 from downtown San Francisco. It's theCUBE, covering RSA North America 2018. Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're at RSA Security Conference, about 40,000 plus. I don't know, I got to get the number. The place is packed, it's a mob team. Really excited to be here and joined by Derek Mankey. We saw Derek last year from Fortinet. Great to get an update, Derek. What do you think of the show this year? It's getting big for sure. That's an understatement. This is my 10th year at coming to RSA now, yeah. And just to see how it's changed over 10 years is phenomenal. All right, so one of the things you want to talk about that you probably weren't talking about 10 years are swarms of bots. What the heck is going on with swarms of bots? There's been a lot of changes on that front too. So the bad guys are clever, of course, right? If we look at 10 years ago, there was a lot of code, crime kits, crime services that were being created for infrastructure. That led up to some more getting affiliates, programs, kind of business middlemen to distribute crime. So that drove a lot of the numbers up, but literally in the last three quarters, if we look at hacking activity, the number has doubled from 40-guard labs. It's gone from 1.1 million to 2.2 to 4.4 million just over the last three quarters. So we're looking at an exponential rise to attacks. The reason that's happening is because automation and artificial intelligence is starting to be put into Black Hat code. And so the swarm concept, if you think of bees or ants in nature, what do they do? They work together, it strengthened numbers from a Black Hat point of view. They work together to achieve a common goal. So it's intent-based attacks. And that's what we're starting to see as precursors of some code, right? These IoT botnets, we're actually seeing nodes within the botnet that can communicate to each other, say, hey guys, I found this other target in the network, let's go launch a DDoS attack, or let's all try to take different bits of file information from those targets. So it's that swarm mentality where it takes the attacker more and more out of the loop. That means that the attacks are just also increasing in speed and becoming more agile, too. So the bad news, right, is the bad guys have all the same tools that the good guys have in terms of artificial intelligence, machine learning, automation, software defined. And they don't have a lot of rules that they're supposed to follow as well. So it kind of puts you in a tougher situation. Yeah, we're always in a tough situation for sure. You know, I would say for sure that when it comes to the tools, a lot of the tools are out there, they custom develop some tools. I would have to say on the technology side, when it comes to security members, especially collaborating together and the amount of infrastructure that we have set up, I think we have a foot up on the attackers there. We're in at advantage. But you're absolutely right. When it comes to rules, there are no rules when it comes to the Black Hat attackers. And we have to be very careful of that how we proceed, of course, right? And that's really the idea behind the Alliance, right? So that you guys are sharing information, so you're sharing best practices, you're picking up patterns, so everybody's not out there all by themselves. Absolutely. It's a strength and numbers concept on our end, too. So when we look at Cyber Threat Alliance, Fortinet being a founding member, working with all other leading security vendors in the space, it's how we can team up against the bad guys, share actionable intelligence, deploy that into our security controls, which makes it a very effective solution, right? By teaming up, stacking up our security, it makes it much more expensive for cyber criminals to operate. Right, that's good. That's a good thing. Yeah, yes. What about kind of this integration of the knock and the sock? Because, you know, security's so much more important for all aspects of the business, right? It's not layered on, it's not standalone, it's really got to be integrated into the software, into the process and the operations. Absolutely, so the good news is, if you look at things like we're doing with the security fabric, a lot of it is how do we integrate, how do we bring technology and intelligence down to the end user so that they don't have to do day-to-day, mundane tasks, right? Talking about the swarm networks, what's happening on the black hat side, attackers are getting much quicker, so defense solutions have to be just as quick, if not faster. And so that's what the knock-sock integration is about, right? How we can take network security visibility, put it into things like our 40 Analyzer Manager, SIM appliances, right? Being able to bring those solutions, so again, when it comes to a knock-and-sock operation, how do you bring visibility into threats, how do you respond to those threats? More importantly, how do you also have automated security defense, so agile defense put up? We talk about concepts like agile macro segmentation, right? That's something we're doing with Fortinet, how we can look at attacks and actively lock down attacks as they're happening. It's a really important concept, right? So really just to isolate them within kind of where they've caused the harm, keep them there until you can handle them and not let them just, you know, bananas all over the organization. Yeah, so you can think of it as like an act of quarantine. We've also launched our threat intelligence services, so this is bringing the why. There's a lot of intelligence out there, there's a lot of logs. We have now threat intelligence services that we can bring to security operation centers to show them, here are the threats happening on your network. Here is why it is a threat. Here's the capabilities of the threat. Here's how you respond to it. So it helps from a CISO perspective prioritize response on the incident response model to threats as well. All right, well, Derek, we got to let it go there. We are in a super crazy time. We'll get you back in the studio and have a little bit more time. Okay, I appreciate it. All right, he's Derek Makay, I'm Jeff Rick. You're watching theCUBE from RSA 2018. Thanks for watching.