 Welcome back everyone to theCUBE's live coverage of MY's, the leading cybersecurity conference. I'm your host, Rebecca Knight, along with my two analyst co-hosts. We have Rob Streche and John Furrier. We're doing the keynote analysis. What a keynote it was. We had Kevin Mandia, the CEO of Mandia up there. For me, one of the biggest takeaways was he was talking about the innovation that we're seeing out of China. He said that it used to be that Russia was the varsity squad. Now we're seeing China, what do you make of that, John? I'm going to start with you. I mean, China is really... First of all, China is absolutely a threat, completely number one. He even gave some stats. The FBI director actually had more stats on that. They lined up all the personnel in the United States alone. They still got a number of them by 50 to one or 50 to one, a big number. But I think the Mandians showed in their keynote that they have full command of what cybersecurity is, what it was, where it's going and the threat to national security on a global scale. I think because of their so front line oriented, they have all the metadata and up to the minute visibility in the text. And they probably know more that we don't even hear coming in there. So Mandia, I'll say very successful at what they do. But to me, the content was on point. Everything that we've been tracking, I've been tracking for 10 year plus with theCUBE, we've been seeing the China stealing the national property from American citizens and companies, no help from the government, no private public partnerships developing. That narrative has completely changed and Mandia has done a lot of great work with the people in that room because there's now a call to arms. It's almost like the militia was the companies themselves that fund their own people. Now the industry is now changing, Robin, maturing with scale, next level cloud scale. And as the AI gift comes into security, he's going to see a major changeover in my opinion of productivity, fatigue, burnout and an opportunity, and Dave Vellante posted on Twitter, is it an opportunity for the defender or the attacker? Content on point, well-positioned with the AI, pragmatic. I thought it was a great keynote, and good timing too. And they had the FBI director, he, I was skeptical that he would be on point. He even hit a home run. So to me, it's a national security imperative. Companies need protection, we're getting killed. There is a cyber war happening. Finally someone else is saying it besides us on theCUBE and everyone else. So, it's a real cultural shift. I think it's going to be a game changer. And again, right on point, I thought the keynote was fantastic. Yeah, I want to go to you, Robin, ask about what you made of what he said about AI. He really struck an optimistic tone when it came to AI. He said it is the answer. It is going to address the problem of the overwhelm security team. We're not quite hearing as much optimism. And what do you think? I think he tried to pull it back and be very optimistic. In fact, I thought it would, out of security conferences I've been to, this was probably the most positive set of keynotes that I've seen. Everybody knows it's a tough job and it's very hard. I mean, again, going back and talking about how, MITRE had 41 different things you had to be right on to be able to protect yourself and how AI really is going to go and help that burnout and help to do that. And again, I think it's one of these things that if you're not embracing AI, you're screwed. I mean, and I think that was his message. And I think even with Mandiant, who has a lot of analysts, physical people involved in their entire go-to-market and entire services that they provide, I think that he was even showing that we're going to make good analysts, great analysts. We're going to make those people who are first in, we're going to make them even better with use of AI. And I think that was key. Yeah, and I thought that John Mandi's key points were layer two defense, AI is a great advantage for the defender now to avoid the burnout and then the continued private partnership. And he hit a couple of things that I just took notes on, I thought were notable. There's need for a modern defense. It's the next evolution. This whole China is the winner. You brought up varsity. He used to use that term. I like how you brought it in. They're the winner, they're on top. Russia dropped. Now, one nuance that came out of that is that Russia, because of the Ukraine war, has been almost fractured. They talked about the leaks that came out from, the Conti leaks, right? So the war in Ukraine has also taken down Russia's focus either because they're leaving the country and or finding domicile somewhere else and or distracted by the war. China now becomes number one over Russia. So that was interesting. And the other nuance that I'd squint through was, Rebecca, was the term e-crime versus state actor. And that's important definition because state actors are the countries and in our doctrine of war, country attacks the other country, we would counter attack. That's our kind of doctrine for maintaining peace. The state actors are employing e-crime units using kind of off book operations to camouflage and obfuscate their role. This has been going on for a year. So now it's out in the public. They're continuing to talk about. So that came up in the panel. And then finally, zero days are on the rise, okay? Zero day attacks are on the rise too. So again, another macro stat. So Chuck full of stats, Rob. It's like, I'll say it's random zero day and a lot of area to hit. And you get the attack in Vegas casinos as well. Yeah, no, I think even as part of the panel and a lot of it, and they said kind of last year was a dip. I think they said there was either total of 51 last year and we're already at 63 this year on the way up to, you know, past 80 where we ended up in 2021. So I think again, part of it was, hey, things slowed down. We've only seen them slow down when there's like Chinese New Year and they take a break for the weekend. But you know, you start to look at it and go, don't be surprised if those Russian actors, bad actors get involved again in going and trying to raise money. And I thought, again, looking at how the DPRC or DPRK, sorry, was funding their nuclear weapons program and how they were using crypto mining, basically, you know, embezzlement to go and do that was pretty fascinating in how, you know, they were tracking and I think I was Jackie Burns Coven who was talking about like her study of that as well. Yeah. Rebecca, they named the top five countries. Well, they've won four countries and then a group. China number one, Russia, Iran, North Korea and then cyber criminals. That was interesting. They put that as almost a category of itself. They also pointed out from North Korea standpoint that they're really good at social engineering. They take their time over the target month or so, but also good at supply chain hacks, which came out as interesting. But the stat that was interesting was the money. I think it was the woman on the panel. I forget which one it was. I think it might have been Maddie Stone. Yeah, it was Maddie Stone. She said that the estimate from North Korea this year was 300 million, 3.6 billion all time for Korea, mainly crypto smashing grabs and or social engineering hacks. I mean, North Korea is doing well on the income sheet, Rob. Yeah, and I think that was Jackie Burns Coven also on that stat because she was the one who's very fascinating how they were tracking that. And to your point on social engineering, how people are being notified by the FBI, hey, you have somebody from Poynang inside your IT organization who actually works for there, and they're being notified that they've hired somebody. I think, again, part of it was, hey, these people are very sophisticated at this, and they're really good at that social engineering, being able to go in through LinkedIn, through other things, interview, and get jobs. And I think also part of that was very interesting was how they're doing this, not just over one month or two months, how they have that whole supply chain attack and look to do that. And mine and John, one of our favorite words came up, S-bombs was brought up. So I love S-bombs. I know, S-bombs. Self-healing materials, what's in the software? Yes. That came up. Yes, it did. Going back to what you're saying, I mean, this is what Kevin Mandio was hammering, was getting into a security mindset. He said that a lot of CISOs he talks to, they say, I don't think people are taking this seriously enough. And he said, you need to assume that your employees are going to fall for these social engineering attacks. You need to have board and executive modeling. You need to do tabletop exercises where people are understanding, really grasping what a worst case scenario looks like. Well, I like the whole tabletop, and if you haven't done one- Oh, I know, that resonated with me. Yeah, haven't done one in two years. Yeah. The world has changed a lot. With your board and your executive. I think it has to be an old above strategy, and you have to have that by it. You guys think it's a gut check, it's a leadership check, it's a systems check, it's a process check, it's the state of the art. And we heard the guest came on earlier from first guest, Brian, CEO, Brian Dye. He said, if you don't have AI built in by the end of the year, you're going to be drunk at the wheel. I've had the exact other words. But that came off well. The other thing he mentioned on that point is, what's next with LLMs and AI? He actually mentioned LLMs specifically. He thought that that's going to be a great opportunity to avoid the burnout. Rebecca, I know you know a lot about the future of work and we're talking about, you know, how do you get skills? Budgets aren't expanding at 10X. The data is expanding at 100X. The threats are coming in at high velocity. There's no budget. You've got to get the productivity in there, but don't burn out. How do you be a jack of all trades and master of everything? Well, exactly. And I think that if using tools like AI tools to help you accomplish some of the more tedious tasks, the more boring things, the rope things you don't necessarily want to spend your time on will allow you to do the things that are more enjoyable, more interesting to you, and actually have more value add for the organization. And another thing is, if AI can take care of those tedious tasks for you, then you have the opportunity to just really get to know your system inside and out and really understand what it is, because that is one of the first defenses, is to really know what you're dealing with. And I brought up file transfer protocols in software, Rob, as well as the S-bomb in context too. There's a lot of stuff that's not patched in your organization that you might not know is not patched, so that's got to be table stakes number one, but what's interesting about that file transfer, move it saga, I was a victim of that. I got notified on the progress software, that was the big breach in 2022. The impact today is still being felt, so this concept of open source is going to be a big issue, so Adam Sileski was quoted on Thursday, we weren't at the press conference, but Adam was taking a very hard line on open source, AWS, which, David, you don't see them do that, for that one reason, about data in AI, the data in the, we coined the term data supply chain on theCUBE, I don't think anyone's used that term before, but like software supply chain, you now have what's in your data supply chain. Yeah, we've talked about that, and I think that's the next step, and I'm interested to hear as this week goes on, how they look at that as well, because it's not just about the actual bits that are the software underpinning, it is the data in injecting fake data, and how do you understand that? And I think part of that, Kevin actually talked to that a little bit about misinformation and disinformation, and how you actually gather on top then, I know we'll dig in with him tomorrow as well. The other thing I wanted to bring up for you guys too, to talk about is this Sean Lengas, Lengas, the CNN cybersecurity reporter who's monitoring the panel, he brought this up around how we can speak native normal language, not cybersecurity jargon geek, which we speak, right? So like, that's huge for society as we try to get lawmakers in positions of power to figure out. And employees and families are saying, hey, two factor authentication, what? Don't use your phone, so normal people just using apps. Again, they are also potential social engineering victims inside organizations, so the hygiene and usage around what is cybersecurity? That to me was a very good sign, Rob, because that means that we're moving out of the vertical of narrow cybersecurity, to mainstream FBI director, heads of companies. This is mainstreaming. Yeah, and I think the fact that they brought up the whole new SEC regulations, and didn't really go too deep into that, but 72 hours, I thought, I think it was on the panel where they talked to that, it may have been actually one of our next guests, Selena, who talked about the fact that you don't even know that you've been hacked within 72 hours, so can you have an incident response that has a 72 hour SLA? I think that was really interesting, and so I talk about mainstream when everybody has to report on it within four days, that's pretty mainstream. The other notable thing was protect your goods, right? And they talked about banks becoming more like crypto firms, and crypto firms becoming more like banks. Everyone's a target. The other thing I found interesting was how they were telegraphing how these social engineering, I call them sleeper cells, go out and interview for jobs and in the positions, and then also spoofing as a researcher, target other researchers, and that was reported by Mandian, and that's very smart from a bad guy perspective, like, hey, befriend, ask for advice. Using obsequiousness to gain trust. Yeah, show me your architecture, can you train me? What's your key path? And the research, I mean so much on the behavioral research shows that people just want to be asked for help, want to be seen as experts in their field, and so when they have someone coming forward, asking them for a request, or just to be smart around them, they would say, sure. Did you see Selina Larson's response? Of course I want to help someone. Someone say, hey, what do you do? I want to talk about my job and help someone else, mentoring, all those kinds of things. And I think that, to me, put an exclamation point on Kevin's point that everyone, assume that everyone will be socially engineered at some point. Assume that... There's a ruse for everyone. There's a ruse for everybody. Yeah, exactly, exactly. So, I mean, we got to wrap up here soon, but I want to just go back to the optimism that we saw on the stage. Yes, there is a lot of things to be worried about, things that should keep us all up at night. But there really does seem to be a movement of trying to get more public-private partnerships. Chris Ray was up there trying to recruit, trying to get more people to say, okay, we need to, the public, the private sector is the goalie, the government is the offense, we need more risks and repercussions for these bad actors. Rob, what are you hearing in the conversations that you're having? Is there as much optimism? There are, and I think, again, it's the fact that there is so much volume, but there are tools and community to come together. And I know that they have some stuff laid out for tomorrow that I won't go into that really talks to it being a community. And I think that's really where MYs and this conference is really about community and the security community coming together and being able to be a security team unto itself in that public-private partnership. I think there is more, I think the government is starting to realize they need help and companies are being more forthright within as well. I think, I mean, I kind of felt that the optimism was more urgency, less optimism, more positive urgency that we got to get our shit together as an industry, and I mean that because we're on the heels of a week after the MGM hack that they're fighting through. We were there in Vegas. You're seeing the landscape from the foreign adversaries on the cyber war that's laid out clear as day. I mean, we're optimistic to protect our freedom, I think in America from an American standpoint. So I think that to me felt more optimistic like AI could help us be in good shape. The thing that jumped out at me was, Brian, I talked about this on the first segment, is the speed of the game is so fast. And then the comment Kevin made is that IT and technology proliferate faster than we can secure it. And so this idea that the government has to rely on the private sector to lead in the leadership absolutely critical. If we go the other way where the government's the paced car, it's going to be a disaster, at least in my opinion. So I think it's good balance. I think the recruiting is legit. The FBI should be embedded, and maybe people are afraid. I mean, it's not the first call you think, hey, let's call the FBI and hang out and have a couple of beers with the FBI guys and show them our stuff. I think they've got some stories. I think it'd be a good time. I think it's positive for the industry that the conversations are going mainstream and that they recognize the problem. Yes, and I think you're right. That the optimism was maybe not the right word, but urgency, exactly, exactly. But this has been such a really fascinating keynote analysis. We're going to get into all of that and more on more CUBE interviews and tomorrow's sessions as well as more today. I'm Rebecca Knight for Rob Stretchy and John Furrier. Stay tuned for more of the CUBE's live coverage of MLIs.