(upbeat techno music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA conference in downtown San Francsisco. 40,000 security professionals talking about how to keep the bad guys out, especially with IOT and 5G coming right around the corner. Joined by the many time CUBE alumnae, always great to catch up with Mark. Mark Nunnikhoven from Trend Micro, what's your title now? >> VP... >> Cloud research? >> VP Cloud research, that's good. >> Welcome! >> Thank you for having me, I appreciate it. >> So it's always good to see that the booth, you guys always have kind of the craziest, wackiest booths. I was wondering though, if you fell out of the rocket ship and that's how you busted your arm. >> That's definitely a better story, so I think we can go with that, or a transporter malfunction, something like that will be a much better story than the sad truth. >> Okay. >> So you've been coming to this show for a while, we see you at all the AWS events, how is the kind of evolution of cloud and the ongoing expansion of cloud kind of change the game in the world of security? >> Yeah, I think cloud has enabled us to do a lot of things that we've been trying to do for a long time, and you know, so we've talked about enabling granular security throughout the enterprise for years, and it's always been hard because we've had a lot of different vendors, a lot of different systems. When we moved to cloud, it's getting a lot more homogenized, and everything's accessible via an API. So we're seeing a lot of maturity in that space where people are embracing that fact, and starting to enable some things that we've been trying to do, like that solid identity in axis management, you know, that's been really difficult in the enterprise, it's far simpler in a cloud space. >> That's interesting, because the other fact is all these things are now all connected via APIs, right? And there are a whole lot of SAS applications in the enterprise >> Yeah! >> So the attack surface is growing significantly and as was pointed out in the keynote this morning, a lot of people work from home, they plug in their desks, you know, it's just, it's growing very very quickly. >> It is! >> So how do you look at some of these challenges? >> Yeah, and it's funny because it is significant and you look at IOT alone, right? There's billions and billions of devices that are being connected and the devices themselves aren't necessarily so much of a threat, though we did see that this year with the Miray bot net and you know some massive d-dos attacks, but it's the data that's going in the back end that's more of a danger to consumers. And we see that with sas services as well. As a security practitioner, you lose the ability to apply the traditional controls that we're used to. And now you're relying on your service provider to do that for you. But it's still your data. So you're sort of forced to construct this balance of, you know, making sure you're leveraging the controls and options the provider has, but also looking out for things like, you know, people effecting the data going in, and sort of manipulating and gaming the system more, and I think you mentioned they said that this morning too. >> Right, the other thing they said this morning is that every company has at least one person that's trying to connect with a Nigerian prince. >> Yeah! >> Who's going to click on these? >> Well he needs money! He needs money, right? >> Yeah, got to give him a little money. >> Yeah! >> I mean it's funny, as far as we've evolved, you know, every, you know, my wife will say "Oh, I got this weird email", so like don't click it, don't click it! >> Mark: Yeah! >> It's the same old techniques! >> It is, and, you know, I've been doing a lot of research in serverless security lately, and that's driven me to a really weird question. Because it's a collection of services where you don't have the ability to apply any controls directly. And it's sort of started me down this path of what is security mean? And it ties to what you were saying in that at the end of the day, users need to be able to use these systems. And sort of a pet peeve of mine is we tell people not to click on these links, but that's the sole purpose of a link is to be clicked on. So we need to find a better balance of educating people and giving them the context in which to make these decisions and having better reputation systems and better automated controls, so that they don't have the option of clicking or not clicking, they just never see bad links in the first place. >> Right, that's a good strategy. The other theme that's coming in, over and over, is really collaboration within the ecosystem here. To share facts, share knowledge, share data, so that you can pick up patterns faster, you can see notes, really the same thing over and over and over. And really, being the kind of co-op-itician, which is what makes Silicon Valley Silicon Valley. >> It is. And it's nice to see it increasing, I think it's gaining pace. And we're not just seeing it with the vendors, we're also seeing it where competitors in different industries are getting together. So a lot of financial CSOs are collaborating because they have a common enemy. And they realize they can't beat them alone, so if they're sharing threat intelligence amongst themselves, that they all sort of win because if one of them goes down, you know that attack's coming to the next door, right? >> Jeff: Right. >> You know, the next day. And we're doing the same thing in the vendor space, we're being more open to collaboration, and we're sharing research analysis, you know. A lot of vendors are launching bug bounty programs. You know, responsible disclosure is becoming a little more standardized. So not only within the community of vendors, but also within the research community. I think the more we talk, the better off we are because we see it in the underground where criminals are selling services to each other. They go "don't worry about setting up a bot net, Jeff I'll rent you one," so that miray bot net of IOT devices, we found that available for sale, you could lease it for 7500 US would get you almost a gigabyte of d-dos attack. And, you know, that's a really low barrier of entry for criminals, >> Jeff: Yeah. >> We need to make sure that we're making it easy for defenders to defend against that kind of thing. >> Still my favorite is the fake ransomware, where I didn't actually put ransomware in your machine but I told you I did, so go ahead and send the money to the Nigerian guy, and I promise I won't turn it on. >> Well, so that one's one of my favorites, but also sort of the super evil one that we saw this year was okay, I've encrypted your files, and I'll give you the key not for money, but if you encrypt two of your friends. So the pyramid scheme in spreading the attack. And that one was just super evil, cause it's mainly the social side, like, what kind of guy are you? Are you going to encrypt, like, you know? >> Which friends get it, right? >> Exactly, you know. >> Ones at the bottom of the list from Facebook. >> Yeah, but ransomware is a great example of attackers realizing that they can do this at scale, they can be insanely profitable, because even if you don't think you have a lot of valuable data, you probably got personal photos and videos that are really important to you, and if you're not taking basic preventative steps like backing up or patching your systems, then they're going to be able to get 500 bucks out of you, and that doesn't sound like much, but when you multiply that times, you know, 50, 60,000 people, because they just need to click a button or add people to a list, that's a huge amount of cash that's flowing in their coffers. >> Right. The other big change in scale that keeps getting talked about here is government, you know, kind of backed. >> Cyber... >> The nation state? >> Yeah, the nation state, thank you. Totally changing the game again, and as we talked about off air, it's good to know who you're fighting with. At least you can see 'em, but at the same time the scale of resources that they can bring to bare significantly bigger. >> Yeah, and that's the challenge. If you're not a nation state against a nation state, you know, it's David versus Goliath, without a good ending. Yeah, without the rock. You just got a piece of cloth, you're like "I hope I can throw somethin' at ya!" You know, but there is some advantage in knowing your adversary, especially when you're talking about, you know, nation state versus nation state, because everybody's got signature moves, they've got go-to work, you know, and you can kind of track them over time. And we've seen that with some research available, which is a great example of, you know, community participation, places like Mandy sharing information, you know, we do it at Trend Micro, bunch of the community players share like "hey, we found this ABT, we're associating it with, you know, probably a nation state, we're not sure who," but even the government, GHS just had a great release on grizzly stat, which was a very good campaign done, but very detailed analysis. Which we didn't see that three years ago, so helping people out to understand what they're up against, and if you're, you know, a smaller enterprise, or even a larger enterprise, you might not have the resources, but you can still take steps to make it harder. >> Right. >> And that's sort of the name of the game. Make it harder so that you get a better chance at protecting your data and at least being aware when you have been breached. >> Alright Mark, I'm going to give you the last word before we sign off here. What are your kind of priorities for 2017? You know, we talk a year from now, what are we going to talk about that you guys worked on this year? >> Yeah, hopefully, you know, a lot of the same, we're still pushing hard in cloud security around servers and containers, but a lot of my personal research has been pushing more towards teams and security professionals, and what we need to do to adjust to be educators in the space as opposed to being a silo team that's just telling you, saying "hey, you really should do this better." And I think that's a space that as an industry, we're ranking up to, that we have the expertise and we need to make sure the rest of business gets it too. >> I love it. We're hearing about big data all the time, it's a team sport, security is a team sport too. >> It is. It's a great way to put it. >> Alright, Mark Nunnikhoven, I'm Jeff Frick. You're watching theCUBE. We're at RSA, downtown San Francisco. Thanks for watching. (upbeat techno music) (gentle techno music)