 Live from Las Vegas, it's theCUBE, covering HPE Discover 2017, brought to you by Hewlett-Packard Enterprise. We're live in Las Vegas for SiliconANGLE Media's theCUBE, our flagship program where we go out to the events and extract the signal and noise. I'm John Furrier, my co-host, Dave Vellante. We've got two great guests. Now, Bob Moore, director of server software and product security at Hewlett-Packard Enterprise and James Morrison, computer scientist at the FBI Federal Bureau of Investigation. Great to have you on. Thanks for coming on. I really appreciate it. It's always good to have people from the FBI. And by the way, stop investigating me. Okay, fine. We'll call it off. I think you know that. Of course, of course. I'm going to call it off. Great, seriously, thanks for coming on. Security's huge. Cybercrime, I mean, this is something that's going on. Whether it's terrorists, you know, mowing people over in London, you see that. That could have been prevented with good computer forensics. Cybercrime, whether it's identity theft, hacking, I mean, this is our moment as a global economy where security and digital is a huge issue. Right, I mean, and we, what we're trying to say now is that, and this is our challenge over the next generation. You know, so for the FBI, cybercrime is our second highest priority after terrorism. And we are really trying to empower not only companies, but individuals to say, you know, take heed that these threats are coming your way. And whether it's ransomware, which we suspect 90% of ransomware is hitting individuals and small companies, or whether it's a true breach by another nation state, there's no way to avoid it anymore. So we've got to buy the hardware and the software to help out. So take us through, obviously, everyone sees the headlines with Trump and Comey and the whole nine yards. But this is like a huge staff within the FBI that's been doing work for many, many generations. But now that we're in digital, what are some of the conversations and priorities internal? You mentioned terrorism, obviously, number one and cyber threats. I mean, I must be like, amazing staffing challenge for you guys to have the data scientist, to have these forensics. How do you keep up with the shift? Well, that's a huge, you're right. That's a huge challenge. And the computer scientist positions that I'm in are brand new. We just created the computer scientist in 2012. Director Mueller realized that we had sort of a need for that kind of a cyber, technical cyber investigator. And right now we have 120 of us nationwide in 56 field offices. This is not very many. And we're trying to increase our numbers, but some of our statistics show that we cannot, it can't be a money thing for our computer scientists. So we really try to talk to them about what is, for the country and challenge them with things you'll never see anywhere else. Because our job, especially with computer forensics and reverse engineering, malicious software, our jobs you're not going to see out in the civilian world. And so that's really what we try to do. So it's unique and you're looking for certain kind of individuals that might have an affinity towards really getting down and dirty in this computer science stuff. And we grab, we about half our group are kids straight out of college. We got some of them that'll come soon. Mostly gamers I can imagine, right? It's kind of funny, I talk to college kids all the time and the bureau over time has relaxed some of its drug things, mainly because of that same sort of the kind of the subculture of gamers. So yeah, there's a whole bunch of gamers. It gets kind of geeky at times, but. So it's such a complicated problem. We were talking off camera, James was saying that the spending has shifted from the perimeter to other places, whether it's detection or other processes. So Bob, how is HP sort of responding to these threats and the sort of mega trends? I guess what trends are you seeing and how are you responding to that? Yeah, well, certainly as James was talking about, we see this cyber security crime just going out exponentially. And we actually started to see this, we predicted it a few years ago when we started designing our Gen 10 servers. And so what we're doing now is delivering this new revolutionary, new security protection technology as part of those servers. And it's this defense in depth. We can't have just a perimeter any longer. It's protection, detection, and then recovery. And so because we're in such a unique position at HPE because we design and develop our own HPE custom ILO Silicon chip, we can actually do some things that other competitors can. So we're providing a Silicon root of trust or anchoring all of our server essential firmware into the Silicon. And so it's, you know, you can't disrupt it. So what are some of the things that you guys do that the competitors can give an example? Yeah, so the first thing we can do is we control the Silicon and so we can embed or anchor all of our firmware right into the Silicon. And so if anybody inserts a virus or malware into our server at any point in time, it'll change some of the bits and bytes that won't match up with the Silicon because that's immutable, it can't be changed. And then it will detect that. So we'll actually be able to tell customers, hey, there's something that's been inserted into your server. And then we take a one step further, we can actually then recover because we got this good state, this good firmware that's stored off. So the anomaly comes in on the Silicon it's like the ground zero, if you will. It's the very basic, yeah, it's a very basic bedrock. And some of our competitors are doing other things. They're protecting the BIOS and stuff like that. But we really go all the way down to the concrete, the bedrock foundation of the server. That's right. And then we protect all the way up. Okay, so let's unpack that a little bit. I mean, I feel like, you know, Stuxnet changed the game, right? It went from sort of pranks to really serious cyber crime. Now maybe that's just sort of in a casual observer, not knowing the inside baseball well enough, but nonetheless, it was a stealth sort of, it was, you know. And so are you suggesting that you can solve that problem because it's really a problem of detection, right? Maybe you can help us understand that. So that would not happen. What happened with Stuxnet, which was, I think it's fairly public now is that they got in, and it was really a classic denial of server where denial of service, where you're using that server for something other than its intended purpose and they were spinning the centrifuges up for two or three times at speed, wouldn't happen with GenTek, could not. Could happen. So you would detect that anomaly? We would. We would, first of all, protect from it. And if you'd actually got inserted like they did in the case of Stuxnet, even though the servers were air-gapped, we would detect that, absolutely. It would be a malware in the firmware that we detect. And so how do you see your customers sort of addressing this? Because what you hear from security organizations, CISOs, is we're so swamped. You know, we get so many anomalies and we're just backed up. Okay, so how do you help them? So what, take us through this sort of anatomy of, okay, you're assuming a breach is going to happen, which is probably a good assumption. Yeah. Okay, then what happens when you detect that anomaly? How do your customers deal with it? So we detect the breach when and if it happens and hopefully doesn't, but invariably, it will at some point in time, yeah. But we're ready for that, and then we're providing the customer the ability to detect it through the ILO audit log and then also a SIM tool that would be operating like ArcSight or Splunk on the top of that. So they'll know that it's there and then we give them a choice. Do you want to just take that server offline and do some forensics on it? Or would you like to actually go and do a full recovery? In which case we can get that system back and operational because we'll recover the whole system. So you don't ever have to worry about getting a BRIC server or a Deniala service because we'll recover to a known good state. So if my softball wiki, I might not prioritize it as much, but if it's the financials of the organization, I might fence it and take it offline. Well, I think the security really transcends almost all industries now. Everybody's concerned about it, certainly in the federal sector and FSIs, but even if you're in retail, you don't want to be the next customer whose brand equity gets damaged because you've had a cyber breach. And so we help provide that and we have a really comprehensive approach to it from cradle to grave, all the way from the life cycle, very beginning of the product when we embed this into the Silicon and then take that server all the way through the supply distribution check. Where are the threats coming from? Well, that's kind of, and that's what's changed that you're talking about kind of Stuxnet. So 10 years ago, there were a few countries that were kind of always spoken about and that's completely changed now. Some reports say there's many as 200 different countries, criminal groups, terrorist organizations are now active in the cyberspace. So it's coming from all over. And that's numbers not going to go down. It's too easy now to take a kid out of college, make him or her kind of sympathetic to a cause and then turn them into a hacker. It's very simple. And we were kind of talking about- The tools are getting easier just the double-edged sword is the underbelly of the innovation. I was talking to a security guy and he said, you know, you can buy ransomware as a service. So you can go out there on the dark web and you can purchase a ransomware attack against a target or denial of service attack. I can purchase that. So it's not going to slow down. I can pull on some of my friends. Well, you know, it's kind of the joke of, you know, the kid who gets upset about, you know, a game on PlayStation decides to do it, you know, hire a denial of service attack because of it. So it's- But that's going on. This kiddy script is used to call it. But now what you're seeing is essentially these- It's a business. It's a business. And so it's, and there is a business now of malware. And there are groups out there that are, that's all they're doing is they're developing software that they can then sell to other people to be used for a malicious- What about inside jobs? I mean, I've read some statistics that people will sell their access for a thousand bucks or something. And so when we educate customers and talk about, or talk to our consumers, we say, never ignore that. You know, there's a statistic that says that there is a percentage, a significant, maybe as much as a third of cyber incidents are from inside. A person who's disgruntled, a person who is, you know, not is getting ready to leave and go to a competitor or somebody who's offered that money, that number. And there's always that belief that people have a price. So what are you guys investigating now? Cause this is interesting. They talk about backing up the anomalies. You guys must have backlog on jobs you're investigating. Well, yeah. Wendy, where's the line? Cause some people try to hide under the line of where the resource is. So I'm assuming HP Solutions helps you with resource, obviously with the servers, but how do you guys focus your attention? It's somewhat based about, I mean, national security is probably our primary. And for years, that was really where most of the cyber investigations were aimed at. But we've really turned a corner on, especially with the rise of ransomware. So like in the Houston office, for years we had a national security cyber squad. And then we had two. And then we recently created a criminal ransomware cyber security squad because of the rise of that. And so if we looked at it from a statistic standpoint, our guys doing the criminal side are way more busy than the national security. But that's sort of the primary. We really are still looking at from an accurate perspective. What's the technology collaboration? Cause I could imagine, certainly obviously you have the suppliers on the HP having great silicon kind of level of security. But the banks, I mean, I was talking about me being hacked on my credit card. There's all these credit cards are out in the wild, as you know. So the private sector is motivated because it's a trillion dollar just on credit card fraud, plus. Yes. So how are you guys working with, from a technology and collaboration standpoint with the private sector? Well, so like one of the things that we've done is the FBI has ran a group called InfraGuard, I-N-F-R-A-G-A-R-D. And that's a collaboration where we're really trying to create the relationships ahead of crime. What we always tell people is that the FBI always responded to crime and that may not necessarily help a company make them feel better. And so this is where Director Comey was really big about getting ahead of it and being proactive and engaging with the company. It's the minority report. I won't say that. Free crime. But that's our hope is at the very least to try to get to the point of education ahead of it. And also a lot of times with cyber incidents, there is a reconnaissance phase, there are earlier phases in the attack that if the company recognized that this was occurring, they may be able to stop the breach before it gets really bad. And that's really what we're trying to do. So it's awesome what HPE's doing, the chip level security, it's fundamental to how we have to solve this problem. However, I'm concerned that organizations don't focus enough on security and they think, oh, that's somebody else's problem. Oh, HPE's got that covered. They've magically fixed my problem and it'll go away. But that's not the case, right? I mean, boards have to really pay attention to this problem. You know, we were kind of talking about it before, is I mean, it still comes down to the end user. I mean, it really does. I mean, most of the security breaches we see come down to somebody clicking on a link, somebody with a bad password. And so that's where we're kind of getting this holistic approach of, computer security doesn't begin when you walk in the door. And with people now with the rise of mobility and everybody, you know, so now traffic on the internet is greater than 50% of traffic on the internet is now coming from phones and tablets, from mobility. And a lot of companies have embraced the BYOD or they're embracing mobility. With that, how do you balance a person bringing their personal phone in and they're on their phones checking personal email, checking, you know, their Facebook. And at the same time, they're on your corporate network downloading corporate data. And this becomes the pivot point of security. So that's really what we're trying to do is educate the user, it starts at home. It starts with your personal security goes all the way through your life cycle as well. Bob, talk about the servers now because this is interesting. So a buyer of servers now has an opportunity. When did this start rolling out for HP? What was the point in time? I mean, obviously where you have this and it's highly differentiated, I'm assuming. Yes, it is. It's something that no one else offers. So we're really proud about that. We did start several years ago developing this as part of our Gen 10. That's when we were implementing the Silicon Ruda Trust. We've also implemented the strongest security ciphers that are available in the world today. And it's the commercial national security algorithms. And so we're incorporating that and we're the first to do that as well. So we've started this. We've seen the trend coming. We've planned for it. Now we're delivering and announcing this week the world's most secure industry standard server. So that's a pretty big claim. And it's one thing for us to say, but we've actually gone outside to an external security firm and verified that. So we're really comfortable with that. So this is in the Gen 10. For Gen 10, yes. So this is new for Gen 10, not Gen 8, 9. Right, not retroactive. Although those platforms are certainly secure, this is new revolutionary technology for just Gen 10 going. So I'm assuming why wouldn't I just buy a truckload of these? I mean, this is like that. You know we encourage that. Customers out there. I mean, this is a unique security feature built in. I'm telling you, if you're a consumer, if you're a customer and you've got the choice between some other brand or server or something that's actually the world's most secure industry, why wouldn't you go that direction? Because when that breach comes, Dave, like you're talking about, you're protected. And when you look at trying to comply with a lot of regulations like the EU, the GDPR that's coming up in mid-May 2018, you have to show a good faith effort toward compliance and buying state-of-the-art technology qualifies. I mean, my assessment would be that this would be the, like John said, buy a truckload of these things, but then there's other prerequisites that I would recommend to people. Like make sure that you have the ability to understand the value of those assets and be able to prioritize those anomalies that you're going to detect. Because you're probably going to increase the incoming volume of data that I now have to analyze. So make sure you have some other tail end tooling to be able to assess that. That's not what we were talking about. Is that a fair assessment? Yeah, I think it's true. The rise of data. Yeah, so if you implement some type of a SIEM tool that's fairly, and we've created a unique connector with the ArcSight SIEM tool that helps provide that scanning and determine what anomalies are occurring inside the server. And we'll pick up on some of those malicious firmware. Well, we'll certainly be following the results and the benchmark. Certainly the laws are moving in compliance and paying them, but for most customers, they've got to get it done. And then security, you've used the product. Have you used the Gen 10? No, not yet. Our requirements all come out of our headquarters. So I mean, it's definitely one of those things where they evaluate, because we were kind of talking about, now that there's new requirement, we will let our headquarters kind of determine what gets their need. I don't do procurement, thank goodness. Get a truck load. Get a truck load, right? Just to tell them I need more security. Hey, congratulations, and thanks for sharing the insight into what's going on at the FBI. They were the priorities. And I know you guys are constantly staffing up. I think I'm a young kid these days. I want to work for some of the cool things that's going on in Cyber Army. We were joking last night with Chris, too. There should be a Cyber West Point. Well, you know, the Cyber Command is new. There is Cyber Command. Cyber Command was stood up by the Army. And that's the, you know, and these kids are coming in. They're actually talking about not letting them go to boot camp. Having gone to the West Point myself, I can tell you that's a great idea. That's a lot of great, and this is a new dimension of forces and to protect in every country. Thanks for coming on theCUBE. This is theCUBE bringing you all the action here, security conversation, all the live commentary here on theCUBE. I'm John Furrier, Dave Vellante. We'll be right back with more live coverage from HPE Discover 2017 after this short break. Stay with us.