(upbeat music) >> Welcome back everyone to Supercloud 2, live here in Palo Alto, our studio, where we're doing a live stage performance and virtually syndicating out around the world. I'm John Furrier with Dave Vellante, my co-host with the The Cube here. We've got Kit Colbert, the CTO of VM. We're doing a keynote on Cloud Chaos, the evolution of SuperCloud Architecture Kit. Great to see you, thanks for coming on. >> Yeah, thanks for having me back. It's great to be here for Supercloud 2. >> And so we're going to dig into it. We're going to do a Q&A. We're going to let you present. You got some slides. I really want to get this out there, it's really compelling story. Do the presentation and then we'll come back and discuss. Take it away. >> Yeah, well thank you. So, we had a great time at the original Supercloud event, since then, been talking to a lot of customers, and started to better formulate some of the thinking that we talked about last time So, let's jump into it. Just a few quick slides to sort of set the tone here. So, if we go to the the next slide, what that shows is the journey that we see customers on today, going from what we call Cloud First into this phase that many customers are stuck in, called Cloud Chaos, and where they want to get to, and this is the term customers actually use, we didn't make this up, we heard it from customers. This notion of Cloud Smart, right? How do they use cloud more effectively, more intelligently? Now, if you walk through this journey, customers start with Cloud First. They usually select a single cloud that they're going to standardize on, and when they do that, they have to build out a whole bunch of functionality around that cloud. Things you can see there on the screen, disaster recovery, security, how do they monitor it or govern it? Like, these are things that are non-negotiable, you've got to figure it out, and typically what they do is, they leverage solutions that are specific for that cloud, and that's fine when you have just one cloud. But if we build out here, what we see is that most customers are using more than just one, they're actually using multiple, not necessarily 10 or however many on the screen, but this is just as an example. And so what happens is, they have to essentially duplicate or replicate that stack they've built for each different cloud, and they do so in a kind of a siloed manner. This results in the Cloud Chaos term that that we talked about before. And this is where most businesses out there are, they're using two, maybe three public clouds. They've got some stuff on-prem and they've also got some stuff out at the edge. This is apps, data, et cetera. So, this is the situation, this is sort of that Cloud Chaos. So, the question is, how do we move from this phase to Cloud Smart? And this is where the architecture comes in. This is why architecture, I think, is so important. It's really about moving away from these single cloud services that just solve a problem for one cloud, to something we call a Cross-Cloud service. Something that can support a set of functionality across all clouds, and that means not just public clouds, but also private clouds, edge, et cetera, and when you evolve that across the board, what you get is this sort of Supercloud. This notion that we're talking about here, where you combine these cross-cloud services in many different categories. You can see some examples there on the screen. This is not meant to be a complete set of things, but just examples of what can be done. So, this is sort of the transition and transformation that we're talking about here, and I think the architecture piece comes in both for the individual cloud services as well as that Supercloud concept of how all those services come together. >> Great presentation., thanks for sharing. If you could pop back to that slide, on the Cloud Chaos one. I just want to get your thoughts on something there. This is like the layout of the stack. So, this slide here that I'm showing on the screen, that you presented, okay, take us through that complexity. This is the one where I wanted though, that looks like a spaghetti code mix. >> Yes. >> So, do you turn this into a Supercloud stack, right? Is that? >> well, I think it's, it's an evolving state that like, let's take one of these examples, like security. So, instead of implementing security individually in different ways, using different technologies, different tooling for each cloud, what you would do is say, "Hey, I want a single security solution that works across all clouds", right? A concrete example of this would be secure software supply chain. This is probably one of the top ones that I hear when I talk to customers. How do I know that the software I'm building is truly what I expect it to be, and not something that some hacker has gotten into, and polluted with malicious code? And what they do is that, typically today, their teams have gone off and created individual secure software supply chain solutions for each cloud. So, now they could say, "Hey, I can take a single implementation and just have different endpoints." It could go to Google, or AWS, or on-prem, or wherever have you, right? So, that's the sort of architectural evolution that we're talking about. >> You know, one of the things we hear, Dave, you've been on theCUBE all the time, and we, when we talk privately with customers who are asking us like, what's, what's going on? They have the same complaint, "I don't want to build a team, a dev team, for that stack." So, if you go back to that slide again, you'll see that, that illustrates the tech stack for the clouds and the clouds at the bottom. So, the number one complaint we hear, and I want to get your reaction to that, "I don't want to have a team to have to work on that. So, I'm going to pick one and then have a hedge secondary one, as a backup." Here, that's one, that's four, five, eight, ten, ten environments. >> Yeah, I got a lot. >> That's going to be the reality, so, what's the technical answer to that? >> Yeah, well first of all, let me just say, this picture is again not totally representative of reality oftentimes, because while that picture shows a solution for every cloud, oftentimes that's not the case. Oftentimes it's a line of business going off, starting to use a new cloud. They might solve one or two things, but usually not security, usually not some of these other things, right? So, I think from a technical standpoint, where you want to get to is, yes, that sort of common service, with a common operational team behind it, that is trained on that, that can work across clouds. And that's really I think the important evolution here, is that you don't need to replicate these operational teams, one for each cloud. You can actually have them more focused across all those clouds. >> Yeah, in fact, we were commenting on the opening today. Dave and I were talking about the benefits of the cloud. It's heterogeneous, which is a good thing, but it's complex. There's skill gaps and skill required, but at the end of the day, self-service of the cloud, and the elastic nature of it makes it the benefit. So, if you try to create too many common services, you lose the value of the cloud. So, what's the trade off, in your mind right now as customers start to look at okay, identity, maybe I'll have one single sign on, that's an obvious one. Other ones? What are the areas people are looking at from a combination, common set of services? Where do they start? What's the choices? What are some of the trade offs? 'Cause you can't do it everything. >> No, it's a great question. So, that's actually a really good point and as I answer your question, before I answer your question, the important point about that, as you saw here, you know, across cloud services or these set of Cross-Cloud services, the things that comprise the Supercloud, at least in my view, the point is not necessarily to completely abstract the underlying cloud. The point is to give a business optionality and choice, in terms of what it wants to abstract, and I think that gets to your question, is how much do you actually want to abstract from the underlying cloud? Now, what I find, is that typically speaking, cloud choice is driven at least from a developer or app team perspective, by the best of breed services. What higher level application type services do you need? A database or AI, you know, ML systems, for your application, and that's going to drive your choice of the cloud. So oftentimes, businesses I talk to, want to allow those services to shine through, but for other things that are not necessarily highly differentiated and yet are absolutely critical to creating a successful application, those are things that you want to standardize. Again, like things like security, the supply chain piece, cost management, like these things you need to, and you know, things like cogs become really, really important when you start operating at scale. So, those are the things in it that I see people wanting to focus on. >> So, there's a majority model. >> Yes. >> All right, and we heard of earlier from Walmart, who's fairly, you know, advanced, but at the same time their supercloud is pretty immature. So, what are you seeing in terms of supercloud momentum, crosscloud momentum? What's the starting point for customers? >> Yeah, so it's interesting, right, on that that three-tiered journey that I talked about, this Cloud Smart notion is, that is adoption of what you might call a supercloud or architecture, and most folks aren't there yet. Even the really advanced ones, even the really large ones, and I think it's because of the fact that, we as an industry are still figuring this out. We as an industry did not realize this sort of Cloud Chaos state could happen, right? We didn't, I think most folks thought they could standardize on one cloud and that'd be it, but as time has shown, that's simply not the case. As much as one might try to do that, that's not where you end up. So, I think there's two, there's two things here. Number one, for folks that are early in to the cloud, and are in this Cloud Chaos phase, we see the path out through standardization of these cross-cloud services through adoption of this sort of supercloud architecture, but the other thing I think is particularly exciting, 'cause I talked to a number of of businesses who are not yet in the Cloud Chaos phase. They're earlier on in the cloud journey, and I think the opportunity there is that they don't have to go through Cloud Chaos. They can actually skip that whole phase if they adopt this supercloud architecture from the beginning, and I think being thoughtful around that is really the key here. >> It's interesting, 'cause we're going to hear from Ionis Pharmaceuticals later, and they, yes there are multiple clouds, but the multiple clouds are largely separate, and so it's a business unit using that. So, they're not in Cloud Chaos, but they're not tapping the advantages that you could get for best of breed across those business units. So, to your point, they have an opportunity to actually build that architecture or take advantage of those cross-cloud services, prior to reaching cloud chaos. >> Well, I, actually, you know, I'd love to hear from them if, 'cause you say they're not in Cloud Chaos, but are they, I mean oftentimes I find that each BU, each line of business may feel like they're fine, in of themselves. >> Yes, exactly right, yes. >> But when you look at it from an overall company perspective, they're like, okay, things are pretty chaotic here. We don't have standardization, I don't, you know, like, again, security compliance, these things, especially in many regulated industries, become huge problems when you're trying to run applications across multiple clouds, but you don't have any of those company-wide standardizations. >> Well, this is a point. So, they have a big deal with AstraZeneca, who's got this huge ecosystem, they want to start sharing data across those ecosystem, and that's when they will, you know, that Cloud Chaos will, you know, come, come to fore, you would think. I want to get your take on something that Bob Muglia said earlier, which is, he kind of said, "Hey Dave, you guys got to tighten up your definition a little bit." So, he said a supercloud is a platform that provides programmatically consistent services hosted on heterogeneous cloud providers. So, you know, thank you, that was nice and simple. However others in the community, we're going to hear from Dr. Nelu Mihai later, says, no, no, wait a minute, it's got to be an architecture, not a platform. Where do you land on this architecture v. platform thing? >> I look at it as, I dunno if it's, you call it maturity or just kind of a time horizon thing, but for me when I hear the word platform, I typically think of a single vendor. A single vendor provides this platform. That's kind of the beauty of a platform, is that there is a simplicity usually consistency to it. >> They did the architecture. (laughing) >> Yeah, exactly but I mean, well, there's obviously architecture behind it, has to be, but you as a customer don't necessarily need to deal with that. Now, I think one of the opportunities with Supercloud is that it's not going to be, or there is no single vendor that can solve all these problems. It's got to be the industry coming together as a community, inter-operating, working together, and so, that's why, for me, I think about it as an architecture, that there's got to be these sort of, well-defined categories of functionality. There's got to be well-defined interfaces between those categories of functionality to enable modularity, to enable businesses to be able to pick and choose the right sorts of services, and then weave those together into an overall supercloud. >> Okay, so you're not pitching, necessarily the platform, you're saying, hey, we have an architecture that's open. I go back to something that Vittorio said on August 9th, with the first Supercloud, because as well, remember we talked about abstracting, but at the same time giving developers access to those primitives. So he said, and this, I think your answer sort of confirms this. "I want to have my cake eat it too and not gain weight." >> (laughing) Right. Well and I think that's where the platform aspect can eventually come, after we've gotten aligned architecture, you're going to start to naturally see some vendors step up to take on some of the remaining complexity there. So, I do see platforms eventually emerging here, but I think where we have to start as an industry is around aligning, okay, what does this definition mean? What does that architecture look like? How do we enable interoperability? And then we can take the next step. >> Because it depends too, 'cause I would say Snowflake has a platform, and they've just defined the architecture, but we're not talking about infrastructure here, obviously, we're talking about something else. >> Well, I think that the Snowflake talks about, what he talks about, security and data, you're going to start to see the early movement around areas that are very spanning oriented, and I think that's the beginning of the trend and I think there's going to be a lot more, I think on the infrastructure side. And to your point about the platform architecture, that's actually a really good thought exercise because it actually makes you think about what you're designing in the first place, and that's why I want to get your reaction. >> Quote from- >> Well I just have to interrupt since, later on, you're going to hear from near Nir Zuk of Palo Alto Network. He says architecture and security historically, they don't go hand in hand, 'cause it's a big mess. >> It depends if you're whacking the mole or you actually proactively building something. Well Kit, I want to get your reaction from a quote from someone in our community who said about Supercloud, you know, "The Supercloud's great, there are issues around computer science rigors, and customer requirements." So, there's some issues around the science itself as well as not just listen to the customer, 'cause if that's the case, we'd have a better database, a better Oracle, right, so, but there's other, this tech involved, new tech. We need an open architecture with universal data modeling interconnecting among them, connectivity is a part of security, and then, once we get through that gate, figuring out the technical, the data, and the customer requirements, they say "Supercloud should be a loosely coupled platform with open architecture, plug and play, specialized services, ready for optimization, automation that can stand the test of time." What's your reaction to that sentiment? You like it, is that, does that sound good? >> Yeah, no, broadly aligns with my thinking, I think, and what I see from talking with customers as well. I mean, I like the, again, the, you know, listening to customer needs, prioritizing those things, focusing on some of the connective tissue networking, and data and some of these aspects talking about the open architecture, the interoperability, those are all things I think are absolutely critical. And then, yeah, like I think at the end. >> On the computer science side, do you see some science and engineering things that need to be engineered differently? We heard databases are radically going to change and that are inadequate for the new architecture. What are some of the things like that, from a science standpoint? >> Yeah, yeah, yeah. Some of the more academic research type things. >> More tech, or more better tech or is it? >> Yeah, look, absolutely. I mean I think that there's a bunch around, certainly around the data piece, around, you know, there's issues of data gravity, data mobility. How do you want to do that in a way that's performant? There's definitely issues around security as well. Like how do you enable like trust in these environments, there's got to be some sort of hardware rooted trusts, and you know, a whole bunch of various types of aspects there. >> So, a lot of work still be done. >> Yes, I think so. And that's why I look at this as, this is not a one year thing, or you know, it's going to be multi-years, and I think again, it's about all of us in the industry working together to come to an aligned picture of what that looks like. >> So, as the world's moved from private cloud to public cloud and now Cross-cloud services, supercloud, metacloud, whatever you want to call it, how have you sort of changed the way engineering's organized, developers sort of approached the problem? Has it changed and how? >> Yeah, absolutely. So, you know, it's funny, we at VMware, going through the same challenges as our customers and you know, any business, right? We use multiple clouds, we got a big, of course, on-prem footprint. You know, what we're doing is similar to what I see in many other customers, which, you see the evolution of a platform team, and so the platform team is really in charge of trying to develop a lot of these underlying services to allow our lines of business, our product teams, to be able to move as quickly as possible, to focus on the building, while we help with a lot of the operational overheads, right? We maintain security, compliance, all these other things. We also deal with, yeah, just making the developer's life as simple as possible. So, they do need to know some stuff about, you know, each public cloud they're using, those public cloud services, but at the same, time we can abstract a lot of the details they don't need to be in. So, I think this sort of delineation or separation, I should say, between the underlying platform team and the product teams is a very, very common pattern. >> You know, I noticed the four layers you talked about were observability, infrastructure, security and developers, on that slide, the last slide you had at the top, that was kind of the abstraction key areas that you guys at VMware are working? >> Those were just some groupings that we've come up with, but we like to debate them. >> I noticed data's in every one of them. >> Yeah, yep, data is key. >> It's not like, so, back to the data questions that security is called out as a pillar. Observability is just kind of watching everything, but it's all pretty much data driven. Of the four layers that you see, I take that as areas that you can. >> Standardize. >> Consistently rely on to have standard services. >> Yes. >> Which one do you start with? What's the, is there order of operations? >> Well, that's, I mean. >> 'Cause I think infrastructure's number one, but you had observability, you need to know what's going on. >> Yeah, well it really, it's highly dependent. Again, it depends on the business that we talk to and what, I mean, it really goes back to, what are your business priorities, right? And we have some customers who may want to get out of a data center, they want to evacuate the data center, and so what they want is then, consistent infrastructure, so they can just move those applications up to the cloud. They don't want to have to refactor them and we'll do it later, but there's an immediate and sort of urgent problem that they have. Other customers I talk to, you know, security becomes top of mind, or maybe compliance, because they're in a regulated industry. So, those are the sort of services they want to prioritize. So, I would say there is no single right answer, no one size fits all. The point about this architecture is really around the optionality of it, as it allows you as a business to decide what's most important and where you want to prioritize. >> How about the deployment models kit? Do, does a customer have that flexibility from a deployment model standpoint or do I have to, you know, approach it a specific way? Can you address that? >> Yeah, I mean deployment models, you're talking about how they how they consume? >> So, for instance, yeah, running a control plane in the cloud. >> Got it, got it. >> And communicating elsewhere or having a single global instance or instantiating that instance, and? >> So, that's a good point actually, and you know, the white paper that we released back in August, around this sort of concept, the Cross-cloud service. This is some of the stuff we need to figure out as an industry. So, you know when we talk about a Cross-cloud service, we can mean actually any of the things you just talked about. It could be a single instance that runs, let's say in one public cloud, but it supports all of 'em. Or it could be one that's multi-instance and that runs in each of the clouds, and that customers can take dependencies on whichever one, depending on what their use cases are or the, even going further than that, there's a type of Cross-cloud service that could actually be instantiated even in an air gapped or offline environment, and we have many, many businesses, especially heavily regulated ones that have that requirement, so I think, you know. >> Global don't forget global, regions, locales. >> Yeah, there's all sorts of performance latency issues that can be concerned about. So, most services today are the former, there are single sort of instance or set of instances within a single cloud that support multiple clouds, but I think what we're doing and where we're going with, you know, things like what we see with Kubernetes and service meshes and all these things, will better enable folks to hit these different types of cross-cloud service architectures. So, today, you as a customer probably wouldn't have too much choice, but where we're going, you'll see a lot more choice in the future. >> If you had to summarize for folks watching the importance of Supercloud movement, multi-cloud, cross-cloud services, as an industry in flexible, 'cause I'm always riffing on the whole old school network protocol stacks that got disrupted by TCP/IP, that's a little bit dated, we got people on the chat that are like, you know, 20 years old that weren't even born then. So, but this is a, one of those inflection points that's once in a generation inflection point, I'm sure you agree. What scoped the order of magnitude of the change and the opportunity around the marketplace, the business models, the technology, and ultimately benefits the society. >> Yeah. Wow. Getting bigger. >> You have 10 seconds, go. >> I know. Yeah. (laughing) No, look, so I think it is what we're seeing is really the next phase of what you might call cloud, right? This notion of delivering services, the way they've been packaged together, traditionally by the hyperscalers is now being challenged. and what we're seeing is really opening that up to new levels of innovation, and I think that will be huge for businesses because it'll help meet them where they are. Instead of needing to contort the businesses to, you know, make it work with the technology, the technology will support the business and where it's going. Give people more optionality, more flexibility in order to get there, and I think in the end, for us as individuals, it will just make for better experiences, right? You can get better performance, better interactivity, given that devices are so much of what we do, and so much of what we interact with all the time. This sort of flexibility and optionality will fundamentally better for us as individuals in our experiences. >> And we're seeing that with ChatGPT, everyone's talking about, just early days. There'll be more and more of things like that, that are next gen, like obviously like, wow, that's a fall out of your chair moment. >> It'll be the next wave of innovation that's unleashed. >> All right, Kit Colbert, thanks for coming on and sharing and exploring the Supercloud architecture, Cloud Chaos, the Cloud Smart, there's a transition progression happening and it's happening fast. This is the supercloud wave. If you're not on this wave, you'll be driftwood. That's a Pat Gelsinger quote on theCUBE. This is theCUBE Be right back with more Supercloud coverage, here in Palo Alto after this break. (upbeat music) (upbeat music continues)

(dramatic music) >> Hi I'm Peter Burris with Wikibon, and welcome to this Cube conversation with Fortinet's Aamir Lakhani. Aamir's a world renowned cyber security expert, and lead researcher at Fortinet. And is known in the blackout world as Dr. Chaos. Aamir, thanks very much for joining us today. >> Ah, thank you, glad to be here. >> So, I'm in our Palo Alto studios, Aamir's in Houston, Texas. Aamir how did we move from a world where the issues associated with cyber security were really pertinent and relevant to a few, to an increasing emphasis across business and the concerns about cyber security. And how is that expertise becoming increasingly relevant to business today? >> Wow, that's a, that's a very interesting question. You know, the best I can say is it's a brave new world today. I mean if you think about it today, everything is connected and interconnected to the net. From our homes, to our cars, to our TVs. It's a smart world as everyone says. And because of that there's a lot of opportunity, not only to be connected, but also, a lot of opportunity for attackers to exploit systems. Use these systems as launching pads to gain access to more important information. And we're seeing that all over the place. You know, when I started off my career, it used to be that security experts were really the guys that knew how to configure the vendor boxes. The best that they knew how to. They got the certifications from the vendors. They had the best practices from the vendors. And somewhere along the line, someone realized that, hey, it's going to be a good idea to actually test the security, and pretend like we're the bad guys. And that's where the evolution of I think, penetration testing as well as a red team and offensive security came into play. Where the good guys are now actually writing bad code trying to be the hackers. And trying to guess what the hackers are going to do, before they even do it. And I think that's where we're at today. And the reason we're there is, there's a lot of opportunity with a lot of devices everywhere that's interconnected. >> So, in many respects we've moved from a world where security was a feature of the products we purchased to where today, security really is an asset. And it's an asset that the external world, especially the bad guys, are constantly trying to erode for the business. We've seen some actual resources emerge in the cyber security world. Like the dark net, for example, that is, has many purposes, it might be used in certain countries as a way of circumnavigating limitations on privacy, or access to different sources of information. But it's clearly also being used by nefarious individuals to at least, plan and set up nefarious acts. Take us through the role that the dark net is playing today in the changing landscape of cyber security. >> Exactly, and the first thing to explain is the dark net is almost the media term. Because, it means a variety of different things. First of all, in its most basic form, what it means is, it's all the information that Google doesn't have, that you can't do a Google search for. And that could include, you know, ISPs, it could include forums. But what most people talk about when they talk about the dark net is, what we call the Tor network. Or the onion routing network. Which is, basically, a specialized network that you need to specialized software to gain access to. And you need to know where to go. It's not just, you know, Google search for something. You actually have to have places that you need to go to. That really is today, what is the dark net. Now there are other aspects to the dark net. There's other peer to peer networks. But really it's a hidden network. And that's kind of the evolution of the dark net. >> So, if we think about the role that the dark net's playing. It's not so much the business itself will operate on the dark net, but it needs, at some point in time, visibility into some of the activities that are being performed on the dark net. Because dark net activities turn into surface net problems for enterprises, if they're not smart about their cyber security practices, policies and approaches. Tell us a little bit about some of the manifestations of dark net activities that are hidden, that suddenly become hidden when you don't want them to. And manifest themselves as cyber security problems. >> Exactly, one of the things that we have on the dark net is this concept called ghost markets. And what a ghost market is, think about black market. But a black market, you know, sells goods, and services that could be illegal. A ghost market is very similar, except that it's a very I would say transparent, or it could be a market that may not be up for a long time. It could be here one day, and it could disappear the next day. And that's why it's called a ghost market. Now, what you find on these ghost markets, one of the more popular ghost markets, that was in the media was Silk Roads. You essentially can find anything you want. Now most of the time they're selling illegal drugs. Anything you can think of. But there's other things that they sell on ghost markets as well, such as, exploit kids, cyber zero day attacks, credit cards, a lot of credit cards, account numbers. Account passwords for anything you can think of. Like Netflix, or HBO, or anything that's out there. And on top of that, there's a lot of forums that hackers participate in. You know sometimes a hacker may say, "Hey, I'm just interested in learning how "to create ransomware, how do I create ransomware?" And someone will say, "Well, this is how you do it. "This is a ransomware kit. "Oh, by the way, I can create ransomware for you. "And charge you some money." And other times, hackers are very specific. They're like, "I really don't like company ABC dot com, "I want to attack them, can anyone help me?" And you will find intelligence based on that. You know, we monitor companies all the time. And we know sometimes before they're going to get attacked. Because there's a lot of chatter on the dark net about that. >> So, we have this dark net in which individuals could be anonymous. And that anonymity buys them the opportunity to do some, again, bad things. But you mentioned something interesting, this notion of a ghost market. All markets feature some sort of mechanism for actually handling transactions, for remunerating exchanges. Money. But money is not an honest, at least not with credit cards. How are some of the cryptocurrencies playing a role here in mediating these exchanges in the dark net? Let's start there, and then we'll get into some other factors associated with cryptocurrencies. And how they are important enterprises. Let's start with that one. >> Yeah, so first, you're right, you know, everyone wants to buy and sell something off the dark net. And at first when this was first coming into play, these ghost markets, back in the day people used to use things like gift cards, and re-loaded cards, and web money. And, you know, those things really didn't last. And really what exploded on the dark net what became the de facto currency on the dark net was Bitcoins, and that's how people started transacting with Bitcoins and it, in my opinion, my personal opinion, I think that's one of the reasons why Bitcoins really took off. Now Bitcoins unlike popular belief, they're not really anonymous, there is a public ledger. That keeps track of all the transactions taking place. So, there are other cryptocurrencies that are coming into play that are more anonymous. Mineiro, for example, is not a new cryptocurrency. But it's a popular cryptocurrency that's coming into play in the dark market. In fact, one of the largest dark markets, ghost markets, today called the Dream Market on the dark net, announced that they're going to start accepting Mineiro. So, because of that, I personally believe Mineiro's going to start like gaining more and more popularity. Because now the bad guys, now the criminals are actually using it, it's worth value to them, and they're going to start exchanging information. And of course, with these cryptocurrencies, you can always take it to some sort of exchange, and you can also launder these currencies. And maybe even trade it in for real cash. >> So, many people talk about the need to expect the best, but plan for the worst. And a lot of enterprises today need to start to being more planful about what to do in the event that they encounter a problem. So, for example, some of their data gets stolen, and they end up with some ransomware. That leads the acid question, should firms actually start thinking about creating reserves of some of these currencies? Should they find themselves being attacked? >> You know, so, first of all, I do think it makes sense for firms to at least understand, you know, how cryptocurrency works. Now, I would never promote a, you know, suggest that firms pay a ransom in any type of manner. Because, obviously, it just encourages, and drives the cyber criminal underground. And we've seen that. In fact, in these forums, in these dark net forums, there are attackers out there that say, "Hey, I've attacked this firm, "or I've targeted this industry, "and they're well known to pay, so let's go after them." The healthcare industry is a good example of that. Obviously, for various reasons the healthcare industry can take very little downtime. I mean, there's medical, you know, concerns people's lives, and concerns. So, generally they've been known to pay for ransomware. And that's documented all over the dark web. So, people actually encourage attackers, encourage those attackers to go after their healthcare. Just getting back to your question. You know, one of the last things that you want be in a situation is, you don't ever want to be in the situation where you have to, come up, and understand how cryptocurrencies works, and try and learn it on the fly, while your, you know, while your entire system's are down. While your networks are being held hostage. So, for that reason I would absolutely recommend at least to my customers, hey, learn about cryptocurrency. How it works, what the upside, and what the bad side is. Obviously, in today's market, there's a lot of volatility in cryptocurrency because, you know, it's not being held, or created like currencies, it's being held more like a resource, like gold. You know, people are investing into it. It's becoming, you know, something like this dark market of futures. And, but I think customers need to, and the general public probably needs to learn about how exactly that works. Because there's a lot of misconceptions in cryptocurrency today. >> So, you mentioned that perhaps they shouldn't have a reserve of cryptocurrency, because we don't want to encourage anybody to pay for it. Once you pay you've put a target on your back as someone who's willing to pay. But you also mentioned that firms have to learn something about cryptocurrencies, in advance of actually having a problem. What is a good high quality, world class stance for enterprise relative to cryptocurrency? What are the say, the two or three points that you would suggest, a CEO, board of directors, worry about, and what do they need to really understand now as part of their cryptocurrency stance, what do you think? >> Well, for a cryptocurrency specifically, I think, you know, businesses really need to understand the volatility of it. You know, it is a face, face currency. You know, what does that exactly mean? Who's backing that up? You know, how does it, how does it, you know, drive its value, I think those are very important questions. You know, I do have, you know, clients that actually do hold a very large reserves of cryptocurrency for various reasons. Not only for cyber security reasons. But also, potentially, for investment reasons as well. And that's getting into a whole another world. But I think they need to understand what that really means. But being on those, you know, let's take it back to the cyber aspect of things. One of the things that attackers do concentrate on is attacking cryptocurrency wallets. If you can attack a wallet, and steal the actual cryptocurrency that's obviously worth money to them. A lot of business that do invest in cryptocurrency, or, you know, have any type of cryptocurrency holdings really don't understand how to secure their wallets. Sometimes they use the online methods, which are fine. I mean you are relying on, on the online provider, or the Cloud provider that's providing that wallet. Or other customers that do understand details on cryptocurrency make, keep complete offline wallets. Remember, a cryptocurrency is basically a math algorithm, it's a hash, it's a set of numbers. It doesn't matter if it's really digital online, or if it's stored on a piece of paper in your draw. As long as you have that number you have that cryptocurrency. And so, it's a, I think when you're getting into the dynamics of money, and how it works it's always a little interesting. But I want to stress to you, you know, it's very common for people not to understand how to store cryptocurrency and get those wallets stolen, or hi-jacked, and once that's done, it's gone. It's like cash, you're not going to get that back. >> So, we've talked a little bit about how we got to this point today with cyber security, and how it's becoming, while still very specialized and highly technical, more, and more people have to be, at least, be aware of it. So that they can act rapidly, and properly when they encounter a problem. Look forward the next few years Aamir. And give us some visibility into where you think the cyber security world's going to be? How is this going to play out? If we think about 2020, 2021? >> Wow, that's a loaded question. You know, to keep in the context of this talk. You know, we spoke a little bit about the dark net. And, you know, it's an evolving marketplace, and maybe the dark net was responsible for a little bit of the ignition behind cryptocurrencies. And I think cryptocurrencies, a good thing that came out of it was the blockchain, this public ledger. On basically keeping transactions public, while keeping identities anonymous. I think the blockchain is very powerful even outside of cryptocurrencies. When you're talking about sharing medical information, and research, and actually talking about verifying things, or making a smart contract. A smart contract is basically, a contract that will automatically execute on the Internet, based after certain conditions are met. I think based on those technologies, you know, we're going to see some sort of an evolution of how, you know how security, how cyber security, and technology is really being integrated into our everyday lives. And I know people say, "Well it's already "integrated into our everyday lives." But I don't think you've seen anything yet. I mean I think that cyber security is going to be part of the ecosystem. It's not going to be a bolt on product. It's going to have to be built in from day one. From design, and everything that we do. Whether it's from heart monitors, and heart pumps, to your smart TVs, to of course, your computers, and data centers. >> So, last question, Aamir, we had, or I introduced the segment by talking about how security used to be a feature of different products, and you mentioned this as well, and increasingly it's becoming an asset, a crucial asset of the business. Now, some companies are a little bit more orientated towards that perspective than others. Fortinet, for example, I would argue is very strong on the orientation towards the idea that you have to, that security should be an asset. You have to invest in that appropriately. But identify some things that CIOs, CSOs, CDOs, can do to try to up level the stance within the business of security as an asset. That combines both technology, but also practice processes, and people. >> Right, no, that's a good point. You know, you cannot think of security just as a bolt on technology. I think that's very important. You know, one of things that we do at Fortinet. It's a practice that we preach. And I think a lot of professionals would agree with this. Is that security has to be built all around your ecosystem. That all your devices just can't be specialized add on products. All your devices have to be participating in security. You know, that's why at Fortinet we have what we call our security fabric. Where it's not only our products. But other products as well, are continuously sharing information about blocking attacks. And blocking threats, as well as providing visibility into corporations. And I think corporations kind of miss that sometimes. They're like, "Hey, I bought a product, "I should be good, right?" But they don't really understand what that product does. The effectiveness of that product. How well is it actually blocking the threats. And what is it not doing. What are the questions that you should be asking about the product, or about the environment that you don't know about. And I think once you start building security as a fabric embedded into an ecosystem, embedded into your business practices, right from everything. From, you know, from your charter, from your board of directors understanding, you know, cyber security all the way down to the secretary that's opening up email links. Understanding that, hey, I could be actually putting my company and my business at risk. I think once you've started instilling that mindset, you become more successful. >> Well it's more than just-- >> You know-- >> It's more than just the technology. It's also you. How does, how do people like you, how does your insight, your expertise, your content get distributed and adopted as a consequence of relationships at Fortinet. And obviously others as well? >> Yeah, I mean, I'm really lucky. Our team of researchers, 200 plus researchers, looking for the most common threats. The most updated techniques that the hackers, that the bad guys, that cyber criminals are using. We're examining threats across the board. From everything that you hear on the news. We're on top of it. And the nice thing is, we digest all of that information, and we look at the inner workings of that information. And then we use advanced technologies. Such as artificial intelligence, neural networks, or just a, good old grease work on figuring how to stop these attacks. And that brainpower, that trust that we have, gets actually digested into all the products. And that's very important. Now on top of just being smart guys that create good technology to stop that, we definitely believe that, you know, sharing is caring. And that's why we work with not only government agencies, not only with large businesses, but we also work with, I would say even our competitors, and tell them right away, "Hey, you know, we." When we see a problem, "You guys, look out for this problem. "This could be a big deal. "This could even affect your customers." And that's one of the reasons Fortinet was one of the founding members of the Cyber Threat Alliance which is a lot of security vendors sharing information about threats, and letting the technology speak for itself. >> And a lot of very savvy large enterprises that have a major stake to play in security world as well, again, successfully sharing their insight. Because security as you said, it's a team sport. It takes a village, to secure a business. I guess you could say. Aamir Lakhani, lead researcher, Dr. Chaos thanks very much for joining us in this Cube conversation about cyber security, the dark net, cryptocurrencies. And some of the things that businesses have to worry about as they move forward, and increase their activity. And their dependency on digital technologies. Once again, this is Peter Burris, Wikibon. I've been speaking with Aamir Lakhani at Fortinet. Hope you enjoyed this Cube conversation. >> Aamir: Thanks. (dramatic music)