>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS and our community partners. Everyone welcome back to the cubes coverage of a Davis reinvent 2020. It's a virtual conference this year. This is the Cube virtual. I'm John for your host. We're not in person this year. We're doing it remote because of the pandemic, but it's gonna be wall to wall coverage for three weeks. We've got you covered. And we got a great interview signature interview here with Two Cube alumni's Matt Garment, vice president of sales and marketing at AWS, formerly head of the C two and, of course, Sanjay Poon in CEO of VM Ware. Both distinguished guests and alumni of the Cube. Good to see you, Sanjay. Matt. Thanks for coming on. Uh, let's just jump into it. How are you guys doing? >>Great. Exciting. Excited for reinvent and, uh, excited for the conversation. So thanks for having us on. >>Yeah, I'm great to be here. We are allowed to be 6 ft away from each other, so I came in, but super excited about the partnership. Matt and I have been friends for several years on. You were so excited about another reinvent, the different circumstances doing all virtual. But it's a fantastic partnership. >>You know, I look forward to reinvent one of my most favorite times of the year, and it's also kind of stressful because it's backs up against Thanksgiving. And but, you know, you get through it, you have your turkey and you do the Friday and you guys probably Kino, perhaps, and all things going on and then you go to Vegas is a few celebration. We're not doing it this year. Three weeks eso There's gonna be a lot of big content in the first week, and we're gonna roll that out. We're gonna cover it, But it's gonna be a different celebrations so mad. I know you're in front center on this, Uh, just real quick. What are what do you expect people to be doing on the system? What's your expectations and how is this all going to play out? >>Yeah, you know, it's gonna be different, but I think we have Justus much exciting news as ever. And, you know, it's gonna be over a three week period. I think it actually gives people an opportunity to Seymour things. I think a lot of times we heard from, uh, from customers before was they love the excitement of being in Vegas, and we're not gonna be able to exactly replicate that, but But we have a lot of exciting things planned, and it'll enables customers to get two more sessions Seymour of the content and really see more of the exciting things that are coming out of AWS. And there's a lot s over the three weeks I encourage folks toe to dive in and really learn things is a This is the opportunity for customers to learn about the cloud and and some really cool things coming out. We're excited. >>Well, congratulations on all the business performs. I know that there's been a tailwind with the pandemic as people wanna go faster and smarter with cloud and on premise and Sanjay, you guys have a great results as well. Before I get into some of my point. Of course, I have a lot of I know we don't a lot of time, but I want to get a nup date on the relationship we covered in three years ago when, uh, Andy Jassy and team came down to San Francisco with Pat Gelsinger, Raghu, Sanjay. All this went down. There were skeptics. Relationship has proven to be quite strong and successful for both parties because you guys take a minute so you will start with you and talk about the relationship update. Where you guys at, What's the status? The relationship people want to know. >>Yeah, I think John, the relationship is going really well. Uh, it's rooted in first off, a clear understanding that there's value for customers. Um, this is the best of the public cloud in the private cloud in a hybrid cloud journey. And then, secondly, a deep engineering effort. This wasn't a Barney announcement. We both decided Matt in his previous role, was running a lot of the engineering efforts. Uh, we were really keen to make this a deep engineering effort, and often when we have our connected Cube ers, we're doing one little later this afternoon. I often can't tell when a Amazon personal speaking when a VM ware person speaking we're so connected both the engineering and then the go to market efforts. And I think after the two or three years that the the solution has had to just state and now we have many, many customers started to get real value. The go to market side of the operations really starting take off. So we're very excited about it. It is the preferred and the best offering. We think in the market, Um, and for Vienna, where customers. We message it as the best place for Vienna workload that's running on V sphere to move into Amazon. >>Matt, what's your take on the relationship update from your >>standpoint, I agree with Sanjay. I think it's been it's been fantastic. I think like you said, some folks were skeptical when we first announced it. But But, you know, we knew that there was something there and I think as we've gotten even deeper into this partnership, Onda figured out how we can continue Thio integrate more deeply both with on Prem and into the cloud. Our customers have really guided us and I think that's that's enabled us to further strengthen that partnership, and customers continue to get more excited when they see how easy it is to move and operate their VM where in their V sphere workloads inside of a W S on how it integrates well with the AWS environment, Um on they can still use all of the same functions and capabilities that they they built their business on the inside of the sphere. We're seeing bigger and bigger customers really just embrace us, and the partnerships only grown stronger. I think you know, Sanjay and I, we do joint sales calls together. I think that the business has really, really grown. It's been it's been a fantastic partnership. >>I was talking about that yesterday with being where in eight of us teams members as well. I want to get your thoughts on this cultural fit. Sanjay mentioned e think the engineering cultures air there. The also the corporate culture, both customer focused. Remember Andy Jassy told me, Hey, we're customer focused like you're making big. You make big, big statements Public Cloud and now he goes toe hybrid. He's very reactive to the customers and this is a cultural thing for me, was an VM where what are the customers saying to you now? What are you working backwards from this year? Because there's a lot to work backwards from. You got the pandemic. You got clear trends around at modernization automation under the covers, if you will. And you got VM Ware successful software running on their cloud on AWS. You got other customers. Matt, what's the big trends right now that are highlighted in your in your world? >>Yeah, it's a good question. And I think you know, it really does highlight the strength of this this hybrid model, I think, you know, pre pandemic. We had huge numbers of customers, obviously kind of looking at the cloud, but some of the largest enterprises in the world, in the more traditional enterprises, they really weren't doing a lot, you know, they were tipping their toes in, and some of the forward leaning enterprises were being really aggressive about getting into the cloud. But, you know, many people were just, you know, kind of hesitant or kind of telling, saying, Yes, we'll go learn about the cloud. I think as soon as the pandemic hit, we're really starting to see some of those more traditional enterprises realize it's a business imperative for them. Toe have ah, big cloud strategy and to move there quickly, and I I think our partnership with VM Ware and the VMC offering really is allowing many of these large enterprises to do that. And we see we see big traditional enterprise is really accelerating that move into the cloud. It gives them the business agility they need that allows them to operate their environment in uncertain world that allows them to operate remotely on DSO. We're seeing all of those trends, and I think I think we're going to continue to see the acceleration of our joint business. >>Sanjay, your thoughts. Virtualization has hit ah, whole nother level. It's not like server virtualization like it's cultural, it's societal. What's your take? >>Yeah, I think you know, virtualization is that fabric that connects the private cloud to the public cloud. It's the basis for a lot of the public cloud infrastructure. So when we listen to customers, I think the first kind of misconception we had to help them with was that it had to be choice between one or the other and being able to take Vienna Cloud, which was basically compute storage networking management and put that into the bare metal capabilities of AWS, an engineer deep into the stack and all the services that Matt and the engineering team were able to provide to us now allows that sort of application that sitting on premise to move like a house on wheels into a W s. And that's a beautiful experience we've even shown in in conferences, like a virtual reality moving of a workload, throwing a workload into a W s and a W s catches it. It's a good metaphor in a good way to think of those things that VM were like like the most playing the customers like like the emotional moves nicely. But then the other a misconception we had thio kind of illustrate to our customers was that you could once you were there, uh, let's take that metaphor. The house and wheels renovate the house with all the I think there's probably $200 services that Amazon AWS has. Um, all of a I data services be I I o t. Whatever. You have all the things that Andy and Matt kind of talk about in any of the reinvents. You get to participate and build on those services so it has. It's not like you take this there, and then it's sort of a dead end. You get to modernize your app after you migrated. So this migrate and modernize motion is something that we really start to reinforce with our customers, and it doesn't matter which one you do. First, you may modernize first and then migrate or migrate first and modernize. And in the modernized parts we've also made some significant investments and containers and Tan Xue. We could talk about that at this time and optimizing that for both the private cloud world and the public cloud world like Amazon. >>You know, Matt, this is something that we're talking about a lot this week. These few weeks with reinvent going on this everything is a service trend has a lot of things under it, like automation. Higher level services. One of the critics would say, Three years ago, when this announcement relationship between VM Ware enables came out was, Oh, Amazon's is going to steal all of their customers and VM we're screwed. Turns out that's not the case. You guys are both winning and rising. Tide floats all boats because VM Ware has an operator kind of market. People are operating their business with VM ware and they're adding higher level services with Cloud native, So it Xan overall win, so that was proven false. So clearly the new trend You guys are gaining a large enterprises that wanna go faster, have that existing operator kind of legacy stuff or pre conditions of the enterprise like VM ware. So how do you guide the technology teams and how do you look at this? Because this is where customers are like saying, Hey, I cannot operate my business house on wheels, modernize it in real time, come out a covert with the growth strategy and go faster your interview on all that. >>So I think you're exactly right. I think we see a lot of customers who see I don't want to necessarily lose what I have. I want to add on top of that, And so whether that's adding machine learning and kind of figuring out how they can take their data from various different data silos and put them into a large data lake and gets the machine learning insights on top of that, whether they want to do analytics, um, whether they want to d i o T. Whether they want to modernize two containers, I think there's there's a whole bunch of ways in which customers are looking at that. But you're absolutely right. It's not a I'm gonna go from a to B. It's I'm gonna take a and add B to it and, um, we see that's that's over and over again. I think what we've seen from customers doing it and, um and they're really taking advantage of that, right? And I think customers see all the announcements that we're making a reinvent over the next three weeks, and they wanna be able to take advantage of those things right? It's it's they want to be able to add that onto their production environment. They want to take a lot of the benefits they've gotten from their VM Ware environment, but also add some of these innovations from AWS. And I think that Z that really is what we focus on is what our engineering teams focus on. You know, we have joint engineering efforts to figure out how we can bridge that gap, right, so that they BMR environments can very easily reach into their A W s environment and take advantage of all the new services and offerings that we have there. So, um, that's that's exactly what our joint teams really pushed together. >>Sanjay, I wanna get your thoughts on this and we talk. Two years ago, we had a conversation with Cuba. I ask you since this is a great move for VM Ware because it simplifies the messaging and clears up the whole cloud strategy. And you had said something that I'm gonna bring this back today. You said it's not just simplifying the messaging to customers about what we're gonna do in the cloud. It's going to simplify their life is gonna make things easier. Have them set up for better bitterness. Goodness down the road. Can you take him in to explain what that what that goodness was? What came out of the simplicity of the messaging, the simplicity of solution? Where are we now? How does that all kind of Italian together? Can you take him in to explain that? >>Yeah, I think when the history books are written, John, um, this partnership will be one of the most seminal partnerships because from VM Ware's perspective, maybe a little from Amazon Let Matt talk about if you feel the same way. This is a headwind turning into a tailwind. I think that's sort of narrative that VM ware in Amazon were competing each others that maybe was the early story. In the early days of A W s Progress and VM, we're trying to build our own public cloud and then divesting that, uh, Mats, a Stanford grad. I'm a Harvard grad. So one day there'll be a case study. I think in both schools about how this partnership we have a strong partnership with deadlines, sometimes joke. That's a little bit of an arranged marriage we don't have. We didn't have much saying that because AMC Bardhyl so that's an important partnership. But this one we have to work hard to create. And I tell our customers, Del on AWS are top partners. And as you think about what we've been able to do here, the simplicity to the customer for you, as you describe this, is being able to really lower cost of ownership in any process, in terms of how they're building and migrating APs to be the best optimization of hardware, software and services. And the more you could make that better, simpler, cheaper through software and through the movement to the cloud. Um, I think customers benefit, and then you know, Of course, the innovation machine of both companies. Uh, Amazon's really building. I mean, every time I go to read and I'm just amazed at the Yeah, I think it's a near 200 services that they're building in all of these rich layers. All of those developers, services and, I don't know, two million customers. The whatever number of people that have it reinvent this year get to participate on top of all the applications and the virtualization infrastructure we built over the 20 years of our history. Uh eh. So I hope, you know, as we continue do this, this is all now, but customers success large and small customers being able to. And I'm very gratified to three years since we announced this that we're getting very good customer traction. And for us, that's gonna be a key focus to the reinvent, uh, presence we >>have at their show. It really just goes to show you when you built, when you invest in relationships up and down the spectrum from engineering Ah, product and executive. It kind of does pay off. Congratulations to you guys on that matter. I want to get your thoughts on where this kind of going because you're talking about the messaging from VM ware in the execution that comes behind it is the best, you know, Private public cloud hybrid cloud success. There's momentum there. What are the customers saying to you when you look at customer proof points? Um, what do you point to? Because you're now in charge of sales and marketing, you have to take now the installed base of Amazon Web services, which is you got the Debs and startups and, you know, cloud scale to large enterprises. Now you got the postcode growth. Go fast, cloud scale. You've got a huge customer base. You've got a target. These guys, you gotta bring this solution. What are they saying about the VM ware AWS success? Can you share some? Some >>days I'd be happy to, I think I mean, look, this this is what gets, uh, us excited. I know Sanjay gets just as excited about this. It's and it's really it's resonating across our customer base. You know, there's folks like S and P Global who's a large enterprise, right? They had, uh, they had a hardware procurement cycle. They were looking at them on front of implementation and they looked at a WSMV I'm wearing. They said, Look, we want to migrate. All of our applications want to migrate. Everything we have into the cloud, I think it was 150 critical financial applications that they seamlessly migrated with zero downtime Now all running on BMC in the cloud. Um, you look at governments, right? We have thing folks like the Scottish government on many government customers. We have folks that are like Penny Mac and regulated industries. Um, that really took critical parts of their application. Andi seamlessly migrated them to to A W S and BMC, and they looked at us. And when we talk to these customers, we really say, like, where is the best place for us to run these v sphere workloads? And, um and the great thing is we have a consistent message. We we know that it's the right that that aws nbn where's the best place to run those VCR workloads in the cloud? And so as we see enterprises as we see regulated industries as we see governments really looking to modernize and take advantage of the cloud, we're seeing them move whole swaths of their applications. And this is not just small parts. These are the critical really mission critical applications that they know that they need to get out flexibility on, and they want to get that agility. And so, um, you know, there's been a broad swath of customers like that that have really moved large large pieces of their application in date of us. So it's been fun to see. >>And John, if I might add to that what we've also sought to do is pick some of those great customers like the ones that Matt talked about and put them on stage. Uh, VM world. In previous, we had Freddie Mac and we had, you know, I h s market and these are good examples in the few that Matt talked about. So I'm super excited. I expect there'll be many more reinvent we did. Some also be in world. So we're getting these big customers to talk about this because then you get the 10 phenomenon. Everyone wants to come to this, tend to be able to participate in that momentum. The other thing I'm super excited about it started off as a US phenomenon. Just the U s customers, but I'm starting to see riel interest from European and a p J customers. Asia Pacific customers in countries Australia, Japan, U. K, France, Germany. So this becomes a global phenomenon where customers understand that this doesn't have to be just the U. S centric customers that are participating. And then that was, for me a very key objective because the early customers always gonna start in the Geo where, um, you know, there's the most resonance with the public cloud. But now we're starting to see this really take off in many parts of the world. >>Yeah, that's a great point at something we can talk about another conversation. Maybe we will bring you guys into some of our live check ins throughout the three weeks we're doing here. Reinvent. But this global regional approach Matt has been hugely successful. Um, we're on Amazon. We have Q breaches because by default, we're on top of Amazon. You're seeing companies build on top of Amazon. Look a snowflake. The largest I po in the history of Wall Street behind VM Ware. They run Amazon, right? And I will probably have other clouds to down the road. But the point is you guys are enabling this. >>Yeah, global. And it's it is one of the things that we hear from customers that they that they love about running in the cloud is that, you know, think about if you had Teoh, you know you mentioned snowflake. Imagine if your snowflake and you have to go build data centers everywhere. If you had to go roll out toe to Europe and then you have to build data centers in Germany and then you have to build data centers and the U. K. And then you had to go build data centers in Australia like that would be an enormous cost and complexity, and they probably wouldn't do it frankly, at their early stage, Um, you know, now they just they spin up another stack and their ableto serve their customers anywhere around the world. And we're seeing that from our VM or customers where, you know, they actually are spinning up brand new vmc clusters, uh, where they weren't able to do it before, where they either had toe operate from a single stack. Um, now they're able to say, you know what? I'd love to have Ah, vm or stack in Australia, and they're able to get that up and running quickly. And so I do think that this is actually enabling new business it z, enabling customers to think about. How do they put their computer environment close to where their end users are or where they need that computer environment to be sometime just close to end users? Sometimes it's for data residency requirements, but it really kind of enables customers to do that. Where think about in a cove in world, if you have to go launch a data center in a new country, you probably just I mean, maybe it wouldn't even be possible to do that way are today. And now it's just FBI calls. So >>I mean, your point about going slows in an option. The imperative we have, you know, even expression here inside silicon and on the Cube team. Is there a problem? Yes. Is it important? Yes. What are the consequences if you don't solve the problem? Can you quantify those consequences? And then you gotta look at solutions and look at the timing. So you got timing. You got cost. You got the consequences of not doing it. And speed all those things. No. No one's gonna roll out of data center in six months if they if they tried so again, Cloud. And I'm trying to come into play here. You gotta operate something. It's a hand in the glove, its's. I'm seeing the cream rise to the top with covert. You're seeing real examples of riel scale riel value problems that you solve that important that have consequences that can be quantified. I mean, it's simple. Is that >>you know, John, I was gonna say, in addition to this via McLeod on aws were also pretty, you know, prominent AWS customer for some of our services. So some of the services that we've seen accelerate through Covic Are these distributed workforce security capabilities? Eso we resume internally, that obviously runs on AWS. But then surrounding that with workspace one and carbon like to secure the laptop that goes home. Those services of us running A W. S two. So this is one of those places where we're grateful that we could run those cloud services because we're also just like Snowflake and Zoom and others. Many of the services that we build that our SAS type services run on Amazon, and that reinforces the partnership for us. Almost like a SAS customer. >>Well, gentlemen, really appreciate your insight. As always, a great conversation. We could go for another hour. You guys with leaders of your organizations, you're at the front lines as managing through the pandemic will have you guys come into our check ins throughout the three weeks now here during reinvent from or commentary. But I'd like to end this segment by sharing. In your opinion, what is the most important thing that the audience should pay attention to this year at Reinvent? I know there's a lot of things going on. It's three weeks, not four days. It's so it's longer, but still there's a lot of announcements, man, on your side vm where you got the moment and you got your announcements. What should customers pay attention to this reinvent Virtual 2020. >>So, do you wanna go first? >>No, man, it's your show. You go first. E >>I would encourage folks toe Really think about and plan the three weeks out. This this is the opportunity to really dive in and learn. Right? Reinvent is as as many of you know, this This is just a different type of conference. It's not American Conference. This is a learning conference, and and even virtually that doesn't change. And so I encourage. Look across the broad swath of things that we're doing. Learn about machine learning and what we're doing in that space. Learn about the new compute capabilities or container capabilities. Learn about you know what, what is most relevant to your business if you're looking about. Hey, I have an on premise data center, and I'm looking about how I extend into the cloud. There's a lot of new capabilities around BMC and AWS that makes sense, but there's also a lot of cool announcements around just other services. Um, that could be interesting. We have a ton of customers. They're giving talks. And learning from other customers is often the best way to really understand how you can get the most value out of the cloud. And so I encourage folks toe really kind of block that time. I think it's easy when your remote to get distracted by, you know, watching Netflix or answering emails or things like that. But this is this is a great opportunity to block that schedule. Find the time that you have to really spend time and dive into the sessions because we have a ton of great content on a lot of really cool launches coming up. >>Yeah, I'm just very quickly. I would like one of things I love about Amazon's culture and were similar. VM Ware is that sort of growth mindset. Learn it all and I'm looking forward myself personally to going to reinvent university. This is three weeks of learning, uh, listening to many of those those things. I learned a ton and I've tried to have my own sort of mindset of have being a learn it all as opposed to know it. Also these air incredible sessions and I would also reinforce what Matt said which is going find pure customers of yours that are in your same vertical. We're seeing enormous success in the key verticals Vienna plays in which itself called financial services public sector healthcare manufacturing, CPG retail. I mean, whatever it is so and many of those customers will be, uh, you know, doing virtual talks or we have case studies of use cases because often these sort of birds of a feather allow you to then plan your migration of modernization journey in a similar >>fashion, Matt Sanjay, always great to get the leaders of the two biggest companies in our world A, W s and VM where to share their perspectives. Uh, this year is gonna be different. I'm looking forward to, you know, really kinda stepping up and leaning into the virtual because, you know, we're gonna do three weeks of cube coverage. We have, like, special coverage days, Tuesday, Wednesday, Thursday for each of the three weeks that we're in. And we're gonna try to make this fun as possible. Keep everyone engaged on tryto navigate, help people navigate through the virtual world. So looking forward to having you guys back on and and sharing. Thanks for coming. I appreciate it. Thank you very much. Okay, this is the cubes. Virtual coverage of virtual reinvent 2020. I'm John for your host. Stay with us. Silicon angle dot com. The cube will be checking in with our live coverage in and out of the sessions and stay with us for more wall to wall coverage. Thanks for watching. Yeah,

>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation, >>Everyone. Welcome to this cube conversation. I'm John for host of the Cube here in the Cubes Palo Alto studios during the co vid crisis. Square Quarantine with our crew, but we got the remote interviews. Got great to get great guests here from 44 to guard Fortinet, 40 Guard Labs, Derek Manky chief Security Insights and Global Threat alliances. At 14 it's 40 guard labs and, um, are Lakhani. Who's the lead researcher for the Guard Labs. Guys, great to see you. Derek. Good to see you again. Um, are you meet you? >>Hey, it's it's it's been a while and that it happened so fast, >>it just seems, are say it was just the other day. Derek, we've done a couple interviews in between. A lot of flow coming out of Florida net for the guards. A lot of action, certainly with co vid everyone's pulled back home. The bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security. Uh, in terms of action, bad actors are at all time high new threats here is going on. Take us through what you guys were doing. What's your team makeup look like? What are some of the roles and you guys were seeing on your team? And how's that transcend to the market? >>Yeah, sure, Absolutely. So you're right. I mean, like, you know, like I was saying earlier this this is all this always happens fast and furious. We couldn't do this without, you know, a world class team at 40 guard labs eso we've grown our team now to over 235 globally. There's different rules within the team. You know, if we look 20 years ago, the rules used to be just very pigeonholed into, say, anti virus analysis. Right now we have Thio account for when we're looking at threats. We have to look at that growing attack surface. We have to look at where these threats coming from. How frequently are they hitting? What verticals are they hitting? You know what regions? What are the particular techniques? Tactics, procedures, You know, we have threat. This is the world of threat Intelligence, Of course. Contextualizing that information and it takes different skill sets on the back end, and a lot of people don't really realize the behind the scenes. You know what's happening on bears. A lot of magic happen not only from what we talked about before in our last conversation from artificial intelligence and machine learning, that we do a 40 yard labs and automation, but the people. And so today we want to focus on the people on and talk about you know how on the back ends, we approach a particular threat. We're going to talk to the world, a ransom and ransomware. Look at how we dissect threats. How correlate that how we use tools in terms of threat hunting as an example, And then how we actually take that to that last mile and and make it actionable so that, you know, customers are protected. How we share that information with Keith, right until sharing partners. But again it comes down to the people. We never have enough people in the industry. There's a big shortages, we know, but it it's a really key critical element, and we've been building these training programs for over a decade within 40 guard lab. So you know, you know, John, this this to me is why, exactly why, I always say, and I'm sure Americans share this to that. There's never a dull day in the office. I know we hear that all the time, but I think today you know, all the viewers really get a new idea of why that is, because this is very dynamic. And on the back end, there's a lot of things that doing together our hands dirty with this, >>you know, the old expression started playing Silicon Valley is if you're in the arena, that's where the action and it's different than sitting in the stands watching the game. You guys are certainly in that arena. And, you know, we've talked and we cover your your threat report that comes out, Um, frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware. What's going on? What's the state of the ransomware situation? Um, set the stage because that's still continues to be a threat. I don't go a week, but I don't read a story about another ransomware and then it leaks out. Yeah, they paid 10 million in Bitcoin or something like I mean, this Israel. That's a real ongoing threat. What is it, >>quite a bit? Yeah, eso I'll give sort of the one on one and then maybe capacity toe mark, who's on the front lines dealing with this every day. You know, if we look at the world of I mean, first of all, the concept to ransom, obviously you have people that that has gone extended way, way before, you know, cybersecurity. Right? Um, in the world of physical crime s Oh, of course. You know the world's first ransom, where viruses actually called PC cyborg. This is in 1989. The ransom payment was demanded to appeal box from leave. It was Panama City at the time not to effective on floppy disk. Very small audience. Not a big attack surface. I didn't hear much about it for years. Um, you know, in really it was around 2000 and 10. We started to see ransomware becoming prolific, and what they did was somewhat cybercriminals. Did was shift on success from ah, fake antivirus software model, which was, you know, popping up a whole bunch of, you know said your computer is infected with 50 or 60 viruses. Chaos will give you an anti virus solution, Which was, of course, fake. You know, people started catching on. You know, the giggles up people caught onto that. So they weren't making a lot of money selling this project software. Uh, enter Ransomware. And this is where ransomware really started to take hold because it wasn't optional to pay for the software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer the current. Uh, the encryption kind of decrypt it with any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw we've seen things like master boot record nbr around somewhere. This is persistent. It sits before your operating system when you boot up your computer. So it's hard to get rid of, um, very strong. Um, you know, public by the key cryptography that's being so each victim is infected with the different key is an example. The list goes on, and you know I'll save that for for the demo today. But that's basically it's It's very it's prolific and we're seeing shit. Not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted ransom cases that we're going after, you know, critical business. Essentially, it's like a D O s holding revenue streams around too. So the ransom demands were getting higher because of this is Well, it's complicated. >>Yeah, I was mentioning, Omar, I want you to weigh in. I mean, 10 million is a lot we reported earlier this month. Garment was the company that was act I t guy completely locked down. They pay 10 million. Um, garment makes all those devices and a Z. We know this is impacting That's real numbers. So I mean, it's another little ones, but for the most part, it's new. It's, you know, pain in the butt Thio full on business disruption and extortion. Can you explain how it all works before I got it? Before we go to the demo, >>you know, you're you're absolutely right. It is a big number, and a lot of organizations are willing to pay that number to get their data back. Essentially their organization and their business is at a complete standstill. When they don't pay, all their files are inaccessible to them. Ransomware in general, what does end up from a very basic or review is it basically makes your files not available to you. They're encrypted. They have a essentially a pass code on them that you have to have the correct pass code to decode them. Ah, lot of times that's in the form of a program or actually a physical password you have type in. But you don't get that access to get your files back unless you pay the ransom. Ah, lot of corporations these days, they are not only paying the ransom, they're actually negotiating with the criminals as well. They're trying to say, Oh, you want 10 million? How about four million? Sometimes that it goes on as well, but it's Ah, it's something that organizations know that if they don't have the proper backups and the Attackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicate files, so sometimes you don't have a choice, and organizations will will pay the ransom >>and it's you know they're smart. There's a business they know the probability of buy versus build or pay versus rebuild, so they kind of know where to attack. They know the tactics. The name is vulnerable. It's not like just some kitty script thing going on. This is riel system fistic ated stuff. It's and it's and this highly targeted. Can you talk about some use cases there and what's goes on with that kind of attack? >>Absolutely. The cybercriminals are doing reconnaissance. They're trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. Eh? So there's a lot of attacks going on. We usually we're finding now is ransomware is sometimes the last stage of an attack, so an attacker may go into on organization. They may already be taking data out of that organization. They may be stealing customer data P I, which is personal, identifiable information such as Social Security numbers or or driver's licenses or credit card information. Once they've done their entire attack, once they've gone, everything they can Ah, lot of times their end stage. There last attack is ransomware, and they encrypt all the files on the system and try and try and motivate the victim to pay as fast as possible and as much as possible as well. >>You know, it's interesting. I thought of my buddy today. It's like casing the joint. They check it out. They do their re kon reconnaissance. They go in, identify what's the move that's move to make. How to extract the most out of the victim in this case, Target. Um, and it really I mean, it's just go on a tangent, you know? Why don't we have the right to bear our own arms? Why can't we fight back? I mean, the end of the day, Derek, this is like, Who's protecting me? I mean, >>e do >>what? To protect my own, build my own army, or does the government help us? I mean, that's at some point, I got a right to bear my own arms here, right? I mean, this is the whole security paradigm. >>Yeah, so I mean, there's a couple of things, right? So first of all, this is exactly why we do a lot of that. I was mentioning the skills shortage and cyber cyber security professionals. Example. This is why we do a lot of the heavy lifting on the back end. Obviously, from a defensive standpoint, you obviously have the red team blue team aspect. How do you first, Um, no. There is what is to fight back by being defensive as well, too, and also by, you know, in the world that threat intelligence. One of the ways that we're fighting back is not necessarily by going and hacking the bad guys, because that's illegal in jurisdictions, right? But how we can actually find out who these people are, hit them where it hurts. Freeze assets go after money laundering that works. You follow the cash transactions where it's happening. This is where we actually work with key law enforcement partners such as Inter Pool is an example. This is the world, the threat intelligence. That's why we're doing a lot of that intelligence work on the back end. So there's other ways toe actually go on the offense without necessarily weaponizing it per se right like he's using, you know, bearing your own arms, Aziz said. There's different forms that people may not be aware of with that and that actually gets into the world of, you know, if you see attacks happening on your system, how you how you can use security tools and collaborate with threat intelligence? >>Yeah, I think that I think that's the key. I think the key is these new sharing technologies around collective intelligence is gonna be, ah, great way to kind of have more of an offensive collective strike. But I think fortifying the defense is critical. I mean, that's there's no other way to do that. >>Absolutely. I mean the you know, we say that's almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cyber criminal to operate. And there's many ways to do that right you could be could be a pain to them by by having a very rigid, hard and defense. That means that if if it's too much effort on their end, I mean, they have roos and their in their sense, right, too much effort on there, and they're gonna go knocking somewhere else. Um, there's also, you know, a zay said things like disruption, so ripping infrastructure offline that cripples them. Yeah, it's wack a mole they're going to set up somewhere else. But then also going after people themselves, Um, again, the cash networks, these sorts of things. So it's sort of a holistic approach between anything. >>Hey, it's an arms race. Better ai better cloud scale always helps. You know, it's a ratchet game. Okay, tomorrow I want to get into this video. It's of ransomware four minute video. I'd like you to take us through you to lead you to read. Researcher, >>take us >>through this video and, uh, explain what we're looking at. Let's roll the video. >>All right? Sure s. So what we have here is we have the victims. That's top over here. We have a couple of things on this. Victims that stop. We have ah, batch file, which is essentially going to run the ransom where we have the payload, which is the code behind the ransomware. And then we have files in this folder, and this is where you typically find user files and, ah, really world case. This would be like Microsoft Microsoft Word documents or your Power point presentations. Over here, we just have a couple of text files that we've set up we're going to go ahead and run the ransomware and sometimes Attackers. What they do is they disguise this like they make it look like a like, important word document. They make it look like something else. But once you run, the ransomware usually get a ransom message. And in this case, the ransom message says your files are encrypted. Uh, please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address that usually they look a little more complicated. But this is our fake Bitcoin address, but you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as the researchers, we see files like this all the time. We see ransomware all the all the time. So we use a variety of tools, internal tools, custom tools as well as open source tools. And what you're seeing here is open source tool is called the cuckoo sandbox, and it shows us the behavior of the ransomware. What exactly is a ransom we're doing in this case? You can see just clicking on that file launched a couple of different things that launched basically a command execute herbal, a power shell. It launched our windows shell and then it did things on the file. It basically had registry keys. It had network connections. It changed the disk. So this kind of gives us behind the scenes. Look at all the processes that's happening on the ransomware and just that one file itself. Like I said, there's multiple different things now what we want to do As researchers, we want to categorize this ransomware into families. We wanna try and determine the actors behind that. So we dump everything we know in the ransomware in the central databases. And then we mind these databases. What we're doing here is we're actually using another tool called malt ego and, uh, use custom tools as well as commercial and open source tools. But but this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking malty, go to look through our database and say, like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system because that helps us identify maybe where the ransom that's connecting to where it's going thio other processes that may be doing. In this case, we can see multiple I P addresses that are connected to it so we can possibly see multiple infections weaken block different external websites. If we can identify a command and control system, we can categorize this to a family. And sometimes we can even categorize this to a threat actor that has claimed responsibility for it. Eso It's essentially visualizing all the connections and the relationship between one file and everything else we have in our database in this example. Off course, we put this in multiple ways. We can save these as reports as pdf type reports or, you know, usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets when we're researching file based attacks when we're researching, um, you know, I P reputation We have a lot of different IOC's or indicators of compromise that we can correlate where attacks goes through and maybe even detective new types of attacks as well. >>So the bottom line is you got the tools using combination of open source and commercial products. Toe look at the patterns of all ransomware across your observation space. Is that right? >>Exactly. I should you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic that that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At four of our labs intelligence that we acquire that product, that product of intelligence, it's consumed directly by our projects. >>Also take me through what, what's actually going on? What it means for the customers. So border guard labs. You're looking at all the ransom where you see in the patterns Are you guys proactively looking? Is is that you guys were researching you Look at something pops on the radar. I mean, take us through What is what What goes on? And then how does that translate into a customer notification or impact? >>So So, yeah, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be a wear Some of the solutions we talked about before. And if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can't see. So you got to get your hands on visibility. We call these I, O. C s indicators a compromise. So this is usually something like, um, actual execute herbal file, like the virus from the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that seed, we call it a seed. We could do threat hunting from there, so we can analyze that right? If it's ah piece of malware or a botnet weaken do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things and we really you know, it's similar to the world of C. S. I write have these different gods that they're connecting. We're doing that at hyper scale on DWI. Use that through these tools that Omar was talking. So it's really a life cycle of getting, you know, the malware incoming seeing it first, um, analyzing it on, then doing action on that. Right? So it's sort of a three step process, and the action comes down to what tomorrow is saying water following that to our customers so that they're protected. But then in tandem with that, we're also going further. And I'm sharing it, if if applicable to, say, law enforcement partners, other threat Intel sharing partners to And, um, there's not just humans doing that, right? So the proactive peace again, This is where it comes to artificial intelligence machine learning. Um, there's a lot of cases where we're automatically doing that analysis without humans. So we have a I systems that are analyzing and actually creating protection on its own. Two. So it Zack white interest technology. >>A decision. At the end of the day, you want to protect your customers. And so this renders out if I'm afford a net customer across the portfolio. The goal here is to protect them from ransomware. Right? That's the end of game. >>Yeah, And that's a very important thing when you start talking these big dollar amounts that were talking earlier comes Thio the damages that air down from estimates. >>E not only is a good insurance, it's just good to have that fortification. Alright, So dark. I gotta ask you about the term the last mile because, you know, we were before we came on camera. You know, I'm band with junkie, always want more bandwidth. So the last mile used to be a term for last mile to the home where there was telephone lines. Now it's fiber and by five. But what does that mean to you guys and security is that Does that mean something specific? >>Yeah, Yeah, absolutely. The easiest way to describe that is actionable, right? So one of the challenges in the industry is we live in a very noisy industry when it comes thio cybersecurity. What I mean by that is because of that growing attacks for fists on do you know, you have these different attack vectors. You have attacks not only coming in from email, but websites from, you know, DDOS attacks. There's there's a lot of volume that's just going to continue to grow is the world of I G N O T. S O. What ends up happening is when you look at a lot of security operation centers for customers as an example, um, there are it's very noisy. It's, um you can guarantee that every day you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs, and when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually started to say, Hey, this looks like an attack. I'm gonna go investigate it and block it. So this is where the last mile comes in because ah, lot of the times that you know these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because The reality is, if it's just humans, doing it on that last mile is often going back to your bandwidth terms. There's too much too much lately. See right, So how do you reduce that late and see? That's where the automation the AI machine learning comes in. Thio solve that last mile problem toe automatically either protection. Especially important because you have to be quicker than the attacker. It's an arms race like E. >>I think what you guys do with four to Guard Labs is super important. Not like the industry, but for society at large, as you have kind of all this, you know, shadow, cloak and dagger kind of attacks systems, whether it's National Security international or just for, you know, mafias and racketeering and the bad guys. Can you guys take a minute and explain the role of 40 guards specifically and and why you guys exist? I mean, obviously there's a commercial reason you both on the four net that you know trickles down into the products. That's all good for the customers. I get that, but there's more to the fore to guard than just that. You guys talk about this trend and security business because it is very clear that there's a you know, uh, collective sharing culture developing rapidly for societal benefit. Can you take them into something that, >>Yeah, sure, I'll get my thoughts. Are you gonna that? So I'm going to that Teoh from my point of view, I mean, there's various functions, So we've just talked about that last mile problem. That's the commercial aspect we create through 40 yard labs, 40 yards, services that are dynamic and updated to security products because you need intelligence products to be ableto protect against intelligence attacks. That's just the defense again, going back to How can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that you do. But we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court, and because of that, a lot of these cybercriminals rain free. That's been a big challenge in the industry. So, you know, this has been close to my heart over 10 years, I've been building a lot of these key relationships between private public sector as an example, but also private sector things like Cyber Threat Alliance, where a founding member of the Cyber Threat Alliance, if over 28 members and that alliance. And it's about sharing intelligence to level that playing field because Attackers room freely. What I mean by that is there's no jurisdictions for them. Cybercrime has no borders. Um, they could do a million things, uh, wrong and they don't care. We do a million things right. One thing wrong, and it's a challenge. So there's this big collaboration that's a big part of 40 guard. Why exists to is to make the industry better. Thio, you know, work on protocols and automation and and really fight fight this together. Well, remaining competitors. I mean, we have competitors out there, of course, on DSO it comes down to that last mile problem. John is like we can share intelligence within the industry, but it's on Lee. Intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. And, >>um, are what's your take on this, uh, societal benefit because, you know, I've been saying since the Sony hack years ago that, you know, when you have nation states that if they put troops on our soil, the government would respond. Um, but yet virtually they're here, and the private sector's defend for themselves. No support. So I think this private public partnership thing is very relevant. I think is ground zero of the future build out of policy because, you know, we pay for freedom. Why don't we have cyber freedom is if we're gonna run a business. Where's our help from the government? Pay taxes. So again, if a military showed up, you're not gonna see, you know, cos fighting the foreign enemy, right? So, again, this is a whole new change over it >>really is. You have to remember that cyberattacks puts everyone on even playing field, right? I mean, you know, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that, right? Anyone can basically come up to speed on cyber weapons as long as they have an Internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies, you know, But absolutely that I think a lot of us, You know, from a personal standpoint, a lot of us have seen researchers have seen organizations fail through cyber attacks. We've seen the frustration we've seen. Like, you know, besides organization, we've seen people like, just like grandma's loser pictures of their, you know, other loved ones because they can being attacked by ransom, where I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But But I will add that the least here in the U. S. The federal government actually has a lot of partnerships and ah, lot of programs to help organizations with cyber attacks. Three us cert is always continuously updating, you know, organizations about the latest attacks. Infra Guard is another organization run by the FBI, and a lot of companies like Fortinet and even a lot of other security companies participate in these organizations so everyone can come up to speed and everyone share information. So we all have a fighting chance. >>It's a whole new wave paradigm. You guys on the cutting edge, Derek? Always great to see a mark. Great to meet you remotely looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >>All right. Thank God. Pleasure is always >>okay. Q conversation here. I'm John for a host of the Cube. Great insightful conversation around security Ransomware with a great demo. Check it out from Derek and, um, are from 14 guard labs. I'm John Ferrier. Thanks for watching.