FortiGuard Labs recently released their Global Threat Landscape report, revealing that cyber criminals are exploiting newly released vulnerabilities at an increasing speed. Attackers are capitalizing on new vulnerabilities in under five days on average, posing a significant risk for organizations. However, not all vulnerabilities are actively being attacked, with less than 1% of published vulnerabilities being targeted. This provides organizations with a more manageable scope for strategic patch management. The report highlights the evolving nature of ransomware attacks, with cyber criminals targeting sectors like operational technology and manufacturing to disrupt services and cause financial losses. The convergence of cyber crime and advanced persistent threat is also emphasized, indicating the need for collaboration and threat intelligence sharing. Technology, such as automation and machine learning, is important for reducing the cognitive load on security teams. While the threat landscape continues to evolve, the report offers actionable insights and solutions to help organizations mitigate risks.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Fortinet Content Library. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For Fortinet Content Library
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for Fortinet Content Library.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Fortinet Content Library. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to Fortinet Content Library
Please sign in with LinkedIn to continue to Fortinet Content Library. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Derek Manky, Fortinet | RSA Conference 2024
FortiGuard Labs recently released their Global Threat Landscape report, revealing that cyber criminals are exploiting newly released vulnerabilities at an increasing speed. Attackers are capitalizing on new vulnerabilities in under five days on average, posing a significant risk for organizations. However, not all vulnerabilities are actively being attacked, with less than 1% of published vulnerabilities being targeted. This provides organizations with a more manageable scope for strategic patch management. The report highlights the evolving nature of ransomware attacks, with cyber criminals targeting sectors like operational technology and manufacturing to disrupt services and cause financial losses. The convergence of cyber crime and advanced persistent threat is also emphasized, indicating the need for collaboration and threat intelligence sharing. Technology, such as automation and machine learning, is important for reducing the cognitive load on security teams. While the threat landscape continues to evolve, the report offers actionable insights and solutions to help organizations mitigate risks.
Chief Security Strategist and Global VP Threat IntelligenceFortinet FortiGuard Labs
Rob Strechay
Dir./Principal Analyst & HosttheCUBE Research
HOST
search
(upbeat music)
Rob Strechay
>> Hello, and welcome
to this special episode of theCUBE from RSA, where we are going to unpack the latest
Fortinet FortiGuard Labs Global Threat Landscape report, and how cyber criminals are
moving exponentially faster on exploits nowadays. Joining me to help unpack
this is Derek Manky, Chief Security Strategist and Global VP threat
Intelligence at FortiGuard Labs. Welcome on board, Derek.
Derek Manky
>> Great to be on board and
back talking to theCUBE again.
Rob Strechay
>> Yeah, I mean, you're an
old pro at this, so it's good. I think, again, you know, year over year, cyber criminals really don't rest. So, this is really
interesting stuff where we get to talk to you. And I think, again, having you back and talking about the
latest threat landscape is always exciting, especially
given, you know, the week that we're having here at RSA. You know, what are some
of the key takeaways from the second half of 2023's FortiGuard Lab's research on the threat landscape report, the Global Threat Landscape report. What are some of the takeaways?
Derek Manky
>> Yeah, so 40,000 full view takeaways. So, these attacks, so
no rest for the wicked, like you said. These attacks are moving quicker. So, there's an accelerated
attack chain that we're seeing. We're also seeing a shift of playbooks, expansion of playbooks. So, that means there's more strategy that the, you know, cyber
criminals are employing when it comes to attacks. We are seeing more of a targeted nature, so we're actually seeing
drops in volume of attacks. So, that's not a good thing. We're seeing, again, cyber criminals shift into a more targeted nature when it comes to industries they're
looking at, and so forth. So, faster, more sophistication; work smarter, not harder. We talked about cyber
criminals not having rest. Well, they are employing
tools like pencil automation and early beginnings of
weaponized machine learning and artificial intelligence.
Rob Strechay
>> Yeah, no, we've been hearing that from the organizations
we talked to, as well, and I think it really ties together. And with the report really
highlighting the increased speed that cyber criminals are
targeting newly released CVEs, how are organizations supposed to keep up and prioritize this
activity to reduce risk?
Derek Manky
>> Yeah, I can't emphasize this enough how much the risk exposure
has increased here, right? If we look at the facts from the report, we are seeing that attack... this was actually surprising to me. In a six month period, so, you know, second half compared to the first half of 2023, we saw that attack chain, meaning when a new CVE was published from, you know, once the
clock starts ticking, it was less than five days, on average, for all CVEs that we saw before attackers start to capitalize on
that, try to exploit it, put it into... you know,
weaponize it essentially, right? That was three and a half days faster than the first half of 2023. So, we're talking about
that window shrinking from, you know, about eight
days to under five days now. Meaning, obviously, from
a blue team's perspective, we need to prioritize a response to this. So, that's the fact of the matter. That's what's happening. When it comes to the
organizations and prioritizing, you know, that's the bad
news I just talked about. The good news is we're not
talking about 20,000 CDDs here. I mean, there was north of
28,000 published last year. We're talking about something
that's much more manageable. We have a red zone as
an example in the report where we're actually
talking about less than 1%. If we look at total CVEs published, it's over 200,000 of them, it's less than only 1% of those that are actively being attacked. So, it's really important
to use these as tools. We have it published in the
report to actually guide into a much more bite-sized,
manageable approach for strategic patch management.
Rob Strechay
>> I was going to say that
that makes a lot of sense where, again, that a lot of
the CVEs have been out there for a long time, as well, and, you know, have been
targeted over the years. And sometimes, they've
been there, you know, for more than a decade. How are you looking at
these organizations? Is that the approach they
should be taking is looking for the sweet spot in that red zone?
Derek Manky
>> Absolutely, because these are the ones that are often used in outbreaks, so new breaking attacks on,
you know, fresh vulnerabilities end-days, right? We're not even talking about zero-days, we're talking about end-days;
their published CVEs patches are available. So, it's very manageable, right, especially when you start using tools and technologies, not just people, right, to do vulnerability compliance management and being able to plug into
those latest outbreaks. We have outbreak alerts at Fortinet that actually streamlines
and automates all that. So, there's tools, there's processes. It takes the human out
of the equation more. And just by plugging those, like the hot button issues, essentially, that vastly reduces your attack surface exposure
and the risk, right? So, it is a viable approach. But it's interesting, because the other end of the spectrum; you know, so we're talking
about the fresh breaking. The other thing in the
report we saw was that, and unfortunately we talk
about this all the time but it's reality, 98%,
virtually all organizations that we saw in 2023 in the second half are still under attack from CVEs that are at least five years old. So, those are things... And, you know, patches have been available for a very, very long time, but still we have this conversation about the shelf life of
these CVEs, essentially.
Rob Strechay
>> Right. Yeah, I think that that's, like you said, an organizational approach
that people need to take about, hey, you know, they're not going after, you know, zero-days all the time and things of that nature. They're looking backwards
to a certain extent because there's known
tools there, known kits and things of that nature. Plus, you know, with AI
getting a little bit involved, you know, in ML, as you said, it's starting to be weaponized. But let's kind of, like, double click into the ransomware trend, because it always seems that one of the most prominent
topics at any conference, such as RSA, is that we see the headlines are all about, you know,
ransomware and how many people are being impacted and
the cost of ransomware. Can you kind of explain a
little bit more about that and what you're seeing and
double clicking into that?
Derek Manky
>> Yeah, so it's like I said, this is a work-smarter-not-harder approach across the boards. You know, that rings true on the zero-days like we talked about. The reality is it's not the zero-days, it's the end-days,
right, because they work, unfortunately, still, so why raise the bar
when you don't have to from a cyber criminal's perspective? You know, to be able
to weaponize zero-days, that's a cost on cyber criminals, right? If they don't have to jump
through those hoops, they won't. And that's why we're seeing
everything we just talked about on the CVE front. On the ransomware front, it's
very much the same thing. You know, the ransomware
game has been evolving for well over a decade. I remember speaking at security
conferences on ransomware prior to 2010, when it
first came out really. And, you know, back then,
of course, the playbook was very isolated; it was
just about data encryption. Now we've seen that playbook expand into at least four or
five different levels from extortion to, you know, moving away from just data encryption,
to extortion of data, to, you know, double
extortion on customer data, to triple extortion threats now on destructive elements of this. It keeps on expanding, right? And what they've done now is
their operational playbooks that has expanded. We actually saw a 70% drop
in volume in ransomware. So, you would think
that's a congratulations, shake the hand, good news scenario. But in fact, what we're seeing
is they're just shifting the goal posts, and they're now starting to be much more calculated,
doing reconnaissance, weaponizing machine learning to do social engineering on these targets. Operational technology
is the number one sector that we're seeing almost half
of all global ransomware, 44%, targeting OT,
specifically manufacturing. It's 'cause they've shifted
away from the data now, and they're looking at services and revenue-producing services and/or, you know, production
lines in manufacturing. And they know, if they can take out a manufacturing plant
for a day for an example, it's going to translate into X amount of dollars in lost revenue. And they have that in their
guidebook and their playbook.
Rob Strechay
>> Yeah, I think that
the groups are becoming more corporate in that way, and they're definitely
looking at how much revenue can they disrupt. And, you know, they have
their own KPIs to that extent. But can you, like,
explain a little bit more some of the insights that
FortiGuard Labs is seeing with those APT threat actors and as it's progressed through 2023?
Derek Manky
>> Yeah, so the lines, the
APT arena is very interesting. These used to be quite separated. I think we've maybe
talked about this before, but it's becoming more
and more apparent now where cyber crime and APT
are converging as well. We see shared infrastructure
between the two groups. Cyber criminals are acting
like APT actors now. You know, there's over
140 tracked APT groups. We have seen an increase, you know, every half that we release this report on APT activity. We saw 38 of these active, over a third, of all APT groups actually waking up. Remember an APT group usually takes, it's about
a two year cycle, right, to go through that weaponization
phase, launch and attack. We're seeing a lot of
these more and more active, and it's also because of
that shared infrastructure and working with cyber criminals. So, it's quite interesting,
you know, to see that happening now, even to the point of activity on dark web forums too.
Rob Strechay
>> Yeah, I think that to
me is one of the things that, you know, would keep me up at night. To put it (indistinct) is the fact that you have these different approaches that these organizations are taking, and they're looking at
it as, hey, this is more of a corporate. They're, you know, even
some of them we've heard have HR departments and
things of that nature.
Derek Manky
>> (indistinct) business units. Yep.
Rob Strechay
>> Yeah, and I think
that to me is really one of the craziest things is that you start to, you know... As they more weaponize everything and more take a strategic approach, you know, getting this data
that you guys are providing back and having that early threat detection and understanding things before they happen becomes even more, you know, more
important from that perspective. Is that what you're seeing
from the organizations and why they're reaching
out is that, hey, you know, we can't do this alone.
Derek Manky
>> Yeah, absolutely. So, I mean, there's always
a mirror image here, right? On the red team, the threat actors' side, they're reaching out for help. We've seen almost every model
now under crime services; so crime-as-a-service,
they're monetizing that. We're seeing ransom-as-a-service
as an example where they have hundreds of
these outsourced affiliates that actually deploy the
ransomware and get a commission. On the blue team side, in our
industry, it's the same thing. We reach out for help, public
and private partnerships, how we can work together to
share threat intelligence, to actually create an ecosystem of disruption to impose a
higher cost on the attacker. And we talk about that all the time, but we're actually doing that, right? There's a lot of great efforts underway, and we highlight some
of these in the report, like Cyber Threat Alliance,
which is now over a decade old, sharing the private sector. But also disruption with
law enforcement and Interpol and working with the World Economic Forum and Cybercrime Atlas where
we're actually mapping the ecosystem of cyber crime, identifying how many different
points we can hit that hurts, so it's very strategic to actually go into (indistinct) as well to (indistinct).
Rob Strechay
>> Yeah, and I think that,
again, you guys touch on this in that announcement around
the radical transparency and, you know, how we
have to build an ecosystem and build it stronger together. And are you seeing the
other organizations, both government and private
and businesses, coming together more and more about this?
Derek Manky
>> Yes, absolutely, and
it's a maturity phase in the industry, I would say. We've been through this before
in other aspects in the past. Threat intelligence sharing
is one of those, right? That's been going on for a long time. This new protocols,
frameworks, technology; everyone is receptive to it. There's more and more of that happening, and there's more options
coming out of that on the responsible disclosure,
responsible transparent. So, responsible disclosure actually has been also a
decade that's very specific to how you handle
vulnerabilities and release it. And so, that's been in motion for a while, and we've seen some of the
industry growing up with that. Responsible transparency
is the new aspect of that. And so, it's happening;
still takes some time, right? This is really on the table right now, and organizations are coming together to embrace and then adopt it. It's exciting, right, because
we've seen this before and we've shown that it can work, and with the transparency angle, you know, that's going
to be a game changer, I think, in the industry, right, 'cause at the end of the
day, being transparent helps to build more resilient networks, and it achieves our end goal
of imposing a higher cost on, you know, the adversary and making cybersecurity
a more safe place.
Rob Strechay
>> Yeah, oh, yeah, I think that's the key is that everybody is looking
to how do they be part of the solution, not part of the problem, and how that transparency
really helps with that as well.
Derek Manky
>> Right. And sorry, I'll just say
that we're always talking about the problem too much, I would say. And we do have to, right? But the point is, again,
with transparency, we're talking about the solutions also. I think that's a really important piece.
Rob Strechay
>> Yeah, yeah. And I think, again,
it's one of these things that even the organizations
that we talk to on a regular basis, and you talk to them, and they're like, "We can't do this alone. The problem is so big, and we have to get our hands around it, and we just don't have eyes on everything. Especially as you get out of the uber-large organizations
into kind of that fat middle of organizations that really, you know,
sometimes the security people are actually wearing
multiple hats in there. What else didn't we cover that you think was
interesting in the report?
Derek Manky
>> I would say, again, let's talk about the solutions here, right? So, there's a lot of bad always; that's not going to go away. The bad can get better
from all the efforts that we're doing on
disruption and so forth. But, you know, the takeaway
from the report here is that, look, there's a lot going on. Cybersecurity's always daunting, but there are certain steps you can take to, again, focus on, prioritize
it, really reduce that risk and the attack surface. So, again, things like the red zone that we talk about in the report; shoring up the end-day problem
on the aging vulnerabilities that we talked about;
utilizing technology, too, to take the human out of
that mundane cycle loop, because these attacks
are going quick, right? We're talking about
less than five days now for these new CVEs when they break. The best way to approach
that is to elevate the human out of the stitching of the fabric, right, and to have automation,
like via SOAR as an example, to have machine learning
and artificial intelligence and fabric threat intelligence, all of that to be able to respond, 'cause you can absolutely do that to respond to these new threats not even within days, but within hours and minutes sometimes. So, that's the good news, right? Everything exists today. We don't need to reinvent the wheel. And yeah. And there's some good takeaways
from that in the report.
Rob Strechay
>> Yeah, no, I agree. I mean, the cognitive load is
quite extreme on the people who have to sit there and manage through all of these threats, and all of the alerts and all
of that, the seem in SOAR, and using the technology even
better is always a good thing. So, I want to thank you
for coming on board, Derek, and sharing all this valuable
information from the research, 'cause it is so important
to get that out there and share that with others so that they understand
where's the goal line today, and where is the goal line going, so that they can do better
planning and be more strategic. So, thank you for coming on board.
Derek Manky
>> Absolutely. It's a pleasure. Please stay safe, everyone.
Rob Strechay
>> Absolutely. You've got to stay safe. And thank you for watching as we unpack FortiGuard's Global Threat
Landscape report on theCUBE, the leader in high-tech
enterprise analysis and coverage. (lighthearted relaxing music)
>> Hello, and welcome
to this special episode of theCUBE from RSA, where we are going to unpack the latest
Fortinet FortiGuard Labs Global Threat Landscape report, and how cyber criminals are
moving exponentially faster on exploits nowadays. Joining me to help unpack
this is Derek Manky, Chief Security Strategist and Global VP threat
Intelligence at FortiGuard Labs. Welcome on board, Derek.
Derek Manky
>> Great to be on board and
back talking to theCUBE again.
Rob Strechay
>> Yeah, I mean, you're an
old pro at this, so it's good. I think, again, you know, year over year, cyber criminals really don't rest. So, this is really
interesting stuff where we get to talk to you. And I think, again, having you back and talking about the
latest threat landscape is always exciting, especially
given, you know, the week that we're having here at RSA. You know, what are some
of the key takeaways from the second half of 2023's FortiGuard Lab's research on the threat landscape report, the Global Threat Landscape report. What are some of the takeaways?
Derek Manky
>> Yeah, so 40,000 full view takeaways. So, these attacks, so
no rest for the wicked, like you said. These attacks are moving quicker. So, there's an accelerated
attack chain that we're seeing. We're also seeing a shift of playbooks, expansion of playbooks. So, that means there's more strategy that the, you know, cyber
criminals are employing when it comes to attacks. We are seeing more of a targeted nature, so we're actually seeing
drops in volume of attacks. So, that's not a good thing. We're seeing, again, cyber criminals shift into a more targeted nature when it comes to industries they're
looking at, and so forth. So, faster, more sophistication; work smarter, not harder. We talked about cyber
criminals not having rest. Well, they are employing
tools like pencil automation and early beginnings of
weaponized machine learning and artificial intelligence.
Rob Strechay
>> Yeah, no, we've been hearing that from the organizations
we talked to, as well, and I think it really ties together. And with the report really
highlighting the increased speed that cyber criminals are
targeting newly released CVEs, how are organizations supposed to keep up and prioritize this
activity to reduce risk?
Derek Manky
>> Yeah, I can't emphasize this enough how much the risk exposure
has increased here, right? If we look at the facts from the report, we are seeing that attack... this was actually surprising to me. In a six month period, so, you know, second half compared to the first half of 2023, we saw that attack chain, meaning when a new CVE was published from, you know, once the
clock starts ticking, it was less than five days, on average, for all CVEs that we saw before attackers start to capitalize on
that, try to exploit it, put it into... you know,
weaponize it essentially, right? That was three and a half days faster than the first half of 2023. So, we're talking about
that window shrinking from, you know, about eight
days to under five days now. Meaning, obviously, from
a blue team's perspective, we need to prioritize a response to this. So, that's the fact of the matter. That's what's happening. When it comes to the
organizations and prioritizing, you know, that's the bad
news I just talked about. The good news is we're not
talking about 20,000 CDDs here. I mean, there was north of
28,000 published last year. We're talking about something
that's much more manageable. We have a red zone as
an example in the report where we're actually
talking about less than 1%. If we look at total CVEs published, it's over 200,000 of them, it's less than only 1% of those that are actively being attacked. So, it's really important
to use these as tools. We have it published in the
report to actually guide into a much more bite-sized,
manageable approach for strategic patch management.
Rob Strechay
>> I was going to say that
that makes a lot of sense where, again, that a lot of
the CVEs have been out there for a long time, as well, and, you know, have been
targeted over the years. And sometimes, they've
been there, you know, for more than a decade. How are you looking at
these organizations? Is that the approach they
should be taking is looking for the sweet spot in that red zone?
Derek Manky
>> Absolutely, because these are the ones that are often used in outbreaks, so new breaking attacks on,
you know, fresh vulnerabilities end-days, right? We're not even talking about zero-days, we're talking about end-days;
their published CVEs patches are available. So, it's very manageable, right, especially when you start using tools and technologies, not just people, right, to do vulnerability compliance management and being able to plug into
those latest outbreaks. We have outbreak alerts at Fortinet that actually streamlines
and automates all that. So, there's tools, there's processes. It takes the human out
of the equation more. And just by plugging those, like the hot button issues, essentially, that vastly reduces your attack surface exposure
and the risk, right? So, it is a viable approach. But it's interesting, because the other end of the spectrum; you know, so we're talking
about the fresh breaking. The other thing in the
report we saw was that, and unfortunately we talk
about this all the time but it's reality, 98%,
virtually all organizations that we saw in 2023 in the second half are still under attack from CVEs that are at least five years old. So, those are things... And, you know, patches have been available for a very, very long time, but still we have this conversation about the shelf life of
these CVEs, essentially.
Rob Strechay
>> Right. Yeah, I think that that's, like you said, an organizational approach
that people need to take about, hey, you know, they're not going after, you know, zero-days all the time and things of that nature. They're looking backwards
to a certain extent because there's known
tools there, known kits and things of that nature. Plus, you know, with AI
getting a little bit involved, you know, in ML, as you said, it's starting to be weaponized. But let's kind of, like, double click into the ransomware trend, because it always seems that one of the most prominent
topics at any conference, such as RSA, is that we see the headlines are all about, you know,
ransomware and how many people are being impacted and
the cost of ransomware. Can you kind of explain a
little bit more about that and what you're seeing and
double clicking into that?
Derek Manky
>> Yeah, so it's like I said, this is a work-smarter-not-harder approach across the boards. You know, that rings true on the zero-days like we talked about. The reality is it's not the zero-days, it's the end-days,
right, because they work, unfortunately, still, so why raise the bar
when you don't have to from a cyber criminal's perspective? You know, to be able
to weaponize zero-days, that's a cost on cyber criminals, right? If they don't have to jump
through those hoops, they won't. And that's why we're seeing
everything we just talked about on the CVE front. On the ransomware front, it's
very much the same thing. You know, the ransomware
game has been evolving for well over a decade. I remember speaking at security
conferences on ransomware prior to 2010, when it
first came out really. And, you know, back then,
of course, the playbook was very isolated; it was
just about data encryption. Now we've seen that playbook expand into at least four or
five different levels from extortion to, you know, moving away from just data encryption,
to extortion of data, to, you know, double
extortion on customer data, to triple extortion threats now on destructive elements of this. It keeps on expanding, right? And what they've done now is
their operational playbooks that has expanded. We actually saw a 70% drop
in volume in ransomware. So, you would think
that's a congratulations, shake the hand, good news scenario. But in fact, what we're seeing
is they're just shifting the goal posts, and they're now starting to be much more calculated,
doing reconnaissance, weaponizing machine learning to do social engineering on these targets. Operational technology
is the number one sector that we're seeing almost half
of all global ransomware, 44%, targeting OT,
specifically manufacturing. It's 'cause they've shifted
away from the data now, and they're looking at services and revenue-producing services and/or, you know, production
lines in manufacturing. And they know, if they can take out a manufacturing plant
for a day for an example, it's going to translate into X amount of dollars in lost revenue. And they have that in their
guidebook and their playbook.
Rob Strechay
>> Yeah, I think that
the groups are becoming more corporate in that way, and they're definitely
looking at how much revenue can they disrupt. And, you know, they have
their own KPIs to that extent. But can you, like,
explain a little bit more some of the insights that
FortiGuard Labs is seeing with those APT threat actors and as it's progressed through 2023?
Derek Manky
>> Yeah, so the lines, the
APT arena is very interesting. These used to be quite separated. I think we've maybe
talked about this before, but it's becoming more
and more apparent now where cyber crime and APT
are converging as well. We see shared infrastructure
between the two groups. Cyber criminals are acting
like APT actors now. You know, there's over
140 tracked APT groups. We have seen an increase, you know, every half that we release this report on APT activity. We saw 38 of these active, over a third, of all APT groups actually waking up. Remember an APT group usually takes, it's about
a two year cycle, right, to go through that weaponization
phase, launch and attack. We're seeing a lot of
these more and more active, and it's also because of
that shared infrastructure and working with cyber criminals. So, it's quite interesting,
you know, to see that happening now, even to the point of activity on dark web forums too.
Rob Strechay
>> Yeah, I think that to
me is one of the things that, you know, would keep me up at night. To put it (indistinct) is the fact that you have these different approaches that these organizations are taking, and they're looking at
it as, hey, this is more of a corporate. They're, you know, even
some of them we've heard have HR departments and
things of that nature.
Derek Manky
>> (indistinct) business units. Yep.
Rob Strechay
>> Yeah, and I think
that to me is really one of the craziest things is that you start to, you know... As they more weaponize everything and more take a strategic approach, you know, getting this data
that you guys are providing back and having that early threat detection and understanding things before they happen becomes even more, you know, more
important from that perspective. Is that what you're seeing
from the organizations and why they're reaching
out is that, hey, you know, we can't do this alone.
Derek Manky
>> Yeah, absolutely. So, I mean, there's always
a mirror image here, right? On the red team, the threat actors' side, they're reaching out for help. We've seen almost every model
now under crime services; so crime-as-a-service,
they're monetizing that. We're seeing ransom-as-a-service
as an example where they have hundreds of
these outsourced affiliates that actually deploy the
ransomware and get a commission. On the blue team side, in our
industry, it's the same thing. We reach out for help, public
and private partnerships, how we can work together to
share threat intelligence, to actually create an ecosystem of disruption to impose a
higher cost on the attacker. And we talk about that all the time, but we're actually doing that, right? There's a lot of great efforts underway, and we highlight some
of these in the report, like Cyber Threat Alliance,
which is now over a decade old, sharing the private sector. But also disruption with
law enforcement and Interpol and working with the World Economic Forum and Cybercrime Atlas where
we're actually mapping the ecosystem of cyber crime, identifying how many different
points we can hit that hurts, so it's very strategic to actually go into (indistinct) as well to (indistinct).
Rob Strechay
>> Yeah, and I think that,
again, you guys touch on this in that announcement around
the radical transparency and, you know, how we
have to build an ecosystem and build it stronger together. And are you seeing the
other organizations, both government and private
and businesses, coming together more and more about this?
Derek Manky
>> Yes, absolutely, and
it's a maturity phase in the industry, I would say. We've been through this before
in other aspects in the past. Threat intelligence sharing
is one of those, right? That's been going on for a long time. This new protocols,
frameworks, technology; everyone is receptive to it. There's more and more of that happening, and there's more options
coming out of that on the responsible disclosure,
responsible transparent. So, responsible disclosure actually has been also a
decade that's very specific to how you handle
vulnerabilities and release it. And so, that's been in motion for a while, and we've seen some of the
industry growing up with that. Responsible transparency
is the new aspect of that. And so, it's happening;
still takes some time, right? This is really on the table right now, and organizations are coming together to embrace and then adopt it. It's exciting, right, because
we've seen this before and we've shown that it can work, and with the transparency angle, you know, that's going
to be a game changer, I think, in the industry, right, 'cause at the end of the
day, being transparent helps to build more resilient networks, and it achieves our end goal
of imposing a higher cost on, you know, the adversary and making cybersecurity
a more safe place.
Rob Strechay
>> Yeah, oh, yeah, I think that's the key is that everybody is looking
to how do they be part of the solution, not part of the problem, and how that transparency
really helps with that as well.
Derek Manky
>> Right. And sorry, I'll just say
that we're always talking about the problem too much, I would say. And we do have to, right? But the point is, again,
with transparency, we're talking about the solutions also. I think that's a really important piece.
Rob Strechay
>> Yeah, yeah. And I think, again,
it's one of these things that even the organizations
that we talk to on a regular basis, and you talk to them, and they're like, "We can't do this alone. The problem is so big, and we have to get our hands around it, and we just don't have eyes on everything. Especially as you get out of the uber-large organizations
into kind of that fat middle of organizations that really, you know,
sometimes the security people are actually wearing
multiple hats in there. What else didn't we cover that you think was
interesting in the report?
Derek Manky
>> I would say, again, let's talk about the solutions here, right? So, there's a lot of bad always; that's not going to go away. The bad can get better
from all the efforts that we're doing on
disruption and so forth. But, you know, the takeaway
from the report here is that, look, there's a lot going on. Cybersecurity's always daunting, but there are certain steps you can take to, again, focus on, prioritize
it, really reduce that risk and the attack surface. So, again, things like the red zone that we talk about in the report; shoring up the end-day problem
on the aging vulnerabilities that we talked about;
utilizing technology, too, to take the human out of
that mundane cycle loop, because these attacks
are going quick, right? We're talking about
less than five days now for these new CVEs when they break. The best way to approach
that is to elevate the human out of the stitching of the fabric, right, and to have automation,
like via SOAR as an example, to have machine learning
and artificial intelligence and fabric threat intelligence, all of that to be able to respond, 'cause you can absolutely do that to respond to these new threats not even within days, but within hours and minutes sometimes. So, that's the good news, right? Everything exists today. We don't need to reinvent the wheel. And yeah. And there's some good takeaways
from that in the report.
Rob Strechay
>> Yeah, no, I agree. I mean, the cognitive load is
quite extreme on the people who have to sit there and manage through all of these threats, and all of the alerts and all
of that, the seem in SOAR, and using the technology even
better is always a good thing. So, I want to thank you
for coming on board, Derek, and sharing all this valuable
information from the research, 'cause it is so important
to get that out there and share that with others so that they understand
where's the goal line today, and where is the goal line going, so that they can do better
planning and be more strategic. So, thank you for coming on board.
Derek Manky
>> Absolutely. It's a pleasure. Please stay safe, everyone.
Rob Strechay
>> Absolutely. You've got to stay safe. And thank you for watching as we unpack FortiGuard's Global Threat
Landscape report on theCUBE, the leader in high-tech
enterprise analysis and coverage. (lighthearted relaxing music)
