>> Announcer: Live from Las Vegas, Nevada it's theCube. Covering, Accelerate 2017. Brought to you by Fortinet. Now, here are your hosts, Lisa Martin, and Peter Buress. (tech music) >> Lisa: Hi, welcome back to theCube. We are Silicon Angle's Flagship Program, where we go out to the events and extract the signal to the noise, bringing it directly to you. Today, we are in beautiful Las Vegas with Fortinet. It's their Accelerate 2017 Event. I'm your host, Lisa Martin, joined by my cohost, Peter Buress. And we're very excited to be joined by a Technology Alliance Partner, Nozomi Networks, Edgard Capdevielle. You are the CEO? >> Yes, that's right. >> And, welcome to theCube. >> Thank you, happy to be here. >> So, a couple of great things that Nozomi announced, just a couple of months ago, one was, they just secured fantastic $7.5 million in Series A Funding. And the second thing they announced was you, as the new CEO, so congratulations on your new post. >> Thank you very much, thank you. >> So, Nozomi is focused on the Industrial Control Systems Industry. What was it about this particular opportunity, that attracted you to want to lead Nozomi? >> Yeah, great question. Two things mainly. One, is the team. The two founders are truly rock stars, they have a great background in Cyber Security, and how do we apply Artificial Intelligence to Industrial Cyber Security. And two was, I had been working with the founders for a little bit, and I saw, with my own eyes, how the customers adopted the technology, how easy it was to deploy in an industrial setting, which tends to have a lot of friction. Not a lot of equipment gets into those networks. And the ease of proof of concepts, I saw it with my own eyes. And the frictionless interactions, made me join. >> So Nozomi was started in 2013, you're already monitoring over 50,000 industrial installations. >> That's right. >> Some of the themes that we've talked about, at the event today, so far, with Fortinet's senior leaders, is the evolution of security, where they're positioning, really at this third generation of that. As we're seeing that, and we're seeing that in order for businesses to digitalize successfully, they have to have trust in that data. What is Nozomi seeing, in terms of your industrial customers? What are some of the biggest concerns that they have, regarding security? And how are you working with Fortinet, to help mitigate or limit damage from cyber attacks? >> A lot of our customers in our space, are going through what's called IT/OT Conversions. OT networks, have traditionally been serial, point to point, run over two step para copper and they've recently adopted ethernet. When you adopt ethernet, you have a gravitational force, which is to connect. So these OT networks used to be air gaps, segregated, and now they're being converged with IT technology, under sometimes, IT operation. And therefore, they start suffering the traditional IT attacks. Those traditional IT attacks, are particularly harmful when it comes to industrial, critical infrastructure. And they require special technology that understands those protocols, to be able to detect anomalies, and white list or black list, certain activities. >> Give some example, of an IOT network. So, what is, you say critical infrastructure, gives us some examples, what are we talking about? >> IOT's a very broad term. We focus very specifically on industrial IOT. >> Or, industrial IOT. >> Industrial IOT, could be a network that controls a refining, so the refining process in a refinery. It could be electrical distribution, any form of electrical generation, oil and gas, upstream or downstream. Manufacturing, everything that moves in manufacturing, is controlled by an industrial control networks. Pharma, in the same subsegment, if you will. Some transportation, we're based in San Francisco, so our barge system is controlled with industrial control systems. >> So, we're talking about, as you say critical infrastructure, we're talking about things that, where getting control of some element of that critical infrastructure, >> Correct. >> Especially in the process manufacturing businesses, can have enormously harmful effects? >> Correct. >> On not only business, but an entire community? >> The disruption that it can cause is tremendous. From lights out in a city, to harm to people, in a transportation case, oil and gas case. Environmental damage, leakage. The damage can be tremendous. And that's basically, one of the huge differences between IT and OT. In IT, if your network blinks, your email may be two seconds late, my print job may need to be resent. In OT, you may not be able to turn off that valve, or stop this process from happening, or receive an alarm in time. >> Right, so like, I live in Palo Alto. Not too from me is, some of the big refineries up in Richmond, California. And not too long ago, they had an OT outage, and it led to nearly a billion dollars worth of damage, to that plant, and to the local environment. >> Correct. >> So this is real serious stuff. >> So with a product like Nozomi, you can detect anomalies. Anomalies come in three flavors. One could be equipment damage, malfunction. The other one could be human error, which is very very common. And the other one could be cyber. Any one of those could be an anomaly, and if it tries to throw the process into a critical state, we would detect that, and that's where ... >> Talking about cyber, from a cyber attack perspective, what is it about industrial control systems that makes them such a target? >> Yeah. It is that they had been used to be isolated networks, just like I said. When IT and OT converges, are taking networks that used to be serial security was not really a concern, in industrial control networks, you don't really have identity, you don't have authentication. You're just starting to have encryption. Basically, if you drop a command in the network, that command will get executed. So, it's about the vulnerability of those. >> Vulnerability, maybe it's an easy target? And then from a proliferation perspective, we mentioned the evolution of security. But, the evolution of cyber attacks, the threat surface is increasing. What is the potential, give us some examples, some real world examples, of the proliferation that a cyber attack, >> That is a great question. >> And an industrial control system, can have on a retailer or a bank, energy company? >> The industry was put in the map in 2010, with Stuxnet. Stuxnet was the first attack, everybody talked about Stuxnet for a while. And it was very hard to create a market out of that, because it was done really by a nation's state, and it was done like once. Since then, 2010, 2013 and now 'til today, attacks have increased in frequency dramatically, and in use cases. Not only are nation states attacking each other, like in the case now of the Ukraine, but now you have traditional security use cases, your malicious insider, you're compromised insiders, doing industrial cyber attacks. In 2015, the Department of Homeland Security reported 295, industrial cyber attacks, in our nation's critical infrastructure. And those are not mandated, they don't have a reporting mandate, so those are voluntary reports. >> Wow. >> So that number, could be two or three times as big. If you think about it, from 2010, we've gone from once a year, to 2015 once per day. So, it's happening. It's happening all the time. And it's increasing not only in frequency, but in sophistication. >> So, it's 295 reported. But there's a bunch of unreported, >> Correct. >> That we know about, and then there's a bunch that we don't know about? >> Correct. >> So, you're talking about potentially thousands of efforts? And you're trying with Fortinet and others, to bring technology, as well as, a set of best practices and thought leadership, for how to mitigate those problems? >> That's right. With Fortinet, we have a very comprehensive solution. We basically combine Fortinet's sophistication or robustness from a cyber security platform, with Nozomi's industrial knowledge. Really, we provide anomaly detection, we detect, like I said, any sort of anomaly, when it comes to error, cyber, or malfunction. And we feed it to Fortinet. Fortinet can be our enforcement arm if you will, to stop, quarantine, block, cyber attacks. >> So, Nozomi's building models, based on your expertise of how industrial IOT works, >> That's right. >> And you're deploying those models with clients, but integrating the back into the Fortinet sandbox, and other types of places. So, when problems are identified, it immediately gets published, communicated to Fortinet, and then all Fortinet customers get visibility into some of those problems? >> We connect with Fortinet in two ways. One, is we have 40 SIM, so we alert everybody. We become part of the information, security information environment. But we also used Nozomi Fortigates, to block, to become active in the network. Our product is 100% passive. We have to be passive to be friendly deployed in industrial networks. But, for the level of attack or the level or risk is very high, you can actually configure Fortinet to receive a command from Fortinet, and from Nozomi, and actually block or quarantine a particular contaminated node, or something like that. Does that make sense? >> Oh, totally. Makes 100%, because as you said, so you let Fortinet do the active work, of actually saying yes or no, something can or cannot happen, based on the output of your models? >> That's right. Yep. >> So, when you think about IOT, or industrial IOT, there's an enormous amount of investment being made of turning all these analog feeds, into digital signals, that then can be modeled. Tell us a little bit about how your customers are altering their perspective on, what analog information needs to be captured, so that your models can get smarter and smarter, and better and better at predicting and anticipating and stopping problems. >> When it comes to industrial models, you need to pretty much capture all the data. So, we size the deployment of our product based on the number of nodes or PLC's that exist in an industrial network. We have designed our product to scale, so the more information or the more number of nodes, the better our models are going to be, and our products will scale to build those models. But, capturing all the data is required. Not only capturing, but parsing all the data, and extracting the insides and the correlations between all the data, is a requirement for us to have the accuracy in anomaly detection that we have. >> What is the customer looking at in terms of going along that, that seems like an arduous task, a journey. What does, and you don't have to give us a customer name, but what does that journey look like, working together with Nozomi, and Fortinet, to facilitate that transformation, from analog to digital, if all the information is critical? >> That transformation is happening already. A lot of these industrial networks are already working on top of ethernet, a standard DCPIP. The way the journey works for us, is we provide, as soon as we show up, an immediate amount of visibility. These networks don't have the same tool sets from a visibility and asset management perspective that IT networks have. So, the first value add is visibility. We capture an incredible amount of information. And the first and best way to deploy it initially, is with, let me look at my network, understand how many PLC's do I have, how the segmentation should be properly done. And then, during all this time, our model building is happening, we're learning about the physical process and about the network. After we've done with the learning our system, determines that now it's ready to enforce, or detect anomalies, and we become at that point, active in anomaly detection. At that point, the customer may connect us with Fortinet, and we may be able to enforce quarantine activities, or blocking activities, if the problem requires it. >> Is there any one particular, use case that sticks out in your mind, as a considerable attack, that Nozomi has helped to stop? >> We obviously can't name any one in particular, but when it comes to defending yourself against cyber criminals, we have defended companies against malicious insiders. Sometimes, an employee didn't like how something may have happened, with them or with somebody else, and that person leaves the company, but nobody removed their industrial credentials. And they decide to do something harmful, and it's very hard. Industrial malicious insider activity, is extremely hard to pinpoint, extremely hard to troubleshoot. Industrial issues in general, are very hard to troubleshoot. So, one of the things that Nozomi adds a lot of value is, is allowing troubleshooting from the keyboard, without eliminating trucks and excel sheets, you quickly can pinpoint a problem, and stop the bad things before they happen. >> One more quick question for you. With the announcements that Fortinet has made today, regarding, you mentioned some of the products, what are you looking forward to most in 2017, in terms of being able to take it to the next level with your customers? To help them, help themselves? >> Listen, the solution works amazingly well. We have to tell more people about it. I think the critical infrastructure has not had the attention in prior years, and I think this year's going to be a year where, ICS security is going to be, and Fortinet of course, is very aware of this, is going to be a lot more relevant for a lot more people. The number of attacks, and the you know, the attacks surface that will never be, it's all playing so that, this year's going to be a big year. >> Yeah, I think we were talking, before we started, that the U.S. Department of Homeland Security, has just identified the U.S. Election System, as a critical infrastructure. >> That's right. >> So maybe it's going to take more visible things, that have global implications, to really help move this forward. >> I think the one point I would make when it comes to government, government has been great, if you make an analogy, this is an analogy that I have on the top of my head, if you look at cars in the automotive industry, seat belts and airbags have saved a lot of lives. We don't have that in industrial cyber security. And we need the government to tell us, what are the seat belts? And what are the minimum set of requirements that are electrical, infrastructures should be able to sustain? And that way, it makes the job easier for a lot of us, because nobody can tell you today, how much security to invest, and what's the mix of security solutions that you should have. And therefore, in the places where you don't have a lot of investment, you don't have none. And you become very vulnerable. Today, if you want to ship a car, and you want your car to be driven on the road, it has to have airbags, and it has to have seat belts, and that makes it a minimum bar for proper operation, if you will. >> But the proper, the way it typically works, is government is going to turn to folks like yourself, to help advise and deliver visibility, into what should be the appropriate statements about regulation, and what needs to be in place. So, it's going to be interesting because you and companies like you, will in fact be able to generate much of the data, that will lead to hopefully, less ambiguous types of regulations. >> Yes, that's right. That's right. I agree 100%. >> Wow, it's an exciting prospect. Edgard Capdevielle, thank you so much. CEO of Nozomi Networks, it's been a pleasure to have you on the program today. >> Thank you. >> On behalf of my cohost Peter Buress, Peter, thank you. We thank you for watching theCube, but stick around, we've got some more up, so stay tuned. (tech music)