>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation. Hi, >>I'm stupid, man. And welcome to another cube conversation. I'm here in our Boston area studio. And of course, the intersection of networking and security has always been a hot topic. Even Mawr, if you look at it in 2020 everybody working from home their stresses and strains and a lot more changes than usual for what corporate I t has to deal with. Happy to welcome to the program. Tom Bonkowski. Hey, is the director of product marketing with Net Scout. We're gonna get into some of those topics. Um or Tom, thanks so much for joining us. Welcome. Alright. Eso you came to Donetsk out by way of the Arbor Networks acquisition. Ah, few years ago when I want to give our audience just a little bit about your background, what your team works on and we're gonna be talking about the the edge defense. A solution Said >>Sure. Yes, I I've been with Arbor Networks for over 10 years. I've been the director of product marketing for the DDOS line of products during that time and when we came over to Netsch e still have kind of continue that role. So I'm basically responsible for anything that you know to do with the Arbor Adidas Solutions. We have solutions for the service Friars of the world, large enterprises in the world. >>Yeah, maybe it would help if you just refresh our audience so, you know, generally out in the marketplace. You know d das? It's, you know, attacks on the internet. If I if I was, you know, a big provider technology. It's like, Hey, why can't I get to that website? Oh, they had a DDOS attack that hit them. But you know when when it comes to the enterprise you talked about about service brighter also, you know, when is this hitting them? You know, who are the ones causing this kind of thing? It just kind of give our audience a little bit of level. Said if you would in 2020. >>Oh, yeah. I mean, you know, Adidas attacks have been around for over 20 years. This isn't anything new, as you know, um, but the reality is is as that these attacks have been getting bigger. We're getting more frequent. They're getting more complex. Um, and like I said before, I've been here for over 10 years, and I feel like I say that every single year, but it is absolutely true. Um, and you know, the service Fridays of the world Bear the brunt of this. This problem, they're the ones taking on these large attacks. They're the ones trying to stop it not only to protect their own infrastructure, but also potentially the target, which could or could not be one of their customers. There's a lot of collateral damage associated with the details attacks, especially from a service buyer's perspective, because it impacts everything running on their backbone or in their whatever facility that this attack is flowing through. And then, obviously, you have potentially the target of these attacks, which could be any enterprise, any large government, whatever its very indiscriminate, uh, anyone could be a potential target on br. All >>right. And for for the enterprises themselves, you know, how are they making sure that they are protecting their perimeter? Where does Netsch out? You know, fit in tow, helping protect them against the sort of malicious >>attack. Yeah. So when When it comes to protecting your perimeter in particular. Let's let's talk about where we are today in this whole cove in 19 Pandemic. Um, a zoo. We all know this. This caused a massive work slash. Uh, you know, learn from home scenarios never seen before. And you know the quote. New perimeter is everyone who was once inside the organization now home coming back in, right. And, you know, the the Internet inbound Internet circuit, the firewall, the VPN, gateway, the load master all now coming from the opposite direction that maybe they were utilized in the past. Um, it is really the new perimeter, and it is has become very crucial to maintain business continuity, especially in this time. But as we'll talk about it also has become very vulnerable to to DDOs attacks in particular. And, you know, one of the areas that we'll talk about it is how one particular piece of that infrastructure, the VPN gateway, is actually become not only one of the most critical pieces in that chain of communication, but also one of the most vulnerable pieces to simply because it was never anticipated that this many users would would utilize that VPN gateway, and it was never designed for that on. Therefore, it's running at, you know, high or near capacity or at capacity, and it and it could be toppled over pretty easily with fairly small DDOS attacks. We'll get into that a little bit later. Yeah, >>absolutely, Tom. So I've had so many conversations over the last few months about, you know, the ripple effects of what? Work from home. Or, you know, if we think about however things play out in the next few months, it really will be almost work from anywhere. Um, is what will happen on Dwell. Everyone is working at home. That doesn't mean that some of those bad actors out there have gone away. In fact, you know, every company I talked to that's involved with security has seen way need to raise our capabilities and often are getting mawr attacks out there. What have you been seeing out there in the marketplace? You know, how have things been so far in 2020 when it when it comes, toe your space? >>Yeah, I know the same thing. So I'm gonna put up a chart here. And this is a chart which shows, uh DDOs attacks during the first, um, of six months of 2000 and 20 and this data comes from what we call our cyber threat horizon. This is This is a free online portal that anyone could access and see this information if they wish, But it's fueled by the deployment of our products all over the world. So our our DDOS protection products are utilized by a majority of the world's Internet service fighters. And from that deployment, they send this information about DDOS attack activity like, you know, the size of attack. Who is being tacked? Who was being attacked? Where is it coming from? The protocols or vector is being used, etcetera. So we we gather this information on a daily basis presented in this portal. So what this represents is the first six months of 2000 and 20 and as you can see, there's been over 4.8 million attacks thus far in 2000 and 20. That's about 15% higher than last year at the same exact time period. But if you look at the chart a little bit closer, we snapped the line at February, sort of the start of the global pandemic and the lock down periods, if you will and what you can see February, March, April May as it is an uptick in the number of DDOS attacks almost up to 36% in in May. Eso all this is happening during the time of this lock down, right? All this is happening where organizations are struggling to maintain a new a new normal. If you are this. But this is continuity, right? Eso what you represented before you said before that organizations are still struggling with cyber attacks. In fact, probably more is exactly what's happened to in the DDOS realm. And then finally like if you look at June, you see this little drop off there and you know, here everyone talking about the new normal, the new normal is not the new normal. Possibly. It's still too soon to tell. I think we'll wait for another couple of months here. But the bottom line is that during the midst of all this, as organizations trying to maintain some level of this canoe, they're also being faced with cyber threats like Adidas attacks to like they've never seen before. So amazing challenge that that folks have faced out there. >>Yeah, Tom, there's a few spaces in the marketplace that were already very important, you know, really top of mind from the business. I think about automation security being to the ones that come up most often. And when I talked to the participant in the space they like, I thought I was busy in 2019 and had ah lot playing for 2020 and oh, my gosh. I had no idea what 2020 was really going to bring. So that that data that you showed, you know, you're talking about millions of attacks, and you know that that increase, they're putting a focus on it. Even mawr here. So ah, lot of work for people to be done. So but bring us inside a little bit. Uh, you know how Net Scout, How are you helping customers? What invite you have for them, You know, how do we make sure that we can curb, You know, the the the impact of these attacks? Which is that in the millions? >>Sure. So let's go back to that. That inbound infrastructure now, right? Where everyone working from home, coming into the in down router hitting a firewall and but more likely, hitting a VPN gateway of some sort. That's what's allowing them to get access into these internal resource. Is that VPN? Gateway? As I mentioned before, uh, has been crucial during this time, but it also has been very susceptible to denounce attacks that VPN gateways a zwelling that firewall these air. You know what was referred to a state ful devices? They have to track TCP state in order to work properly? Well, there are three types of DDOS attacks, if you will, to make things simple. One is the volumetric attack, which people normally think of as a DDOS attack. It is designed to saturate that that inbound circuit that that Internet facing router interface, right? Um, and then their application layer taxis. They're very small, stealthy attacks. They're going after specific application servers. They're trying to bleed off. Resource is there. And then there's an attack called state exhaustion attacks these air, specifically designed to go after stay full devices like firewalls or, in today's world, the VPN gateway, and it doesn't take much. It takes a small 100 megabit per second attack lasting for 5 10 minutes to potentially fill the state tables in some of these VPN gateways, especially in light of the fact that they weren't prepared or designed to take on all the legitimate users right there coming in as a result of the pandemic. So the key to stopping these sorts of attacks the state full attacks and protecting at VPN Gateway is to put something on premise that iss stateless, meaning it has the ability to inspect packets using stateless packet processing technology. And we have such products are our product, which we call the Arbor edge defense eyes designed to stop all types of attacks. But in this in this particular environment, uh, it is our excels at stopping state exhaustion attacks, and you deploy it just inside the Internet router and in front of the VPN gateway or that firewall there, it could pick off short lived state exhaustion attacks and protect the availability of the VPN, gateway and firewall. Now, if you're relying upon which rating organizations do relying upon a cloud based data protection service, which we have to we have something called Arbor Cloud. Uh, it may not be able to stop those attacks in time, So you're running a little risk by relying on more traditional cloud based protection services. That's why you need this product Arbor Edge defense on premise, because it will react instantaneously and protect that VPN gateway from going on and maintain that business continuity for you. >>You know, Tom, when I think about that that footprint that you have in a customer's environment, you know, in addition to the D DOS services, it would seem like that Ah, prime opportunity that that there's other services and applications that could be run there. Is that the case with with your your solution to >>Well, if I understand what you mean by the services, well, we have the ability Thio conducted fully managed services that Are you going with that? >>Yeah, I e think Think that Yeah, that z one of right. Understand how how that service works. Yes. >>So? So the our bridge defense, um, is a system that once you have it configured, you design it for protecting sort of the interior services like the protective VPN gateway firewalls. Any other application running internal in the event of a large attack that we've been talking that will fill that Internet pipe, It has a feature called Cloud Signaling, where it will intelligently call for help upstream to either in Arbor Cloud service. This is a fully managed details protection service. We have global scrubbing centers, uh, and or call your I S P, who may you may be getting your data protection service from already. So it has the ability to link the on premise with the with the cloud based protection. And this hybrid approach to protection is absolutely industry best practice. This is this is how you protect yourself from the multiple vector DDOs attacks, as we mentioned previously. Now, if you're an organization that maybe doesn't have enough experience, uh doesn't want to deal with the on Prem our bridge defense. You know, we have you covered there, too. We have the ability to manage that that scenario or that device for you. We have to manage the ability to manage not only the arbor edge of the fence, but they also integration in the arbor cloud. So that whole hybrid scenario that we're talking about could be fully managed by, um, you know, by our folks who do this every single day 24 7. >>Yeah, it's any breakdown. Is thio your customers as toe. You know, when they choose that that that fully managed solution versus on Prem recommendation we've had for a long time is you wanna have your i t focused on things that have differentiation in your environment and seems like a natural thing that, you know, your team has the expertise. Eso What is that decision point as to whether they do it themselves or go with the manage solution? >>I think it really just has to do with the culture and the experience of the company. Really, What we're seeing is some of the smaller organizations that, you know, you have smaller teams, right? That wear multiple hats. They just cannot stay abreast of the latest threats. Indeed, us A. Z I mentioned before these things were getting more and more complex. So I think they're they're coming to the conclusion that all right, this is something that I can't do my by myself anyway for the large attacks. I need a cloud based service, part of some sort. I need someone to help me there anyway. So why don't they just handled the whole thing? Why don't they just handle the on premise component and in the cloud based component of this and make sure that it's running is officially as possible. But you know, even that said, it's not just the smaller org's. We're seeing larger organs do it, too, just to push things off their plates. Let's let's leave Dido's to the experts again because I can't do about myself. Anyway. >>Tom, I I saw a video. I think it was you that did actually talking about how our bridge defense is the first and last defense. When, when, when it comes to DDOS may explain that a little bit or audience. >>Yeah, So our tagline for the product is first and last line of defense. The first lines which we've been talking about all along here, is the ability to stop the inbound DDOS attacks. Now it also acts as the last line of defense, too. So, as we were alluding to before, you know, all you here during this time of the pandemic is watch out for you know, Kobe 19 related ransomware and things like that, right? Um, because the Arbit edge defense, it's just inside the rotter and outside that for a while, it is literally the last component in that cybersecurity change before the let's look from the outbound perspective packets, leaving the enterprising going out to the Internet. It is the last piece of product in that security chain, right, for it leaves the Internet. The arbor edge of the fence has the ability to consume threat intelligence not only from our own atlas system, which we spoke about earlier about third parties to via sticks and taxi. It has the ability to consume threat intelligence. And they're sitting on that. That last piece of you know, the security pipe, if you will or chain it has the ability to intercept. Uh, indicators of compromise have come from internal compromise devices that have made it through the entire security chain. Outgoing. Reach outside the farewell. Now it's one last one last line of defense, if you will, that has ability to recognize and stop that internal indicator compromise. And this is going to help stop the proliferation of malware that, and ultimately avoid that data breach that everyone is fearful. So it has a dual role. It could protect you from inbound DDOS attacks and Uncle also gonna as his last line defense stopping the proliferation this now where we're talking about? Yeah. Great, >>Tom. That actually refers I was curious about you know what other things your your your device did. And you know, there's the intelligence baked into their toe have kind of a multipurpose when you're in that environment. All right, Tom, I want to give you the last word here. You know, cos today they often need to react very fast to be able to deal with, you know, the changing dynamics of their business. You know, spinning up resource is everybody, you know, working from home. And like so, you know, what final advice do you have for them And, you know, give us the final >>word? Yeah. You know, during this time, president times, You know, we all unfortunately thought to me remain very vigilant when it comes to protecting our organization from cyberattacks. One of the one of the areas that seems to get overlooked as eyes DDOs protection. Right? Everyone is focused on malware and things like that, but don't overlook DDOs attacks. These things were happening on a daily basis, as I showed you over almost five million so far this year. Uh, it is an absolute part. Maintain the availability of your organization. It's part of the security Triad, as we know. And, you know, it's it's really their thio, you know? Do you disrupt your business continuity if you are getting hit, So don't overlook your and don't under underestimate your videos protection. All >>right, Well, Tom Bonkowski, thank you so much for the update and, uh, appreciate everything you shared. >>Welcome. All >>right. Be sure to check out the cube dot net for lots more coverage from the Cube. I'm still madman. Thanks for watching.

>>from around the globe. It's the Cube with digital coverage of next level network experience event brought to >>you by info blocks. Okay, welcome back, everyone. This is the Cube's coverage of the next level networking experience. Virtual event within four blocks. I'm John Furrow, your host of the Cube. We're here in our Palo Alto, Calif. Studios as part of our remote access during Covic, getting the interviews and the stories and sharing that with you. We got a great guest here, then savages the network operations manager at Morgan School District in Utah. A customer of info blocks to share a story. Then thanks for coming on. >>Thanks for having >>me. First of all, the Red Sox had a plus interview. I would say right now is gonna go great. Go Sox. Which baseball was in season. Great to have you on. Um, >>we'll get there. We'll >>get there. Um, my Yankee fans say when I say that. But anyway, Miss baseball, um, you know. But that brings up covert 19 baseball season sports. Life has been impacted. Your district. Like many school districts around the world, we're told to shut down, send workers home. That meant sending kids home, too. So we got the educators, get the administration, and you've got the kids all going home. >>Yeah. >>What did you do to keep things going? Because then stop. They had to do the remote learning and new things were emerging. New patterns, new traffic, new kinds of experiences. What did you learn? What's going on? >>Well, first we tried to lock the doors and pretend we weren't there, but they found us. Um, really? I mean, real quickly in our school district, we're not a 1 to 1 operation, so the, uh that caused a big change for us. Um, we had to quickly adapt. And we chose to use chromebooks because that's what we have for the students to use in their classes. So getting that, uh, squared away and send out into the family's was was a big challenge. But then on top of that being the school district, we then had to decide. Okay, how do we protect and filter provide the filtering that the students are gonna need even though they're at home? So there's some relative safety there when they're online and and accessing your email and things like that. So those were. Our two are probably our two. Biggest hurdles was, you know, ramping up the devices and then and then providing, making sure, you know, the network access from a filtering and consistency standpoint was going to work. >>You know, I got to ask you because I see this kind of disruption you don't You don't read about this in the i t. Manual around disaster recovery and, you know, disruption to operations. But essentially, the whole thing changes, but you still got to connect to the network, DNS. You gotta get the access to the content. You got content, you get systems. You got security all to be managed while in flight of dealing with connection points that remote. So you've got the disruption and the craziness of that, and then you've got this big I o t experiment basically edge of the network, you know, in all over the place. You know, on one hand, you kind of geek out and say, Wow, this is really kind of a challenge is an opportunity to solve the problem at the same time, you know, What do you do? So take us through that because that's a is a challenge of locking down the security in a borderless environment. People are everywhere. The students business has to get done. You got to resolve to. The resource is >>so thankfully, we had migrated If it blocks several years ago. Um and just this last, I would say in October, I finally got us on. Ah, cloud the blocks. One threat defense Cloud portion of it too. So from a security standpoint, we already had a really good, um foundation in place from both the DNs aspect and the DNS security aspect. Um so that was to be honest, most users. It was seamless transition. In many regards, both users didn't even realize they were being, You know, pushed through the info blocks is cloud DNs server, you know, which was providing security and filtering. So that was a big plus for us because it it was less man hours. We had to spend troubleshooting people's DNS resolutions. Why sites Wouldn't you know? Maybe they weren't being filtered correctly. All that was was to be honest, perfect. Where other platforms we had previously were just a nightmare to manage, >>like, for example, of the old way versus the new way here and marital, is it? What files configuration will take us through? What? You >>know, it was like a separate. It was a separate product content filter that works in conjunction with the firewall. Um, and I'm not going to name the company's name. I don't want, you know, even though many company but it seemed with that product we were spending, on average about 3 to 4 hours a day fixing false positives just from a filtering aspect because it would interfere with the DNS. And it does. It didn't really do it. I mean, how it filters is not based on DNS. Totally right. So by migrating temple blocks are DNS and the filtering the security is all handling at the DNs level. And it was just much more, um, to be I mean, frankly, honestly, is much more invisible to the end user. So >>more efficient. You decouple filtering from DNs resolution. Got it. All right, this is the big topic. I've been talking with info blocks people on this program in this event is on how this new d d I layer DNs d XP and I p address management kind of altogether super important. It's critical infrastructure Yeah. No spoilers, Enterprise. You're borderless institution. Same thing you go to school as a customer. How does the d I lay out this foundational security play for delivering this next level experience? What's your take on that? >>Well, for our like, for a school platform, we we use it in a number of ways. Besides, I mean, the filtering is huge, but just for the ability, like, for example, one of the components is is response policy zones or DNS firewalls what they call it, and that allows you one to manage, um, traditional, like DNS names, right? P addresses you can. You can manage those by creating essentially a zone that is like a white list of blacklist rewrite. So you've got a lot of control, and again it's filtering at the DNs level, so it's looking based on DNS responses inquiry. The other aspect of that is, is the feeds that you receive from info blocks. So by subscribing to those, we, um we have access to a lot of information that info Blocks and their partners have created identifying, you know, bad actors, malware attack vectors based on again DNs, uh, traffic, if you will, and so that takes a load office. Not having to worry. I'm trying to do all that on our own. I mean, we've seen a lot of attacks minimized because of the feeds themselves. So that again frees us up. We're a very small school district. In some regards, there's a I am the only network person in the district, and there's like, a total of four of us that manage, you know, kind of the support aspect. And so, being able to not have to spend time researching or tracking down, you know, breaches and attacks as much because of the DNS. Security frees me up to do other things, you know, like in the more standard networking realm, from a design and implementation. >>Great. Thanks for sharing that. I want to ask about security as a very competitive space security here and everyone promising it different things at different security things. You know, by I gotta ask you, why did you guys decide to use info blocks and what's the reason behind it? >>Well, to be frankly honest, I'm actually in info blocks trainer and I've been training for 15 years, so I kind of had an agenda when I first took this job to help out the school district. In my experience, I've been doing working in networking for over 20 years. And in my experience, I ever boxes one of the most easy and in best managed DNS solutions that I've come across. So, um, you know, I might be a little biased, but I'm okay with that. And so I I pushed us to be honest, to get there and then from the security aspect has all that has evolved. It just makes to me it makes sense. Why not wrap the more things you can maybe wrapped together. And so you know, when you're talking about attacks, over 90% of attacks use DNS. So if I have a solution that is already providing my DNS and then wraps the security into it, it just makes the most sense for me. >>Yeah. I mean, go back. The info box is DNA. You got cricket. Liu Stuart Bailey, the founder, was this is zero. This didn't just wake up one day and decided to start up these air practitioners early days of the Internet. They know DNS cold and DNS is we've been evolved. I mean, and when it needs that when you get into the DNS. Hacks and then you realize Okay, let's build an abstraction layer. You've seen Internet navigation discovery, all the stuff that's been proven. It is a critical infrastructure. >>Well, and to be honest, it's It's one of those services that you can't can't filter the firewall right. You have to have it. You have to. It's that foundation layer. And so it makes sense that Attackers air leveraging it because the fire will has to let it through in and out. And so it's a natural, almost a natural path for them to break in. So having something that speaks native DNS as part of your security platform makes more sense because it it can understand and see those attacks, the more sophisticated they become as well. >>So I gotta ask you, since you're very familiar info blocks and you're actually deploying its great solution. But I got this new DD I Layer, which is an abstraction, is always a great evolution. Take away complexity and more functionality. Cloud certainly cloud natives everywhere. That's but if it's for what is the update, if if I'm watching this month, you know I've been running DNS and I know it's out there. It's been running everything. And I got a update, my foundation of my business. I got to make my DNS rock solid. What's the new update? What's info blocks doing now? I know they got DNS chops seeing that on it. What's new about info blocks? What do you say? >>Well, it's, you know, they have a couple things that they've been trying to modify over the last several years. In my opinion, making more DNS like a you know, like software as a service, you know, service on demand, type of approach. That's a yes. So you have the cloud components to where you can take a lot of the heavy lifting, maybe off of your network team's shoulders. Because it is, it is. Um, I think people will be surprised how many customers out there. I have, ah, teams that are managing the DNS and even the D HCP aspect that that's not really what their experiences and then they don't They don't have, ah, true, maybe background Indians, and so having something that can help make that easier. It's almost, you know, hey, maybe used this term it almost sounds like it's too simple, but it's almost like a plug and play approached for some. For some environments, you know you're able to pop that in, and a lot of probably the problems they've been dealing with and not realizing what the root cause was will be fixed. So that's always a huge component with with info blocks. But their security is really what's come about in the last several years, Um, and and back as a school district, you know, our besides securing traffic, which every customer has to do, um, we have our you know, we're We have a lot of laws and regulations around filtering with with students and teachers. So anyone that's using a campus own device And so for us this I don't think people realized that the maturity that the filtering aspect of the blocks one defence now it's it's really evolved over the last couple of years. It's become a really, really good product and, like I said earlier, just work seamlessly with the data security. So it is going to be using >>an SD Wan unpacked everything. You go regular root level DNs is it? So I gotta ask you. How is the info blocks helping you keep network services running in system secure? >>Well, I think I think we're more on just the DNs d It does R d eight DNS and DCP. So from that standpoint, you know, in the five years almost we've been running that aspect. We have had very little if if maybe one or two incidents of problems with, you know from a DNS TCP so so are our users are able to connect, you know, when they turn on their computer To them, the Internet's up. You know, there's no there's no bumps in the road stopping them from from being able to connect. So that's a huge thing. You know, you don't have to deal with those Those constant issues again is a small team that just takes time away from the big projects. You're trying to, um, and then to the being able to now combine things. Security filtering solution. Uh, that alone has probably saved us. Oh, we'll probably you know, upwards of 500 man hours in the last eight months. So where normally we would be spending those hours again, troubleshooting issues that false positives, things like that. And there's a small team that just sucks the life out of you when you have to. You always spend time on that. >>I mean, you always chasing your tails. Almost. You want to be productive. Automation plays >>a >>key role in that, >>right? Yeah. >>So I got to ask you, you know, just a general question. I'm curious. You know, one of the things I see is sprawling of devices. WiFi was a great example that put an access point up a rogue access point, you know, as you get more connections. De HCP was amazing about this is awesome. But also, you had also de HCP problem. You got the the key Management is not just around slinging more d HDP around. So you got the trend? Is more connections on the eyepiece? Not how does info blocks make that easier? Because for people who may not know, the DNS ends announcing TCP and IP address management. They're all kind of tied together. Right? So this >>is the >>magic of DD I in my head. I want to get your thoughts on how you see that. Evolving. >>Yeah, I think that's another kind of back twice. It's kind of almost like a plug and play for a lot of customer environments. They're getting, you know, you're getting the DSP, DNs and eye Pam all wrapped in once you have this product that speaks, well, those languages, if you will and that And, um along with some of the reporting services and things of that nature. Um, when I look for, like, a Mac address in my influx database, I'm not just going to get ah, Mac address and what the i p addresses. I'm not just going to get the DNs like the host name. Maybe you know, the beauty and fully qualified domain name. Either I have the ability to bring in all this information that one. The client is communicating with the DCP DNS server on top of things like metadata that you can configure in the database to help really color in the picture of your network. So when you're looking at what device is using this I p when we talk about rogue devices or things like that, uh, I can get so much more information out of info blocks that almost almost to the point where you're almost being able to nail down the location of where the devices that even if it's a wireless client because it works in conjunction with some of our wireless appointments, too. So within, you know, a matter of minutes we have almost all the information we would need to take whatever action is appropriate for something like that, that getting used to take us hours and hours to troubleshoot. >>Appreciate a lot of the other interviews I've done with the info blocks, folks. One of the things that came out of them is the trailing. You can see the trail they're getting. They got to get in somewhere. DNS is the footprints of there you got? That's the traffic, and that's been helping on a potential attacks in D DOS is, for example, no one knows what that is, but DNS is what he said. A lot of the surface areas, DNS. With the hackers are makes it easier to find things. >>Well, you know, by integrating with the cloud I've I've got, you know, that the cloud based with the blocks one, it added a advanced DNS security, which helps protect skins Adidas as well as any cast to help provide more availability because I'm pushing on my DNs traffic through those cloud servers. It's like I've I'm almost equivalent of a very large organization that would normally spend millions of millions of dollars trying to do this on their own. So I'm getting the benefits and kind of the equivalent from that cloud hybrid approach that normally we would never have have. The resource is, >>Well, then I really appreciate you taking the time out of your busy day to remote into the Cube studios. Talk about next level networking experience, so I want to just ask you, just put your experience hat on. You've been You've seen some waves. You've seen the technology evolve when you hear next level networking and when you hear next level networking experience almost two separate meetings. But next level networking means next level. Next level networking experience means is some experience behind it. One of those two phrases mean to you next level networking and next level networking experience. >>Well, to me, I always look at it as the evolution of being able to have a user experience that's consistent no matter where you're located, with your home in your office and special with in today's environment. We have to be able to provide that consistent experience. But what I think what a lot of people may not think about or my overlook if you're just, you know, more of an end user is along with that experience, it has to be a consistent excess security approach. So if I'm an end user, um, I should be able to have the access the, um and the security, which, you know, you know, filtering all that fun stuff to not just allow me the connectivity, but to bring me, you know, that to keep the secure wherever I met. And ah, um, I think schools, you know, obviously with code and in the one the one that everyone was forced to do. But I think businesses And generally I think that's, you know, years ago, Cisco when I worked with Cisco, we talked about, you know, the remote user of the mobile user and how Cisco is kind of leading, uh, the way on that. And I think, you know, with the nature of things like this pandemic, I think being able to have your your users again have that consistent experience, no matter where they're at is going to be key. And so that's how I see when I think of the network evolution, I think that's how it it has to go. >>Well, we appreciate your your time sharing your insights Has a lot of a lot of people are learning that you've got to pour the concrete to build the building. DNS becoming kind of critical infrastructure. But final question for you. I got you here, you know? How you doing? Actually, schools looks like they're gonna have some either fully virtual for the next semester or some sort of time or set schedule. There's all kinds of different approaches. This is the end of the day. It's still is this big i o t experiment from a traffic standpoint. So new expectations create new solutions. What do you see on the horizon? What challenges do you see as you ride this way? Because you've got a hold down the fort, their school district for 3000 students. And you got the administration and the faculty. So you know What are you expecting? And what do you hope to see Evolve Or what do you want to stay away from? What's your opinion? >>I think? I think my my biggest concern is, you know, making sure our like, our students and staff don't, uh, you know, run into trouble on by say that more from, you know, you know, by being, you know, being exposed to attacks, you know, their data with Delta becomes, you know, comes back to our data as a district. But, you know, the student data, I think I think, you know, with anything kids are very vulnerable. Ah, very role, vulnerable targets for many reasons. You know, they're quick to use technology that quick to use, like social media, things like that. But they're they're probably the first ones to do security Does not, you know, across their mind. So I think my big my big concern is as we're moving this, you know, hybrid, hybrid approach where kids can be in school where they're going to be at home. Maybe they'll change from the days of the week. It'll fluctuate, uh, keeping them secure, you know, protecting them from themselves. Maybe in a way, if I have to be the guy is kind of the grumpy old dad it looked at. I'm okay with wearing that hat. I think that's my biggest. Our concern is providing that type of, uh, stability and security. So parents at the end of that could be, you know, I have more peace of mind that their kids you know, our online even more. It's great >>that you can bring that experience because, you know, new new environments, like whether it zooming or using, try and get the different software tools that are out there that were built for on premise premises. You have now potentially a click here. Click there. They could be a target. So, you know, being safe and getting the job done to make sure they have up time. So the remote access it again. If you've got a new edge now, right? So the edge of the network is the home. Exactly. Yeah. Your service area just got bigger. >>Yeah. Yeah, we're in. You know, I'm everybody's guest, whether they like it or not. >>I appreciate that. Appreciate your time and good luck. And let's stay in touch. Thanks for your time. >>Hey, thanks for having me. You guys have a good rest of your weekend? Day two. State State. >>Thank you very much. It's the Cube's coverage with info blocks for a special next level networking experience. Pop up event. I'm John for the Cube. Your host. Thanks for watching. Yeah, yeah, yeah.

>>live from San Francisco. It's the queue covering our essay conference 2020 San Francisco Brought to you by Silicon Angle Media >>Hey, welcome back here. Ready? Jeff Frick here with the Cube. We're in our 2020 the biggest security conference in the country, if not the world. I guess there's got to be 50,000 people. We'll get the official word tomorrow. It's our sixth year here and we're excited to be back. I'm not sure why. It's 2020. We're supposed to know everything at this point in time with the benefit on inside. We got two people that do. You know a lot. We're excited to have him. My left is Chris Bets is the SVP and chief security officer for Centurylink. Chris, Great to see you. And to his left is Chris Smith, VP Global security Services for Centurylink. Welcome. >>Thank you for having me. >>Absolutely. You guys just flew into town >>just for the conference's great To be here is always a really exciting space with just a ton of new technology coming out. >>So let's just jump into it. What I think is the most interesting and challenging part of this particular show we go to a lot of shows you 100 shows a year. I don't know that there's one that's got kind of the breadth and depth of vendors from the really, really big the really, really small that you have here. And, you know, with the expansion of Moscone, either even packing more women underneath Howard Street, what advice do you give to people who are coming here for the first time? Especially on more than the buyer side as to how do you navigate this place >>when I when I come here and see So I'm always looking at what the new technologies are. But honestly, having a new technology is not good enough. Attackers are coming up with new attacks all the time. The big trick for me is understanding how they integrate into my other solutions. So I'm not so I'm not just focused on the technology. I'm focused on how they all fit together. And so the vendors that have solutions that fit together that really makes a difference in my book. So I'm looking for for products that are designed to work with each other, not just separate >>from a practice standpoint. The theme of IRA say this year is the human element, and for us, if you look at this floor, it's overwhelming. And if you're a CSO of an average enterprise, it's hard to figure out what you need to buy and how to build a practice with all of the emerging tools. So for us core to our practice, I think any mature, 30 security practices having a pro services capability and consulting capability that can be solved this all together, that helps you understand what to buy, what things to piece together and how to make it all work >>right. And it's funny, the human element that is the kind of the global theme. And what's funny is for all the technology it sounds like. Still, the easiest way in is through the person, whether it's a phishing attack or there's a myriad of ways that people are getting him to the human. So that's kind of a special challenge or trying to use technology to help people do a better job. At the end of the day, sometimes you're squishy ISS or easier access point is not a piece of technology, but it's actually a person. It's >>often because We asked people to do the wrong things. We're having them. Focus on security steps. Use email. Security is an easy to grasp example way all go through training every year to teach folks how to make sure that they avoid clicking on the wrong emails for us more often than a year. So the downside of that is arresting people to take a step away from their job and try to figure out how to protect themselves. And is this a bad emails that are really focusing on the job? So that's why it's so important to me to make sure that we've got solutions that help make the human better and frankly, even worse in security. We don't have the staff that we need. And so how do we help Make sure that the right tools are there, that they work together. They automate because asking everybody to take those steps, it's just it's a recipe for disaster because people are going to make mistakes >>right? Let's go a little deeper into the email thing. A friend of mines and commercial real estate, and he was describing an email that he got from his banker describing a wire transfer from one of his suppliers that he has a regular, ongoing making relationship with. You know, it's not the bad pronunciation and bad grammar and kind of the things that used to jump out is an obvious. But he said it was super good to the point where thankfully, you know, it was just this time. But, you know, he called the banker like, did you just send me this thing? So you know where this as the sophistication of the bad guys goes up specifically targeting people, how do you try to keep up with how do you give them the tools to know Woe versus being efficient? I'm trying to get my job done. >>Yeah, for me, it starts with technology. That takes a look. We've only got so many security practitioners in the company. Actually. Defend your email example. We've got to defend every user from those kinds of problems. And so how do I find technology solutions that help take the load off security practitioners so they can focus on the niche examples that really, really well crafted emails and help take that load off user? Because users just not gonna be able to handle that right? It's not fair to ask them. And like you said, it was just poorly time that helped attack. So how do we help? Make sure that we're taking that technology load off, identify the threats in advance and protect them. And so I think one of the biggest things that Chris and I talk a lot about is how to our solutions help make it easier for people to secure themselves instead of just providing only technology technology advantage, >>our strategy for the portfolio and it sort of tied to the complexity. CN This floor is simplicity. So from our perspective, our goal is a network service provider is to deliver threat free traffic to our customers even before it gets to the human being. And we've got an announcement that we launched just a week ago in advance of the show called Rapid Threat Defense. And the idea is to take our mature threat Intel practice that Chris has a team of folks focused on that. We branded black Lotus labs and Way built a machine learning practice that takes all the bad things that we see out in the network and protects customers before it gets to their people. >>So that's an interesting take. You have the benefit of seeing a lot of network traffic from a lot of customers and not just the stuff that's coming into my building. So you get a much more aggregated approach, so tell us a little bit more about that. And what is the Black Lotus Labs doing? And I'm also curious from an industry point of view, you know, it's just a collaboration with the industry cause you guys are doing a lot of traffic. There's other big network providers carrying a lot of traffic. How well do you kind of work together when you identify some nasty new things that you're doing the horizon? And where do you draw the line between better together versus still independent environment? >>When we're talking about making the Internet safer, it's not really to me a lot about competitive environment. It's really about better together. That's one of things I love about the security community. I'm sure you see it every year when you're here. You're talking security practitioners how across every industry security folks work together to accomplish something that's meaningful. So as the largest world's largest global I P we get to see a ton of traffic, and it's really, really interesting we'll be able to put together, you know, at any given point in time. We're watching many tens of thousands of probable malware networks. We're protecting our customers from that. But we're also able to ourselves take down nearly 65 now where networks every month just knock them off the Internet. So identify the command and control, and we take it off the Internet. We work with our partners. We go talk to hosting providers, maybe competitors of ours. And we say, Hey, here's a bad, bad actors bad server that's being used to control now where? Going shut it down. And so the result of that is not only protecting our customers, but more importantly, protecting tens of thousands of customers every month. By removing now where networks that were attacking, that really makes a difference. To me, that's the biggest impact we bring. And so it really is a better together. It's a collaboration story and, of course, for said, we get the benefit of that information as we're developing it as we're building it, we can protect our customers right away while we're building the confidence necessary to take something as dramatic and action as shutting down on our network. Right. Unilaterally, >>Citrix. I was gonna ask you kind of the impact of I o t. Right in this in this crazy expansion of the tax services, when you hear about all the time with my favorite example, somebody told the story of attacking a casino through the connected thermometer in the fish tank in the lobby, which may or may not be true, is still a great story. Great story. But I'm curious, you know, looking at the network, feeding versus the devices connecting that's really in an interesting way to attack this proliferation of attack services. You're getting it before it necessarily gets to all these new points of presence doing it based on the source. For >>us, that's the only way to make it scalable. It is true that automation blocking it before it gets to the azure to a device. It is what will create simplicity and value for our customers. >>Right on the other piece of the automation. Of course, that we hear about all the time is there just aren't enough security professionals, period. So if you don't have the automation. You don't have the machine learning, as you said, to filter low hanging fruit and the focus your resource. If they need to be, you're not going to do it. The bad news is the bad guys, similar tools. So as you look at kind of the increase in speed of automation, the increase in automated connectivity between these devices making decisions amongst each other, how do you see that kind of evolving? But you're kind of role and making sure you stay a step ahead of the bad guys. For >>me, it's not about just automation. It's about allowing smart people to put their brains against hard problems, hard impactful problems and so on. So simply automating is not enough. It's making sure that automation is reducing the the load on people so that they're able to focus on those hard, unique problems really solve all those solutions and, yes, Attackers, Attackers build automation as well. And so if we're not building faster and better than we're falling behind, so like every other part of this race, it's about getting better, faster and why it's so important that technology work together because we're constantly throwing out more tools and if they don't work better together, even if we got incremental automation, these place way still miss overall because it's end to end that we need to defend ourselves and our customers >>layered on what he said. For the foreseeable future, you're gonna need smart security people that help protect your practice. Our goal in automation is take the road tasks out of out of the gate. They live so they can focus on the things that provide the most value protecting their enterprise. >>Right when you're looking, you talked about making sure things work together, for you talked about making sure things work together. How do you decide what's kind of on the top of the top of the stack, where everybody wants to own the single pane of glass? Everybody wants to be the control plane. Everybody wants to be that thing that's on your computer all the time, which is how you work your day to day. How do you kind of dictate what are the top level tools while still going out? And, he said, exploring some of these really cutting edge things out around the fringe, which don't necessarily have a full stack solution that you're going to rely on but might have some cool kind of point solutions if you will, or point products to help you plug some new and emerging holes. Yeah, >>yeah. So for us, yeah, we take security capabilities and we build them into the other things that we sell. So it's not a bolt on. So when you buy things from us, whether whether it's bandwidth or whether its SD wan and security comes baked in, so it's not something you have to worry about integrating later. It's an ingredient of the things that we sell in all of the automation that we build is built into our practice, So it's simple for our customers to understand, like, simple and then layered. On top of that, we've got a couple different ways that we bring pro services and consulting to our practice. So we've got a smart group of folks that could lean into staff, augment and sit on site, do just about anything to help customers build a practice from day zero to something more mature. But now we're toying with taking those folks in building them into products and services that we sell for 10 or 20 hours a month as an ingredient. So you get that consulting wrapper on top of the portfolio that we sell as a service provider. >>Get your take on kind of budgets and how people should think about their budgets. And when I think of security, I can't help but think of like insurance because you can't spend all your money on security. But you want to spend the right amount on security. But at the end of the day, you can't be 100% secure, right? So it's kind of kind of working the margins game, and you have to make trade offs in marketing, wants their money and product development, wants their money and sales, wants their money. So what people are trying to assess kind of the risk in their investment trade offs. What are some of the things they should be thinking about to determine what is the proper investment on security? Because it can't just be, you know, locker being 100% it's not realistic, and then all the money they help people frame that. >>Usually when companies come to us in, Centurylink plays in every different segment, all the way down to, you know, five people company all the way to the biggest multinationals on the planet. So that question is, in the budget is a little bit different, depending on the type of customer, the maturity and the lens are looking at it. So, typically, way have a group of folks that we call security account managers those our consultants and we bring them in either in a dedicated or a shared way. Help companies that's us, wear their practices today in what tool sets for use again things that they need to purchase and integrate to get to where they need to be >>really kind of a needs analysis based on gaps as much as anything else. >>That's part of the reason why we try to build prisons earlier, so many of the technologies into our solution so that so that you buy, you know, SD wan from us, and you get a security story is part of it is that that allows you to use the customer to save money and really have one seamless solution that provides that secure experience. We've been building firewalls and doing network based security for going on two decades now, in different places. So at this point, that is a good place that way, understand? Well, we can apply automation against it. We can dump, tail it into existing services and then allow focused on other areas of security. So it helps. From a financial standpoint, it also helps customers understand from where they put their talent. Because, as you talked about, it's all about talents even more so than money. Yes, we need to watch our budgets. But if you buy these tools, how do you know about the talent to deploy them? And easier You could make it to do that simpler. I think the better off right >>typical way had the most success selling security practices when somebody is either under attacker compromised right, then the budget opens right up, and it's not a problem anymore. So we thought about how to solve that commercially, and I'll just use Vitas is an example. We have a big D dos global DDOS practice that's designed to protect customers that have applications out on the Internet that are business critical, and if they go down, whether it's an e commerce or a trading site losing millions of dollars a day, and some companies have the money to buy that up front and just have it as a service. And some companies don't purchase it from us until they're under attack. And the legacy telco way of deploying that service was an order and a quote. You know, some days later, we turned it up. So we've invested with Christine the whole orchestration layer to turn it up in minutes and that months so you can go to our portal. You can enter a few simple commercial terms and turn it on when you need it. >>That's interesting. I was gonna ask you kind of how has cloud kind of changed the whole go to market and the way people think about it. And even then you hear people have stuff that's secure in the cloud, but they mis configured a switch left something open. But you're saying, too it enables you to deploy in a very, very different matter based on you know, kind of business conditions and not have that old, you know, get a requisite get a p o requisition order, install config. Take on another kind of crazy stuff. Okay, so before I let you go, last question. What are your kind of priorities for this show for Centurylink when it's top of mind, Obviously, you have the report and the Black Lotus. What do you guys really prioritizing for this next week? Here for Cisco. >>We're here to help customers. We have a number of customers, a lot of learning about our solutions, and that's always my priority. And I mentioned earlier we just put out a press release for rapid threat defense. So we're here to talk about that, and I think the industry and what we're doing this little bit differently. >>I get to work with Chris Motions Week with customers, which is kind of fun. The other part that I'm really excited about, things we spent a bunch of time with partners and potential partners. We're always looking at how we bring more, better together. So one of the things that we're both focused on is making sure that we're able to provide more solutions. So the trick is finding the right partners who are ready to do a P I level integration. The other things that Chris was talking about that really make this a seamless and experience, and I think we've got a set of them that are really, really interested in that. And so those conversations this week will be exceptionally well, I think that's gonna help build better technology for our customers even six months. >>Alright, great. Well, thanks for kicking off your week with the Cube and have a terrific week. Alright. He's Chris. He's Chris. I'm Jeff. You're watching the Cube. Where? The RSA Conference in downtown San Francisco. Thanks for watching. See you next time. >>Yeah, yeah.

>> Announcer: From Miami Beach, Florida, it's theCUBE. Covering Acronis Global Cyber Summit 2019. Brought to you by Acronis. >> Hello everyone, welcome back to theCUBE's coverage here in Miami Beach, Florida at the Fontainebleau Hotel for the Acronis Global Cyber Summit 2019, where cyber protection is becoming an emerging trend. And we see these once in a while, when you have these big waves, you know, some unique trends. Observability and cloud computing, automation and cloud computing came out of nowhere from these white spaces. Now you're seeing the confluence of data protection and cyber security coming together to the platform. That's what they're talking about here. And my next guest, to break it all down, is an analyst from Forrester Research, Naveen Chhabra. Thanks for joining us today. >> Thank you for having me here. >> So Miami Beach, not a bad venue is it? >> Oh yeah, absolutely. (laughing) >> Get a dip in the ocean there, the water's warm. I got to ask you this, break down this market. Acronis is on here earlier. They've got a story to tell, and their story is not something that's obvious. It's kind of a new category, I guess, emerging, not really a traditional category from a research standpoint. But cyber protection by combining traditional thinking about data protection and cyber security software, bringing them together into one thinking, wholistic data model, with a platform that can enable services. I mean, this is a classic platform. This is what these guys have. What's your take on the industry? Is the industry ready for this? Is this a real trend? >> The industry certainly needs the technology, and I'll give you some examples as to why. So if you think upon the ransomware attacks that have happened in the past, the ransomware attacks would cripple any organization, right? And the best defense that an organization has to recover from, backups. Now, what that means is, okay, I can certainly recover from a backup which was taken last hour, last yesterday or a few days back, a few weeks back. But the most important question is how do I find out that the last copy or the last snapshot is a clean, uninfected copy? Because that's important, right? So if you recover from an infected copy, you're going to be hit again. And you don't want that, right? So, the million dollar question there is how do I get back to the copy which is clean and uninfected? Right? And you cannot do that traditionally the way organizations have been structured. You have infrastructure and operations guys, those who are responsible for operations, you know, keeping copies in their place, wherever required, and then you have the second group, which is security and risk, which is responsible for identifying all things security, right? But, ransomware is one thing in the industry which is pulling these two teams together. But the organizations are not ready yet. In one of the surveys that I did, I asked the respondents, "Do you have these two teams working together "to solve this problem?" And the answer was abysmally low. You know, no they don't work with each other. >> You point at a great point. I think one of the things you highlight there that I think is really critical is backup and recovery was because of some operational disruption. >> Naveen: Yes. >> Outage, flood, so rollback. The disruption wasn't a hack, so to that point, all those mechanisms around, generations of backup and recovery didn't actually take into account security. >> Exactly. >> Meaning the malware or the infection, the disruption is coming from a secure breach, not some electrical outage or some sort of other disruption. And they used to call that non-disruptive operations. I remember all the stories when we just talked about that. >> Right. >> Now it's not that anymore. The disruption is coming from security, so how do you bake security in from day one? That's the million dollar question that I always hear. What's your answer to that? What's the industry doing to get security baked in? What are some of the mechanisms you've seen successful for a large enterprise to adopt a plan that way? >> So I, specifically from a technology standpoint, I see very little efforts. The technology vendors are doing their own efforts, but you know, my guidance to clients is to be proactive in terms of your using the right storage for that matter. Let's say, if you have a WORM storage which can not be encrypted. Written once, cannot be changed, right? Use that model which will ensure that whatever you backed up yesterday, one, the backup is not infected, right? Or even from your core business application standpoint, you know, you want to schedule the data to be kept at a particular point in time to that WORM storage, for example, right? I don't see much of an effort from the organizations because, again, inner security is a domain which is handled by security, backup has not looked at using WORM as a potential storage target. >> WORM being "Write Once Read Many" for the folks-- >> Yes. >> at home tracking this. >> Right, and not that they do not know the technology. They know the technology. It's also about thinking out of the box and applying what's available to another-- >> To a known problem, right? >> Yes. >> And ransomware is so bad, it's such a hard problem to solve. I've heard (mumbles) has been in solution, WORM's a good one. That's the first time I heard that. That's awesome. It makes sense. >> Absolutely. >> But how do you deploy that to scale throughout the enterprise where you had these traditional work stream workflows that-- >> That becomes a problem. >> A people problem. You've been doin' a lot of work around the people equation. People process technology, everyone says it's digital transformation. But the people equation is a hard nut to crack. What's your take on the people situation? >> It certainly is a hard nut to crack because security would not trust more infrastructure in place that our guys would be doing. They've been told to operate in that model and now comes a situation, ransomware situation, where they're asked to trust each other and work with each other. Boy, that's not happening, is it? (chuckles) >> Yeah, they hate each other before, now they have to like each other. I mean, that's been a 20 year, 10 year, 5 year you've seen it evolve over time. Dev Ops is certainly with the cloud enforced a lot of that. That's kind of what brought people together under the Dev Ops infrastructure's code. But we're talkin' about application development that's growing like crazy. (mumbles) C.s want to build in-house stacks and communicate via A.P.I.s and, or some data-sharing with vendors. So this idea of a lot of this there's a restructuring that's going on at least from a architectural, technically, and staffing. What's some of the best practices that you've seen? What is some of the customer environments out there that you can talk to to show and point at a success story? >> I think some of the examples I've seen organizationally addressing this problem, wholistically, is to start from the top. I came out with this report a couple of years back titled Ransomware is a Business Continuity Issue. So don't approach it with a technology solution. Eventually, you will end up in adopting that same technology but I didn't define why do you need to use that technology so that it ties up your business requirements. So start from identifying that as a business risk which I see very little organizations do that today. Cyber risks are not identified as vulnerable as important a risk as they should be. So start off from that and trickle down into the next sub-steps that you must be taking, going eventually to the same technology. >> You know, one of the things I want to get your thoughts on is that obviously the digital threats are the industrialization of automating attacks. You're seeing Zero-day, you're seeing all this malware out there. You got surface errors with I.O.T.s increasing. So, the threats are coming. They're not going away. In fact, they're going to be increasing over time. Maybe get, you might not see it like D-DOS kind of been distracted away. But now the complexity is a huge issue because the costs will kick off of the complexity, this is something that Acronis is talking about and this is what I want to get your thoughts on. Complexity is one of those things that if you don't solve it and you look the other way, it gets more expensive to solve over time. So as complexity piles up, it's like climate change or cleaning up the Boston harbor. The longer you wait the more expensive it's going to be. >> Exactly. >> So that's startin' be be realized in some people's minds. They call it re-platforming, digital transmission, there's just buzz words for that. But I think this is a reality that people like, "Oh, I got to get... "I got to take care of business." I got I.O.T., I got complete industrial I.O.T., N.I.O.C. I got all those data centers movin' to the cloud. I got to clean up the complexity problem. What's the answer? How do you, What's the research tell you? >> Unfortunately, there's no easy answer because all the tools, technologies the organizations are using, they're using it for a purpose. So silos is a challenge, increasing silos is a challenge. So, I would highly recommend organizations start to think about reducing the silos, not be reducing the tools, but by potentially looking at cross-liberating by integrating, right? And one of the examples here is very important around recovery from ransomware attacks. So, going back to the point that, "Okay, how do you identify where is the right, "clean copy of the backup?" So these two teams would have to work together. Now the teams would work right out of their heads. They got to depend on technology, right? So that's where the requirement of the tools, themselves, working with each other, security to identifying, "Okay, when to do the forensics tracing "you know where the ransomware part "would identify when did the ransomware get in? "When did the malware get in? "Which systems did it infect?" And then, the backup tools correspondingly acting on those backup instances which have been identified as clean and uninfected. Easier said than done, but that's a part forward. >> And the other thing to make that more complex is that you said business continuity before, that's a people issue, as well. Not just technical process. >> Absolutely. >> Okay, so the two has to have a plan. Like, "What's the plan?" Do they actually huddle and do dry runs? Do they have fire drills? I mean, these are the things that most cyber groups do. They tend to have, you know, very structured approaches to either incidents, response,... So as these worlds come together, what does your research tell you around (chuckles) the questions of working together, proactively, show you? >> Interestingly, enough. I, a couple of years back, I did a survey asking those organizations who have been hit by ransomware attack and have lost data. I asked them, "How many of you have these two teams "working together?" Apparently, you know, some thirty-odd percent responded and said, "Yes, we have these two teams working together." But among, you know, asking final questions, qualifying questions about, "Yes, these two teams "work together," but do they effectively and eventually get to where they should be. Like, have a common plan, right? I think three, four, five percent of the respondents would say, "Yes, we do have a common operating, "understood plan "between the two teams." But largely, all I can say almost all organizations do not have that plan, unfortunately. >> You're, I think, one of the first ransomware experts I've had on theCUBE that's done a lot of research in the area, directly. So I got to ask you on ransomware, first of all it's really bad news and it comes from multiple actors. People lookin' for cash and also state-sponsored, which I believe is goin' on a lot, but no one's reporting on it, but, you know, still that's not proofed yet, but I still get a feeling it's done. On ransomware, do you have any data or insights around if the people clean up their act and get fixed, because I see a lot of ransomware coming back to the same places where they hit once, solve it, pay some bit-coin or whatever their extortion currency is, and then they get hit again. And hit again. Because (clap) there's cash there. Do you see that as a trend? What's the data? Is there any anecdotal insight or are people gettin' hit twice? Three times? >> There are incidents, and I was speaking on, you know, on a panel like half an hour back, and I gave this example. There was a hotel chain in central Europe which was attacked. And the key management system, like if you're one of the guests of that you would not be able to get in, into our rooms. And while they paid a ransom for to release that key management application, they didn't secure that infrastructure and applications further, which was required. And three months later, they were attacked once again. So such incidents are happening. And that's where, you know, guidance from Forrester where we have published a paper about when to consider to pay ransom. Because, you would not be sure that you get the keys. You get the keys for all the data? You don't get any traces of malware left behind or a new malware coming in. You never know, right? >> Of course, yes. >> While this is an untrusted world, but you got to trust if you're paying. (chuckles) >> Yeah, well I think I would bet that the criminals would come back for, you know, new shoes, new coat, new car... They need new things. They need cash (clap), they're going to come back to the bank. >> Absolutely! And they're coming back to basic prey. >> Naveen, thanks for comin' on. I want to get your thoughts on the industry as we wrap up this segment on the trends around cyber protection, data protection, platform. You know, really we're living in a cyber data-driven world. And data is a key part of it. What's the most important trend or story that you think needs to be told or is being told today, in terms of customers to pay attention to? What's, is it ransomware? What's, in your mind, are the top three things that are the most important stories that must be covered or need to be covered, or aren't covered? >> So I think it's not just my story, it's about the state of affairs at an industrial level, globally. I was referring to the World Economic Forum where all the global risks that economies face. It could be famine. It could be a country going bankrupt, right? It could be any other risk that the industry faces. We have seen that, to that starting the World Economic Forum did, in the last 10 years, cyber risk has started to appear on the list of top four, top five risks for the last three years. >> In the world? >> Globally. >> Global issues? >> Global issues, yes. And one of our research also tells us that the number of ransomware incidents have grown 500% in the preceding last 12 months. And the impact, intensity, and frequency of a ransomware attack is simply great. Many organizations are actually shutting down operations. Medical practice in mid-west, called upon the practice and said, "Oh, they are closing operations?" And in fact, it's in public domain. "We're closing operations, you can come back to us "for whatever data we currently have on you." But, I mean I think that from a regulation standpoint, people (mumbles) so that you have to keep control of the data and also be able to provide. But guess what? In this case, the medical practice doesn't have data. If you were their client, if you were a patient they don't have any data on you. Guess what? If it was there for years, you've lost years of your medical data. >> So global issues, ransomware's real and cyber attacks are happening at high frequency. >> Absolutely. >> Naveen, thanks for comin' on. Naveen Chhabra, senior analyst at Forrester Research here inside theCUBE. We are at the Acronis Global Cyber Summit 2019. I'm John Furrier. Back with more coverage for two days here, in Miami Beach, after this short break. Stay with us. (techno music)

(upbeat music) >> Live from Barcelona, Spain it's the Cube! Covering Cisco Live Europe. Brought to you by Cisco and it's ecosystem partners. >> Okay, welcome back everyone and we're live here at Cisco Live, 2019 in Europe. It's the Cube's three days of wall-to-wall coverage, day two. I'm John Furrier, your host, with Dave Vellante co-hosting with me as well as Stu Miniman who's been in and out on interviews. Our next guest is Alex Henthorn-Iwane, vice president of marketing for company Thousand Eyes. welcome back to the cube, welcome to the show. >> Thanks great to be here. >> So talk about what you guys do first, you guys do a very interesting business, a rapidly growing business. What is Thousand Eyes, what do you guys do, What's your product, who is your customer? >> OK, so the vision of thousand eyes was really to help organizations deal with all the connected experiences that they have to deliver. So we're giving visibility into those connected experiences but not just how there, you know if they're working or not but all the external dependencies that they rely on. So we developed a ton of expertise on how the internet works how the networks work, how routing works and all that. And we can give that insight so that all the things that IT now no longer controls and owns, but has to own the outcome for, we're giving that visibility. >> And when you guys sell a Saas Solutions, the software, what's the product? >> Yeah >> Who's the buyer? >> So we're Saas Platform and the way that we gather this data is we're primarily doing active monitoring at a few different layers; so we're monitoring the app layer things like HTTP and page loads and things like that you would think of that as synthetics classically but we've paired that with some patented ways of understanding how everything connects from a user out in the internet or from a branch office or from a data-center out to somewhere else typically across the internet all those networks the cloud networks going through things like Z-scaler all those complex pieces that again you don't control. We can trace all that and then map it down even to internet routing. One other kind of cool thing that we added to all that we do that on an agent basis so we have agents around the world that you can put them in your data-centers your VPC's and your branches. >> And the value proposition is what; visibility in the patterns; optimization; what's the outcome for the customer? >> The outcome is ultimately that we're going to help IT deliver the digital experiences for their employees for their customers that could be e-commerce, e-banking, it could be open banking or PSD2 here in Europe and UK. >> So full knowledge of what's going on >> Right >> But the name talks to that >> Yeah >> It talks to the problem you're solving >> Right, and it's really, the focus is and our specialty is all the external things, right. You've always had a lot of data, maybe too much data on the stuff that you did own, right, in IT. Okay, you could collect packets and flows and device status and all that sort of this and sort of, the challenge was always to know what does that mean, but whether or not that's perfect it exsited, but you simply can't get that from outside, you've got your four walls >> Yeah >> So you just have this big drop off in visibility once you get to the edge of your data-center etcetera >> Now, lets talk about the dynamics in IT; we were talking before we came on camera here about ya know, our lives in IT and going back and look at the history and how it's changed but there are new realities now >> Right >> Certainly Cisco here talking about intent based network ACI anywhere, Hyperflex anywhere, the ecosystem is growing the worlds changed. >> Right >> Security challenges, IOT, the whole things completely going high scale, more complexity. >> Right, Yeah. >> IT? What's the impact to IT? What's the structural change of IT from your prospective? >> Well, the way we see it what's happening with IT is the move from owning and controlling all the stuff, you know and managing that granting access to that. To a world where you really don't own a lot of the stuff anymore. You don't own the software, you don't own the networks. You don't own the infrastructure increasingly. Right? So how do you operate in that role? Changes. What the role of IT is in that role, really changes. And then out of that comes a big question. How does IT retain relevance? In that role? And a lot of that role is shifting away from being the proprietor, to being more of like a manager of an ecosystem. Right? And you need data to do that. So I think that's a really big step. >> So this is now, an actual job description kind of thing? >> Yeah. The roles and make up of the personnel in IT is changing. Because of the SAAS cloud, Hybrid cloud, Multi cloud? >> Right. It's more of like a product management role, than it is the classic operations role. You know? And we observed some really big changes in just operations. So, when you own all the stuff you can find a fix. Right? That's a classic statement of IT operations. But when all the stuff is outside, You can't fix it directly. So you go to what we call an evidence in escalation. You have to actually persuade someone else to fix it for you And if you can't persuade them, you don't have governance you don't have accountability and you don't have the outcome that you're supposed to deliver. >> So the infrastructure is to serve it's players; Google, Amazon, Microsoft, more SAAS All of this is taking data away from your control? >> Right >> And obviously network visibility? >> Sure >> So how are you guys dealing with that? What are some of the nuances of whether it's SAAS, or different infrastructures of service providers? >> And I would add to that SUN, Shift to the internet I would add to that just the increasing number of digital experiences that companies offer to customers. Right? >> Right. So the way that we deal with that is, that we believe that you need a highly correlated way of understanding things. Because at the top layer, if the outcome that IT is supposed to deliver is a digital experience. Right? The customers at the center now, not the infrastructure. Right? So I have to start with experience. So we need to look at, how is the app preforming? How is it delivering to that end user? And now you have to think about it from a persona basis. To who? Where? Right? So that's why we have all these agents floating around the world in different cities. Because if you're offering a let's say e-banking portal, and your surveying 100 cities as markets. You need to see from those cities, right? You also then need to be able to understand the why. When something is not working well, whose fault is it? Right? Is it us? >> Its the network guys! (laughing) >> What you don't to get is the everlasting war room circular firing squad kind of scenario. Where nobody actually knows, right? This is what happens, because the issue is that often times you suspect its not you. Maybe. Right? That search for innocents. >> Yeah. >> But again that's not enough because, the whole point is to deliver the experience. So, now who could it be? Say you're offering e-banking or e-commerce. Is it your CDM provider? Is it that your DMS manage provider is not responsive? Or somethings down? Are you under a D DOS attack? Or some of your ecosystem is. Is one of your back end providers, like your Braintree payments not working right. Right? There is so many pieces, is there an ISP in the middle there? That's being effected? >> There's so many moving parts now. >> If from each persona or location just to get to 1 URL. Could be traversing several ISP networks. Dozens of HOPS across the internet. How on earth are you supposed to isolate, and go an even find who to ask for help? That's a really sticky problem. >> So this will expose all those external credits? >> So we expose all those things. We expose all these multiple layers, and we have some patenting correlation, visual correlation. So you can say alright I see a drop in the responsiveness of a critical internal application or of .. I mean, we never have. Butt lets say like if SAAS like sails course, or something like that. And it may not be their fault by the way, its not them being a problem. But the users having a problem. So you see this drop and say well where's it happening? You can now say is it a network issue? Is it an app issue? Now if it is a network issue I can look at all the paths, from every where and say aha there's a commonality here. For example, we could surface through our collective intelligence that there's an ISP outage in the middle of the internet that's causing this. Or we could say, hey you know your ISP is having an issue. Or guess what? Sales force is maybe, you know things happen. People have problems in data centers sometimes. It's nothing you know, it's not.. >> So there's two things there's the post mortem view, and there's the reactive policy based intention. >> Right >> To say okay hey we've got an outage, go here do somethings take some action. >> Right. So some of those things you can automate. But the fact of the matter is that, automation requires learning. And machines need to be taught, and humans have to teach them. I mean that's one of the sort of sticky parts of automation. (laughing) Right, its not auto-magic its automation. >> So you guys are in the data business basically? >> Right, visibility, data. Right. >> Big data, its about data. You're servicing data. Insights, actionable insights, all this stuffs coming together. So the question is on AI. Cause AI plays a role here. IT OPS and machine learning you've got deterministic and non deterministic behavior. >> Sure. >> How do you solve the AI OPS problem here? Because this is a great opportunity for customers, to automate all this complexity and moving parts. To get faster time to data or insight. >> Okay so I would say that the prime place where you could do AI and ML is where you have a relatively closed system. Lets say an infrastructure that you do control. And you have a ton of data. You know like a high volumetric set of data-streams. That you can then train a machine to interpret. The problem with externalities is that One, you have sparse data. For example we have to use agents, cause you can't get all that traditional data from it. Right? So that means that that's why we built this in a visually correlated way. It's the only way to figure it out. But the other aspect to that is that, when your dealing with external providers you have an essential human part of this. There's no way as far as I know to automate an escalation process with your service providers. Which now we have so many, right? First of all, we have to figure out who. And then you have to have enough evidence, to get an escalation to happen to the right people. Empowered people. So they don't go through the three D's of provider response. Which is Deny, Deflect and Defer. (laughing) Right? You know you have to overcome plausible deniability, and that's very human interaction. So the way we deal with that. All this interactive correlated data we make it ridiculously easy, To share that. in an interactive way, with a deep link that you send to your provider and say "just look and see" and you can see that it's having issues. >> So get the evidence escalated, that's the goal as fast as possible? >> Right so then your time, like your mean time to repair now in the cloud is dependent on mean time to effective escalation. Right? >> Who are some of your customers? >> So, we have our kind of foundational customers. We have 20 of the top 25 SAAS companies in the world, as our customers. We have five of the top six US banks, four of the five top UK banks. 100 plus of global two thousand and growing fast. A lot of verticals, I would say enterprise I started with financials not surprisingly. But now we see heavy manufacturing, and telecom and oil and gas and all that. >> What's going on here at Cisco Live? What's your relationship with Cisco? >> So with Cisco we have a number of integration points, we have our enterprise agents. We have these could agents pre deployed, same software as what we call the enterprise agent. That's been certified as an VNF or as container deployments, on a variety of Cisco Adriatic platforms. So that's kind of our integration point. where we can add value and visibility from those you know, branch or data center or other places you know out to the cloud or outside in as well. >> And who's your buyer, typically? >> So I would say a couple of years ago we would be very network central. But now because of the change in IT, and our crossover into the largest enterprises we find that now it's the app owners. It's the folks who are rolling out sales force to forty thousand people and their adopting lighting. Right? You know or they're putting Office 365 out, and they're dealing with the complexities of a CDM based service or a centralized service like SharePoint. So we're seeing those kind of buyers emerge, along with the classic IT operations and network buyers. >> So it only gets better for you, as more API centric systems get out there. Because as its more moving parts, its basically an operating system. And you look at it wholistically, and you got to understand the IO if you will? >> Right. The microservices way of doing everything, means that when you click something or you interact with something as a user. There are probably 20 things happening at a back end, at least half of which are going off across the internet. And all of them have to work flawlessly. Right? For me to get that experience that I'm expecting. Whether I'm trying to buy something or, just get something done. >> What's your secret sauce in the application? >> So I'd say our secret sauce comes down to a couple really key things. One is the data that we generate. We have a unique data center from all these vantage points that we have now. That's what allows us to do this collective intelligence. No body else has that data. And an example we did a study, a couple studies last year. Major resource studies using our platform to look at public cloud performance from the internet within regions. Inter regions, and between clouds. And we found some really interesting phenomenon. And no body else had ever published that before. A lot of assumptions, a lot of inter-claims, we where actually able to show with data, exactly how this stuff performs. >> I'm sorry, you guys have published that? Where can we find that? >> Yeah, so we have that published, we also did another major report on DNS. >> Is that on your website? >> It's on our website, so definitely something to check out. >> Alright, Alex well thanks for coming on, give the quick plug, what's up for you guys? Hiring? What's new? Give the quick two cents. >> So here in Europe we're scaling up, hiring a lot and expanding across Europe. We have major offices in London and Dublin, so that's a big deal. And I think in this next year you'll see some bigger topped out ways that we can help folks understand. Not just how the internet is effecting them, but more of like the unknown of unknowns of internet behavior. So there's going to be some exciting things coming down the pipe. >> Well we need a thousand eyes on all the instrumentation as things become more instrumented having that data centric data. is it going to help feed machine learning? And again its just the beginning of more and more complexity being abstracted away by software on network Programmability. theCUBE bringing you The Data Here from Barcelona, for Cisco Live! Europe 2019 stay with us for more day 2 coverage after the short break. I'm Jeff Furrier here with Dave Vellante, thanks for watching. ( upbeat music )

>> Announcer: Live from Manhattan It's theCUBE! Covering AWS Summit New York City 2017. Brought to you by Amazon Web Services. >> And welcome back here to New York. We're at the Javits Center here in midtown Manhattan for AWS Summit 2017. Along with Stu Miniman, I'm John Walls. Glad to have you here on theCUBE we continue our coverage here from New York City. Well, if you're making that move to the cloud these days, you're thinking about privacy, you're thinking about security, you're thinking about compliance. Big questions, and maybe some big problems that Bill Shin can answer for you. He is the Principal Security Architect at AWS, and Bill, thanks for being with us. >> Thanks for giving me the time. >> Hey CUBE rookie, right? This is- >> This is my first time. >> Your maiden voyage. >> First time for everything. >> Glad to have you, yeah. So I just hit on some of the high points, these are big, big questions for a lot of folks I would say. Just in general, before we jump in, how do you go about walking people into the water a little bit, and getting them thinking, get their arms around these topics? >> Absolutely. It's still among the first conversations we have with customers, it's our top priority at AWS, the security, and customers are concerned about their data security, regardless of where that data is. Once they move it into the cloud it's a real opportunity to be more secure, it's an opportunity to think about how they're doing security, and adapt and be a little faster. So we have a really prescriptive methodology for helping customers understand how to do a clouded option, and improve their security at the same time. We have a framework called the Well-Architected Framework, and there's a security pillar in that framework, it's built around five key areas. Identity access management, which is really what you should be thinking about first, because authorization is everything. Everything is code, everything is in API, so it all has to be authorized properly. Then we move into detective controls and talk about visibility and control, turning on CloudTrail, getting logging set up. All the detective controls so that before you even move a workload into the cloud, you know exactly what's happening, right? And then we move into infrastructure security, which includes your network trust boundaries, zone definition, things like firewall rules, load balancers, segmentation, as well as system security. Hardening and configuration state of all the resources in their account. Then we move on to data protection as we walk customers through this adoption journey. Things like encryption, backup, recovery, access control on data. And then finally incident response. We want to make sure that they have a really good, solid plan for incident response as they begin to move more and more of their business into the cloud. So to help them wade through the waters we bring it up. The CSO is a key partner in a clouded option, organizations need to make sure security is in lockstep with engineering as they move to the cloud. So we want to help with that. We also have the Cloud Adoption Framework, and there's a security perspective in that framework. Methodology for really treating security more like engineering these days. So you have Dev Ops and you have Dev Sec Ops. Security needs to have a backlog, they need to have sprints, they need to have user stories. It's very similar to how engineering would do it. In that way their partnering together as they move workloads into the cloud. >> Amazon's releasing so many new features, it's tough for a lot of us to keep up. Andy Jassey last year said, "Every day when you wake up, there's at least three new announcements coming out." So it's a new day, there are a number of announcements in your space, maybe bring us up to speed as to what we missed if you just woke up on the West Coast. >> Sure, sure. Customers love the pace of innovation, especially security organizations, they really like the fact that when we innovate on something, it means they might not have to put as much resources on that particular security opportunity or security concern. They can focus more on their code quality, more on engineering principles, things like that. So today, we happily announced Amazon Macie, love it, it performs data classification on your S3 objects. It provides user activity monitoring for who's accessing that data. It uses a lot of our machine learning algorithms under the hood to determine what is normal access behavior for that data. It has a very differentiated classification engine. So it does things like topic modeling, regular expressions, and a variety of other things to really identify that data. People were storing trillions of objects in S3, and they really want to know what their data is, whether it's important to them. Certainly customer's data is the most important thing, so being able to classify that data, perform user analytics on it, and then be able to alert and alarm on inappropriate activities. So take a look at Macie, it's really going make a big difference for customers who want to know that their data is secure in S3. >> Actually I got a question from the community looking at Macie came out, we've got a lot of questions about JDPR coming out. >> Bill: Okay sure, yeah. >> So Macie, or the underlying tech, can that be- >> Bill: Absolutely a great tool. We think the US is the greatest place to be to perform JDPR compliance. You really got to know your data, you have to know if you're moving data by European citizens around, you really have to understand that data. I think Macie will be a big part of a lot of customer strategy on JDPR compliance. To finish your question, we've announced quite a few things today, so Macie's one of them. We announced the next iteration of Cloud HSM, so it's cheaper, more automated, deals more with the clustering that you don't have to do. Deeper integration with things like CloudTrail. Customers really wanted a bit more control and integration with the services that what the previous iteration was, so we've offered that. We announced EFS volume encryption too, so EFS, or Elastic File System encryption at rest. It natively integrates with the key management system the same way that the many of our services do when you're storing data. We announced some config rules today to help customers better understand the access policies on their S3 buckets. So yeah, good stuff. >> John: Busy day, >> Busy day. >> I mean just from a security standpoint, when you are working with a new client, do you ever uncover, or do they discover things about themselves that need to be addressed? >> Bill: Yeah. I think the number one thing, and it's true for many organizations when they move to the cloud, is they want that agility, right? And when we talk to security organizations, one of the top things we advise them on is how to move faster. As much as we're having great conversations about WAF and Shield, the Web Application Firewall, and Shield, our D-DOS solution, Inspector, which performs configuration assessments, all the security services that we've launched, we're also having pretty deep conversations with security organizations these days about CodeStar, CodePipeline, CodeDeploy, and then DevOps tool chains, because security can get that fast engineering principles down, and their just as responsive. It also puts security in the hands of engineers and developers, you know that's the kind of conversations we're having. They discover that they kind of need to get a little closer to how development does their business. You know, talking in the same vocabulary as engineering and development. That's one of the things I think customers discover. Also it's a real opportunity, right? So if you don't have to look after a data center footprints and all the patch panels and switches and routers and firewalls and load balancers and things you have on premises, it really does allow a shift in focus for security organizations to focus on code quality, focus on user behavior, focus on a lot of things that every CSO would like to spend more time on. >> Bill, one of the things a lot of companies struggle with is how they keep up with everything that's happening, all the change there, when I talk to my friends in the security industry it's one of the things that they're most excited about. Is we need to be up on the latest fixes and the patches, and when I go to public cloud you don't ask somebody "Hey what version of AWS or Azure are you running on?" You're going to take care of that behind the scenes. How do you manage the application portfolio for customers, and get them into that framework so that they can, you know we were talking about, Cameron, Jean Kim just buy into that as security just becomes part of the process, as I get more out of agile. >> Yeah, so the question is really about helping customers understand all the services, and really get them integrated deeply. A couple of things, certainly the well architected framework, like I mentioned, is helpful for that. We have solution architects, professional services consultants, a very, very rich partner ecosystem that helps customers. A lot of training for security, there's some free training online, there's classroom, instructor-led training as well, so that training piece is important. I think the solutions are better together. We have a lot of great building blocks, but when you look at something like CloudTrail Cloud Watch Events, and Lambda together, we try and talk about the solutions, not just the individual building blocks. I think that's one key component too, to help them understand how to solve a security problem. Take, for example, monitoring the provisioning of identities and roles and permissions. We really want customers to know that that CloudTrail log, when someone attaches a role to a policy, that can go all the way to a slack channel, that can go all the way to a ticket system. You really want to talk about the end-to-end integration with our customers. Really to help them keep pace with our pace of innovation. We really try and get the blog in front of them, the security blog is a great source of information for all the security announcements we make. Follow Jeff Bar's Twitter, a bunch of things to help keep pace with all of our launches and things, yeah. >> You brought up server lists, if I look at the container space, which is related of course, security has been one of those questions. Bring us up to speed as to where you are with security containers, Lambda- >> Sure, I think Lambda's isolation is very strong, in Lambda we have a really confidence in the tenant isolation model for those functions. The nice thing about server lists is, when there's no code running, you really don't have a surface area to defend. I think from a security perspective, if you were building an application today, and you go to your security team and say "I'd really like to build this little piece of code, and tie these pieces of code together, and when they're not running there's nothing there that you need to defend." Or, would I like to build this big set of operating systems and fleet management and all the things I have to do. It's kind of a, it's a pretty easy conversation right? All the primitives are there in server-less. You have strong cryptography TLSM endpoints, you've got the IM policy framework so that identity access management has really consistent language across all the services, so principles, actions, resources, and conditions is the same across every service. It's not any different for server-less, so they can leverage the knowledge they have of how to manage identities and authorization in the same way. You've got integration of CloudTrail. So all the primitives are there, so customers can focus on their code and being builders. >> Stu: So it sounds like that's part of the way to attach security for IOT then if we're using those. >> I think for IOT it's a very similar architecture too, so you have similar policies that you can apply to what a device you can write to in the cloud. We have a really strong set of authorization and authentication features within the IOT platform so that it makes it easy for developers to build things, deploy them, and maintain them in a secure state. But you can go back to the Well-Architected Framework and the CAF, the Cloud Adoption Framework, you take those five key areas, you know identity, detective controls, infrastructure security, data protection, and IR incident response. It's pretty similar across all the different services. >> It just comes back to the fundamentals. >> It does, absolutely. And for customers, you know those control objectives haven't changed right? They have those control objectives today, they'll have them in the cloud, and we just want to make it easier and faster. >> Well Bill, thanks for being with us. >> You bet, thank you very much. >> Good to have you on theCUBE, look forward to seeing you again for the second time around. >> See you then hopefully >> Bill Shin, from AWS joining us here on theCUBE. Continuing our coverage from the AWS Summit here in New York in just a bit. (techno music)