>> Narrator: Live from Las Vegas, Nevada, it's the Cube, covering accelerate 2017, brought to you by Fortinet. Now here are your hosts, Lisa Martin and Peter Burris. >> Hi, welcome back to the cube, we are live in Las Vegas at Fortinet Accelerate 2017. I'm you host , Lisa Martin, joined by my cohost, Peter Burris, and we're really excited about or next guest. We are talking next with Derek Manky. Derek, you are-- first of all, welcome to the cube. >> Thank you very much, I'm excited to be here. >> You have a really important role in Fortinet, you are the Global Security Strategist. >> Correct, yes. >> You have a... Established yourself as a thought leader with over 15 year of cyber security expertise, and your goal is to make a positive impact towards the global war on cyber-crime, that's a big goal. >> That's a very, very big goal, but it's a big hairy goal, but it's... Critically important, I believe, I firmly believe this over my whole career, and I'm starting to see some good traction with the efforts that we're doing too. >> And it's becoming more, and more, critical every day as breaches, and hacks, are a daily occurrence, you're also the leader of FortiGuard Labs, you've got a team of over 200, tell our viewers that can't be here today, what is FortiGuard Labs, what are you doing to leverage threat intelligence to help Fortinet's customers. >> Sure, so we're trying to manage complexity, cause that's always the enemy of security, and we're trying to make it simple across the board, so we're managing security for all of our customers, 300 000 customers plus. That's a big deal, so we had to invest a lot into that in terms of how we can do that to make it simple to the end users. So what FortiGuard Labs is, is it's services we deliver to the end user, protection services across the spectrum, our whole product portfolio. So we have world-class expertise as a security vendor, 200 plus people on the team, experts in each domain. We have researchers, and experts, looking at things like industrial attacks, mobile problems, malicious websites, ripping apart, what we call reverse engineering, malware samples to find out digital fingerprints of who's creating these attacks, so we can work also in partnerships with that too. At the end of the day, we have the humans working on that, but we've also invested a ton into artificial intelligence, and machine learning, we have to comb through over 50 billion attacks in a day, and so the machines are also helping us to create a lot of this automated protection, that's all driven by our patents, by our world-class development teams, that gets down to the end user, so that they don't have to invest as much into their own security operations centers, cause that's a big OpEx, expansions to the expenditure, so we're helping to alleviate that issue, especially with this, as everybody knows, today, the big gap in cyber security, professionals, so that helps to alleviate that issue too. >> You said 50 billion attacks a day. >> That's correct sir, yes. Potential attacks. >> Oh, potential attacks. Clearly that means that increasing percentages of the total body of attacks are no longer coming from humans, they're coming from other things, >> Derek: Absolutely. >> And how's that playing out? >> It's a fascinating landscape right now. With every legitimate model, there's an illegitimate model to follow, especially with cyber crime, and what we see in the digital underground, dark web, all these sorts of things, you rewind back to the 90s, your opportunistic hacker was just trying to plot, plot, plot, a message bar on a Windows 95, or Windows 98 system at the time. Nowadays, of course, the attack surface has grown tremendously. You look back to DARPA, back in 1989, it had 60 000 system connected on the Internet, now we have IPv6, 20 plus billions connected devices, everything is a target now, especially with the Internet of Things. Smart televisions-- >> Peter: And a potential threat. >> Exactly, and a weapon. >> Exactly, and so to capitalize on that, what we're seeing now is cyber criminals developing automated systems of their own, to infect these systems, to report back to them, so they're doing a lot of that heavy work, to the heavy lifting, using their own machines to infect, and their own algorithms to infect these systems, and then from there, it'll escalate back up to them to further capitalize, and leverage those attacks. On any given minute, we're seeing between 500 000 to 700 000 hacking attempts across, and this is our own infrastructure, so we're leading in terms of firewalls in units shipped so we're able to get a good grasp on intelligence out there, what's happening, and in any given minute, well over 500 000 hacking attempts on systems worldwide. >> So every hour, 30 million. >> Derek: Yeah that's some quick math. >> Yeah, I'm amazing at multiplication. I almost got it wrong though, I have to say. 30 million hacks an hour. >> Yeah, and so our job is to identify that, we don't want to block things we shouldn't be, so there has to be a very big emphasis on quality of intelligence as well, we've done a lot with our machines to validate attacks, to be able to protect against those attacks, and not, especially when it comes to these attacks like intrusion prevention, that attack surface now, we got to be able to not just look at attacks on PCs now, so that's why that number keeps ticking up. >> Lisa: Right, proliferation of mobile, IoT. >> Derek: It's directly related, absolutely. >> So, this is clearly something that eyeballs are not going to solve. >> Not alone, so I'm very, very big advocate saying that we cannot win this war alone, just relying even on the brightest minds on the world, but we can also not just rely a hundred percent on machines to control, it's just like autonomous vehicles. You look at Tesla, and these other vehicles, and Google, what they're doing, it's a trust exercise again, you can never pass a hundred percent control to that automation. Rather you can get up to that 99 percent tile with automation, but you still need those bright minds looking at it. So to answer your questions, eyeballs alone, no, but the approach we've taken is to scale up, distribute, and use machines to identify it, to try to find that needle in a haystack, and then, escalate that to our bright minds, when we need to take a look at the big attacks that matter, and solve some more of the complex issues. >> Speaking of bright minds, you and your team, recently published an incredible blog on 2017 predictions. Wow, that's on the Fortinet blog? >> Derek: Yeah, that's correct >> We can find that? Really incredibly thorough, eye-opening, and there were six predictions, take us through maybe the top three. We talked about the proliferation of devices, the attack surface getting larger, more and more things becoming potential threats, what are the top three, maybe biggest threats that you were seeing, and is there any industry, in particular, that pops up as one of the prime targets? >> Absolutely. I'll get into some buckets on this, I think first, and foremost, what is primary now in what we're seeing is, what we're calling, autonomous malware, so this is the notion of, basically what we're just talking about to your question on what's driving this data, what's driving all these attack points. First of all, the Internet's been seeded with, what I call, ticking time bombs right now, we have 20 plus, whatever the number's going to be, all of these billions of devices that are connected, that are inherently, in my professional opinion, insecure. A lot of these devices are not following proper security development life cycles. >> Lisa: Is there accountability to begin with? >> No, not at this point. >> Right. >> Right. And that's something that DHS, and NIST, just released some guidelines on, at the end of last year, and I think we're going to see a lot of activity on accountability for that, but that has to be taken care of. Unfortunately right now, it's been seeded, this attack surfaces there, so we already have all these open avenues of attack, and that's why I call it a ticking time bomb, because it's been seeded, and now these are ripe for attack, and we're seeing attackers capitalize on this, so what we're seeing is the first indications of autonomous malware, malware that is capable of mapping out these vulnerable points. The machine's doing this, and the machine's attacking the other machines, so it's not just the eyeballs then, and the cyber criminals doing this. We saw last year, unprecedented DDoS attacks, this is directly related to Mirai BotNet. We had gone from a 600 gig to terabit plus DDoS attacks, that was unheard of before. They are leveraging all of these different IoT devices as a horsepower to attack these systems in a massive distributed denial-of-service attack. The interesting part about Mirai is that it's also using open-source intelligence as well, so this is something that humans, like a black hat attacker, would typically have to do, they would have to get reports back from one of their systems, and say, "okay, now I've found all these vulnerable systems, I'm going to attack all these systems.", but they're the glue, so they're now removing themselves as the glue, and making this completely automated, where a BotNet like Mirai is able to use Shodan, as an example, it's an open-source database, and say, "here are a whole bunch of vulnerable systems, I'm going to go attack it, and so that's to my point of view, that's the first indication of the smart-malware, because malware has always been guided by humans. But now, I think, we're starting to see a lot of, more of that intelligent attack, the offense, the intelligent offense being baked in to these pieces of malware. So I think it's going to open this whole new breed of attacks and malware, and obviously, we're in a whole new arms race when it comes to that. How can we get ahead of the bad guys, and so this is obviously what Fortinet instituting on the autonomous defense, our Security Fabric, and Fabric-ready approach, that's all about, beating them to the punch on that, having our machines, the defensive machines talk to each other, combine world-class intelligence like FortiGuard so that it can defend against those attacks, it's a though task, but I really firmly believe that this year is a year that we have the advantage, we can have the advantage as white hats to get one leg up on the black hat attackers. As I said, for 15 years at FortiGuard Labs, we have invested a ton into our AI machine, learning intelligence, so we're experts on the automation, I don't believe the black hat attackers are experts on automation. So I think for that reason, we have a really good opportunity this year, because you always hear about the black hats, another data breach, and all these things happening, they're always had the advantage, and I think, we can really turn the tables this year. >> You have some great experience working, not just in the private sector, but in the public sector as well, you've done work with NATO, with Interpol, with SERT, what is your perspective on public sector, and private sector, working together, is that essential to win this war on cyber crime? >> Absolutely, we need everybody at the table, we cannot win it, as one single vendor alone, a good example of that is, we're starting to do across the board, this is something, I firmly believe in, it's really near and dear to my heart, I've worked on it for the course of, well over six years now, and we have a lot of the existing partnerships, across organizations, so other security vendors, and experts, Cyber Threat Alliance is an excellent example, we're a founding member of that, and these are competitors, but security vendors getting together to level the playing field on intelligence, we can still really remain competitive on the solutions, and how we implement that intelligence, but at least-- it's like a Venn diagram, you look at that attack surface out there, you want to try to share all that information, so that you can deliver that to security controls, and protect against it. So, the Cyber Threat Alliance is a good example, but that's private sector. If you look at National Computer Emergency Response, law enforcement, we have made great inroads into that working with the likes of Computer Emergency Response, to give them intel. If we find bad stuff happening somewhere, we're not law enforcement, we can't go take the server down, and disrupt campaign, we can't arrest, or prosecute people, but they can, but they don't have all that expertise, and intelligence that we do, all the data points, so this is, you're starting to see a lot of this string up, and we're doing a lot of leadership in this area, and I think, it's absolutely essential. President Obama last year mentioned it, the Cyber Threat Alliance, and the public-private sector, needing to work together in one of his speeches at Stanford, and I believe it's the only way we can win this. You have to go up to the head of the snake too, if we just are always on the defense, and we're always just trying to disrupt cyber criminals, it's a slap on the wrist for them, they're going to go set up shop somewhere else. We need to be able to actually go and prosecute these guys, and we had a really good case last year, we took down, working with Interpol, and the EFCC, a 62 million dollar crime ring in the US. They went, and prosecuted the kingpin of this operation, out of Nigeria. It's an unprecedented random example, but we need to do more of that, but it's a good example of a healthy working public-private sector relationship >> What an incredible experience that you have, what you have achieved with FortiGuard Labs, what excites you most, going forward, we're just at the beginning of 2017, with what's been announced here, the partnerships that you guys have formed, what excites you most about this year, and maybe... Some of the key steps you want to take against cyber crime as Fortinet. >> Sure, so I think we want to, so Cyber Threat Alliance is a very big machine, there's a lot of exciting things happening, so that's going to be a really good initiative, that's going to carry forward momentum this year. What excites me most? Well, it's not always a good thing I guess, but if you look at all the bad news that's out there, like I said, I think it's just going to be, there's so much fuel, that's being thrown on the fire when it comes to attacks right now. Like I said, these time bombs that have been planted out there. We're going to see the year of IoT attacks for sure, a new version of Marai has already come out, they're starting to sell this, commercialize this, and it's even more advanced in terms of intelligence than the previous one, so that sort of stuff. It depends on your definition of the word, excites, of course, but these are the things that we have opportunity, and again I think going back to my first point, the white hats having, for the first time in my point of view, a leg up on the black hats, that opportunity, that really excites me. When we look at what's happening, moving forward in 2017, healthcare, I think, is going to be a very big thing in terms of attack targets, so we're going to be focused on that, in terms of attacks on, not just healthcare records, which are more valuable than financial records as an example, but medical devices, again the IoT play in healthcare, that's a big deal, we're starting to already see attacks on that. Smart cities as well, you look forward to the next three years, building management systems, a lot of people talk about SCADA industrial control, this is definitely a big attack target to a certain... Attack surface, obviously, power plants, electrical grids, but building management systems, and these automated systems that are being put in, even smart vehicles, and smart homes is another big target that's unfolding over the next year. >> Hard to air gap a home, and certainly not a city. >> Absolutely, yeah, and again it goes back to the point that a lot of these devices being installed in those homes are inherently, insecure. So that's a big focus for us, and that's a big thing FortiGuard is doing, is looking at what those attacks are, so we can defend against that at the network layer, that we can work with all of our business partners that are here at Accelerate this year, to deliver those solutions, and protect against it. >> Wow, it sounds like, and I think Peter would agree, your passion for what you do is very evident, as those bad actors are out there, and as the technologies on the baton are getting more advanced, and intelligent, as you say, it's great to hear what you, and your team are doing to help defend against that on the enterprise side, and one day on the consumer side as well. So Derek Manky, Global Security Strategist for Fortinet, thank you so much cube and sharing your expertise with us. >> It's my pleasure, any time, thank you very much. >> Well, on behalf of my cohost, Peter Burris, I'm Lisa Martin, you've been watching the Cube, and stick around, we'll be right back. (electronic music)