Interview: Trey Guinn On Cyber-Warfare In Ukraine, The Evolution Of DDoS, And The Pressure On Security Teams To Do More With Less
Expert Insights interviews Trey Guinn, Field Chief Technology Officer at Cloudflare.
By Joel WittsUpdated Aug 10, 2023
At a time of growing sophistication and risk from cyber-crime, Cloudflare is one of the world’s biggest cybersecurity companies, protecting millions of users across millions of companies globally. “Internet security challenges have become corporate security challenges,” Trey Guinn, Field CTO at Cloudflare tells Expert Insights. “The internet is eating the corporate network, so all the classic internet security risks, are now corporate security risks.”
Guinn has been at Cloudflare for ten years, advising key customers, partners, and government agencies around the world on strategies to secure and optimize distributed workforces and computing architectures. Expert Insights sat down with Guinn for a wide-ranging interview at the RSAC 2023; you can listen to our full conversation on the Expert Insights podcast.
One of the prime examples of how internet security risks have become business risks is regarding DDoS attacks, Guinn explains, which are becoming more and more sophisticated. DDoS attacks are an easy way to ransom an organization from outside the network without having to compromise any data, Guinn explains. Attack methods are constantly evolving to bypass security teams.
“Hackers move really, really quickly, and they’re a pretty innovative bunch,” he explains. “A standard IT team might take days or weeks to get patches out. We’re seeing attackers now compromising Zero Days in under an hour.” Cloudflare recently stopped the biggest ever recorded DDoS attack; an application layer attack at 71 million requests per-second. “And the interesting thing is that it was launched by not a very large botnet. This was really launched by a botnet of VMs and cloud providers, but they’re so powerful and so well connected that they’re able to generate just huge volumes of traffic.”
Cloudflare’s advantage in tackling DDoS is their scale, Guinn explains. “You have to have a huge amount of scale to be able to deal with DDoS. To deal with the attack traffic, you have to see a lot of good traffic as well. And so, this is really one of those big data problems, where if you’re trying to sort the signal from the noise, you really want to have a lot of signals, and that makes you significantly more effective at pulling DDoS out.”
Doing More, With Less – Vendor Consolidation
The rising trend of sophisticated DDoS attacks is part of a larger theme as security teams are put under increasing pressure, from cyber-criminals on one hand and from economic challenges and skills shortages on the other. Doing more with less is the “Sentence of the year,” Guinn says, as businesses attempt to move forward with cloud and digital transformation, but with less flexibility to hire more people.
“We’re seeing a big push towards rationalisation and also vendor consolidation. That is to say, if we have twenty-five vendors, how do we get that down to ten?” Guinn says. “That not only gives the business more agility, but it really can help reduce costs over time. Because on the talent front, do you need to hire people that are talented at twenty different technologies, or ten different technologies?”
There’s a “gravity” forcing people to consolidate Guinn explains, particularly in the network security space. “There was an old world where you could buy a bunch of boxes and stick them to the top of a rack, and you got no penalty for latency when traffic flowed through that. Now, your traffic is going all over the place, and you can’t let your traffic bounce between one cloud vendor to another cloud vendor to another cloud vendor. You need to get as much done as possible in one platform or gateway. So, we’re seeing the drive towards vendor consolidation. The folks that do best in that have the broadest platform and the most holistic solution.”
The War In Ukraine
In February 2022, at the outset of Russia’s invasion of Ukraine, Cloudflare announced it would be offering free services to help prevent cyber-attacks, support Ukrainian infrastructure, and keep the global internet flowing. One year on, Cloudflare is “continuing to support Ukraine,” Guinn says, and is still seeing Russian based cyber-attacks continue to “pound Ukrainian critical infrastructure.”
“We can see from before the war to now, it’s a 1,200% increase in attack volume coming into Ukraine. Unfortunately, while it turns out that those attacks weren’t effective at bringing down critical infrastructure, they then switched to kinetic warfare, and we saw attacks against the electrical system. And with that, now instead of just seeing critical infrastructure taken down, or specific services, the whole internet was significantly impacted.”
Russian forces have also targeted local ISPs when they have invaded certain portions of the country, Guinn says. “As Russia roll into Kherson, one of the first things they do is to take over the local ISPs and start routing all the internet traffic in that region through Russian ISPs, so they can do tracking and management and see exactly what people are accessing and control what people are able to access over the internet.”
In the face of these major challenges, “We’re amazed to see what the Ukrainian people have done,” Guinn says. “They’re so resilient, bringing things back online, and the tech community coming together to support them…we’re happy we can do a small part to help them there.”
Generative AI & Phishing Threats
One of the big themes at the RSA Conference this year has been generative AI technologies like ChatGPT, with a lot of buzz around how these technologies will be used by both vendors and cyber-gangs alike. “AI is so exciting,” Guinn says. “We’ve been running AI models for years, actually, to disambiguate human users from automated users, and it’s incredibly effective.”
The winners when it comes to AI models are the companies with big data sets, with the processing power, and data to train the most effective algorithms. “Cloudflare has the better part of 20% of the entire web flowing through us. Using that data set, we’re able to really effectively disambiguate automated users from human users, but also divine intent of those and figure out who’s malicious and who isn’t.”
On the other side of the coin, generative AI technologies can also empower developers and hackers to generate malicious code quickly and efficiently for use in cyber-crimes. Generative AI and LLMs can also be used to very effectively create phishing campaigns, to very quickly create highly credible, realistic phishing emails which can be sent to a mass audience.
Phishing continues to be a major problem in the security space, one that Cloudflare is investing a lot in trying to solve, Guinn says. “You read the newspaper and every big data compromise you read starts with a phishing attack. This is something the industry has to deal with better. The current state is not sufficient.”
A Fundamental Shift In The Architecture Of Computing
Looking toward the future, Guinn says that the biggest challenge – one that he is very optimistic about – is the fundamental, multi-decade shift in the architecture of computing we are seeing today.
“We’re moving from very centralized computing architectures to very distributed computing architectures… we’re in this future where your customer base is all over the globe, your employees are all remote. But critically, your data, which had been in your office, is now in five hundred data centres and five hundred different service providers. “The challenge in this new world for IT professionals is to maintain control and visibility into where these users are, where the data is, and how that data is being accessed.
“It really requires a completely different architectural model…it’s not going to slow down. We have to figure out how you do networking in a completely new and novel way. You really require this connective fabric that takes a bunch of controls and visibility, that used to be at the extremity of the network and implements them in the fabric itself… networking has to get to a stage where it’s ubiquitous and infinitely scalable.”
You can listen to our full interview with Trey Guinn on the Expert Insights podcast.
Listen on Spotify:
Listen On Apple Podcasts:
About Expert Insights
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions. You can find all of our podcasts here.
Joel Witts is the Content Director at Expert Insights, meaning he oversees articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel has conducted interviews with hundreds of industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.