>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation. Hi, >>I'm stupid, man. And welcome to another cube conversation. I'm here in our Boston area studio. And of course, the intersection of networking and security has always been a hot topic. Even Mawr, if you look at it in 2020 everybody working from home their stresses and strains and a lot more changes than usual for what corporate I t has to deal with. Happy to welcome to the program. Tom Bonkowski. Hey, is the director of product marketing with Net Scout. We're gonna get into some of those topics. Um or Tom, thanks so much for joining us. Welcome. Alright. Eso you came to Donetsk out by way of the Arbor Networks acquisition. Ah, few years ago when I want to give our audience just a little bit about your background, what your team works on and we're gonna be talking about the the edge defense. A solution Said >>Sure. Yes, I I've been with Arbor Networks for over 10 years. I've been the director of product marketing for the DDOS line of products during that time and when we came over to Netsch e still have kind of continue that role. So I'm basically responsible for anything that you know to do with the Arbor Adidas Solutions. We have solutions for the service Friars of the world, large enterprises in the world. >>Yeah, maybe it would help if you just refresh our audience so, you know, generally out in the marketplace. You know d das? It's, you know, attacks on the internet. If I if I was, you know, a big provider technology. It's like, Hey, why can't I get to that website? Oh, they had a DDOS attack that hit them. But you know when when it comes to the enterprise you talked about about service brighter also, you know, when is this hitting them? You know, who are the ones causing this kind of thing? It just kind of give our audience a little bit of level. Said if you would in 2020. >>Oh, yeah. I mean, you know, Adidas attacks have been around for over 20 years. This isn't anything new, as you know, um, but the reality is is as that these attacks have been getting bigger. We're getting more frequent. They're getting more complex. Um, and like I said before, I've been here for over 10 years, and I feel like I say that every single year, but it is absolutely true. Um, and you know, the service Fridays of the world Bear the brunt of this. This problem, they're the ones taking on these large attacks. They're the ones trying to stop it not only to protect their own infrastructure, but also potentially the target, which could or could not be one of their customers. There's a lot of collateral damage associated with the details attacks, especially from a service buyer's perspective, because it impacts everything running on their backbone or in their whatever facility that this attack is flowing through. And then, obviously, you have potentially the target of these attacks, which could be any enterprise, any large government, whatever its very indiscriminate, uh, anyone could be a potential target on br. All >>right. And for for the enterprises themselves, you know, how are they making sure that they are protecting their perimeter? Where does Netsch out? You know, fit in tow, helping protect them against the sort of malicious >>attack. Yeah. So when When it comes to protecting your perimeter in particular. Let's let's talk about where we are today in this whole cove in 19 Pandemic. Um, a zoo. We all know this. This caused a massive work slash. Uh, you know, learn from home scenarios never seen before. And you know the quote. New perimeter is everyone who was once inside the organization now home coming back in, right. And, you know, the the Internet inbound Internet circuit, the firewall, the VPN, gateway, the load master all now coming from the opposite direction that maybe they were utilized in the past. Um, it is really the new perimeter, and it is has become very crucial to maintain business continuity, especially in this time. But as we'll talk about it also has become very vulnerable to to DDOs attacks in particular. And, you know, one of the areas that we'll talk about it is how one particular piece of that infrastructure, the VPN gateway, is actually become not only one of the most critical pieces in that chain of communication, but also one of the most vulnerable pieces to simply because it was never anticipated that this many users would would utilize that VPN gateway, and it was never designed for that on. Therefore, it's running at, you know, high or near capacity or at capacity, and it and it could be toppled over pretty easily with fairly small DDOS attacks. We'll get into that a little bit later. Yeah, >>absolutely, Tom. So I've had so many conversations over the last few months about, you know, the ripple effects of what? Work from home. Or, you know, if we think about however things play out in the next few months, it really will be almost work from anywhere. Um, is what will happen on Dwell. Everyone is working at home. That doesn't mean that some of those bad actors out there have gone away. In fact, you know, every company I talked to that's involved with security has seen way need to raise our capabilities and often are getting mawr attacks out there. What have you been seeing out there in the marketplace? You know, how have things been so far in 2020 when it when it comes, toe your space? >>Yeah, I know the same thing. So I'm gonna put up a chart here. And this is a chart which shows, uh DDOs attacks during the first, um, of six months of 2000 and 20 and this data comes from what we call our cyber threat horizon. This is This is a free online portal that anyone could access and see this information if they wish, But it's fueled by the deployment of our products all over the world. So our our DDOS protection products are utilized by a majority of the world's Internet service fighters. And from that deployment, they send this information about DDOS attack activity like, you know, the size of attack. Who is being tacked? Who was being attacked? Where is it coming from? The protocols or vector is being used, etcetera. So we we gather this information on a daily basis presented in this portal. So what this represents is the first six months of 2000 and 20 and as you can see, there's been over 4.8 million attacks thus far in 2000 and 20. That's about 15% higher than last year at the same exact time period. But if you look at the chart a little bit closer, we snapped the line at February, sort of the start of the global pandemic and the lock down periods, if you will and what you can see February, March, April May as it is an uptick in the number of DDOS attacks almost up to 36% in in May. Eso all this is happening during the time of this lock down, right? All this is happening where organizations are struggling to maintain a new a new normal. If you are this. But this is continuity, right? Eso what you represented before you said before that organizations are still struggling with cyber attacks. In fact, probably more is exactly what's happened to in the DDOS realm. And then finally like if you look at June, you see this little drop off there and you know, here everyone talking about the new normal, the new normal is not the new normal. Possibly. It's still too soon to tell. I think we'll wait for another couple of months here. But the bottom line is that during the midst of all this, as organizations trying to maintain some level of this canoe, they're also being faced with cyber threats like Adidas attacks to like they've never seen before. So amazing challenge that that folks have faced out there. >>Yeah, Tom, there's a few spaces in the marketplace that were already very important, you know, really top of mind from the business. I think about automation security being to the ones that come up most often. And when I talked to the participant in the space they like, I thought I was busy in 2019 and had ah lot playing for 2020 and oh, my gosh. I had no idea what 2020 was really going to bring. So that that data that you showed, you know, you're talking about millions of attacks, and you know that that increase, they're putting a focus on it. Even mawr here. So ah, lot of work for people to be done. So but bring us inside a little bit. Uh, you know how Net Scout, How are you helping customers? What invite you have for them, You know, how do we make sure that we can curb, You know, the the the impact of these attacks? Which is that in the millions? >>Sure. So let's go back to that. That inbound infrastructure now, right? Where everyone working from home, coming into the in down router hitting a firewall and but more likely, hitting a VPN gateway of some sort. That's what's allowing them to get access into these internal resource. Is that VPN? Gateway? As I mentioned before, uh, has been crucial during this time, but it also has been very susceptible to denounce attacks that VPN gateways a zwelling that firewall these air. You know what was referred to a state ful devices? They have to track TCP state in order to work properly? Well, there are three types of DDOS attacks, if you will, to make things simple. One is the volumetric attack, which people normally think of as a DDOS attack. It is designed to saturate that that inbound circuit that that Internet facing router interface, right? Um, and then their application layer taxis. They're very small, stealthy attacks. They're going after specific application servers. They're trying to bleed off. Resource is there. And then there's an attack called state exhaustion attacks these air, specifically designed to go after stay full devices like firewalls or, in today's world, the VPN gateway, and it doesn't take much. It takes a small 100 megabit per second attack lasting for 5 10 minutes to potentially fill the state tables in some of these VPN gateways, especially in light of the fact that they weren't prepared or designed to take on all the legitimate users right there coming in as a result of the pandemic. So the key to stopping these sorts of attacks the state full attacks and protecting at VPN Gateway is to put something on premise that iss stateless, meaning it has the ability to inspect packets using stateless packet processing technology. And we have such products are our product, which we call the Arbor edge defense eyes designed to stop all types of attacks. But in this in this particular environment, uh, it is our excels at stopping state exhaustion attacks, and you deploy it just inside the Internet router and in front of the VPN gateway or that firewall there, it could pick off short lived state exhaustion attacks and protect the availability of the VPN, gateway and firewall. Now, if you're relying upon which rating organizations do relying upon a cloud based data protection service, which we have to we have something called Arbor Cloud. Uh, it may not be able to stop those attacks in time, So you're running a little risk by relying on more traditional cloud based protection services. That's why you need this product Arbor Edge defense on premise, because it will react instantaneously and protect that VPN gateway from going on and maintain that business continuity for you. >>You know, Tom, when I think about that that footprint that you have in a customer's environment, you know, in addition to the D DOS services, it would seem like that Ah, prime opportunity that that there's other services and applications that could be run there. Is that the case with with your your solution to >>Well, if I understand what you mean by the services, well, we have the ability Thio conducted fully managed services that Are you going with that? >>Yeah, I e think Think that Yeah, that z one of right. Understand how how that service works. Yes. >>So? So the our bridge defense, um, is a system that once you have it configured, you design it for protecting sort of the interior services like the protective VPN gateway firewalls. Any other application running internal in the event of a large attack that we've been talking that will fill that Internet pipe, It has a feature called Cloud Signaling, where it will intelligently call for help upstream to either in Arbor Cloud service. This is a fully managed details protection service. We have global scrubbing centers, uh, and or call your I S P, who may you may be getting your data protection service from already. So it has the ability to link the on premise with the with the cloud based protection. And this hybrid approach to protection is absolutely industry best practice. This is this is how you protect yourself from the multiple vector DDOs attacks, as we mentioned previously. Now, if you're an organization that maybe doesn't have enough experience, uh doesn't want to deal with the on Prem our bridge defense. You know, we have you covered there, too. We have the ability to manage that that scenario or that device for you. We have to manage the ability to manage not only the arbor edge of the fence, but they also integration in the arbor cloud. So that whole hybrid scenario that we're talking about could be fully managed by, um, you know, by our folks who do this every single day 24 7. >>Yeah, it's any breakdown. Is thio your customers as toe. You know, when they choose that that that fully managed solution versus on Prem recommendation we've had for a long time is you wanna have your i t focused on things that have differentiation in your environment and seems like a natural thing that, you know, your team has the expertise. Eso What is that decision point as to whether they do it themselves or go with the manage solution? >>I think it really just has to do with the culture and the experience of the company. Really, What we're seeing is some of the smaller organizations that, you know, you have smaller teams, right? That wear multiple hats. They just cannot stay abreast of the latest threats. Indeed, us A. Z I mentioned before these things were getting more and more complex. So I think they're they're coming to the conclusion that all right, this is something that I can't do my by myself anyway for the large attacks. I need a cloud based service, part of some sort. I need someone to help me there anyway. So why don't they just handled the whole thing? Why don't they just handle the on premise component and in the cloud based component of this and make sure that it's running is officially as possible. But you know, even that said, it's not just the smaller org's. We're seeing larger organs do it, too, just to push things off their plates. Let's let's leave Dido's to the experts again because I can't do about myself. Anyway. >>Tom, I I saw a video. I think it was you that did actually talking about how our bridge defense is the first and last defense. When, when, when it comes to DDOS may explain that a little bit or audience. >>Yeah, So our tagline for the product is first and last line of defense. The first lines which we've been talking about all along here, is the ability to stop the inbound DDOS attacks. Now it also acts as the last line of defense, too. So, as we were alluding to before, you know, all you here during this time of the pandemic is watch out for you know, Kobe 19 related ransomware and things like that, right? Um, because the Arbit edge defense, it's just inside the rotter and outside that for a while, it is literally the last component in that cybersecurity change before the let's look from the outbound perspective packets, leaving the enterprising going out to the Internet. It is the last piece of product in that security chain, right, for it leaves the Internet. The arbor edge of the fence has the ability to consume threat intelligence not only from our own atlas system, which we spoke about earlier about third parties to via sticks and taxi. It has the ability to consume threat intelligence. And they're sitting on that. That last piece of you know, the security pipe, if you will or chain it has the ability to intercept. Uh, indicators of compromise have come from internal compromise devices that have made it through the entire security chain. Outgoing. Reach outside the farewell. Now it's one last one last line of defense, if you will, that has ability to recognize and stop that internal indicator compromise. And this is going to help stop the proliferation of malware that, and ultimately avoid that data breach that everyone is fearful. So it has a dual role. It could protect you from inbound DDOS attacks and Uncle also gonna as his last line defense stopping the proliferation this now where we're talking about? Yeah. Great, >>Tom. That actually refers I was curious about you know what other things your your your device did. And you know, there's the intelligence baked into their toe have kind of a multipurpose when you're in that environment. All right, Tom, I want to give you the last word here. You know, cos today they often need to react very fast to be able to deal with, you know, the changing dynamics of their business. You know, spinning up resource is everybody, you know, working from home. And like so, you know, what final advice do you have for them And, you know, give us the final >>word? Yeah. You know, during this time, president times, You know, we all unfortunately thought to me remain very vigilant when it comes to protecting our organization from cyberattacks. One of the one of the areas that seems to get overlooked as eyes DDOs protection. Right? Everyone is focused on malware and things like that, but don't overlook DDOs attacks. These things were happening on a daily basis, as I showed you over almost five million so far this year. Uh, it is an absolute part. Maintain the availability of your organization. It's part of the security Triad, as we know. And, you know, it's it's really their thio, you know? Do you disrupt your business continuity if you are getting hit, So don't overlook your and don't under underestimate your videos protection. All >>right, Well, Tom Bonkowski, thank you so much for the update and, uh, appreciate everything you shared. >>Welcome. All >>right. Be sure to check out the cube dot net for lots more coverage from the Cube. I'm still madman. Thanks for watching.

>> live from San Francisco, celebrating 10 years of high tech coverage. It's the Cube covering Veum, World 2019 brought to you by VM Wear and its ecosystem partners. >> Welcome back. We're here! Mosconi North for VM World 2019 10th Year of the Cube covering VM World. I'm stupid and my co host is John Troyer. And welcome to the program to guest from Del Technologies. Sitting to my right is Tender, my Mondal, who's the director of storage solutions and sitting to his right is David when the senior director of server, product planning and management also with Dell. Gentlemen, thanks so much for joining us. All right, so we've got server and storage and talk about something that we've been talking about for a while on the server side been delivered for a bit and on the storage side is now rolling out. So everybody's favorite topic. Nonviolent till memory express or envy me as it rolls off the tongue storage class memory, or SCM and lots of other things, you know, down there, really helping a big, transformational wave that, you know, we really changes how our applications interact with the infrastructure channel, you know, bring us up to date on the latest. >> Sure on, let's start where you ended. We're seeing explosion off applications, right? And in fact, in mornings, keynote. Bad girl singer had a stocky speaks. There are 352 million enterprise applications today. On it will be 792 million in three years. Now, as the applications are growing exponentially, we cannot keep growing the infrastructure at that rate, So N v m e is the way we can consolidate it. Ah, lot off the infrastructure. If we can think about in tow and envy, Emmy starting from the server in fear me off our fabric through the stories area down, toe the back end with envy Emmy necessities. This actually can put together a great platform where you can consulate it. Ah, lot off the applications and delivering the high performance low latency that will need while meeting video surfaced level objectives so we can go over a little bit off the details, but I think it all starts from envy me over fabric coming from the server to the story, Ari. So probably like that's the fourth step we need to consider >> David. Do You know, I love this discussion when we get to talk at the application later because, you know, Flash changed the market a lot. You know, it's like, you know, much better energy, and it's much faster, Anything. But you know, this inflection point that we're talking about for application modernization, you know, envy me is one of those enablers there and something they know your team's been working on >> for a while. Yeah, actually, on the power each side we've been, You know, we've been embracing the benefits of enemy for quite some so many years now, right? We start out by introducing enemy in our 12 generations servers, you know, frontloaded hot, serviceable drives. And then, of course, we branch out from there on in today, you know, Ah, a lot of the servers from a Polish family all support enemy devices. So the benefit there is really giving customer choices in terms of what kind of storage kind of cheering they wanted, you know, for the applications needs. Right now, one of things that's great about, you know, enemy over fabric is it's more than just a flash storage itself. It's about enabling the standards, you know, across the host across the data fire Break down to the storage really to deliver on the overall performance that you know the applications of needs and buy, you know, improving I ops and lower late, Easy overall, from a server perspective, this just means that we're releasing more CPU cycles back into the application so that they can run different types of workloads. And for us, this is this is a great story from power. Just was from Power Macs and coming together to enable this Emmy, Emmy or fabric. >> You know, I'm I'm I'm kind of slow about some of these things, but if you kind of squint at the history and, you know, we went from the PC revolution and then we had, you know, we had Sands and raise right and we had we had centralized toward shared storage last couple of years, a lot of interest and stale right hyper converged. And you had a You had a lot of pizza boxes with the storage right there. It's I mean, I now think right and I'm following the threat, I think which is now that where we now can have ah, Iraq with again a fabric and and again, now we can We can focus on our envy me storage over our envy me over fabric driven, solid state storage somewhere below my servers that are that are doing handling compute somewhere else. Is that that the future we're headed towards now >> Yes. I mean, everything has its place. But to give you the perspective, right? It's not just, I mean coming down to the storage area, but how This is enough bling, the future storage as well. And the storage class memory is the perfect example. And as Defeat said, let's take power, Max, as an example, right. Eso in power Max, you can It is like entrant, envy me ready like you get envy emi over Fabrica de front end But then we have n v m E s s trees in the back end. The thing is now it is also the N v m e is enabling technologies like stories class memory which is bringing in very high performance, very less latency Latency is going down in the order off like tents off microseconds. Now this is as close as you can get. Tow the like Dedham with persistent story. However, you need a balance. This is like order of magnitude are costlier. Now you got bar Max. What we're doing in terms of first, it's envy me. Done right? What do you mean by that? You have, like, Marty controller architectures that can actually do this level of parallel processing and our concurrency. And then we have bought, like, ECM for storage, class, memory and envy, Emmy essences. And we're doing intelligent tearing best on the built in mission learning engine that we have. And it is looking at 40 million data sets. Really time to decide. Like which sort of walk lords should go on this same drives which should go on and the M. E s estates. And on top of it, you add quality of service. So this platform gives you are service level objectives. You can choose from diamond, platinum, gold, silver or bronze, and you can consulate it. Ah, lot off those 352 million different types of applications on this area guaranteeing you are going to meet all off your SL s, no matter what type of applications they were consolidated into. >> Okay, I'm wonder if you could boast. You know bring us into what this means for VM wear customers and break it into two pieces. One is kind of a traditional virtualized shop. And secondly, you know, spend a lot of time in the keynote this morning talking about the cloud native containerized, you know, type of environment. Will there be any difference from from both of your world? >> Yeah, absolutely. I'm glad you brought that up because, you know, from from our perspective, right, what we've seen with the enablement of enemy platforms. You know, John, you brought up a very interesting point, right? It seems like you know, past couple years, we went from moving storage onto the host and now would envy me with fabric. We're actually taking the storage away from the host again. Right? And that's exactly true, because, you know, the first, the first statement you brought up stew. It's about how flash enabled different applications to run better on the host. What? We see that still right? And so what enemy? You know, we see the lower response time enabling our customers Thio run more jobs and more v ems per server. That's one aspect of it. You know, we've seen his benefit a lot of our platform today or using various different applications and solutions, and you talk about the ex rail that's a visa and story for Del. You Talk about Visa and ready notes for customers who want to build it themselves. Right platforms enabled would envy me back playing enemies. Storage allows them to use enemy or SAS sata whatever they want. But the point is, here is that when they're using every me flash, for instance, and I'll talk a little bit about the power climaxed with this all flash, uh, me back plane in a case in the study that we did with V San application running, oh ltp type of workload, we saw the response time with every me over traditional SAS, you know, from our competitors improved by 56% right, which means that from that same particular solution build out, we were able to add 44% more of'em on the platform. Now, at the same time, we increase the overall orders per minute by roughly over 600,000. Oh, pm's for that type of, uh, benchmark over our nearest competitors so that right there is the benefit that we see from my virtual eyes from, Ah, being where perspective >> on. I'll add from the storage perspective in two ways. In fact, in last vehement in a MIA, we demonstrated in tow and envy, EMI over five break up with special build off this fear supporting Envy me over fabric and stories. Class memory with envy Me drives what it gives you a regular like this fear best environment is that you have the ability to move your PM's around like the applications where the highest performance and Latin's is critical. It will be on those special service levels and special like de testers. In fact, that demonstration was like ECM did a store, and in P m E Sense media does so in the same fabric with in Bar Mexican moved things around, whether it's like regular Fibre Channel or CNN and then the other part. I want to add in the morning like we saw the announcement that now communities is built in or will be built in with the years Excite platform, right and you're sexy is bread and butter off all the storage customers that we have now with like when you consider those, uh, those things built in under this fear black from Think about, like how many applications? How many actualized workloads you can run, where that it's on premise or humor. Cloud on AWS. All of those consolidation, as well as like the performance needs while reducing your footprint does the benefit of the V M R R shops. But the PM admits are going to see from the storage site >> again. I'm not following the parts, but what kind of we're not talking about a couple of megabytes here anymore, Right? What size of parts are shipping these days? So >> So, from our perspective, up to 77 gigabyte actually start. Seven terabytes drives are available on the markets today for Envy Me Now, whether customer by those drives, you know, it depends on economic factor. But yeah, it's something that's in this available from Dell >> so on. I'll act to what David said so far in CM drives 750 gig to 1.5. Articulate a C M drives on Dwell ported often drives that will be available in the power Max Acela's 15 terabyte envy EMI assistants. So this is the capacity we're talking about. And again the Latin's is at the application level, like from the storage like you're going to see, like, less than 300 microsecond. That's the power we are bringing in with this technology to the market. >> Give >> us a >> little look forward we talked about, you know, envy me has been shipping for a bit on the servers now, really rolling out on the storage side, I saw there's a lot of started from the space. You know, one recent acquisition got guts and people talking. What? What should we be looking for from both of you over kind of the next 6 to 12 months. >> So over next to a next 6 to 12 months, he will see a lot of innovation in this case from the storage site where wth e order of magnitude. I mean, the one single Ari, I mean, today it supports, say, like, 10 million I offs less than 500 microsecond latency. Ah, I cannot give you the exact details, but within like, a short time, these numbers are going to go up by more than, like, 50%. Latency is goingto get reduced. The troop would will be driving will actually like more than double s o. You see, like a lot of these innovations and kind of like evolution in terms off the drive capacities both from the CME, drives perspective. Envy me, assess these. Those will continue to expand, leading to foster performance. Better consolidation, Uh, for all the workloads. >> Yeah, from our perspective, I mean, you know, data growth is gonna continue. We all know that, And for us, it's like designing systems based on what the customers need, what the applications needs, right. And that's why we have different types of storage available today. So for us, you know, while we're doing a lot of things from a direct attached storage perspective, customers continue to have a need for share storage. EMI over fabric just provides a better know intense story for us, really from a Power edge and Power Macs perspective. But in the future, you asked what we're going to do. Well, we see the need to probably decouple stories, class memory from the host again. And really, what's preventing us from doing today? It's really having the right fabric in place to be able to deliver to that performance level that applications needs. MM evil fabrics, fibre Channel Ethernet ice, scuzzy or I'm sorry, Infinite Band, whatever. These are some of the things that you know we're looking forward to in the future to make that that lead. All >> right, well, it's really been great to see technology that I know the people that build your products have been excited about for many years. But rolling out into the real world deployment for customers that will transform what they're doing. So for John Troyer, I'm still Minuteman back with lots more coverage here from Be enrolled 2019. Thanks for watching the Cube.