 Good morning, live from Las Vegas. It's theCUBE at AWS Reinvent 2021. This is our fourth day of coverage, the third full day of the conference. Lisa Martin here with Dave Nicholson. Dave, we have had a tremendous number of conversations. In fact, we have two live sets, over 100 guests on the program. And I have another, I've got two Dave's for you for the price of one. Dave Trader joins us, the Field CISO client advisor at Presidio. We're going to be talking about ransomware and security. Dave, welcome to the program. Thank you for having me. So let's look at your background. You've got a very cool background. You hold numerous cybersecurity certifications, including CISSP. You've received numerous endurance spends from the Department of Homeland Security, the FBI and NSA. And in 2018, you graduated from the FBI's CISO Academy in Quantico, wow. Yeah, I did. It sounds like he's a man with a very special set of skills. I think you're right, I think you're right. One of the things that we have seen, the cybersecurity landscape has changed dramatically in the last year and a half, 22 months or so. I was reading some stats. Ransomware, an attack happens once every 11 seconds. It's now a matter of when, not if. Talk to us about some of the things that you're seeing, the threat landscape changing, ransomware as a service, what's going on? So the last part that you mentioned with ransomware as a service is key. The access to be able to launch attacks has become so simplified that the attacker level doesn't have to be sophisticated. Really, you can get down to the 100 level, brand new hackers that are just getting into the space, they can go to a help desk and they can purchase ransomware and they can run this ransomware. It comes with quality assurance, by the way, and if they didn't run correctly, they've got a help desk support system that'll help them run this as a criminal enterprise. The access is really what has made this so prevalent and it really exacerbated the problem to the massive scale that we're seeing today. Yeah, and of course, we're only hearing about the big ones. Conti, colonial pipeline, but as I mentioned, an attack occurring every 11 seconds. I also was reading the first half of calendar 21 that ransomware was up nearly 11X. So the trajectory, it's going the wrong way, it's going up and to the right in the way that we don't want it to go. Are they becoming more brazen? Is it easier ransomware as a service but also they're able to be paid in Bitcoin and that's traceable? Yeah, so exponential is not even fair, right? Because that's not even a fair assessment because that up and right, it's just been so pervasive that we just see that continued growth. You know, there's different ways on how we're going to stop that and what we're doing from a national perspective is all coming into play and what we're going to do about it. So one of the things that I'm seeing that's kind of new is the taunting aspect. So the taunting aspect is they've been in your network for a little while, the dwell time's extended and they're collecting intelligence, but what they're doing is they used to let you after they would present you with the ransomware note, they would let you kind of circle the wagons and then you would come to a decision point as an organization of am I going to pay or am I not? Well, and they would give you a little bit of time to deliberate. Well now, during your deliberation time, they're actually sending text to the CEO and the CFO and they're showcasing their technical prowess and that they've got you, they own you at that point and they're texting on your personal device and they're saying you should go ahead and pay us or we're going to make this worse. The taunting aspect is even twisting the knife and it's out of bounds, even from a criminal aspect, I expect that to be out of bounds. Crazy, and of course, some of the things that we've seen, the White House's counter ransomware initiative, a coalition of 30 countries aimed to ramp up global efforts to attack that, are you seeing cyber crime with the rise and the proliferation, do you think there's going to be more regulations that organizations are going to be having to deal with? What do you think some of the things that we're going to see on that legal front? Yeah, so we have to leverage compliance and there's a lot of really great frameworks out there today that we are leveraging and there's good methodology on how to stop this. The issue is it's the adoption and really the knowledge, the subject matter expertise and really that consultant side, that's the message that I try and get out to our customers and our clients and I'm trying to really get them to understand what that evolution looks like and what is needed in each discipline because there's various disciplines across the board and you almost have to have them all in order to be able to stop ransomware and solve for that ransomware problem and I do think regulation is going to be key. I also think that I need some air support from not only the federal government but our internet service providers and we as a free country, we need to be careful on some of those fronts but I still think that I would appreciate my ISP doing a little bit of block and tackle for me and helping me out even though I want the freedom to do and be able to do whatever I want, I would still like them to say, we're going to block known bats because it would just be nice to have a little bit of support even on that side. So how does an ISP prevent me from handing out my password and being fooled in a phishing attack? Is the question, is that still a real issue? So I wouldn't put that on the ISP. I would put that more on the endpoint and some personal responsibility, right? Of course. With knowing and I do stress that a little bit. Relatively early morning sarcasm, my bad. Yeah, so I do put that on but there are tremendous partners that I work with that are able to do that and automate a lot of that for you and I need to make it simple but simple is hard and that's what, especially in cybersecurity, we want to make it simple and really be able to remove the threat to the end user and protect the user but in order to do that, there's a ton of things and a ton of sophistication and innovation that happens in the background and we really need to be able to showcase how that's done and obviously I'm excited about it but we need more people that are able to just specialize in this. We need more good guys that are able to come in and help us on this front. I also think we need to break down some barriers for on the competition with market share and the partners. We need to kind of elevate the conversation a little bit and we all need to work together because we're all in the same boat when it comes to how we're being attacked. From a national perspective on a global scale and I think that if we elevate the conversation, our collective minds that mind share is going to be able to really help us innovate and put a stop to this. So then how is Presidio and AWS, how are you helping that? I know you've got a ransomware mitigation kit. Talk to us about that. How are you going to be helping, especially the cybersecurity skills gap that's going on like five years now? Sure, yeah, that skills gap is going to continue to, we're going to continue to see that grow as well and we're efforting that on many fronts but I'm really excited about the ransomware mitigation kit that got unveiled yesterday. I got a call earlier this year from AWS and we basically, the question was posed to me, what are we going to do about this? Is from an AWS perspective, what can we do? Because the cyber adversaries are relatively unchecked and their attitude is, what are you going to do about it? So AWS posed the question, what are we going to do about it? And what we came up with was as an isolated organization or as an isolated discipline with like managed detection response or endpoint protection, that silo could not by itself accomplish and the solve to eliminate ransomware or to make a dent in eliminate ransomware. So what we had to do was combine disciplines and we reached over to BCDR disaster recovery and our backup teams. And we said, let's put together endpoint protection, MDR and let's merge the two of these and let's automate that so that what happens is when we detect the ransomware attack, there's a specific indicators of compromise that happen in the attack. The endpoint protection, which is CrowdStrike in our case can see that and can notify that and then can tell the backup and recovery team, hey, we know that this is an indicator of compromise, we know that this system has been owned and then there's an inflection point where we can ask the user if they want to manually intervene or if they want us to automate that and intervene for them. So it really keeps production going full time and it takes away the cyber adversaries ability to hold our data hostage. So this is, and I don't use Piperboly frequently, but this is a monumental evolution of what we're going to see and how to prevent ransomware. Wow, I was reading that ransomware is backups or you talked about backup, that backup attacks are on the rise as well. How can organizations, how can they work with Presidio and AWS, you said describe this as monumental kind of game changing. How can they work with you guys to implement this technology so that we can start dialing down the threats? Yeah, so we would love to hear from you, right? Give us a call. But our teams with CloudEndure and AWS CloudEndure and CrowdStrike, what they've really come up with and you have to have these two things ahead of time. So I sit on our critical incident response team and I do work with the bureau as often as I can on attribution, but you have to have these ahead of time. So your critical response plan needs to be in place. And if you have the two things that we've really put a lot of effort into over the last eight months, if you've got CrowdStrike and you've got CloudEndure on the back end, we can establish all of those and really set this up for you to eliminate that threat. And that's what we're excited to showcase this week in the coming months and we're going to, and we've also got additional things and additional features that we plan to add to that in the coming months. Dave, what are your thoughts on the partnership between private industry and government entities? You mentioned that the level of sophistication to engage in this bad behavior doesn't necessarily have to be, have to rise to the level of state sponsored. But can we do this in the private sector by ourselves? What are your sort of philosophical thoughts on that? I will give you a statistic on this and it'll be self-explanatory, but 80% of our critical infrastructure in the United States is privately held. So we're unique in that perspective. We aren't like some other countries where they can just mandate the requirement that the government will control critical infrastructure. It's privately held here in the United States. So you almost have to invite the federal government to come in, even though you are a critical infrastructure, they still have to be invited to come help you. And that partnership is key in order to be able to defend yourself, but also to defend the nation, our power grids, our water sources. I mean, you'll see those are private companies, but we need that federal help. And I try and evangelize that partnership. I mean, you know, there's always the, you know, when you think about working with federal agencies like the FBI, there's a little bit of hesitation and you're not really quite sure. I will tell you that those men and women are, they're amazing, they're amazing to work with. They're really good at what they do. And you're certainly, it's a partnership and they have a whole division set up as the office of the private sector is designed to have these conversations and help you prepare. And then in the unfortunate, you know, instance where you might have an attack, they're right there trying to figure out who did that to you, you know, and you're a victim. You're a victim of a federal crime at that point. And they treat you with such care and you know, they do such a great job. So I think we have to engage them in order to, you know, and we should actually be able to help them with the technology and make it easier for them to do their job. It's something I'm also very interested in. Talk to me about your interest as last question. In terms of what's going to go in here, we are wrapping up 2021 and during 2022, which hopefully will be a much better year for on many friends, including the decrease in ransomware. What are some of the things that you're excited about? There's so much technology, there's so much opportunity and innovation going on with AWS and its partner ecosystem. What excites you? What opportunities do you see as we head into 2022? Yeah, so I do see some threats that are going to evolve. Ransomware is certainly going to be more of the same until we get this out in this new methodology and what we've built until that becomes widely adopted. I think we're not going to make a dent in the numbers that we're seeing just yet, but I'm hoping that that will change when the industries do start to adopt that. The other thing that I'm seeing is I think operational technology is going to take a hit in 2022 because the bad guys have started to figure out how that operational technology is not as, it's not front and center and it's not top of mind for a lot of CISOs. They're targeting that weakness and going after that. So I think we really need to brace for that and really get in front of that. So that's one of the things that I'm prepping for is really that operational IoT conversation and how I can help organizations and even home users with some of the stuff that you've got maybe in your own home that could be used against you. Right, because that work from anywhere is going to persist for quite some time. Dave, thank you so much for joining Dave Nicholson and me on the program this morning talking about what's going on on the threat landscape Ransomware, but also this monumental shift and from a technology and a partnership perspective that Presidio and AWS are doing to help customers in every industry, private and public sector. We appreciate your insights. Thank you for having me. It was great. Thanks for being here. Thank you. For Dave and Dave, I'm Lisa. You're watching theCUBE, the global leader in live tech coverage.