(upbeat jazz music) [Woman] - From our Studios in the heart of Silicon Valley, Palo Alto, California, this is a CUBE conversation. >> Hello and welcome to theCUBE Studios in Palo Alto, California, for another CUBE conversation, where we go in depth with thought leaders driving innovation across tech industry. I'm your host Peter Burris. Almost everybody's heard of the term black-hat and white-hat. And it constitutes groups of individuals that are either attacking or defending security challenges. It's been an arms race for the past 10, 20, 30 years as the worlds become more digital. And an arms race that many of us are concerned that black-hats appear to have the upper hand. But there's new developments in technology and new classes of tooling that are actually racing to the aid of white-hats and could very well upset that equilibrium in favor of the white-hats. To have that conversation about the ascension of the white-hats, we're joined by Derek Manky, who's the Chief Security Insights & Global Threat Alliances lead at Fortinet. Derek, thanks for joining us for another CUBE conversation. >> It's always a pleasure speaking with you. [Peter] - All right. [Derek] - Happy to be here. >> Derek, let's start, what's going on at FortiLabs at Fortinet? >> So 2019, we've seen a ton of development, a lot pretty much on track with our predictions when we talked last year. Obviously a big increase in volume, thanks to offensive automation. We're also seeing low volume attacks that are disrupting big business models. I'm talking about targeted ransom attacks, right. But, you know, criminals that are able to get into networks, cause millions of dollars of damages thanks to critical revenue streams being held. Usually in the public sector we've seen a lot of this. We've seen a rise in sophistication's, the adversaries are not slowing down. AET's, the mass evasion techniques are on the rise. And so, you know, to do this on FortiGaurd Labs, to be able to track this and map this, we're not just relying on logs anymore and, you know, 40, 50 page white papers. So, we're actually looking at that playbooks now, mapping the adversaries, understanding their tools, techniques, procedures, how they're operating, why they're operating, who are they hitting and what might be their next moves. So that's a bit development on the intelligence side too. >> All right, so imagine a front this notion that the white-hats might be ascending. I'm implying a prediction here. Tell us a little bit about what we see on the horizon for that concept of the white-hats ascending and specifically, why is a reason to be optimistic? >> Yeah, so it's been gloomy for decades like you said. And for many reasons, right, and I think those reasons are no secrets. I mean, cyber criminals and black-hats have always been able to move very, you know, with agility right. Cyber crime has no borders. It's often a slap on the wrist that they get. They can do a million things wrong, they don't care, there's no ethics and quite frankly no rules binding them right. On the white-hand side, we've always had rules binding us, we've had to take due care and we've had to move methodically, which slows us down. So, a lot of that comes in place because of frameworks, because of technology as well, having to move after it's enabled to with frameworks, specifically with making corrective action and things like that. So, those are the challenges that we faced against. But you know like, thinking ahead to 2020, particularly with the use of artificial intelligence, everybody talks about AI, it's impacted our daily lives, but when it comes to cyber security, on the white-hat side a proctor AI and machine learning model takes times. It can take years. In fact in our case, our experience, about four to five years before we can actually roll it out to production. But the good news is, that we have been investing, and when I say we, I'm just talking to the industry in general and white-hat, we've been investing into this technology because quite frankly we've had to. It takes a lot of data, it takes a lot of smart minds, a lot of investment, a lot of processing power and that foundation has now been set over the last five years. If we look at the black-hats, it's not the case. And why? Because they've been enjoying living off the land on low hanging fruit. Path of least resistance because they have been able to. >> So, what are the things that's changing that, equilibrium then, is the availability of AI and as you said, it could take four, five years to get to a point where we've actually got useful AI that can have an impact. I guess that means that we've been working on these things for four, five years. What's the state of the art with AI as it pertains to security, and are we seeing different phases of development start to emerge as we gain more experience with these technologies? >> Yeah, absolutely. And it's quite exciting right. AI isn't this universal brain that solves the worlds problems that everyone thinks it might be right. It's very specific, it relies on machine learning models. Each machine learning model is very specific to it's task right, I mean, you know, voice learning technology versus autonomous vehicle jobbing versus cyber security, is very different when it comes to these learning purposes. So, in essence the way I look at it, you know, there's three generations of AI. We have generation one, which was the past. Generation two, which is the current, where we are now and the generation three is where we're going. So, generation one was pretty simple right. It was just a central processing alert machine learning model that will take in data, correlate that data and then take action based off of it. Some simple inputs, simple output right. Generation two where we're currently sitting is more advanced. It's looking at pattern recognition, more advanced inputs, distributed models where we have sensors lying around networks. I'm talking about even IoT devices, security appliances and so forth, that still record up to this centralized brain that's learning it and acting on things. But where things get really interesting moving forward in 2020 gets into this third generation where you have especially moving towards cloud computer, sorry, edge computing, is where you have localized learning nodes that are actually processing and learning. So you can think of them as these mini brains. Instead of having this monolithic centralized brain, you have individual learner nodes, individual brains doing their own machine learning that are actually connected to each other, learning from each other, speaking to each other. It's a very powerful model. We actually refer to this as federated machine learning in our industry. >> So we've been, first phase we simply used statistics to correlate events, take action, now we're doing acceptions, pattern recognition, or acceptions and building patterns, and in the future we're going to be able to further distribute that so that increasingly the AI is going to work with other AI so that the aggregate, this federated aggregate gets better, have I got that right? >> Yeah absolutely. And what's the advantage of that? A couple of things. It's very similar to the human immune system right. If you have, if I were to cut my finger on my hand, what's going to happen? Well, localized white blood cells, localized, nothing from a foreign entity or further away in my body, are going to come to the rescue and start healing that right. It's the same, it's because it's interconnected within the nervous system. It's the same idea of this federated machine learning model right. If a security appliance is to detect a threat locally on site, it's able to alert other security appliances so that they can actually take action on this and learn from that as well. So connected machine learning models. So it means that by properly implementing these AI, this federated AI machine earning models in an organization, that that system is able to actually in a auto-immune way be able to pick up what that threat is and be able to act on that threat, which means it's able to respond to these threat quicker or shut them down to the point where it can be you know, virtually instantaneous right, before the damage is done and bleeding starts happening. >> So the common baseline is continuously getting better even as we're giving opportunities for local managers to perform the work in response to local conditions. So that takes us to the next notion of, we've got this federated AI on the horizon, how are people, how is the world of people, security professionals going to change? What kind of recipes are they going to follow to insure that they are working in a maximally productive way with these new capabilities, these new federated capabilities, especially as we think about the introduction of 5G and greater density of devices and faster speeds in the relatancies? >> Yeah so, you know the world of cyber computer, cyber security has always been incredibly complex. So we're trying to simplify that and that's where again, this federated machine learning comes into place, particularly with playbooks, so if we look at 2019 and where we're going in 2020, we've put a lot of groundwork quite frankly and so pioneering the work of playbooks right. So when I say playbooks I'm talking about adversary playbooks, knowing the offense, knowing the tools, techniques, procedures, the way that these cyber crime operations are moving right and the black-hats are moving. The more that we can understand that, the more we can predict their next move and that centralized language right, once you know that offense, we can start to create automated blue team playbooks, so defensive playbooks. That security technology can automatically integrate and respond to it, but getting back to you question, we can actually create human readable CECO guides that can actually say, "Look, there's a threat," "here's why it's a problem," "here are the gaps in your security that we've identified," "here's some recommended course of action as an idea too." Right, so that's where the humans and the machines are really going to be working together and quite frankly moving at speed, being able to that at machine level but also being able to simplify a complex landscape, that is where we can actually gain traction right. This is part of that ascendancy of the white-hat because it's allowing us to move in a more agile nature, it's allowing us to gain ground against the attackers and quite frankly, it allows us to start disrupting their business model more right. It's a more resilient network. In the future this leads to the whole notion of self-healing that works as well that quite frankly just makes it a big pain, it disrupts your business model, it forces them to go back to the drawing board too. >> Well, it also seems as though, when we start talking about 5G, that the speeds, as I said the speeds, the dentancy, the reduced latency, the potential for a bad thing to propagate very quickly, demands that we have a more consistent, coherent response, at both the the machine level but also the people level. We 5G into this conversation. What's, what will be the impact to 5G on how these playbooks and AI start to come together over the next few years? >> Yeah, it's going to be very impactful. It is going to take a couple of years and we're just at the dawn of 5G right now. But if you think of 5G, your talking about a lot more volume, essentially as we move to the future, we're entering into the age of 5G and edge computing. And 5G and edge computing is going to start eating the cloud in a sense that more of that processing power that was in the cloud is starting to shift now towards edge computing right. This is at on Premis.it So, A; it is going to allow models like I was talking about, federated machine learning models and from the white-hats point of view, which again I think we are in the driver seat and a better, more advantageous position here, because we are more experienced again like I said, we've been doing this for years with black-hats quite frankly haven't. Yes, they're toying with it, but not in the same level and skill as we have. But, you know, (chuckles) I'm always a realist. This isn't a completely realsy picture, I mean, it is optimistic that we are able to get this upper hand. It has to be done right. But if we think about the weaponisation of 5G, that's also a very large problem right. Last year we're talking about swarm networks right, the idea of swarm networks is a whole bunch of devices that can connect to each other, share intelligence and then act to do something like a large scale DDoS attack. That's absolutely in the realm of possibility when it comes to the weaponisation of 5G as well. >> So one of the things, I guess the last question I want to ask you is, is you noted that these playbooks incorporate the human element in ways that are uniquely human. So, having CECO readable recipes for how people have to respond, does that also elevate the conversation with the business and does, allows us to do a better job of understanding risk, pricing risk and appropriately investing to manage and assure the business against risk in the right way? >> Absolutely. Absolutely it does, yeah. Yeah, because the more you know about going back to the playbooks, the more you know about the offense and their tools, the more you know about how much of a danger it is, what sort of targets they're after right. I mean if they're just going trying to look to collect a bit of information on, you know, to do some reconnaissance, that first phase attack might not cause a lot of damage, but if this group is known to go in, hit hard, steal intellectual property, shut down critical business streams through DoS, that in the past we know and we've seen has caused four, five million dollars from one breach, that's a very good way to start classifying risk. So yeah, I mean, it's all about really understanding the picture first on the offensive, and that's exactly what these automated playbook guides are going to be doing on the blue team and again, not only from a CoC perspective, certainly that on the human level, but the nice thing about the playbooks is because we've done the research, the threat hunting and understood this, you know from a machine level it's also able to put a lot of those automated, let's say day-to-day decisions, making security operation centers, so I'm talking about like SecDevOps, much more efficient too. >> So we've talked about more density at the edge amongst these devices, I also want to bring back one last thought here and that is, you said that historically some of the black-hats have been able to access with a degree of impunity, they have necessarily been hit hard, there's been a lot of slapping on the wrist as I think you said. Talk about how the playbooks and AI is going to allow us to more appropriately share data with others that can help both now but also in some of the forensics and the enforcement side, namely the legal and policing world. How are we going to share the responsibility, how is that going to change over the next few years to incorporate some of the folks that actually can then turn a defense into a legal attack? >> Threat elimination is what I call it right. So again, if we look at the current state, we've made great strides, great progress, you know, working with law enforcement, so we've set up public private sector relationships, we need to do that, have security experts working with law enforcement, law enforcements working on their end to train prosecutors to understand cyber crime and so forth. That foundation has been set, but it's still slow moving. You know, there's only a limited amount of playbooks right now. It takes a lot of work to unearth and do, to really move the needle, what we need to do, again like we're talking about, is to integrate a artificial intelligence with playbooks. The more that we understand about groups, the more that we do the threat illumination, the more that we uncover about them, the more we know about them, and by doing that we can start to form predictive models right. Based, I always say old habits die hard. So you know, if an attacker goes in, hits a network and their successful following a certain sequence of patterns, they're likely going to follow that same sequence on their next victim or their next target. So the more that we understand about that, the more that we can forecast A; from a mitigation standpoint, but the, also by the same token, the more correlation we're doing on these playbooks, the more machine learning we're doing on these playbooks, the more we're able to do attribution and attribution is the holy grail, it's always been the toughest thing to do when it comes to research. But by combing the framework that we're using with playbooks, and AI machine learning, it's a very very powerful recipe and that's what we need to get right and forward in the right direction. >> Derek Manky, Fortinet's Chief of Security Insights & Threat Alliances, thanks again for being on theCUBE. >> It's a pleasure. Anytime. Happy to talk. >> And I want to thank you for joining us for another CUBE conversation. I'm Peter Burris, see you next time. (upbeat jazz music) >> Yeah I thought it was pretty good. [Man] - That was great. [Derek] - Yeah, yeah.

>> Live from Boston Massachusetts, it's theCUBE, covering AWS re:Inforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. >> Hello everyone, welcome back to the live cube coverage here in Boston Massachusetts. This is theCUBE's coverage, I'm John Furrier with Dave Vellante. Special guest Shira Rubinoff, president of Prime Tech, Cybermind genius, VIP influencer. Love havin' her on. We are here at AWS re:Inforce, AWS inaugural event. Great to have you on, be host with us and to do more hosting and co-hosting with us as we bring the community cube to security. >> Excellent, I think this is the perfect conference to do that. >> Shira and Dave, so day one's in the books. We got another full day of coverage, a lot of action happening. I think the seminal point of this event is that you have Amazon Web Services. They already run the biggest event, re:Invent. They have summits all around the world. Some summits get huge numbers but this has been rebranded, re:Inforce, by design, this is not another summit, Dave, this is a game statement from Amazon. >> Well, Pat Gelsinger, several years ago, told us on theCube security's a do over, it's got to be reinvented and Amazon is reinforcing that message. And, rebuilding it from the ground up with developers and the security is code mindset. Your thoughts. >> Now certainly as technology advances, cloud security has to advance as well and the cloud is looking towards technology to know how to differentiate itself and continue to add to it and change up. And, as we talk about AWS, they secure the cloud and the customers have to secure in the cloud. Which is a very important piece because it almost lends itself. When people are talking about, how do you secure an environment and even if you look at organizations, there's a talk between the CIO, what's the role of a CIO and what's the role of a COO. Almost look at it like how AWS really positions itself. Securing the cloud, securing in the cloud, securing the industry itself, securing within the company. And, what AWS really has seen and really is doing is it's saying you got to work hand in hand, it has to be a partnership. And, a partnership is able to secure things much better than a one person. Because then you're putting the ownness on everybody and if everybody is actually thinking about security all the time, it's going to yield best security. >> And the things we heard, Shira, I want to get your thoughts on, encryption always on, everyone's watching, so, shared responsibility, these are the buzz words, reasoning. This is industry wide. I know you do a lot of traveling, do a lot of public speaking. You do a lot of work with some of the big companies and their transformations. What are you seeing? Because, you're out there getting the data, we got some data. What's the big trend, what's the macro trend right now, the most important story that needs to be told in this new reimagined security renaissance? >> Well, I think it's just that. I think that people are moving towards the cloud for the reasons of, one plus one equals three. You're going to have the security of the cloud and you're also going to have the security of the organization within the cloud. And the organizations are realizing today moving to the cloud they could have better overall security. So, that is the trend that I'm seeing, certainly from the larger companies out there and the smaller ones are building it from the ground up. They're saying, you know what, let's make it a solution that we're going to build, going right from day one and not putting band-aids on it to try to make it to secure after. So, they're really learning from the experts. >> Dave, I want to get your thoughts with Shira on this because all three of us do a lot of content. We make content for a living, we kind of think about that with users in mind, the audience. Well I overheard a couple of things at this event that I've been hearing at other events. Open ecosystems and the partner networks are developing. And so that makes a lot of sense, integration's a big part of security but I hear people saying, I want to meet more people, I wannna meet the person who runs, partners of that company. So, you have, I've seen for the first time a real hunger-- >> Yeah >> for social interaction at the events, more hunger for understanding who the other partners, not just what they sell-- >> You know what? >> but what's on their mind. >> So interesting, you bring that up and that's a very new piece we are seeing today. It used to be, this is my information and I'm not sharing it with you. I'm going to build something and you're going to have to guess what I'm doing because that's my secret sauce but companies were realizing that's not going to work. We need to collaborate, we need to share ideas. And the biggest companies are all banding together to share the best breed of technology and the best breed of way how to deal with security. Because, they realize that we're all trying to protect also from the same bad actors out there and they realize by collaborating, they're all stronger as a whole and stronger by themselves as well. So, this collaboration is a big deal and that's taking the trends forward >> Dave, what's your take on this? >> Well and it comes back to something we've talked about a lot today and over the years in theCube is this whole API economy. For decades, we've been trying to solve the distributed systems problem. You saw it in little pockets, obviously the internet, but it's in limited work loads. >> Amazon kind of did that. >> And Amazon has solved that problem. Massively scalable distributed systems and then, now it's okay, how do you secure it? So the shared responsibility model is very interesting and I think misunderstood. The number one problem we're hearing here, that customers are having is keeping up with Amazon because Amazon's moving at such a fast pace. That's so rare in the technology industry, where the vendors are always a little bit ahead of the customers but not light-years ahead. Amazon is just, like, pushing them out of the plane. And, so, I think the shared responsibility model is very important, I think it's misunderstood. >> Yes. >> I think people were expecting, oh, Amazon can take care of everything in the cloud and that's not the case. >> Correct. >> So-- >> Well if you're going to use the pushing out of the airplane analogy, you got to say, you got to make sure the parachute opens. >> Well. >> So when you pull the ripcord, this is what companies have to understand, that they got to be compatible with the way the architecture of cloud-native works and the right way to lift in shifts. So, there's a way to lift in shifts and there's a way not to lift in shifts. You can lift and shift infrastructure but you can't lift and shift entire workloads. >> Very true but also, making somebody responsible for their can of worms is important too. Because that also leads back to culture of the organization. If security is part of culture and they have responsibility as within the cloud that Amazon is pushing. You handle within the cloud, that's your wheelhouse, you do that, that's becoming something that becomes part of culture and is a everyday thing. Which, in turn I talk a lot about cyber-hygiene within organization, it's not just training, it's not just awareness, it's not just security and patching, and not just zero, there's also being aware of it and making it an everyday item, that has to be utilized. Amazon is right on the button with this. >> You know, I heard a phrase. >> Yeah. >> The best thing about doing these Cube interviews is that, you meet such smart people and learn a lot. But, I love the quote I heard from the co-founder of Sumo Logic. He was awesome and he said, "Process is a reflection of culture." And so in a digital transformation equation, which we all know, it's the cliche, people process technology. >> People process technology. >> People with talent gaps or skill gaps get it, technology plenty of tech, now, the process. >> Well, the process-- >> That's always the hardest nut to crack and most people won't give it up and they won't fight for it. >> Yeah. >> It's the most important. >> But, that's also the glue between the two. You're not going to have a secure environment if you're just dealing with security and you're not going to have a secure environment just dealing with the people. The process in the middle, the process, yes, the Canadian land of it. That's the glue between it. That's what makes it run and you have to get to that. As you were saying, you have to get to the process, you got to make that run well and then you nail the two together, that's full security. >> The other big thing here, not this conference but a theme that we've talked about for quite some time on theCube, is this notion of big tech. So it's been said that Amazon, Facebook, Google, maybe even Microsoft. Elizabeth Warren saying, break up big tech. Amazon, people have said, split AWS out from core Amazon retail. What do you guys think about that? Is that the right thing to do? >> No, I don't think it's the right thing to do. >> Why not? >> Like I said we had, Jimmy on earlier. They're not breaking any laws. And then, why would you want to take down what could be a competitive advantage for national security. >> Correct. >> AI is going to be, and machine learning, and the role of data is going to be a power source for good and also for safety. >> Of course. >> So why would you want to take the best companies, who are doing the best work, and handicap 'em, over one argument? That Facebook wasn't responsible in dealing with making billions of dollars in free cash flow. >> So the argument is-- >> And , in the election they broke democracy-- >> Okay, too big. That's not a good argument. >> No. >> Maybe, appropriating our data to sell more ads that should be looked at, don't you think? >> I just don't buy the tech for bad argument because, yes, some bad things have happened but the regulators and the law makers, you can't legislate what you don't understand, you can't regulate what you don't understand. So, as it's been coming out from the biggest minds in tech and in government, the law makers aren't smart enough yet. It's like they're in kindergarten, crayon outside the lines, they're tryin' to write. They don't even know what tech is, so. >> You know what, you've been taking about the Chernobyl, push the buttons, I feel like that's what public policy is putting forth. Just push the buttons now and blow it up. Rather, public policy should catch up, understand it and maybe set a framework and put in laws. So that we have a clear understanding. >> Our current government is like that scene in Chernobyl. >> Oh my god. >> That is exactly what's happening, Dave. You can apply that metaphor, just do it. >> The problem is there's no proper regulation yet. >> Right. >> You got to get everyone in the room and everybody has to agree, at least on a initial framework. We've started but we're no where near where we need to be. You have to look at safety of our nation and that's a big factor. I've gone to Congress, as a part of Cybersecurity Women, testifying for Congress and talking about this and they still don't have a handle. There's nobody who's running the ship. >> Describe what it was like there. >> Well, I went down with the executive woman for Women's Forum, which was an amazing group. We went down there, we talked to different people in Congress. They're very open to it and they realize that we really need to do something. The problem is it's very disorganized. Sadly, it's way too disorganized. Nobody knows who's calling the shots. There's a nice bunch of different groups that are working towards it but there's no one at the helm of it saying, all right, let's all fall into place and do it. Little pockets, doing little things, but not everybody banding together. That needs to change, that has to change. I'm hoping it's coming down to where it's going to be something. >> I think there's going to be a revolution in a positive way. Where again, back to my tech for good thing. I don't think people yet know how to articulate what tech for good is. There's plenty more use cases where tech could be used for good, than there are bad. Bad is always an early adopter before good. We've seen that in the web, the underbelly of multiple trends. But, the reality is, I see the bad as bad but I see so much more good going on that could be enabled. That's what I'm afraid of, that they litigate what's happening for bad and they screw the good. >> It's almost like technology, right? You have to be proactive, as well as reactive. Everybody is running to be reactive to a problem but no one was being proactive. Now, technology is understanding we have to be proactive, as well as reactive. Same like your saying, John, it has to happen from the front. >> All right, so, while you're here, I want to get you and Dave to weigh in on this, cause it's been near and dear to my heart for many years, over a decade. Humans and machines, this conversation's been discussed, here again, Dave, some of the smartest people in the industry are reiterating, Brian from, again, Sumo Logic, he's got a great view on this and there's others as well. The role of the human really is important, not just having machines do all this automation. It's not about job replacement, it's more the craft of creating outcomes that are going to be acceptable for defense, or for good, the human's critical. Your guys thoughts. >> Sure, so, we talk automation, right? People are afraid of that, they're saying, robots and machines are going to replace us. Not true. Downright it takes away menial tasks which will be giving jobs and actually creating jobs in a more meaningful way. I talk a lot about the human factors of technology and cybersecurity. Think about it, a human is developing technology to help a human, a human is using technology to hurt a human, what's the common factor? The human. We're dealing with people, they're not being replaced. There's always going to be humans there. So machines are going to help us with automation. It's going to help us with digital transformation, we'll throw the buzz words out there but they're actually meaningful, if you dial back and understand that. I think people are weary of it because they don't understand it. If they're not understanding, how it could actually help an organization, how it can be used right, then there's fear. So, we couple back to education. Education coupled with humans, machines, technology, we're going to have something very strong and really, really good. So, it's not something to be fearful of. It's something to educate yourself and be excited about and move along with technology, as it advances. >> Well, machines have always replaced humans, for various tasks. So, that's sort of natural. For the first time in history, we're replacing cognitive tasks and I think that's scares a lot of people. And, I think you're right on Shira, the answer is not to protect the past from the future, it's education. >> Correct. >> Because, innovation, we've talked about this, innovation comes from now a combination of things, it's not just Moore's law or new products that are coming out at some rapid pace. It's the combination of data, artificial intelligence, the cloud for scale. This combinatorial innovation is going to require new creativity, new thinking, and education is at the heart of that. So, I think the question is, what can public policy be to foster that? Are we teaching the right things? Is public policy and public and private partnerships fostering that type of innovation? And, so, I think there's reasons to be concerned in terms of productivity, impacts on wages, et cetera, et cetera. But, I'm an optimist, I think the future is very, very, bright. >> Okay, so, as we wrap down day one, great to have you on as a guest host, we're going to do a lot more coverage, so, we're going to be collaborating and we're going to initiate coverage of the security sector with theCube. You're going to start seeing us do a lot more events, distracting you from the noise, a lot more community involvement outreach, looking for participation and help from our friends, Cube alumni, the 8000 plus Cube alumni's that are out there, join us if you got some security chops, you know people in security have something to add, we're always open. We're here at re:Inforce. What's your guys thoughts here? I think it's a great event. I think it's going to be one of those moments, where we were present at creation, again, for another big wave, it's coming. Your thoughts about re:Inforce. >> Well, I think re:Inforce has found it's niche. I think it's needed. I think cloud security is being embraced. I think there's a real need for it. And, I think just highlighting those actions, that their taking is very much needed and we're going to see a lot more out of re:Inforce, for sure. >> Yeah, I agree, I mean critical mass here. I guess 8000 or so people that care about security, specifically care about cloud security, it's just going to get bigger and bigger and bigger. >> I mean, I was impressed by, first of all, that great cloud security across the board. I was really impressed by the amount of heavy hitters that are here and it's the heavy hitters that aren't the big exec brand names, the CEO of this company. You had the working CEOs of the startups, CEOs of the startups, the key biz dev people, the key marketing people-- >> CECOs >> and the CECOs are here, because they're investing. >> That's the pain point, they're feeling like they know. >> They're investing together and they're building out, in real time, it's really fast, a community around cloud security. >> So, it's interesting. So, you know, Andy Jassy's not here. You don't see Theresa. But, what you do see, is the CECO saying, I'm betting my business on the cloud, I can't scale without the cloud. I have to be at this show. And, your seeing, maybe, it's a little bit of Andy and Theresa, let go to grow and then sort of pyramid out. That innovation. >> Well, I saw Jassy at Public Sector Summit. I should of asked him this-- >> They can't be anywhere. >> I inferred from his response, when I did ask him if he's coming, is that in looking at how they're executing, they don't need the big guns here because the team's doing it. It's one of those, when you have organic chemistry coming together. You don't want the big execs being go do it. >> Sure >> You got to let it foster on it's own and that's why I'm impressed by the people here because they're the ones that are putting the sparks of creativity together, they're putting deals together, relationships are forming. That's how organic community is built. >> And, I don't think the people here want to hear, frankly, from Andy. They can hear from Andy at re:Invent. And, so, what they want to hear is the substance that they heard in the key notes today >> Security, call security. >> those are some serious-- >> Well for an inaugural event, this is amazing, right? For the sheer size of it, for a first time event is amazing and having the heavy hitters, like you said, really invested, and time, people don't have time. And to actually invest their time here and want to be here and want to learn and want to share. That speaks volumes. >> And, that's not to say Andy Jassy doesn't have substance. His key notes are among the best and there always-- >> But, you know, he's scripted >> super substantive >> But, here's the thing-- >> But, when it comes to security deep dives, you don't want to hear from him. You want to hear from somebody like Shmidt today. >> Well, some public information that I found out, that's now public is that there are a 100,000 security subscriptions in AWS marketplace. >> Wow. >> One million subscriptions paid for in AWS marketplace, as a whole. 100,000 plus security software buys there. >> Wow. >> Okay. That's huge. >> Yes >> Huge for a little cottage industry going on called Cloud Security. >> Look at the rate the industry's growing. Look at Cisco, we were just at Cisco a couple weeks ago. Cisco's a huge company, 40 billion dollar company. Their security practice is growing 21% a year. I mean, that's huge for a company that's growing basically single digits. >> Well, we'll have Josh on, sorry go ahead. >> Yeah, no, I said, just looking at all these large companies that we're all talking to and that we're dealing with, some that I'm consulting to. People are moving to the cloud and they're saying, that one of the big reasons or the reason, is for extra and more leveled security. So, I think cloud is going to be taking the forefront and I think it's going to be much bigger than people really think. >> And, customers are telling us, they want more innovation from the security vendor community and, again, that comes from cloud. The data comes from cloud, comes from machine intelligence. You put those things together-- >> Shira, great to have you on. Dave, as always profound insight, taking a red eye, you're an all day warrior. Energizer bunny. Cube coverage here, AWS re:Inforce, day one. Day two tomorrow, thanks for watching. >> Thank you. (techno music)

>> Narrator: Live from Las Vegas, it's theCUBE. Covering Veritas Vision 2017. Brought to you by Veritas. >> And we're back at Veritas Vision 2017 in Las Vegas. This is theCUBE, the leader in live tech coverage. My name is Dave Valanti and I'm here with my co-host, Stuart Miniman, and we've been unpacking the innovations and the evolution of Veritas at Veritas Vision over the past two days. Shahin Pirooz is here, he's the CTO of Data Endure. >> Shahin: Thank you for having us. >> Welcome to theCUBE, thanks for coming on. Digitally resilient. That's an interesting and powerful and loaded phrase. [Shahin] Sure. What does it mean to be digitally resilient? >> Ultimately, we're trying to get our customers digital resilience, and what that means to us is that your people have access to their data whenever they need it, wherever they need it, in a secure and protected manner. >> I got to follow up on that, but before I do, give us an overview of your company, what you guys do and what your specialty is. >> We're a system integrator and we happen to resell stuff as well, including Veritas, and we're about 32 years old. We evolved from very early days in the tech space, and continue to evolve the company and today, have four practice areas. Those practice areas include security and compliance, data center and cloud, the information management practice, which is where Veritas clearly falls into, and finally, we have a systems and storage practice, which is primarily one of our biggest practice areas in terms of revenue. We have, go ahead. >> [Dave} Go Ahead, please, carry on. >> We have customers. All of the biggest names you'd imagine in the Silicon Valley. Cisco, Facebook, Yahoo, Google, and then a series of customers below that tier as well. >> Really, those customers are relying on you to do their integration? To help with their deployments, get value faster? >> Yep, CenturyLink is the largest Veritas net backup appliance deployment in the world, and we implemented that platform for them. >> Interesting. You've got these heavy engineering driven companies, and they just what? They just don't want to waste time on stuff that's not their main business? >> So typically, it's like any IT organization. You've got a series of projects and those projects are spread out across the engineers that you have. Then you have something that you have to get done that's more urgent and more critical. You've got to re-vamp your backup infrastructure, for example, or you got to build out a new backup as a service offering, in CenturyLink's case. And while the engineers have the skillset to do it, they're also doing 60 other things during the day. So they bring companies like us in to get it done quickly, get it done accurately. Then, there's a level of reliance on not only our technical depth, but the access to visibility of what we see in other places as well. Whereas, your engineers might be focused on a single thing within a company, we see a lot of different environments. So when we run into problems, it's not the first time we've run into it, and we can get through it much more quickly. >> So this idea of digital resilience is really interesting to me. They say you should skate to the puck. I think you're really skating to the puck as most customers haven't transformed digitally even though everybody's talking about it, but what I said, it's really a rich and loaded phrase, what I'm inferring from it is if you're going to go digital, you better not bolt on resilience. You better design it in. I mean, that's sort of my inference. >> Shahin: That's exactly right. >> Well, talk about it a little bit. >> Typically, there's a, we look at the consumption and cloud is a big part of this journey for both our Veritas and ourselves. We look at cloud consumption as a journey that happens in five phases, or maturity levels, as we like to call them. So the cloud maturity model that I talk about often is level one is usually companies that start consuming backup to the cloud. The first step is we're going to backup our data to the cloud target and remove tape from our environment. Second step is consumption of storage. Then, you start moving some virtual machines, doing lift and shifts to the cloud at Level three, and Level four is when that digital transformation starts to happen. Where you're starting to build consumed cloud native data bases instead of just migrating your database to the cloud. Then, Level five is typically the startups of the world, which are building cloud native applications and companies will eventually get to the point where they're building those cloud native applications. >> It's an interesting model. Cloud's getting more and more complicated. We said some of those companies that started up, out, cloud native, everything built there. >> Shahin: Yes. >> Sometimes, they're pulling things to another cloud or building their own data centers. We're finding, you know, they hyperscale companies look and sound a little bit more like some of the enterprise vendors and some of the enterprise vendors are going there and you've got companies like Veritas that are going to play everywhere. What's that dynamic? Especially Silicon Valley tends to be early on these. What's kind of that macro level? There is no typical customer. What are some of the dynamics you're seeing with the customers in cloud? >> It's a simple scale calculation. There's a point, there's a tipping point, where cloud becomes too expensive, and it's cheaper to have some fraction of your infrastructure running in house. It's that hybrid cloud model we've been talking about for the last decade and nobody really has a good handle on what it is. Run some of the cloud in-house, some of it in a public or multiple public clouds. What you're seeing in the Netflix's of the world who went all in and then back out is exactly that. They got to a point where they realize the amount of money that they're paying on a monthly basis to the public cloud providers is outpacing what they could do themselves internally. So they cut back to that tipping point. There is definitely sense in having infrastructure in the cloud, but there is that point where it doesn't scale out, work very well financially. >> Did you have any guidance that you can give people as to when they're going to hit that? I mean, we look at everything. You know, you talk to Amazon, they'll say no, no. We're always the cheapest, we can use reserve entities. Heck, they just gave, you know, by the second pricing. It's always kind of it depends, but what has your experience been? >> Shahin: It really is and it depends. But the short answer is that that tipping point is different for every single company. If you're a company who's never going to get two billions of users accessing your infrastructure, you're probably never going to hit that tipping point. You can be all cloud and you can be cloud native and be happy. Whereas if you're a Dropbox or a Netflix or somebody like that, who built all in or work day, for example. All of them are now looking at we need to build our own infrastructure to support that scale that can't keep up with us financially. >> I wonder if you could talk about some of the big picture. We touched on cloud, what are the big picture trends that you see driving customer behavior and how is it affecting their IT and how are you responding? >> I would say that there's two primary things that we're focused on to help customers address what is coming. Number one is compliance. Our security and compliance practice, we lead with compliance as opposed to all the other managed security providers. We effectively go to market with this notion that no matter who you are, you have some sort of regulatory concern, whether it's enforce by yourself or you have a third party or a government that's enforcing some regulatory concern on you. There's not a company out there that doesn't have something that they have to deal with on a regular basis. Our positioning is get your head around your compliance and that dictates what your infrastructure looks like, what your application consumption looks like, what your cloud consumption looks like. But you have to start from that place of here is how we have to deliver services and here's the controls we have to have in place. Then, do we have the right tools, technologies, people, and policies to do that. That's our approach to market. That's one side of the answer. The other side of the answer is storages continuously growing in leaps and bounds. We have this ridiculous amount of data that's stockpiling. We're all hoarders of storage, if you will. We don't know what to do with it. We're running out of storage places. We're throwing it in Amazon, we're throwing it in Google. We're throwing it in all these places and just paying monthly storage fees. That data is critical business data that if you can get and analyze it, you can make important business decisions about what your customers are doing, how they're buying things, what products they're buying, what products are not selling, and make fundamental business shifts and changes and all you have to do is put a layer of analytics above this massive hoards of data that we're just continuing to pile and pile. >> Where does Veritas fit in to this equation? >> In all of that. The 360 offering that Veritas has brought to market, a big part of that is compliance. If you look at the messaging on GDPR, that's just one compliance that they're focusing on. That applies across the board. Having visibility into all your data with their data insight platform, for example, who's accessing it, where they're accessing it, what types of data it is, the classification of data. That's the first level of being able to understand your unstructured data and know does it meet all the controls that I have to adhere to in order to deliver health information controls, or personal information controls, whatever your industry control might be. Whether it's PCI or GPR or HIPAA, you name it, it gives you the, you apply the compliance onto the data and have reports that let you know if you're in compliance or not. On the storage side, there's analytics within the backups as well as the data that give you visibility into what you've been protecting and what you've been backing it up and where that data resides on a global level so not only what but where is it and who's accessing it. It's giving you all that visibility to try to get a handle on what it is, where it is and what valuable information is in there. >> And so you're bring this to market today. >> Shahin: We did. >> I mean, you got some pretty advanced customers. >> Shahin: Yes. >> Do you feel like you're on sort of the leading edge of the bell curve? >> We have customers that are on the leading edge of that bell curve, and we have customers that are starting that journey. They are starting to realize, GDPR is a perfect example, not everybody's sure what it's going to mean to them. It's like when HIPAA and PCI came out way back when. Everybody was like, "That's not my problem." And now everybody has to deal with it. I had many hospitals back then who wouldn't do anything, wouldn't do anything, and then the fines came, and they're like, "Okay, hurry. "Let's do something." >> Dave: Yeah, right. >> So similarly, the compliance aspect of this, we're seeing a lot more traction on because GDPR's only about six months away. >> I mean, it's a two sided coin, right? Because on the one hand, it's this sort of boondog for all the guys that can service those accounts, but on the other hand, it takes dollars away, potentially, from other more strategic initiatives, and in the case of HIPAA, you can't even get your own information out of the hospitals let alone other people's. What's your thought on GDPR? Is it as big as these other initiatives? It feels that way, but we don't really know yet, right? >> The risk, where GDPR is different than all the other regulatory concerns is that any individual in any of the European Union can come and say, "I want you to delete all the information "you have about me." And you have to. >> Dave: You have to prove it. >> You have to prove that you did it and that you don't have any of it. The control structures are making it difficult for companies to say, "How am I going to do this?" That's where products like the 360 solution that Veritas is bringing to market help give visibility into the data and so, you know, I see Joe Smith across my unstructured data. I see it in these file servers and this place and the other place. So you have visibility into where Joe Smith is and can take action to, actually, delete the data and show it's not there anymore with audits. It could be very real. Whether it's going to kick in and go live in July as it's supposed to or they're going to continue to extend it as they did with HIPAA and PCI, it's unclear at this point. >> Talk about that a little bit. Is that, sort of, what happened with HIPAA and PCI? But that was the U.S. government. >> Shahin: Yeah. >> It wasn't the EU. You know, again, we don't really know. You've seen some of the crackdowns by the EU on Google and others and so maybe they won't be as forgiving, who knows. >> They may not be as forgiving and I think it'll get dialed in a little bit more. I think, when it comes out and they realize the expense in trying to do this, is going to hamper business. I think it'll get dialed back a little bit. Not that you have to delete the data, for example, but you have to prove that you have it controlled and secured and somebody can't get to it. >> Dave: I mean, do you think that's really ultimately what it's going to be is the processes around it? >> Shahin: Yeah. >> It's going to be as important as everything else. >> Shahin: At the end of the day, All any of these audits and the regulatory concerns can do is tell you you have to have these processes. That's the best they can go hope for. It really is nothing more than a process conversation. But process without technology can be really burdensome and expensive on a company. >> Dave: Yeah, because the risk is that you say, "Okay, we got these processes in place. "Yes, we did it and here's the information." And then if you get hacked, and there's Joe Smith is still in there, oops. And then that somehow gets published on Wikileaks. >> Rut-roh. >> Exactly. >> So Shahin, as an industry, we've been talking for a while about how important data is, how we can leverage data. When we're talking GDPR, it's like well, you know, your data can be dangerous for you. Where are your customers? How do they, actually, do they value data? Is data still a challenge for them, or maybe give us a little bit of the spectrum of where you're seeing customers. >> It's a wide range. We've got customers that are in the research space, and they're doing, for example, genomics research, and their data is everything to them. We've got customers in the semi-conductor space, and they're building chips and their designs and they're information about how each chip design is improving from version to version. All that data is important to them and when they go back to do new chip designs, they have to be able to look back at that data and they do a lot of analytics. But then, there's industries that just keep the data because they think it's going to be important and they don't use it, they don't take advantage of it. They don't realize the risk associated with it either. It's the number one thing I used to, I've been a CECO for over 15 years, and the one thing I used to say to customers is, "If you're going to keep your data, "if you have a policy for data retention, "make sure that it's not longer "and creates an exposure for you "than it needs to be." Because keeping data too long can be, because you have to present it if you're in a litigation. So that's the challenge with these piles of data we keep keeping. The reality is customers are all the way to the extreme of using it heavily in deep analytics to I have no idea what I have, I just have piles of data. >> Dave: The variation on the Einstein quip, keep data as long as you need to but no longer. >> Shahin: Exactly. >> All right, Shahin, we have to go. Thanks very much for coming on theCUBE. >> Thank you. >> We appreciate it. >> My pleasure. >> All right. We're in a rapid sprint to the end of day two here at Veritas Vision 2017. We'll be right back. This is theCUBE.