>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019 brought to you by Amazon Web service is and its ecosystem partners come >> back, Everyone live Coverage of AWS reinforced their first conference, The Cube here in Boston. Messages some jumper. MacOS David Lattin escapes Jesse rusting >> CT on co >> founder of Extra Cube alumni. Great to see you again. VM World Reinvent >> Now the new conference reinforce not a team. A >> summit reinforced a branded event around Cloud security. This is in your wheelhouse. >> Thank you for having me. Yeah, it's a spectacular event. Unbelievable turnout. I think there's 8000 people here. Maybe more. I know that's what they were expecting for an event that was conceived of, or at least announced barely six months ago. The turnout's just >> wait. Many conversation in the past on the Cube and others cloud security now having its own conference. It's not like a like a security conference like Black at Def Con, which is like a broader security. This is really focused on cloud security and the nuances involved for on premises and cloud as it's evolving. It's certainly a lot more change coming on this kind of spins into your direction you would talking this year in the front end. >> It absolutely does. First, it speaks to market demand. Clearly, there was demand for a cloud security focused conference, and that's why this exists. Every survey that I've seen lists security extremely high on the list of anxieties or even causes for delay for shifting workloads to the cloud. So Amazon takes security extremely seriously. >> And then my own personal >> view is that cloud security has been somewhat nascent and immature. And we're seeing, you know, hopefully kind of Ah, somewhere rapid, a >> lot of motivation in that market. Certainly a lot of motivated people want to see it go faster and there spitting in building that out. So I gotta ask >> you before you get off the show, I actually say something if I may. I mean, it's been a long time coming. Yeah, this to your point, Jesse. There was a real need for it, and I think Amazon deserves a lot of credit for that. But at the same time, I think Amazon. There's a little criticism there. I mean, I think that the message that reinvent that's always been we got the best security. We got the most features as I come on in, and the whole theme here of the shared responsibility model, which I'd love to get into, I think was somewhat misunderstood by some of those high high level messaging. So I didn't want to put that out there as a topic that we might touch on. Great. Let's talk about it. Okay, so I do think it was misunderstood. The shared responsibility model. I think the messaging was Hey, the cloud is more secure than your existing data centers. Come on in. And I think a lot of people naively entered waters and then realized, Oh, wait a minute. There's a lot that we still have toe secure. We can't just set it and forget it. I mean, you agree with that? >> I I think that's a controversial topic. I do agree with it. I think it continues to be misunderstood. Shared responsibility model in some ways is Amazon saying We're going the security infrastructure and we're going to give you the tools. But organizations air still expected to follow best practices, certainly, and implement their own, hopefully best in class security operations. >> It's highly nuanced. You can say sharing data see increases visibility into into threats and also of making quality alerts. But I think it's a little bit biased, Dave for Amazon to satiate responsibility because they're essentially want to share in the security posture because they're saying we'll do this. You do that as inherently shared. So why wouldn't they say that? >> Well, I guess we're gonna say way want to own everything? Well, I guess my weight So this show is that I really like their focus on that. I think they shone a light on it and for the goodness of the the industry in the community they have. But it is a bit >> nuanced, and they've said some controversial, perhaps even trajectory statements. In the keynote yesterday, I was I was amused to hear that security is everybody everyone's job, which is something I wholeheartedly believe in. But at the same time, you know, David said that he didn't believe Stephen Step Rather said that he didn't believe in depth set cops, and that seemed a little bit of odds because I but I think they're probably really Steven Schmidt. Steven >> so eight of us. But at the same time, there was a narrative around. Security is code. So, yes, there were some contradictions in messaging, so this smaller remains small ones. They were nuanced but remains some confusion. And that's why people look to the ecosystem to help acorns. And this goes back to >> my earlier point. I I believe that cloud security is really quite nascent. When we look at the way we look at the landscape of vendors, we see a number of vendors that really are kind of on Prem security solutions. They're trying to shoehorn into the cloud way, see a lot of essentially vulnerability scanning and static image scanning. But wait, don't see, in my opinion, that much really best in class security so solutions. And I think until relatively recently it was very hard to enable some of them. And that's why I'd love to talk about the VPC traffic marrying announcement, because I think that was actually the most impactful announcement >> that I want to get to it. So So this is ah, a new on the way. By the way, the other feedback up ahead on the Cube is the sessions here have been so good because you can dig deeper than what you can get it re invent given tries. This is a good example. Explained that the that story because this has been one of the most important stories, the traffic mirroring >> well, unlike >> reinvent. I think this show is Is Maura about education than it is about announcements? No, Amazon announced. A few new service is going into G ET, but these were service is, for the most part, that we already knew you were coming here like God Watchtower in security hub. But the BBC traffic mirroring was really the announcement of this show. And, gosh, it's been a long time in coming 11 closely held belief I've had for a long time is that in the fullness of time, there's really nothing of value that that you can do on Prem that you wouldn't eventually be able to do in the cloud. And it's just been a head scratcher for me. WIFE. For so many years, we've been unable to get any sort of view, mirror or tap of the traffic for diagnostic or analytic purpose is something you could do on prim so easily, with a span porter and network tap and in the cloud we've been having to do kind of back flips and workarounds and software taps and things like that. But with this announcement, it's finally here. It's native >> explain VPC Chapman. What is it for? The folks watching might not know it. Why it's wife. What is it and why is it important? >> So BBC traffic marrying is a network tap that is built into E. C. To networking. What it means is that you can configure a V p c traffic mirror four individual E C two instances actually down to the e n I. Level. You can configure filters and you can send that to a target for analysis purposes. And this analysis could be for diagnostics. But I think much more important is for security. Extra hop is is really began as a network analytics platform way do network detection and response. So this type of this ability to analyze the traffic in real time to run predictive models against it to detect in real time suspicious behaviors and potential threats, I think is absolutely game changing for someone security posture. >> And you guys have been on the doorstep of this day in day out. So this is like a great benefit to you guys. As a company, I can see that. I see That's a great thing for you guys. What's the impact of the customers? Because what is the good news that comes out of the traffic nearing for them? What's the impact of their environment? >> Well, it's all about >> friction. First, I wantto clarify that we've been running in a WS for over six years, six or seven years, so we've had that solution. But it's required some friction in the deployment process because our customers had to install some sort of software tap, which was usually an agent, that was analyzing that there was really gathering the packets in some sort of promiscuous mood and then sending them to us in a tunnel. Where is now? This is This is built into the service into the infrastructure. There's no performance penalty at all. You can configure it. You have I am rolls and policies to secure it. All of the friction goes away. I think, for the kind of the first time in in cloud history, you can now get extremely high quality network security analytics with practically the flip of a switch. >> So It's not another thing do manage. It's like you say, inherit to the network. John and I have heard this this week at this event from practitioners that they want to see less just incremental security products and Maur step function and what they mean by that is way want products that actually take action or give us a script that we can implement, or or actually fix the problem for us. Will this announcement on others that you guys were involved in take that next step more proactive security that these guys so a couple of thoughts >> on that first, the answer is yes, it can, and you're absolutely right. Remediation is extremely important, especially for attacks that they're fast and destructive. When you think about kind of the when you think about attack patterns, their attacks are low and slow. Their attacks their advanced in persistent but the taxes, air fast and destructive movie the speed that is really beyond the ability for humans to respond. And for those sorts of attacks, I think you absolutely need some sort of automated remediation. The most common solutions are some form of blocking the traffic, quarantining the traffic or maybe locking the accounts, and you're kind of blocking. Quarantining and locking are my top three, and then various forms of auditing and forensics go along the way. Amazon actually has a very good tool box for that already. And there are security orchestration, products that can help. And for products like extra hop, the ability to feed a detection into an action is actually a trivial form of integration that we offer out of the box. So the answer is yes. >> But let me go >> back to kind of the incrementalist approach as well that you mentioned. I kind of think about the space and really, really broad strokes and organizations for the last 10 years or so have really highly invested in prevention and protection. So a lot of this is your perimeter defense and in point protection, and the technologies have gotten better. Firewalls have turned into next generation firewalls and antivirus agents have turned into next generation anti virus or in point detection and response. But I strongly believe that network security has and in some ways just kind of lagged behind, and it's really ripe for innovation. And that's why that's what we've really spent the last decade >> building. And that's why you're excited about the traffic BPC traffic nearing because it allows for parallel analytics and so more real time, >> more real >> time. But the network has great properties that nothing else has. When you think about network security with the network itself is close to ground Truth as you can get, it's very hard to tamper with, and it's impossible to turn off those air great properties for cyber security. And you can't say that about something like that. Logs, which are from time to time disabled and scrubbed on. You certainly can't say that about en Pointe agents, which are often worked around and in some cases even used as a better for attack. >> I'm gonna ask you Okay, on that point, I get that. So the next question would come to my mind is okay with the surface here. With coyote expanding and with cloud, you have a sprawling surface area. So the surface area is growing just by default by natural evolution, connecting to the cloud people of back hauling their data into the cloud. All this is good stuff. >> Absolutely. Call it the attack surface, and it is absolutely glowing perhaps in an exponential >> about that dynamic, one sprawling attack air. Because that's just the environment now. And what's the best practice to kind of figure out security posture? Great, great >> question. People talk a lot about the dissolution of the perimeter, and I think I think that's a bit of the debate. And regardless of your views on that, we can all believe that the perimeter is changing and that workloads are moving around and that users are becoming more mobile. But I think an extremely important point is that every enterprise just about is hybrid. So we actually need protection for a hybrid attack surface. And that's an area where I believe extra hop offers a great solution because we have a solution that runs on premises in physical data centers are on campuses, which, no matter how much work, would you move to the cloud. You still have some sort of user on some sort of laptop or some sort of work station in some sort of campus environment, way workin in private cloud environments that are virtualized. And then, of course, we work in public cloud environments, and another announcement that we just made it this show, which I also think is game changing, is our revealed ex cloud offering. So this is an SAS. This is a sass based, network detection and response solution, which means that I talked about removing friction by marrying the traffic. But in this case, all >> you have to >> do is mirror the traffic, pointed to our sass, and we'll do all of the management mean that So is that in the streets for you that is in the marketplace. We launched it yesterday, >> So it's great integration point for you guys. Get it, get on board more customers. >> And I think I think solutions like ours are absolutely best practices and required to secure this hybrid attacks in the >> marketplace. What was that experience like, you know, Amazon >> was actually great to work with. I don't mean to say that with disbelief. You work with you work with such a large company. You kind of have certain expectations, and they exceeded all of my expectations in terms of their responsiveness. They worked with us extremely closely to get into the marketplace. They made recommendations with partners who could help accelerate our efforts. But >> in addition to the >> marketplace, we actually worked with them closely on the VPC traffic marrying feature. There was something we began talking with them about a SW far back, as I think last December, even before reinvent, they were extremely responsive to our feedback. They move very, very quickly. They've actually just >> been a delight to work. There's a question about you talking about the nana mutability of logs, and they go off line sometimes. And yet the same time there's been tens of $1,000,000,000 of value creation from that industry. Are there things that our magic there or things that you can learn from the analytics of analyzing logs that you could bring over to sort of what you're positioning is a more modern and cloud like approach? Or is there some kind of barrier to entry doing that? Can you shed some light on Jesse? That's >> a great question, and this is where I'll say it's a genius of the end situation, not a tyranny of the or so I'm not telling people. Don't collect your logs or analyze them. Of course you should do that, you know that's the best practice. But chances are that that space, you know, the log analysis and the, you know, the SIM market has become so mature. Chances are you're already doing that. And I'm not gonna tell organizations that they shouldn't have some sort of point protection. Of course you should. But what I am saying is that the network itself is a very fundamental data source that has all of those properties that are really good for cyber security and the ability that analyze what's going on in your environment in real time. Understand which users air involved? Which resource is air accessed? And are these behavioral patterns of suspicious and do they represent potential threats? I think that's very powerful. I have a I have a whole threat research team that we've built that just runs attacks, simulations and they run attack tools so that we can take behavioral profiles and understand what these look like in the environment. We build predictive models around how we expect you re sources and users and end points to behave. And when they deviate from those models, that's how we know something suspicious is going on. So this is definitely a a genius of the end situation. John >> reminds me of your you like you're very fond of saying, Hey, what got you here is not likely to move you forward. And that's kind of the takeaway for practitioners is >> yeah. I mean, you gotta build on your success. I mean, having economies of scale is about not having Disick onyx of scale, meaning you always constantly reinventing your product, not building on the success. And then you're gonna have more success if you can't trajectory if you it's just basic competitive strategy product strategy. But the thing that's interesting here is is that as you get more successful and you continue to raise the bar, which is an Amazon term, they work with you better. So if you're raising the bar and you did your own network security probably like OK, now we get parallel traffic mirroring so that >> that's true. But I think we've also heard the Amazon is I think they caught maniacally customer focused, right? And so I think that this traffic marrying capability really is due to customer demand. In fact, when you when you were if you were at the Kino when they made the announcement, that was the announcement where I feel like every phone in the in the whole auditorium went up. That's the announcement where I think there's a lot of excitement and for security practitioners in particular, and SEC ops teams I think this. I think this really reduces some anxiety they have, because cloud workloads really tend to be quite opaque. You have logs, you have audit logs, but it's very difficult to know what actually going on there and who is actually accessing that environment. And, even more important, where is my data going? This is where we can have all sorts of everything from a supply chain attack to a data exfiltration on. It's extremely important to to be able to have that visibility into these clouds >> way agree. We've been saying on the cue many, many years now that the network is the last bottleneck, really, where that script gets flipped upside down where Workloads air dictating Dev ops. Now the network piece is here, so I think this is going to create a lot of innovation. That's our belief. Love to follow up Mawr in Palo Alto. When we get back on this hybrid cloud, I think that's a huge opportunity. I think there's a create a blind spot for companies because that's where the the attackers will go, because they'll know that the hybrids rolling out and that'll be a vulnerability area >> one that's, you know, it's an arms race. Network security is not new. It's been around for decades. But the attack the attackers in the attacks have become more sophisticated, and as a result, you know the defenders need to raise their game as well. This is why, on the one hand, there's there's so much hype and I think machine learning in some ways is oversold. But in other ways, it is a great tool in our arsenal. You know, the machine learning the predictive models, the behavioral models, they really do work. And it really is the next evolution for defensive >> capabilities. Thanks for coming on. Great insight. >> One last question. The beer. Extra guys have been here way did in the past. It's been a while since >> we've done that, but it comes from early days when when I founded the company, people would ask you in the name extra hoppy. Oh, are you guys an online brewery? And we were joking. We said no, that that was extra hops way embraced it and We actually worked with a local brewer that has since been acquired by a major beverage brands. I >> don't know that. I just heard way built our own >> label, and it was the ex Rob Wired P. A. It was it was extremely well received. Every time we visit a customer they'd ask us to bring here. >> That's pretty. You gotta go back to proven formula. Thanks for the insights. Let's follow up when we get back in Palo Alto in our studio on his high breathing's a compelling conversation network Security Network analytics innovation areas where all the action's happening here in Boston, 80 best reinforced. Keep coverage. We'll be right back.