>>Mhm Yes. Welcome to this cube conversation. I'm john Kerry host of the cube here in Palo alto California. We've got two great guests all the way from Ohio and here in the bay area with sequence securities is our focus on cloud growth companies. Sri and met a co founder and CTO of sequence security and Jason Kent hacker in residence at sequence security. We're gonna find out what that actually means in the second but this is a really important company in the sense of A P. I. S. As they are starting to be the connective tissue between systems and and data. Um you're starting to see more vulnerabilities, more risk but also more upside. So risk, reward is high. And anyone who's doing things in the cloud obviously deals with the A. P. I. So Trey and Jason. Thanks for let's keep conversation. >>Happy to be here >>guys. Let's let's talk about A P. I. Security. And but first before we get there trans what does sequence security do? What do you guys specifically build? And what do you sell >>sequences in the business protecting your web and um A P. I. S from various kinds of attacks? Uh We protect from business logic attacks, A P. I. Uh do your api inventory, uh also the detect and defend against things like a town taker. Where's fake account creation, scraping pretty much anything and everything. An application on a PDA is exposed to from from the Attackers. >>Jason. What do you what do you do there as hacker and residents? I also want to get your perspective on api security from the point of view of, you know, uh attack standpoint from a vector. How are people doing it? So first explain what you do and uh love the title hacker and residents. But also what does that actually mean from a security standpoint? >>Yeah. So we can't be in the business that we're in without having an adversarial approach to where our customers are deployed and how we look at them. So a lot of times I spend my time trying to be on the client's backdoors and and try to hit their A. P. I. S. With as many kinds of attacks that I can. It helps us understand how an attacker is going to approach a specific client as well as helps us tune for our machine learning models to make sure that we can defend against those kinds of things. Um as a hacker and residents, my mostly my position is client facing. But I do spend an awful lot of time being research and looking for the next api threat that's out there. >>You gotta stay ahead of the bad guys. But let's bring up some kind of cutting edge relevant topics. One is all over the news cycle. You heard peloton, very highly visible company, It represents that new breed of digital companies that have a new approach and it's absolutely doing very, very well. The new consumers like this product and you're seeing a lot more peloton, like companies out there that are leveraging technology, so they're fully integrated, they had an A. P. I. Issue recently. Um what does it mean? Is that, is that something we're gonna see more of these kind of leaks in these kind of vulnerabilities? What do you guys think about this political thing, >>You know, from an attacker's perspective as a really boring attack? Um, but it led to a huge amount of data leaking out. Same with, you know, the news has been been right with this lately, right, john Deere got hit. Um We've seen yet another credit bureau got hit right. Um and these attacks are coming off as fairly simple attacks that are dumping huge amounts of data, just proving that the FBI attack surface is really a great place to get a rich amount of data, but you have to have a good understanding of how the application works so you can spend a little bit of time on it. But once you've taken a look at how the data flows, you end up with, you know, pretty rich data set as an attacker. I go after them just by simply utilizing their products, utilizing the programs and understanding how they work. And then I drag out all the pieces that I think are going to be interesting and start plucking away at it. If I see a like a profile, for instance, that I can edit, I wonder can I edit someone else's profile. And this is how the peloton attack work. I'm logged in, I'm allowed to see my things, what other things can I see? And it turns out they can see everything. >>So we also saw a hack with clubhouse, which is the hot app now I think just opened up to android users, but they were simply calling it back and Agora, which is, you know, I've seen china, but once you've understood that the tokens work, once you understood what they were doing, you could essentially go in and figure things out. There seems to be like pretty like trivial stuff, but it gets exposed. No one kind of thinks it through. How does someone protect themselves against these things? Because that's the real issue, like just make it less secure. Our Api is gonna be more secure in the future. What can customers do about what do you guys to think about this? >>Yeah, but the reality is, I mean that's just uh too many babies out there. I mean if you see the transition that is happening and that is the transformation where it used to be like a one app or two apps before and now there are like hundreds and thousands of applications driven by the devops world, a child development and and what matters is, I mean the starting point really is you cannot protect what, you cannot see what used to be. Uh an up hosted in your data center is now being hosted in the cloud environments, in the virtual environments, in several less environments and coordinators, you name it, they're out there. So the key is really to understand your attack surface, that's your starting point. So you're you're tooling your applications need to uh I need to be able to provide that visibility that that that is needed to protect these applications and you can't rely just on your developers to do this for you. So you need a right tool that can secure these applications, >>Jason what's the steps that an attacker takes to uncover vulnerabilities? What goes through the mind of the attacker? Um I mean the old days you used to just do port scans and try to penetrate you get through the perimeter. Now with this no perimeter mindset, the surface area Schramm was talking about is huge. What what's going on the mind of the attacker here and the A P I S and vulnerabilities. >>So the very first thing that we do is we sign up for an account, we use the thing, right? We look at all the different endpoints. Um I've got scripts running in my attack tools that do things like show me comments uh in case the developer left some comments in there to tell me where things are. Um I basically I'm just going to poke around using it like a regular user, but in that I'm going to look for places. That makes sense to try to do an attack. So the login screen is a really easy thing. Everybody understands that you put in a user name, you put in a password, you can't go. What I'm gonna do is put in a bad username and a bad password. I'm gonna put in a good user name and a bad password and I'm gonna see what changes, what are the different things that your application is telling me. And so when we look at an application for flaws and ways to get to the data on the back end, all we're doing is seeing what data do you present me on standard use. And then I'm going to look at, well, how can I change these parameters or what are the things that I can change in my requests to get a different response? So in the early phases of an attack, Attackers are very difficult to a seat. Right. They just look like a regular user just doing regular things. It's when we decide. All right. I've found something that starts to get actually interesting and we start to try to pull data out. >>What are some of the common vulnerabilities and risks that you guys see in the A. P. I is when you look when you poke at them that people are are doing is that they're not really doing their homework. Doing good. Security designers are just more of tech risk. What's the most common vulnerabilities and risks? >>Well, so for me, I I've noticed a lot of the OAS KPI top 10, the first couple of things you see them on almost all applications, so broken object level authorization is the first one. It's mouthful. Um but basically all it is is I log onto the platform, I'm authorized to be there, but I can see someone else's stuff and that's exactly what happened in peloton. Um that and what we call insecure direct object reference where I don't have to be logged in, I can just make the request without any authentication and get information back. So those are pretty common areas um that you know people need to focus on, but there's a few others that are outside the top 10 that really make a lot more sense as a defender strains probably has a little better answer to me. >>Yeah. So um I'm like like we said um creating that inventories is key, but where are they being hostess? Another another aspect of things. So so when when Jason spoke about um like hackers are actually probing, trying to figure out what are the different entry points? It could be your production environment, it could be your QA environment staging environment and you're not even aware of, but once you've actually figured out those entry points, the next step of attack was like at peloton and and other places is really eggs filtering. Exfiltrate ng that that information. Right. Is it, is it the O P II information, ph I information um and and you don't want to exfiltrate as a hacker, just one person's information. You you're automating that business logic that is behind it ability to protect and defend against those kinds of attacks, giving that visibility, even though you might not have instrumented that application for for that kind of visibility is key. Once you are bubbling up those behaviors, then you can go ahead and and and protect from these kinds of attacks. And it could be about just simply enumerating through I. D. S. Uh that paladin might have or uh experience might have and just enumerate through that and exfiltrate the information behind it. So the tools need to be able to protect from those kinds of attacks out there. >>Yeah, I think I was actually on clubhouse when um that went down that hole enumerating through the I. D. S. Room I. D. S. And then the people just querying once they got an I. D. They essentially just sucked all the content out because they were just calling the back end. It was just like the most dumbest thing I've ever seen, but they didn't think about, I mean, you know, they were just rushing really fast. So So the question I have for transit and on a defense basis, people are going first party um with a P. I. S. A. P. I. First strategies because it's just some benefits there as we were talking about what do I need to do to protect myself? So I don't have that clubhouse problem or the pelton problem. Is there a Is there a playbook or is their software tools that I could use? How do I build? My apologies from day one and my principles around it to be good hygiene or good design? What's the what's the >>yeah. So aPI security is sort of a looking uh less known given that it's constantly evolving and changing. And the adoption of A P. S. Have gone up significantly. So what you need to start with effectively is the runtime security aspect of things. When a an aPI is live, how do I actually protected? And it ranges from simple syntactic protection things around people. Can can go ahead and break these ap is by providing sort of uh going after endpoints that you don't think exist anymore or going after certain functions by giving large values that they're not sort of coded to accept and so on so forth. Once you've done that runtime protection from a syntactic aspect, you also need to protect from a business logic aspect. I mean, mps will will expose uh information, interact with the customers and partners, what what business logic are they actually exposing and how can it be abused? Understanding that is another big aspects and then you can go ahead and protect from a runtime uh from a long time security perspective, once you've done that and understood that, well then you can start shifting lap things, invest in your uh sort of uh Dass tools or static analysis tools which can catch these things early so that they don't bubble up all the way, but none of them are actually silver bullets, right? So that you have a good uh time security tools, so I don't need to invest in dust or assessed whatever I have invested in my shift left aspect of things and uh and nothing will flow through. So you you need to start shifting left uh but covered all your bases properly, >>you can't shift left, there's nothing to shift from. I mean if you don't have that baseline foundation, what does that even mean to shift left and get that built into the Ci cd pipeline? So that's a great point. How does how does someone and some companies and teams set that foundation with the run time? Do you think it's a critical problem right now or most people are do a good job or they just get get lazy or just lose track of it or you know what, what's what's the common um, use case? Do you see behavior behaviorally inside these enterprises? >>Yeah. So what, what we're seeing is adoption of new technologies and environments um, and they're not um, well suited for the traditional way of doing that time. Security. Like if if you have an app running in your kubernetes environment, if you have an app running in in in a serval less environment, how do you actually protected with the traditional appliance based approach? So I think being able to get that visibility into these environments, understanding the the user behavior, how these applications are interacted with being able to differentiate from that uh, normal human behavior or even sometimes legitimate automation uh from from the malicious intents or or the the probing and the business logic attacks is key to understanding and defending these applications. >>Before we wrap up, I want to just get your expert opinion since you guys are both here around, you know, the next level of of innovation. Also you got cloud public cloud showed us a P. I. S are great. Now you're starting to see cloud operations, they call day two operations or whatever you call it A IOP. There's all kinds of buzz words are for it, but hybrid cloud and multi cloud, Edge five G. These are all basically pointing to distributed computing systems, basically distributed cloud. So that means more A P. I. Is gonna be out there. Um So in a way the surface area of a piece is increasing. What's your what's your view on this as a market? I mean, early days developing fast and what's, what's the, what's the landscape look like? What do you guys see from a attack and defense standpoint? >>Well, just from the attacker's perspective, you know, I see a lot more traffic going, what we call east west traffic, where it's traveling inside the application, it's a P is feeding a ps more data. Um, but what is really happening is we're trying to figure out how to hook third parties into our api is more and more. The john Deere attack was just simply their development api platform that they open up for other organizations to integrate with them. Um, you know, it's, it's very beneficial for John Deere to be able to say I planted this seed at an inch and a half of depth and later, uh, I harvested 280 bushels of corn off that acres. So I know that's perfect. I can feed that back to my seed guy. Well that kind of data flow that's going around from AP to AP means that there's far more attack surface and we're going to see it more and more. I I don't think that we're going to have less Ap is communicating in the near future. I think this is the foundation that we're building for what it's gonna look like for almost every business in the near term. >>I mean this is the plumbing of integration. I mean as people work with each other data transfer, data knowledge format, you mentioned syntax and all these basic things in computer science are coming to A PS which was supposed to be just a dumb pipe or just, you know, rest api those glory days now it's not there. They're basically, it's basically connections. >>Yeah. You're absolutely right. John, I mean like what Jason mentioned earlier, uh, in terms of the way the A. P. I. S are going to grow and the bad guys are going to go after it. You need to think like a bad guy, what are they going to go after? Uh, these assets that are going to be in the cloud, in your hybrid environment, in in your own prem environment. And, and it's, it's a flip of a switch where an internal API can be externally exposed or, or just a new api getting rolled out. So all those things you need to be able to protect, um, and get that visibility first and then being then protect these environments. >>That's awesome. You guys represent the new kind of company that's going to take advantage of the cloud scale and as people shift to the new structural change and people are re factoring security, This is an area that's going to be explosive in development. Obviously the upside is huge. Um Quickly before to end, you guys take a minute to give a plug for the company. Um This is pretty cool. I love love what you guys do. I think it's very relevant and cool at the same time. So sequence security. What are you guys doing funding hiring? What's the plug? Tell folks about it. >>Yeah. So uh we we we started about six years ago but we like starting in the the body defense space by focusing on obscenity ice. And from then we we've grown and we've grown significantly in terms of our customer base, the verticals that we're going after in financial retail social media, you name it, we are there because pretty much all these these uh articles depends on A. P. I. S. To interact with their customers. Uh We've we've raised our cities we last year we've we've grown our customer base. Uh Just in the last year when there was a lockdown people were all these retailers were transforming from brick and mortar to online. Social media also also grew and we grew with them. So >>Jason your thoughts. >>I think that sequence is his ability to scale out to any size environment. We've got a customer that does a billion and a half transactions a month. Um That are ap is from 1000 other clients of theirs. Being able to protect environments that are confusing and cloudy like that. Um Is really it makes what we do shine. We use a lot of machine learning models and ai in order to surface real problems. And we have a lot of great humans behind all of that, making sure that the bad guy maybe they're right now, but they're going away and we're going to keep them away. >>It's super, super awesome. I think it's a combination of more connections, distributed computing at large scale with a data problem. That's, that's playing out. You guys are solving great stuff and hey, you know when the cube studio ap I gets built, we're gonna need to call you guys up to to help us secure the cube data. >>Absolutely right. Absolutely. >>Hey, thanks for coming on the q Great uh, great insight and thanks for sharing about sequence. Appreciate you coming on, >>appreciate the time. >>Okay. It's a cube conversation here in Palo alto with remote guests. I'm john for your host. Thanks for watching. Yeah.

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 Special coverage sponsored by AWS Global Partner Network. Right. Welcome back to the cubes. Live coverage of AWS reinvent 2020 were virtual this year. We're not in person. We have to do it remote but the Cuba's virtual And I'm John for your host here with Cube Virtual next guest, Sarah Cooper, who is the general manager of the i o T Solutions with a W s. Sarah. Great to see you. Eso you last year in person. In real life, now we're remote. But thanks for coming on. Thank you. >>Thanks, John. Always good to be on the Cube and great to see you again. I don't know how many years it's been from our initial meeting, but it's been a few. >>Well, we gotta we gotta cube search engine. You were on in 2016, but we saw each other last year on when we're riffing on the i o t. News. A lot of great stuff. I mean, from Speed Racer all the way down through all the industrial stuff. Even more this year. But two things that jumped out at me this year. War is the carrier keynote and also the BlackBerry kind of automotive thing again speaks to kind of two megatrends. Obviously, automotive will get to a second, but the carrier announcement was really interesting. You guys did this thing and I was so impressed with the cold chain, uh, product. It was the connected cold chain. It was called, Um, this is where the carrier, which is known for air conditioning This is critical I o t devices that stays with the vaccines involved. Take a minute to explain what the cold chain connected cold chain project waas. >>Yeah, absolutely. So. So we worked closely and are working closely with Carrier on on a product called Links Now Cold chain. Um, as Dave Gitlin, the CEO of Carrier, described in Andy's keynote eyes about moving perishable goods, things that need certain temperature ranges from point A to point B and that usually it sounds simple. Uh, that's not quite so simple. It's usually you know, least you know, 5 to 25 hops, sometimes as much as 40. Andi zehr these air partial goods This is food. This is medicines. This is vaccines. Very hot topic at the moment. And today you know you're moving between ships and those big tractor trailers, and you've got warehouses with refrigeration units and you've got retail grocery stores with refrigeration units thes air, all different data sources that are owned by different. You know, members of that supply chain that value chain and to end. And so what links does is it pulls the data from all of the curier equipment and then pulls that data and looks across all of this information, using things like machine learning to draw inference and relationship and then be allows us to be able to make smart recommendations on things like routes. Or, if you know, a particular produce might need to stop before its original event to make sure it's got long shelf life. It allows us basically to provide that transparency and toe end, which is so difficult because of the number of players. And it's in part due to curious breath of products. And then, you know, with AWS, we're bringing the digital technology side. We got the i o t. The M l. A lot of big data processing pieces, eh? So we're really excited about that. I have to say It's one of the easiest projects to hire for when you talk about making sure that we're able to reduce food waste from the current 30 to 40% or that we're working on making sure that vaccines are efficacious by the time that they get a vaccination site, engineers sign up pretty quickly. >>You know the cliche. You know, mission driven companies. They're always kind of like people love the work for mission driven companies. In this case, you have a project and group that literally is changing the world. If you think about just the life savings on the on the on the vaccine side, that's obvious. We all can relate to that now with covert on full display. But just in terms of energy consumption, on food, ways to perishables if you get the costs involved to society, hunger around the world. Uh, just >>food is >>just wasted, and there are people starving, right? So when you start looking at this as an instrumentation problem, right, it gets really interesting. So you mentioned supply chain value chain. This is I o t potentially, even Blockchain again. This is a key change. The world area. You guys have a multi year deal with Carrier, So validation. What does that mean? Specifically, you guys gonna provide cloud services? Um, what's that all mean? >>Yeah. So we were bringing our engineering talent as this carrier. This is a code development, so we're actually jointly developing together. They bring a lot of the domain expertise they bring, you know, years and years of experience in refrigeration, Um, and in, you know, track and trace of these products. And we bring engineers who have vast experience at scale in these kinds of inference, challenges and and data management and data quality. And so it's really kind of bringing the best of both worlds. And you see this happening more and more. I think in general, where you've got a company like AWS that has strong digital expertise and a history of product innovation, working with customers that are very innovative themselves, but typically have been innovative in in, you know, traditional hardware products and the two worlds coming together to make sure that we can really solve some of the big challenges that are facing our society today. And, um, again, you know, it's great to wake up in the morning and get to work on a project that has that kind of impact. >>Well, before we move on to the whole BlackBerry automotive thing, which is another whole fascinating thing share something that people might not know about this carrier project. That's important. Um, whether it's something anecdotal, something that you know, Um, that's important. What, what what's what's What else is there that's game changing that you think is important to point out? >>Yeah, you know, I don't know that when we first started working with Carrier on on scoping this project that I had really thought through all the different players that are touched by cold chain. Um, certainly we've got a number of them within Amazon with our our fulfillment technologies and our grocery stores. That that's logical. Um, you think about the shippers and people who are out, you know, um, farming. And you know, I mean, crabmeat is something that moves in these big refrigerated containers, but actually there's there are transportation companies. There's drivers of these big rigs that need to make sure that they're being that they have fuel consumption management. You've got customers, you know, really kind of throughout that piece, freight forwarders. And so really the breath of the people that are touched, not just you and I is consumers of of perishable goods and fruits and produce on DNA medicines, but also really, that full end to end ecosystem on that's That's both the exciting part from A from a business standpoint, but also the exciting part from the technology stand. >>Well, it's great work, and I applaud you for it's one of those things where foodways isn't just a supply chain impacts the rest of the world because you're more efficient. You could distribute food, toe other places where people are hungry and just its overall impact is huge trickle effect. So impact is huge. Okay, now let's talk about the automotive peace. Because last year we had on the Cube folks from BlackBerry and remember them came on like BlackBerry. Isn't that the phone that went extinct by the iPhone? No, no. There's a whole nother io ti automotive thing around. Ivy Ivy? Why intelligent vehicle data platform? You guys just announced a multiyear agreement with them to develop that product combined with some of the I O. T and machine learning. Could you take him in to explain what this relationship is. What does it mean? What does it mean for the industry? >>Yeah, it's It's similar to the carrier relationship. You know we are. We're engineering together. Um, in this instance Q and X, which is a division of BlackBerry, is in 175 million vehicles. I mean, just think about that. They're running under the covers, and they are. They are a safety security layer and a real time operating system. So you know, when you think about all of the products, really end end in Q and X isn't just in automotives. It's in nuclear power plants. It's in manufacturing automation. It's one of those products that that you probably benefit from, but you didn't know it. Um, and in the automotive space, it's the piece that manages the safety certified layers of data coming off of sensors in the car. And so, fundamentally, what we're doing with Ivy is we're up leveling that information today. If you think about a car, you've got 1500 suppliers that are all providing parts into that far, which means that different makes and models have different seats. Sensors to give you wait in the back, you know, seat as an example. And so if do you want to write an application that tries to determine if that weight in the back seat is your dog or not, my dog happens to be bothering me at the moment. Z. >>That's one of the benefits of working at home. You know? >>Absolutely. So we'll use him as an excuse here. But if you want to know if that's a dog on the back seat, um, being able Thio, then figure out the PC electric measurements and the algorithms, um means you have to know what sensors air in that back seat, which means you got to write essentially an application Pir sensor manufacturer for vehicle make and model That doesn't work so fundamentally What Ivy does, is it? It abstracts away the differences between the vendors and then it up levels information by using machine learning and analytics running in the car. To be able to allow a developer to say, you know, a P I. Is there a dog in the car like How simple is that? I don't have to figure out what the weight measurement is. I don't know. I have to know if there's cameras in the car or if there's some other way to know. If the dog I just need to ask, Is there dog in the car? And the A P. I, for my view, will tell you yes, No, or I don't know, you know, because sometimes there isn't the technology to know that. And then the application developer can then use that information to build delightful experiences, things that make your dog behave, hopefully, things that might help protect them on a hot day. Um, you know, in things where you know that if there's a child in the car, you don't play explicit lyrics. If they're fighting in the back seat, you make sure that the cartoons go off until they behave themselves and cartoons come back on. There are lots of in vehicle experiences that can be enabled by this as well as vehicle operations. So, you know, being able to do >>yeah and all that stuff. >>Yeah, Selective recalls making sure that Onley cars that are actually affected need to come in and making sure that that you know, that's that's quantified and that, you know, it is actually safe to drive to the point of recall. All of that could be done on a vehicle by vehicle basis. >>So are you competing with car companies now? >>No, fundamentally, the oe EMS are the Are the companies that that the car manufacturers are those that end up delivering this capability and they own the data. You know, this isn't something where BlackBerry or A W S owns the data the auto manufacturers dio so it's there platforms to make a delightful experience out of, um, we're just helping to make sure that that's as easy as possible and opening up. You know, the potential innovation so that it's, you know, it's certainly their developers internally. But if they want take advantage of the millions of AWS developers now, they could do that. >>Sarah, Great to have you on one of the things. I just want a final questions or final point. Let's get your reaction to Is that it seems to me with the cloud in this post covert scale error when you start to get into edge, um, you know, industrial I o t. You hear things like instrumentation supply chain, these air buzzwords, these air kind of characteristics all kind of in play. But the other observation is partnerships, arm or co engineering. Co development vibe. Is that just unique? Thio what you're doing? Or do you see this as kind of as a template for partnering? Because when you start to get these abstraction layers, the heavy lifting can be under the covers. You have this enablement model. What's your quick take on this? >>Yeah, I think we talk about undifferentiated heavy lifting, a lot of Amazon on defunding mentally. That's different for each industry. And he talked about that. His keynote. And so I think you know you'll see more and more co development and co engineering coming from from companies across when we have big technical challenges and these air complex problems to solve it takes a village >>awesome. Sarah Cooper Thanks for coming on GM of Iot. TIF Solutions A. The best to great success stories. The carrier and Blackberry, one Automotive with Black Braids operating system that powers the safety and for cars and, hopefully, future of application, development and carrier, with the cold connected chain delivering perishable goods, vaccines and food. Changing the game. That's a game changer. Thanks for coming on. >>Thanks, John appreciate. Always good to see you. >>Okay. Cube coverage. Jump shot for your host. Stay with us from or coverage throughout the day and all next couple weeks. Thanks for watching. Yeah. Mhm.

>> Live from San Diego, California It's the queue covering Sisqo Live US 2019 Tio by Cisco and its ecosystem. Barker's >> Welcome Back. The Cuba's Live at Cisco Live, San Diego, California That's your sunny San Diego. I'm Lisa Martin and my co hostess day Volante. Dave and I are gonna be talking about Baraki with Tony Carmichael, product manager A P I and developer platforms from San Francisco Muraki Tony, welcome. >> Yeah, Thank you. I'm super happy to be here. >> So you were in this really cool Muraki T shirt. I got that work and get one of those. >> We can get one >> for you for sure. Right. This is Muraki. Take over. Our here in the definite zone. This definite zone has been jam packed yesterday. All day Today, people are excited talking a little bit about what Muraki is. And let's talk about what the takeover isn't. What people are having the chance to learn right now. >> Sure. Yes. Oma Rocky, founded in two thousand six. I can't believe it's been over 10 years now. Way really started with the mission of simplifying technology, simplifying it, making it easy to manage and doing so through a cloud managed network. So that's really what Muraki was founded. And then, in 2012 Iraqi was acquired by Cisco. So we continue to grow, you know, triple digit, double digit growth every single year on, we've expanded the portfolio. Now we've got wireless way. Actually, just announced WiFi six capabilities. We got switching. We've got security appliances, we've got video cameras and then on top of all of that, we've got a platform to manage it so you can go in. And if you're in it, it's all about. Is it connected? Is it online? And if there's a problem solving it quickly, right And so that's why we're really here, a deb net and doing the take over because we're seeing this transition in the industry where you know, really is more about being able to just get the job done and work smart, not hard on. And a lot of times AP eyes and having a really simple a platform to do that is paramount, right? So that's what we're talking about here and the takeover. Just answer. The other question is on our here, where we just basically everything is Muraki, right? So we're doing training sessions were doing labs reading education and some fun, too. So reading social media and we've got beers. If you want to come up and have a beer with us as well, >> all right, hit the definite is on for that. >> So how does how does WiFi six effect, for example, what you guys are doing it. Muraki. >> Yeah, so that's a That's a really great question. So WiFi six means, you know, faster and more reliable, right? That is fundamentally what it's all about now. WiFi over the years has very quickly transitioned from, like, nice tohave. Teo, You know, you and I check into our hotel, and within seconds we want to be online talking to our family, right? So it's no longer best efforts must have, whether it's in a hospital, hotel or in office environment. WiFi six ads. You know a lot of new features and functionality, and this is true from Rocky for Cisco at large, and it's all about speed and reliability right now on the developer side. And this is a lot of what we're talking about here. A definite it also opens up completely new potential opportunities for developers. So if you think about, You know, when you go to a concert, for example, and you see a crowd of 30,000 people and they're doing things like lighting up lanyards the plumbing, right? The stuff making that tic is you know, it has to work at scale with 30,000 people or more, and that's all being delivered through WiFi technology. So it opens up not just the potential for us, maybe as as concertgoers, but for the developer being able to do really, really cool things for tech in real time. >> So you talked about a simplification, was kind of a mission of the company when it started, and it had some serious chops behind it. I think Sequoia Google was involved as well, right? So, anyway, were you able to our how have you affected complexity of security ableto Dr Simplification into that part of the stack? >> So that's a fantastic question. If you think about you know, this shift towards a cloud connected world not just for Muraki, but for for all devices, right, consumer ipads, iPhones and writhe thing that opens up from a security standpoint is that you have the ability from a zero day right, so you had a zero day vulnerability. You know, it gets reported to the vendor within seconds or minutes. You could roll out, uh, patch to that. Right, That is that is a very new kind of thing, right? And with Muraki, we've had a variety of vulnerabilities. We also work with the Talis T Mat Sisko who are, you know, they've got over 10 or 50 researchers worldwide that are finding these vulnerabilities proactively and again within, you know, certainly within a 24 hour period, because we've got that connectivity toe every single device around the globe. Customers now Khun rely on depend on us to get that patch out sometimes while they sleep right, which is really like it sounds nice. And it sounds great from a marketing standpoint, but it's really all right. We have retailers that, you know, they're running their business on this technology. They have to remain compliant. And any vulnerability like that, you've got to get it fixed right before it becomes a newsworthy, for example. >> So as networks have dramatically transformed changed as a cisco and the last you know, you can't name the number of years time we look at the demands of the network, the amount of data they mount. A video data being projected, you know, like 80% plus of data in 80 2022 is going to be video data. So in that construct of customers in any industry need to be able to get data from point A to point B across. You know, the proliferation of coyote devices edge core. How can Muraki be a facilitator of that network automation that's critical for businesses to do in order to be competitive? >> Yeah, so it's a fantastic question. I think it's something that's at the heart of what every I T operation is thinking about, right? You hear about, you know, digitization. What does that mean? It means supporting the business and whatever things, whatever they're trying to do. And a lot of times nowadays, it is video. It's being able to connect in real time with a team that's maybe working across the globe now to get right to your question. There's two things that that Muraki is delivering on that really enables it teams right to deliver on that promise or that really it's more an expectation, right? The first you know, we've got a serious of technologies, including rst one product. That a lot for you to really get the most efficient, effective use out of your win connectivity, right? So being able to bring in broadband, bringing whatever circuits you can get ahold of and then do you know application delivery that is just reliable in dependable Catskill? Thie. Other aspect to this is giving data and insights to the teams that are responsible, reliable for that delivery. And this is where ap isa Really, Really. You know, it's really at the heart of all of this because if you're operating more than, say, 50 sites, right, there's lots of beautiful ways that we can visualize this right, and we can, you know, add reports that give you top 10. But the thing is, depending on your business, depending on your industry, different things they're gonna matter. So this is where Iraqi is investing in an open platform and making it super easy to run system wide reports and queries on you know which sites were slow, which sites were fast, prioritizing the ones that really needs some love right? And giving data back to the teams that have those Big Harry questions that need to get answered. Whether it's you know, you're C suite that saying Are we out of the way or just a really proactive team? That's just trying to make sure that the employees experiences good. >> What about some of the cool tools you guys are doing? Like talking about them Iraqi camera? >> Oh, yeah. I mean, so the other thing I was thinking of when you asked about this was, you know, video as a delivery medium. Of course it's necessary when you're doing, you know, video conference saying and things like that. But when we look at, say, the Muraki M V, which is really our latest product innovation, it's really us kind of taking the architecture of, ah, typical videos, surveillance system and flipping on its head, making it really easy to deploy Really simple, no matter where in the world you are to connect and see that video footage right? The other thing we're learning, though, is that why do people watch video surveillance? Either You're responding to an incident, right? So someone tripped and fell. There was an incident. Someone stole someone or someone sold something, or you're just trying to understand behavioral patterns. So when it comes to video, it's not always about the raw footage. It's really about extracting what we often call like metadata, right? So them rocky envy Some of the really cool innovations happening on that product right now are giving customers the end state visualization. Whether that's show me all the people in real time in the in the frame, give me a count of how many people visited this frame in the last hour. Right? So imagine we have cameras all over. We want to know what those what those trends and peaks and valleys look like rate. That's actually what we're after. No one wants to sit there looking at a screen counting people s. So this is where we're starting to see this total shift in how video can be analyzed and used for business purposes >> are able to detect anomalies. You're basically using analytics. Okay. Show me when something changes. >> That's right. Right. And we've seen some incredibly cool things being built with our FBI. So we've got a cinema, a really large customer, cinemas all over. And they're doing these immersive experiences where they're using the cameras. A sensor on DH. There saying, OK, when there's more than a handful of people. So we've got kind of a crowding within the communal spaces of the cinema Changed the digital sign Ege, right? Make it a really immersive experience. Now, they didn't buy the cameras for that. They bought the cameras for security, right? But why not? Also, then two birds, one stone, right? Use that investment and use it as a data sensor. Feed that in and make it completely new experience for people in the environment. >> Well, I couldn't so I can see the use case to excuse me for for, like, security a large venue. Oh, yeah. Big time >> infected. Thank you de mode along that front >> easy. And Mandy >> dio definite create where there wasa like a stalker. Yeah, where there was, like, a soccer match. And they're showing this footage and asking everyone What did you see happen? You know, a few seconds and actually what they did was using Iraqi. They were able to zero in on a fight that was breaking out, alert the then use security team and dispatch them within a very short period of time. >> Yeah, and we've seen like there's amazing there's tons of use cases. But that's a great example where you've got large crowds really dynamic environment, and you're not again. You don't want to necessarily have to have folks just looking at that feed waiting for something to happen. You want an intelligence system that can tell you when something happens? Right? So we've seen a ton of really cool use cases being built on. We're gonna continue to invest in those open AP eyes so that our customer, you know, we can move at the speed of our customers, right? Because I'm a rocky like, ultimately, our mission is like, simple i t. There's different layers of simple, Like what matters to a customer is like getting what they need to get done. Done. Um, we want way. Want to really be ableto enable them to innovate quickly. Ap eyes really are the center of that. >> Yeah, and so talk a little bit more about your relationship with definite how you fit in to that on the symbiotic. You know, nature. Yeah, Iraqi and definite. >> I would love to. So we've been working with with Suzie and the and the definite team now for really, since the start of definite, and I think it's brilliant, right? Because Sisko were, of course, like from a networking standpoint, we're always at the forefront. But what we started to see early on and I certainly wasn't the visionary here was this transition from, you know, just just like your core. Quintessential networking tio starting toe like Bring together Your network stack with the ability is also right and rapidly developed applications. So that was kind of the, you know, the precipice of Like Bringing Together and founding Dev. Net. And we've been with definite sense, which which, you know, it's been exciting. It's also really influence where our direction right? Because it's a lot for us to see what our customers trying to dio, How are they trying to do it? And how can we, from the product side, enable that three FBI's but then work with Dev Net to actually bring, you know, bring That's a life. So we've got, you know, developer evangelists working with customers. We've got solution architects, working with customers, building incredibly cool things and then putting it back out into the open source community, building that community. I mean, that is really where we've had in a maze. Amazing relationship with definite rate that that has been huge. Like we've seen our adoption and usage just absolutely shoot through the roof. We're at 45,000,000 requests per day on DH. Straight up, like could have been done without >> having that visions. Amazing. We have Susie on in a minute. But I mean, I >> Why do you think >> other sort of traditional companies, you know in the computer business haven't created something similar? I mean, seems like Cisco has figured out Debs and traditional hardware companies haven't so >> It's a really good question, like at the end of the day, it's an investment, right? Like I think a lot of companies like they tend to be quite tactical. Um, and look at okay, like maybe here we are now and here's where we're going. But it's an investment, and customers really say OK, this is the thing that they're trying accomplish, and we're not going to keep it closed and closed source and try to develop intellectual property. We're going to enable and empower on ecosystem to do that. Now I think like you're quickly starting to see this trend, right? Like certainly I wouldn't say that Muraki or Cisco are the only ones that are doing this, which is this, you know, cultivation of technology partners that are building turnkey solutions for customers. You know, cultivation of customers and enabling them to be able to build. And you create things that perhaps Cisco might not even ever think about. But But that is a shift in mentality, I think right, and I think like we're starting to see this more in the industry. But I am proud to say that like we were right on that bleeding edge and now we're able to ride that wave. Iraqis also had the luxury of being cloud native for a cloud board. It's our technology has always been, you know, at a place where if we want to deploy or create a new a p i n point that provides new data like literally, the team behind me can take that from prototype to production to test it into a customer within weeks on. And that is in many cases, what we're doing. >> It seems to me looking kind of alluding to Dave's point from a Cisco overall perspective, a company that has been doing customer partner events for 30 years. What started this networker? We now notices go live a large organization. Large organizations are not historically known for pivoting quickly or necessarily being developer friendly to this. Seems to me what definite has generated in just five short years seems to be a competitive differentiator that Cisco should be leveraging because it's it's truly developer family. >> I could not agree more. I mean the and this goes right to the core of what, uh What I think has made us so successful, Which is this, you know, this idea that at the heart of everything we do, we have to think about not just the customer experience right, which is like, What does it look like toe by what does look like toe unbox? What does it look like to install and what his day to look like? But also, and very importantly, distinct track around thinking about developer experience, developer experience like when your first building AP eyes and things like it's easy to say. OK, this is what they need. This is what they want. But Cisco, and really definite more than anything, has gotten to the heart of way have to think about the way these AP eyes look, the way they shape of their responses, the data they contain, the ease of use, the scale at which they operate and how easy it is to actually build on that. Right? So that's where you're going to start seeing more and more of our kind of S, T K's and libraries and just a lot of like we just this week launched the automation exchange that is again right at the center of We're listening. And we're not just listening to the customers who are trying to deploy 4,000 sites in a in a month or two. Um, we're also listening to the developers and what the challenge is that they're facing, right? Um, I'd love to see more of this. I mean, we're seeing a huge amount of adoption across Cisco. Um, and I think that there's other you know, there's plenty about their tech companies, you know that are that are really, I think, just helping push this forward right. Adding momentum to it. >> Speaking of momentum in the Iraqi momentum's going that way. I >> mean, it's good. Yeah, I would agree with you. >> Well, Tony, it's been a pleasure having you on the program. Absolutely. Success. Were excited to talk to Susie next. And it's like this unlimited possibilities zone here. Thank you so much for your time. >> Absolutely thanks so much Happy to be here. >> Alright for David Dante, I am Lisa Martin. You're watching the Cube live from Cisco Live San Diego. Thanks for watching.