 Live from Las Vegas, Nevada, it's theCUBE. Covering Accelerate 2017, brought to you by Fortinet. Now, here are your hosts, Lisa Martin and Peter Burris. Hi, welcome back to theCUBE. We are live in Las Vegas at Fortinet's Accelerate 2017. I'm your host, Lisa Martin, joined by my co-host, Peter Burris, and we're really excited about our next guest. We are talking next with Derek Mankey. Derek, you are, first of all, welcome to theCUBE. Thank you very much. You have a really important role at Fortinet. You are the global security strategist. Correct, yes. You have a, established yourself as a thought leader with over 15 years of cybersecurity expertise, and your goal is to make a positive impact towards the global war on cyber crime. That's a big goal. It's a very big, big goal, but it's a big, hairy goal, but it's critically important, I believe. I firmly believe this over my whole career, and I'm starting to see some good traction with the efforts that we're doing too, so. And it's becoming more and more critical every day as breaches and hacks, or it's a daily occurrence. You're also the leader of FortiGuard Labs. You've got a team of over 200. Tell our viewers who camp here today, what is FortiGuard Labs? What are you doing to leverage threat intelligence to help Fortinet's customers? Sure, so we're trying to manage complexity because that's always the enemy of security, right? And we're trying to make it simple to, across the board, right? So we're managing security for all of our customers, 300,000 customers plus. That's a big deal, right? So we've had to invest a lot into that in terms of how we can do that to make it simple to the end users. So what FortiGuard Labs is, is it's services we deliver to the end user, protection services across the spectrum, our whole product portfolio, right? And so we have world-class expertise as a security vendor, right? 200 plus people on the team, experts in each domain. We have researchers and experts looking at things like industrial attacks, mobile problems, malicious websites, ripping apart, so what we call reverse engineering, malware samples to find out digital fingerprints of who's creating these attacks so we can work also in partnerships with that too. At the end of the day, we have the humans working on that but we've also invested a ton into artificial intelligence and machine learning. We have to comb through over 50 billion attacks in a day and so the machines are also helping us to create a lot of this automated protection. That's all driven by our patents, by our world-class development teams. That gets down to the end user so that they don't have to invest as much into their own security operations centers because that's a big OPEC's expenditure. So we're helping to alleviate that issue, especially with, as everybody knows today, the big gap in cyber security professionals. So that helps alleviate that issue too. You said 50 billion attacks a day. That's correct sir, yes. So clearly, potential attacks, oh, potential attacks. Okay, so clearly that means increasing percentages of the total body of attacks are no longer coming from humans. They're coming from other things. Absolutely. And how's that playing out? It's a fascinating landscape right now. So with every legitimate model, there's a legitimate model to follow, especially with cyber crime and what we see in the digital underground, dark web, all these sorts of things. You rewind back to the 90s, right? Your opportunistic hacker was just trying to pop up a message block on a Windows 95 and Windows 98 system at the time. Nowadays, of course, the attack surface has grown tremendously, right? You look back to DARPA and back in 1989, it had 60,000 systems connected on the internet. Now we have IPv6, 20 plus billion connected devices. Everything is a target now, especially with the internet of things, smart televisions. And a potential threat. And a weapon, yeah. Exactly, yeah, exactly. And so to capitalize on that, we've seen what we're seeing now as cyber criminals developing automated systems of their own to infect these systems, to report back to them. So they're doing a lot of that heavy work to, the heavy lifting, using their own machines to infect and their own algorithms to infect these systems. And then from there, it'll escalate back up to them to further capitalize and leverage those attacks. But there's, on any given minute, we're seeing between 500,000 to 700,000 hacking attempts across, this is our own infrastructure. So we're leading in terms of firewalls and unit ships, so we're able to get a good grasp on intelligence out there, what's happening. And yeah, on any given minute, well over 500,000 hacking attempts on systems worldwide. So every hour, 30 million. So quick math. Yeah, I'm amazing, I'm amazing multiplication. I almost got it wrong though. But 30 million hacks an hour. Yeah, and so our job is to identify that. We don't want to block things we shouldn't be, so there has to be a very big emphasis on quality of intelligence as well. So we've done a lot with our machines to validate attacks, to be able to protect against those attacks. And that, especially when it comes to these attacks, like intrusion prevention, that attack surface now, we got to be able to not just look at attacks on PCs now. So that's why that number keeps ticking up. Right, proliferation of mobile IoT. Directly related, absolutely. Is it clearly something that eyeballs are not going to, are not going to solve? Not alone. So I'm a very, very big advocate saying that we cannot win this war alone, just relying even on the brightest minds in the world. But we can also not just rely 100% on machines to control. It's just like autonomous vehicles, right? You look at Tesla and these other vehicles and Google what they're doing. You can never, it's a trust exercise again, right? You can never pass 100% control to that automation. Rather you can get up to that 99% tile with automation, but you still need those bright minds looking at it. So that's your question. Eyeballs alone know, but the approach we've taken is to scale up, distribute, and use machines to identify, try to find that needle in the haystack, and then escalate that to our bright minds when we need to look at the big attacks that matter and solve some more of the complex issues. Speaking of bright minds, you and your team recently published an incredible blog on 2017 predictions. Yes, yeah. Wow, is it on, that's on the Fortnite blog? Yeah, that's correct. You can find that really incredibly thorough eye-opening and there were six predictions, but take us to maybe the top three. We talked about the proliferation of devices, the attack surface getting larger, more and more things becoming potential threats. What are the top three maybe biggest threats that you're seeing? And is there any industry in particular that pops up as one of the prime targets? Absolutely. So I'll get into some buckets on this. You know, I think first and foremost, what's prime right now and what we're seeing is what we're calling autonomous malware. So this is the notion of basically what we're just talking about to your question on what's driving this data, what's driving all of these attack points. First of all, the internet's been seated with what I call ticking time bombs right now. We have 20 plus, you know, whatever the number is going to be, all of these billions of devices that are connected that are inherently, in my professional opinion, insecure. A lot of these devices are not following proper security development life cycles. Is there accountability to begin with? No, not at this point. Right. And that's something that the DHS and NIST just released some guidelines on at the end of last year. And I think we're going to see a lot of activity on accountability for that, but that has to be taken care of. Unfortunately, right now, it's been seated, right? This attack surface is there. So we already have all these open avenues of attack and that's why I call it a ticking time bomb. It's been seated and now these are right for attack and we're seeing attackers capitalize on this. So what we're seeing is the first indications of autonomous malware, right? Malware that is capable of mapping out these vulnerable points, the machines doing this and the machines attacking the other machines. So it's not just the eyeballs and the cyber criminals doing this. We saw last year, unprecedented DDoS attacks, right? This is directly related to the Morai botnet. We had gone from a 600 gig to terabit plus DDoS attacks. That was unheard of before. They are leveraging all of these different IoT devices as a horsepower to attack these systems in a massive distributed denial of service attack. The interesting part about Morai is that it's also using open source intelligence as well. So this is something that humans, a blackhead attacker would typically have to do. They would have to get reports back from one of their systems and say, okay, now I've found all these vulnerable systems. I'm going to go attack these systems, but they're the glue. So they're now removing themselves as a glue and making this completely automated where a botnet like Morai is able to use Showdown as an example, it's an open source database and say, here are a whole bunch of vulnerable systems. I'm going to go attack it. And so that's to my point of view, that's the first indication of this smart malware because malware has always been guided by humans, right? But now I think we're starting to see a lot of more that intelligent attack, the intelligence offense being baked in to these pieces of malware. So I think it's going to open this whole new breed of attacks in malware. And obviously we're in a whole new arms race when it comes to that. How can we get ahead of the bad guys? And so obviously this is what Fortinet's doing on the autonomous defense, right? Our security fabric and fabric ready approach. That's all about beating them to the punch on that, having our machines, the defensive machines talk to each other, combine world-class intelligence like FortiGuard so that it can defend against those attacks. It's a tough task, I really firmly believe that this year is a year that we have the advantage, we can have the advantage as white hats to get one leg up on the blackhead attackers. As I said, for 15 years at FortiGuard last, we've invested a ton into our AI machine learning intelligence. So we're experts on the automation. I don't believe the blackhead attackers are experts in automation. So I think for that reason, we have a really good opportunity this year because you always hear about the blackheads, another data breach and all this stuff happening. They're always at the advantage and I think we can really turn the tables this year. You have some great experience working, not just in the private sector, but in the public sector as well. You've done work with NATO, with Interpol, with CERT. What is your perspective on public sector and private sector working together? Is that essential to win this war on cyber crime? Absolutely, we need everybody at the table. We cannot win it as one single vendor alone. And so I'm a very, as a good example of that is work we're starting to do across the board. This is something I firmly believe and it's really near and dear to my heart. I've worked on it for the course of well over six years now. And we have a lot of the existing partnerships across organizations. So other security vendors and experts, Cyber Threat Alliance is an excellent example. We're a founding member of that. And these are competitors, but security vendors getting together to level the playing field on intelligence. We can still really remain competitive on the solutions and how we implement that intelligence. But at least, it's like a Venn diagram. You look at that attack surface out there. You want to try to share all that information so that you can deliver that to security controls and protect against it. So the Cyber Threat Alliance is a good example, but that's private sector. If you look at national computer emergency response, law enforcement, we have made great inroads into that working with the likes of a computer emergency response to give them intel. If we find bad stuff happening somewhere, we're not law enforcement. We can't go take the server down and disrupt campaign. We can't arrest or prosecute people, but they can. But they don't have all that expertise and intelligence that we do, all the data points. So you're starting to see a lot of this spring up and we're doing a lot of leadership in this area. And I think it's absolutely essential. President Obama last year mentioned it, the Cyber Threat Alliance and the public private sector needing to work together in one of his beaches at Sanford. And I believe it's the only way we can win this. You have to go after the head of the snake too. If we are always on the defense and we're always just trying to disrupt cyber criminals, it's just a slap on the wrist to them. They're going to go set up shop somewhere else. We need to be able to actually go and prosecute these guys. And we had a really good case last year. We took down working with Interpol on the EFCC, a $62 million crime ring U.S. They went and prosecuted the kingpin of this operation out in Nigeria. There's an unprecedented win in an example, but we need to do more of that. But it's a good example of a healthy working public private sector relationship. Wow, what an incredible experience that you have, what you've achieved with Bordegaard Labs. What excites you most going forward? We're just at the beginning of 2017 with what's been announced here, the partnerships that you guys have formed. What excites you most about this year and maybe some of the key steps you want to take against cyber crime? Sure. Yeah, so I think we want to, so Cyber Threat Alliance is a very big machine. There's a lot of exciting things happening. So that's going to be a really good initiative. That's going to carry forward momentum this year. What excites me most? Well, it's not always a good thing, right? But if you look at all the bad news that's out there, like I said, I think it's just going to be, there's so much fuel that's being thrown on the fire when it comes to attacks right now, right? I mean, like I said, these time bombs that have been planted out there, we're going to see the year IOT attacks for sure. Mariahs, a new version of Mariahs already come out. They're selling this, they're starting to sell this, commercialize this, and it's even more advanced in terms of intelligence than the previous one. That sort of stuff, it depends on your definition of the word excites, of course. But these are the things that we have opportunity. And again, I think going back to my first point, the white hats having, for the first time in my point of view, a leg up on the black hats, that opportunity, that really excites me. When we look at what's happening moving forward in 2017, healthcare, I think is going to be a very big thing in terms of attack targets. So we're going to be focused on that in terms of attacks on not just healthcare records, which are much more valuable than financial records as an example, but medical devices, again, the IOT play in healthcare, that's a big deal. We're starting to already see attacks on that. Smart cities as well. You look forward to the next three years. Building management systems. A lot of people talk about SCADA and industrial control. This is definitely a big attack target to a certain attack surface, obviously power plants, electrical grids. But building management systems, these automated systems that are being put in, even smart vehicles and smart homes is another big target that's unfolding over the next few years. Hard to air gap a home or certainly not a city. Absolutely, yeah. And again, it goes back to the point that a lot of these devices being installed in those homes are inherently insecure. So that's a big focus for us and that's the big thing FortyGuard is doing is looking at what those attacks are so that we can defend against that at the network layer, that we can work with all of our business partners that are here at Accelerate this year to deliver those solutions and protect against it. Well, it sounds like, and I think Peter would agree, your passion for what you do is very evident as those bad actors are out there and as the technologies on the bad end are getting more advanced and intelligent, as you say. It's great to hear what you and your team are doing to help defend against that on the enterprise side and one day on the consumer side as well. So, Derek Mankey, global security strategist for Fortinet, thank you so much for being on theCUBE and sharing your expertise with us. It's my pleasure and your time, thank you very much. Well, on behalf of my co-host Peter Burris, I'm Lisa Martin. You've been watching theCUBE, but stick around, we'll be right back.