(upbeat intro) >> From our studios in the heart of Silicon Valley, Palo Alto California, this is a CUBE conversation. >> Hello everyone, welcome to the Palo Alto studios of theCUBE, I'm John Furrier host of theCUBE, we're here with a special power panel on industrial IOT, also known as IIOT, industrial IOT, and cybersecurity, with the theme being apocalypse now or later, when will the rug be pulled out from everyone, when will people have to make a move on making sure that the network and security are all teed up and all locked down, as IOT increases the surface area of networks, industrial IOT, where critical equipment or infrastructure is being run for businesses. Got a great panel here, we got Gabe Lowy who's the founder and CEO of Tectonic Advisors, and author of an upcoming research paper on this particular topic. Bryan Skene, vice president of product development at Tempered Networks, and Greg Ness, the CMO, who happened to be available to join us from Tempered Networks as well. Guys, thanks for spending the time to come on this power panel. >> Great to be here. >> So, convergence is a theme we've heard every wave of innovation, the convergence of this, the convergence of networks and apps. Now more than ever, there's a confluence of multiple waves of convergence happening, you're seeing it right now, infrastructure turned into cloud, big data turned into machine learning and AI, you've got future infrastructure like Blockchain around the corner, but in the middle of all this, the security, data, networking, this is kind of the beginning of a cloud 2.0 dynamic, where pure cloud is great for computing network, you native born in the cloud, you scale it up, it's great. Still got challenges but if you're a large company, and you want to actually operate cloud scale anything, and have instrumentation, internet of things, devices, sensors, in factory's, in plants, in cars, your game is changing, if it's connected to the network, it's got power and connectivity, a terrorist, a hacker, a digital terrorist can come in and do all kinds of damage. This is the topic. So Greg, we talked about this panel, what was the motivation for this, what's your thoughts? >> Well, it occurred to us that you know, as you look at all the connectivity that's you know, underway, billions of devices being connected, the level of scale, complexity, and the porosity of what's being connected, is just really incomprehensible, to the people that developed the internet, and it's raising a lot of issues. All around, basically, the number of devices the inability to protect and secure and update those devices, and the sheer amount of money and effort that would have to be applied to protect them is beyond the scope of current IT security stuff. IT's not ready. >> IT, certainly, you and I talk about this all the time, but you know, I love the hype and you know, digital transformation's going to save the world Gabe, talk about the dynamics because the title of this panel, really the subtitle is apocalypse now or later, and this seems to be the modus operandus is that you know, you know what has to hit the fan before any action is taken, you see Capital One, there isn't a day gone by where there's some major breach, major hack, it's a firewall for Capital One, going to an open S3 bucket from some girl whose bragging about it on Twitter, wasn't really a serious hacker, then you've got adversaries that are organized, whether it's state sponsored and or real money making underbelly activities happening, you know there are digital terrorists out there, there are digital thieves, the surface area with IOT is absolutely opened up, we kind of know that, but industrial IOT, just talking about industrial equipment, industrial activities, whether it's critical infrastructure or planting equipment for a company, this is a huge digital problem. What's your take, what's your thesis? >> Yes it is, and building on what Greg said, there's an interesting gap from both sides. The first is that this industrial equipment or critical infrastructure, some of it goes back 20, 25 years. It was not architected to be connected to the internet, but yet with this digital transformation that you eluded to, companies want to find ways of getting that data, putting it into various analytics engines to improve cost efficiencies or decision outcomes. But how do you do that with a lot of equipment out there that runs on different operating systems and really was not built for internet connections. The other side of the gap is that your traditional IT security technologies, firewalls, intrusion protection, VPN's, they in turn were not built or architected to secure this IIOT infrastructure. And that gap creates the vulnerability that opens the door for cyber criminals to come in, or state sponsored cyber attackers to come in and do some serious damage. >> Bryan, I want you to weight in here. You're a network guy, you've been around the block, you've seen the networks evolve, the primitives were clear, the building blocks internet were, the DNS ran, most of what the internet right now, whether you're talking about from the marketing to routing, it's all DNS based, it's IP addresses as well under that. So you've got the IP address, you've got DNS, what else is there? What can be done? Why aren't these problems being solved by traditional firewalls and traditional players out there, is it just the limitation of the infrastructure? Or is there just more cultural DNA, you've got to evolve, what's your take on this? >> Yeah, um the way I think about this is that the internet that we know and we use was mostly built for human beings, I mean, it's been built for humans to use it, humans have discriminating tastes, they decide what to click on, for the most part they are skeptical, they learn through trial and error what's happened with- when people try to fool other people, a machine or you know, you've got a webpage and it's got something misleading, you learn that, you don't click on that any more. And the infrastructure we have today is built to help people avoid these problems, as well as drop packets when they can detect that something is just absolutely wrong. But machines, they don't know any of that, they're not discriminating, they've been built to, well if it's going to be on a network, to trust everything that's talking to them, and to send data and assume that the other side is also trusting them and just acting on the data. So it's just a fundamentally different problem, you know what traditionally the machine networks have had air gaps, they've been air gapped away from any other kinds of data or potential threat. And those air gaps are gone. >> So air gaps were supposed to save us, weren't they? But they're not are they? >> Well, they kept us going as Gabe alluded, for 20 -25 years, machines have been operating, operating critical infrastructure, but you know, with digitalization, with the opportunity to look at that data in the cloud, and do machine learning, and by the way machine learning's being done in the cloud just for scale, so the problem with getting the data from machines, or other things back into the cloud is a huge issue, and if there's an air gap between say the cloud and the thing, we might be somewhere. >> So a lot of incompatible architectures relative to what everyone's doing with cloud, and say hybrid and multi cloud. Gabe, you know the two worlds of information technology or IT people, and operational technology people, that tend to run the IOT world, you know you do sensors to factory floors to whatever, called OT people, operational technologies. I've always said that's a train wreck between those two cultures, they kind of don't like each other. You got IT guys, they're stacking and racking equipment, OT guys, stay out of my world I run propietary stacks, it's lockdown. Pretty locked down from a security standpoint, IT are pretty promiscuous just in the nature of it. As those two worlds collide, is that the thesis of the catastrophe model, as you see that world coming together, what's your thoughts on this? >> Yes, good question. That world has to come together, and I'll give you an analogy to this. About 10, 12 years ago, a lot of people were doubtful that Devops would ever take off, 'cause development guys really didn't like operations guys, they didn't like dealing with them. Here we are 10 years or so later, and everyone's pretty much adopted it, and they're seeing the benefits of it. This OT IT convergence takes it to a much higher level, because the stakes are so much higher, because a cyber attack can cause catastrophic damage. And as a result, these two teams are not only going to have to work together in harmony, but they're going to have to learn each other's stacks in the case of the OT guys, it's their traditional OSI networking stack for IT networks. And for the IT guys, they're going to have to learn the Purdue model, which was the model that's principally used in architecting these OT systems. And unless these two teams do work together, the vulnerabilities and probabilities for a catastrophic event increases significantly. >> That's a great example, Devops was poo-pooed on earlier on, I mean Greg, we were back in 2008 riffing on this, now it's the mainstream. Agilities come from it, the Lean startup, all kinds of cool things, people are talking about, we love cloud, great. Now we bring the OT world together, and IT world together, Gabe, what is the benefit, what is the key ethos around operating technologies and IT guys coming together? Because you know, dev ops would simply abstract away the complexity so developers don't have to do configuration and management, all that provisioning stuff, and still have the reliability. They called it infrastructure as code, so Devops was infrastructure as code, what's the ethos of the two worlds coming together from IT and OT? >> I think the ethos is at a very high level, it's risk management. Because the stakes are so high that the types of losses that could be incurred, you know you mentioned Capital One at the top of the program, yes those are financial losses, but imagine if the losses resulted in thousands or tens of thousands of people getting infected, or perhaps dying. So the need for these two teams to work together is absolutely critical, and so I'd say the key strategic approach to this, both from the IT and the OT side, is to go into it- into strategy or cyber strategy with the premise that the company has already been compromised. And so that starts to get your thinking away from legacy types of technologies that were not architected to prevent these new threats, or defend against them, and now these teams have to start working together from a totally different standpoint, to try and prevent the risks of those catastrophic losses. >> Greg, I want to get your thoughts, you've been in the IT businesses for a long time, you've been a major player in it, historian as well as us in IT, what do you see as contrast between the two cultures of IT and OT, because you got to lock down these networks, you got to have the teamwork between the two, because the surface area with IOT and industrial IOT is so massive, it's so complicated yet it's an opportunity at the same time it's an exposure, I mean just people working at home in IT, I mean the home is a great place to target people because all you got to do is get that light bulb from nest and you're at a fully threaded processor, you could run malware and get all the passwords from the person working at home. So again, from home to industrial, does IT even have the chops to get there? >> Not the way they're architected today around the TCP- IP stack, and that's the challenge, right? So from the 90's to this era, whether it's the mainframes to the networks to the internet to the enterprise web et cetera, compared to this we've had relatively incremental change, as surprising as that sounds. You know, devices being added and every year, every other year, every three years, people are upgrading those endpoints, they're adding more sophisticated security. But this world that you referred to, the world's in collision. It's not evolving at all in parallel. So, you've got devices with no security in mind they're being connected, and you know, calling it the industrial internet of things almost underwhelms what the risk is, it should be the internet of places or spaces, because what these devices can control, control of a factory, a hospital, et cetera, and you think back you know, yes you've got historical perspective, you don't have to go back very far when the Russians were attacking Ukraine, you know, WannaCry, NotPetya, you know they spread all over the place in a matter of weeks, UK hospitals were running on carbon paper, postponing procedures, Maersk shipping had they're shipping- they lost control of their ships at sea, and now you've got VxWorks coming along, saying you know, you're going to have to update that, because there's some serious vulnerabilities here, VxWorks is deployed to cross billions of devices, so I don't think historically there's really a precedent, I mean, if you want to tap into a common interest with military history, you don't even have the semblance of a Maginot Line, and that was a pretty imperfect protection scheme. >> I mean, the opportunity to infect governments, take 'em down within misinformation to actually harming people say through hospital hacks for instance, you know, people could- lives were in danger. And there's also other threats, I mean, you mentioned, it takes one device to be penetrated, at home or at work, I saw an article, came across my desk I saw IBM did some research, this concept of war shipping, where hackers ship their exploits directly on WiFi devices, so people get these devices, hey, free you know, nest light bulb or whatever's going on, they install in their home, oh it's got, I got a free WiFi router, uh-uh, it's got built in malware. It's just got WiFi connectivity. So again, the exploits are getting more complicated, Bryan, the network has to be smart. At the end of the day, this cloud 2.0 theme is beyond compute and storage, networking and security are two underdeveloped areas that need to evolve very quickly to solve these problems, what's your take on this. >> Well, my take on that is that our approach is that if the network has to be so smart that it can watch everything and understand what's good and bad, then we're doomed, so we're going to need to also combine watching packets, the traditional method, deep packet inspection, with divide and conquer. Frankly, it's-as Tom and I said before, the air gaps are gone for OT. I think we need to figure out a way to divide up the networks of things, and give them clean networks if possible, and try to segment them away from the network that the rest of the things are on. So, you know, we don't have enough compute power, we don't have enough memory and resources, but that's not really the fit. We just don't understand what is good traffic versus bad traffic, and we talk about Day Zero attack, and we talk about, try to chase that down with signatures, and you know the- you can watch transactions, people say AI and machine learning, but machine learning means learning good and bad from people. >> How do companies fix this, what's the answer to all this, or is there one? Or it's just going to take catastrophic loss to wake people up? >> Well we can't react to the problem, that's one thing that we all can probably- we all know that if we wait for the catastrophe, and then we try to react to that and solve it, that it's already gone, it's too late. I mean, this is a geometric expansion in complexity of the problem, I don't think there's a silver bullet, I think that there's going to be several things that need to be done, one is to keep inspecting traffic, but another one is again segmenting things that should be talking to each other, away from things that they should not be talking to. And trying to control the peers in the network of things. And you know, Greg something you said reminded me, fundamentally with networking, the TCP-IP, we are using the IP address, to mean the location say if we're talking about places, we're talking about the location of something and the identity of that thing, and most of our security policies, are spelled out in terms of something, an IP address, that is not under our control, and the network has to be kind of so complex as it is growing, with mass proxies, you know, motion, mobility, things are moving. A lot of this wasn't foreseen. >> So, Gabe and Greg, do we have to build new software, a new naming system? Do we have to kind of level up and put an extraction layer on top of the existing systems? What's the answer? >> The answer is a layered approach. Because to try and do a complete rebuild or a retrofit particularly with different operating systems, different versions, incompatible systems, billions of devices, and various types of security solutions that were not built for this, that's not a practical solution. So you've really got to go with an overlay strategy, people are always going to be the vulnerability, they'll fall for fishing attacks, that's why the strategy is that we're already compromised. So if the attacker is already in our network, how do we contain them from doing serious damage? So one strategy for this is micro-segmentation, which is a much more granular approach, to prevent that lateral movement once the attacker is inside the network. And then when you go from there, you can pair that with host identity protocol which has been around for a while, but that was architected specifically to address the networking and security requirements for IIOT environment, because it addresses that gap that we were talking about between traditional security solutions that lack this functionality, and it only allows white-listed communications between hosts or devices that are already approved and only approved to communicate with one another. So you could effectively do a lockdown even if the attacker is already inside your network. >> I want to get back to some of the criteria on this, and I want to also put the plug in for the TechTonic advisors report that's coming out that you are the author of, called securing critical infrastructure against cyber attacks, I read it, great paper. The line that I read, I want to get your thoughts I'm going to read it out loud, I'd love to get your thoughts on this Gabe or anyone else who wants to chime in, it says industrial IOT cybersecurity is beyond the scope of traditional firewall and VPN solutions would struggle to keep up with the scale and variety of modern attacks. What do you mean by that? Give an example, tell me what you mean by that sentence, and what examples can you give? >> Well, I'd say the most important thing is that firewalls were initially built to protect what we call north-south traffic. In other words, traffic that's coming in from the internet into the organization and back out. But now with network expansion, cloud adoption and more and more devices, industrial devices being connected, these firewalls cannot defend against that. They simply were not architected for it, they cannot scale to those proportions, and even if you're using software only versions, those aren't effective either because they do not protect against east-west or in other words lateral traffic. So if you're an organization moving IIOT data from your OT systems across your network into IP analytics systems or software, that's lateral movement. Your firewall- traditional firewall, just not going to be able to handle that and protect against it, so in simple terms, we need a new overlay not to say that firewalls are going away any time soon, they can still protect north-south traffic, but we need a new type of overlay that can protect this type of traffic, micro-segmentation is the strategy to do that and using host identity protocol or HIP protocol is what fills that gap that your traditional security tools were not designed to protect against. >> Greg, I want you to weigh in on this, because you're in this business now, you know the IT world, the criticality of what you just said is super critical to the nature of business, you know the catastrophic example's there, but IT does not move that fast, you know IT, IT'S like molasses, I mean they're slow. What is going to light a fire under IT to get them to be sensitive, I mean it's pretty obvious, can they get there, do they have to re-structure what has to happen in the IT world, because you know, it is a catastrophic end game here if they don't nail down this traffic protection. >> Well a part of the- you know, part of it is education. Because we've been- we've seen wave and wave of incremental innovation in the network, and when it happened it seemed so big and and it produced huge market cap growth with a lot of companies, you know play this guessing game of who is really connecting to the network. And it's evolved kind of gradually, to this big leap we have ahead of us, and IT is going to have to become aware that IIOT is a fundamentally different problem and challenge to solve, and that's going to require new thinking, new purpose built, like Gabe said, approaches, anything like the traditional firewall segmentation is just not going to address what we talked about, the scale issues, the resilience right? So, some of these devices, you don't want them off for one or two percent of the time. And the implications are that it's much more serious. So I think that, you know, more types of attacks are inevitable, and they're going to be even more catastrophic, and we're all aware that NotPetya and WannaCry raised a lot of eyebrows just for how quick it spread and the damage it caused. And we've just seen VxWorks vulnerabilities being announced. We need to prepare now. >> Malware and worms are still popular, it's a problem. Well guys, thanks so much for spending the time on this panel, I'll give you the final word here, share what you think is going to happen over the next 24 months, 12 months, is it going to take catastrophic failure, what's going to happen in your mind, what's going to end up being the trajectory over the next, you know say year. >> Well, unfortunately, sometimes it might take a catastrophic event to get things moving, hopefully not, but I think there's growing recognition as IIOT is growing, that they need new ways to secure this movement of data between OT and IT, and in order to facilitate that securing of data, you're going to have to have that OT and IT convergence occur, because the risk, as you sort of eluded to earlier John, we hear in the headlines about massive data breaches and all this data that's stolen. But the risk in IIOT is not only the exfiltration of the data, the risk is that the attacker has the capacity to take over the infrastructure. And if that happens in a hospital, if it happens with a water treatment facility or government type of defense installation, the outcomes can be disastrous. So the first thing that has to happen is OT IT convergence. Second, they have to start thinking strategically from a standpoint that they have already been breached, and so that changes their viewpoint about the technologies that they have to deploy, and where they have to move to to efficiently get to what I call the iddies, and that's the- you still need the availability, you've got to have visibility into this traffic, you need reliability of this network, obviously it's got to be at scale, it's got to be manageable, and you need security. >> Well, we'd like to have you on again Gabe, because we've talked about this from a national security perspective, not only the hackers potentially risking the business risk there, there's a national security overlay because you know, if the government's attacking our businesses, that's like showing up on the shores of our country, its the government's job to protect the freedom's and safety of the citizens, that includes companies. So why are companies defending themselves with all this capability, what's the role of government in all of this, that's a very important, I think a longer conversation. So, let's pick that one up, a separate one, my favorite topic these days. Critical infrastructure even if it's just business it's the grid, it's the plants that run our country. >> And John, what I'd like to add to that is, I was talking to a friend of mine who's a CIO down here in California yesterday, and we were talking about the ransomware right, that was taking down all these cities. And you know, he goes well the difference between what you guys are talking about and that, is that you can back up your IT systems, right, into the cloud, and that's a growing business to kind of protect and then replicate game over, and he goes, can you back up a hospital? Can you back up a manufacturing plant? Can you back up a fleet of ships? You know, can you back up a control center? Not really, when you lose physical control, it's game over. And people, I think that really needs to sink in. And that was, I think in Gabe's paper when I first read it, that's what really struck me about it, this is a different ballgame. >> Well, I mean, there's many points, there's the technical point there, and there's also the societal point of- you imagine things being taken over by hackers that physically can harm people, and that's again the societal side, technically the incompatible architecture's coming home to roost now, because there's the problem right there, that's the collision that's happened I think, and a lot of education needs to happen fast, Gabe, thanks for writing that paper critical infrastructure against cyber and securing it, Bryan thanks for coming on appreciate it, you want to say, get the final word Bryan, go ahead. Your thoughts, next 12 months. >> I think that if our future, it depends on OT and IT coming together and a lot of education, a lot of change, I don't think we're going to get there, I think that what's going to happen in the next 24 months is that you know, there are lots of innovative schemes and companies and people, working on this and what we need to do is lay down infrastructure that allows OT and IT to keep operating, and not have to do a forklift upgrade and everything that they do, their processes or teach the things how to protect themselves, and again I'm going to go back to air gaps in network, make a logical air gap, if you imagine driverless cars driving around they're not going to, imagine them sharing the same network that we're using to use Snapchat and look at cities and you know, sitting on the internet and looking at Facebook. We're not going to want that. So we need to try and figure out a way to separate the location of the thing from the identity, create policies in terms of the identity, manage that a new layer, and do it in such a way that doesn't change IT. To me that's the key, 'cause I- we've said it here, IT's doesn't move that fast, they can't. It's not a matter of willpower, it's a matter of momentum and intertia. >> Well, I think the forcing function on this is going to be catastrophic event, the subtitle of this panel, apocalypse now or later. And in my opinion, Greg's been, you know, on this JetEye department of defense story. I believe this is one of the most important stories in the technology industry in a long long time, it really highlights the confluence and convergence of two differently designed infrastructure technologies, that have to in a very short time, be re-platformed at high speed, in a very fast short time frame, because the stakes are so high. So guys, thanks so much for spending the time here on this power panel, IIOT, industrial IOT and cyber security apocalypse now or later, something's going to have to happen, it has to happen fast. Gabe, Bryan, Greg thanks for taking the time. This is a cube conversation here in Palo Alto power panel, I'm John Furrier, thanks for watching. (upbeat music)

>> Is and who we are today as as a country, as a universe. >> Narrator: Congratulations Reggie Jackson, (inspirational music) you are a CUBE alumni. (upbeat music) >> Announcer: Live from Las Vegas it's theCUBE covering Splunk.Conf19. Brought to you by Splunk. >> Okay, welcome back everyone it's theCUBE's live coverage here in Las Vegas for Splunk.Conf19. I am John Furrier host of theCUBE. It's the 10th Anniversary of Splunk's .Conf user conference. Our 7th year covering it. It's been quite a ride, what a wave. Splunk keeps getting stronger and better, adding more features, and has really become a powerhouse from a third party security standpoint. We got a C-SO in theCUBE on theCUBE today. Chief Information Security, John Frushour Deputy Chief (mumbles) New York-Presbyterian The Award Winner from the Data to Everywhere Award winner, welcome by theCube. >> Thank you, thank you. >> So first of all, what is the award that you won? I missed the keynotes, I was working on a story this morning. >> Frushour: Sure, sure. >> What's the award? >> Yeah, the Data Everything award is really celebrating using Splunk kind of outside its traditional use case, you know I'm a security professional. We use Splunk. We're a Splunk Enterprise Security customer. That's kind of our daily duty. That's our primary use case for Splunk, but you know, New York Presbyterian developed the system to track narcotic diversion. We call it our medication analytics platform and we're using Splunk to track opioid diversion, slash narcotic diversions, same term, across our enterprise. So, looking for improper prescription usage, over prescription, under prescription, prescribing for deceased patients, prescribing for patients that you've never seen before, superman problems like taking one pill out of the drawer every time for the last thirty times to build up a stash. You know, not resupplying a cabinet when you should have thirty pills and you only see fifteen. What happened there? Everything's data. It's data everything. And so we use this data to try to solve this problem. >> So that's (mumbles) that's great usage we'll find the drugs, I'm going to work hard for it. But that's just an insider threat kind of concept. >> Frushour: Absolutely. >> As a C-SO, you know, security's obviously paramount. What's changed the most? 'Cause look at, I mean, just looking at Splunk over the past seven years, log files, now you got cloud native tracing, all the KPI's, >> Frushour: Sure. >> You now have massive volumes of data coming in. You got core business operations with IOT things all instrumental. >> Sure, sure. >> As a security offer, that's a pretty big surface area. >> Yeah. >> How do you look at that? What's your philosophy on that? >> You know, a lot of what we do, and my boss, the C-SO (mumbles) we look at is endpoint protection and really driving down to that smaller element of what we complete and control. I mean, ten, fifteen years ago information security was all about perimeter control, so you've got firewalls, defense and depth models. I have a firewall, I have a proxy, I have an endpoint solution, I have an AV, I have some type of data redaction capability, data masking, data labeling capability, and I think we've seen.. I don't think security's changed. I hear a lot of people say, "Oh, well, information security's so much different nowadays." No, you know, I'm a military guy. I don't think anything's changed, I think the target changed. And I think the target moved from the perimeter to the endpoint. And so we're very focused on user behavior. We're very focused on endpoint agents and what people are doing on their individual machines that could cause a risk. We're entitling and providing privilege to end users today that twenty years ago we would've never granted. You know, there was a few people with the keys to the kingdom, and inside the castle keep. Nowadays everybody's got an admin account and everybody's got some level of privilege. And it's the endpoint, it's the individual that we're most focused on, making sure that they're safe and they can operate effectively in hospitals. >> Interviewer: What are some of the tactical things that have changed? Obviously, the endpoint obviously shifted, so some tactics have to change probably again. Operationally, you still got to solve the same problem: attacks, insider threats, etc. >> Frushour: Yeah. >> What are the tactics? What new tactics have emerged that are critical to you guys? >> Yeah, that's a tough question, I mean has really anything changed? Is the game really the game? Is the con really the same con? You look at, you know, titans of security and think about guys like Kevin Mitnick that pioneered, you know, social engineering and this sort of stuff, and really... It's really just convincing a human to do something that they shouldn't do, right? >> Interviewer: Yeah. >> I mean you can read all these books about phone freaking and going in and convincing the administrative assistant that you're just late for meeting and you need to get in through that special door to get in that special room, and bingo. Then you're in a Telco closet, and you know, you've got access. Nowadays, you don't have to walk into that same administrative assistant's desk and convince 'em that you're just late for the meeting. You can send a phishing email. So the tactics, I think, have changed to be more personal and more direct. The phishing emails, the spear phishing emails, I mean, we're a large healthcare institution. We get hit with those types of target attacks every day. They come via mobile device, They come via the phishing emails. Look at the Google Play store. Just, I think, in the last month has had two apps that have had some type of backdoor or malicious content in them that got through the app store and got onto people's phones. We had to pull that off people's phones, which wasn't pretty. >> Interviewer: Yeah. >> But I think it's the same game. It's the same kind to convince humans to do stuff that they're not supposed to do. But the delivery mechanism, the tactical delivery's changed. >> Interviewer: How is Splunk involved? Cause I've always been a big fan of Splunk. People who know me know that I've pretty much been a fan boy. The way they handle large amounts of data, log files, (mumbles) >> Frushour: Sure. >> and then expand out into other areas. People love to use Splunk to bring in their data, and to bring it into, I hate to use the word data leg but I mean, Just getting... >> Yeah >> the control of the data. How is data used now in your world? Because you got a lot of things going on. You got healthcare, IOT, people. >> Frushour: Sure, sure. >> I mean lives are on the line. >> Frushour: Lives are on the line, yeah. >> And there's things you got to be aware of and data's key. What is your approach? >> Well first I'm going to shamelessly plug a quote I heard from (mumbles) this week, who leads the security practice. She said that data is the oxygen of AI, and I just, I love that quote. I think that's just a fantastic line. Data's the oxygen of AI. I wish I'd come up with it myself, but now I owe her a royalty fee. I think you could probably extend that and say data is the lifeline of Splunk. So, if you think about a use case like our medication analytics platform, we're bringing in data sources from our time clock system, our multi-factor authentication system, our remote access desktop system. Logs from our electronic medical records system, Logs from the cabinets that hold the narcotics that every time you open the door, you know, a log then is created. So, we're bringing in kind of everything that you would need to see. Aside from doing something with actual video cameras and tracking people in some augmented reality matrix whatever, we've got all the data sources to really pin down all the data that we need to pin down, "Okay, Nurse Sally, you know, you opened that cabinet on that day on your shift after you authenticated and pulled out this much Oxy and distributed it to this patient." I mean, we have a full picture and chain of everything. >> Full supply chain of everything. >> We can see everything that happens and with every new data source that's out there, the beauty of Splunk is you just add it to Splunk. I mean, the Splunk handles structured and unstructured data. Splunk handles cis log fees and JSON fees, and there's, I mean there's just, it doesn't matter You can just add that stream to Splunk, enrich those events that were reported today. We have another solution which we call the privacy platform. Really built for our privacy team. And in that scenario, kind of the same data sets. We're looking at time cards, we're looking at authentication, we're looking at access and you visited this website via this proxy on this day, but the information from the EMR is very critical because we're watching for people that open patient records when they're not supposed to. We're the number five hospital in the country. We're the number one hospital in the state of New York. We have a large (mumbles) of very important people that are our patients and people want to see those records. And so the privacy platform is designed to get audit trails for looking at all that stuff and saying, "Hey, Nurse Sally, we just saw that you looked at patient Billy's record. That's not good. Let's investigate." We have about thirty use cases for privacy. >> Interviewer: So it's not in context of what she's doing, that's where the data come in? >> That's where the data come in, I mean, it's advanced. Nurse Sally opens up the EMR and looks at patient Billy's record, maybe patient Billy wasn't on the chart, or patient Billy is a VIP, or patient Billy is, for whatever reason, not supposed to be on that docket for that nurse, on that schedule for that nurse, we're going to get an alarm. The privacy team's going to go, "Oh, well, were they supposed to look at that record?" I'm just giving you, kind of, like two or three uses cases, but there's about thirty of them. >> Yeah, sure, I mean, celebrities whether it's Donald Trump who probably went there at some point. Everyone wants to get his taxes and records to just general patient care. >> Just general patient care. Yeah, exactly, and the privacy of our patients is paramount. I mean, especially in this digital age where, like we talked about earlier, everyone's going after making a human do something silly, right? We want to ensure that our humans, our nurses, our best in class patient care professionals are not doing something with your record that they're not supposed to. >> Interviewer: Well John, I want to hear your thoughts on this story I did a couple weeks ago called the Industrial IOT Apocalypse: Now or Later? And the provocative story was simply trying to raise awareness that malware and spear phishing is just tactics for that. Endpoint is critical, obviously. >> Sure. >> You pointed that out, everyone kind of knows that . >> Sure. >> But until someone dies, until there's a catastrophe where you can take over physical equipment, whether it's a self-driving bus, >> Frushour: Yeah. >> Or go into a hospital and not just do ransom ware, >> Frushour: Absolutely. >> Actually using industrial equipment to kill people. >> Sure. >> Interviewer: To cause a lot of harm. >> Right. >> This is an industrial, kind of the hacking kind of mindset. There's a lot of conversations going on, not enough mainstream conversations, but some of the top people are talking about this. This is kind of a concern. What's your view on this? Is it something that needs to be talked about more of? Is it just BS? Should it be... Is there any signal there that's worth talking about around protecting the physical things that are attached to them? >> Oh, absolutely, I mean this is a huge, huge area of interest for us. Medical device security at New York Presbyterian, we have anywhere from about eighty to ninety thousand endpoints across the enterprise. Every ICU room in our organization has about seven to ten connected devices in the ICU room. From infusion pumps to intubation machines to heart rate monitors and SPO2 monitors, all this stuff. >> Interviewer: All IP and connected. >> All connected, right. The policy or the medium in which they're connected changes. Some are ZP and Bluetooth and hard line and WiFi, and we've got all these different protocols that they use to connect. We buy biomedical devices at volume, right? And biomedical devices have a long path towards FDA certification, so a lot of the time they're designed years before they're fielded. And when they're fielded, they come out and the device manufacturer says, "Alright, we've got this new widget. It's going to, you know, save lives, it's a great widget. It uses this protocol called TLS 1.0." And as a security professional I'm sitting there going, "Really?" Like, I'm not buying that but that's kind of the only game, that's the only widget that I can buy because that's the only widget that does that particular function and, you know, it was made. So, this is a huge problem for us is endpoint device security, ensuring there's no vulnerabilities, ensuring we're not increasing our risk profile by adding these devices to our network and endangering our patients. So it's a huge area. >> And also compatible to what you guys are thinking. Like I could imagine, like, why would you want a multi-threaded processor on a light bulb? >> Frushour: Yeah. >> I mean, scope it down, turn it on, turn it off. >> Frushour: Scope it down for its intended purpose, yeah, I mean, FDA certification is all about if the device performs its intended function. But, so we've, you know, we really leaned forward, our CSO has really leaned forward with initiatives like the S bomb. He's working closely with the FDA to develop kind of a set of baseline standards. Ports and protocols, software and services. It uses these libraries, It talks to these servers in this country. And then we have this portfolio that a security professional would say, "Okay, I accept that risk. That's okay, I'll put that on my network moving on." But this is absolutely a huge area of concern for us, and as we get more connected we are very, very leaning forward on telehealth and delivering a great patient experience from a mobile device, a phone, a tablet. That type of delivery mechanism spawns all kinds of privacy concerns, and inter-operability concerns with protocol. >> What's protected. >> Exactly. >> That's good, I love to follow up with you on that. Something we can double down on. But while we're here this morning I want to get back to data. >> Frushour: Sure. >> Thank you, by the way, for sharing that insight. Something I think's really important, industrial IOT protection. Diverse data is really feeds a lot of great machine learning. You're only as good as your next blind spot, right? And when you're doing pattern recognition by using data. >> Frushour: Absolutely. >> So data is data, right? You know, telecraft, other data. Mixing data could actually be a good thing. >> Frushour: Sure, sure. >> Most professionals would agree to that. How do you look at diverse data? Because in healthcare there's two schools of thought. There's the old, HIPAA. "We don't share anything." That client privacy, you mentioned that, to full sharing to get the maximum out of the AI or machine learning. >> Sure. >> How are you guys looking at that data, diverse data, the sharing? Cause in security sharing's good too, right? >> Sure, sure, sure. >> What's your thoughts on sharing data? >> I mean sharing data across our institutions, which we have great relationships with, in New York is very fluid at New York Presbyterian. We're a large healthcare conglomerate with a lot of disparate hospitals that came as a result of partnership and acquisition. They don't all use the same electronic health record system. I think right now we have seven in play and we're converging down to one. But that's a lot of data sharing that we have to focus on between seven different HR's. A patient could move from one institution to the next for a specialty procedure, and you got to make sure that their data goes with them. >> Yeah. >> So I think we're pretty, we're pretty decent at sharing the data when it needs to be shared. It's the other part of your question about artificial intelligence, really I go back to like dedication analytics. A large part of the medication analytics platform that we designed does a lot of anomaly detections, anomaly detection on diversion. So if we see that, let's say you're, you know, a physician and you do knee surgeries. I'm just making this up. I am not a clinician, so we're going to hear a lot of stupidity here, but bare with me. So you do knee surgeries, and you do knee surgeries once a day, every day, Monday through Friday, right? And after that knee surgery, which you do every day in cyclical form, you prescribe two thousand milligrams of Vicodin. That's your standard. And doctors, you know, they're humans. Humans are built on patterns. That's your pattern. Two thousand milligrams. That's worked for you; that's what you prescribe. But all of the sudden on Saturday, a day that you've never done a knee surgery in your life for the last twenty years, you all of a sudden perform a very invasive knee surgery procedure that apparently had a lot of complications because the duration of the procedure was way outside the bounds of all the other procedures. And if you're kind of a math geek right now you're probably thinking, "I see where he's going with this." >> Interviewer: Yeah. >> Because you just become an anomaly. And then maybe you prescribe ten thousand milligrams of Vicodin on that day. A procedure outside of your schedule with a prescription history that we've never seen before, that's the beauty of funneling this data into Splunk's ML Toolkit. And then visualizing that. I love the 3D visualization, right? Because anybody can see like, "Okay, all this stuff, the school of phish here is safe, but these I've got to focus on." >> Interviewer: Yeah. >> Right? And so we put that into the ML Toolkit and then we can see, "Okay, Dr. X.." We have ten thousand, a little over ten thousand physicians across New York Presbyterian. Doctor X right over here, that does not look like a normal prescriptive scenario as the rest of their baseline. And we can tweak this and we can change precision and we can change accuracy. We can move all this stuff around and say, "Well, let's just look on medical record number, Let's just focus on procedure type, Let's focus on campus location. What did they prescribe from a different campus?" That's anomalous. So that is huge for us, using the ML Toolkit to look at those anomalies and then drive the privacy team, the risk teams, the pharmacy analytics teams to say, "Oh, I need to go investigate." >> So, that's a lot of heavy lifting for ya? Let you guys look at data that you need to look at. >> Absolutely. >> Give ya a (mumbles). Final question, Splunk, in general, you're happy with these guys? Obviously, they do a big part of your data. What should people know about Splunk 2019, this year? And are you happy with them? >> Oh, I mean Splunk has been a great partner to New York Presbyterian. We've done so much incredible development work with them, and really, what I like to talk about is Splunk for healthcare. You know, we've created, we saw some really important problems in our space, in this article. But, we're looking, we're leaning really far forward into things like risk based analysis, peri-op services. We've got a microbial stewardship program, that we're looking at developing into Splunk, so we can watch that. That's a huge, I wouldn't say as big of a crisis as the opioid epidemic, but an equally important crisis to medical professionals across this country. And, these are all solvable problems, this is just data. Right? These are just events that happen in different systems. If we can get that into Splunk, we can cease the archaic practice of looking at spreadsheets, and look up tables and people spending days to find one thing to investigate. Splunk's been a great partner to us. The tool it has been fantastic in helping us in our journey to provide best in-class patient care. >> Well, congratulations, John Frushour, Deputy Chief Information Security Officer, New York Presbyterian. Thanks for that insight. >> You're welcome. >> Great (mumbles) healthcare and your challenge and your opportunity. >> Congratulations for the award winner Data to Everything award winner, got to get that slogan. Get used to that, it's two everything. Getting things done, he's a doer. I'm John Furrier, here on theCube doing the Cube action all day for three days. We're on day two, we'll be back with more coverage, after this short break. (upbeat music)

>> From Gillette Stadium in Foxboro, Massachusetts, if the queue recovering Vita Winter warmer, twenty nineteen Brought to you by Silicon Angle media. >> Hi. I'm stupid men. And this is the cubes coverage of V tug Winter warmer. Twenty nineteen here. A Gillette Stadium, home of the New England Patriots. Happy to welcome to the program. A community member, Someone I've known for many years at this point. Jonathan Frappe here. Who's with V Brown bag? Thanks so much for joining us from >> Thanks for having me. >> All right, so, you know, I watched this event, and when it started, it was, you know, originally the V mug for New England. And then it became vey tug And one, there's some of the politics stuff which we don't need to go into, but part of it was virtual ization and cloud. And what's the interaction there and what will users have to do? Different. And part of that is jobs. And one of the reasons I really wanted to bring you on is, you know, you started out heavy in that virtual ization base and you've been going through those machinations. So maybe just give our audience a little bit about, you know, your background, some of the things skill sets. You've got lots of acronyms on your on your you know, resume as it is for certification. You've done. So let's start there. >> Sure. So my background. I started this help desk. I did Windows two thousand Active Directory, administration and Exchange Administration all on site and moved into Mohr server administration. And when the empire started to become a thing, I was like, Wow, this is This is a game changer and I need to sort of shift my skill set. I understand the applications of music. I've been supporting him. But virtualization is going to change change That so started to shift there and saw a similar thing with Public Cloud and automation a cz, That same sort of next step beyond infrastructure management. >> All right. And you've had a bunch of certification. The real off a few. You know what? Where are you today? What? What have you added gives a little bit of a timeline. >> My first certification was a plus which come to you seemingly has come around and joined the ranks of posting toe linked in for everybody. So a plus was my first one. EMC PM, CSC on Windows two thousand. Took a little bit of a break in back into it. Bcp five era so four, five years ago. Cem Cem. Other of'em were Certs NSX Cloud see Emma and most recently, the solution's architect associate for a Ws. >> OK, great, in when you look at the kind of virtual ization and cloud, it's not like you thirst, which one day and said, Okay, I no longer need the VM were stuff. I'm going to do the cloud tell us a little bit about you know what led you to start doing the cloud and you know how you you know how your roles that you've had and you know the skill set that you want to have for your career. You know how you look at those. >> So for me, it is about being able to support what my business is doing. And sometimes the right answer's going to be VM, where sometimes it's going to be physical. Sometimes it's going to be containers or public cloud, or, you know, new fancy buzzwords like server lists. And I've always in my career tried to support what where, what application we're delivering to get the business, the information they need. So for me to do that properly, I need to be well versed across all of that infrastructure so that when when it's time to deliver something in public cloud or time to deliver something in the container, I'm ready to go when you do that. >> Yeah. What? What? What's the push and pull for some of the training bin? Is this something that you've seen? You said, like Veum, where you saw it, like, Oh, my gosh, I need to hop on that. You know, I remember back to those early days I remember engineers I worked with that were just like, this thing is amazing. That was like preview motion, even. Yeah, but you know, just what? That that impact we've seen over the last, you know, ten to fifteen years of that growth has there been times where the business is coming said, Hey, can you go learn this? Kaixian orders have been you driving most about yourself. Uh, >> it's it's been both. There are times when the business has come and said, Hey, we would really like to take advantage of virtual ization or public cloud. And it from a technology perspective, there may have been other factors that would impact the ability to do that. So that's why for me. I tried to sort of stay ahead of it when, you know virtual ization was taking off and everything I had was on physical servers. I knew I needed to have the VM where peace in my pocket so that when the business was ready and when other things like compliance, we're ready for it. We could move forward and sort of advanced that same thing with Public Cloud. Now that that's Mohr prevalent and sort of accepted in the industry a lot more cos they're moving in that direction. >> Yeah, and you know, what tips would you give your Pierre if they're a virtual ization person? You know, how are the waters in the cloud world is there are a lot of similarities. Is it? You know, do I have to go relearn and, oh, my gosh, I need to go learn coding for two years before I understand how to do any of this stuff. >> I think it's helpful. Tto learn some level of coding, but do it in an environment that you're comfortable in today. So if you're of'em were admin today, you know there's power, see Ally and be realized orchestrator and and even if you're on via Mars Cloud platform there's there's some basic power shell on bass scripting you could do in the cloud Automation. Get comfortable with the environment, you know. And then as that comfort grows when you move Oh, look, there's power shell commandments for a ws. If that's the route, you go so oh, already understand the format and how I how I glue those things together so you could get comfortable in the environment you're in today and sort of get ready for whatever that next step is. >> Yeah, I've always found I find it interesting. Look at these ecosystems and see where the overlaps and where two things come together. You know, I actually worked with Lennox for about twenty years. So I you know, back when I worked at Emcee the storage company and I supported the Lenox Group and Lennox was kind of this side thing. And then you kind of saw that grow over time and Lennox and virtual ization. We're kind of parallel, but didn't overlap is much. And then when we get to the cloud, it feels like everybody ended up in that space and there were certain skill sets that clinics people had that made it easy to do cloud in certain things that the fertilization people had that made it easy do there. But we're kind of all swimming in the same pools. We see that now in the, you know, core bernetti space. Now I see people I know from all of those communities on, but it's kind of interesting. Curious if you have anything you've seen in kind of the different domains and overlapping careers. >> Yes, you. For me. I think what's help is focusing on how the applications the business uses consumed, what some of the trends are around, how you know whether finance or marketing teams are interacting with those applications. If I know how the application works and what I need to do something to support it, the concepts aren't going to be vastly different. If I know how Exchange's install their sequel servers install, there's some custom application is insult. I could do that across the VM, where environment native US environment and should it supported into Docker by leveraging Cooper Netease. >> All right, so you've mentioned about the time the application, can you? How has it changed your relationship with kind of the application owners as you go from, you know, physical, virtual, the cloud. >> I don't think it should change much. The problem probably the biggest shift that you have is that at some point now, things are out of your control. So when I've got a server sitting in my data center that I can walk down the hallway to if something's not working, I have access to it. If there's an application down in the public cloud, or there's an A Ws outage or any public cloud provider outage, I have to wait. And that sort of I think the thing that I've seen business struggle with the most like, well, it's down, go fix it. It's like, I can't get to it right now, and I'm probably not driving to Virginia, Oregon to go reboot that server for Amazon. >> Whoever absolutely big shift we've seen right is, you know a lot of what I is. It I am managing is now things that aren't in my environment. You know, there was my data centers. My might have had hosted data centers where I'd call somebody up, you know, you know, tell the Rex paper person to reboot the servers or it's right, it's in the public cloud. In which case it's like, OK, what tools. What can I trouble shoot myself? Or is there some, you know, out of that I'm not aware of, you know, is affecting me. Yeah, >> it's Ah, it's a good shift to have for a infrastructure person because we're really getting to the point now. I think the tails, the scales have tipped to focusing more on delivering business value versus delivering infrastructure. The CFO doesn't necessarily think or care that spinning up a new V m faster is cool. They care about getting their application to their team so that they could do their work. So I think taking, you know, going to public cloud or going to other platforms where that's removed it sort of forces you to move to supporting supporting those business applications. >> So I'm curious it every time we have one of these generational shift time. Time is like, Oh, my gosh, I'm going to be out of a job on the server ID men Virtualization is going to get rid of me. I'm a virtual ization Had been cloud's going to get rid of me. This whole server listing will probably just get rid of all the infrastructure people I've read article yesterday was called the Creeping Apocalypse a CZ what they called it. But, you know, you know what you saying is there general fear in your peers or, you know, do you just, you know, dive in and understand it and learn it? If you could stay, you know, up with or a little bit ahead of the curve, you know you're going to keep employed. >> I would say that there's a mix there. Some people, even just a few months ago, some some folks I talked to and they were just sort of breaking into automation and like how they can automate deploying their applications in their legitimate concern, was I won't have a job anymore and sort of the way I looked at that was my job's going to change. I don't spend my entire day administering Windows two thousand active directory boxes any more. So I need Yes, I need to shift that and start thinking about what's next. If I can automate the routine task, you know, deploying an application, patching and application, bringing things up and down when there's some sort of failure than I, uh, I'm going to naturally grow my career in that way by getting rid of the boring stuff. >> Yeah, and I've been here in this argument against automation for decades now, and the question I always put two people is like, Look, if I could give you an extra hour a day or an extra day a week, do you have other projects that you could be doing or things that the business is asking for? That would be better. And I've yet to find somebody that didn't say, Yeah, of course, on DH. What are the things that you're doing that it would be nice to get rid of, You know, other people is like I love the serenity of racking and stacking cabling stuff. And nothing gets people more excited than beautiful cables in Iraq. I thought yesterday I saw people like going off about here's this data center with these beautiful, you know, rack, you know? So with the cable ties and everything, but I'm like, really, you know, there's more value you can add absolutely out there. So >> automate yourself into your next job. It is sort of the way I think I like to think about it. It's not a meeting, >> so let's you know, just look forward a little bit, you know? There's all these waves, you know, Cloud been a decade data was talking to keep downs in this morning on the Cube on we said, you know, when he talks to users, it's their data that super important applications absolutely is what drives, uh, you know, my infrastructure, but it's the data that's the super important piece. So you know, whether it be, you know, you're a I or, you know, you figure various buzz word of the day I ot You know, data is in the center. So what do you looking forward to is? Are there new search or new training that that are exciting? You are areas that you think you're Pierre should be poking out to help try to stay ahead of the curve. >> Yeah, and back to my earlier point about leveraging the thing you know today and how to sort of grow your career. And that next skill set is how I can look at data and make. I understand what's going on around that. So maybe maybe today that's taking some stats from any SX. I hosted an application and correlating that data together on help. You underst Yes. And you know what that means for the applicator action before or use their calls in. And that's going to help you grow into sort of this new realm of like, machine learning and big data. And in analytics, which I think is really the next thing that we're going to need to start doing as Mohr and more of that infrastructure shifted away into surveillance platforms and things that were not worried about How can I understand? How can I take that data? Transform it, use it, correlated together to, you know, help make decisions. >> Alright, on final thing, give us update on our friends at V Brown bag. So, you know, we talked Well, I always say, you know, when we go to V m world, it's like we're there. I'm trying to help kind of balance between the business and the technology. You want to go a little deeper and really geek out and understand some of these things. That's where you know the V brown bag. You know, people are going to be able to dig in with the community in the ecosystem. There was the V and V brown bag for virtual ization. But he brown bags doing much more than just traditional virtualization today. You know what? What? What's on the docket? >> Eso upcoming This year, we're gonna have some episodes around Python so helping add men's get to know Python start to get comfortable with it, Which would be a great language to a automate things that maybe you're doing today in your application, but also to be able to take data and and use Python, too. Manage that data extract value out of that data so that you can help make decisions. So look for the throughout this year and, you know, learn new things. >> All right, Jonathan, from pure pleasure to talk with you on camera after talking to off camera for many years. Thanks so much for joining us. All right. And we appreciate you joining us at this virtual ization and cloud user event. Ve tug Winter warmer. Twenty nineteen on student a minute. Thanks for watching the cue