>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen brought to you by for scout. >> Hey, Welcome back, everybody. Jefe Rick here with the Cube were in the force caboose that Arcee and Mosconi center forty thousand people walking around talking about security is by far the biggest security of it in the world. We're excited to be here. And welcome back a Cube. Alumni has been playing in the security space for a very long time. He's Bradman bury the GDP from Booz Allen >> Hamilton. Brad, great to see you. >> Hey, thanks for having me here today. Absolutely. Yeah. I've, uh I've already walked about seven miles today, and, uh, just glad to be here to have >> a conversation. Yeah, the fit bitten. The walking trackers love this place, right? You feel your circles in a very short period of time. >> I feel very fit fit after today. So thank >> you. But it's pretty interesting rights, >> and you're in it. You're in a position where you're >> advising companies, both government and and commercial companies, you know, to come into an environment like this and just be overwhelmed by so many options. Right? And you can't buy everything here, and you shouldn't buy everything here. So how do you help? How do you hope your client's kind of navigate this crazy landscape. >> It's interesting, so you mentioned forty thousand people. Aziz, you see on the show, should share room floor behind us, Thousands of product companies, and, frankly, our clients are confused. Um, you know, there's a lot of tools, lot technologies. There's no silver bullet, and our clients are asking a couple of fundamental problem. A couple of fundamental questions. One. How effective in mine and then once them effective, you know, how can I be more efficient with my cyber pretty spent? >> So it's funny, effective. So how are they measuring effective, Right? Because that's a that's a kind of a changing, amorphous thing to target as well. >> That's I mean, that's that's That's the that's the key question in cybersecurity is how effective my, you know, there's lots of tools and technologies. We do a lot of instant response, but commercially and federally and in general, when looking at past reaches, its not a problem. In most cases, everyone has the best of the best and tools and technologies. But either they're drowning in data on DH or the tools aren't configured properly, so you know we're spending a lot of time helping our client's baseline their current environment. Help them look at their tool configurations, help them look at their screw. The operation center helping them figure out Can they detect the most recent threats? And how quickly can we respond? >> Right? And then how did they prioritize? That's the thing that always amazes me, because then you can't do everything right. And and it's fascinating with, you know, the recent elections and, you know, kind of a state funded threats. Is that what the bad guys are going on going after? Excuse me? Isn't necessarily your personal identifying information or your bank account, but all kinds of things that you may not have thought were that valuable yesterday, >> right? I mean, you know, it's funny. We talk a lot about these black swan events, and so you look at not Petra and you know what? Not Pecchia. There was some companies that were really hit in a very significant way, and, you know, everyone, everyone is surprised, right and way. See it time after time, folks caught off guard by, you know, these unanticipated attack vectors. It's a big problem. But, you know, I think you know, our clients are getting better. They're starting to be more proactive. There start. They're starting to become more integrated communities where they're taking intelligence and using that to better tune and Taylor there screw the operation programs. And, you know, they're starting to also used take the tools and technologies in their environment, better tie them and integrate them with their operational processes and getting better. >> Right. So another big change in the landscape. You said you've been coming here for years. Society, right? And yeah. And it's just called Industrial. I owe to your Jean. Call it. Yeah. And other things. A lot more devices should or should not be connected. Well, are going to be connected. They were necessarily designed to be connected. And you also work on the military side as well. Right? And these have significant implications. These things do things, whether it's a turbine, whether it's something in the hospital, this monitoring that hard or whether it's, you know, something in a military scenarios. So >> how are you seeing >> the adoption of that? Obviously the benefits far out way you know, the potential downfalls. But you gotta protect for the downfall, >> you know? Yo, Tio, we've u o T is one of the most pressing cyber security challenges that our client's case today. And it's funny. When we first started engaging in the OT space, there was a big vocabulary mismatch. You had thesis, Oh, organizations that we're talking threat actors and attack vectors, and then you had head of manufacturing that we're talking up time, availability and reliability and they were talking past each other. I think now we're at an attorney point where both communities air coming together to recognize that this is a really an imminent threat to the survival of their organization and that they've got to protect they're ot environment. They're starting by making sure that they have segmentation in place. But that's not enough. And you know, it's interesting when we look into a lot of the OT environments, you know, I call it the Smithsonian of it. And so, you know, I was looking at one of our client environments and, you know, they had, Ah, lot of Windows and T devices like that's great. I'm a Windows NT expert. I was using that between nineteen ninety four in nineteen ninety six, and you know, I mean, it's everybody's favorite vulnerability. Right on Rodeo. I'm your guy. So, you know, one of the challenges that we're facing is how do you go into these legacy environments that have very mission critical operations and, you know, integrates cyber security to protect and ensure their mission. And so we're working with companies like for Scott, you know, that provide Asian agent lis capabilities, that that allow us to better no one understand what's in the environment and then be able to apply policies to be able to better protect and defend them. But certainly it's a major issue that everyone's facing. We spent a lot of time talking about issues in manufacturing, but but think about the utilities. Think about the power grid. Think about building control systems. H back. You know, I was talking to a client that has a very critical mission, and I asked them all like, what's your biggest challenge? You face today? And I was thinking for something. I was thinking they were going to be talking about their mission control system. Or, you know, some of some of the rial, you know, critical critical assets they have. But what he said, My biggest challenge is my, my age back, and I'm like, really, He's like my age back goes down, My operation's gonna be disrupted. I'm going out to Coop halfway across the country, and that could result in loss of life. It's a big issue. >> Yeah, it's wild. Triggered all kinds. I think Mike earlier today said that a lot of a lot of the devices you don't even know you're running in tea. Yeah, it's like a little tiny version of Inti that's running underneath this operating system that's running this device. You don't even know it. And it's funny. You talked about the HBC. There was a keynote earlier today where they talk about, you know, if a data center HBC goes down first. I think she said, sixty seconds stuff starts turning off, right? So, you know, depending on what that thing is powering, that's a pretty significant data point. >> Yeah, you know, I think where we are in the journey and the OT is, you know, we started by creating the burning platform, making sure that there was awareness around hate. There is a problem. There is a threat. I think we've moved beyond that. WeII then moved into, you know, segmenting the BOT environment, A lot of the major nation state attacks that we've seen started in the enterprise and move laterally into the OT environment. So we're starting to get better segmentation in place. Now we're getting to a point where we're moving into, you know, the shop floors, the manufacturing facilities, the utilities, and we're starting Teo understand what's on the network right in the world This has probably been struggling with for years and have started to overcome. But in the OT environment, it's still a problem. So understanding what's connected to the network and then building strategy for how we can really protecting defendant. And the difference is it's not just about protecting and defending, but it's insuring continuity of mission. It's about being resilient, >> right and being able to find if there's a problem down the problem. I mean, we're almost numb. Tow the data breach is right there in the paper every day. I mean, I think Michael is really the last big when everyone had a connection fit down. Okay, it's another another data breach. So it's a big It's a big issue. That's right. So >> one of the things you talked about last time we had >> John was continuous diagnostic and mitigation. I think it's a really interesting take that pretty clear in the wording that it's not. It's not by something, put it in and go on vacation. It was a constant, an ongoing process, and I have to really be committed to >> Yeah, you know, I think that, you know, our clients, the federally and commercially are moving beyond compliance. And if you rewind the clock many years ago, everyone was looking at these compliance scores and saying Good to go. And in reality, if you're if you're compliant, you're really looking in the rear view mirror. And it's really about, you know, putting in programs that's continually assessing risk, continuing to take a continues to look at your your environment so that you can better understand what are the risks, one of the threats and that you can prioritize activity in action. And I think the federal government is leading the way with some major programs. I got a VHS continuous diagnostic in mitigation where they're really looking Teo up armor dot gov and, you know, really take a more proactive approach. Teo, you know, securing critical infrastructure, right? Just >> curious because you you kind >> of split the fence between the federal clients and the commercial clients. Everybody's, you know, kind of points of view in packs away they see the world. >> What if you could share? >> Kind of, maybe what's more of a federal kind of centric view that wasn't necessarily shared on the commercial side of they prioritize. And what's kind of the one of the commercial side that the feds are missing? I assume you want to get him both kind of thinking about the same thing, but there's got to be a different set of priorities. >> Yeah, you know, I think after some of the major commercial breaches, Way saw the commercial entities go through a real focused effort. Teo, take the tools that they have in the infrastructure to make sure that they're better integrated. Because, you know, in this mass product landscape, there's lots of seems that the adversaries livin and then better tie the tooling in the infrastructure with security operations and on the security operation side, take more of an intelligence driven approach, meaning that you're looking at what's going on out in the wild, taking that information be able to enrich it and using that to be more proactive instead of waiting for an event to pop up on the screen hunt for adversaries in your network. Right now, we're seeing the commercial market really refining that approach. And now we're seeing our government clients start to adopt an embrace commercial. Best practices. >> Write some curious. I love that line. Adversaries live in the scene. Right? We're going to an all hybrid world, right? Public cloud is kicking tail. People have stuff in public, cloud their stuff in their own cloud. They have, you know, it's very kind of hybrid ecosystems that sounds like it's making a whole lot of scenes. >> Yeah, you know, it. You know, just went Just when we think we're getting getting there, you know, we're getting the enterprise under control. We've got asset management in place, You know. We're modernizing security operations. We're being Mohr Hunt driven. More proactive now the attacks services expanding. You know, earlier we talked about the OT environment that's introducing a much broader and new attack service. But now we're talking about cloud and it's not just a single cloud. There's multiple cloud providers, right? And now we're not. Now we're talking about software is a service and multiple software's of service providers. So you know, it's not just what's in your environment now. It's your extended enterprise that includes clouds. So far is the service. Excuse me, ot Io ti and the problem's getting much more complex. And so it's going to keep us busy for the next couple of years. I think job security's okay, I think where I think we're gonna be busy, all >> right, before I let you go, just kind of top trends that you're thinking about what you guys are looking at a za company as we had in twenty >> nineteen, you know, a couple of things. You know, Who's Alan being being deeply rooted in defense and intelligence were working, Teo, unlocking our tradecraft that we've gained through years of dealing with the adversary and working to figure out howto better apply that to cyber defense. Things like advanced threat hunting things like adversary red teaming things like being able to do base lining to assess the effectiveness of an organisation. And then last but not least, a i a. I is a big trend in the industry. It's probably become one of the most overused but buzzwords. But we're looking at specific use cases around artificial intelligence. How do you, you know better Accelerate. Tier one tier, two events triaging in a sock. How do you better detect, you know, adversary movement to enhance detection in your enterprise and, you know, eyes, you know, very, you know, a major major term that's being thrown out at this conference. But we're really looking at how to operationalize that over the next three to five years, >> right? Right. And the bad guys have it too, right? And never forget tomorrow's Law. One of my favorite, not quoted enough laws, right, tend to overestimate in the short term and underestimate in the long term, maybe today's buzzword. But three to five years A I's gonna be everywhere. Absolutely. Alright. Well, Brad, thanks for taking a few minutes of your day is done by. Good >> to see you again. All right, >> all right. He's Brad. I'm Jeff. You're watching. The Cube were in Arcee conference in downtown San Francisco. Thanks >> for watching. We'LL see you next time.