>> Narrator: Live form Las Vegas, Nevada, it's the Cube, covering Accelerate 2017, brought to you by Fortinet. Now here are your hosts, Lisa Martin and Peter Burris. >> Welcome back to the Cube, we are live in Las Vegas, at Fortinet's Accelerate 2017 event. A really exciting busy day that I have had with my cohost, Peter Burris, I'm Lisa Martin, we are very excited to be joined by Zeus Kerravala next, of ZK research. Welcome to the cube. >> Thanks Lisa, it's a-- >> We're happy to have you here. >> Yeah, it's great to be here. >> And we, as I've mentioned, Peter and I have been talking with a lot of great folks all day, from Fortinet, from Technology Alliance Partners. The buzz is here, obviously, the security as an industry of the market, there is tremendous change going on there, breaches are happening daily with, from big brands that we're all very aware of as consumers to the small mom 'n pop. So, Zeus, you founded ZK Research, you said a little over five years ago... >> Zeus: That's correct. But you've been in the industry as an analyst for quite a long time, and you actually were in IT as well as CIO. >> Yeah, I was. I was, I played a number of different roles, I started off as an engineer, I held a role as a CIO for a while, I worked for Avar, and then I got tired of doing that, and I became an industry analyst, and I've been doing that about 15 years now >> Excellent, so one of the things that we'd love to ask you about is, during the keynote this morning, the CEO of the Fortinet, Ken Xie, talked about this big impact that hyperconnectivity is having in general, this proliferation of mobile devices, of IoT devices, that are really causing a lot of challenges for security, but also talked about, that there will be tremendous growth in the security market, what's your take on where the security market is going? >> Yeah, I really liked Ken's keynote, in fact, Ken typically delivers very technical keynotes, and that's worked well for him, cause customers tend to love him, and this one is a little higher level, and I really like that, and Ken's right, we're moving into a world, where everything is connected, literally everything, our cars, our pets, the things we wear, the things in our home, everything in our business, and that has some profound implications for business. Alright, first of all, security is becoming a, an asymmetric problem for security professionals, what I mean by that is, it used to be you had one way into the network, and you had to protect it, and the bad guys had to come through that way. Now, security professionals have to protect tens, hundreds, thousands of new entry points, created from all these connections, to the Cloud, to IoT devices, but the bad guys still only have to find one way in, and once they're in, we assume that environment is secure, and they can meander around, and the bad guys can figure out what to steal. And so, I think, one of the points that was underscored in Ken's keynote is the fact that security is changing, it's evolving from something that was focused at the perimeter. >> Lisa: Right. >> To something that needs to be focused more internal. In fact, my research shows that 90 percent of security spend is still focused at the perimeter, and only 20 percent of the breaches occur there. So, you can see customers are misaligned with how they're spending they're money, and I thought a lot of the messages from Ken's keynote were, I think, well received by the audience, because it's something they need to hear. >> Yeah, he talked about the security evolution, which I also thought was quite interesting. I saw a graphic the other day that showed, by decades, security evolution, you talked about perimeter in the 1990s, it was focused on perimeter, obviously still important, but not the only thing, you talked about, there's a lot of ways in now. Then going onto Web 2.0, web security, then Cloud security in the 2010s, and now getting to this, what Ken described as the third generation of a Fabric needing automation, needing resilient energy, talked about kind of internal, so that I thought that was a really interesting way of looking at that, but also very interesting that you're saying almost that 80, 20 rule, with your clients, how are you helping them, to sort of switch that from a spend, and really show, even in some ways maybe, how the technology that they would employ from a security perspective can actually bring revenue opportunities. >> Yeah, well, I think they have to rely more on the technology, and automation, typically security has been deployed, box by box, device by device, at specific points in the network using manual processes, and frankly, that's kind of slow, right. And security already has a bit of a bad rap, that it slows the business down, users tend to turn things off in their computers, because it slows them down, and in this digital era, and I was glad Ken talked about digital transformation, because in the digital era, the new currency of business is speed. Companies need to move with unprecedented speed. Those, that can do that, will be able to stay in market leadership, and those that can't, will fall behind, and frankly, over the last five years, we've seen a bunch of big name vendors, brands that we all knew, go away, right, because they couldn't keep up. Now, when you think about what companies are trying to do in order to be a digital enterprise, you need to be agile, but you're only as agile as your least agile IT component, and today, that's the network. So, if I've got this fully automated IT stack, and I've got containers popping up, and new applications being deployed, and I'm accessing things from the Cloud, but my engineers have to run around with security appliances, and deploy them, all that does is slow the business down, and so, I think the concept of the Security Fabric is to ensure that you have the right services in the right places that you can turn on, and now, security becomes a business enabler, and not an inhibitor, so in some ways, we're flipping the model around where security, like I said, has been viewed as something that's held the company back, but it's now something that can allow us to differentiate ourselves, because we'll have the trust from the customers that we have the right security in the right places. >> I want to follow up on a point you made about the 90 percent of the investment at perimeter, and 20 percent. There might be another way of thinking about it, and I'm going to test this with you, is that it takes that 90 percent of security investment is what it takes to ensure that no more than 20 percent of the attacks occur at the perimeter, so does that mean that we need to reallocate that 100 percent sources, where that 100 percent is going to grow 3x, because it's still going to require that 90 percent to keep the perimeter secure. >> Yeah, I think it's a bit of both, but I do think, we will see the spend of security go up, because we have to secure more things. Like if you look at some of the big breaches that we've seen, in fact, almost all of them occurred from inside the network. So bad guys are smart, the hackers are clearly they're some of the most brilliant minds out there, that's why they're able to do what they do, and they know that the perimeter security today is so well-built that the amount of effort it takes to break through it is very, very high, so you're right, that amount of spend is required to keep all those threats out. >> Peter: But it's not the only answer. >> It's not the only answer. >> So we're going to need to continue to invest in an in-point, and perimeter, but as you were saying, we also have to invest in data, and have a balanced approach to the whole thing, which we adjust to this notion of Fabric. >> Yeah, and I think the automation capabilities of the Fabric can really help of certainly, because I don't want people watching this to think, "oh, my God, my security budget is going to be like triple what I had.", because frankly the people cost associated with security from my research are almost about 60 percent of the cost. I mean the equipment itself isn't all that much, right. So if I can invest more in the right technology, and I can automate a lot of the things I can do today, now I can reallocate those people cost somewhere else. So, in fact, I may wind up spending the same amount from an overall perspective, or maybe a little bit less, but I'll be far more secure, because I have the right technology in the right places. >> So where are those people going to go? >> I hear all the time, an I think this is one of the things that has held automation back from IT people that they're scared to death of automation, because they think their jobs are at stake, but if you look... All the way back to the mainframe, we've always had this transition, right, where we did things, and then new technology came in, and new skills are needed to do new things, and I think if you look at IT today, there's a crying need for data scientists, for analytic skills, I mean security itself Is less about point products, and more about data gathering, and data analytics, and there's very few of those professionals out there, so if I'm a professional, security professional today, I want to automate those traditional tasks because I need to invest in myself to make sure that my skillset is current today, and also a decade from now, and I think a lot of that's going to come in the area of data sciences. >> Yeah, and as you said, a lot of those skills in doing the models of security, and this Fabric notion are transferable to other domains. >> Oh, absolutely, because if you don't want to stay a security professional, but most security people like security, that's why they're doing it. But I do think there will always be need for skills in the next thing, the key for the security professionals is don't get stuck in the old world, you know, embrace this new world, embrace automation because it's going to free up their time to do things that are more strategic to the company, which is going to allow them to be more valuable as well. >> You touched on the Fabric term a minute ago, and that's one of the things that Fortinet announced last year was the Security Fabric approach. Can you talk to us about Fabric versus Platform, what are your thoughts there, and how are they different? >> Yeah, I think, first of all, the Fabric, and Platform, are both roughly trying to solve the same problem that... Too many vendors doesn't make you more secure, in fact, my research shows that on average, companies have 32 vendors, different security vendors, which you can't build any kind of strategy around that. So the concept of either, a Fabric, or a Platform, is that I can reduce the number of vendors, I can simplify my architecture, and I get more intelligence across the entirety of the Platform, or the Fabric. Now the difference though, is I think the Fabric, think of what a Fabric is, it's a big cloth where any point is connected to any point, and so the security intelligence is spread across that Fabric, and I can drop new components in, or take em out, and things will continue to work. So, it allows me, that if I put a new IoT device in, I can push security capabilities there, if I started using a new cloud service, I can push security capabilities there. A Platform to me, is more dependent on a centralized point of control, and I can attach things to that point of control, but if I take that point of control out, none of the things works, and so I think, the Fabric almost democratizes security capabilities across the infrastructure, because it's more dynamic, and more distributed, and we're clearly living in a world where dynamism, and distribution, are the norm, and so the security architecture needs to follow that. >> Paradoxically, doesn't that centralized security platform the become the biggest security risk in the company? >> Zeus: Yeah, well, if you breach that, you can get anywhere. >> Get anywhere. >> Zeus: Right, right. And so I think the Security Fabric is the right way to think about it, you're not trying to beef off one particular area here, you're trying to make a set of security services available across your entire infrastructure. >> Is that, that kind of, a key advice that you give to your clients that are looking for, this now requires a new approach, new architecture, is that kind of the key advice that you offer to them? >> Yeah, well that's the biggest conversation I have with security professionals today, is they don't really know where to go from here, they've invested all this money in all these tools, and the environment has gotten increasingly more complicated, right. So, they're falling behind. It's very, very slow, and it's not working. The average number of days to find a breach is a hundred days, think of what can happen in a hundred days, that's over a quarter. And so, there's a great desire to be able to find breaches faster, but also first simplify the architecture, and that's always my advice is, you can't move forward, until you take a step back, and simplify, right. And the concepts, I think of the Fabric, are really aligned with that, it's simplification, automation, and it removes a tremendous amount of the human burden from security operations, which frankly I think is holding things back. >> What are some of the things that you're most excited about? You were in the keynote this morning, we chatted about that, we talked about some of the things that were discussed there with the evolution of security, the third generation, you mentioned speed as currency, and actually kind jogged my memory about something that you were talking about with respect to data, and also that was brought up this morning as the data value, if it is not valuable to a business, you know, that business has-- >> Well one of the things we talked about this morning specifically was that security used to be the department of no, as you said earlier, and companies that can collapse the time between an idea, and execution, in a world where, at least in the digital world, where digital security is so essential, are going to provide an enormous net new set of value propositions to their customers, and I'm sure you've seen that. >> Yeah, well, no doesn't work anymore because of shadow IT, if you say no to a line of business, they're just going to go find a different way to do it, and that can have incredibly... That can be incredibly risky, because now IT has no control, in fact... Some of the interesting data points from my research is that 50 percent of companies, don't know what devices are attached to their network, and I think 96 percent of companies have IT services that have been procured not through IT, directly by the line of business, so it's become the norm, and I think, if you look across the entirety of the world today, from business processes through IT strategy, right, data and analytics has become the key differentiator, to be able to take the data, analyze it, and then be able to create some new insights. Now from a line of business perspective, their trying to understand the way you like to shop, the sports teams you like, the things you like to buy, and push more relevant content to you. From a security perspective, it's being able to find those breaches faster, and then, being able to cut that number down from 100 days to frankly, we've got to get to minutes, and I thought some of the more exciting things they showed in the keynote were the ability to take the data, and then show it visually, because I've always said you can't secure what you can't see, right, and if you're blind to what's going on in the network, you'll never ever, ever be able to truly secure it, and so I think we're-- Fortinet is entering an era now, where they're actually harnessing the power of all the date they have, but they're focused more on the UI in the new FortiOS 5.6, a big part of that is the new user interface to be able to display the data in a way that's understandable by the people using the tools. >> So that's a great point that you can't secure what you can't see. >> Zeus: You cannot secure what you can't see, yeah. >> Well, Derek Manky, was actually talking earlier, who's the global security strategist here at Fortinet, I'm sure you know Derek. >> Zeus: Yeah. >> Was actually talking about one of the things he's excited about, and want to get your take on this point, is that he thinks 2017 may be the year that the white hats get the upper hand. >> Well hopefully, I do think-- >> Peter: Because of this notion of automation, and-- >> Yeah, you know, I talked about the asymmetric problems to security where the bad guys need to find one way in, I think data, and visualization can reverse that, because once they're in the network, the bad guys need to stay hidden, and the good guys, right, the internal security department, only needs to find one instance of anomalous traffic, or something that could indicate a breach to be able to start the process of remediation, and so you're right, I think in some ways, 2017, well maybe a little, maybe next year, but hopefully, this year, the white hats start to, they'll at least gain ground this year, and I think that we'll start to see that assymetry problem flipped. >> Precisely, because you only need one instance of a bad action. >> correct, correct. And a lot of that, a lot of these bad actions come from users specifically being targeted, and sometimes, security, no matter how much training they do, you just don't know, you get an email from somebody, you click on it, somebody sends you a file, I've talked to HR people that have gotten resumes emailed to them that have viruses in them, and they don't know, but once that action starts, the data, and visualization tools can help identify those very, very quickly, and the important part about that is the faster you find it, the smaller the blast radius. So if I find it in five seconds, maybe only that HR person's computer is affected, but if it takes me a hundred days, now the whole department, or maybe a whole building has been impacted, so containing that blast radius, I think, is something that security professionals need to focus on. >> Now is a blast radius typically a function of time, or is it also a function of proximity to other business activities, or both? >> I think it's primarily a function of time, and I think it's exponential. So the longer the time goes exponentially, the greater the damage. >> Well gentlemen, tremendous conversation, there's a tremendous amount of opportunity, I think is what we've heard today, thank you very much, Zeus, for sharing your insight, your research with us. Let's hope that 2017 is the year, the white hats get the upper hand. >> Yeah, I think it's a really exciting time for security professionals, and first time in a long time, they have the opportunity to fight back, in a battle that they've been losing ground in for really the better part of a decade. >> Well Zeus, thank you so much for joining us. >> Zeus: Thank you. >> On behalf of my colleague, Peter Burris, thank you for watching, stay tuned, we'll be right back to wrap up the day. (electronic music)