 We are entering a new era of cyber attacks. The SolarWinds hack underscored a rising and very disturbing trend, namely that tunneling in through an organization's supply chain. And you're hearing terms like island hopping and living off the land and becoming mainstream in the world of cyber security. We're going to talk a little bit about ransomware and cyber with Manoj Nair, who is the GM of Metallic, a Commvault company, and Tim Carbon is a principal systems engineer with Mitchell International. Gents, welcome. Thanks so much for coming on and talking to me about this very important topic. So, Tim, I got to start with you. You're the practitioner. You got to fight this battle every day. You heard me up front. I feel like we're entering a new era. The adversary is highly capable, very well funded. How are you thinking about changes and protecting your data and creating things like air gaps and what are you doing to solve this problem? I think the most important part, and this is just to start off with, is patching. Everything up to date. Most of the time someone's getting in or most of the time one of these viruses is replicating between the different systems, it's due to unpatched environments. And then number two is training. If your resources don't know not to click on something or to hover over something to look at it, then you are just gonna be exposing your environment over and over and over again. But when it all boils down to it and it comes back to what I'm doing in the data protection world, in the backup and recovery, I have to look at not only how am I gonna get this data back, because if a system gets encrypted, we are going to look for recovery first. That's it, look for recovery first. But we also need to make sure that our environment is protected. Lock down our media agents, lock down our storage that we're connected to. And like you had mentioned before, use an air gap. And no one, I mean, everyone's been moving away from tape. And it's understandable. There's a lot of resource utilization involved. There's a lot of people that you need in there, in your data center, moving things around. And it's a robotic machine you have to rely on. Not only that, but recovery times can be slow. What I've found is convults has gone out there and they've offered us SaaS storage. This SaaS storage is somewhere else. We could be in AWS, we could be in Azure, we could be in GCP, but we can still connect to this SaaS storage and we never have to worry about someone having access to a data center and getting to our tapes. We don't have to worry about someone having tenant access and deleting our backups off of a particular tenant, which is something that we are gonna see in the future if it's not out there already. So there's a lot that we have to do and protecting ourselves is very important. And convults is making it a lot easier. Thank you, Tim. So Manoj, I mean, these things have probably been around for a while, but we're seeing really sort of, I talked about mainstream and a couple of things that are really disturbing. We're seeing this malware come in and they're self-forming, they're creating different signatures, but we're also seeing this idea of living off the land very stealthily using your own tools against you. And then really disturbingly, we're seeing when a victim discovers that they're being attacked and they respond, their incident response is triggering a very aggressive counter-attack by the hackers where they've already exfiltrated really sensitive data. Then they've been stealing and making monetizing your data and then they'll just encrypt it, hold it for ransom, threaten to release that sensitive data if you don't let them keep going. It's really, really disturbing. What's your perspective on this raising the bar that the bad guys have done and how we can keep pace? You know, I lived through the nation state attack that happened in 2012, the front door seat was at RSA as part of the leadership team. And at that time it was considered a, hey, this is very unique and it's an advanced persistent threat. It took the resources of one of the biggest nations in the world to mount something like that. And fast forward eight, nine years later, we're seeing that these kind of techniques have now been mainstreamed. You've got a lot of people who are figuring out not just, they may not even care about your data, but they know you care about your data. So they're not trying to exfiltrate the data maybe to look for sensitive data and monetize it. That's just harder. Why not take it directly from you? In Q1 of 2021, the average ransom went up 43%. It's like 250K or something. That's just the ransom. And we saw now that it's impacting day-to-day lives. You saw the long lines of the gas tanks, gas pumps on the East Coast, weekend before last. And here's somebody who had a ransomware attack as the news stories say they paid for the ransom. And that was the recovery after paying five million was slow. So they had to go and figure out how to recover from the backups and that was not fast enough. So defense in depth is something that has really been the mantra and just like protecting a home, right? You're not just looking at putting an alarm on the front door. You have sensors on your windows, you have a fire alarm. You've got to say, if you've got different things to, in terms of really thinking through different threats, and Tim hit on a couple of those things, right? You really think about what is my weak link? What is my vulnerability? That vulnerability is now your software supply chain. So you're thinking about who am I buying things from? Are they taking care of stuff because they are now a new vector and that's kind of the biggest, I would say, new thing that has now been mainstream. Like a lot of these techniques are getting mainstream, but the fact that a software supply chain itself that has been deployed en masse is now vulnerable and that will be monetized. It might have started with the nation state doing that, but then now you'll get the, you know, people trying to take, you know, take it for ransom will start weaponizing those same vulnerabilities. So really that data and making sure that your crown jewels, you have a failsafe way of protecting that. And it's not just, you know, you need to practice the readiness of that like any system, you know, just having them there is not good enough. Like, can I detect issues? What is the ecosystem that's part of? How is my identity tracking who has got access to that? We've seen a lot of interesting things as part of why we're starting creating services like a air gap service in the cloud. The customer doesn't have to worry about managing credentials because even those were getting compromised. People were stealing the credentials to go delete the backup. So the, you know, the steps keep living forward. There's a lot of money going in the research and development of malware and the industry in partnership with customers in partnership with local and federal authorities are going to have to figure out how to tackle this together. Yeah, so Tim, you know, I mean, Commvault, you know, think of, you know, being the cyber security space specifically, but those worlds are coming together, the data protection and security space. And I would imagine for you as a practitioner, it's challenging because you don't have a blank checkbook. I mean, yes, you can spend, you have to spend on cyber, but you have all these, you talked about, you know, digital transformation in an earlier discussion that we had and you've got to figure out, okay, how do I apply AI and automation? You've got a talent gap. I mean, you can't hire people that have the skills because you just can't keep throwing people at the problem. So you don't have this unlimited budget. I saw a stat, there's a company, it's cyber security ventures. They said by 2025 we'll lose $10.5 trillion annually to cyber attacks. And I think, you know, if I look at who's ever numbers, you look at IDC, I think has one of the higher numbers out there, it's like a hundred billion that we spend each year on cyber. So it's infinitesimal compared to the value that the bad guys are extracting. So how are you dealing with that complexity, fragmented, you know, security tooling, lack of talent turnover and all this stuff and the budget challenges. How do you deal with all that? And I do not want to use this word, but it's as easy as research and staying on top of everything. Everyone knows you update your virus definitions. You keep that up to date. You close your firewall holes. You have denies at the very end of every firewall. You make sure you keep track of these small things. At the same time, you leverage utilities that make it easier for you to do your job. The Commvault IDA has a feature that keeps track of changes or modifications on a server. So if I have a server that's actively getting hit with a ransomware, Commvault reports me an alert and tells me, hey, we have had this many files modified within this time period, look at it right now. So on top of everything else we have because it's not a replacement for our virus protection, but it does help us and it does keep track of things. And Commvault as well as a lot of other companies out there are doing some great things in closing up small little gaps and adding little features that could really help us move forward in the future and keep us more protected, I guess I should say. Yeah, well Manoj, I mean the backup corpus is sort of the last line of defense. It's also could be a first point of attack because all the valuable data's in there. So I'll give you the last word here on this segment. Thanks for doing this with me guys. How do you think the industry needs to approach this? It's not a, you can't go a little on, you definitely need to collaborate your final thoughts. That collaborate, share risk vectors, making sure that systems are connected and they're not siloed and that will really make sure our customers are getting the best out of all of us and you have to build an intelligence of the products or anything static. Just like you said, the backup is where the crown jewels are going to go after that. So your backup systems need to have AIML. They need to be able to detect any kind of suspicious activity. You can't just kind of code it in and just expect that what you thought will work in the lab is how it's going to behave. So, but in general, unless there's a bigger penalty in terms of the response to these kinds of attacks, as long as they keep getting paid, they're going to keep doing this thing. So you got it, follow the money is the simple word. Let's take that rich ecosystem that's funding them and replace it with a tight partnership between companies and customers and partners and governments. Guys, well, I mean, the equation is pretty simple. Value equals benefit over cost. If you can increase the denominator for the bad guys, it'll lower their ROI and that's kind of your job. And so keep up the good work, Gents. Thanks so much for coming to theCUBE and talking to me about this very important topic. Really appreciate it. Thank you. Thank you for having us. And thank you for watching this CUBE conversation. This is Dave Vellante. We'll see you next time.