(upbeat music) >> Hey everyone. Welcome to theCube's presentation of the AWS Startup Showcase. This is season two, episode four of our ongoing series featuring exciting startups in the AWS ecosystem. This theme is cyber security, detecting and protecting against threats. I'm your host, Lisa Martin and I'm pleased to be joined by Raghu Nadakumara the senior director of solutions marketing at Illumio. We're going to be talking about all things, cybersecurity, Raghu. it's great to have you on the program >> Lisa, it's fantastic to be here and the lovely to have the opportunity. Thank you >> Absolutely. So, so much changing in the threat landscape. We're seeing threat actors are booming, new threats customers having to solve really hard security problems across their organization. On-prem in the cloud, hybrid multi-cloud, et cetera. Talk to me about some of the ways in which Illumio is helping customers to address those massive challenges. >> Sure. I think like it's a sort of to pair off what you said to begin with. You said so much has changed, but equally and Kim Jetta made this point last week in her keynote at Black Hat and Chris Krebs former director of CISA also kind of reiterated this, so much has changed yet so much hasn't changed. And really from sort of Illumio's perspective the way we look at this is that as we are moving to a sort of a world of ever increasing connectivity I kind of almost pair off digital transformation which pretty much every organization talks about. They've got a digital transformation program. I really pair that off with what does that mean? It really means hyper connectivity because you've got your data center connecting into workloads, running in the cloud with users and user devices everywhere with a plethora of other connected devices. So we've got this massive hyper connected web. Well, what does that lead to? It leads to a massively increasing mushrooming attack surface. So from a threat actor perspective, just the the size of the opportunity is so much larger these days. But the problem then from a from a defender's perspective is that how do you even understand your, this complex very hybrid attack surface? So what we lack is the ability to get that consistent visibility of our actual exposure across the board, but, and then the ability to then deploy a consistent security control set across that estate to be able to manage that attack service and reduce that exposure risk. And these two problems, the challenge of consistent visibility and the challenge of consistent security from an Illumio perspective, we believe we solve both of those with our zero trust segmentation platform. So we are really looking at helping organizations helping our customers be resilient to the threats of today and the threats of tomorrow by giving them that consistent visibility and that consistent security through zero trust segmentation. >> Let's unpack zero trust segmentation. You know, when we look at some of the stats on ransom where it's been a while that it's a matter of when, not if for organizations so getting that visibility and consistent security policies across the estate, as you say is critical for businesses in every organization. How does zero trust segmentation, first of all define it and then tell us how that helps. >> Oh, happily. It's kind of one my favorite subjects to talk about. Right. So let start with zero trust segmentation and kind of, sort of to put it into a context that's probably more easy to understand, right? Is that we see sort of zero trust segmentation as being founded on two pillars, right? The first is an assumed breach mindset and I'll come onto what we mean by that in a second. And the second paired with that and what we see is kind of the natural progression from that is then the use of least privileged policies to go and control and protect your estate. So what does assume breach mean? Well, assume breach is really that approach that says work on the assumption that bad event that malicious actor, that anomalous action that unexpected behavior, and that could be intentional and the result of a malicious action or it could be completely unintentional. Think of that sort of someone, a misconfiguration in an application, for example, right? All of these things are essentially unexpected anomalous event. So start from that assumption that that's either happened or it's going to happen at some point, right? So when you make that assumption, right, and that assumption that that is happening on your internal network. So remember right. Assume that that thing is already happening on your internal network, not it's on outside of the perimeter and it's got to still find its way in. No, it's really about assuming that that initial sort of thing to get onto the network and some anomalous event has already happened. If you started from that premise then how would you design your security controls? Well, the natural reaction to that is, well if that's going to happen what I need to ensure is that the impact of that is as limited as possible is as restricted as possible. So how do I ensure that that is as limited as possible? Well, it's by ensuring that any access into the rest of my environment, the rest of the infrastructure and that could be that hybrid infrastructure, private cloud, public cloud, et cetera is built on a least privileged access model. And that way I can ensure that even if I have a compromise in one part of my environment or potentially there could be compromises in different parts of my environment that they're not going to impact the rest of the whole. So I'm containing the impact of that. And as a result I'm protecting the rest of the infrastructure and able to maintain my resilience for longer. So that's how zero trust segmentation, well, that's what zero trust segmentation is and how it delivers better security for an organization. >> So preventing that lateral spread is really critical especially as we've seen in the last couple of years this acceleration of cloud adoption, cloud migration for customers that are in transit, if you will, CTS why is it so fundamental? >> Well, I think you expressed it brilliantly, right? That if you look at any sort of malicious attack, right? Whether it's ransomware, whether it's an advanced attacker like APT style attack over the last sort of decade, right? A common part, a common tactic, those attackers used in order to proliferate and in order to move to either spread that attack as far and wide as possible in the case of ransomware or in the case of a very targeted attack to go and find that trophy target. One of the key tactics they leverage is lateral movement. So from a defender's perspective if you are able to better detect and ideally better prevent upfront that lateral movement and limit you are, you are defending yourself. You are proactively defending yourself from this threat. So what does that mean then from the perspective of organizations that are moving into cloud? So organizations that are say on that journey to transition into AWS, right? Whether from a right, I'm going all in an AWS and ultimately leaving my private data center behind or sort of more likely where my applications now in this hybrid deployment model where I have some on-prem some in the cloud. So there it's even more important because we know that things that are deployed in the cloud can very easily sort of get exposed to the internet. Right? We've seen that with a number of sort of different customers of cloud where a misconfigured security group suddenly gives access to all resources from the internet, right? Or gives access on high risk ports that you didn't want to have that you didn't want to be able to access. So here, zero trust segmentation is so important because if you come back to the fundamentals of it, it's around consistent visibility and consistent security policy. So what do we provide? Well, from an Illumio perspective and through our zero trust segmentation platform we ensure that as your application, as your key resources, as they transition from your private data center into the cloud, you can have exactly the same visibility and exactly the same granularity of visibility over those interactions between your resources as they move into the cloud. And the most important thing here is that it's not in cloud. We realize it's not just about adopting compute. It's not just infrastructure as a service organizations are now adopting the the more cloud native services whether that's managed databases or containers or serverless, et cetera, right. But all of these make up part of that new application and all of those need be included in that visibility, right? So visibility, isn't just about what your computer's doing where you've got this OS that you can manage but it's really about any component that is interacting as part of your organization as part of your applications. So we provide visibility across that and as it moves so that, that sort of, that granularity of visibility the ability to see those dependencies between applications we provide that consistently. And then naturally we then allow you to con consistently apply security policy as this application moves. So as you transition from on-prem where you have controls where you have your lateral movement controls your segmentation controls, and as you move resources into the cloud we allow you to maintain that security posture as you move into cloud, but not just that doesn't just stop there. So we spoke at the top about how least privileged is fundamental to zero trust from a policy perspective what we give you the ability to do give our customers the ability to do as they move into AWS is compare what they have configured on their security groups. So they way they think they've got the right security posture, we compare that to what the actual usage around those resources is. And we provide them recommendations to better secure those security groups. So essentially always tending them towards a more secure con configuration, such that they can maintain that least privileged access over the, around their critical resources. So this is the way our technology helps our customers move and migrate safely and securely from on-prem into AWS. >> That's a great description, very thorough in how you're talking about the benefits to organizations. You know, as we think about cloud adoption migration, cybersecurity these are clearly C-suite conversations. Are you seeing things like zero trust segmentation rise up to the C-suite and maybe even beyond to the board? Is this from a security perspective, a board level issue? >> Oh, absolutely. And, and Chris Krebs, former director of CISA last week set security must absolutely be a board level topic. It's not something that needs to be sort of in the weeds of IT or just sort of under the purview of what the chief security is doing. It needs to a board level issue. And what we see is while sort of talking about let's say zero trust segmentation or zero trust is very much a security function. What it typically ladders up to at the boardroom level is tying it into operational resilience, right? Because I think organizations now it's not just about the ability, given that sort of attacks are proliferating. And particularly the threat around ransomware is so high that the use of ransomware, not just as a way to steal data and extract money, but also ransomware as essentially a way to disrupt operations. And that is now what the concern is at that board level. Is that how is this attack going to impact me from a from a productivity perspective from an availability perspective, and depending on the type of organization, if it's, for example a financial organization there their worry is around their reputation because ultimately organizations are unable to trust that financial organization. We very quickly see that we have sort of that run on the bank, where customers, counterparties et cetera, quickly want to take their business elsewhere. If it's a manufacturing or healthcare provider, their concern is can we deliver our critical services? For example, healthcare can we deliver patient services? Manufacturing, can we continue to produce whatever it is we manufacture, even in the case of being under attack? So at the board level they're thinking about it from the perspective of resilience and operational resilience, and that then translates into cyber resilience when it comes to talking about where does zero trust segmentation fit in? Zero trust segmentation enables cyber resilience which ultimately enables operational resilience. So this is how we see it laddering up to boardroom issues. >> Got it. And of course, you know when you were talking about brand reputation, brand damage you think nobody wants to be the next headline where a breach is occurring. We've seen too many of those and we probably will see many more. So Raghu, when you're in customer conversations what are say the top three differentiators that you share with customers versus like CSPM tools what are those key core Illumio differentiators? >> Yeah. So like sort of CSPM tools, right? They're very focusing on assessing posture and sort of reporting on compliance in comparison to a baseline. So for example, it's okay here is what I think the security configuration should be. And here is how I'm actually configured in AWS. Here is the diff and here is where I'm out of compliance, right? That that's typically what, what CSPM products do, right? And there is a very important place for them in any organization's tool set. Now, what they don't do and where we provide the differentiation is that they're not set up to sort of monitor around lateral movement, right? They're not about providing you with that view about how your resources are interacting each other. They're not about providing guidance as to whether a security reconfiguration could be enhanced and could be tightened up. They also don't give you the view particularly around is this even relevant, right? And that that's really where we come in because the the visibility allows you to understand how resources are interacting with each other. That then allows you to determine whether those interactions are required or not. That then allows you to define a least privileged policy that controls access between these resources. But it also kind of as this sort of the feedback loop goes on is to ensure that least privileged policy is always tending towards what you actually need, right? So it's from what I think I need to what you actually need based on, based on usage. So this is how we differentiate what we do from what a CSPM type of technology does, right? We're always about providing visibility and maintaining least privileged access between your resources >> How many different security tools are you seeing that organizations have in place today? Those prospects that are coming to Illumio saying we've got challenges, we understand the threat landscape. The malicious actors are very incentivized, but what are the security tools in place and is Illumio able to replace, like, reduce that number replace some of those tools. So that simplification happens in this growingly complex environment. >> Yeah, I think that's a really good question. And I think that the answer to that is really, actually not so much about not necessarily about reducing though, of course, right. Organizations always, if they can reduce tools and replace one tool that does one thing with a tool that does multiple things, it's, it's always a it's always a benefit, but the the way we see it is that what is the value that we provide that complements existing tooling that an organization already has, right. Because what we think is important is that any technology that you bring in, shouldn't be just sit on its own island where it's value is kind of isolated from the value you are getting from everything else, right. It should be part of it should be able to be part of a sort of integrated ecosystem of complimentary technologies, right. And we believe that what we do firmly fits in to that type of technology ecosystem, right. So we in, so for example, to to give you examples, right, we enhance your asset discovery piece by providing a, the visibility that allows you to get the understanding of all your interactions. Why is that important? Because you can use that data to ensure that what you think is labeled or tagged in a particular way is in fact, that asset, right. And we benefit from that because we benefit from the asset information to allow us to build security policy that map those dependencies. We provide value to your detection and response capabilities, because we have that visibility around lateral movement. We are able to be reactive in terms of containing an attack. We can be used to proactively limit sort of pathways such that let's say things like common ransomware can't leverage things like open RDP and open SMB ports to spread. We can go and inform things like service maps. So if your organization is sort of heavily invested in like service mapping and feeding that back into sort of your IT tool sets. So ITSM tool sets, et cetera, right. We can provide data into that to enhance that particular experience. So there is lots of value beyond sort of what our own product value proposition is that we bring into your existing technology ecosystem. Which is why we think we kind of add value into any deployment over and beyond just sort of the things that we do around visibility and consistent security. >> Yeah. What you were just describing. So well with the first thought coming to my mind was value-add. There's a lot of synergy there. Synergies between other technologies. You mentioned that complimentary nature, that seems like a huge value impact for organizations across any industry. Last question from a go to market perspective where can prospects go to learn more? This is available in the AWS marketplace, but talk to us about where they can go to learn more. >> Yeah, sure, so you can, so if you're an AWS customer, right, you can purchase Illumio straight from the AWS marketplace. Just go and find it under sort of security products in, I think it's infrastructure software. So you can go and find that. You can obviously reach out to your AWS account team if you want sort of further information around Illumio and how to secure that through AWS. And of course you can come along to illumio.com where we have a whole raft of information about what we do, how we do it, the benefits that we provide to our customers and how it ladders up to some of the key sort of boardroom issues, right. Around whether it's around transformation or resilience or ransomware containment. So come along to our website and and find out all those things. And we're here to help >> Awesome Raghu. What a great conversation around such an important topic, cybersecurity, detecting and protecting against threats that we know is is an evolving landscape. We appreciate all of your insights. Great explanations into what Illumio is doing there. How you're helping organizations and where they can go to find more. Thank you so much for joining me today. >> It's been absolute, absolute pleasure, Lisa. Thank you very much for having me. >> All right. For Raghu Nadkumara. I'm Lisa Martin. We want to thank you for watching this episode of the AWS Startup Showcase. We'll see you soon. (soft music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR, This is "Breaking Analysis with Dave Vellante". >> Black Hat 22 was held in Las Vegas last week, the same time as theCUBE Supercloud event. Unlike AWS re:Inforce where words are carefully chosen to put a positive spin on security, Black Hat exposes all the warts of cyber and openly discusses its hard truths. It's a conference that's attended by technical experts who proudly share some of the vulnerabilities they've discovered, and, of course, by numerous vendors marketing their products and services. Hello, and welcome to this week's Wikibon CUBE Insights powered by ETR. In this "Breaking Analysis", we summarize what we learned from discussions with several people who attended Black Hat and our analysis from reviewing dozens of keynotes, articles, sessions, and data from a recent Black Hat Attendees Survey conducted by Black Hat and Informa, and we'll end with the discussion of what it all means for the challenges around securing the supercloud. Now, I personally did not attend, but as I said at the top, we reviewed a lot of content from the event which is renowned for its hundreds of sessions, breakouts, and strong technical content that is, as they say, unvarnished. Chris Krebs, the former director of Us cybersecurity and infrastructure security agency, CISA, he gave the keynote, and he spoke about the increasing complexity of tech stacks and the ripple effects that that has on organizational risk. Risk was a big theme at the event. Where re:Inforce tends to emphasize, again, the positive state of cybersecurity, it could be said that Black Hat, as the name implies, focuses on the other end of the spectrum. Risk, as a major theme of the event at the show, got a lot of attention. Now, there was a lot of talk, as always, about the expanded threat service, you hear that at any event that's focused on cybersecurity, and tons of emphasis on supply chain risk as a relatively new threat that's come to the CISO's minds. Now, there was also plenty of discussion about hybrid work and how remote work has dramatically increased business risk. According to data from in Intel 471's Mark Arena, the previously mentioned Black Hat Attendee Survey showed that compromise credentials posed the number one source of risk followed by infrastructure vulnerabilities and supply chain risks, so a couple of surveys here that we're citing, and we'll come back to that in a moment. At an MIT cybersecurity conference earlier last decade, theCUBE had a hypothetical conversation with former Boston Globe war correspondent, Charles Sennott, about the future of war and the role of cyber. We had similar discussions with Dr. Robert Gates on theCUBE at a ServiceNow event in 2016. At Black Hat, these discussions went well beyond the theoretical with actual data from the war in Ukraine. It's clear that modern wars are and will be supported by cyber, but the takeaways are that they will be highly situational, targeted, and unpredictable because in combat scenarios, anything can happen. People aren't necessarily at their keyboards. Now, the role of AI was certainly discussed as it is at every conference, and particularly cyber conferences. You know, it was somewhat dissed as over hyped, not surprisingly, but while AI is not a panacea to cyber exposure, automation and machine intelligence can definitely augment, what appear to be and have been stressed out, security teams can do this by recommending actions and taking other helpful types of data and presenting it in a curated form that can streamline the job of the SecOps team. Now, most cyber defenses are still going to be based on tried and true monitoring and telemetry data and log analysis and curating known signatures and analyzing consolidated data, but increasingly, AI will help with the unknowns, i.e. zero-day threats and threat actor behaviors after infiltration. Now, finally, while much lip service was given to collaboration and public-private partnerships, especially after Stuxsnet was revealed early last decade, the real truth is that threat intelligence in the private sector is still evolving. In particular, the industry, mid decade, really tried to commercially exploit proprietary intelligence and, you know, do private things like private reporting and monetize that, but attitudes toward collaboration are trending in a positive direction was one of the sort of outcomes that we heard at Black Hat. Public-private partnerships are being both mandated by government, and there seems to be a willingness to work together to fight an increasingly capable adversary. These things are definitely on the rise. Now, without this type of collaboration, securing the supercloud is going to become much more challenging and confined to narrow solutions. and we're going to talk about that little later in the segment. Okay, let's look at some of the attendees survey data from Black Hat. Just under 200 really serious security pros took the survey, so not enough to slice and dice by hair color, eye color, height, weight, and favorite movie genre, but enough to extract high level takeaways. You know, these strongly agree or disagree survey responses can sometimes give vanilla outputs, but let's look for the ones where very few respondents strongly agree or disagree with a statement or those that overwhelmingly strongly agree or somewhat agree. So it's clear from this that the respondents believe the following, one, your credentials are out there and available to criminals. Very few people thought that that was, you know, unavoidable. Second, remote work is here to stay, and third, nobody was willing to really jinx their firms and say that they strongly disagree that they'll have to respond to a major cybersecurity incident within the next 12 months. Now, as we've reported extensively, COVID has permanently changed the cybersecurity landscape and the CISO's priorities and playbook. Check out this data that queries respondents on the pandemic's impact on cybersecurity, new requirements to secure remote workers, more cloud, more threats from remote systems and remote users, and a shift away from perimeter defenses that are no longer as effective, e.g. firewall appliances. Note, however, the fifth response that's down there highlighted in green. It shows a meaningful drop in the percentage of remote workers that are disregarding corporate security policy, still too many, but 10 percentage points down from 2021 survey. Now, as we've said many times, bad user behavior will trump good security technology virtually every time. Consistent with the commentary from Mark Arena's Intel 471 threat report, fishing for credentials is the number one concern cited in the Black Hat Attendees Survey. This is a people and process problem more than a technology issue. Yes, using multifactor authentication, changing passwords, you know, using unique passwords, using password managers, et cetera, they're all great things, but if it's too hard for users to implement these things, they won't do it, they'll remain exposed, and their organizations will remain exposed. Number two in the graphic, sophisticated attacks that could expose vulnerabilities in the security infrastructure, again, consistent with the Intel 471 data, and three, supply chain risks, again, consistent with Mark Arena's commentary. Ask most CISOs their number one problem, and they'll tell you, "It's a lack of talent." That'll be on the top of their list. So it's no surprise that 63% of survey respondents believe they don't have the security staff necessary to defend against cyber threats. This speaks to the rise of managed security service providers that we've talked about previously on "Breaking Analysis". We've seen estimates that less than 50% of organizations in the US have a SOC, and we see those firms as ripe for MSSP support as well as larger firms augmenting staff with managed service providers. Now, after re:Invent, we put forth this conceptual model that discussed how the cloud was becoming the first line of defense for CISOs, and DevOps was being asked to do more, things like securing the runtime, the containers, the platform, et cetera, and audit was kind of that last line of defense. So a couple things we picked up from Black Hat which are consistent with this shift and some that are somewhat new, first, is getting visibility across the expanded threat surface was a big theme at Black Hat. This makes it even harder to identify risk, of course, this being the expanded threat surface. It's one thing to know that there's a vulnerability somewhere. It's another thing to determine the severity of the risk, but understanding how easy or difficult it is to exploit that vulnerability and how to prioritize action around that. Vulnerability is increasingly complex for CISOs as the security landscape gets complexified. So what's happening is the SOC, if there even is one at the organization, is becoming federated. No longer can there be one ivory tower that's the magic god room of data and threat detection and analysis. Rather, the SOC is becoming distributed following the data, and as we just mentioned, the SOC is being augmented by the cloud provider and the managed service providers, the MSSPs. So there's a lot of critical security data that is decentralized and this will necessitate a new cyber data model where data can be synchronized and shared across a federation of SOCs, if you will, or mini SOCs or SOC capabilities that live in and/or embedded in an organization's ecosystem. Now, to this point about cloud being the first line of defense, let's turn to a story from ETR that came out of our colleague Eric Bradley's insight in a one-on-one he did with a senior IR person at a manufacturing firm. In a piece that ETR published called "Saved by Zscaler", check out this comment. Quote, "As the last layer, we are filtering all the outgoing internet traffic through Zscaler. And when an attacker is already on your network, and they're trying to communicate with the outside to exchange encryption keys, Zscaler is already blocking the traffic. It happened to us. It happened and we were saved by Zscaler." So that's pretty cool. So not only is the cloud the first line of defense, as we sort of depicted in that previous graphic, here's an example where it's also the last line of defense. Now, let's end on what this all means to securing the supercloud. At our Supercloud 22 event last week in our Palo Alto CUBE Studios, we had a session on this topic on supercloud, securing the supercloud. Security, in our view, is going to be one of the most important and difficult challenges for the idea of supercloud to become real. We reviewed in last week's "Breaking Analysis" a detailed discussion with Snowflake co-founder and president of products, Benoit Dageville, how his company approaches security in their data cloud, what we call a superdata cloud. Snowflake doesn't use the term supercloud. They use the term datacloud, but what if you don't have the focus, the engineering depth, and the bank roll that Snowflake has? Does that mean superclouds will only be developed by those companies with deep pockets and enormous resources? Well, that's certainly possible, but on the securing the supercloud panel, we had three technical experts, Gee Rittenhouse of Skyhigh Security, Piyush Sharrma who's the founder of Accurics who sold to Tenable, and Tony Kueh, who's the former Head of Product at VMware. Now, John Furrier asked each of them, "What is missing? What's it going to take to secure the supercloud? What has to happen?" Here's what they said. Play the clip. >> This is the final question. We have one minute left. I wish we had more time. This is a great panel. We'll bring you guys back for sure after the event. What one thing needs to happen to unify or get through the other side of this fragmentation and then the challenges for supercloud? Because remember, the enterprise equation is solve complexity with more complexity. Well, that's not what the market wants. They want simplicity. They want SaaS. They want ease of use. They want infrastructure risk code. What has to happen? What do you think, each of you? >> So I can start, and extending to the previous conversation, I think we need a consortium. We need a framework that defines that if you really want to operate on supercloud, these are the 10 things that you must follow. It doesn't matter whether you take AWS, Slash, or TCP or you have all, and you will have the on-prem also, which means that it has to follow a pattern, and that pattern is what is required for supercloud, in my opinion. Otherwise, security is going everywhere. They're like they have to fix everything, find everything, and so on and so forth. It's not going to be possible. So they need a framework. They need a consortium, and this consortium needs to be, I think, needs to led by the cloud providers because they're the ones who have these foundational infrastructure elements, and the security vendor should contribute on providing more severe detections or severe findings. So that's, in my opinion, should be the model. >> Great, well, thank you, Gee. >> Yeah, I would think it's more along the lines of a business model. We've seen in cloud that the scale matters, and once you're big, you get bigger. We haven't seen that coalesce around either a vendor, a business model, or whatnot to bring all of this and connect it all together yet. So that value proposition in the industry, I think, is missing, but there's elements of it already available. >> I think there needs to be a mindset. If you look, again, history repeating itself. The internet sort of came together around set of IETF, RSC standards. Everybody embraced and extended it, right? But still, there was, at least, a baseline, and I think at that time, the largest and most innovative vendors understood that they couldn't do it by themselves, right? And so I think what we need is a mindset where these big guys, like Google, let's take an example. They're not going to win at all, but they can have a substantial share. So how do they collaborate with the ecosystem around a set of standards so that they can bring their differentiation and then embrace everybody together. >> Okay, so Gee's point about a business model is, you know, business model being missing, it's broadly true, but perhaps Snowflake serves as a business model where they've just gone out and and done it, setting or trying to set a de facto standard by which data can be shared and monetized. They're certainly setting that standard and mandating that standard within the Snowflake ecosystem with its proprietary framework. You know, perhaps that is one answer, but Tony lays out a scenario where there's a collaboration mindset around a set of standards with an ecosystem. You know, intriguing is this idea of a consortium or a framework that Piyush was talking about, and that speaks to the collaboration or lack thereof that we spoke of earlier, and his and Tony's proposal that the cloud providers should lead with the security vendor ecosystem playing a supporting role is pretty compelling, but can you see AWS and Azure and Google in a kumbaya moment getting together to make that happen? It seems unlikely, but maybe a better partnership between the US government and big tech could be a starting point. Okay, that's it for today. I want to thank the many people who attended Black Hat, reported on it, wrote about it, gave talks, did videos, and some that spoke to me that had attended the event, Becky Bracken, who is the EIC at Dark Reading. They do a phenomenal job and the entire team at Dark Reading, the news desk there, Mark Arena, whom I mentioned, Garrett O'Hara, Nash Borges, Kelly Jackson, sorry, Kelly Jackson Higgins, Roya Gordon, Robert Lipovsky, Chris Krebs, and many others, thanks for the great, great commentary and the content that you put out there, and thanks to Alex Myerson, who's on production, and Alex manages the podcasts for us. Ken Schiffman is also in our Marlborough studio as well, outside of Boston. Kristen Martin and Cheryl Knight, they help get the word out on social media and in our newsletters, and Rob Hoff is our Editor-in-Chief at SiliconANGLE and does some great editing and helps with the titles of "Breaking Analysis" quite often. Remember these episodes, they're all available as podcasts, wherever you listen, just search for "Breaking Analysis Podcasts". I publish each on wikibon.com and siliconangle.com, and you could email me, get in touch with me at david.vellante@siliconangle.com or you can DM me @dvellante or comment on my LinkedIn posts, and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis". (upbeat music)

>>Bye from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Hey, welcome back. Everyone's keeps coverage here in San Francisco at the Moscone center for RSA conference 2020 I'm John, your host, as cybersecurity goes to the next generation as the new cloud scale, cyber threats are out there, the real impact a company's business and society will be determined by the industry. This technology and the people that a cube alumni here, caramel Jaffer, SVP, senior vice president of strategy and corporate development for iron net. Welcome back. Thanks to Shawn. Good to be here. Thanks for having so iron net FC general Keith Alexander and you got to know new CEO of there. Phil Welsh scaler and duo knows how to scale up a company. He's right. Iron is doing really well. The iron dome, the vision of collaboration and signaling. Congratulations on your success. What's a quick update? >> Well look, I mean, you know, we have now built the capability to share information across multiple companies, multiple industries with the government in real time at machine speed. >>Really bringing people together, not just creating collected security or clip to defense, but also collaborating real time to defend one another. So you're able to divide and conquer Goliath, the enemy the same way they come after you and beat them at their own game. >> So this is the classic case of offense defense. Most corporations are playing defense, whack-a-mole, redundant, not a lot of efficiencies, a lot of burnout. Exactly. Not a lot of collaboration, but everyone's talking about the who the attackers are and collaborating like a team. Right? And you guys talk about this mission. Exactly. This is really the new way to do it. It has, the only way it works, >> it is. And you know, you see kids doing it out there when they're playing Fortnite, right? They're collaborating in real time across networks, uh, to, you know, to play a game, right? You can imagine that same construct when it comes to cyber defense, right? >>There's no reason why one big company, a second big company in a small company can't work together to identify all the threats, see that common threat landscape, and then take action on it. Trusting one another to take down the pieces they have folk to focus on and ultimately winning the battle. There's no other way a single company is gonna be able defend itself against a huge decency that has virtually unlimited resources and virtually unlimited human capital. And you've got to come together, defend across multiple industries, uh, collectively and collaboratively. >> Do you mean, we talked about this last time and I want to revisit this and I think it's super important. I think it's the most important story that's not really being talked about in the industry. And that is that we were talking last time about the government protects businesses. If someone dropped troops on the ground in your neighborhood, the government would protect you digitally. >>That's not happening. So there's really no protection for businesses. Do they build their own militia? Do they build their own army? Who was going to, who's going to be their heat shield? So this is a big conversation and a big, it brings a question. The role of the government. We're going to need a digital air force. We're going to need a digital army, Navy, Navy seals. We need to have that force, and this has to be a policy issue, but in the short term, businesses and individuals are sitting out there being attacked by sophisticated mission-based teams of hackers and nation States, right? Either camouflaging or hiding, but attacking still. This is a huge issue. What's going on? Are people talking about this in D C well, >> John, look not enough. People are talking about it, right? And forget DC. We need to be talking about here, out here in the Silicon Valley with all these companies here at the RSA floor and bring up the things you're bringing up because this is a real problem we're facing as a nation. >>The Russians aren't coming after one company, one state. They're coming after our entire election infrastructure. They're coming after us as a nation. The Chinese maybe come after one company at a time, but their goal is to take our electoral properties, a nation, repurpose it back home. And when the economic game, right, the Iranians, the North Koreans, they're not focused on individual actors, but they are coming after individual actors. We can't defend against those things. One man, one woman, one company on an Island, one, one agency, one state. We've got to come together collectively, right? Work state with other States, right? If we can defend against the Russians, California might be really good at it. Rhode Island, small States can be real hard, defends against the Russians, but if California, Rhode Island come together, here's the threats. I see. Here's what it's. You see share information, that's great. Then we collaborate on the defense and work together. >>You take these threats, I'll take those threats and now we're working as a team, like you said earlier, like those kids do when they're playing fortnight and now we're changing the game. Now we're really fighting the real fight. >> You know, when I hear general Keith Alexander talking about his vision with iron net and what you guys are doing, I'm inspired because it's simply put, we have a mission to protect our nation, our people, and a good businesses, and he puts it into kind of military, military terms, but in reality, it's a simple concept. Yeah, we're being attacked, defend and attack back. Just basic stuff. But to make it work as the sharing. So I got to ask you, I'm first of all, I love the, I love what he has, his vision. I love what you guys are doing. How real are we? What's the progression? >>Where are we on the progress bar of that vision? Well, you know, a lot's changed to the last year and a half alone, right? The threats gotten a lot, a lot more real to everybody, right? Used to be the industry would say to us, yeah, we want to share with the government, but we want something back for, right. We want them to show us some signal to today. Industry is like, look, the Chinese are crushing us out there, right? We can beat them at a, at some level, but we really need the governor to go do its job too. So we'll give you the information we have on, on an anonymized basis. You do your thing. We're going to keep defending ourselves and if you can give us something back, that's great. So we've now stood up in real time of DHS. We're sharing with them huge amounts of data about what we're seeing across six of the top 10 energy companies, some of the biggest banks, some of the biggest healthcare companies in the country. >>Right? In real time with DHS and more to come on that more to come with other government agencies and more to come with some our partners across the globe, right? Partners like those in Japan, Singapore, Eastern Europe, right? Our allies in the middle East, they're all the four lenses threat. We can bring their better capability. They can help us see what's coming at us in the future because as those enemies out there testing the weapons in those local areas. I want to get your thoughts on the capital markets because obviously financing is critical and you're seeing successful venture capital formulas like forge point really specialized funds on cyber but not classic industry formation sectors. Like it's not just security industry are taking a much more broader view because there's a policy implication is that organizational behavior, this technology up and down the stack. So it's a much broad investment thesis. >>What's your view of that? Because as you do, you see that as a formula and if so, what is this new aperture or this new lens of investing to be successful in funding? Companies will look, it's really important what companies like forge point are doing. Venture capital funds, right? Don Dixon, Alberta Pez will land. They're really innovating here. They've created a largest cybersecurity focused fund. They just closed the recently in the world, right? And so they really focus on this industry. Partners like, Kleiner Perkins, Ted Schlein, Andrea are doing really great work in this area. Also really important capital formation, right? And let's not forget other funds. Ron Gula, right? The founder of tenable started his own fund out there in DC, in the DMV area. There's a lot of innovation happening this country and the funding on it's critical. Now look, the reality is the easy money's not going to be here forever, right? >>It's the question is what comes when that inevitable step back. We don't. Nobody likes to talk about it. I said the guy who who bets on the other side of the craps game in Vegas, right? You don't wanna be that guy, but let's be real. I mean that day will eventually come. And the question is how do you bring some of these things together, right? Bring these various pieces together to really create long term strategies, right? And that's I think what's really innovative about what Don and Alberto are doing is they're building portfolio companies across a range of areas to create sort of an end to end capability, right? Andrea is doing things like that. Ted's doing stuff like that. It's a, that's really innovation. The VC market, right? And we're seeing increased collaboration VC to PE. It's looking a lot more similar, right? And now we're seeing innovative vehicles like stacks that are taking some of these public sort of the reverse manner, right? >>There's a lot of interests. I've had to be there with Hank Thomas, the guys chief cyber wrenches. So a lot of really cool stuff going on in the financing world. Opportunities for young, smart entrepreneurs to really move out in this field and to do it now. And money's still silver. All that hasn't come as innovation on the capital market side, which is awesome. Let's talk about the ecosystem in every single market sector that I've been over, my 30 year career has been about a successful entrepreneurship check, capital two formation of partnerships. Okay. You're on the iron net, front lines here. As part of that ecosystem, how do you see the ecosystem formula developing? Is it the same kind of model? Is it a little bit different? What's your vision of the ecosystem? Look, I mean partnerships channel, it's critical to every cyber security company. You can't scale on your own. >>You've got to do it through others, right? I was at a CrowdStrike event the other day. 91% of the revenue comes from the channel. That's an amazing number. You think about that, right? It's you look at who we're trying to talk about partnering with. We're talking about some of the big cloud players. Amazon, Microsoft, right? Google, right on the, on the vendor side. Pardon me? Splunk crashes, so these big players, right? We want to build with them, right? We want to work with them because there's a story to tell here, right? When we were together, the AECOS through self is defendant stronger. There's no, there's no anonymity here, right? It's all we bring a specialty, you bring specialty, you work together, you run out and go get the go get the business and make companies safer. At the end of the day, it's all about protecting the ecosystem. What about the big cloud player? >>Cause he goes two big mega trends. Obviously cloud computing and scale, right? Multi-cloud on the horizon, hybrids, kind of the bridge between single public cloud and multi-cloud and then AI you've got the biggies are generally will be multiple generations of innovation and value creation. What's your vision on the impact of the big waves that are coming? Well, look, I mean cloud computing is a rate change the world right? Today you can deploy capability and have a supercomputer in your fingertips in in minutes, right? You can also secure that in minutes because you can update it in real time. As the machine is functioning, you have a problem, take it down, throw up a new virtual machine. These are amazing innovations that are creating more and more capability out there in industry. It's game changing. We're happy, we're glad to be part of that and we ought to be helping defend that new amazing ecosystem. >>Partnering with companies like Microsoft. They didn't AWS did, you know, you know, I'm really impressed with your technical acumen. You've got a good grasp of the industry, but also, uh, you have really strong on the societal impact policy formulation side of government and business. So I want to get your thoughts for the young kids out there that are going to school, trying to make sense of the chaos that's going on in the world, whether it's DC political theater or the tech theater, big tech and in general, all of the things with coronavirus, all this stuff going on. It's a, it's a pretty crazy time, but a lot of work has to start getting done that are new problems. Yeah. What is your advice as someone who's been through the multiple waves to the young kids who have to figure out what half fatigue, what problems are out there, what things can people get their arms around to work on, to specialize in? >>What's your, what's your thoughts and expertise on that? Well, John, thanks for the question. What I really like about that question is is we're talking about what the future looks like and here's what I think the future looks like. It's all about taking risks. Tell a lot of these young kids out there today, they're worried about how the world looks right? Will America still be strong? Can we, can we get through this hard time we're going through in DC with the world challenges and what I can say is this country has never been stronger. We may have our own troubles internally, but we are risk takers and we always win. No matter how hard it gets them out of how bad it gets, right? Risk taking a study that's building the American blood. It's our founders came here taking a risk, leaving Eagle to come here and we've succeeded the last 200 years. >>There is no question in my mind that trend will continue. So the young people out there, I don't know what the future has to hold. I don't know if the new tape I was going to be, but you're going to invent it. And if you don't take the risks, we're not succeed as a nation. And that's what I think is key. You know, most people worry that if they take too many risks, they might not succeed. Right? But the reality is most people you see around at this convention, they all took risks to be here. And even when they had trouble, they got up, they dust themselves off and they won. And I believe that everybody in this country, that's what's amazing about the station is we have this opportunity to, to try, if we fail to get up again and succeed. So fail fast, fail often, and crush it. >>You know, some of the best innovations have come from times where you had the cold war, you had, um, you had times where, you know, the hippie revolution spawn the computer. So you, so you have the culture of America, which is not about regulation and stunting growth. You had risk-taking, you had entrepreneurship, but yet enough freedom for business to operate, to solve new challenges, accurate. And to me the biggest imperative in my mind is this next generation has to solve a lot of those new questions. What side of the street is the self driving cars go on? I see bike lanes in San Francisco, more congestion, more more cry. All this stuff's going on. AI could be a great enabler for that. Cyber security, a direct threat to our country and global geopolitical landscape. These are big problems. State and local governments, they're not really tech savvy. They don't really have a lot ID. >>So what do they do? How do they serve their, their constituents? You know, look John, these are really important and hard questions, but we know what has made technology so successful in America? What's made it large, successful is the governor state out of the way, right? Industry and innovators have had a chance to work together and do stuff and change the world, right? You look at California, you know, one of the reasons California is so successful and Silicon Valley is so dynamic. You can move between jobs and we don't enforce non-compete agreements, right? Because you can switch jobs and you can go to that next higher value target, right? That shows the value of, you know, innovation, creating innovation. Now there's a real tendency to say, when we're faced with challenges, well, the government has to step in and solve that problem, right? The Silicon Valley and what California's done, what technology's done is a story about the government stayed out and let innovators innovate, and that's a real opportunity for this nation. >>We've got to keep on down that path, even when it seemed like the easier answer is, come on in DC, come on in Sacramento, fix this problem for us. We have demonstrated as a country that Americans and individual are good at solve these problems. We should allow them to do that and innovate. Yeah. One of my passions is to kind of use technology and media to end communities to get to the truth faster. A lot of, um, access to smart minds out there, but young minds, young minds, uh, old minds, young minds though. It's all there. You gotta get the data out and that's going to be a big thing. That's the, one of the things that's changing is the dark arts of smear campaigns. The story of Bloomberg today, Oracle reveals funding for dark money, group biting, big tech internet accountability projects. Um, and so the classic astroturfing get the Jedi contract, Google WASU with Java. >>So articles in the middle of all this, but using them as an illustrative point. The lawyers seem to be running the kingdom right now. I know you're an attorney, so I'm recovering, recovering. I don't want to be offensive, but entrepreneurship cannot be stifled by regulation. Sarbanes Oxley slowed down a lot of the IPO shifts to the latest stage capital. So regulation, nest and every good thing. But also there's some of these little tactics out in the shadows are going to be revealed. What's the new way to get this straightened out in your mind? We'll look, in my view, the best solution for problematic speech or pragmatic people is more speech, right? Let's shine a light on it, right? If there are people doing shady stuff, let's talk about it's an outfit. Let's have it out in the open. Let's fight it out. At the end of the day, what America's really about is smart ideas. >>Winning. It's a, let's get the ideas out there. You know, we spent a lot of time, right now we're under attack by the Russians when it comes to our elections, right? We spent a lot of time harping at one another, one party versus another party. The president versus that person. This person who tells committee for zap person who tells committee. It's crazy when the real threat is from the outside. We need to get past all that noise, right? And really get to the next thing which is we're fighting a foreign entity on this front. We need to face that enemy down and stop killing each other with this nonsense and turn the lights on. I'm a big believer of if something can be exposed, you can talk about it. Why is it happening exactly right. This consequences with that reputation, et cetera. You got it. >>Thanks for coming on the queue. Really appreciate your insight. Um, I want to just ask you one final question cause you look at, look at the industry right now. What is the most important story that people are talking about and what is the most important story that people should be talking about? Yeah. Well look, I think the one story that's out there a lot, right, is what's going on in our politics, what's going on in our elections. Um, you know, Chris Krebs at DHS has been out here this week talking a lot about the threat that our elections face and the importance about States working with one another and States working with the federal government to defend the nation when it comes to these elections in November. Right? We need to get ahead of that. Right? The reality is it's been four years since 2016 we need to do more. That's a key issue going forward. What are the Iranians North Koreans think about next? They haven't hit us recently. We know what's coming. We got to get ahead of that. I'm going to come again at a nation, depending on staff threat to your meal. Great to have you on the QSO is great insight. Thanks for coming on sharing your perspective. I'm John furrier here at RSA in San Francisco for the cube coverage. Thanks for watching.