 Hi, I'm Peter Burris and welcome to another CUBE conversation from the CUBE studios here in beautiful Palo Alto, California. Today we're going to talk about some new things that are happening in the security world. Obviously, this is one of the most important domains within the technology industry and increasingly because of digital business in business overall. Now to do that, we've asked Derek Mankey to come back. Derek is the Chief of Security Insights and Global Threat Alliances at Fortinet. Derek, welcome back to the CUBE. Hey, thanks, it's always a pleasure to be here and speak with you. It's always fascinating conversations, so more than happy. Absolutely the same, feel the same way, Derek. Okay, so we're going to get into some predictions about what the bad guys are doing and some predictions about what the defenses are doing, how we're going to see defense opportunities improve. But let's set the stage because predictions always are made on some platforms, some understanding of where we are and that has also changed pretty dramatically. So what's the current state in the overall security world, Derek? Yeah, so what we saw this year in 2019 a lot is a big increase on automation. And I'm talking from an attacker's point of view. I think we talked about this a little bit earlier in the year. So what we've been seeing is the use of frameworks to enhance sort of the day-to-day cycles that cyber criminals and attackers are using to make their criminal operations that much more efficient, sort of a well-oiled machine. So we're seeing toolkits that are taking things in the attack cycle and attack chains such as reconnaissance, penetration, exploitation, getting into systems and just making that much quicker. So that window to attack, the time to breach has been shrinking thanks to a lot of these crime kits and services that are offered out there. Now one other comment on this or one other question that I might have on this is that so speed is becoming an issue but also the risk as digital business takes on a larger portion of overall business activities that ultimately the risks and costs of doing things wrong is also going up. Have I got that right? Yeah, absolutely for sure. And you know, it's one of those things that it's the longer that a cyber criminal has a foothold in your system or has the opportunity to move laterally and gain access to other systems. Maybe it's through IoT or other platforms the higher the risk, right? Like the deeper down they are within an attack cycle the higher the risk. And because of these automated toolkits are allowing them to facilitate that it's a catalyst really, right? They can get into the system they can actually get out that much quicker the risk is that much higher. So when we're talking about risk we're talking about things like intellectual property exfiltration, client information, this sort of stuff that can be quite damaging to organizations. So with the new foundation of speed is becoming an increasingly important feature of how we think about security and the risks are becoming greater because digital assets are being recognized as more valuable. Why don't you take us through some of the Fortnets predictions on some of the new threats or the threat landscape? How's the threat landscape changing? Yeah, so as I said we've already seen this shift in automation so what I would call the basics. I mean knowing the target trying to break into that target, right? When it comes to breaking into the target cyber criminals right now they're following the path of least resistance, right? They're finding easy ways so they can get into IoT devices, into other systems. In our world when we talk about penetration or breaking into systems it's through zero days, right? So the idea of a zero day is essentially a cyber weapon. There's movies and Hollywood that have been made off of this. If you look at attacks like Stuxnet in the past they all use zero day vulnerabilities to get into systems, right? So the idea of one of the predictions we're seeing is that cyber criminals are gonna start to use artificial intelligence, right? So we talk about machine learning models and artificial intelligence to actually find these zero days for them. So in the world of an attacker to find a zero day they have to do a practice called fuzzing and fuzzing is basically trying to trick up computer code, right? So you're throwing unverified parameters at it. You're throwing in unanticipated sequences into code parameters and input validation and so forth to the point that the code crashes and that's from an attacker's point of view that's when you take control of that code. This is how finding weapons into systems and cyber weapons into systems work. It typically takes a lot of resource. It takes a lot of cycles. It takes a lot of intelligence. It takes a lot of time to discover we could be talking a month or longer. So one of the predictions that we're hitting on is that cyber criminals are gonna start to use artificial intelligence fuzzing or AIF as I call it, to be able to use AI to do all of that intelligent work for them. So basically having a system that will find these gateways if you will, these new vulnerabilities into systems. So sustain use of AIF to corrupt models so that they can find vulnerabilities that can then be exploited? Yeah, absolutely. And when it comes to the world of hacking and fuzzing, it's one of the toughest things to do. It's the reason that zero days are worth so much money. They can suffer hundreds of thousands of dollars on dark net and in the cyber criminal economy. So it's because they're tough to find. They take a lot of resources, a lot of intelligence and a lot of effort to be able to not only find the vulnerability but then actively attack it and exploit it. There's two phases to that. Yeah, so the idea is by using the power of artificial intelligence that cyber criminals will start to leverage that and harness it in a bad way to be able to not only discover these vulnerabilities but also create that weapon, create the exploit so that they can find more holes if you will or more angles to be able to get into systems. Now, another one is that virtualization is happening in with the good guys as we virtualize resources but is it also being exploited or does it have the potential to be exploited by the bad guys as well, especially in a swarming approach? Yeah, virtualization for sure, absolutely. So the thing about virtualization too is you often have a lot of virtualization being centralized especially when we're talking about cloud too, right? So you have a lot of potential digital assets, valuable digital assets that could be physically located in one area. So when it comes to using things like artificial intelligence fuzzing, not only can it be used to find different vulnerabilities or ways into systems, it can also be combined with something, I know we've talked about the concept of swarm before, so using multiple intelligent infected pieces of code that can actually try to break into other virtual resources as well. So virtualization definitely, it's because of in some cases close proximity, if you will, between hypervisors and things like this, it's also something of concern for sure. Now there is a difference between AI, F, AI fuzzing and machine learning. Talk to us a little bit about some of the trends or some of the predictions that pertain to the advancement of machine learning and how bad guys are going to exploit that. Sure, so machine learning is a core element that is used by artificial intelligence, right? If you think of artificial intelligence, it's a larger term, it can be used to do intelligent things, but it can only make those decisions based off of the knowledge base, right? And that's where machine learning comes into play. So machine learning is data, it's processing and it's time, right? So there's various machine learning models that are put in place that can be used from everything from autonomous vehicles to speech recognition to certainly cybersecurity and defense that we can talk about. But the other part that we're talking about in terms of predictions is that it can be used, like any tool, by the bad guys. So the idea is that machine learning can be used to actually study code from a black hat attacker point of view to study weaknesses in code. And that's the idea of artificial intelligence fuzzing, is that machine learning is used to find software flies, it finds the weak spots in code and then it actually takes those weak spots and it starts probing, starts trying to attack, tries to make the code crash. And then when it actually finds that it can crash a code and that it can try to take advantage of that, that's where the artificial intelligence comes in, right? So the AI engine says, hey, I've learned that this piece of software or this attack target has these weak pieces of code in it. That's where the AI model, so the AI fuzzing comes into place to say, how can I actually take advantage? How can I exploit this, right? So that's where the AI fuzzing comes into play. So you've got some predictions about how black hats and bad guys are going to use AI and related technologies to find new vulnerabilities, new ways of exploiting things and extracting new types of value out of a business. What are the white hats got going for them? What are some of the predictions on some of the new classes of defense that we're going to be able to put to counter some of these new classes of attacks? Yeah, so that's honestly some of the good news, I believe it's always been an arms race between the bad guys and the good guys, right? That's been going on for decades in terms of cybersecurity. Often, the bad guys are in a favorable position because they can do a million things wrong and they don't care, right? From a good guy's standpoint, we can do a million things right, one thing wrong and that's an issue. So we have to be extra diligent and careful with what we do. But with that said, as an example of Fortinet, we've deployed our Fortiguard AI, right? So this is six years in the making, six years. Using machine learning, using precise models to get higher accuracy, low false positives to deploy this to production. So when it comes to the defensive mechanism, I really think that we're in the driver position. Quite frankly, we have better technology than the wild wild west that they have out on the bad guy's side. From an organization point of view, how do you start combating this sort of onslaught of automation and AI from the bad guy's side? Well, you got to fight fire with fire, right? And what I mean by that is you have to have an intelligent security system. Perimeter-based firewalls and gateways, they don't cut it anymore, right? You need threat intelligence. You need systems that are able to orchestrate and automate together. So different security products in your security stack or your security fabric that can talk to each other, share intelligence and then actually automate that. So I'm talking about things like creating automated security policies based off of threat intelligence, finding that a potential threat is trying to get into your network. That sort of speed through that integration on the defensive side, that intelligence speed is the key for it. I mean, without that, any organization is going to be losing the arms race. And I think one of the things that is also happening is we're seeing greater willingness, perhaps not to share data, but to share information about the bad things that are happening. And I know that Fortinet's been something at the vanguard of ensuring that there's even better clearinghouses for this information and then driving that back into code that actually further automates how customers respond to things. Have I got that right? You hit a dead on, absolutely. That is one of the key things that we're focused on is that we realize we can win this war alone, right? Nobody can on a single point of view. So we're doing things like interoperating with security partners. We have a fabric ready program as an example. We're doing a lot of work in the industry, working with, as an example, Interpol and law enforcement to try to do attribution. But the whole end game, what we're trying to do is to, the strategy is to try to make it more expensive for cyber criminals to operate. So we obviously do that as a vendor, through good technology, our security fabric, our integrated holistic security fabric and approach to be able to make it tougher for attackers to get into systems. But at the same time, we're working with law enforcement to find out who these guys are to go after attribution, prosecution, cut off the head of the snake as I call it, right? To try to hit cyber criminal organizations where it hurts. We're also doing things cross-vendor in the industry, like cyber threat alliance. So, you know, Forty Nights, a founding member of the cyber threat alliance, we're working with other security vendors to actually share real-time information. It's that speed message that we're talking about earlier to share real-time information so that each member can take that information and put it into something actionable, right? In our case, when we get intelligence from other vendors in the cyber threat alliance as an example, we're putting that into our security fabric to protect our customers in near real-time. So in sum, we're talking about greater value from being attacked, being met with a greater and more cooperative use of technology in process to counter those attacks. You got it right? Yeah, absolutely. So open collaboration, unified collaboration is definitely key when it comes to that as well. You know, the other thing, like I said, is the technology piece, you know, having integration. Another thing from the defensive side too, which is becoming more of a topic recently is deception, deception techniques. This is a fascinating area to me, right? Because the idea of deception is, the way it sounds, is to deceive cyber criminals when they're coming knocking on your door into your network. So it's really what I call like the house of a thousand mirrors, right? So they get into your network and they think they're going to your data store, but is it really your data store, right? It's like, there's one right target and a thousand wrong targets. It's a defensive strategy that organizations can play to try to trip up cyber criminals, right? It makes them slower, it makes them more inaccurate. It makes them go on the defensive and back to the drawing board, which is something absolutely, I think we have to do. So it's a very interesting, promising, you know, technology moving forward in 2019 to essentially fight back against these cyber criminals. And to make it more expensive to get access to whatever it is that they want. Derek Mankey. Absolutely, yeah. Derek Mankey, Chief of Security Insights and Global Threat Alliance. This is Fortinet, thanks once again for being on theCUBE. It's a pleasure any time, look forward to the next chat. And from Peter Burris and all of us here at theCUBE and Palo Alto, thank you very much for watching this CUBE conversation. Until next time. Thank you.