>>mhm. Hello and welcome to the cubes Ducker con coverage. I'm John Ferry, host of the Cube. We've got a great segment here with slim dot AI CEO John Amaral. Stealth mode, SAS Company. Start up in the devops space with tools today and open source around. Supply chain security with containers closed beta with developers. John, Thanks for coming on. Congratulations for being platinum sponsor here, Dr Khan. Thanks for coming on The Cube. >>Thanks so much on my pleasure. >>You know, container analysis, management optimisation. You know, that's super important. But security is at the centre of all the action we're seeing with containers. We've been talking shift left on a lot of cube conversations. What that means? Is it an outcome? Is that the product software supply chain? You seek them? A secure where malware. All these things are part of now the new normal in cloud Native. You guys at the centre of this, the surface areas change. All these things are important. Take a minute to explain what you guys are doing as a as a tools and open source. Some of the things you're doing, I know you got a stealth mode product. You probably can't talk about. But you gotta close, Beta. Can you give us a little bit of a teaser? What slim dot ai about >>sure. So someday I is about helping developers build secure containers fast, and that really plays to a few trends in the marketplace that are really apparent and important right now in a federal mandate and a bunch of really highly publicised breaches that have all been caused by software supply, chain risks and security and software supply, chain security has become a really top of mind concept for people who secure things and people who develop software and runs. SAS so slim that AI has built a bunch of capabilities and tools that allow software developers at their desks to better understand and build secure containers that really reduce software supply. Chain risk as you think about containers being run in production. And we do three things to help developers one, as we help them know everything about their software. It's a kind of a core concept of suffering supply chain security. Just know what software is in your containers to. Another core concept is only ship to production. What you need to run. That's all about risk surface and the ability for you to easily make a container small that has as much a software reduction in it as possible. And three, it's removed as many vulnerabilities as possible to Slim Toolset. Both are open source and our SAS data platform make that easy for developers to do >>so. Basically, you have a nice, clean, secure environment. Know what's in there. Don't only put in production was needed and make sure it's tight and it's trimmed down perfectly. So you're kind of teasing out this concept of slimming, which is in the name of the company. But it really is about surface area of attack around containers and super important as it becomes more and more prominent in the environment these days. What is container slimming and why is it important for supply chain security? >>Sure. So in the in the in the realm of software supply chain security, best practises right, there are three core concepts. One is the idea of an S bahn that you should know the inventory of all the software that runs in your world to its security posture, signing containers, making sure that the authenticity of the software that you use and production is well understood. And the third is, well, managing exactly what shopper you ship. The first two things I said are simply just inventory and basics about knowing what software you have. But no one answers the question. What software do I need? So I run a container and say, It's a gig and it's got all these packages in. It comes from the operating system from note, etcetera. It's got all this stuff in it. I know the parts that I write my code to. But all that other stuff, what is it? Why is it there? What's the risk in it? That slimming part is all about managing the list of things you actually shipped to the absolute minimum and with confidence that you know that that code will actually work when it gets production but be as small as possible. That's what slimming is all about, and it really reduces supply chain risk by lowering the attack surface in your container, but also trimming your supply chain to only the minimum pieces you need, which really causes a lot of improvements in in the operational overhead of having software supply chain security >>It's interesting as you get more more volume and velocity around containers, uh, and automation kicks in. Sometimes things are turning on and off you don't even know. And shift left has been a great trend for getting in the CI CD pipeline for developer productivity. Really cool. What are some of the consequences that's going on with this? Because then you start to get into some of these areas like some stuff happens that the developers have to come shift back and can take care of stuff. So, you know, C. Tus and CSOs are really worried about this container dynamic. What's the What's the new thing that's causing the problems here? What's the issue around the management that CDOs and CDOs care about? >>Sure. And I'll talk about the shift left implications as well for that exact point. So as you start to worry about software supply, chain security and get a handle on all the software you ship to prod well, part of that is knowledge is power. But it's also, um, risk and work as soon as I know about problems with my containers or the risk surface, and I got to do something about it so we're really getting into the age where everyone has to know about the software they ship. As soon as you know about that, say there's a vulnerability or a package that's a little risky or some surface area you don't really understand. The only place that can be evaded is by going back to the developers and asking them. What is that? How do I remove it? Please do that work. So the software supply chain security knowledge turns into developer security work. Now the problem is, is that historically, the knowledge was imperfect, and the developer, you know, involvement in that was, I'd say, at Hawk, meaning that developers had best practises that did the best they could. But the scrutiny we have now on minimising this kind of risk is really high. The beautiful part about containers is their portable, and it's an easily transferrable piece of software. So you have a lot of producers and a lot of consumers of containers. Consumers of containers that care about supply chain risk are now starting to push back on, producers saying, Take those vulnerabilities out, move those packages, make this thing more secure, lower the risk profile this works its way all the way back to the developers who don't really have the tools, capabilities and automation is to do the work I just described easily, and that's an opportunity that Slim is really addressing, making it easy for developers to remove risk. >>And that's really the consequences of shifting left without having the slimming. Because what you're saying is your shift left and that's kind of annulled out because you've got to go back and fix it. The work comes, >>that's right. And yeah, and it's not an easy task for a developer to understand the code that they didn't intentionally put in the container. It's like, Okay, there's a package in that operating system. What does it do? I don't know. Do I even use it? I don't know. So there's like tonnes of analytic and I would say even optimisation questions and work to be done, but they're just not equipped to, because the tooling for that is really immature Slims on a mission to make that really easy for them and do it automatically so they don't have to think about it. We just automatically remove stuff you don't use and voila! You've got this like perfectly pre optimised capability. >>You know, this suffer supply chain is huge, and I remember when open source started when I remember when I was breaking into the business. Now it's such a height in such an escalation of new developers. This it's a real issue that that's going to be resolved. It has to be because supply chain is part of open source, right? As more code comes in, you got to verify. You gotta make sure it's it's slimming where it needs to be slim and optimised. There needs to be optimised, huge trend. Um and so I just love this area. I think it's really innovative and needed. So congratulations on that, you know, have one more question for you before we get into to close out. Um, you guys are part of the Docker Extensions launch and your partner, >>Why >>is this important to participate in this programme and and what do you guys hope to hope it does for slim dot ai, >>First of all, doctors, the ubiquitous platform, their hub has millions and millions of containers. We've got millions and millions of developers using Docker desktop to actually build and work on containers. It's like literally the sandbox for all local work for building containers. It's a fair statement. So inclusion in Dr Khan and the relationship we're building with Docker is really important for developers and that we're bringing these capabilities to the place where developers work and live every day. It's where all the containers live in the world. So we want to have our technology be easy to use with docker tools. We want to keep developers workflows and systems and and tools of record be the same. We just want to help them use those tools better and optimist outputs. From that we've we've worked since our inception to make our tools really, really friendly for darker and darker environments to, um, we are building a doctor extension. Uh, they have, uh, in this darker con. They're launching their doctor extensions programme to the worldwide audience. We have been one of the lucky Cos that's been selected to build one of the early Dr desktop plug ins. It's derived from our capabilities and our Saas platform and an open source, and it's it's effectively an MRI machine, an awesome analytic tool that allows any developer to really understand the composition, security and profile of any container they work with. So it's giving the sight to the blind, so to speak, that it's this new tool to make container analysis easy. >>Well, John, you guys got a great opportunity. Container analysis, management, optimisation key to security, enabling it and maintaining and sustaining it. And it's changing. I know you guys. Your co founder also did a doctor Slim. So you guys are deep in the open source. I Congratulations on that. We'll see a Q. Khan for the remaining time. We have give a plug for the company, obviously in stealth mode price going to come out later this year. You got a developer preview? What's What's the company all about? What's the most important story here? Dr. Khan? >>Sure, just to playback. So we help developers do three important things. Know everything about the software in their containers to only ship stuff to production that you need, and and and three remove as many vulnerabilities as possible. That's really about managing and understanding the risk surface. It ties right back to software supply chain security, and any developer can use these tools today to emit and build containers that are more secure and better production grade containers, and it's easy to do. We have an open source project called Dioxin. Go check it out. Uh, it's not. It's on git Hub. It's easy to find if you go to w w w dot slim that ai you can find access to that. We have tens of thousands of developers, 500,000 plus downloads. We have developers everywhere using those tools today and open source to do the objectives. I just said You can also easily sign up for our data for our Saas platform, you can use the doctor extension, go ahead and do that and really get on your journey to make those outcomes reality for you. And really kind of make those SEC ops people downstream not have to shift anything left. It's super easy for you to be a great participant in software slash insecurity. >>All right. John Amaral, CEO slim dot ai Stealth. Most thanks for coming The Cube Cube coverage of Dr Khan. Thanks for watching. I'm John Kerry hosted the Cube back to more Dr Khan after the short break. Mhm mhm

>> Live from Barcelona, Spain. It's the queue covering Sisqo, Live Europe. Brought to you by Cisco and its ecosystem partners. >> Welcome back, Everyone Live here in Barcelona, Spain's two Cubes Coverage of Sisqo Live Europe. Twenty nineteen. I'm John Foreal echoes David Lock. Our next guest is Liz Santoni, senior vice president general manager of the Eye Okay Group at Cisco, formerly is part of the engineering team Cube Alumni. Great to see you again. Thanks for coming >> on. Great to be here, >> so you're >> just good to see you guys. >> You're in the centre. A lot of news. I ot of the network redefining networking on stage. We heard that talk about your role in the organization of Sisko and the product that you now have and what's going on here. >> So run R I O T business group similar to what we do with the end data center off that it has the engineering team product management team. We build products solutions that includes hardware, software, silicon. Take him out to market. Really an eye. OT It's about, you know, the technology conversation comes second. It's like, What can you deliver in terms of use, case and business outcomes that comes first, and it's more about what technology can enable that. So the conversations we have with customers are around. How can he really solve my kind of real problems? Everything from one a girl, my top line? I want to get closer to my customers because the closer I get to my customers, I know them better. So obviously can turn around and grow my top line. And I want to optimize everything from internal process to external process because just improves my bottom line at the end >> of the day. So you a lot of news happening here around your team. But first talk about redefining networking in context to your part, because edge of the network has always been what is, you know the edge of the network. Now it's extending further. I. O. T. Is one of those things that people are looking at a digit digitization standpoint, turning on Mohr intelligence with the factory floor or other areas. How how are how is I ot changing and what is it today? >> So you gave an example of, you know, digitizing something like a factory floor, right? So let's talk about that. So what customers in the factory floor want to do. They've already automated a number of this factory floors, but what they want to do is get more efficient. They want better eo. They want better quality. They want to bring security all the way down to the plant floor because the more and more you connect things, the more you just expanded your threat surface out pretty significantly so they want to bring security down to the plant floor. Because the's are environments that are not brand new, they have brown feel equipment there, green field equipment. They want to be able to have control of where what device gets in the network. With things like device profiling, they want to be able to do things like create zones so that they could do that with things like network segmentation. So when and if an attack does happen, they can contain the attack as much as possible. All right now what you need in terms ofthe a factory floor, automation, security, to be able to scale tohave that flexibility That's no different than what you have in the Enterprise already. I mean, we've been working with our idea and enterprise customers for years, and, you know, they it's about automation and security. It's about simplicity. Why not extend that out? The talent that it has, the capability that has it really is a connective tissue, that you're extending your network from that carpeted space, or you're clean space into outside of the office or into the non carpeted space. So it's perfect in terms of saying it's about extending the network into the nontraditional space that probably it doesn't go into today. >> Well, right. And it's a new constituency, right? So how are you sort of forging new relationships, new partnerships? What is described, what that's like with operations technology? >> I mean, that Cisco. We have great partnerships with the Tea organisation. I mean, we've got more than eight hundred forty thousand customers and our sales teams are product. Teams do a good job in terms of listening to customers. We're talking more and more to the line of business. We're talking more and more to the operational teams >> because of the end of >> the day. I want to be candid. You know, going to a manufacturing floor. I've never run a plan. Floor right? There are not very many people in the team who conceived in a plant manager before they know they're processes. They're concerned about twenty four seven operation. Hey, I want to be in compliance with the fire marshal, physical safety of my workers. We come in with that. I p knowledge that security knowledge that they need it's a partnership. I mean, people talk about, you know, t convergence. Usually convergence means that somebody's going to lose their job. This is Maura Night, an OT partnership, and most of these digitization efforts usually come in for the CEO level. Laura Chief Digitization Officer. We've got good relationships there already. Second part is Sister has been in this. We're quite some time. Our team's already have relationships at the plant level at the grid level operator level. You know, in the in the oil and gas area what we need to build more and more of that because building more and more that is really understanding. What business problems are they looking to solve? Then we can bring the technology to it. >> Liz, what's that in the Enable Menu? Mission Partnership? That's a good point. People, you know, someone wins, someone loses. The partnership is you're enabling your bringing new capability into the physical world, from wind wind farms to whatever What is the enablement look like? What are some of the things that happen when you guys come into these environments that are being redefined and reimagined? Or for the first time, >> Yeah, I would say, you know, I use what our customers said this morning and what he said was, it has the skills that I >> need, all right. >> They have the eyepiece skills. They have a security seals. These are all the things that I need. I want my guys to focus on kind of business processes around things that they know best. And so we're working with a CZ part of what we're putting this extended enterprise extending in ten based networking to the i o T edge means ight. Hee already knows our tools are capabilities. We're now saying we can extend that Let's go out, figure out what those use cases are together. This is why we're working with the not just the working with our channel partners as well. Who can enable these implementations on i o t implementations work? Well, >> part of >> this is also a constant, you know learning from each other. We learned from the operational teams is that hey, you can start a proof of concept really well, but he can really take it to deployment unless you address things around the complexity, the scale and the security. That's where we can come in and help. >> And you can't just throw your switches and routers over the fence. And so okay, here you go. You have to develop specific solutions for this world, right? And when you talk about that a little bit, absolutely. So >> if you look at the networking industrial networking portfolio that we have, it's built on the same catalysts, itis our wireless, a peace, our firewall. But they're more customized for this non carpeted space, right? You've got to take into consideration that these air not sitting in a controlled environment, so we test them for temperature, for shock, for vibration. But it's also built on the same software. So we're talking about the same software platform. You get the same automation features you get, the same analytics features. It's managed by DNA center. So even though we're customizing the hardware for this environment, the software platform that you get is pretty much the same, so it can come in and manage both those environments. But it also needs an understanding of what, What's the operational team looking to solve for? >> Because I want to ask you about the psychology of the buyer in this market because OT there run stuff that's just turn it on. But in the light ball, make it work. Well, I got to deploy something, so they're kind of expectations might be different. Can you share what the expectations are for the kind of experience that they wanna have with Tech? >> I used a utility is a great example and our customer from energy. I think, explain this really well, this is thing that we learned from our customers, right? I haven't been in a substation. I've been in a data center multiple times, but I haven't been in a substation. So when they're talking about automating substation, we work with customers. We've been doing this over the last ten years. We've been working with that energy team for the last two years. They taught us, really, how they secure and managing these environments. You're not going to find a CC in this environment, So when you want to send somebody out to like sixty thousand substations and you want to check on Hey, do do I still have VPN connectivity? They're not going to be able to troubleshoot it. What we did is based on the customer's ask, put a green light on there and led that shines green. All the technician does is look at it and says it's okay. If not, they called back in terms of trouble shooting it. It was just a simple example of where it's. It's different in terms of how they secure and manage on the talent that they have is different than what's in the space. So you've got to make sure that your products also cover what the operational teams need because you're not dealing with the C. C A. Or the I P experts, >> a classic market fit product market fit for what they're expecting correct led to kick around with green light. I mean, >> you know, everybody goes that such an easy thing inside was >> not that perceptive to us. >> What's the biggest thing you've learned as you move from Cisco Engineering out to the new frontier on the edge here? What? What are the learnings that you've seen actually growing mark early. It's only going to get larger, more complicated, more automation. Morey, I'm or things. What's your learning? What have you seen so far? That's the takeaway. >> So I'll see, you know, be I'm still an Cisco Engineering. The reason we're in Coyote is that a secure and reliable network that it's the foundation of any eye. Ot deployment, right? You can go out and best buy the best sensor by the best application by the best middle where. But if you don't have that foundation that's secure and reliable, those, Iet projects are not going to take off. So it's pretty simple. Everyone's network is thie enabler of their business outcome, and that's why we're in it. So this is really about extending that network out, but at the same time, understanding. What are we looking to solve for, right? So in many cases we worked with third party party hers because some of them know these domains much better than we do. But we know the AIP wear the eye patch and the security experts, and we bring that to the table better than anybody else. >> And over the top, definite showing here for the second year that we've covered it here in definite zone, that when you have that secure network that's programmable really cool things and develop on top of it. That's what great opportunity >> this is. I'm super excited that we now have an i o. T. Definite in. You know, it's part of our entire Cisco. Definite half a million developers. You know, Suzy, we and team done a fabulous job. There's more and more developers going to be starting to develop at the I o. T edge at the edge of the network. Right. So when you look at that is our platforms today with dioxin saw on top of it. Make this a software platform that developers Khun can actually build applications to. It's really about, you know, that we're ready. Highest fees and developers unleashing those applications at the i o. T edge. And with Susie making that, you know, available in terms of the tools, the resource is the sand box that you can get. It's like we expect to see more and more developers building those applications at the >> edge. We gotta talk about your announcements, right? Oh, >> yeah. Exciting set >> of hard news. >> So we launch for things today as part of Extending Ibn or in ten based networking to the I. O. T. S. The first one is we've got three new Cisco validated design. So think of a validated design as enabling our customers to actually accelerate their deployments. So our engineering teams try to mimic a CZ muchas possible a customer's environment. And they do this pre integration, pre testing of our products, third party products and we actually put him out by industry. So we have three new ones out there for manufacturing, for utilities and for mode and mobile assets. That's one. The second one is we're launching two new hardware platforms on next generation catalysts Industrial Ethernet switch. It's got modularity of interfaces, and it's got nine expansion packs. The idea is making as flexible as possible for a customer's deployment, because these boxes might sit in an environment not just for three years, like in a campus, they could sit there for five for seven for ten years. So, as you know, they are adding on giving them that flexibility that concave a bit based system and just change the expansion modules. We also launch on next generation industrial router. Actually, is the industries probably first and only full six capable industrial router, and it's got again flexibility of interfaces. We have lt. We have fiber. We have copper. You want deal? Lt. You can actually slap an expansion pack right on top of it. When five G comes in, you just take the Lt Munch a lot. You put five G, so it's five G ready >> engines on there >> and it's based on Io Exit us sexy. It's managed by DNA center and its edge enabled. So they run dialects. You, Khun, build your applications and load him on so >> you can >> build them. Third >> parties have peace here. >> The definite pieces. That third one is where we now have, you know, and I OT developer center in the definite zone. So with all the tools that are available, it enables developers and IAS peas, too. Actually, we build on top of Io Axe today. In fact, we actually have more than a couple of three examples that are already doing that. And the fourth thing is we depend on a large ecosystem of channel partners, So we've launched an Io ti specialization training program to enable them to actually help our customers implementation go faster. So those are the four things that we brought together. The key thing for us was designing these for scale flexibility and security >> capabilities available today. Is that right? >> Absolutely. In fact, if you go in worshipping in two weeks and you can see them at the innovation showcase, it's actually very cool. >> I was going to mention you brought ecosystem. Glad you brought that. I was gonna ask about how that's developing. I could only imagine new sets of names coming out of the industry in terms of building on these coyotes since his demand for Io ti. It's an emerging market in terms of newness, with a lot of head room. So what's ecosystem look like? Missouri patterns and Aya's vsv ours as they take the shape of the classic ecosystem? Or is it a new set of characters? Or what's the makeup of the >> island's ecosystem, >> I would say is in many ways, if you've been in the eye ot world for sometime, you'll say, You know, it's not like there's a whole new set of characters. Yes, you have more cloud players in there, you You probably have more s eyes in there. But it's been like the distributor's Arvin there. The machine builders thie ot platforms. These folks have been doing this for a long time. It's more around. How do you partner and where do you monetize? We know where you know the value we bring in we rely on. We work very closely with this OT partners machine builders s eyes the cloud partners to go to market and deliver this. You're right. The market's going to evolve because the whole new conversation is around. Data. What do I collect? What do I computer the edge? Where do I go around it to? Should I take it to my own premises? Data centers. Should I take it to the cloud who gets control over the data? How do I make sure that I have control over the data as a customer and I have control over who gets to see it? So I think this will be a revolving conversation. This is something we're enabling with one of our Connecticut platforms, which are not launch. It's already launched in terms of enabling customers to have control over the data and managed to bring >> all the portfolio of Cisco Security Analytics management to the table that puts anything in the world that has power and connectivity to be a device to connect into its system. This is the way it's just I mean, how obvious going Beat commits a huge >> I'm grateful that it's great that you think it's obvious. That's exactly what we're trying to tell our customers. >> How to do is >> about extending >> the way >> we do. It's the playbook, right? Each business has its own unique. There's no general purpose. Coyote is their correct pretty much custom because, um, well, thanks for coming on this. Appreciate it when I ask you one final question. You know, I was really impressed with Karen. Had a great session on wall kind of session yesterday. Impact with women. We interviewed you a Grace offered twenty fifteen. Cisco's doing amazing work. You take a minute to talk about some of the things that Cisco's doing around women in computing. Women in stem. Just great momentum, great success story, great leadership. >> I would say Look at her leadership at Chuck's level, and I think that's a great example in terms of He brings people on, depending on what they can, what they bring to the table, right? They just happened to be a lot of women out there. And the reality is I work for a company that believes in inclusion, whether it's gender race, different experiences, different a different thoughts, different perspective because that's what truly in terms of you can bring in the culture that drives that innovation. I've been sponsoring our women in science and engineering, for I can't remember the last for five years. It's a community that continues to grow, and and the reality is we don't sit in there and talk about, you know, what was me and all the things they're happening. What we talk about is, What are the cool new technologies that are out there? How do I get my hands on him? And yeah, there we talk about some things where women are little reticent and shy to do so. What we learn from other people's experiences, many time the guy's air very interested. So what? You sit them there and talking to said, Trust me, it's not like a whining and moaning section. It's more in terms of where we learned from each other >> years talking and sharing ideas, >> absolute >> innovation and building things. >> And we've got, you know, you look we look around that's a great set of women leaders throughout the company. At every single level at every function. It's ah, it's It's great to be there. We continue to sponsor Grace offer. We have some of the biggest presence at Grace Offer. We do so many other things like connected women within the company. It's just a I would say fabulous place to be. >> You guys do a lot of great things for society. Great company, great leadership. Thank you for doing all that's phenomenal. We love covering it, too. So we'll be affect cloud now today in Silicon Valley. Women in data science at Stanford and among them the >> greatest passion of our things. Straight here. >> Thanks for coming on this. The Cube live coverage here in Barcelona. Francisco Live twenty eighteen back with more. After the short break, I'm jump area with evil Aunt. Be right back