 Welcome to a CUBE Conversation. I'm Peter Burris with Wikibon SiliconANGLE. I am having a great conversation today with Derek Mankey, who's a global security strategist at Fortinet, who wants to talk about Derek. I don't want to be too topical here, but still, why don't you tell us exactly what a global security strategist does? Yeah, so obviously we've got a global region. We're looking at the past, the present, and the future. When I say that, we're looking at past events, learning from security, we're looking at present events, reacting to them, trying to beat the bad guys to the punch, doing advanced research on dark net, but also looking at statistical trends and modeling, a lot like a weather forecast, right? So we're doing modeling as to where threats are going in the future, based on our expertise knowledge and obviously a global telemetry based of data. Billions and billions of data points we look at. So everybody knows that this is enormous, that security and the past are informed the current and we are all worried about the future. But let's talk about where we are right now. Sure, sure. What is the state of things in global cybersecurity? It's flashing red. Unfortunately, we're in this day. And what I mean by that is, CISOs and the likes always have to look at flashing red on their dashboards. They're a lot like our alarms. And we get so many events that are happening day in, day out. We need to start looking at them and prioritizing how do we respond to these events? What's the severity level of these? What are these events? And the context around that and why it matters. We look at a lot of events that are happening today. Obviously we get into the IoT world. That's here. Mobile threats are here. We've gone from just in, from one year ago, we had about 2% of the global attacks that we see were mobile. That number is reaching close to 10% now. So mobile threat activity is accounting for nearly 10% of all global activity that we're seeing. IoT is the next rising star that we're seeing in that as well. And that's really the state that we're seeing. So there's no really new normal in global cybersecurity. It's constantly changing. So give us an assessment and some insights into how the threat target is changing. What is the surface area and the surface attack area that we're worried about as we go forward? Sure. Up into the right, and what I mean by that is when I say that we're seeing obviously volume increasing and we're seeing the level of sophistication increasing in the threats as well. A lot more automated clever techniques are being put into threats. The attack landscape now, or the attack surface shifting into the IoT world, as I mentioned, we're dealing with some of the top attacks we're seeing are CCTV cameras, which by the way are not closed circuit anymore. IP security cameras, we're looking at DVRs, consumer grade routers, printers, all of these different devices now that are not just obviously Windows based as well. So because of that, the amount of volume of threats is increasing. That attack surface, there's much more interconnectivity into these devices, which is a very large issue. We're dealing with the zero patch environment now. As well, the reality is it's just not enough patches readily available for these devices too. And so we have to really, and again, that comes back to the security strategy piece. We have to strategize. So we're used to thinking about PCs being attacked or servers being hacked. What happens if your router gets hacked in this way? Give us a little insight into how that propagates into a problem. Yeah, so worm like activity. We look at a lot of the, what I'm calling shadow nets. These are IoT botnets. So what I mean by that is you get a piece of code like Mariah, Hageem, there's also other flavors of this that we're seeing out there that basically look to propagate like a worm spread from router to router or different device to different device, plant malicious code. And then once they have that obviously, the device is compromised and it can be used for anything. It can be used for altering DNS traffic, hijacking credentials. It can be used to launch a DDoS attack like we saw with Mariah last year as well. But it's also being used now for more sophisticated attacks. So we look at like the Hageem botnet. Unlike Mariah, which I would consider more of a non-intelligent botnet, it's just using brute force techniques. Hageem is using automated techniques to download new password lists and try different attacks using updated and dynamic intelligence as being built into this automated code now as well. That sounds like it's an enormous amount of fun. But as we think about, we're talking mainly about devices at this point in time. When we think about digital business, Wikibon likes to say that digital business is different from business in how a digital business uses data. And the idea that data is increasingly becoming an asset and is a differentiator for your business, especially in how you do things from an engagement standpoint. How is the idea of data as an asset and the need for these new threats, this new landscape going to come together over the course of the next few years? Yeah, absolutely. So that's a really good point that we bring up. So data is highly sought after by these threats. The initial stage of attack is building infrastructure and that's been done. And we talk about these IOT botnets is gaining a foothold into networks where data is either stored or in transit, especially on mobile. And when we look at how data is stored or in transit, often enough, it's stored for too long, it's too persistent, it's not stored properly, it's not hashed or salted and these sorts of techniques. And it's often, it may be going to the wrong places or given permission to the wrong users. These threats now that have a foothold onto these devices can easily scrape and use data, send them to their command and control operators, botnet operators, and then that data, as you are very well aware, can be used multiple times. We're seeing this data used obviously sold through crime services, sold on data dumps, on darknet, it's being used for things like identity theft, money mills and laundering. We worked on a case last year with the EFCC in Nigeria, an Interpol as the expert working panel I'm on. We took down a $60 million crime ring. The heart of that crime ring was money laundering and that all revolves around identity theft as well, which is all data. Right, so let's build on this a little bit because one of the things that I think people frequently get wrong is they don't understand data as an asset and that a crucial feature of it is it can be copied and it can be applied in two places at once. Now, that is a lot of business implications. Let's talk about the security implication. If somebody steals my money, I immediately know that my money's gone. If somebody steals my data, I may not know that my data's gone because it can be copied and it can be reapplied and reused and I may never know it. Now, we're looking at a recent breach here on a big supplier of crime services, 165 accounts being hacked. That might have only taken five minutes to download the data associated with those 165 million accounts, but that was probably a persistent a few months or maybe years getting to that point. What does a business have to do differently from a security standpoint to actually be able to capture those smaller events that may not have immediate proximate damage but lead to a big hack like this? Yeah, absolutely, it's a really good point. Obviously, the threat landscape is extremely volatile. There's a lot of different characteristics or features you have to look for in these attacks. You're completely right. Most of these attacks we see can lay resident for months on networks. In fact, they want to lay as silent and as stealthy as possible. As I said, it's much more tricky today because threats are becoming more sophisticated to try to obfuscate into data flows and to try to remain silent on networks. So what can be done from an organization standpoint is absolutely turning it around, looking at detection first. Threat intelligence, applying threat intelligence to detection. You need advanced threat intelligence to be able to find advanced threats. We're talking about solutions like SIM and so forth, right? Once you can see that threat activity on the network, that's key, obviously, launching into incident response, how we deal with this, shut down that threat to mitigate the window because otherwise, if you have a wide open window, obviously more data's going to be leaked, the more data is leaked, the more damage and collateral damage is going to be done. And that's still, we're talking about consumers which are problematic, but when we start talking about critical infrastructure, we're talking about the social fabric itself. What new visibility, because Fortinet saw a lot of research around this, what new visibility does Fortinet have into what's going on with some of the new critical infrastructure security? Yeah, so looking at a threat landscape report, this is, unfortunately, this is the normal still. So I wouldn't say it's the new normal in this case because we're seeing 90% of organizations that are still facing attacks on application vulnerabilities that are three years or older. When we look at critical infrastructure, it is over nine times, when we look at all industries and just compare critical infrastructure to that baseline, so over nine times higher with attacks on these application vulnerabilities. And so the problem, unfortunately, in critical infrastructure, we're still seeing a lot of attacks on these IoT devices that are connected, CCTV cameras, other things like that, that can be used as launch pads because they're not traditionally inspected by security. And they're in a tough position with critical infrastructure also healthcare and ICU critical care networks because they're resistant to patch sometimes because if a patch is done, it could break. They have critical services and processes behind there that it could break it. But at the same time, what we're experiencing is that they're under rapid fire and if they don't patch, it's going to be much more damaged down because we're seeing tremendous volume on attacks to those vulnerable applications lying on the networks. So we now have this situation where we're trying to secure our critical infrastructure which affects everybody. People have to, individuals have to be more cognizant of the role that a breach in their home network on their IoT devices can play. And increasingly we're thinking about how do we start putting together the idea of brand trust security? Talk a little bit about how security is going to enter into the lexicon of brand, brand preference and what, starting with brands are going to have to do to transmit their commitment to security. Yeah, so again, we're talking about digital assets, right? When it comes to that and I think it's, you know, when it comes to brand integrity, people are going to start, if we flashback 10 years, I think, people had a false sense of security, right? They wouldn't really think twice about where their data is going, how that data is stored and so forth. But now that we're seeing consumers having a direct impact when there are these massive data breaches, I think consumers are finally starting to become much more security conscious. And I think that mentality and switching from that false sense of security is really going to start having them have that cyber hygiene and have that daily thought process of where's my data going and they should have this, where's my data going, who is storing that, what are their security practices? And finding, you know, being able to readily access that sort of information on security posture, I think is going to be critical moving forward for the consumers. So what is it, because this is very complex stuff. There are a limited number of people in the world who understand this really deeply. You're one of them, obviously. What does a consumer then have to know about security to be able to make that type of an assessment? Because that's going to lead to some new conventions that we can start to promulgate and diffuse for how to get smarter about things. Is there like one or two things that someone has to be really aware of right now, questions that they can ask to get to that point where you're saying that they can be therefore smarter about how to evaluate different brands? I think they really have to just at a basic level treat their identity, treat their information like the keys to their car or the keys to their house and their families, right? I mean, it has to be personal. And so they have to be able to understand that they have a part to play, but they also have to understand that, you know, if I walk into a house and I leave the keys on the table somewhere and walk out that somebody else can still easily access that, right? As opposed to me putting the keys to my car in a locker when I'm somewhere else. And so that is what they have to understand is that their assets, where they store those assets and how they transmit those assets is ultimately going to come back and impact them. So it's analogous. If Wikibon says that digital business is about a business using data differently, in many respects what we're talking about is digital life is a recognition and acknowledgement that data is playing a different role in your life and being really, really clear about that as an asset in the way that you conduct yourself. Yeah, and I think moving forward that's just going to become even more critical. As I said, we're going to have more and more, as I said with the world of IoT coming now, there's going to be more and more impact on that on daily life and more transit points for those data to go to. But the reality is, even though it's your right, people don't, we might have been sanguine about digital security a number of years ago because it wasn't on everybody's, on the forefront of everybody's minds. And there are things that people can do to be smarter about this, treat your digital identity as an asset and be careful about it. But the reality is, most of us aren't going to ever be smart enough to really make good decisions in this regard and we're going to rely on automation. Also, as you said earlier, we know that the bad guys are doing more with automation. So even if automation is not the complete goal, how are we going to fight more automation on the bad guy side as we try to have more people involved in these good digital security practices? Yeah, so there's a couple of approaches to that. First of all, number one, there is a severe, this is not a surprise or news, but there's a severe shortage in cybersecurity professionals out there. As you said, not a lot of people understand this stuff deeply, especially when we get down to the consumer level. So how can we arm them to defend against all this automation that the black cats are doing? We need to fight automation with automation. So we need defensive measures. We need scalable security solutions, interconnected security solutions, security solutions that integrate threat intelligence as well to be able to identify the different stages of these threats. And the key here is quickly reacting to that because these threats are moving so quickly from the black cat side. Automated defense layers need to be able to identify those aspects of the threats and then make decisions on, this is the key part. Make a decision, this is what I call actionable intelligence. Make a security solution that can make a decision on its own. It's what I refer to as an expert system is what's required to be able to block those so that the people who don't know anything about these threats and where it's respond to them too slowly don't have to do those measures. And so this is the idea of having an integrated intelligence security fabric. And where are we going to get that? So that comes from our approach as the security fabric, right? This is the Fortinet security fabric where we can take integrated intelligence, scale it up, and make automated decisions that humans, we don't have to get rid of the humans but we can repurpose the humans for that nature. Derek, once again, great insight. I think we'll call it a wrap there. So once again, this has been a cube conversation. I'm Peter Burris, Wikibon, and Derek Mankeith who's the Global Security Strategist of Fortinet. Derek, you and I have had a couple of times a talk and every time it's been really insightful, the work you guys do is absolutely essential in today's world. So thank you very much for doing it. It's a pleasure. Anytime. Until we have another opportunity to speak again, track cube conversations, let's get the signal out of the noise.