply because it was never anticipated that this many users would would utilize that VPN gateway, and it was never designed for that on. Therefore, it's running at, you know, high or near capacity or at capacity, and it and it could be toppled over pretty easily with fairly small DDOS attacks. We'll get into that a little bit later. Yeah, >>absolutely, Tom. So I've had so many conversations over the last few months about, you know, the ripple effects of what? Work from home. Or, you know, if we think about however things play out in the next few months, it really will be almost work from anywhere. Um, is what will happen on Dwell. Everyone is working at home. That doesn't mean that some of those bad actors out there have gone away. In fact, you know, every company I talked to that's involved with security has seen way need to raise our capabilities and often are getting mawr attacks out there. What have you been seeing out there in the marketplace? You know, how have things been so far in 2020 when it when it comes, toe your space? >>Yeah, I know the same thing. So I'm gonna put up a chart here. And this is a chart which shows, uh DDOs attacks during the first, um, of six months of 2000 and 20 and this data comes from what we call our cyber threat horizon. This is This is a free online portal that anyone could access and see this information if they wish, But it's fueled by the deployment of our products all over the world. So our our DDOS protection products are utilized by a majority of the world's Internet service fighters. And from that deployment, they send this information about DDOS attack activity like, you know, the size of attack. Who is being tacked? Who was being attacked? Where is it coming from? The protocols or vector is being used, etcetera. So we we gather this information on a daily basis presented in this portal. So what this represents is the first six months of 2000 and 20 and as you can see, there's been over 4.8 million attacks thus far in 2000 and 20. That's about 15% higher than last year at the same exact time period. But if you look at the chart a little bit closer, we snapped the line at February, sort of the start of the global pandemic and the lock down periods, if you will and what you can see February, March, April May as it is an uptick in the number of DDOS attacks almost up to 36% in in May. Eso all this is happening during the time of this lock down, right? All this is happening where organizations are struggling to maintain a new a new normal. If you are this. But this is continuity, right? Eso what you represented before you said before that organizations are still struggling with cyber attacks. In fact, probably more is exactly what's happened to in the DDOS realm. And then finally like if you look at June, you see this little drop off there and you know, here everyone talking about the new normal, the new normal is not the new normal. Possibly. It's still too soon to tell. I think we'll wait for another couple of months here. But the bottom line is that during the midst of all this, as organizations trying to maintain some level of this canoe, they're also being faced with cyber threats like Adidas attacks to like they've never seen before. So amazing challenge that that folks have faced out there. >>Yeah, Tom, there's a few spaces in the marketplace that were already very important, you know, really top of mind from the business. I think about automation security being to the ones that come up most often. And when I talked to the participant in the space they like, I thought I was busy in 2019 and had ah lot playing for 2020 and oh, my gosh. I had no idea what 2020 was really going to bring. So that that data that you showed, you know, you're talking about millions of attacks, and you know that that increase, they're putting a focus on it. Even mawr here. So ah, lot of work for people to be done. So but bring us inside a little bit. Uh, you know how Net Scout, How are you helping customers? What invite you have for them, You know, how do we make sure that we can curb, You know, the the the impact of these attacks? Which is that in the millions? >>Sure. So let's go back to that. That inbound infrastructure now, right? Where everyone working from home, coming into the in down router hitting a firewall and but more likely, hitting a VPN gateway of some sort. That's what's allowing them to get access into these internal resource. Is that VPN? Gateway? As I mentioned before, uh, has been crucial during this time, but it also has been very susceptible to denounce attacks that VPN gateways a zwelling that firewall these air. You know what was referred to a state ful devices? They have to track TCP state in order to work properly? Well, there are three types of DDOS attacks, if you will, to make things simple. One is the volumetric attack, which people normally think of as a DDOS attack. It is designed to saturate that that inbound circuit that that Internet facing router interface, right? Um, and then their application layer taxis. They're very small, stealthy attacks. They're going after specific application servers. They're trying to bleed off. Resource is there. And then there's an attack called state exhaustion attacks these air, specifically designed to go after stay full devices like firewalls or, in today's world, the VPN gateway, and it doesn't take much. It takes a small 100 megabit per second attack lasting for 5 10 minutes to potentially fill the state tables in some of these VPN gateways, especially in light of the fact that they weren't prepared or designed to take on all the legitimate users right there coming in as a result of the pandemic. So the key to stopping these sorts of attacks the state full attacks and protecting at VPN Gateway is to put something on premise that iss stateless, meaning it has the ability to inspect packets using stateless packet processing technology. And we have such products are our product, which we call the Arbor edge defense eyes designed to stop all types of attacks. But in this in this particular environment, uh, it is our excels at stopping state exhaustion attacks, and you deploy it just inside the Internet router and in front of the VPN gateway or that firewall there, it could pick off short lived state exhaustion attacks and protect the availability of the VPN, gateway and firewall. Now, if you're relying upon which rating organizations do relying upon a cloud based data protection service, which we have to we have something called Arbor Cloud. Uh, it may not be able to stop those attacks in time, So you're running a little risk by relying on more traditional cloud based protection services. That's why you need this product Arbor Edge defense on premise, because it will react instantaneously and protect that VPN gateway from going on and maintain that business continuity for you. >>You know, Tom, when I think about that that footprint that you have in a customer's environment, you know, in addition to the D DOS services, it would seem like that Ah, prime opportunity that that there's other services and applications that could be run there. Is that the case with with your your solution to >>Well, if I understand what you mean by the services, well, we have the ability Thio conducted fully managed services that Are you going with that? >>Yeah, I e think Think that Yeah, that z one of right. Understand how how that service works. Yes. >>So? So the our bridge defense, um, is a system that once you have it configured, you design it for protecting sort of the interior services like the protective VPN gateway firewalls. Any other application running internal in the event of a large attack that we've been talking that will fill that Internet pipe, It has a feature called Cloud Signaling, where it will intelligently call for help upstream to either in Arbor Cloud service. This is a fully managed details protection service. We have global scrubbing centers, uh, and or call your I S P, who may you may be getting your data protection service from already. So it has the ability to link the on premise with the with the cloud based protection. And this hybrid approach to protection is absolutely industry best practice. This is this is how you protect yourself from the multiple vector DDOs attacks, as we mentioned previously. Now, if you're an organization that maybe doesn't have enough experience, uh doesn't want to deal with the on Prem our bridge defense. You know, we have you covered there, too. We have the ability to manage that that scenario or that device for you. We have to manage the ability to manage not only the arbor edge of the fence, but they also integration in the arbor cloud. So that whole hybrid scenario that we're talking about could be fully managed by, um, you know, by our folks who do this every single day 24 7. >>Yeah, it's any breakdown. Is thio your customers as toe. You know, when they choose that that that fully managed solution versus on Prem recommendation we've had for a long time is you wanna have your i t focused on things that have differentiation in your environment and seems like a natural thing that, you know, your team has the expertise. Eso What is that decision point as to whether they do it themselves or go with the manage solution? >>I think it really just has to do with the culture and the experience of the company. Really, What we're seeing is some of the smaller organizations that, you know, you have smaller teams, right? That wear multiple hats. They just cannot stay abreast of the latest threats. Indeed, us A. Z I mentioned before these things were getting more and more complex. So I think they're they're coming to the conclusion that all right, this is something that I can't do my by myself anyway for the large attacks. I need a cloud based service, part of some sort. I need someone to help me there anyway. So why don't they just handled the whole thing? Why don't they just handle the on premise component and in the cloud based component of this and make sure that it's running is officially as possible. But you know, even that said, it's not just the smaller org's. We're seeing larger organs do it, too, just to push things off their plates. Let's let's leave Dido's to the experts again because I can't do about myself. Anyway. >>Tom, I I saw a video. I think it was you that did actually talking about how our bridge defense is the first and last defense. When, when, when it comes to DDOS may explain that a little bit or audience. >>Yeah, So our tagline for the product is first and last line of defense. The first lines which we've been talking about all along here, is the ability to stop the inbound DDOS attacks. Now it also acts as the last line of defense, too. So, as we were alluding to before, you know, all you here during this time of the pandemic is watch out for you know, Kobe 19 related ransomware and things like that, right? Um, because the Arbit edge defense, it's just inside the rotter and outside that for a while, it is literally the last component in that cybersecurity change before the let's look from the outbound perspective packets, leaving the enterprising going out to the Internet. It is the last piece of product in that security chain, right, for it leaves the Internet. The arbor edge of the fence has the ability to consume threat intelligence not only from our own atlas system, which we spoke about earlier about third parties to via sticks and taxi. It has the ability to consume threat intelligence. And they're sitting on that. That last piece of you know, the security pipe, if you will or chain it has the ability to intercept. Uh, indicators of compromise have come from internal compromise devices that have made it through the entire security chain. Outgoing. Reach outside the farewell. Now it's one last one last line of defense, if you will, that has ability to recognize and stop that internal indicator compromise. And this is going to help stop the proliferation of malware that, and ultimately avoid that data breach that everyone is fearful. So it has a dual role. It could protect you from inbound DDOS attacks and Uncle also gonna as his last line defense stopping the proliferation this now where we're talking about? Yeah. Great, >>Tom. That actually refers I was curious about you know what other things your your your device did. And you know, there's the intelligence baked into their toe have kind of a multipurpose when you're in that environment. All right, Tom, I want to give you the last word here. You know, cos today they often need to react very fast to be able to deal with, you know, the changing dynamics of their business. You know, spinning up resource is everybody, you know, working from home. And like so, you know, what final advice do you have for them And, you know, give us the final >>word? Yeah. You know, during this time, president times, You know, we all unfortunately thought to me remain very vigilant when it comes to protecting our organization from cyberattacks. One of the one of the areas that seems to get overlooked as eyes DDOs protection. Right? Everyone is focused on malware and things like that, but don't overlook DDOs attacks. These things were happening on a daily basis, as I showed you over almost five million so far this year. Uh, it is an absolute part. Maintain the availability of your organization. It's part of the security Triad, as we know. And, you know, it's it's really their thio, you know? Do you disrupt your business continuity if you are getting hit, So don't overlook your and don't under underestimate your videos protection. All >>right, Well, Tom Bonkowski, thank you so much for the update and, uh, appreciate everything you shared. >>Welcome. All >>right. Be sure to check out the cube dot net for lots more coverage from the Cube. I'm still madman. Thanks for watching.

>>buy from San Francisco. It's the queue covering our essay conference 2020. San Francisco Brought to you by Silicon Angle Media >>Hey, welcome back here. Ready? Jeff Frick here with the Cube. We're in downtown San Francisco. It is absolutely spectacular. Day outside. I'm not sure why were incited. Mosconi. That's where we are. It's the RCC conference, I think 50,000 people the biggest security conference in the world here in Mosconi this week. We've been here, wall to wall coverage. We'll be here all the way till Thursday. So thanks for joining us. We're excited to have our next guest. He's got a lot of great data to share, so let's jump into it. It's hard mode. He's a VP engineering threat and mitigation products for nets. Cowhearted. Great to meet you. >>Thank you. Good to be here, >>too. So for people who aren't familiar with Net Scout, give em kind of the basic overview. What do you guys all about? Yes, and that's what we consider >>ourselves their guardians of the connected world. And so our job is to protect, like, you know, companies, enterprises, service providers, anybody who has on the Internet and help keep their services running your applications and things returned deliver to your customers would make sure that it's up there performing to, like, you know the way you want them to, but also kind of give you visibility and protect you against DDOS attacks on other kind of security threats. That's basically in a nutshell. What we do as a company and, yeah, wear the garden of connected world. >>So So I just from a vendor point of the I always I feel so sorry for >>buyers in this environment because you walk around. I don't know how many vendors are in here. A lot of >>big boost, little boost. So how do you kind of help separate? >>You know, Netsch out from the noise? How what's your guys? Secret sauce? What's your kind of special things? >>Really, it's like 30 years >>off investment in like, network based visibility, and >>we truly >>believe in the network. Our CEO, he says, like you know the network like, you know, actually, when you monitor the network, it's like taking a blood test. It tells you the truth, right? And it's really like how you find out, like, you know, some things right or wrong. I mean, I actually, for my background to like network monitoring. There's a lot of our what we think of as like the endpoint is actually contested territory. That's where the adversary is. When you're on the network and your monitoring all activity, it really gives you a vantage point. You know, that's >>really special. So we really focus on the network. Our heritage and the network is is one of our key strengths and then, you know, as part of >>us as a company like Arbor Arbor. Networks with coming in that's got acquired some years ago were very much part of Net Scout with our brand of products. Part of that, you know, the Arbor legacy includes huge visibility into what's happening across the Internet and visibility like nobody else like in terms of the number of service providers and large enterprises who work with us, help us understand what's happening across the landscape. That's like nobody else out here. And that is what we consider a key differentiator. >>Okay, great. So one of the things you guys do >>a couple times years, I understand his publisher reporting solution, gift people. Some information as to what's going on. So we've got the We've >>got the version over four here. Right Net scout threat, intelligence report. So you said this comes out twice a year, twice a year. So what is the latest giving some scoop >>here, Hot off the presses we published last week. Okay, so it's really just a few days old and, you know, our focus here is what happened in the last six months of last year. So that and then what we do is we compare it against data that we've collected a year prior. >>So really a few things >>that we want you to remember if you're on the right, you know, the first number is 8.4 million. That's the number of D DOS attacks that >>we saw. This doesn't mean that >>we've seen every attack, you know, in the world, but that's like, you know just how many DDOS attacks we saw through the eyes of our customers. That's >>in this in six months. 8.4 number is >>actually for the entire year here in an entire year of 2019. There's a little bit of seasonality to it. So if you think of it like a 4.4, maybe something that that was the second half of the year. But that's where I want to start. That's just how many DDOS attacks we observed. And so, in the >>course of the report, what we can do a >>slice and dice that number talk about, like, different sizes, like, what are we seeing? Between zero and 100 gigabits per 2nd 102 104 100 above and >>kind of give you a sense of just what kind of this separation there is who is being targeted >>like we had a very broad level, like in some of the verticals and geographies. We kind of lay out this number and give you like, a lot of contact. So if you're if you're in finance and you're in the UK, you want to know like, Hey, what happened? What happened in Europe, for example, In the past 66 months, we have that data right, and we've got to give you that awareness of what's happening now. The second number I want you to remember is seven seven or the number of new attack vectors reflection application attack vectors that we observed being used widely in in in the second half. >>Seven new 17 new ones. So that now kind of brings our tally >>up to 31 like that. We have those listed out in here. We talk about >>just how much? Uh huh. Really? Just how many of these vectors, how they're used. Also, these each of these vectors >>leverage vulnerabilities in devices that are deployed across the Internet. So we kind of laid out like, you know, just how many of them are out there. But that's like, You know that to us seven is reflecting how the adversary is innovating. They're looking for new ways to attack us. They've found 71 last year. They're going to war, right? Right. And that's that's kind of what we focus on. >>Let's go back to the 8.4. So of those 8.4 million, how many would you declare >>successful from the attacker point of view? >>Yeah, You know something that this is always >>like, you know, you know, it's difficult to go estimate precisely or kind of get within some level of >>precision. I think that you know, the the adversaries, always trying to >>of course, they love to deliver a knockout blow and like all your services down but even like every attack inflicts a cost right and the cost is whether it's, you know, it's made its way all the way through to the end target. And now you know, they're using more network and computing resource is just to kind of keep their services going while they're under attack. The attack is low, You're still kind of you. You're still paying that cost or, you know, the cost of paid upstream by maybe the service provider. Somebody was defending your network for you. So that way, like, you know, there's like there's a cost to every one of these, right? In >>terms of like outages. I should also point out that the attacks that you might think >>that this attack is like, you know, hey, you know, there was a specific victim and that victim suffered as a result of but >>in many cases, the adversaries going after people who are providing services to others. So I mean, if a Turkish bank >>goes down right, like, you know, our cannot like services, customers for a month are maybe even a few hours, right, And you know, the number of victims in this case is fairly broad. Might be one attacks that might be one target, however, like the impact is fairly, >>is very large. What's interesting is, have begs a question. Kind of. How do you >>define success or failure from both the attacker's point of view as well as the defender? >>Yeah, I mean, I mean and again, like there's a lot of conversation in the industry about for every attack, right? Any kind of attack. What? When do I say that? You know what? I was ready for it. And, you know, I was I was fine. I mean, I don't care about, you know, ultimately, there's a cost to each of these things. I'd say that everybody kind of comes at it with their You know, if you're a bank, that you might go. Okay. You know what? If my if I'm paying a little bit extra to keep the service up and running while the Attackers coming at me, No problem. If I if my customers air aren't able to log in, some subset of my customers aren't able to log in. Maybe I can live through that. A large number of my customers can't log in. That's actually a really big problem. And if it's sustained, then you make your way into the media or you're forced to report to the government by like, outages are like, You know, maybe, you know, you have to go to your board and go like a sorry, right? Something just happened. >>But are the escalation procedures >>in the definition of consistency? Right? Getting banged all the time right? And there's something like you said, there's some disruption at some level before it fires off triggers and remediation. So so is there some level of okay, that's kind of a cost of doing business versus, you know, we caught it at this. They're kind of like escalation points that define kind of very short of a full line. >>I think when we talk to our service provider customers, we talked to the very large kind of critical enterprises. They tend to be more methodical about how they think of like, Okay, you know, degradation of the service right now, relative to the attack. I think I think for a lot of people, it's like in the eyes of the beholder. Here's Here's something. Here's an S L. A. That I missed the result of the attack at that point. Like you know, I have, I certainly have a failure, but, you know, it's it's up until there is kind of like, Okay, you're right >>in the eyes the attacker to delay service >>at the at the Turkish bank because now their teams operate twice, twice the duration per transaction. Is it? Just holding for ransom is what benefit it raises. A range >>of motivations is basically the full range of human nature. There's They're certainly like we still see attacks that are straight journalism. I just I just cause I could just I wanted I wanted to write. I wanted to show my friend like, you know, that I could do this. There's there's definitely a lot of attacks that have that are like, you know, Hey, I'm a gamer and I'm like, you know, there's I know that person I'm competing with is coming from this I p address. Let me let me bombard them with >>an attack. And you know, there's a huge kind of it could be >>a lot of collateral damage along the way because, you know, you think you're going after this one person in their house. But actually, if you're taking out the network upstream and there's a lot of other people that are on that network, like you know, there's certain competitive element to it. They're definitely from time to time. There are extortion campaigns pay up or we'll do this again right in some parts of the world, like in the way we think of it. It's like cost of doing business. You are almost like a business dispute resolution. You better be. You know, you better settle my invoice or like I'm about, Maybe maybe I'll try and uses take you out crazy. Yeah, >>it, Jeff. I mean things >>like, you know the way talked about this in previous reports, and it's still true. There's especially with d dos. There's what we think of it, like a democratization off the off the attack tools where you don't have to be technical right. You don't have to have a lot of knowledge, you know, their services available. You know, like here's who I'm going to the market by the booth, so I'd like to go after and, you know, here's my $50 or like a big point equivalent. All right, >>let's jump to >>the seven. We talked about 8.4 and the seven new attack vectors and you outline, You know, I think, uh, the top level themes I took from the summary, right? Weaponizing new attack vectors, leveraging mobile hot spots targeting compromised in point >>about the end points. I o t is >>like all the rage people have mess and five G's just rolling out, which is going to see this huge i o t expansion, especially in industrial and all these connected devices and factories in from that power people. How are people protecting those differently now, as we're getting to this kind of exponential curve of the deployment of all these devices, >>I mean, there are a lot of serious people thinking about how to protect individual devices, but infrastructure and large. So I'm not gonna go like, Hey, it's all bad, right? Is plenty back on it all to be the next number, like 17 and 17 as the number of architectures for which Amir, I mean, I was really popular, like in a bar right from a few years ago. That still exists. But over time, what's happened is people have reported Mirai to different architectures so that, you know, think of it like, you know, if you have your your refrigerator connected to the Internet, it comes. It's coming with a little board, has CPU on it like >>running a little OS >>runs and runs in the West on it. Well, there's a Mirai variant ready for that. Essentially, as new devices are getting deployed like, you know, there's, you know, that's kind of our observation that there's even as new CPUs are introduced, a new chips or even the West they're introduced. There's somebody out there. We're ready to port it to that very now, Like, you know, the next level challenges that these devices, you know, they don't often get upgraded. There's no real. In many cases, they're not like, you know, there's very little thought given to really kind of security around it. Right? There are back doors and, like default passwords used on a lot of them. And so you take this combination. I have a whole you know, we talk about, you know, large deployments of devices every year. So you have these large deployments and now, you know, bought is just waiting for ready for it Now again, I will say that it's not. It's not all bad, but there are serious people who were thinking about this and their devices that are deployed on private networks. From the get go, there was a VPN tunnel back to a particular control point that the the commercial vendor operates. I mean, there are things like that, like, hardening that people have done right, So not every device is gonna find its way into a botnet. However, like, you know, you feel like you're getting a toy like Christmas and against $20 you know, and it can connect to the Internet. The odds are nobody's >>thinking not well. The thing we've heard, too, about kind of down the i t and kind of bringing of operations technology and I t is. A lot of those devices weren't developed for upgrades and patches, and Lord knows what Os is running underneath the covers was a single kind of use device. It wasn't really ever going to be connected to the outside world. But now you're connecting with the I t. Suddenly exposing a whole host of issues that were never kind of part of the plan when whoever designed that thing in the first place for sure for sure is crazy. Alright, so that's that. Carpet bombing tactics, increased sector attack, availability. What is there's carpet bomb and carpet bombing generally? What's going on in this space? >>Well, so carpet bombing is a term that we applied a few years ago to a kind of a variation of attack which, like >>traditionally, you know, we see an attack >>against a specific I P address or a specific domain, right? That's that's where that's what I'm targeting. Carpet bombing is taking a range of API's and go like, you know, hey, almost like cycling through every single one of them. So you're so if your filters, if your defense is based on Hey, if my one server sees a spike, let me let me block traffic while now you're actually not seeing enough of a spike on an individual I p. But across a range there's a huge you know, there's a lot of traffic that you're gonna be. >>So this is kind of like trips people >>up from time to time, like are we certainly have defensive built for it. But >>now what? We're you know, it's it's really like what we're seeing is the use >>off Muehr, our other known vectors. We're not like, Okay, C l dap is a protocol feel that we see we see attacks, sealed up attacks all the time. Now what we're >>seeing is like C l >>dap with carpet bombing. Now we're seeing, like, even other other reflection application protocols, which the attack isn't like an individual system, but instead the range. And so that's that's what has changed. Way saw a lot of like, you know, TCP kind of reflection attacks, TCP reflection attacks last year. And then and then the novelty was that Now, like okay, alongside that is the technique, right? Carpet bombing technique. That's that's a pipe >>amounts never stops right? Right hard. We're out of time. I give you the final word. One. Where can people go get the information in this report? And more importantly, for people that aren't part of our is a matter that you know kind of observers or they want to be more spark. How should they be thinking about security when this thing is such a rapidly evolving space? >>So let me give you two resource is really quickly. There's this this >>report available Dub dub dub dub dot com slash threat report. That's that's that's what That's where this report is available on Google Next Threat report and you'll find your way there. We've also, you know, we made another platform available that gives you more continuous visibility into the landscape. So if you read this and like Okay, what's happening now? Then you would go to what we call Met Scout Cyber Threat Horizon. So that's >>kind of tell you >>what's happening over the horizon. It's not just like, you know, Hey, what's what am I seeing? What are people like me seeing maybe other people other elsewhere in the world scene. So that's like the next dot com slash horizon. Okay, to find >>that. And I think like between those two, resource is you get >>access to all of our visibility and then, you know, really, in terms of like, our focus is not just to drive awareness, but all of this knowledge is being built into our products. So the Net's got like arbor line of products. We're continually innovating and evolving and driving like more intelligence into them, right? That's that's really? How We help protect our customers. Right >>hearted. Thanks for taking a few minutes >>and sharing the story. Thank you. 18 Scary. But I'm glad you said it's not all bad. So that's good. >>Alright, he started. I'm Jeff. You're watching the Cube. We're at the RSA conference 2020 >>Mosconi. Thanks for watching. We'll see you next time. >>Yeah, yeah, yeah.