[Music] hi I'm Peter Burris and welcome to another Cube conversation from the cube studios here in beautiful Palo Alto California today we're going to talk about some new things that are happening in the security world obviously this is one of the most important domains within the technology industry and increasingly because of digital business in business overall now to do that we've asked Eric manki to come back Derick is the chief of security insights and global threat alliances at Fort Net Derek welcome back to the cube absolutely the same feel the same way Derek okay so we're going to get into some some predictions about what the bad guys are doing and some predictions about what the defenses are doing how we're going to see them defense opportunities improve but let's set the stage because predictions always are made on some platforms some understanding of where we are and that has also changed pretty dramatically so what's the current state in the overall security world Derek yeah so what we saw this year in 2019 a lot is a big increase on automation and I'm talking from an attackers point of view I think we talked about this a little bit earlier in the year so what we've been seeing is the use of frameworks to enhance sort of the day-to-day cycles that cyber criminals and attackers are using to make their you know criminal operations is that much more efficient sort of a well-oiled machine so we're seeing toolkits that are taking you know things within the attack cycle and attack change such as reconnaissance penetration you know exploitation getting into systems and just making that that much quicker so that that window to attack the time to breach has been shrinking thanks to a lot of these crime kits and services that are offered out there now one other comment on this or another question that I might have on this is that so speed is becoming an issue but also the risk as digital business takes on a larger four portion of overall business activities that ultimately the risks and costs of doing things wrong is also going up if I got the right yeah absolutely for sure and you know it's one of those things that it's the longer that a cybercriminal has a foothold in your system or has the opportunity to move laterally and gain access to other systems maybe it's your I o T or you know other other platforms the higher the risk right like the deeper down they are within an attack cycle the higher the risk and because of these automated toolkits are allowing allowing them to facilitate that it's a catalyst really right they can get into the system they can actually get out that much quicker the risk is a much higher and we're talking about risk we're talking about things like intellectual property exfiltration client information this sort of stuff that can be quite damaging to organizations so with the new foundation of speed is becoming an increasingly important feature probably think about security and the risks are becoming greater because digital assets are being recognized as more valuable why do you take us through some of the four Donets predictions on some of the new threats or the threat landscape how's the threat landscape changing yeah so as I said we've already seen this shift in automation so what I would call the basics I mean knowing the target trying to break into that target right when it comes to breaking into the target cyber criminals right now they're following the path of least resistance right they're finding easy ways that they can get into IOT devices I into other systems in our world when we talk about penetration or breaking into systems it's through zero days right so the idea of a zero day is essentially a cyber weapon there's movies and Hollywood that have been made off of this you look at attacks like Stuxnet in the past they all use zero day vulnerabilities to get into systems all right so the idea of one of the predictions we're seeing is that cyber criminals are gonna start to use artificial intelligence right so we talk about machine learning models and artificial intelligence to actually find these zero days for them so in the world of an attacker to find a zero day they have to do a practice called fuzzing and fuzzing is basically trying to trick up computer code right so you're throwing unverified parameters out at your turn T of throwing and unanticipated sequences into code parameters and and input validation and so forth to the point that the code crashes and that's from an attackers point of view that's when you take control of that code this how you know finding weapons into system cyber weapons in this systems work it typically takes a lot of a lot of resource it takes a lot of cycles it takes a lot of intelligence that takes a lot of time to discovery we can be talking on month for longer it's one of the predictions that we're hitting on is that you know cyber criminals are gonna start to use artificial intelligence fuzzing or AI F as I call it to be able to use AI to do all of that you know intelligent work for them so you know basically having a system that will find these gateways if you will these these you know new vulnerabilities into systems so sustained use of AI F to corrupt models so that they can find vulnerabilities that can then be exploited yeah absolutely and you know when it comes to the world of hacking and fuzzing it's one of the toughest things to do it is the reason that zero days are worth so much money you know they can suffer hundreds of thousands of dollars on darknet and in the cyber criminal you know economy so it's because they're talk talk to finally take a lot of resources a lot of intelligence and a lot of effort to be able to not only find the vulnerability but then actively attack it and exploit it right there's two phases to that yeah so the idea is by using part of the power of artificial intelligence that cyber criminals will start to leverage that and harness it in a bad way to be able to not only discover you know these vulnerabilities but also create that weapon right create the exploit so that they can find more you know more holes if you will or more angles to be able to get into systems now another one is that virtualization is happening in you know what the good guys as we virtualized resources but is it also being exploited or does it have the potential be exploited by the bad guys as well especially in a swarming approach yeah virtualization for sure absolutely so the thing about virtualization too is you often have a lot of virtualization being centralizes especially when we talk about cloud right so you have a lot of potential digital assets you know valuable digital assets that could be physically located in one area so when it comes to using things like artificial intelligence fuzzing not only can it be used to find different vulnerabilities or ways into systems it can also be combined with something like I know we've talked about the const that's warm before so using you know multiple intelligence infected pieces of code that can actually try to break into other virtual resources as well so virtualization asked definitely it because of in some cases close proximity if you will between hypervisors and things like this it's also something of concern for sure now there is a difference between AI fai fuzzing and machine learning talk to us a little bit about some of the trends or some of the predictions that pertain to the advancement of machine learning and how bad guys are going to exploit that sure so machine learning is a core element that is used by artificial intelligence right if you think of artificial intelligence it's a larger term it can be used to do intelligent things but it can only make those decisions based off of a knowledge base right and that's where machine learning comes into place machine learning is it's data it's processing and it's time right so there's various machine learning learning models that are put in place it can be used from everything from autonomous vehicles to speech recognition to certainly cybersecurity and defense that we can talk about but you know the other part that we're talking about in terms of reductions is that it can be used like any tool by the bad guys so the idea is that machine learning can be used to actually study code you know from from a black hat attacker point of view to studying weaknesses in code and that's the idea of artificial intelligence fuzzing is that machine learning is used to find software flaws it finds the weak spots in code and then it actually takes those sweet spots and it starts probing starts trying to attack a crisis you know to make the code crash and then when it actually finds that it can crash the code and that it can try to take advantage of that that's where the artificial intelligence comes in right so the AI engine says hey I learned that this piece of software or this attack target has these weak pieces of code in it that's for the AI model so the I fuzzy comes into place to say how can I actually take advantage how can i exploit this right so that's where the AI trussing comes into play so we've got some predictions about how black hats and bad guys are going to use AI and related technologies to find new vulnerabilities new ways of exploiting things and interacting new types of value out of a business what are the white hats got going for them what are their some of the predictions on some of the new classes of defense that we're going to be able to put to counter some of these new classes of attacks yeah so that's that's you know that's honestly some of the good news I believe you know it's always been an armor an arms race between the bad guys and the good guys that's been going on for decades in terms of cybersecurity often you know the the bad guys are in a favorable position because they can do a million things wrong and they don't care right from the good guys standpoint we can do a million things right one thing wrong and that's an issue so we have to be extra diligent and careful with what we do but with that said you know as an example of 49 we've deployed our forty guard AI right so this is six years in the making six years using machine learning using you know precise models to get higher accuracy low false positives to deploy this at reduction so you know when it comes to the defensive mechanism I really think that we're in the drivers position quite frankly we have better technology than the Wild West that they have out on the bad guys side you know from an organization point of view how do you start combating this sort of onslaught of automation in AI from from the bad guys side well you gotta fight fire with fire right and what I mean by that is you have to have an intelligent security system you know perimeter based firewalls and gateways they don't cut it anymore right you need threat intelligence you need systems that are able to orchestrate and automate together so in different security products and in your security stack or a security fabric that can talk to each other you know share intelligence and then actually automate that so I'm talking about things like creating automated security policies based off of you know threat intelligence finding that a potential threat is trying to get into your network that sort of speed through that integration on the defensive side that intelligence speed is is is the key for it I mean without that any organization is gonna be losing the arms race and I think one of the things that is also happening is we're seeing a greater willingness perhaps not to share data but to share information about the bad things that are happening and I know that fort and it's been something at the vanguard of ensuring that there's even better clearing for this information and then driving that back into code that actually further automates how customers respond to things if I got that right yeah you hit a dead-on absolutely you know that is one of the key things that were focused on is that we realized we can't win this war alone right nobody can on a single point of view so we're doing things like interoperating with security partners we have a fabric ready program as an example we're doing a lot of work in the industry working with as an example Interpol and law enforcement to try to do attribution but though the whole endgame what we're trying to do is to the strategy is to try to make it more expensive for cyber criminals to operate so we obviously do that as a vendor you know through good technology our security fabric I integrated holistic security fabric and approach to be able to make it tougher you know for attackers to get into systems but at the same time you know we're working with law enforcement to find out who these guys are to go after attribution prosecution cut off the head of the snake as I call it right to try to hit cyber criminal organizations where it hurts we're also doing things across vendor in the industry like cyber threat Alliance so you know forty knots a founding member of the cyber threat Alliance we're working with other security vendors to actually share real time information is that speed you know message that we're talking about earlier to share real time information so that each member can take that information and put it into you something actionable right in our case when we get intelligence from other vendors in the cyber threat Alliance as an example we're putting that into our security fabric to protect our customers in new real-time so in sum we're talking about a greater value from being attacked being met with a greater and more cooperative use of technology and process to counter those attacks all right yeah absolutely so open collaboration unified collaboration is is definitely key when it comes to that as well you know the other thing like I said is is it's the is the technology piece you know having integration another thing from the defensive side too which is becoming more of a topic recently is deception deception techniques this is a fascinating area to me right because the idea of deception is the way it sounds instead of to deceive criminals when they're coming knocking on your door into your network so it's really what I call like the the house of a thousand mirrors right so they get into your network and they think they're going to your data store but is it really your data store right it's like it's there's one right target and a thousand wrong targets it's it's a it's a defensive strategy that organizations can play to try to trip up cyber criminals right it makes them slower it makes them more inaccurate it makes them go on the defensive and back to the drawing board which is something absolutely I think we have to do so it's very interesting promising you know technology moving forward in 2019 to essentially fight back against the cyber criminals and to make it more expensive to get access to whatever it is that they want Derek max Lilly yeah Derrick McKey chief of security insights and global threat Alliance this is for net thanks once again for being on the cube it's a pleasure anytime look forward to the next chat and from Peter Burroughs and all of us here at the cube in Palo Alto thank you very much for watching this cube conversation until next time you