>>from around the globe. It's the queue with digital coverage of AWS Public sector online brought to you by Amazon Web services. Everyone welcome back to the Cube's virtual coverage of AWS Public sector online summit, which is also virtual. I'm John Furrier, host of the Cube, with a great interview. He remotely Jennifer Cronus, who's the general manager with the D. O. D. Account for Amazon Web services. Jennifer, welcome to the Cube, and great to have you over the phone. I know we couldn't get the remote video cause location, but glad to have you via your voice. Thanks for joining us. >>Well, thank you very much, John. Thanks for the opportunity here >>to the Department of Defense. Big part of the conversation over the past couple of years, One of many examples of the agencies modernizing. And here at the public sector summit virtual on line. One of your customers, the Navy with their air p is featured. Yes, this is really kind of encapsulate. It's kind of this modernization of the public sector. So tell us about what they're doing and their journey. >>Sure, Absolutely. So ah, maybe er P, which is Navy enterprise resource planning is the department of the Navy's financial system of record. It's built on S AP, and it provides financial acquisition and my management information to maybe commands and Navy leadership. Essentially keep the Navy running and to increase the effectiveness and the efficiency of baby support warfighter. It handles about $70 billion in financial transactions each year and has over 72,000 users across six Navy commands. Um, and they checked the number of users to double over the next five years. So essentially, you know, this program was in a situation where their on premises infrastructure was end of life. They were facing an expensive tech upgrade in 2019. They had infrastructure that was hard to steal and prone to system outages. Data Analytics for too slow to enable decision making, and users actually referred to it as a fragile system. And so, uh, the Navy made the decision last year to migrate the Europe E system to AWS Cloud along with S AP and S two to s AP National Security Services. So it's a great use case for a government organization modernizing in the cloud, and we're really happy to have them speaking at something this year. >>Now, was this a new move for the Navy to move to the cloud? Actually, has a lot of people are end life in their data center? Certainly seeing in public sector from education to modernize. So is this a new move for them? And what kind of information does this effect? I mean, ASAP is kind of like, Is it, like just financial data as an operational data? What is some of the What's the move about it Was that new? And what kind of data is impacted? >>Sure. Yeah, well, the Navy actually issued a Cloud First Policy in November of 2017. So they've been at it for a while, moving lots of different systems of different sizes and shapes to the cloud. But this migration really marked the first significant enterprise business system for the Navy to move to the actually the largest business system. My migrate to the cloud across D o D. Today to date. And so, essentially, what maybe Air P does is it modernizes and standardizes Navy business operation. So everything think about from time keeping to ordering missile and radar components for Navy weapon system. So it's really a comprehensive system. And, as I said, the migration to AWS govcloud marks the Navy's largest cloud migration to date. And so this essentially puts the movement and documentation of some $70 billion worth of parts of goods into one accessible space so the information can be shared, analyzed and protected more uniformly. And what's really exciting about this and you'll hear from the Navy at Summit is that they were actually able to complete this migration in just under 10 months, which was nearly half the time it was originally expected to take different sizing complexity. So it's a really, really great spring. >>That's huge numbers. I mean, they used to be years. Well, that was the minicomputer. I'm old enough to remember like, Oh, it's gonna be a two year process. Um, 10 months, pretty spectacular. I got to ask, What is some of the benefits that they're seeing in the cloud? Is that it? Has it changed the roles and responsibilities? What's what's some of the impact that they're seeing expecting to see quickly? >>Yeah, I'd say, you know, there's been a really big impact to the Navy across probably four different areas. One is in decision making. Also better customer experience improves security and then disaster recovery. So we just kind of dive into each of those a little bit. So, you know, moving the system to the cloud has really allowed the Navy make more timely and informed decisions, as well as to conduct advanced analytics that they weren't able to do as efficiently in the past. So as an example, pulling financial reports and using advanced analytics on their own from system used to take them around 20 hours. And now ah, maybe your API is able to all these ports in less than four hours, obviously allowing them to run the reports for frequently and more efficiently. And so this is obviously lead to an overall better customer experience enhance decision making, and they've also been able to deploy their first self service business intelligence capabilities. So to put the hat, you know, the capability, Ah, using these advanced analytics in the hands of the actual users, they've also experienced improve security. You know, we talk a lot about the security benefits of migrating to the cloud, but it's given them of the opportunity to increase their data protection because now there's only one based as a. We have data to protect instead of multiple across a whole host of your traditional computing hardware. And then finally, they've implemented a really true disaster recovery system by implementing a dual strategy by putting data in both our AWS about East and govcloud West. They were the first to the Navy to do those to provide them with true disaster become >>so full govcloud edge piece. So that brings up the question around. And I love all this tactical edge military kind of D o d. Thinking the agility makes total sense. Been following that for a couple of years now, is this business side of it that the business operations Or is there a tactical edge military component here both. Or is that next ahead for the Navy? >>Yeah. You know, I think there will ultimately both You know that the Navy's big challenge right now is audit readiness. So what they're focusing on next is migrating all of these financial systems into one General ledger for audit readiness, which has never been done before. I think you know, audit readiness press. The the D has really been problematic. So the next thing that they're focusing on in their journey is not only consolidating to one financial ledger, but also to bring on new users from working capital fund commands across the Navy into this one platform that is secure and stable, more fragile system that was previously in place. So we expect over time, once all of the systems migrate, that maybe your API is going to double in size, have more users, and the infrastructure is already going to be in place. Um, we are seeing use of all of the tactical edge abilities in other parts of the Navy. Really exciting programs for the Navy is making use of our snowball and snowball edge capabilities. And, uh, maybe your key that that this follows part of their migration. >>I saw snow cones out. There was no theme there. So the news Jassy tweeted. You know, it's interesting to see the progression, and you mentioned the audit readiness. The pattern of cloud is implementing the business model infrastructure as a service platform as a service and sass, and on the business side, you've got to get that foundational infrastructure audit, readiness, monitoring and then the platform, and then ultimately, the application so a really, you know, indicator that this is happening much faster. So congratulations. But I want to bring that back to now. The d o d. Generally, because this is the big surge infrastructure platform sas. Um, other sessions at the Public sector summit here on the D. O. D is the cybersecurity maturity model, which gets into this notion of base lining at foundation and build on top. What is this all about? The CME EMC. What does it mean? >>Yeah, well, I'll tell you, you know, I think the most people know that are U S defense industrial base of what we call the Dev has experienced and continues to experience an increasing number of cyber attacks. So every year, the loss of sensitive information and an election property across the United States, billions each year. And really, it's our national security. And there's many examples for weapons systems and sensitive information has been compromised. The F 35 Joint Strike Fighter C 17 the Empty Nine Reaper. All of these programs have unfortunately, experience some some loss of sensitive information. So to address this, the d o. D. Has put in place, but they all see em and see which is the Cybersecurity Maturity Models certification framework. It's a mouthful, which is really designed to ensure that they did the defense industrial base. And all of the contractors that are part of the Defense Supply Chain network are protecting federal contract information and controlled unclassified information, and that they have the appropriate levels of cyber security in place to protect against advanced, persistent, persistent threats. So in CMC, there are essentially five levels with various processes and practices in each level. And this is a morton not only to us as a company but also to all of our partners and customers. Because with new programs the defense, investor base and supply take, companies will be required to achieve a certain see MNC certification level based on the sensitivity of the programs data. So it's really important initiative for the for the Deal E. And it's really a great way for us to help >>Jennifer. Thanks so much for taking the time to come on the phone. I really appreciate it. I know there's so much going on the D o d Space force Final question real quick for a minute. Take a minute to just share what trends within the d o. D you're watching around this modernization. >>Yeah, well, it has been a really exciting time to be serving our customers in the D. And I would say there's a couple of things that we're really excited about. One is the move to tactical edge that you've talked about using out at the tactical edge. We're really excited about capabilities like the AWS Snowball Edge, which helped Navy Ear Key hybrid. So the cloud more quickly but also, as you mentioned, our AWS cone, which isn't even smaller military grades for edge computing and data transfer device that was just under £5 kids fitness entered mailbox or even a small backpacks. It's a really cool capability for our diode, the warfighters. Another thing. That's what we're really watching. Mostly it's DRDs adoption of artificial intelligence and machine learning. So you know, Dear D has really shown that it's pursuing deeper integration of AI and ML into mission critical and business systems for organizations like the Joint Artificial Intelligence. Enter the J and the Army AI task force to help accelerate the use of cloud based AI really improved war fighting abilities And then finally, what I'd say we're really excited about is the fact that D o. D is starting Teoh Bill. New mission critical systems in the cloud born in the cloud, so to speak. Systems and capabilities like a BMS in the airports. Just the Air Force Advanced data management system is being constructed and created as a born in the cloud systems. So we're really, really excited about those things and think that continued adoption at scale of cloud computing The idea is going to ensure that our military and our nation maintain our technological advantages, really deliver on mission critical systems. >>Jennifer, Thanks so much for sharing that insight. General General manager at Amazon Web services handling the Department of Defense Super important transformation efforts going on across the government modernization. Certainly the d o d. Leading the effort. Thank you for your time. This is the Cube's coverage here. I'm John Furrier, your host for AWS Public sector Summit online. It's a cube. Virtual. We're doing the remote interviews and getting all the content and share that with you. Thank you for watching. Yeah, Yeah, yeah, yeah, yeah

(uplifting music) >> Hi I'm Peter Burris, and welcome to another great CUBE conversation. We're here in our Palo Alto studios with Fortinet's Anthony Giandomenico, Anthony welcome. >> Welcome, it's great to be here. >> So or otherwise known as Tony G. So in theCUBE conversations Tony, we want to talk about interesting and relevant things. Well here's an interesting and relevant thing that just happened: Fortinet has put forward their quarterly Threats report. What is it? What's in it? >> Really, it's something we do on a quarterly basis, and it's really geared towards the IP security profession, so we go to from the CSO all the way down to the security operator. And what we're looking at is billions of events that are being observed in real time, you know production environments around the world and what we're hoping to do is look at different types of trends that are specific to application exploits, malware, and botnets and hopefully then provide some recommendations back to those IP security professionals. >> Now Tony, malware's been around for a while, some of the bots are a little bit new, but certainly there's some real new things that are on the horizon like IoT and we've heard recently that there's been some challenge with some of these IoT devices. Is it the threat getting more or less intense according to the report? >> Yeah, definitely it's getting more sophisticated, specifically with these IoT devices. What we're seeing as an example with the Reaper and Hajime, always had a hard time actually pronouncing that so I think it's "Hajime". They're actually starting to attack multiple vulnerabilities so instead of just going after one vulnerability, they have multiple vulnerabilities that is inside their malicious code, and then they have the ability to automate the exploitation of those vulnerabilities depending on what the IoT devices are. Now, they're also becoming a lot more resilient. And what I mean by that is some of the actual botnets like Hajime is able to communicate via P2P to each other. What they kind of creates is a decentralized command and control infrastructure. And then lastly, they're becoming much more agile as well, they have this Lua engine, which enables them to quickly update their code so, giving an example, let's say there's a new vulnerability out there. They can quickly swap out or add the additional exploit before that vulnerability, propagate that out to all of the IoT devices that are part of the botnet, and then they can swarm in on that new vulnerability. >> So Fortinet's Fortiguard Labs is one of the leading researchers in this area, especially internet, enterprise security. What is your recommendations that people do about the increasing intensity of the IoT threats? >> But I think we need to start, at least thinking about fighting these automation attacks or worm attacks with our own swarm-like defenses. And what I mean by that is having a seamless integration and automation across your entire security fabric. Now, there's a lot that actually kind of goes into that, but your technology controls need to start talking to each other, and then you can start automating and taking some action really based on whatever threat happens to be in your environment. Now, it's easier said than done, but if you can do that, you can start automating the continual resistance or resiliency of you being able to actually defend against those automated attack. >> So let's change gears a little bit. Willie Sutton, I think it was Willie Sutton, the famous bank robber was famous for saying, when someone asked him "Why do you rob banks?" he said "That's where the money is." >> All of the money (laughing) >> Crypto-jacking. What's going on with as BitCoin becomes a bigger feature of the whole landscape, what's happening with crypto-jackers, what is it, how does it work, why should we be concerned about it? >> Well definitely cryptocurrency is becoming more and more popular these days and the bad guys are definitely taking advantage of that. So when we talk about what is crypto-jacking, so it's really it's sharing, or secretly using, the CPU resources to be able to mine for cryptocurrencies. Now, traditionally you used to have to put some type of application on your machine to be able to mine for cryptocurrencies. Nowadays, all the bad guys really have to do is install a little java script in your browser and away they go. And the only way that you're going to know that your machine may be part of this mining, is it may become super slow and you may be savvy enough to say "Well, maybe look at the CPU." And you look at it and it's pegged at 100%. So that's one of the ways that you can determine that your computer is part of crypto mining. Now in the Q4 report what we've seen is a huge update in crypto mining malware, and it's interesting because it's very intertwined with the rise and fall of the BitCoin price. So as we saw the BitCoin price go up, the crypto mining malware went up, and as it actually dropped off so did the activity. The other thing that we actually ended up seeing is actually in the Darknet. There's a bit of a shift where the bad guys used to only accept payment in BitCoin. Now they're looking at accepting other forms of actual cryptocurrency and that also holds true for ransomware. So if you have an infected with ransomware, it's quite possible that they're going to demand that ransom in something other than BitCoin. >> Interesting, so, in fact we had a great previous group conversation with another really esteemed Fortinet guest, and we talked a little bit about this. So one of the prescriptions is businesses have to be careful about the degree to which they think about doing a lot of transactions in cryptocurrencies. But they probably want to have a little bit of reserves just in case. But what should a business do? What should someone do to mediate some of the challenges associated with crypto-jacking? >> Yeah, I think one of the first things, it's probably self-explanatory to most us that are actually in the cyber field, but having good user awareness training program that actually includes keeping up with the latest and greatest tactics, techniques, and the actual threats that the bad guys are doing out there. Now the other obvious thing would probably be just make sure that your security solutions are able to detect the crypto mining URLs and malware. And I would also say>> now I'm not condoning that you actually pay the ransom>> however, it's happened many times where they've paid, I think there were some companies that actually paid over a million dollars in BitCoin, it may actually be an option and if you have that in your incident response plan, and what you want to do sometimes>> and we've seen organizations actively go ahead and do this>> is they'll buy some BitCoin, kind of keep it on hand so if they do have to pay, it streamlines an entire process. Because ransomware, the actual ransom now, you may not be able to pay in BitCoin. You probably have to keep abreast of what are the actually trends in paying up for your ransom because you may have to have other cryptocurrencies on hand as well. >> So, make sure your security's up to date, then you can track these particular and specific resources that tend to do this, have a little bit on reserve, but make sure that you are also tracking which of the currencies are most being used. So, there are other exploits, as you said earlier. Now we see people when someone's not working by doing peer to peer type stuff. The bad guys are constantly innovative, some would argue that they're more inventive than the good guys because they got less risk to worry about. What other threats is the report starting to highlight, that people need to start thinking about? >> So in this Q4 report what we did is we added in the top exploit kit. And I think we'll probably continue to do that over the-- >> What's an exploit kit? >> Exploit kit is something, it's a very nice little kind of GUI that allows you to really just kind of point and click, has multiple exploits in there, and it's usually browser based so it's going to be able to compromise usually a vulnerability within the browser, or some of the actual browser plugins, things of that nature, and the one that we had in the Q4 report was the Sundown exploit kit. Now, it was interesting because we didn't necessarily see that one on the top, it might've been top of its game maybe 2014, 2015, but it actually rose in early December to actually kind of be number one for Q4. And it's unique because it does leverage steganography, meaning it's able to hide its malicious code or its harvested information inside image files. So we'll continue to track that, we don't know sure why it actually kind of rose up in the beginning of December but we'll just actually continue to track it on time. >> So you've already mentioned ransomware but let's return to it because that's at the top of people's minds, we pay lawyers when they come after us with sometimes what looks like ransom. But what is happening, what's the point in ransomware, what's the report on they like? >> Well, what you see is the actual growth and volume and sophistication has really been common amongst all the reports that we have actually put out to date, but not a lot has really changed. In Q4, what we did have Locky was the number one malware, or ransomware variant along with Global Imposter. Now, it's still the same delivery mechanisms, so you still got the social engineering, it's being delivered through fishing email, but then it's expanding out to let's say compromised websites, malvertising, as well as earlier on last year, we saw where it was being able to propagate from vulnerability to vulnerability so it had this worm-like spreading capability. That's all really been the same and not a lot has really sort of changed. The thing that has changed actually is the fact that they're up in the ante a little bit to be able to hopefully increase their chances of you actually falling for that actual scam, is they're making the subject of that scam a little bit more top-of-mind. As an example, the subject may be cryptocurrency because you're more likely to figure out what's going on there, you'll be more likely to download that file or click that link if the subject is something around cryptocurrency because it is top-of-mind today. >> Interestingly enough, I, this morning received an email saying, "You could win some free cryptocurrency." And I said "And you can go into the trash can." (Tony laughing) So what should people do about it? I just threw something away, but what should people generally do to protect their organization from things like ransomware? >> I do get that a lot, I get that question a lot. The first thing I say, if you're trying to protect against ransomware, you follow the same things that you were doing with some of the other threats because I don't think ransomware is that unique when it comes to the protection. The uniqueness is really an impact, because certain threats they'll actually go and steal data and whatnot but when's the last time you heard of a business going out of business or losing money because some data was stolen? Not very often, it seems to be continued as business as usual, but ransomware, locking your files, it could actually bring the business down. So what you want to do is be able to minimize the impact of that actual ransomware so having a good offline backup strategy, so good backup and recovery strategy, making sure you go through those table top exercises really to make sure that when you do have to recover, you know exactly how long it's going to take and it's very efficient and very streamlined. >> Practice, practice, practice. >> Yup, and don't rely on online backups, shadow copy backups because those things are probably going to be encrypted as well. >> Yup, alright so that's all we have time for today Tony. So, Anthony Giandomenico from-- >> Tony G! (laughing) >> Tony G, who's a senior security strategist researcher at the Fortinet Fortiguard Labs. Thanks very much for this CUBE conversation. >> It was great to be here. >> Peter Burris, once again, we'll see you at the next CUBE Conversation. (uplifting music)

(uplifting music) >> Hi I'm Peter Burris, and welcome to another great CUBE conversation. We're here in our Palo Alto studios with Fortinet's Anthony Giandomenico, Anthony welcome. >> Welcome, it's great to be here. >> So or otherwise known as Tony G. So in theCUBE conversations Tony, we want to talk about interesting and relevant things. Well here's an interesting and relevant thing that just happened: Fortinet has put forward their quarterly Threats report. What is it? What's in it? >> Really, it's something we do on a quarterly basis, and it's really geared towards the IP security profession, so we go to from the CSO all the way down to the security operator. And what we're looking at is billions of events that are being observed in real time, you know production environments around the world and what we're hoping to do is look at different types of trends that are specific to application exploits, malware, and botnets and hopefully then provide some recommendations back to those IP security professionals. >> Now Tony, malware's been around for a while, some of the bots are a little bit new, but certainly there's some real new things that are on the horizon like IoT and we've heard recently that there's been some challenge with some of these IoT devices. Is it the threat getting more or less intense according to the report? >> Yeah, definitely it's getting more sophisticated, specifically with these IoT devices. What we're seeing as an example with the Reaper and Hajime, always had a hard time actually pronouncing that so I think it's "Hajime". They're actually starting to attack multiple vulnerabilities so instead of just going after one vulnerability, they have multiple vulnerabilities that is inside their malicious code, and then they have the ability to automate the exploitation of those vulnerabilities depending on what the IoT devices are. Now, they're also becoming a lot more resilient. And what I mean by that is some of the actual botnets like Hajime is able to communicate via P2P to each other. What they kind of creates is a decentralized command and control infrastructure. And then lastly, they're becoming much more agile as well, they have this Lua engine, which enables them to quickly update their code so, giving an example, let's say there's a new vulnerability out there. They can quickly swap out or add the additional exploit before that vulnerability, propagate that out to all of the IoT devices that are part of the botnet, and then they can swarm in on that new vulnerability. >> So Fortinet's Fortiguard Labs is one of the leading researchers in this area, especially internet, enterprise security. What is your recommendations that people do about the increasing intensity of the IoT threats? >> But I think we need to start, at least thinking about fighting these automation attacks or worm attacks with our own swarm-like defenses. And what I mean by that is having a seamless integration and automation across your entire security fabric. Now, there's a lot that actually kind of goes into that, but your technology controls need to start talking to each other, and then you can start automating and taking some action really based on whatever threat happens to be in your environment. Now, it's easier said than done, but if you can do that, you can start automating the continual resistance or resiliency of you being able to actually defend against those automated attack. >> So let's change gears a little bit. Willie Sutton, I think it was Willie Sutton, the famous bank robber was famous for saying, when someone asked him "Why do you rob banks?" he said "That's where the money is." >> All of the money (laughing) >> Crypto-jacking. What's going on with as BitCoin becomes a bigger feature of the whole landscape, what's happening with crypto-jackers, what is it, how does it work, why should we be concerned about it? >> Well definitely cryptocurrency is becoming more and more popular these days and the bad guys are definitely taking advantage of that. So when we talk about what is crypto-jacking, so it's really it's sharing, or secretly using, the CPU resources to be able to mine for cryptocurrencies. Now, traditionally you used to have to put some type of application on your machine to be able to mine for cryptocurrencies. Nowadays, all the bad guys really have to do is install a little java script in your browser and away they go. And the only way that you're going to know that your machine may be part of this mining, is it may become super slow and you may be savvy enough to say "Well, maybe look at the CPU." And you look at it and it's pegged at 100%. So that's one of the ways that you can determine that your computer is part of crypto mining. Now in the Q4 report what we've seen is a huge update in crypto mining malware, and it's interesting because it's very intertwined with the rise and fall of the BitCoin price. So as we saw the BitCoin price go up, the crypto mining malware went up, and as it actually dropped off so did the activity. The other thing that we actually ended up seeing is actually in the Darknet. There's a bit of a shift where the bad guys used to only accept payment in BitCoin. Now they're looking at accepting other forms of actual cryptocurrency and that also holds true for ransomware. So if you have an infected with ransomware, it's quite possible that they're going to demand that ransom in something other than BitCoin. >> Interesting, so, in fact we had a great previous group conversation with another really esteemed Fortinet guest, and we talked a little bit about this. So one of the prescriptions is businesses have to be careful about the degree to which they think about doing a lot of transactions in cryptocurrencies. But they probably want to have a little bit of reserves just in case. But what should a business do? What should someone do to mediate some of the challenges associated with crypto-jacking? >> Yeah, I think one of the first things, it's probably self-explanatory to most us that are actually in the cyber field, but having good user awareness training program that actually includes keeping up with the latest and greatest tactics, techniques, and the actual threats that the bad guys are doing out there. Now the other obvious thing would probably be just make sure that your security solutions are able to detect the crypto mining URLs and malware. And I would also say- now I'm not condoning that you actually pay the ransom- however, it's happened many times where they've paid, I think there were some companies that actually paid over a million dollars in BitCoin, it may actually be an option and if you have that in your incident response plan, and what you want to do sometimes- and we've seen organizations actively go ahead and do this- is they'll buy some BitCoin, kind of keep it on hand so if they do have to pay, it streamlines an entire process. Because ransomware, the actual ransom now, you may not be able to pay in BitCoin. You probably have to keep abreast of what are the actually trends in paying up for your ransom because you may have to have other cryptocurrencies on hand as well. >> So, make sure your security's up to date, then you can track these particular and specific resources that tend to do this, have a little bit on reserve, but make sure that you are also tracking which of the currencies are most being used. So, there are other exploits, as you said earlier. Now we see people when someone's not working by doing peer to peer type stuff. The bad guys are constantly innovative, some would argue that they're more inventive than the good guys because they got less risk to worry about. What other threats is the report starting to highlight, that people need to start thinking about? >> So in this Q4 report what we did is we added in the top exploit kit. And I think we'll probably continue to do that over the-- >> What's an exploit kit? >> Exploit kit is something, it's a very nice little kind of GUI that allows you to really just kind of point and click, has multiple exploits in there, and it's usually browser based so it's going to be able to compromise usually a vulnerability within the browser, or some of the actual browser plugins, things of that nature, and the one that we had in the Q4 report was the Sundown exploit kit. Now, it was interesting because we didn't necessarily see that one on the top, it might've been top of its game maybe 2014, 2015, but it actually rose in early December to actually kind of be number one for Q4. And it's unique because it does leverage steganography, meaning it's able to hide its malicious code or its harvested information inside image files. So we'll continue to track that, we don't know sure why it actually kind of rose up in the beginning of December but we'll just actually continue to track it on time. >> So you've already mentioned ransomware but let's return to it because that's at the top of people's minds, we pay lawyers when they come after us with sometimes what looks like ransom. But what is happening, what's the point in ransomware, what's the report on they like? >> Well, what you see is the actual growth and volume and sophistication has really been common amongst all the reports that we have actually put out to date, but not a lot has really changed. In Q4, what we did have Locky was the number one malware, or ransomware variant along with Global Imposter. Now, it's still the same delivery mechanisms, so you still got the social engineering, it's being delivered through fishing email, but then it's expanding out to let's say compromised websites, malvertising, as well as earlier on last year, we saw where it was being able to propagate from vulnerability to vulnerability so it had this worm-like spreading capability. That's all really been the same and not a lot has really sort of changed. The thing that has changed actually is the fact that they're up in the ante a little bit to be able to hopefully increase their chances of you actually falling for that actual scam, is they're making the subject of that scam a little bit more top-of-mind. As an example, the subject may be cryptocurrency because you're more likely to figure out what's going on there, you'll be more likely to download that file or click that link if the subject is something around cryptocurrency because it is top-of-mind today. >> Interestingly enough, I, this morning received an email saying, "You could win some free cryptocurrency." And I said "And you can go into the trash can." (Tony laughing) So what should people do about it? I just threw something away, but what should people generally do to protect their organization from things like ransomware? >> I do get that a lot, I get that question a lot. The first thing I say, if you're trying to protect against ransomware, you follow the same things that you were doing with some of the other threats because I don't think ransomware is that unique when it comes to the protection. The uniqueness is really an impact, because certain threats they'll actually go and steal data and whatnot but when's the last time you heard of a business going out of business or losing money because some data was stolen? Not very often, it seems to be continued as business as usual, but ransomware, locking your files, it could actually bring the business down. So what you want to do is be able to minimize the impact of that actual ransomware so having a good offline backup strategy, so good backup and recovery strategy, making sure you go through those table top exercises really to make sure that when you do have to recover, you know exactly how long it's going to take and it's very efficient and very streamlined. >> Practice, practice, practice. >> Yup, and don't rely on online backups, shadow copy backups because those things are probably going to be encrypted as well. >> Yup, alright so that's all we have time for today Tony. So, Anthony Giandomenico from-- >> Tony G! (laughing) >> Tony G, who's a senior security strategist researcher at the Fortinet Fortiguard Labs. Thanks very much for this Cube conversation. >> It was great to be here. >> Peter Burris, once again, we'll see you at the next Cube Conversation. (uplifting music)