>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to You by spunk >>Hey, welcome back. Everyone's two cubes coverage here in Las Vegas for spunk dot com. 19 dot com 19. This is slugs. 10th year doing dot Com Cube seventh year of coverage. We've watched the progression have security data market log files. Getting the data data exhaust turned into gold nuggets now is the centerpiece of data security, data protection and a variety of other great things and important things going on. And we're here to great guests from slug i n songs. Vice president and general manager of security markets and Friedrichs, a VP of security automation. Guys, great to see you again. We just saw you and there's reinforce. Thanks for coming back. >>Thank you for having us. >>So you guys announced security operation Sweet last year. Okay, now it's being discussed here. What's the update? What our customers doing? How are they embracing the security piece of it? >>Wow. Well, it's being a very busy year for us. Way really updated the entire suite. More innovation going in. Yes, six. Tato got announce and phantom and you be a every product is getting some major enhancement for concealing scale. For example, years now way have customers running in the cloud like 15 terabytes, and that's like three X and from It's like 50 terrifies 50 with Search has classes. So that's one example and fend him throughout the years is just lots of capabilities. We're adding a case. Management was a major theme, and that's actually the release before the current one. So we'll be, really, you know, 80 and focusing on that just to summarize sort of sweet right. You be a continue to be machine learning driven, and there's a lot of maturity that's that's going into the product, and there's a lot of more scale and backup. Restore was like one of the major features, because become more mission critical. But what's really, really, really exciting? It's how we're using a new product called Mission Control to bring everything all together. >>I want to get into the Mission control because I love that announcement. Just love The name was behind it, but staying on the sweet when they're talking about it's a portfolio. One of the things that's been consistent every year at dot com of our coverage and reporting has been wth e evolution of a platform on enabling platform. So has that evolves? What does the guiding principles remain? The same. How you guys sing because now you're shipping it. It's available. It's not just a point. Product is a portfolio and an ecosystem falling behind it. You know the APP, showcase, developer, Security and Compliance Foundation and platforms on Just I T ops and A I ops are having. So you have a variety of things coming out of for what's the guiding principle these days is continuing to push the security. You share the vision >>guiding principle and division. It's really way believe the world. As we digitize more as everything's happening, machines speed as people really need to go to analytics to bring insides into things and bring data into doing that's that's really turning that into doing so. It's the security nerve center vision that continue guide what we do, and we believe Security nerve center needs really data analytics and operations to come together and again, I'm gonna tell you, Mission Control is one of the first examples that we bring all of the entire stack together and you talk about ecosystem. It takes a village is a team sport. And I'm so excited to see everybody here. And we've done a lot of integrations as part of sweets to continue to mature more than 1900 AP I integrations more than 300 APS. Justice Phantom alone. That's a lot of automated actions. People can take >>the response from the people in the hallways and also the interviews have been very positive. I gotta get to Mission Control. Phantom was a huge success. You're a big part of building taking that into the world now. Part was flung. Mission Control. Love the name Mission Control. This is the headline, by the way, Splunk Mission Control takes off super sharp itching security operations. So I think Mission Control, I think NASA launching rockets Space X Really new innovation. Really big story behind his unification. You share where this came from, what it is what's in the announcement? >>Yeah. So this is all about optimizing how sock analysts actually work. So if you think about it, a sock typically is made up of literally a dozen different products and technologies that are all different consuls, different vendors, different tabs in your Web browser, so it for an analyst to do their job literally pivoting between all of these consoles. We call it swivel chair syndrome, like you're literally are frantically moving between different products. Mission Control ties those together, and we started by tying slugs products together. So we allow you to take our sin, which is enterprise security, or you be a product's monkey. Be a and phantom, which is our automation and orchestration platformer sore platform and manage them and integrate them into one single presentation layer to be able to provide that unified sock experience for the analyst So it it's an industry first, but it also boosts productivity. Leading analysts do their job more effectively to reduce the time it takes. So now you're able to both automate, investigate and detect in one unified presentation, layer or work surface. >>You know, the name evokes, you know, dashboards, NASA. But what that really was wasn't an accumulation, an extraction of data into service air, where people who were analysts do their job and managed launching rockets. But I want to ask you a question. Because of this, all is based on the underpinnings of massive amounts of volume of data and the old expression Rising tide floats all boats also is rising tide floats, Maur adversaries ransomware attacks is data attacks are everywhere. But also there's value in that data. So as the data volume grows, this is a big deal. How does mission Control help me manage to take advantage of that all you How do you guys see that playing out? >>Yes, Emission control really optimizes the time it takes to resolving incident. Ultimately, because you're able to now orient all of your investigation around a single notable event eso It provides a kn optimal work surface where an analyst can see the event interrogated, investigated triage, they can collaborate with others. So if I want to pull you into my investigation, we can use a chat ops that capability, whether it's directly in mission control or slack integration waken manage a case like you would with a normal case management toe be ableto drive your incident to closure, leveraging a case template. So if I want to pull in crisis communications team my legal team, my external forensics team, and help them work together as well. Case management lets me do that in triage that event. It also does something really powerful. High end mentioned. The operations layer the analytics in the data layer. Mission Control ties together the operational layer where you and I are doing work to the data layer underneath. So we're able to now run worries directly from our operational layer into the data layer like SPL quarries, which spunk is built on from the cloud where Mission Control is delivered from two on premise Face Plunk installations So you could have Michigan still running in the Cloud Splunk running on premise, and you could have multiple Splunk on premise installs. You could have won in one city, another one in another city or even another country. You could have a Splunk instance in the Cloud, and Mission Control will connect all of those tying them together for investigative purposes. So it's very powerful. >>That's a first huge, powerful when this comes back to the the new branding data to everywhere, and I see the themes everywhere, the new colors, new brake congratulations. But it's about things. What do ours doing stuff, thinking and making things happen. Connecting these layers not easy, okay? And diverse data is hard. Thio get access to, but diverse data creates great machine learning. Ay, ay, ay, ay, ay creates great business value. So way see a flywheel development and you guys got going on here. Can you elaborate on that? Dated everywhere And why this connective tissue that you're talking about is so important? Is it access to the war data? Is that flywheel happening? How do you see that playing out? >>I'll start with that because they were so excited where data to everything company or new tagline is turning data into doing. And this wouldn't be possible without technologies like Phantom coming in right way have traditionally been doing really great with enterprise was data platforms. And with an Alex now was phantom. We can turn that into doing now with some of the new solutions around data stream processing. Now we're able to do a lot of things in real time. On you mentioned about the scale, right scales changes everything. So for us, I think we're uniquely positioned in this new age of data, and it's exploding. But we have the technology to help your payment, and it's representing your business way. Have the analytics to help you understand the insights, and it's really the ones gonna impact day today enabling your business. And we have two engine to help you take actions. That's the exciting part. >>Is that what this flywheel, because diverse data is sounds great, makes sense more data way, see better? The machines can respond, and hopefully there's no blind spots that creates good eye. That kind of knows that if they're in data, but customers may not have the ability to do that. I think that's where the connecting these platforms together is important, because if you guys could bring on the data, it could be ugly data on his Chuck's data data, data, data. But it's not always in the form you need. Things has always been a challenge in the industry. How do you see that Flywheel? Yeah, developing. >>Yeah, I think one of the challenges is the normalization of the data. How do you normalize it across vendors or devices, you know. So if I have firewalls from Cisco, Palo Alto Checkpoint Jennifer alive, that day is not the same. But a lot of it is firewall blocked data, for example, that I want to feed into my SIM or my data platform and analyze similarly across endpoint vendors. You know you have semantic McAfee crowdstrike in all of these >>vendors, so normalization >>is really key and normalizing that data effectively so that you can look me in at the entire environment as a single from a single pane of glass. Essentially, that's response does really well is both our scheme on reed ability to be able to quarry that data without having a scheme in place. But then also, the normalization of that data eyes really key. And then it comes down to writing the correlation searches our analytics stories to find the attacks in that data. Next, right. And that's where we provide E s content updates, for example, that provide out of the box examples on how to look for threats in that data. >>So I'm gonna get you guys reaction to some observations that we've made on the Q. In the spirit of our cube observe ability we talked to people are CEOs is si sos about how they cloud security from collecting laws and workloads, tracking cloud APS and on premise infrastructure. And we ask them who's protecting this? Who is your go to security vendors? It was interesting because Cloud was in their cloud is number one if it's cloud are not number one, but they used to clear rely on tools in the cloud. But then, when asked on premise, Who's the number one? Splunk clearly comes up and pretty much every conversation. Xanatos. Not a scientific survey, it's more of it handpicks. But that means it's funk is essentially the number one provider with customers in terms of managing those workloads logs across ABS. But the cloud is now a new equation because now you've got Amazon, Azur and Google all upping their game on cloud security. You guys partner with it? So how do you guys see that? How do you talk cutters? Because with an enabling platform and you guys are offering you're enabling applications. Clouds have Apple case. So how do you guys tell that story with customers? Is your number one right now? How do you thread that needle into this explosive data in the cloud data on premise. What's the story? >>So I wish you were part of our security super session. We actually spent a lot of energy talking about how the cloud is shifting the paradigm paradigm of how software gets billed, deployed and consumed. How security needs to really sort of rethink where we start, right? We need to shift left. We need to make sure that I think you use the word observe ability, right? T you got to start from there. That's why as a company we bought, you know, signal effects and all the others. So the story for us is start from our ability to work with all the partners. You know, they're all like great partners of ours AWS and G, C, P and Microsoft. In many ways, because ecosystem for cloud it's important. We're taking cloud data. We're building cloud security models. Actually, a research team just released that today. Check that out and we'll be working with customers and building more and more use cases. Way also spend a lot of time with her. See, So customer advisory council just happened yesterday talking about how they would like us to help them, and part of that they were super super excited. The other part is what we didn't understand how complicated this is. So I think the story have to start in the cloudy world. You've gotto do security by design. You gotta think about automation because automation is everywhere. How deployment happens. I think we're really sit in a very interesting intersection off that we bring the cloud and on prime together >>the mission, See says, I want to get cameras in that room. I'm sure they don't want any cameras in the sea. So room Oliver taking that to the next level. It's a complexity is not necessarily a bad thing, because software contract away complexity is from the history of the computer industry that that's where innovation could happen, taking away complexity. How do you see that? Because Cloud is a benefit, it shouldn't be a hindrance. So you guys were right in the middle of this big wave. What? You're taking all this? >>Yeah. Look, I think Cloud is inevitable. I would say all of our customers in some form or another, are moving to the cloud, so our goal is to be not only deliver solutions from the cloud, but to protect them when they're in the cloud. So being able to work with cloud data source types, whether it's a jury, w s, G, C P and so on, is essential across our entire portfolio, whether it's enterprise security but also phantom. You know, one exciting announcement that we made today is we're open sourcing 300 phantom maps and making making him available with the Apache to get a license on get hubs so you'll be able to take integrations for Cloud Service is, like many eight of US service is, for example, extend them, share them in the community, and it allows our customers to leverage that ecosystem to be able to benefit from each other. So cloud is something that we work with not only from detection getting data in, but then also taking action on the cloud to be. Will it protect yourself? Whether it's you, I want to suspend an Amazon on your instance right to be able to stop it when it's when it's infected. For example, right those air it's finishing that whole Oodle Ooh and the investigate monitor, analyze act cycle for the cloud as we do with on from it. >>I think you guys in a really good position again citizen 2013. But I think my adjustment today would be talking to Andy Jackson, CEO of AWS. He and I always talk all the time around question he gets every year. Is Amazon going to kill the ecosystem? Runs afraid Amazon, he says. John. No, we rely on third party. Our ecosystem is super important. And I think as on premises and hybrid cloud becomes so critical. And certainly the Io ti equations with industrial really makes you guys really in a good position. So I think Amazon would agree. Having third party if you wanna call it that. I mean, a supplier is a critical linchpin today that needs to be scalable, >>and we need equal system for security way. You know, you one of the things I shared is really an asymmetric warfare. Where's the anniversary? You talk about a I and machine learning data at the end of the day is the oxygen for really powering that arm race. And for us, if we don't collaborate as ecosystem, we're not gonna have a apprehend because the other site has always say there's no regulations. There's no lawyers they can share. They can do whatever. So I think as a call to action for our industry way, gotta work together. Way got to really sort of share and events or industry together. >>Congratulations on all the new shipping General availability of E s six point. Oh, Phantoms continue to be a great success. You guys on the open source got an APB out there? You got Mission Control. Guys, keep on evolving Splunk platform. You got ABS showcase here. Good stuff. >>Beginning of the new date. Excited. >>We're riding the waves together with Splunk. Been there from day one, actually 30 year in but their 10th year dot com our seventh year covering Splunk. I'm John Ferrier. Thanks for watching. We'll be back with more live coverage. Three days of cube coverage here in Las Vegas. We'll be right back.

(upbeat music) [Narrator] Live from Las Vegas, It's theCUBE Covering Informatica World 2019 Brought to you by Informatica >> Welcome back everyone to theCUBE's live coverage of Informatica World here in Las Vegas. I'm your Host, Rebecca Knight. Along with my Co-Host, John Furrier. We have a CUBE alum joining us Graeme Thompson. SVP and CIO of Informatica. Thank you so much for coming, for returning to theCUBE. >> Pleasure to be here. >> So one of the themes we talk a lot about on theCUBE, It's the 10th anniversary of theCUBE, is the changing role of the CIO and you are a CIO so you are well positioned to answer this question. In addition to the changing role there's also the perception of what it is versus the reality. Can you talk a little about how you see the role having evolved both at Informatica as well as your other peers at other companies as well as sort of what the industry is expecting or maybe those not in the industry thinks you do versus actually what you do? >> Yeah that's a long frustration thank you >> I'm sorry >> You're keeping me on my toes here Yeah so a lot of things, the outcomes are the same but with different methods so vendor management has always been important, cost management has always been important but as it moves from being predominantly on prem to be primarily in the cloud The dynamics of how these deals are put together changes so you need a different kind of approach to how you manage the portfolio of cloud applications. Security if different in the cloud it's still important it always has been always will be. But it's different in the cloud you have to look much more as vendor risk management make sure that you're comfortable with the risk posture of the vendors you are sourcing your applications from. So those things I would put in the category of You're trying to accomplish the same thing you're just doing it differently because your application work load is more likely to be in the cloud. Things that are different though, completely different are expectations. So everyone can see the power of data and the power of having speed and agility in the cloud but they want it immediately and they don't want to do the hard work to get there so I find that the CIO sometimes has to be the educator or the evangelist for change to explain that if you want all this data to generate all these miraculous new outcomes you have to focus on the process and then you have to enable that process within an application that's going to meet your needs today and tomorrow. You have to think end to end which means you have to integrate applications like Marketo and Salesforce. Then you need to find a way to get it all in your data lake That is completely different it's a completely different sport From what we were playing as CIOs 5 years ago and it's definitely the biggest area of change I've seen both internally and talking to PIOs >> Graeme, we've talked in the past, goo to see you again. You are a CIO your work for Informatica so you're the CIO of Informatica so you don't need to be sold on the value of data You're in the data business. You have a data company that thinks hard and has been building products for years in private, in retooling, you see the wave, we've talked about it you've been on the same wave, a great wave, for 4 years everyone else is now on it. SO as a CIO who works for a company that's you know you're not going to get in trouble for doing a data driven project what are some of the things that you've got going on because you do have relationships with all the different cloud providers you do have a great on premises large install base and now you guys as a company what are some of the projects you're doing that would a nice guiding light to folks watching who were really kicked in the tires on digital transmission, not just like talking about it but like okay architecure, roadmap, really thinking through all the hairy problems of what's coming down the pipe for them. What are you working on? >> Yeah so I think our marketing team has done a really good job framing things in the four journeys. So talk about it within that context. So the first one is next gen analytics. So a lot of companies go into this thinking Right all I have to do is find out where the data lives, ingest the data into my data lake or data warehouse, put Tableau on top of it and job done. Not the case, right? So as soon as you start shading data across more than one function, marketing are really good at knowing their data. They know how its generated. They know how it can be used. As soon as you let someone else loose on marketing's data, it's use at your own risk. Right so that introduces the need for governance. If you're going to use data in one organization that was generated in another one, you have to agree on the definition of terms. You have to agree on calculations so that you don't get the finance team and the sales team debating what the renewal rate is. So the next gen analytics journey for us has been an interesting one. We started with an on-prem data warehouse that's now on AZUR. The tipping point for us was when most of the data is generated in the cloud, why move it back on-prem just to do analytics on it? So we made a decision to build that on the cloud with AZUR. >> So leave it on the cloud, it's there. >> Yeah >> and then have the on-premise piece >> Go onto the cloud. >> It's where the MDM it's where the pieces kind of come together? >> Yep >> All right so... >> So that's the analytics journey. >> So I'll give you another curve bal here. So as you come in here, you say okay great the next step is well you know I need to actually make my AI work. Your clear, you know "the clarity starts here" it's a nice slogan. Nice play on words there but AI is ultimately where everyone wants to get to. >> Yeah >> AI is fed by data, machine learning, other things, really kind of feeding the outcome for AI. But without good data, and/or data can can help the AI get smarter. This kind of brings up the conversation of more data or diverse data - different data sets. So accessing data sets actually is a new dynamic that people are getting into and proving it adds value to AI. >> Yeah >> How do you see that playing out because this is really kind of brings up the real complex question which is that as you mentioned earlier; terms, rights, marketplaces, sharing data, uh you know, all these new things? What's your view on this notion of having more data sets feeding intelligent AI? >> So part of the increase in enthusiasm about AI and ML is really the convergence of.. the technology's actually ready to help, its not a science project off to the side anymore. And the need for it has never been greater. There's no way a human can keep up with all the data that's being generated even at a company like ours. So if you want to find out where the data is created, where it's used, who has access to it, then your going to have to apply some AI to it otherwise there's no shot. You'd need an ever increasing team of humans who would fail to do the job adequately. >> So you see data sets merging... not merging but like being merchandised, if you will, for lack of a better word? >> Yeah well you have to manage the linage of it. >> All right. So you have to know where it's created, where it's used, you know, who has access to it? Is that access appropriate? Uh... all those thing have to be taken into account. Especially when you look at all the compliance and privacy things that we're all faced with now that 18 months ago we weren't all that concerned about. >> And that really goes back to what you said earlier in our conversation in that the role of the CIO is so much as an educator and an evangelist. So can you talk a little bit about what you've learned in terms of making that message really sink in with employees in terms of understand where the data lives, who has access to it, all the obstacles that you just talked about? >> Yeah so part of it is those managing the IT team and then those managing the relationships with your business constituents. So let's take the IT team first. Really good IT people, like really good engineers, will work on the most interesting problem available. It's our job as a CIO to make sure that the most profitable problem is also the most interesting one. Fight number one is getting people working on the right things cause IT people with work incredibly hard . You just need to make sure they're working incredibly hard on the right stuff with a focus on the right outcome at the end of it. So that's the IT part. Then working with the business stakeholders, its really setting expectations. Cause quite rightly, they want everything as soon as they can describe it, it should be available. There's often a lot of technical dept that we have as organizations, you know? We had a more than 10 year old deployment of sales force, you got to believe there was a ton of technical debt in there because it was built to perfection for our old business. It wasn't built for our new business. So you have to work with the buiness stakeholders. Bring them along with you on what to do first, what to do next, what the dependencies are, ' and focus on setting exceptions that its not going to be done overnight. >> So about governance. Obviously governance has been around for awhile, we've talked about it before. But now more than ever your seeing in the news first anniversary of GDPR, I predicted that would be... I won't say it... I said like, months before... bad words.. BS basically. But it's reality. More privacy stuff your seeing more and more, um, regions in cloud dealing with certain restrictions. So when it hear regulation, I hear constrained data. That goes in my mind, I hear oh my god. Regulation and innovation are always sometimes at odds. So it's a balancing act. What are you guys doing to address that? What's the solution today and how do you see that playing out because SAS is about data and agility and that's why SAS has been so popular and that's what digital transformation is going to get to is these SAS-like benefits. Agile, risk-taking, high reward. Low-risk, high reward kind of things. How do you get the balance between, you know, regulation, compliance, risk, and innovation? >> Yeah, so I can talk about how we look at it internally and then a little bit about how our customers look at it. So, for us you can look at it like a tax. As a tax on innovation. Or, if you look at a little bit more optimistically, who wouldn't want to honor the customer's right to be forgotten? Who wouldn't want to consult their customer on where you use their data? So you can also look at it as way that by implementing the GDPR or the California Privacy Standard or whatever it is, it makes your company better. It allows you to be the company that you would like to aspire to be. So you don't have to just look at it as a tax. Now I'm going to look at our customers. They fall into 2 categories: those that have to do it because they're in a regulated industry like financial services or healthcare, and then there's those that do it because they know it will help them serve their customers better. And you see a lot of governance and compliance projects starting from a place of defensiveness. They have to do it because they have to comply with new regulations that apply to them and often its companies that are really trying to make the best use of their data but they want to do it in a really responsible way. Um - if done properly and responsibly, it can be something that's good for everyone, I believe. >> I just have one final question about the skills gap. And this is something we've been really talking a lot about here. What are you doing to address it? And is the problem really as bad as the headlines are making it out to be? >> Yeah so there's the macro problem of aging workforce and where are the new people coming from? There's that one - it's been with us for awhile and applies across all functions. Then there's specific skills areas in IT that are always a shortage. Security is one - it's really, really difficult to find really good IT security.. information security people. Often these groups can be ivory tower-ish so its hard to find people who are really practitioners. It's hard to select them and it's hard to retain them because they always want to build and then move on and build something new. So security is one. Obviously data and analytics is a huge one. Finding people that can, that know a little bit more than what an oric in our warehouse does is a challenge and then once you get those people, you have to make sure they are working on things that they find are worthy of their time so that they are motivated to work as hard as you need them to work. And other areas like managing cloud vendors is I think a skill set that will start to grow up. Um - these cloud contracts get really expensive as you scale and there's no friction at the point of consumption. You know, we've got engineers that aren't allowed to order a stapler from Amazon without approval. But they can sign the company up for tens of thousands of dollars worth of compute cost obligations. You need governance and skills to manage uh - that. If you ask an engineer do you want slow or fast and big or small, they're going to pick fast and large, right? >> Just a dumb follow up on that skills gap question. For the folks who are graduating collage, high school, elementary school.. ..education is obviously kind of a little bit linear but you know people have argued that there's no one playbook for the kinds of courses you would take to get into the data kind of world there. Is there any pattern your seeing where the folks who are really excelling in this new environment have certain skills and classes? So if someone is going into collage maybe honing a class on you know on a particular class or dicipline? Have you seen some things that work? >> No >> No? >> What I have seen that works is finding people who have a track record of solving important business problems and using that to select the people that you hire. Cause the.. having a sound education in technology is one thing. You got to understand the business domain and the problem that you are trying to solve. That's where the value comes from. The business stakeholders value someone that can understand the problem they are trying to solve or the opportunity that they are trying to take advantage of. So finding those people that have a track record of solving meaningful problems, uh to me, has been a way to find the right folks in that area. >> Multitalent is then.. it's early, too, I mean, Berkley just had their first graduating class of you know, Data Sciences, kind of gives you an idea of how early this is. >> Yeah and it takes 2 to 4 years to have a University course accredited. By the time you've done that it's out of date. >> It's out of date. >> So that has to change. >> My final question for you, Graeme, is what's the um... For the folks that aren't here at Informatica World 2019 whats the summary in your view? The theme of the show? What's the key highlights that people should walk away with this year for the focus of Informatica World 2019? >> So it's not a new theme, it's more of a expansion on the' theme from the last couple of years. So the importance of the platform is key. You can go off as an IT professional and source one product to solve one problem and before you're done I guarantee you'll have found an adjacent problem and you're going to wish you'd chosen a platform instead of an individual product. So if you listen to Anneals Keynote this morning and Ahmet got into more detail, its really about the platform and the power of Claire and the AI part as part of that overall platform - that's really the theme - but its not new. It's not something we just came up with last week it's been our strategy for at least 24 months so we just continue to build on it. >> Bad data or no data, there's no AI, or bad data is bad AI and no data is no AI? That's essentially the reality as AI becomes mainstream. >> Yeah. >> All right, thank you. >> Great. Well, thank you so much for coming on the show, Graeme >> Pleasure. >> You're watching theCUBE's live coverage of Informatica World 2019 I'm Rebecca Knight and John Furrier. Thanks for staying tuned. (upbeat music)

(bright orchestral music) >> John: Hello there and welcome to this special cube conversation, I'm John Furrier, here in theCUBE's Palo Alto studio. We're here with Jonathan Nguyen, who's with, formerly Verizon, now with Fortinet. What's your title? >> Jonathan: Vice President of Strategy. >> John: Vice President of Strategy, but you're really, more of a security guru. You, notably, were the author of the Verizon data breach investigative report. Great report >> Jonathan: Thank you. >> John: It really has been the industry standard. Congratulations, great to have you here. >> Jonathan: Thanks, it was a great 16 years at Verizon in the security business, ran that data breach investigations team. So yeah, that was a great honor in my career. >> John: So you call it "strategy" because they don't want you to word cyber security in your title on LinkedIn in case they spearfish you. Is that right? (laughs) >> Jonathan: Yeah, having started my career as a US Foreign Service Officer, as a victim of the OPM data breach, everything about me is out there. I love in the perfect universe about how do you defend your identity when everything about you has been compromised to begin with. >> John: So many stories I had a Cube guest talk about LinkedIn and the tactics involved in spearfishing and the efforts that people go in to attack that critical resource that's inside a perimeter. This is a big problem. This is the problem with cyber warfare and security and crime. >> Jonathan: Yes. >> John: Talk about that dynamic, because this is, I mean, we always talk about the cloud changes, the perimeter, but of course, more than ever this is really critical. >> Jonathan: So, fundamentally as we begin going into digital transformation and notions about where data is today and the nature of computing, so everything has changed and the notion of a traditional perimeter has changed as well. So I'm going to borrow a great analogy from my friend Ed Amoroso and he said Look, let's pretend that this is your traditional enterprise network and all of your assets are in there, and we all agreed that that perimeter firewall is being probed every day by nation-state actors, organized criminal syndicates, hacktivists, anybody. Everyone's probing that environment. It's also dissolving because you've got staffers inside there using shadow IT, so they're opening up that firewall as well. Then, you've got applications and portals that need to be accessed by your stakeholders, your vendors, your customers. And so that traditional wall is gradually eroding, but yet that's where all of our data is, right? And against this environment you've got this group, this unstoppable force, as Ed calls it, these nation-state actors, these organize crime, these hacktivist groups, all highly sophisticated, and we all agree, that with time and effort, they can all penetrate that traditional perimeter. We know that because that's why we hire pin testers and red-teamers to demonstrate how to get into that network and how to protect that. So, if that's the case that we have this force, and they're going to break in eventually, why are we still spending all of our time and effort to defend this traditional perimeter that's highly vulnerable? Well the answer is, of course, that we need to distribute these work loads, into multiple clouds and into multi-hybrid cloud solutions. The challenge has been, well how do you do that with enough control and visibility and detection as you would have in a traditional perimeter, because a lot of folks just simply don't trust that type of deployment. >> John: That's the state of the art, that's the state of the art problem. How to deal with the complexity of IT as with digital transformation as it becomes so complicated and so important at the same time, yet cloud is also on the horizon and it's here. We see the results with Amazon Web Services. We see what Azur's doing and Google, etc., etc. And some companies are building their own cloud, so you have this new model, with cloud computing, data-driven applications, and it's complex, but does that change the security paradigm? How does the complexity play into it? >> Jonathan: Absolutely, so complexity has always been the enemy of security and at Fortinet, what we essentially do is that we help companies understand and manage complexities to manage risk. So complexity is only going to increase, so digital transformation, the widespread adoption of digital technologies to enable exponential and explosive productivity growth, right? Societal-level changes, right? >> John: Right. >> Jonathan: Also massive expand the inter connective nature of our society. More and more introductions. Accelerated cycles across the board. Greater levels of complexity. The challenge is going to be, not about whether you're moving into the cloud. Everyone is going to move into the cloud, that is the basis of computing moving next. So in the Australian government, the US government, all the agencies have a cloud-first migration initiative. It's not about whether. It's not about, it's really about when, so how do you move forward with moving your computing, your workload into the cloud? In many ways, it goes back to fundamentals about risk management. It's about understanding your users and your systems, the criticality, the applications you're associated with, and understanding what can you move into the cloud and what do you keep on prim in a private cloud as it were. >> John: I want to ask you more about global, more about cyber security, but first let's take a step back and set the table. What is the wholistic and the general trend in cyber security today. I mean, what is the, what's going on in the landscape and what are the core problems people are optimizing for? >> Jonathan: Sure. So, across my 20-odd years in cyber, what we've seen consistently has been the acceleration of the volume, the complexity, and the variety of cyber threats. 10 years ago, 2007 or so, there were about 500 threat factors. Today we're north of 5,000. Back in that point, there were maybe 200 vendors, today we're north of 5,000 vendors. There was less than $1 billion of cyber security spent. Today we're north of $80 billion of spend and yet the same challenges pervade. And what's happening now, they're only becoming more accelerated, so in the threat environment, the criminal environment, the nation-state threat actors, they're all becoming more sophisticated. They're all sharing information. They're sharing TTP and they're sharing in a very highly effective marketplace. The dark web cyber crime marketplace is an effective mechanism on sharing information, on matching threat actors to targets. So the frequency, the variety, the intelligence of attacks, automated ransomware attacks, is only going to grow. Across the board, all of us on this side of the fence, our challenge is going to be, how do we effectively address security at speed and scale. And that's the key because you can effect security very well in very discrete systems, networks, facilities, but how do you do it from the IoT Edge, from the home area network, the vehicle area network, the personal area network, to the enterprise network, then to a hybrid cloud. A highly distributed ecosystem and how do you have visibility and scale across that when the interval of detection between the detonation of malware to the point of irrecoverable damage, is in seconds. >> John: So tons of attack vectors, but also I would add to complicate the situation further is the surface area. You mentioned IoT. >> Jonathan: Yeah. >> John: We've seen examples of IoT increasing, more avenues in. >> Jonathan: Yeah. >> John: Okay, so you've got more surface area, more attack vectors with technology. Malware is one. We've seen that and ransomware certainly number one. But it's not just financial gain, it's also, there's terrorism involved. >> Jonathan: Absolutely. >> John: So, it's not just financial services, get the cash and embarrass a company. It's, I want to take down that power plant. >> Jonathan: Sure. >> John: So, is there a common thread, because you can, I mean, every vertical is going to have their own rendering issues, have their own kind of situation contextually. But is there a common thread across the industry that cyber security is run, is there a baseline that you guys are attacking and that problems are being solved on? Can you talk about that? >> Jonathan: Sure. So, at the heart of that is a convergence of operational technologies and information technology. Operational technologies were never designed to be IP enabled. They were air-gapped. Never designed to be integrated and interconnected with information technology systems. The challenge has been, as you said, is that as you go through digital transformation, become more interconnected, how do you understand when a thermostat has gone offline, or a conveyor belt has gone offline, or a furnace is going out of control, how do you understand that the HVAC system for the operating theater, the surgery theater, is operating properly? Now we have this notion of functional safety and you have to marry that with cyber security and so, in many ways, the traditional approaches are still relevant today. Understanding what systems you have, the users that use them, and what's happening in that and to detect those anomalies and mitigate that in a timely fashion. Those themes are still relevant, it's just that they're much, much larger now. >> John: Let's get back to the perimeter erosion issue because... >> Jonathan: Yeah. >> John: One of the things we're seeing on The Cube is digital transformation, it's out there, to kick around the buzzword, it's out there, but it's certainly, it's relevant. People are transforming to a digital business. Peter Burrows had (unintelligible) they talk about this all the time and it's a lot, a lot involves IT, business process, putting data to work, all that good stuff, transforming the business, drive revenue, but security is more coarse. And sometimes it's, we're seeing it being unbundled from IT and reporting directly up to either the board level or C level. So, that being said, how do you solve this? I'm a digital transformation candidate. I'm doing it. I got, my mind's full of security all the time. How do I solve the security problems, cyber security problem? Just prevention, other things? What's the formula? >> Jonathan: Okay, so at the heart of cyber security is risk management. So digital transformation is the use of digital technology to drive exponential productivity gains across the board and it's about data-driven decision making versus intuitive-led human decision making. So, the heart of digital transformation is making sure that the business leaders have the timely information to make decisions in a much more timely fashion. So that you have better business outcomes and better quality of life, safety, if you will. And so the challenge is about how do you actually enable digital transformation and it comes down to trust. And so, again across the pillars of digital transformation and they are first, IoT, these devices that are connected to collect and share information, to make decisions, the sheer volume of data, zetabytes of data that will be generated in a process of these transactions. Then you have ubiquitous access and you're going to have 5G. You have this notion of centralized and distributed computing. How will you enable those decisions to be made across the board? And then, how do you secure all of that? And so, at the heart of this is the ability to have automated, and that's key, automated deep visibility and control across an ecosystem. So you've got to be able to understand, at machine speed, what is happening. >> John: How do I do that? What do I do? Do I buy a box? Do I, is it a mindset? Is it everything? What's the, how do I stop those cyber attacks? >> Jonathan: So, you need a framework of automated devices that are integrated. So a couple of things you're going to need. You're going to need to have the points across this ecosystem where you can detect. So, whether that is a firewall on that IoT Edge or in the Home or there's an internally segmented firewall, across the enterprise network into the hybrid cloud. You're also going to need to have intelligence and by intelligence, I mean you're going to need a partner who has a global infrastructure of telemetry to understand what's happening in real time, in the wild. And once you collect that data, you're going to need to have intelligence analysts, researchers, that can put into context what that data means, because data doesn't become information on its own. You actively have to have someone analyze that. So you have to have a team. At Fortinet, we have hundreds of people who do just that. And once you have the intelligence, you've got to have a way of utilizing it, right? And so, then you've got a way of orchestrating that intelligence into that large framework of integrated devices so you can act. And in order to do that effectively, you have to do that at machine speed and that's what I mean by speed and scale. The big challenge about security is the ability to have deep visibility and control at speed, at machine speed, and at scale from that IoT Edge way across into the cloud. >> John: Scale's interesting, so I want to ask you about the Fortinet. How are you guys at Fortinet solving this problem for customers because you have to, is it, the totality of the offering? Is it some here, technology here and again, you've got 5,000 attack vectors, you mentioned that earlier and you did the defense report at Verizon, your former job. So you kind of know the landscape. What does Fortinet do? What do you guys, how do you solve that problem? >> Jonathan: So, from day one, every CISO has been trying to build the fabric. We didn't call it that, but from my first packet-filtering firewall to my first stateful firewall, then I deployed intrusion-detection systems and when all that generated far more lists than I can manage, I deployed an SEM. And then I went to intrusion prevention and I had to look at logs, and so I went to an SIEM. And when that didn't work, I deployed Sandbox, which was called dynamic malware inspection back in the day. And then when that didn't work, I had to go to analytics. And then I had to bring in third-party technology, third-party intelligence feeds and all along, I hoped I was able to make those firewalls, those defense sensors, that platform integrated with intelligence, work somehow to detect the attack and mitigate that in real time. Now, what we essentially do in the Fortinet security fabric is we reduce that complexity. We bring that level of automa-... >> John: And by the way, your ad hoc, you're reacting in that mode. You're just, ya know, I got to do this. I got to add that to it. So it's almost like sprawling, software sprawl. You're just throwing solutions at the wall. >> Jonathan: Right, and a lot of that time, no one knows if the devices are properly configured. No one has actually done the third party technology integration. No one has actually met the requirements that we'd employ three years ago through requirements today and the requirements three years from now. And so, that's a huge level of complexity and I think at the heart of that complexity, that's reflected in the fact that we're missing the basic elements in security across today. The reason the large data attacks and the data breaches didn't come because of advanced malware. They didn't happen of nation-state threats. These were known vulnerabilities. The patches existed. They weren't patched. In my experience, 80% of all the attacks could be mitigated through simple to intermediate controls. >> John: Deploying the patches. Doing the job. >> Jonathan: Complexity. Patch management sounds easy. It's hard. Some applications, there is no patch available. You can't take things offline. You have to have virtual patches or unintended consequences. And there are a lot of things that don't happen. There's the handoff between the IT team and the security team and it adds complexity. And if you think about this, if our current teams are so overwhelmed that they cannot mitigate known attacks, exploits against known vulnerabilities, how are they going to be able to grapple with the complexity of managing zetabytes of data with an ecosystem that spans around the world, that operates in milliseconds, where now it's not just digital issues. It's health, safety, physical security. How can we trust that a connected vehicle is secure or not. >> John: Talk about the dynamic between machines and humans because you mentioned patches, and this is, you can argue that it's a human mistake, but also you mentioned automation earlier. The balance between automation, using machines and humans, because prevention and risk management seem to be the axis of the practice. It used to be all prevention, now it's a lot more risk management. There's still a human component in here. >> Jonathan: Yeah. >> John: How are you guys talking about that and how is that rendering itself as a value proposition for customers? >> Jonathan: So, humans are the essence, both the challenge, in so many cases we have faulty passwords, we have bad hygiene. That's why security's awareness training is so critical, right? Because humans are part of the problem, on one end. On the other end, within the sock, humans are grappling with huge amounts of data and trying to understand what is malicious, what needs to be mitigated, and then prioritizing that. For us, it's about helping, the complexity, reducing the complexity of that challenge and helping automate those areas that should be automated so the humans can act better and faster, as it were. >> John: We're here with Jonathan Nguyen with Fortinet. I want to ask you about the ecosystem you mentioned that early and also the role of CISO, the Chief Information Security Officer and CIO, essentially the executives in charge of security. Say you have executives in charge of the risk management, don't get hacked, don't get breached, and also the ecosystem partners. So, you have a very interesting environment right not where people are sharing information, you mentioned that earlier as well. So you got the ecosystem of sharing and you have executives in charge of running their businesses effectively and not have security breaches happen. What's happening in... What are they working on? What are the key things that chief security officers are working on with CIOs? What specifics are on their plate and what's the ecosystem doing around that too? >> Jonathan: Sure. So digital transformation dominates all discussions today. And every CISO has two masters. They have a productivity master, which is always the business-side of the house and they have a security master, which is ensuring that reasonable level of security is, in the advent, managing risk, right? And that's the challenge, how do you balance that? So, across the board, CISOs are being challenged to make sure that the applications, the digital transformation initiatives are actually occurring and at the same time, in the advent of a data breach, understanding the risk and managing the risk. How do you tell your board of directors, your governments that you're not only compliant, but that you have handled risk to a reasonable level of assurance? And that means, in my opinion, across my experience, you've got to be able to demonstrate a couple of things: one, you have identified and adopted, with third-party implementation and attestation, a recommended best practices and controls. Second, you've implemented and used best-in-class products and technologies like Fortinet. Products that have gone through clearances, gone through common criteria, where things are properly certified and that's how you demonstrate a reasonable level. It's really about risk management, understanding what level of risk you will tolerate, what level of risk you will mitigate, and what level of risk you're going to transfer. And I think that's the discussion at the board level today. >> John: So more, make people feel comfortable, but also have a partner that can actually do the heavy lifting on new things. 'Cause there's always going to be a new attack vector out there. >> Jonathan: Absolutely. So I think the key to it is understanding what you're really good at and so then one of the questions I ask ever CISO is that when you look at technology, what is it that your organization is really good at? Is it using technology? Is it operationalizing that experience? Or is it really about ensuring that the firewall is integrated with your sim and that the sim works and trying to create your own threat intelligence. And I think that one of the things we do better than anybody else is that we reduce the level of complexity of that, allowing our clients to really focus on providing security, using the best-in-class technologies to do that. >> John: Jonathan, a final question. In 2018, what's your outlook for the year for CISOs and companies with cyber right now? >> Jonathan: I think it's going to be an exciting time. I think, is there going to be a focus back on basics? Because before we take this next evolutionary leap, in terms of cyber and computing and the digital nature of our society, we've got to get the basics done right. And I think the way Fortinet's going, our ability to use the fabric, to help manage risk, and reduce risk, is going to be the path forward. >> John: This is The Cube, bringing you commentary and coverage of cyber security of course, here in our Palo Alto studio. I'm John Furrier, thanks for watching. (orchestral music) The Cube.