 From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. Welcome to this CUBE virtual conversation. I'm Lisa Martin, and I'm excited to be talking to one of our CUBE alumni again, very socially distant. Derek Mankey joins me at the Chief Security Insights at Global for Alliances, 40 Nets, 40 Guard Labs. Derek, it's great to see you, even though virtually. Yeah, better safe. Better safe these days, right? But yeah, it's great to see you again, and really looking forward to a great conversation as always. Yeah, so wow, has a lot changed since I last saw you? I think that's an epic understatement. But each year we talk with you about the upcoming, what's coming up in the threat landscape, what you guys are seeing, some of the attack trends. What are some of the things that you've seen in this very eventful year since we last spoke? Yeah, a lot of things. Obviously, with the pandemic, there's been this big shift in landscape, right? Particularly, CUBE 3, CUBE 4, it's the last half of the year. Now we have a lot of things that were traditionally in corporate safeguards, actual workstations, laptops that were sitting within networks and perimeters of organizations that have obviously moved to work from home. And so with that comes a lot of new attack opportunities. We track, as you know, threat intel at 40 Nets, 40 Guard Labs on a daily basis, and we are clearly seeing that. And we're seeing a huge rise in things like IoT targets being the number one attacks. So consumer grade routers, IoT devices like printers, network attached storage. Those are some of the most favorite attack vehicles that cyber criminals are using to get into those devices. Of course, once they get into those devices, they can then move laterally to compromise the corporate laptop as an example. So those are very concerning. The other thing has been that email that traditionally has been our number one, another favorite attack platform always has. It's not going away, but for the first time this year in about September the second half, we saw a web-based attacks taking priority for attackers. And that's because of this new work from home environment. A lot of people are surfing the websites from, again, these devices that were previously within organizations. Email security essentialized a lot of the times, but the web security always isn't. So that's another shift that we've seen. We are now in the full blown midst of the online shopping season. Actually, the online shopping season is almost every day now since the summer. Yep, yep. And we've clearly seen that. Just from September to October, we saw over a trillion, not a billion, but a trillion new flows to shopping websites in just one month. So that number continues to rise and the threats are rising with it. Yeah, so the expanding threat landscape, I've talked to a number of companies the last few months that were in this situation where suddenly it was a maybe 100% on-site workforce now going to work from home, taking either desktops from their offices or using personal devices. And that was a huge challenge that we were talking about with respect to endpoint and laptop security. But interesting that you're seeing now this web security, I do know phishing emails are getting more personal, but the fact that website attacks are going up. What are some of the things that you think, especially when you bring up a point, we are now in maybe even more supercharged e-commerce season, how can businesses prepare and become proactive to defend against some of these things that, since now the threat surface is even bigger? Yeah, a multi-pronged approach. So, Lisa, we always say that first of all, it's just like we have physical distancing, cyber distancing, I'm just like, we're doing now on this call. But same thing for reuse, I think there's always a false sense of security when you're just in the home office doing some browsing to a site. You really have to understand that these sites just by touching it, literally touching it by going to URL and clicking on that link, you can get infected that easily. We're seeing that. There's a lot of these attacks being driven. So, education, there's a lot of free programs. We have one on 40 net information security awareness training. That is something that we continually need to hone the skills of end users, first of all. So that's an easy win, I would say, from my eyes in terms of organizations. But then there's multi-pronged approach, right? So things like having EDR endpoint detection response being able to manage those end users well there on their devices at home. Being able to have security and making sure those are up-to-date in terms of patches. So that's really centralized management is important. Two-factor authentication or multi-factor authentication, also equally as important. Doing things like network segmentation for end users and the devices too. So there's a lot of these things. If you look at the risk that's associated, the risk is always way higher investment upfront in terms of hours, in terms of security platforms. So the good thing is there's a lot of solutions out there and it doesn't have to be complicated. That's good because we have enough complication everywhere else. But you bring up a point about humans, about education. We're kind of always that weakest link. But so many of us now that are home have distractions going on all around. So you might be going, I've got to do some bill pay and go on to your bank without thinking that's now a threat landscape. What are some of the things that you're seeing that you think we're going to face in 2021, which is just around the corner? Yeah, so we're just talking about those IoT devices. They're the main culprit right now. They're continuing to be for a while. We have this new class of threat emerging technology which is edge computing. So people always talked about the perimeter, the perimeter being dead in other words, not just building up a wall on the outside but understanding what's inside, right? That's been the case of IoT. But now edge computing is the emerging technology. The main difference we say is that the edge devices are virtual assistant is the best example I could give, right? That users will be aware of in home networks because these devices traditionally have more processing power. They handle more data. They have more access and privilege to devices like things like security systems, lights as an example in beyond home networks. These edge devices are also as an example being put into military defense, into critical infrastructure, field units for oil and gas and electricity as an example. So this is the new emerging threat, more processing power, more access and privilege, smarter decisions that are being made on those devices. Those devices are gonna be targets for cyber criminals. And that's something I think next year we're gonna see a lot of because it's a bigger reward to the cyber criminal if they can get into it. And so targeting the edge is gonna be a big thing. I think there's gonna be a new class of threats. I'm calling these, I haven't heard this coined in the industry yet but I'm calling these EATs or edge access Trojans because that's what it is if they compromise these devices, they can then control and get access to the data. If you think of a virtual assistant and somebody can actually compromise that device, think about that data, voice data that's flowing through those devices that they can then use as a cleverly engineered, a social engineering attack to fish a user as an example. Wow, I never thought about it from that perspective before. Do you think with all the talk about 5G and what's coming with 5G? Is that gonna be an accelerator of some of these trends of these EATs that you talk about? Yeah, definitely, yeah. So 5G is just a conduit, it's an accelerator, absolutely. Catalysts call it what you will. It's here, it's been deployed not worldwide but in many regions it's gonna continue to be. 5G is all about speed, right? And so if you think about how swiftly these attacks are moving, you need to be able to keep up with that from a defense standpoint. Threats move without borders, they move without, unfortunately, without restriction a lot of the time, right? Cybercrime has no borders, they don't have rules or they don't care about rules so they'll break those rules. So they are able to move quickly, right? And that's what the problem with 5G of course is that these devices now can communicate quicker, they can launch even larger scale things like DDoS distributed denial of service attacks and that is a very big threat. And it also allows, the other thing about 5G, Lisa, is that it allows peer-to-peer connectivity too, right? So it's like Bluetooth enhanced in a sense. And now you have devices that interact with each other as well. By interacting with each other, that also, what are they talking about? What data are they passing? That's a whole new security inspection point that we need to, and that's what I mean about this. It's just reconfirms that the perimeter is dead. Right, something we've been talking about, as you said, for a while, but that's some pretty hard-hitting evidence that it is indeed a thing of the past. Something that we've talked to you about with you in the past is swarm attacks. What's going on there? How are they progressing? Yeah, so this is a real threat. There's good news, bad news. The good news is this is a long-progressing threat, which means we have more time to prepare. Bad news is we have seen developments in terms of weaponizing this. It's like anything, swarm is a tool. It can be used for good DARPA, as an example, has invested a lot into this from military research. It's all around us now in terms of good applications from things like for redundancy, right? Robotics, as an example. There's a lot of good things that come from swarm technology, but if it's weaponized, it can have some very scary prospects. And that's what we're starting to see. There's a new botnet that was created this year. It's called H-E-H. This is written in Golang, so it's a language that basically allows it to affect any number of devices. It's not just your PC, right? It's the same virus, but it can morph into all these different platforms, devices, whether it's an IoT device, an Edge device. But the main characteristic of this is that it's able to actually have communication, they've built a communication protocol into it. So the devices and past files between each other talk to each other. They don't have machine learning models yet. So in other words, they're not quote unquote smart yet, but that's coming. Once that intelligence starts getting baked in, then we have the weaponized swarm technology. And what this means is that when you have those devices that are making decisions on their own, talking to each other, A, they're harder to kill. You take one down, another one takes its place. B, they're able to move very swiftly, especially when that piggybacking and leveraging on things like 5G. So the, I'm just blown away of all these things that you're talking about there. So talk about how companies and even individuals can defend against this and become proactive. Because we know, one of the things we know about 2020 is all the uncertainty, we're going to continue to see uncertainty, we also know that there's expectation globally that a good amount of people are going to be working from home and connecting to corporate networks for a very long time. So how can companies and people become proactive against these threats? Yes, people process procedures and technology. So we talked, I really looked at this as a stacked approach. First of all, threats are moving, as I just said, they're becoming quicker. The attack service is larger. You need threat intelligence, visibility. This comes down to security platforms from a technology piece. So security-driven networking, AI-driven security operations centers, these are new, but it's becoming, as you can imagine, when we talked about critical to fill that gap, to be able to move as quickly as the attackers, you need to be able to use intelligent technology on your end. People are just too slow, but we can still use people from the process, making sure, you know, try to understand what the risk is. So looking at threat intelligence reports, we've put out weekly threat intelligence briefs as an example of supporting our labs, to be able to understand what the threats are, how to respond to those, how to prioritize them, and then put the proper security measures in place. So there are absolutely relevant technologies that exist today. And in fact, now I think it's a time to really get those in deployment before this becomes worse, as we're talking about. And then as I said earlier, there's also free things that can be just part of our daily lives, right? So we don't have this false sense of security. So understanding that that threat is real following up on the threat and being doing education, there's fishing services. Again, fishing can be a good tool when it's used in a non-malicious way to test people's skill sets as an example. So all of that combined is ways. But the biggest thing is definitely relying on things like machine learning, artificial intelligence to be able to work at speed with these threats. Right. So you also have global threat alliances under your portfolio. Talk to me about how Fortinet is working with global alliance partners to fight this growing attack surface. Yeah, so this is the ecosystem. Every organization, whether it's private or public sector, has a different role to play in essence, right? So you look at things in the public sector, you have law enforcement, they're focused on attribution. So when we look at cyber crime, and it's the hardest thing to do, but if we find out who these cyber criminals are, we can bring them to justice, right? Our whole goal is to make it more expensive for cyber criminals to operate. So by doing this, if we work with law enforcement and it leads to a successful arrest and prosecution, because we've done in the past, that takes them offline to hit somewhere it hurts the law enforcement will typically work with intelligence leads to freeze assets as an example from maybe ransom attacks that are happening. So that's one aspect. But then you have other things, like working with a national computer emergency response of disrupting cyber crime. We work with national service. If we know that the bad guys are hosting stolen data or communication infrastructure in public servers, we can work with them to actually disrupt that, to take those servers offline. Then you have the private space. So this, we're a four to network founding member of the cyber threat alliance I'm on the steering committee there. And this is working with even competitors around in our space where we can share quickly up to date intelligence on attackers. We remain competitive on the technology itself, but we're working together to actually share as much as we know about the bad guys. And recently, we're also a founding member of the Center for Cybersecurity, C4C with the World Economic Forum. And this is another crucial effort that is basically trying to bridge all of that. I talked to Mend all that together, right? Long-forcement prosecutors, security vendors, intelligence organizations, all under one roof because we really do need that. It's an entire ecosystem to make this an effective fight. So it's interesting because a lot of people I don't think see what's happening behind the scenes a lot of the times, but there is a tremendous effort globally that's happening to all the players. So that's really good news. And the industry piece is something close to my heart. I've been involved in a long time and we continue to support. That's exciting. And that's something that is, you know unfortunately so very, very needed and will continue to be as emerging technologies evolve and we get to use them for good things. And to your point that that actors also get to take advantage of that for nefarious things as well. Derek, it's always great to have you on the program. Any particular things on the 40 net website that you would point viewers to to learn more about like the 2020 front landscape? Sure, you can always check out our blog. So it's on blog.fortynet.com under threat research. As I said on 40guard.com we also have our playbooks on there. We have podcasts, we have our updated threat intelligence grease too. So those are always great to check out and just be rest assured, you know everything I've been talking about we're doing a lot of that heavy lift on the back end. So by having working with managed security service providers and having all this intelligence baked in organizations don't have to go and have a huge apex by, you know, hiring, you know trying to create a massive security center on their own. I mean, it's about this technology working together and that's what we're here for us. We're going to ask 40 guard labs. Awesome. Derek, thank you so much for joining me today in this CUBE conversation. Lots of exciting stuff going on at 49 and 40 guard labs as always, which we expect it's been great to have you. Thank you. It's a pleasure. Thanks Lisa. For Derek Mankey, I'm Lisa Martin. You're watching in virtual CUBE.