>> It's The Cube covering Fortinet Security Summit brought to you by Fortinet. >> Hey and welcome back to the cubes coverage of Fortinets championship series. Cybersecurity summit here in Napa valley Fortinet is sponsoring the PGA tour event, kicking off the season here, and the cubes here as part of the coverage. And today is cybersecurity day where they bring their top customers in. We got Glenn Katz SVP, general manager, Comcast Enterprise Solutions. Glenn, thanks for coming on The Cube. Thanks for taking time out of your day. - Thank you no This is great. This is great. >> Interviewer: Tell me to explain what you guys do in the Comcast business enterprise group. >> That's our Comcast business. We're a part of Comcast overall. I always like to explain what Comcast really is. If you look at Comcast, it's a technology innovation company by itself that happens to focus on communications and media type of, of markets, right? And if you look at the Comcast side there on the communication side, it's really everything residential with customers. Then there's the us Comcast business and we're the fastest growing entity over the last 15 years within Comcast. And we started in small business, voice, video, and data to small businesses. Then we moved up to provide fiber ethernet type of a transport to mid-market. And then my group started in 2014. And what we do is focus on managed services. It doesn't matter who the transport layer is for enterprise Fortune 1000 type companies. And then when you layer in all these managed wider network services. So that's my business unit. >> Interviewer: Well, we appreciate it we're a customer by the way in Palo Alto >> Glen: Oh great >> So give a shout out to you guys. Let's get into the talk you're giving here about cybersecurity, because I mean, right now with the pandemic, people are working at home. Obviously everyone knows the future of work is hybrid now you're going to see more decentralized defy and or virtual spaces where people are going to want to work anywhere and businesses want to have that extension, right? What people are talking about, and it's not new, but it's kind of new in the sense of reality, right? You've got to execute. This is a big challenge. >> Glen: It is - What's your thoughts on that, >> Well it's a big challenge. And one of the things that I'll try to, I'll speak to this afternoon here, which is at least from the enterprise perspective, which includes the headquarters, the enterprise, the branch locations, the digital commerce, everywhere else, commerce is being done. It's not just at a store anymore. It's everywhere. Even if you only have a store and then you have the remote worker aspect. I mean, they do that to your point earlier. We're not in that fortress sort of security mentality anymore. There's no more DMZs it's done. And so you've got to get down to the zero trust type of network architecture. And how do you put that together? And how does that work? Not just for remote workers that have to access the enterprise applications, but also for simple, you know, consumers or the business customers of these, of these enterprises that have to do business from over the phone or in the store. >> Interviewer: What are the some of the challenges you hear from your customers, obviously, business of the defend themselves now the, the, the attacks are there. There's no parameters. You mentioned no fortress. There's more edge happening, right? Like I said, people at home, what are the top challenges that you're hearing from customers? >> So the biggest challenge, and this is, I would think this is, this is mostly focused on the enterprise side of it is that the is two interesting phenomenons going on. This is sort of beginnings before the pandemic. And then of course the pandemic, the role of the CIO has been elevated to now, they have a real seat at the table. Budgets are increasing to a point, but the expertise needed in these, in these it departments for these large enterprises, it's, it's impossible to do what you were just talking about, which is create a staff of people that can do everything from enterprise applications, e-commerce analytics, the network. How do you secure that network all the way down to the end users? Right? So it's that middle portion. That's the biggest challenge because that takes a lot of work and a lot of effort. And that's where folks like Comcast can come in and help them out. That's their biggest challenge. They can handle the enterprise, they can handle the remote workers. They can handle their own applications, which are continually trying to be, you know, have to be it's competitive out there. It's that middle area, that communications layer that their challenged with. >> Interviewer: Yeah. And John Madison's EVP, CMO Ford. It's always talking about negative unemployment in cybersecurity. Nevermind just the staff that do cyber >> Glen: That's exactly right, that's given. If you're a business, you can't hire people fast enough and you might not have the budget for you want to manage service. So how do you get cyber as a service? >> Glen: Well, so it's even bigger than that. It's not just the cyber as a service because it's now a big package. That's what SASE really is SASE is Secure Access Service Edge. But think of it where I think of it is you've got remote users, remote workers, mobile apps on one side, you've got applications, enterprise or commercial that are now moved into different cloud locations. And in the middle, you've got two real fundamental layers, the network. And, and that includes uh, the actual transport, the software defined wide area, networking components, everything that goes with that, that's the network as a service. And then you've got the secure web gateway portion, which includes everything to secure all the data, going back and forth between your remote laptop, the point of sales. And let's say the cloud based applications, right? So that's really the center stage right there. >> Interviewer: And the cloud has brought more service at the top of the stack. I mean, people thought down stack up stack is kind of like a geeky terms. You're talking about innovation. If you're down stack with network and transport, those are problems that you have to solve on behalf of your customers And make that almost invisible. And that's your job >> That's our job. That's our job is to service provider What's interesting is though back in the day, I mean, when, I mean, back in the day, it could have been 10 years ago in 20. You really, you know, you had stable networks, they were ubiquitous, they were expensive and they were slow. That's kind of the MPLS legacy TDM. Yeah. So you just put them in and you walked away and you still did all your enterprise. You still did all of your applications, but you had your own private data centers. Everything was nicer. It was that fortress mentality right now. It's different. Now everybody needs broadband. Well guess what? Comcast is a big company, but we don't have broadband everywhere. ATT doesn't have it. Verizon doesn't have it Charter doesn't have it. Right. So you need, so now to think about that from enterprise, I'm going to go, I'll give you an example. All of our customers to fulfill a nationwide network, just for the broadband infrastructure, that's, you know, redundant. If you want to think of it that way we, we source probably 200 to 300 different providers to provide an ubiquitous network nationwide for broadband. Then we wrap a layer of the SD wan infrastructure for that, as an example, over the top of that, right? You can't do that by yourself. I mean, people try and they fail. And that's the role of a managed service provider like us is to pull all that together. Take that away. We have that expertise. >> Interviewer: I think this is a really interesting point. Let's just unpack that just for a second. Yeah. In the old days, we want to do an interconnect. You had an agreement. You did, you have your own stuff, do an interconnected connect. >> Glen: Yep. >> Now this, all this mishmash, you got to traverse multiple hops, different networks. >> Glen: That's right >> Different owners, different don't know what's on that. So you guys have to basically stitch this together, hang it together and make it work. And you guys put software on the top and make sure it's cool is that how it works? >> Glen: Yeah. Software and different technology components for the SD wan. And then we would deliver the shore and manager all that. And that's, that's where I really like what's happening in the industry, at least in terminology, which is they try, you have to try to simplify that because it's very, very complicated, but I'm going to give you the network as a service mean, I'm going to give you all the transport and you have to don't have to worry about it. I'm going to rent you the, the SD wan technology. And then I'm going to have in my gateways all these security components for a firewall as a service, zero trust network access, cloud brokerage services. So I will secure all of your data as you go to the cloud and do all of that for you. That's really what we, that's what we bring to the table. And that's what is really, really hard for enterprises to do today. Just because they can't, the expertise needed to do that is just not there. >> Interviewer: Well, what's interesting is that first you have to do it now because the reality of your business now is you don't do it. You won't have customers, but you're making it easier for them. So they don't have to think about it. - [Glen] That's right. >> But now you bring in hybrid networking hybrid cloud, they call it or multi-cloud right. It's essentially a distributed computing and essentially what you're doing, but with multiple typologies, >> Glen: that's right. >> Interviewer: I got an edge device. - [Glen] That's right. If I'm a business. - [Glen] That's right. >> That's where it could be someone working at home >> Glen: That's right. - Or it could be my retail >> Or whatever it could be. So edge is just an extension of what you guys already do. And is that right? Am I getting that right? >> Glen: Yeah that's exactly right. And, and, but the point is, is to make it economic and to make it really work for the end user. If you're a branch, you may have a, a application that's still being run via VPN, but you also need wifi internet for your customers because you want to use your mobile device. They've entered into your store and you want to be able to track that right. And push something to them. And then you've got the actual store applications could be point of sales could be back of house comparing that's going up to AWS. Azura whatever. Right. And that all has to be, it all has to come from one particular branch and someone has to be able to manage that capability. >> Interviewer: It's funny, - Its so different >> Interviewer: just as you're talking, I'm just thinking, okay. Facial recognition, high, high bandwidth requirements, >> Glen: Huge high bandwidth requirements >> Processing at the edge becomes huge. >> Glen: It does. >> So that becomes a new dynamic. >> Glen: It does. It's got to be more dynamic. It's not a static IP end point. >> Glen: Well, I'll give you another an example. Let's say it's, it seems silly, but it's so important from a business perspective, your quick service restaurant, the amount of digital sales from applications are just skyrocketing. And if you yourself, and particularly in the pandemic, you order something, or that goes up to the cloud, comes back through, goes to the point of sales. And then the, the back of house network in a particular restaurant, if that doesn't get there, because one line of you only have one internet connection and it's down, which sometimes happens, right? You lose business, you lose that customer. It's so important. So what's being pushed down to the edge is, you know, reliable broadband hybrid networks, where you have a primary wire line and a secondary wire line, maybe a tertiary wireless or whatever. And then a box, a device that can manage between those two so that you can keep that 99.9, 9% availability at your branch, just for those simple types of applications. >> Interviewer: You know Glenn, you as you're talking most people, when we talk tech, like this is mostly inside the ropes, Hey, I can get it. But most people can relate with the pandemic because they've ordered with their phone on - [Glen] Exactly right >> With the QR code. - [Glen] That's exactly right >> They see the menu - [Glen] That's right >> They get now what's happening - [Glen] That's right that their phone is now connected to the service. >> Glen: That's right >> This is not going away. The new normal. >> Glen: No, it's absolutely here. And what I've seen are there are many, many companies that already knew this and understood this pre pandemic. And they were, they had already changed their infrastructure to really fit what I was calling that network as a service in the SASE model, in different ways. Then there were a bunch that didn't, and I'm not going to name names, but you can look at those companies and you can see how they're, they're struggling terribly. But then there was this. Now there's a, a much bigger push and privatization again, see, I was sending, Hey, I asked for this before. It's not like the CIO didn't know, but management said, well, maybe it wasn't important. Now it is. And so you're seeing this actual amazing surge in business requests and requirements to go to the model that we're all talking about here, which is that SASE type of implementation high-speed broadband. That's not going away for the same reason. And you need a resilient network, right? Yes. >> Interesting. Best practice. Let's just take that advice to the, to the audience. I want to get your thoughts because people who didn't do any R and D or experimentation prior to the pandemic, didn't have cloud. Wasn't thinking about this new architecture got caught flat-footed. -Exactly. >> And they're hurting and or out of business. >> Correct. >> If people who were on the right side of that took advantage as a tailwind and they got lifts. >> That's exactly right. >> So what is the best practice? How should a business think about putting their toe in the water a little bit or jumping in and getting immersed in the new, new architecture? What advice would you give? Because people don't want to be in the wrong side of history. >> No, they don't. >> What's your guy's best practice? >> I may sound biased, but I'm really not trying to be biased. And this'll be some of the I'll speak about here later today. You have to try it. You, as the end user, the enterprise customer, to, to fulfill these types of needs, you've got to really probe your managed service providers. You've got to understand which ones, not just can give you a nice technology presentation and maybe a POC, but who's going to be there for the longterm who has the economic wherewithal to be able to give the resources needed to do what I was talking about, which is you're going to outsource your entire network to me and your sh, and a good portion of your security for the network to a service provider. that service provider has to be able to provide all that has to be able to have the financial capabilities, to be able to provide you with an operating type of model, not you have to buying equipment all the time. That service provider has to be able to have teams that can deliver all of that 200 to 300 different types of providers aggregate all that, and then be there for day two. Simple thing. Like if you know, most companies, if you're not a really large location, you can't afford to, you know, double types of routers that are connected. And if one fails you have fail over, right, most of them will have one router and they'll have, but they'll have two backup paths. Well, what happens is that router or switch, single switch fails? You need to have a meantime to repair a four hours. I mean, that's kind of basic and well do that. How do you do that? You've got to have depots around the entire country. These are the types of questions that any enterprise customers should be probing their managed service provider, right? It's not just about the technology. It's about how can you deliver this and assure this going forward. >> And agility too cause when, if, if things do change rapidly, being agile... >> Exactly >> means shifting and being flexible with your business. >> That's exactly right. And that's important. That's a really important question. And the agility comes from this financial agility, right? Like new threat, new box. I want, I want this old one. I'm going to upgrade to a different type of service. The service providers should be able to do that without me having to force you to go get some more CapEx and buy some more stuff. Cause that's number one. But the other agility is every enterprise is different. Every enterprise believes that its network is the only network in the world and they have opinions and they've tested different technologies. And you're going to have to adapt a little bit to that. And if you don't, you're not going to get out of this. >> It's funny. The old days non-disruptive operations was like a benefit, we have non-disrupt- now it's a table stakes. You can't disrupt businesses. - You can't. You can't at the branch at the remote worker. If you're on a zoom call or whatever, or you're on a teams call, we've all been there. We're still doing it. If it breaks in the middle of a presentation to a customer that's problem. >> Glenn thanks for coming on the cube with great insight. >> Oh great. This was fun. >> Are you exciting and plays golf? You're going to get out there on the range? >> I played, I played golf a lot when I was younger, but I haven't. And so I have a few other things I do, but I guess I'm going to have to learn now that we're also a sponsor of PGA, so yeah, for sure. >> Great. Well, great to have you on - All right thank you and great talk. Thanks for coming on and sharing your insight. >> This was great. I appreciate okay. >> Keep coverage here. Napa valley with Fortinet's Cybersecurity Summit as part of their PGA tour event, that's happening this weekend. I'm John for the Cube. Thanks for watching.

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to you by spunk. >>Okay, welcome back. Everyone's two cubes. Live coverage in Las Vegas. Force plunks dot com This is their annual conference. A 10 year anniversaries. Cubes coverage. For seven years I've been covering this company from Start up the I P O to Grove to now go on to the next level as a leader and security. Our next guest is Scott Ward, principal solutions architect for AWS. Amazon Web service is obsolete, reinvents coming up. I'm sure you're super busy, Scott, but you're here at Splunk dot com there big partner of AWS? Yeah, >>Yeah, definitely. I mean flux. Ah, great partner that we've had a strong relationship was flown for quite a long time. Both sides of the house eight of us and slugger are leaning in thio help add value to our mutual customers, say, even building on that spokesman, a >>longtime customer. And so you guys are really focused on cloud security had your inaugural reinforce event in Boston this year, of which we broadcasted live videos on YouTube, youtube dot com says silken angle interested. But this was really kind of, Ah, watershed moment because it wasn't your classic security show. He was a cloud security. >>Yeah, it was definitely. It was very much focused on just kind of focusing in, and in some ways it actually allowed People who don't normally get to come to a native of this event or focus on security really got deeper into security. Security of us is our top priority, and we want to make sure that our customers really understanding and being able to execute on that and be able to feel confident in what they're doing on running on AWS >>and spunk has become a very successful on. Some people call him the one in the number 1/3 party vendor in security for workload. APS. Elsie Long files it What single FX for Tracing Micro Service's around the corner. A lot of good things there. But as the cloud equation starts to come in, where the operation's need to have security and on premises edge clouds, roll of Amazon and your partner's air super important, you talk about that relationship and how that's evolving. >>Yeah, I don't think you talk about our partners. It's definitely very important, you know, we have, you know, it says lots of different service is on its platform that we allow customers to use. But those partners come in and help fill out the gaps where customers need somebody to be able to provide Maura or Extra, especially look at security so that that shared responsibility model we have, where the top half is the customers responsibility and a lot of flexibility and what they could do. And that means that they can bring in the partners they want, help them to be able to accomplish the things that they wanted to >>tell. What the security hub. Amazon's best security, huh? What's that about? >>Sure, Security Hub is a service that we actually launched out. Reinforce it. Generally available. Then it's focused on really giving customers visibility into high severity security alerts and their compliance status while they're running across. All the eight of US accounts allows them thio, aggregate, prioritize and sort all of this data coming from from multiple data sources, and we talk about those multiple data source. It really is a couple of different areas. Amazon Guard duty and was on inspector names on Macy. Also third party products. If customers using third party security products that can feed into security up to kind of give them that visibility. And then it's also running continuous compliance checks against the customers. AWS account's gonna let them know where they stand when it comes to compliance, where they need to go and correct things with a counter, the resource level. So really, you know, labeling customers to kind of get a lot more visibility and what's going on with US >>environment. We've been covering this and reporting on the story, but Amazon on cloud providers of general Amazon Azure, Google Cloud Platform customers relying more and more on you guys for security. But you have a relationship with slung, say 1/3 party. How did they fit in that a Splunk fit into that security hub model? How's that going? Is just clarified that relationship six. Plunk and Security >>Yes. So when you talk about Splunk in security, if there's actually a couple different angles there, one is Splunk enterprise product. It is a consumer of all the data that is in a customer security have environment so you can feed all that data into the enterprise product. Be able to kind of go ask the questions and take all the data that security provided, as well as all the other data that's unspoken, really be able to get some deep insights and what's going on in your environment. And then on top of that is the Splunk Phantom integration, which I'm really, really excited about. Because spunk is with Fantomas, Long customers actually take action on their security data, so customers have often told us like it's great you're making all this data available to me on I can see it, But what do I actually do with it? What? How am I gonna do something with it? So way advocate a lot for customers to be able to automate what they're doing when it comes to their security findings and get the humans out of the way as much as possible so they can really be adding a lot of value. So security feeds us to phantom and Phantom can run play books that will do as much or as little on that security. Finding data to kind of integrate that finding into the customers operational work flows and collect the right information are hopefully ultimately remediated that security findings so that customers can get some sleep and they can focus on other things that are more important. >>Talk about fancy for a minute, just to kind of change. Usually you mentioned that, obviously, I thought Oliver interview and reinforce. And here recently, he's one of the team's bunked with company. What is wise, faith and so >>popular? I think Phantom is popular because a couple things one. It is allowing customers, too, to resolve, intermediate and address an issue with what works for them and work full that works for them. It's not making them thio clearly fall into a particular box. They can add or remove pieces. The fact that it's it's very python based. It's usually in the security community so that they can probably find Resource is that can actually orchestrate build these playbooks and then then, once the bill playbooks that could reuse those pieces to address other issues or things that are coming up. So I get A allows them to really kind of scale, be able to kind of be able to accomplish these things when it comes to automation and addressing with security alerts as they continue to grow, you know, >>it makes things go faster, frees up people's time for productivity. >>I totally feel that that's That's one of the main reasons that people are looking at this. >>So someone's using Splunk for its own sake. I'm a Splunk customer. Okay, Security hub. Why should I use both? What's sure just clarify that peace >>is a couple of reasons where I would say that somebody would want to use both. One is security. Obvious is the continuous compliance check. So today, security have offers checks based on the Center for Internet Security. Eight of US bench work. So we are continuously running those cheques. There's about 43 rules that we are running. Each of those checks against your AWS accounts or resource is in those accounts until you where you are not in compliance. Get overall score. You could dig into what, what, where you needed to do further there. Security. Look at it's a central integration spot to get stuff into Splunk as well, so you can have guard duty, Macy inspector and third party stuff coming into security help and then you that one stop shop to get all that data into spunk, enterprise or phantom, and then The third thing is the fact that security it gives you that security view across multiple eight of US accounts. You can designate a master account, invite all your other organization accounts to share those findings, and your security team could go into security up and have one view of your overall security landscape. Be able to look at one single piece of glass, but across all of your organizations like those, those are some key value points. I would say that in addition to spunk in a customer might use security. >>Well, Scott's been great insight on thanks for clarifying the Splunk 80 relationship. Let's pretend I'm a customer for a minute. I'm like, Hey, Scott, you're switching Architect. Thanks for the free consulting with you Live on Cube. So I'm a Splunk customer. Log files. I see they got some tracing stuff going cloud native going to the cloud. We're employing Amazon. I'm a buyer customer Splunk And they got a lot of new stuff and seems awesome. Sore identified. 6.0 is out. How do I What do I do? How do I architect my swan give me more headroom? Grow my swung capabilities with same time. Take advantage. All the radios. Goodness. Would you lay that out? >>I would say I would say, You know, I like your spunk. You kind of You know what? You bought spunk for a particular reason. It's there to answer questions. Is there take data and is lying to kind of move forward? I would definitely architectures long to be able to consume as much data as possible. He did. We have lots of different integrations. Consume that. You shouldn't move away from that. So I would definitely use that. I would use security hub for kind of getting that centralization spot for everything related to your eight of us environments that can then be your central spot into a Splunk. You have people that it's really not necessary for them to be in the Splunk. They don't know Splunk security. It might be a good spot for them to actually do some investigations and learn things as well so that they could do their job. And then you really kind of used with deep technology and quarry capability is slowing to kind of do those deeper dives really understanding what's going on in your environment, something you know as a buyer. I think you could use both. And I think there's a there's room for you to kind of take advantage of both and get the best of both worlds. >>It's really exciting with security going on. It's kind of crazy the same time because you have clouds scale. You guys have been led. The market there continue to be leaders in Cloud Cloud scale, Dev ops. Everything else on the roll volume of data is increased so much. You guys just had your inaugural conference reinforced, and I want to get your thoughts on. This is a solution. Architect of someone in the field difference between traditional security chasing the bad guys defending intrusion, detection. All that good stuff. Cloud security because you have all the security shows out. There are s a black hat. Def Con Cloud Security introduces a new element around howto architect solutions. What should people know about the impact of clouds security as they start thinking ballistically around their enterprise, >>right? I think the important thing I think is you know, the things you mentioned. The vulnerability scanning the intrusion detection is all still important in the cloud. I think the key thing that the cloud offers is the fact that you have the ability to now automate and integrate your security teams more tightly with the things that you're doing and you can. Actually, we always talk about the move fast and stay secure. Customers choose eight of us for self service, the elasticity of the price, and you can take advantage of those unless your security can actually keep up with you. So the fact that everything is based on an FBI you could define infrastructure is code. You can actually enforce standards now where they be before you write a line of code in your dad's office Pipeline were actually being able to detect and react to those things all through code and in a consistent way really allows you to be able to look in your security in a different way and take the kind of philosophy and minds that you've always had around security but actually able to do something with it and be able to maybe do the things you've always wanted to do. But I've never had a chance to do so. I think I think security can actually keep up with you and actually help you different. You're different to your business. Even more than maybe it didn't. >>New capabilities are available now with new options. Exactly. Great stuff. Conversations here at dot com for in Vegas Splunk conference. I'll see they're using You guys have reinvent coming up people be their first week of December. You got a music festival to intersect, which is gonna be fun, But I'm not 10 that. Yeah, don't fall over and die from all these. What are you talking about here? What are the key conversations you're having here? Sure. Here at swan dot com, on your booth to customers. What is it? What's the mean? Sure, >>I think the main talking point is and I'm actually presenting it in the breakout theater this afternoon. We're talking about that taking action portion of like, Data's insecurity or data's in eight of us. How do you do something with what are we enable? And how does a partner like Splunk come in? And what is that? Taking action actually looked like to allow you to be able to do things that scale and be able to leverage on take advantage of your precious resource is and use them in the best way possible something. But that's a lot of the conversation that we're having and things that were focused. >>And what do you hope to walk away packs tonight? It's gonna be for people leaving that session. >>I think I think people should should walk away and understand that it is within their reach to be able to actually be able to to kind of have this nirvana of being able to sit to react to security events and not have to have a human engaged in every single thing. It is a crawl, walk, run type approach you're gonna need to figure out. How do I know when I see this one of the things I want to do? How do I automate that? Validate that that's actually true and then implement it and then go back and do the next thing that really like customers to walk away to know that that is possible on that, with a little bit of investment, they can make it happen and that at a certain point it will really have benefits. >>Well, eight of us have been following you guys for eight years of Cuba's will be our ninth year, I think for reinvent been fun to watch Amazon growing. I'm sure they'll be. Thousands of new announcements every year is always away with volume of new stuff. Give a plug for a second on the Amazon partner. Never was your part of your arm and scope of relationships with third party partners how important it is. And what are some of the cool things going on? Sure. So I >>mean the elves on Partner Network we're focused on partnering with, You know, it's really that cell with motion where we're going out and AWS is selling the partners selling. We work with technology providers and solution systems integrators, and we're really focused on just working with them to make sure that the best solution possible is being created four customers so that they could take advantage of the partner solution and the eight of us cloud, and that they're getting some sort of a unique value that they're going to get by using the cloud and that partner solution together to help them be security or or any other sort of area that they feel more confident. That could be more successful in the crowd through a combination of both of us and >>there's a whole team. It's not like a few guys organization, hole or committed. Thio Amazon partners. >>Yes, yes, yes. I mean, you know, I'm one of many solution architects on the part of team way have partner managers. We have market. We have the whole gamut of people that are working globally with our partners to help them really kind of have a great success. And in a great story to tell about >>people throw on foot out there. Amazon doesn't work with partners. Not true. >>We have tens of thousands of partners, and that's my job. I'm working with partners on a daily basis. I would events like this. Someone phone calls I'm providing guidance is very much a core thing that we're focusing on. >>Harder Network has got marketplace. Amazons are really putting. Their resource is behind with mission of helping customs with partners. >>Yes, definitely. And and we do that a lot of our ways way have partners and go through tears way have confidence sees that we actually allow partners to get into, so customers can really go find who's who's the best or who should I be looking at first when I have this particular problem to solve their we've got a security confidence. He may have confidence season really working to help our customers understand. Who are these partners and how can they help that with >>We've been following Terry. Wisest career is an amazing job. No, he's handed the reins over to new new management is gonna chill for awhile. Congratulations on all your success with Amazon and appreciate it. Thanks for Thanks for having me, Scott War Pretty Solutions for AWS Amazon Webster's here inside the Cube at Splunk dot com 10th year of their conference, Our seventh year covering with Cuba, John Kerry will be back with more after this short break.

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. >> Well, welcome back. Everyone's Cube Live coverage here in Boston, Massachusetts, for AWS. Reinforce Amazon Web sources. First inaugural conference around security. It's not Osama. It's a branded event. Big time ecosystem developing. We have returning here. Cube Alumni Bill Jeff for VP of strategy and the partnerships that Iron Net Cyber Security Company. Welcome back. Thanks. General Keith Alexander, who was on a week and 1/2 ago. And it was public sector summit. Good to see you. Good >> to see you. Thanks for >> having my back, but I want to get into some of the Iran cyber communities. We had General Qi 1000. He was the original commander of the division. So important discussions that have around that. But don't get your take on the event. You guys, you're building a business. The minute cyber involved in public sector. This is commercial private partnership. Public relations coming together. Yeah. Your models are sharing so bringing public and private together important. >> Now that's exactly right. And it's really great to be here with eight of us were really close partner of AWS is we'll work with them our entire back in today. Runs on AWS really need opportunity. Get into the ecosystem, meet some of the folks that are working that we might work with my partner but to deliver a great product, right? And you're seeing a lot of people move to cloud, right? And so you know some of the big announcement that are happening here today. We're willing. We're looking to partner up with eight of us and be a first time provider for some key new Proactiv elves. AWS is launching in their own platform here today. So that's a really neat thing for us to be partnered up with this thing. Awesome organization. I'm doing some of >> the focus areas around reinforcing your party with Amazon shares for specifics. >> Yes. So I don't know whether they announced this capability where they're doing the announcement yesterday or today. So I forget which one so I'll leave that leave that leave that once pursued peace out. But the main thing is, they're announcing couple of new technology plays way our launch party with them on the civility place. So we're gonna be able to do what we were only wanted to do on Prem. We're gonna be able to do in the cloud with AWS in the cloud formation so that we'll deliver the same kind of guy that would deliver on prime customers inside their own cloud environments and their hybrid environment. So it's a it's a it's a sea change for us. The company, a sea change for a is delivering that new capability to their customers and really be able to defend a cloud network the way you would nonpregnant game changer >> described that value, if you would. >> Well, so you know, one of the key things about about a non pregnant where you could do you could look at all the flows coming past you. You look at all the data, look at in real time and develop behavior. Lana looks over. That's what we're doing our own prime customers today in the cloud with his world who looked a lox, right? And now, with the weight of your capability, we're gonna be able to integrate that and do a lot Maur the way we would in a in a in a normal sort of on Prem environment. So you really did love that. Really? Capability of scale >> Wagon is always killed. The predictive analytics, our visibility and what you could do. And too late. Exactly. Right. You guys solve that with this. What are some of the challenges that you see in cloud security that are different than on premise? Because that's the sea, So conversation we've been hearing. Sure, I know on premise. I didn't do it on premises for awhile. What's the difference between the challenge sets, the challenges and the opportunities they provide? >> Well, the opportunities air really neat, right? Because you've got that even they have a shared responsibility model, which is a little different than you officially have it. When it's on Prem, it's all yours essential. You own that responsibility and it is what it is in the cloud. Its share responsible to cloud provider the data holder. Right? But what's really cool about the cloud is you could deliver some really interesting Is that scale you do patch updates simultaneously, all your all your back end all your clients systems, even if depending how your provisioning cloud service is, you could deliver that update in real time. You have to worry about. I got to go to individual systems and update them, and some are updated. Summer passed. Some aren't right. Your servers are packed simultaneously. You take him down, you're bringing back up and they're ready to go, right? That's a really capability that for a sigh. So you're delivering this thing at scale. It's awesome now, So the challenge is right. It's a new environment so that you haven't dealt with before. A lot of times you feel the hybrid environment governed both an on Prem in sanitation and class sensation. Those have to talkto one another, right? And you might think about Well, how do I secure those those connections right now? And I think about spending money over here when I got all seduced to spend up here in the cloud. And that's gonna be a hard thing precisely to figure out, too. And so there are some challenges, but the great thing is, you got a whole ecosystem. Providers were one of them here in the AWS ecosystem. There are a lot here today, and you've got eight of us as a part of self who wants to make sure that they're super secure, but so are yours. Because if you have a problem in their cloud, that's a challenge. Them to market this other people. You talk about >> your story because your way interviews A couple weeks ago, you made a comment. I'm a recovering lawyer, kind of. You know, we all laughed, but you really start out in law, right? >> How did you end up here? Yeah, well, the truth is, I grew up sort of a technology or myself. My first computer is a trash 80 a trs 80 color computer. RadioShack four k of RAM on board, right. We only >> a true TRS 80. Only when I know what you're saying. That >> it was a beautiful system, right? Way stored with sword programs on cassette tapes. Right? And when we operated from four Keita 16 k way were the talk of the Rainbow Computer Club in Santa Monica, California Game changer. It was a game here for 16. Warning in with 60 give onboard. Ram. I mean, this is this is what you gonna do. And so you know, I went from that and I in >> trouble or something, you got to go to law school like you're right >> I mean, you know, look, I mean, you know it. So my dad, that was a chemist, right? So he loved computers, love science. But he also had an unrequited political boners body. He grew up in East Africa, Tanzania. It was always thought that he might be a minister in government. The Socialist came to power. They they had to leave you at the end of the day. And he came to the states and doing chemistry, which is course studies. But he still loved politics. So he raised at NPR. So when I went to college, I studied political science. But I paid my way through college doing computer support, life sciences department at the last moment. And I ran 10 based. He came on climate through ceilings and pulled network cable do punch down blocks, a little bit of fibrous placing. So, you know, I was still a murderer >> writing software in the scythe. >> One major, major air. And that was when when the web first came out and we had links. Don't you remember? That was a text based browser, right? And I remember looking to see him like this is terrible. Who would use http slash I'm going back to go for gophers. Awesome. Well, turns out I was totally wrong about Mosaic and Netscape. After that, it was It was it was all hands on >> deck. You got a great career. Been involved a lot in the confluence of policy politics and tech, which is actually perfect skill set for the challenge we're dealing. So I gotta ask you, what are some of the most important conversations that should be on the table right now? Because there's been a lot of conversations going on around from this technology. I has been around for many decades. This has been a policy problem. It's been a societal problem. But now this really focus on acute focus on a lot of key things. What are some of the most important things that you think should be on the table for techies? For policymakers, for business people, for lawmakers? >> One. I think we've got to figure out how to get really technology knowledge into the hands of policymakers. Right. You see, you watch the Facebook hearings on Capitol Hill. I mean, it was a joke. It was concerning right? I mean, anybody with a technology background to be concerned about what they saw there, and it's not the lawmakers fault. I mean, you know, we've got to empower them with that. And so we got to take technologist, threw it out, how to get them to talk policy and get them up on the hill and in the administration talking to folks, right? And one of the big outcomes, I think, has to come out of that conversation. What do we do about national level cybersecurity, Right, because we assume today that it's the rule. The private sector provides cyber security for their own companies, but in no other circumstance to expect that when it's a nation state attacker, wait. We don't expect Target or Wal Mart or any other company. J. P. Morgan have surface to air missiles on the roofs of their warehouses or their buildings to Vegas Russian bear bombers. Why, that's the job of the government. But when it comes to cyberspace, we expect Private Cummings defending us everything from a script kiddie in his basement to the criminal hacker in Eastern Europe to the nation state, whether Russia, China, Iran or North Korea and these nation states have virtually a limited resource. Your armies did >> sophisticated RND technology, and it's powerful exactly like a nuclear weaponry kind of impact for digital. >> Exactly. And how can we expect prices comes to defend themselves? It's not. It's not a fair fight. And so the government has to have some role. The questions? What role? How did that consist with our values, our principles, right? And how do we ensure that the Internet remains free and open, while still is sure that the president is not is not hampered in doing its job out there. And I love this top way talk about >> a lot, sometimes the future of warfare. Yeah, and that's really what we're talking about. You go back to Stuxnet, which opened Pandora's box 2016 election hack where you had, you know, the Russians trying to control the mean control, the narrative. As you pointed out, that that one video we did control the belief system you control population without firing a shot. 20 twenties gonna be really interesting. And now you see the U. S. Retaliate to Iran in cyberspace, right? Allegedly. And I was saying that we had a conversation with Robert Gates a couple years ago and I asked him. I said, Should we be Maur taking more of an offensive posture? And he said, Well, we have more to lose than the other guys Glasshouse problem? Yeah, What are your thoughts on? >> Look, certainly we rely intimately, inherently on the cyber infrastructure that that sort of is at the core of our economy at the core of the world economy. Increasingly, today, that being said, because it's so important to us all the more reason why we can't let attacks go Unresponded to write. And so if you're being attacked in cyberspace, you have to respond at some level because if you don't, you'll just keep getting punched. It's like the kid on the playground, right? If the bully keeps punching him and nobody does anything, not not the not the school administration, not the kid himself. Well, then the boy's gonna keep doing what he's doing. And so it's not surprising that were being tested by Iran by North Korea, by Russia by China, and they're getting more more aggressive because when we don't punch back, that's gonna happen. Now we don't have to punch back in cyberspace, right? A common sort of fetish about Cyrus is a >> response to the issue is gonna respond to the bully in this case, your eggs. Exactly. Playground Exactly. We'll talk about the Iran. >> So So if I If I if I can't Yeah, the response could be Hey, we could do this. Let them know you could Yes. And it's a your move >> ate well, And this is the key is that it's not just responding, right. So Bob Gates or told you we can't we talk about what we're doing. And even in the latest series of alleged responses to Iran, the reason we keep saying alleged is the U. S has not publicly acknowledged it, but the word has gotten out. Well, of course, it's not a particularly effective deterrence if you do something, but nobody knows you did it right. You gotta let it out that you did it. And frankly, you gotta own it and say, Hey, look, that guy punch me, I punch it back in the teeth. So you better not come after me, right? We don't do that in part because these cables grew up in the intelligence community at N S. A and the like, and we're very sensitive about that But the truth is, you have to know about your highest and capabilities. You could talk about your abilities. You could say, Here are my red lines. If you cross him, I'm gonna punch you back. If you do that, then by the way, you've gotta punch back. They'll let red lines be crossed and then not respond. And then you're gonna talk about some level of capabilities. It can't all be secret. Can't all be classified. Where >> are we in this debate? Me first. Well, you're referring to the Thursday online attack against the intelligence Iranian intelligence community for the tanker and the drone strike that they got together. Drone take down for an arm in our surveillance drones. >> But where are we >> in this debate of having this conversation where the government should protect and serve its people? And that's the role. Because if a army rolled in fiscal army dropped on the shores of Manhattan, I don't think Citibank would be sending their people out the fight. Right? Right. So, like, this is really happening. >> Where are we >> on this? Like, is it just sitting there on the >> table? What's happening? What's amazing about it? Hi. This was getting it going well, that that's a Q. What's been amazing? It's been happening since 2012 2011 right? We know about the Las Vegas Sands attack right by Iran. We know about North Korea's. We know about all these. They're going on here in the United States against private sector companies, not against the government. And there's largely been no response. Now we've seen Congress get more active. Congress just last year passed to pass legislation that gave Cyber command the authority on the president's surgery defenses orders to take action against Russia, Iran, North Korea and China. If certain cyber has happened, that's a good thing, right to give it. I'll be giving the clear authority right, and it appears the president willing to make some steps in that direction, So that's a positive step. Now, on the back end, though, you talk about what we do to harden ourselves, if that's gonna happen, right, and the government isn't ready today to defend the nation, even though the Constitution is about providing for the common defense, and we know that the part of defense for long. For a long time since Secretary Panetta has said that it is our mission to defend the nation, right? But we know they're not fully doing that. How do they empower private sector defense and one of keys That has got to be Look, if you're the intelligence community or the U. S. Government, you're Clinton. Tremendous sense of Dad about what you're seeing in foreign space about what the enemy is doing, what they're preparing for. You have got to share that in real time at machine speed with industry. And if you're not doing that and you're still count on industry to be the first line defense, well, then you're not empowered. That defense. And if you're on a pair of the defense, how do you spend them to defend themselves against the nation? State threats? That's a real cry. So >> much tighter public private relationship. >> Absolutely, absolutely. And it doesn't have to be the government stand in the front lines of the U. S. Internet is, though, is that you could even determine the boundaries of the U. S. Internet. Right? Nobody wants an essay or something out there doing that, but you do want is if you're gonna put the private sector in the in the line of first defense. We gotta empower that defense if you're not doing that than the government isn't doing its job. And so we gonna talk about this for a long time. I worked on that first piece of information sharing legislation with the House chairman, intelligence Chairman Mike Rogers and Dutch Ruppersberger from Maryland, right congressman from both sides of the aisle, working together to get a fresh your decision done that got done in 2015. But that's just a first step. The government's got to be willing to share classified information, scaled speed. We're still not seeing that. Yeah, How >> do people get involved? I mean, like, I'm not a political person. I'm a moderate in the middle. But >> how do I How do people get involved? How does the technology industry not not the >> policy budgets and the top that goes on the top tech companies, how to tech workers or people who love Tad and our patriots and or want freedom get involved? What's the best approach? >> Well, that's a great question. I think part of is learning how to talk policy. How do we get in front policymakers? Right. And we're I run. I run a think tank on the side at the National Institute at George Mason University's Anton Scalia Law School Way have a program funded by the Hewlett Foundation who were bringing in technologists about 25 of them. Actually. Our next our second event. This Siri's is gonna be in Chicago this weekend. We're trained these technologies, these air data scientists, engineers and, like talk Paul's right. These are people who said We want to be involved. We just don't know how to get involved And so we're training him up. That's a small program. There's a great program called Tech Congress, also funded by the U. A. Foundation that places technologists in policy positions in Congress. That's really cool. There's a lot of work going on, but those are small things, right. We need to do this, its scale. And so you know, what I would say is that their technology out there want to get involved, reach out to us, let us know well with our partners to help you get your information and dad about what's going on. Get your voice heard there. A lot of organizations to that wanna get technologies involved. That's another opportunity to get in. Get in the building is a >> story that we want to help tell on be involved in David. I feel passion about this. Is a date a problem? So there's some real tech goodness in there. Absolutely. People like to solve hard problems, right? I mean, we got a couple days of them. You've got a big heart problems. It's also for all the people out there who are Dev Ops Cloud people who like to work on solving heart problems. >> We got a lot >> of them. Let's do it. So what's going on? Iron? Give us the update Could plug for the company. Keith Alexander found a great guy great guests having on the Cube. That would give the quick thanks >> so much. So, you know, way have done two rounds of funding about 110,000,000. All in so excited. We have partners like Kleiner Perkins Forge point C five all supporting us. And now it's all about We just got a new co CEO in Bill Welshman. See Scaler and duo. So he grew Z scaler. $1,000,000,000 valuation he came in to do Oh, you know, they always had a great great exit. Also, we got him. We got Sean Foster in from from From Industry also. So Bill and Sean came together. We're now making this business move more rapidly. We're moving to the mid market. We're moving to a cloud platform or aggressively and so exciting times and iron it. We're coming toe big and small companies near you. We've got the capability. We're bringing advanced, persistent defense to bear on his heart problems that were threat analytics. I collected defence. That's the key to our operation. We're excited >> to doing it. I call N S A is a service, but that's not politically correct. But this is the Cube, so >> Well, look, if you're not, if you want to defensive scale, right, you want to do that. You know, ECE knows how to do that key down here at the forefront of that when he was in >> the government. Well, you guys are certainly on the cutting edge, riding that wave of common societal change technology impact for good, for defence, for just betterment, not make making a quick buck. Well, you know, look, it's a good business model by the way to be in that business. >> I mean, It's on our business cards. And John Xander means it. Our business. I'd say the Michigan T knows that he really means that, right? Rather private sector. We're looking to help companies to do the right thing and protect the nation, right? You know, I protect themselves >> better. Well, our missions to turn the lights on. Get those voices out there. Thanks for coming on. Sharing the lights. Keep covers here. Day one of two days of coverage. Eight of us reinforce here in Boston. Stay with us for more Day one after this short break.

>> Announcer: Live from New York City It's TheCube. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> It got out of control, they were testing it. Okay, welcome back everyone. We are here live in New York City for CyberConnect 2017. This is Cube's coverage is presented by Centrify. It's an industry event, bringing all the leaders of industry and government together around all the great opportunities to solve the crisis of our generation. That's cyber security. We have Cricket Liu. Chief DNS architect and senior fellow at Infoblox. Cricket, great to see you again. Welcome to theCUBE. >> Thank you, nice to be back John. >> So we're live here and really this is the first inaugural event of CyberConnect. Bringing government and industry together. We saw the retired general on stage talking about some of the history, but also the fluid nature. We saw Jim from Aetna, talking about how unconventional tactics and talking about domains and how he was handling email. That's a DNS problem. >> Yeah, yeah. >> You're the DNS guru. DNS has become a role in this. What's going on here around DNS? Why is it important to CyberConnect? >> Well, I'll be talking tomorrow about the first anniversary, well, a little bit later than the first anniversary of the big DDoS attack on Dyn. The DNS hosting provider up in Manchester, New Hampshire. And trying to determine if we've actually learned anything, have we improved our DNS infrastructure in any way in the ensuing year plus? Are we doing anything from the standards, standpoint on protecting DNS infrastructure. Those sorts of things. >> And certainly one of the highlight examples was mobile users are masked by the DNS on, say, email for example. Jim was pointing that out. I got to ask you, because we heard things like sink-holing addresses, hackers create domain names in the first 48 hours to launch attacks. So there's all kinds of tactical things that are being involved with, lets say, domain names for instance. >> Cricket: Yeah, yeah. >> That's part of the critical infrastructure. So, the question is how, in DDoS attacks, denial-of-service attacks, are coming in in the tens of thousands per day? >> Yeah, well that issue that you talked about, in particular the idea that the bad guys register brand new domain names, domain names that initially have no negative reputation associated with them, my friend Paul Vixie and his new company Farsight Security have been working on that. They have what is called a -- >> John: What's the name of the company again? >> Farsight Security. >> Farsight? >> And they have what's called a Passive DNS Database. Which is a database basically of DNS telemetry that is accumulated from big recursive DNS servers around the internet. So they know when a brand new domain name pops up, somewhere on the internet because someone has to resolve it. And they pump all of these brand new domain names into what's called a response policy zone feed. And you can get for example different thresh holds. I want to see the brand new domain names created over the last 30 minutes or seen over the last 30 minutes. And if you block resolution of those brand new domain names, it turns out you block a tremendous amount of really malicious activity. And then after say, 30 minutes if it's a legitimate domain name it falls off the list and you can resolve it. >> So this says your doing DNS signaling as a service for new name registrations because the demand is for software APIs to say "Hey, I want to create some policy around some techniques to sink-hole domain address hacks. Something like that? >> Yeah, basically this goes hand in hand with this new system response policy zone which allows you to implement DNS policy. Something that we've really never before done with DNS servers, which that's actually not quite true. There have been proprietary solutions for it. But response policy zones are an open solution that give you the ability to say "Hey I do want to allow resolution of this domain name, but not this other domain name". And then you can say "Alright, all these brand new domain names, for the first 30 minutes of their existence I don't want-- >> It's like a background check for domain names. >> Yeah, or like a wait list. Okay, you don't get resolved for the first 30 minutes, that gives the sort of traditional, reputational, analyzers, Spamhaus and Serval and people like that a chance to look you over and say "yeah, it's malicious or it's not malicious". >> So serves to be run my Paul Vixie who is the contributor to the DNS protocol-- >> Right, enormous contributor. >> So we should keep an eye on that. Check it out, Paul Vixie. Alright, so DNS's critical infrastructure that we've been talking about, that you and I, love to riff about DNS and the role What's it enabled? Obviously it's ASCII, but I got to ask you, all these Unicode stuff about the emoji and the open source, really it highlight's the Unicode phenomenon. So this is a hacker potential haven. DNS and Unicode distinction. >> It's really interesting from a DNS standpoint, because we went to a lot of effort within the IETF, the Internet Engineering Task Force, some years ago, back when I was more involved in the IETF, some people spent a tremendous amount of effort coming up with a way to use allow people to use Unicode within domain name. So that you could type something into your browser that was in traditional or simplified Chinese or that was in Arabic or was in Hebrew or any number of other scripts. And you could type that in and it would be translated into something that we call puny code, in the DNS community, which is an ASCII equivalent to that. The issue with that though, becomes that there are, we would say glifs, most people I guess would say characters, but there are characters in Unicode that look just like, say Latin alphabet characters. So there's a lowercase 'a' for example, in cyrillic, it's not a lowercase 'a' in the Latin alphabet, it's a cyrillic 'a', but it looks just like an 'a'. So it's possible for people to register names, domain names, that in there Unicode representation, look like for example, PayPal, which of course has two a's in it, and those two a's could be cyrillic a's. >> Not truly the ASCII representation of PayPal which we resolve through the DNS. >> Exactly, so imagine how subtle an attack that would be if you were able to send out a bunch of email, including the links that said www.-- >> Someone's hacked your PayPal account, click here. >> Yeah, exactly. And if you eyeballed it you'd think Well, sure that's www.PayPal.com, but little do you know it's actually not the -- >> So Jim Ruth talked about applying some unconventional methods, because the bad guys don't subscribe to the conventional methods . They don't buy into it. He said that they change up their standards, is what I wrote down, but that was maybe their sort of security footprint. 1.5 times a day, how does that apply to your DNS world, how do you even do that? >> Well, we're beginning to do more and more with analytics DNS. The passive DNS database that I talked about. More and more big security players, including Infoblox are collecting passive DNS data. And you can run interesting analytics on that passive DNS data. And you can, in some cases, automatically detect suspicious or malicious behavior. For example you can say "Hey, look this named IP address mapping is changing really, really rapidly" and that might be an indication of let's say, fast flux. Or you can say "These domain names have really high entropy. We did an engram analysis of the labels of these". The consequence of that we believe that this resolution of these domain names, is actually being used to tunnel data out of an organization or into an organization. So there's some things you can do with these analytical algorithms in order to suss out suspicious and malicious. >> And you're doing that in as close to real time as possible, presumably right? >> Cricket: That's right. >> And so, now everybody's talking about Edge, Edge computing, Edge analytics. How will the Edge effect your ability to keep up? >> Well, the challenge I think with doing analytics on passive DNS is that you have to be able to collect that data from a lot of places. The more places that you have, the more sensors that you have collecting passive DNS data the better. You need to be able to get it out from the Edge. From those local recursive DNS servers that are actually responding to the query's that come from say your smart phone or your laptop or what have you. If you don't have that kind of data, you've only got, say, big ISPs, then you may not detect the compromise of somebody's corporate network, for example. >> I was looking at some stats when I asked the IOT questions, 'cause you're kind of teasing out kind of the edge of the network and with mobile and wearables as the general was pointing out, is that it's going to create more service area, but I just also saw a story, I don't know if it's from Google or wherever, but 80% plus roughly, websites are going to have SSL HTBS that they're resolving through. And there's reports out here that a lot of the anti virus provisions have been failing because of compromised certificates. And to quote someone from Research Park, and we want to get your reaction to this "Our results show", this is from University of Maryland College Park. "Our results show that compromised certificates pose a bigger threat than we previously believed, and is not restricted to advanced threats and digitally signed malware was common in the wild." Well before Stuxnet. >> Yeah, yeah. >> And so breaches have been caused by compromising certificates of actual authority. So this brings up the whole SSL was supposed to be solving this, that's just one problem. Now you've got the certificates, well before Stuxnet. So Stuxnet really was kind of going on before Stuxnet. Now you've got the edge of the network. Who has the DNS control for these devices? Is it kind of like failing? Is it crumbling? How do we get that trust back? >> That's a good question. One of the issues that we've had is that at various points, CAs, Certificate Authorities, have been conned into issuing certificates for websites that they shouldn't have. For example, "Hey, generate a cert for me". >> John: The Chinese do it all the time. >> Exactly. I run www. Bank of America .com. They give it to the wrong guy. He installs it. We have I think, something like 1,500 top level certification authorities. Something crazy like that. Dan Komenski had a number in one of his blog posts and it was absolutely ridiculous. The number of different CA's that we trust that are built into the most common browsers, like Chrome and Firefox and things like that. We're actually trying to address some of those issues with DNS, so there are two new resource records being introduced to DNS. One is TLSA. >> John: TLSA? >> Yeah, TLSA. And the other one is called CAA I think, which always makes me think of a California Automotive Association. (laughter) But TLSA is basically a way of publishing data in your own zone that says My cert looks like this. You can say "This is my cert." You can just completely go around the CA. And you can say "This is my cert" and then your DNS sec sign your zone and you're done. Or you can do something short of that and you can say "My cert should look like this "and it should have this CA. "This is my CA. "Don't trust any other one" >> So it's metadata about the cert or the cert itself. >> Exactly, so that way if somebody manages to go get a cert for your website, but they get that cert from some untrustworthy CA. I don't know who that would be. >> John: Or a comprimised-- >> Right, or a compromised CA. No body would trust it. No body who actually looks up the TSLA record because they'll go "Oh, Okay. I can see that Infoblox's cert that their CA is Symantech. And this is not a Symantech signed cert. So I'm not going to believe it". And at the same time this CAA record is designed to be consumed by the CA's themselves, and it's a way of saying, say Infoblox can say "We are a customer of Symantech or whoever" And when somebody goes to the cert and says "Hey, I want to generate a certificate for www.Infoblox.com, they'll look it up and say "Oh, they're a Symantech customer, I'm not going to do that for you". >> So it creates trust. So how does this impact the edge of the network, because the question really is, the question that's on everyone's mind is, does the internet of things create more trust or does it create more vulnerabilities? Everyone knows it's a surface area, but still there are technical solutions when you're talking about, how does this play out in your mind? How does Infoblox see it? How do you see it? What's Paul Vixie working on, does that tie into it? Because out in the hinterlands and the edge of the network and the wild, is it like a DNS server on the device. It could be a sensor? How are they resolving things? What is the protocol for these? >> At least this gives you a greater assurance if you're using TLS to encrypt communication between a client and a web server or some other resource out there on the internet. It at least gives you a better assurance that you really aren't being spoofed. That you're going to the right place. That your communications are secure. So that's all really good. IOT, I think of as slightly orthogonal to that. IOT is still a real challenge. I mean there is so many IOT devices out there. I look at IOT though, and I'll talk about this tomorrow, and actually I've got a live event on Thursday, where I'll talk about it some more with my friend Matt Larson. >> John: Is that going to be here in New York? >> Actually we're going to be broadcasting out of Washington, D.C. >> John: Were you streaming that? >> It is streamed. In fact it's only streamed. >> John: Put a plug in for the URL. >> If you go to www.Infoblox.com I think it's one of the first things that will slide into your view. >> So you're putting it onto your company site. Infoblox.com. You and Matt Larson. Okay, cool. Thursday event, check it out. >> It is somewhat embarrassingly called Cricket Liu Live. >> You're a celebrity. >> It's also Matt Larson Live. >> Both of you guys know what you're talking about. It's great. >> So there's a discussion among certain boards of directors that says, "Look, we're losing the battle, "we're losing the war. "We got to shift more on response "and at least cover our butts. "And get some of our response mechanisms in place." What do you advise those boards? What's the right balance between sort of defense perimeter, core infrastructure, and response. >> Well, I would certainly advocate as a DNS guy, that people instrument their DNS infrastructure to the extent that they can to be able to detect evidence of compromise. And that's a relatively straight forward thing to do. And most organizations haven't gone through the trouble to plumb their DNS infrastructure into their, for example, their sim infrastructure, so they can get query log information, they can use RPZs to flag when a client looks up the domain name of a known command and control server, which is a clear indication of compromise. Those sorts of things. I think that's really important. It's a pretty easy win. I do think at this point that we have to resign ourselves to the idea that we have devices on our network that are infected. That game is lost. There's no more crunchy outer shell security. It just doesn't really work. So you have to have defensive depth as they say. >> Now servs has been around for such a long time. It's been one of those threats that just keeps coming. It's like waves and waves. So it looks like there's some things happening, that's cool. So I got to ask you, CyberConnect is the first real inaugural event that brings industry and some obviously government and tech geeks together, but it's not black hat or ETF. It's not those geeky forums. It's really a business community coming together. What's your take of this event? What's your observations? What are you seeing here? >> Well, I'm really excited to actually get the opportunity to talk to people who are chiefly security people. I think that's kind of a novelty for me, because most of the time I think I speak to people who are chiefly networking people and in particular that little niche of networking people who are interested in DNS. Although truth be told, maybe they're not really interested in DNS, maybe they just put up with me. >> Well the community is really strong. The DNS community has always been organically grown and reliable. >> But I love the idea of talking about DNS security to a security audience. And hopefully some of the folks we get to talk to here, will come away from it thinking oh, wow, so I didn't even realize that my DNS infrastructure could actually be a security tool for me. Could actually be helpful in any way in detecting compromise. >> And what about this final question, 'cause I know we got a time check here. But, operational impact of some of these DNS changes that are coming down from Paul Vixie, you and Matt Larson doing some things together, What's the impact of the customer and they say "okay, DNS will play a role in how I role out my architecture. New solutions for cyber, IOT is right around the corner. What's the impact to them in your mind operationally. >> There certainly is some operational impact, for example if you want to subscribe to RPZ feeds, you've got to become a customer of somebody who provides a commercial RPZ feed or somebody who provides a free RPZ feed. You have to plumb that into your DNS infrastructure. You have to make sure that it continues transferring. You have to plumb that into your sim, so when you get a hit against an RPZ, you're notified about it, your security folks. All that stuff is routine day to day stuff. Nothing out of the ordinary. >> No radical plumbing changes. >> Right, but I think one of the big challenges in so many of the organizations that I go to visit, the security organization and the networking organization are in different silos and they don't necessarily communicate a lot. So maybe the more difficult operational challenge is just making sure that you have that communication. And that the security guys know the DNS guys, the networking guys, and vice versa. And they cooperate to work on problems. >> This seems to be the big collaboration thing that's happening here. That it's more of a community model coming together, rather than security. Cricket Liu here, DNS, Chief Architect of DNS and senior fellow of Infoblox. The legend in the DNS community. Paul Vixie amongst the peers. Really that community holding down the fort I'll see a lot of exploits that they have to watch out for. Thanks for your commentary here at the CyberConnect 2017 inaugural event. This is theCUBE. We'll be right back with more after this short break. (techno music)