 on San Francisco, 40,000 security professionals talking about how to keep the bad guys out, especially with IoT and 5G coming right around the corner. Joined by a many-time CUBE alumni. Always great to catch up with Mark, Mark Denon-Covin from Trend Micro. What's your title now? BP Cloud Research, is that good? BP Cloud Research, that's good. Welcome. Thank you for having me, I appreciate it. So it's always good to see you've got the booth. You guys always have kind of the craziest, wackiest booths. I was wondering if you fell out of the rocket ship and that's how you butted your arm. That's definitely a better story. So I think we can go with that or transport or malfunction. Something like that would be a much better story than the sad truth. OK. So you've been coming to this show for a while. We see all the AWS events. How has the evolution of Cloud and the ongoing expansion of Cloud kind of changed the game in the world of security? Yeah, I think Cloud has enabled us to a lot of things that we've been trying to do for a long time. And so we've talked about enabling granular security throughout the enterprise for years. And it's always been hard because we've had a lot of different vendors, a lot of different systems. When we moved to Cloud, it's getting a lot more homogenized and everything's accessible via an API. So we're seeing a lot of maturity in that space where people are embracing that fact and starting to enable some things that we've been trying to do like that solid identity and access management that's been really difficult in the enterprise. It's far simpler in a Cloud space. That's interesting because the other factors is all these things are now all connected via APIs, right? And there are a whole lot of SaaS applications in the enterprise. So the attack surface is growing significantly. And then as was pointed out in the keynote this morning, a lot of people work from home. They plug in their Nest. It's just growing very, very quickly. So how do you look at some of these challenges? Yeah, and it's funny because it's significant. And you look at IoT alone, right? There's billions and billions of devices that are being connected. And those devices themselves aren't necessarily so much of a threat that we did see that this year with the Marais, Botnet and some massive DDoS attacks. But it's the data that's going in the back end that's more of a danger to consumers. And we see that with SaaS services as well as a security practitioner. You lose the ability to apply the traditional controls that we're used to. And now you're relying on your service provider to do that for you. But it's still your data. So you're sort of forced to strike this balance of making sure you're leveraging the controls and options the provider has, but also looking out for things like, you know, people affecting the data going in and sort of manipulating and gaming the system more. And I think you ever mentioned and they said that this morning, too. Right, right. The other thing they said this morning is that every company has at least one person that's trying to connect with the Nigerian prince who's going to click on the... Well, he needs money. He needs money, right? You've got to give him a little money. So, I mean, it's funny. As far as we've evolved, you know, every, you know, my wife would say, oh, I got this weird email for like, don't click it, don't click it. Yeah. It's the same old techniques. It is. And, you know, as this, I've been doing a lot of research in serverless security lately and that's driven me to a really weird question because it's a collection of services where you don't have the ability to apply any controls directly. And it sort of started me down this path of what does security mean? And it ties to what you were saying in that at the end of the day, users need to be able to use these systems. And sort of a pet peeve of mine is we tell people not to click on these links, but that's the sole purpose of a link is to be clicked on. So, we need to find a better balance of educating people and giving them the context in which to make these decisions and having better reputation systems and better automated controls so that they don't have the option of clicking or not clicking. They just never see bad links in the first place. Right, that's a good strategy. The other theme that's coming out over and over is really collaboration within the ecosystem here to share facts, share knowledge, share data so that you can pick up patterns faster. You can see, you know, it's really the same thing over and over and over and really being kind of the co-opetition which is what makes Silicon Valley, Silicon Valley. It is, and it's nice to see it increasing. I think it's gaining pace and we're not just seeing it with the vendors, we're also seeing it where competitors in different industries are getting together. So, a lot of financial CISOs are collaborating because they're shared, they have a common enemy and they realize they can't beat them alone. So, if they're sharing threat intelligence amongst themselves, that they all sort of win because if one of them goes down, you know that attacks come into the next door, you know, the next day and we're doing the same thing in the vendor space where we're being more open to collaboration. We're sharing research analysis, you know, where a lot of vendors are launching bug bounty programs, you know, responsible disclosures becoming a little more standardized. So, not only within the community of vendors, but also within the research community. I think the more we talk, the better off we are because we see it in the underground where criminals are selling services to each other. They go, don't worry about setting up a botnet, Jeff, I'll rent you one. So, that Mirae botnet of IoT devices, we found that available for sale. You could lease it for 7,500 US would get you almost a gigabyte of DDoS attack. And, you know, that's a really low barrier of entry for criminals. We need to make sure that we're making it easy for defenders to defend against that kind of thing. Still, my favorite is the fake ransomware. I didn't actually put ransomware on your machine, but I told you I did. So, go ahead and send the money to the Nigerian guy. And I promise I won't turn it on. Well, and so that one's one of my favorites, but also sort of the super evil one that we saw this year was, okay, I've encrypted your files and I'll give you the key, not for money, but if you encrypt two of your friends. So, the pyramid scheme in spreading the attack. And that one was just super evil because it's mainly the social side. Like, what kind of guy are you? Are you going to encrypt, you know? Which friends get it, right? Exactly, you know. What's at the bottom of the list on Facebook. Yeah, but ransomware is a great example of the attackers realizing that they can do this at scale. They can be insanely profitable because even if you don't think you have a lot of valuable data, you probably got personal photos and videos that are really important to you. And if you're not taking basic preventative steps like backing up or patching your systems, then they're going to be able to get 500 bucks out of you. And that doesn't sound like much, but when you multiply that times, you know, 50, 60,000 people, because they just need to click a button or add people to a list. That's a huge amount of cash that's flowing in their coffers. Right. The other big change in scale that keeps getting talked about here is government, you know, kind of backed cyber issues. Yeah, the nation state. The nation state, thank you. Totally changing the game again as we talked about off air. It's good to know who you're fighting with. At least you can see them. But at the same time, the scale of resources that they can bring to bear, significantly bigger. Yeah, and that's the challenge. If you're not a nation state against a nation state, you know, it's David versus Goliath without a good ending. Yeah, without the rock. You just got a piece of cloth that you're like, I hope I can throw something at ya. You know, but it is, there is some advantage in knowing your adversary, especially when you're talking about, you know, nation state versus nation state because everybody's got signature moves they've got go to work, you know, and you can kind of track them over time. And we've seen that with some research available, which is a great example of, you know, community participation, places like Mandiant sharing information, you know, we do it at Trend Micro, a bunch of the community players share like, hey, we found this APT. We're associating it with, you know, probably a nation state, we're not sure who, but even the government, DHS just had a great release on Grizzly Step, which was a very specific campaign done, but very detailed analysis, which we didn't see that three years ago. So helping people out to understand what they're up against. And if you're, you know, a smaller enterprise or even a larger enterprise, you might not have the resources, but you can still take steps to make it harder. Right. And that's sort of the name of the game, make it harder so that you get a better chance at protecting your data and at least being aware when you have been breached. All right, Mark, I'm going to give you the last word before we sign off here. What are your kind of priorities for 2017? What, you know, we talk a year from now. Yeah. What are we going to talk about that you guys worked on this year? Yeah, hopefully, you know, a lot of the same, we're still pushing hard in cloud security around servers and containers. But a lot of my personal research has been pushing more towards teams and security professionals and what we need to do to adjust to be educators in the space, as opposed to being a silo team that's just telling you, saying, hey, you really should do this better. And I think that's a space that, as an industry, we're working up to that we have the expertise and we need to make sure the rest of the business gets it too. I love it. We've heard about Big Date all the time. It's a team sport. Security's a team sport too. It is. It's a great way to put it. All right, Mark, you and the COVID, I'm Jeff Frick. You're watching theCUBE, we're at RSA downtown San Francisco. Thanks for watching.