>>LA from Las Vegas. It's the cube covering AWS reinvent 2019 brought to you by Amazon web services and along with its ecosystem partners. >>Hey, welcome back to Vegas baby. This is the cubes coverage of AWS reinvent 19 this is day three. John Walls is my cohost Jay. Welcome back to Vegas baby Vegas. It's Vegas baby. And you know I'm looking out back. So this is not like a day three crowd. It's really not. Now you can kind of yell out in the hallway and your echo bounce around, but there are a lot of people still here, a lot of business still being done. There really are. There's no shortage of that. And because we're live on the queue, what happens in Vegas doesn't stay in Vegas. So we're happy to welcome a couple of new guests to the queue that are going to share all these great things about security and teach us to, to my left is Robbie's sort of Austin VP of solutions and platform marketing from forest points and from AWS. >>Roe had gooped up global segment leader insecurity. Gentlemen, welcome. Thank you. Thanks for having us. So we can't go to any event without talking about security. It's, it's one of those topics that I think every generation understand when there are big breaches like Capitol one that happened recently or Facebook, even the older generations who are still in the workforce today, they understand it to some degree. The security is so complex. And, and Ravi, one of the things I know that's most challenging about security, especially cyber, is humans are 90 plus percent of the problem. It's human errors, right? Talk to us about Forcepoint. I love the tagline, human centric cybersecurity. How can you help us humans fix all of the errors that we're causing? Or can you, Doug, good question. It's, it's the cat and mouse game, right? Uh, so Forcepoint is a purpose belt, a user and data protection company, right? >>And we're focused on the digital identities and the behavior of their cyber behavior to be able to understand that and then protect, um, data and the users as well. So that's what we refer to as human centric cybersecurity. And how long have you guys been working on this? Oh, we've been working on this for decades. It's the problem with traditional security was all infrastructure centric, guns, guards and Gates and magic will happen. And then turns out those bad actors figure out the guns, guards and Gates and always looking to compromise users and their access. And so independent of whether the attack is external or internal, it's that compromise that that's the focus. And so when you focus on the compromise, that's where we focused on in terms of how to help companies with security. So, so what, what does that connection between behavior in between operations? >>I mean, so what are you looking for in terms of what that user's doing correctly or incorrectly? I mean, what kind of markers do you have? What kind of signs do you get? And in what corrective measures can you put into the process that automatically will correct or at least address that? Yeah, so let me take an example. Right? Um, so if I'm a developer, I'm building using Amazon's awesome services, putting a lot of content in there. I use get hub as a storage. I put a lot of information in there and I'm doing that quickly to get my project done. Right. As I do that and I launched that application, then security comes along after after fact and says, well, let's put security design a day and then how do we protect the data? That model is breaking. Why is it breaking? Because companies are saying users are no longer coming just from the enterprise. >>They're working from home, they're working from the Starbucks and they're accessing the same data and bad actors follow that too. What do they do? They follow the users and go, I can then pretend to be Ravi and get access to the data. And that's how you see a lot of the breaches. So what we're looking at is the behavior of Ravi as an employee. I engage with my mobile device, with my laptop, I get access. I work from eight to five, I'm in Austin most of the times. So the markers are user related, device related, and also context. It's like, why am I logging in from Austin? And at the same time also seeing a login from China that doesn't look right. So that's, that's an example of a behavior. So what's the red flag that goes up there? And you mentioned China, that's an extreme example, but I'm sure there are some more subtle or some not quite as obvious. >>I mean, what exactly is that, that prophylactic measure that that comes in that's automated that says, wait a minute, I don't think this is Ravi, although it's in Denver or it's on this server, whatever month. You know what I mean? Absolutely. So again, the context is built out of three things, users, devices and the environment. Right? By triangulating on those three things, you can actually capture very subtle needle in the haystack of being able to say, look, this is Robbie's behavior. So we're going to let him access get hub. We're going to let him access all the resources on Amazon, but as soon as we see deviations from that, we're going to throw a yellow flag. We're going to ask them to login with a multifactor authentication or some, some other additional form of engaging. Then if we still see more deviations, then we say the word, I'm actually blocked that and I can safely block it because I know that this is not Ravi anymore. Right. And that's how we've seen a lot of organizations use behavior at the heart of their security posture. >>So Rohit, before we went live, you, you told John and me that you've been in security for a thousand years. So one of the biggest challenges though besides people is, is being reactive. And when companies have to be reactive to security events, whether they're ostensible or, or more subtle like John talked about, that can potentially be catastrophic. Can you just talk to us a little bit about some of the historical changes say in the last few years that you've seen where companies, there's no time to go from react to be reactive. How are companies leveraging technologies like Forcepoint and AWS to go from reactive to predictive to eventually prescriptive? >>Yes, that's a good question. And firstly, it's a dozen years, not a thousand years, but, uh, it feels like that sometimes. Uh, so what we have found is that the cloud actually has helped companies become more secure because security is about visibility and control. And what the cloud does is provide better visibility than was available before because you have things like cloud trail that are showing any event that is happening in the system that you could actually use to figure out what happened before and then you can learn from that quickly and take action to fix it. So that's where the control part comes in. Over time you will get better at understanding the signals, as Robbie was saying, and you can be more predictive or you can take action much faster. And even if you don't completely solve the problem right away, you are able to react much faster. So the damages is minimal. Right? And so we've seen that change happened over the years. Companies are using automation that the cloud brings and coupled with the visibility to really gain control back. >>You know, there, there's um, I don't know if you'd call it a natural tension, but there's certainly some friction. Speed. Security, right? I want to go, go, go, go, go. I want to stop, stop, stop. So I've stopped. Right? So I mean our, our, our, our, they to take years, you know, cat and mouse are the, are they natural enemies or friction or can they be complimentary now in such a way because of what you are developing are the tools that we do have at our disposal now, can you address both? It's very, very interesting. The, when you started with an infrastructure centric security, when you put guns, guards and Gates, they were that tension, right? But when you start to change the conversation about, look, we're not about stopping progress, we want the developers to use the data, but we want them to do use it securely, right? And as you start to think about that approach, then security can actually be an enabler for digital transformation. Just as Amazon is talking today or throughout the last three days about how you've lots of services and enabling digital transformation. That's really our focus too, is how to enable that securely. How to enable users to be able to touch the data wherever it is, but secure that along the value chain >>is security. Is this question for both of you and Rohit? Let's start with you. Where is security and terms of the conversation as Andy Jassy talked about on Tuesday when he was talking about business, true business transformation gotta start at the top, you to have that senior exec level initiative sponsorship that's pushed down into the organization is security at that. I imagine it is at that senior level. Talk to us about how you've seen that evolve and how it is really a cornerstone to digital transformation. >>Yeah. I think security used to be an afterthought. The developers were not concerned about it. They don't teach security or at least they didn't teach security in college and computer science courses. It was not even that important. It's gone from that to an hour board level and perhaps even a regulatory level of discussion where it is being addressed by much higher authorities then even the board of the company. Right. So yes, it has definitely gone from a backroom operation that people didn't care about to something that is really very important and as Ravi said, you can move fast and stay secure. You almost have no choice because you have to move fast, right? Figuring out how to be secure in that environment and you don't do not want to end up in the news ultimately. And so that is why it is a conversation that is elevated. Now to the board level. >>Do you see that, speaking of ending up in the news, and there's a couple of folks whose boobs are here that have been in the news recently for significant breaches, human caused, is that when that becomes a sensational story, is that a facilitator of more conversations of customers coming? And maybe, maybe Ravi, I'll start with you. Customers coming to Forcepoint going, gosh, you know what, here's another example of a breach that affected millions and millions. We need to get our hands around this in a better way so that we can really use that data for competitive advantage to those, those news breaking stories, good for business. >>So we get invited to a lot of board level conversations. Our leaders get invited to speak to boards and the two common questions they get asked is, am I going to be the next target? Right? And then most importantly, the second one is how am I doing against my peer group? Right? And so when it comes to that conversation, as you as rotors, there's describing it, organizations are saying, look, I've gotta be able to run my business and I need to run it securely in order to do that. If I can answer those two questions, I'm not going to worry about the threats and attacks and what happened to in the news. I'm more focused on how can I get this new project deployed, security connected? How do I do this new mobile application? Get that and to protect the data, right? So that's the conversation that boards want to know. >>So they do want the reference point, for sure. Can we, you know, at least it's talk about the headlines and we all see that almost to the point that we're kind of numb to it, right? We're almost desensitized. Another hack, another breach or whatever. So we've, in a way, our mindset is, or Facebook that it happens. Can we get to the different, flip that paradigm to where we almost take for granted that it won't happen, that that are our guide. Our guards are that good. I mean, what does it take to get to that point to where we don't accept preachers and we look at them as an anomaly rather than for kind of the cost of doing business. I mean that's, that's been the central focus for us with the human centric cybersecurity. We're saying if you take, uh, any breach and their story reads, breach happened and then you get all the other what they did after effect, right? >>And then they'd tell you a story that happened that the bad actor or the compromise was happened over some period of time, whether it was months to detecting bad things. Ex-post is hard. But what we are focused on when you look at human centric security as we're saying, the time to steal data is in minutes, but the indicators that it takes to steal that data has been building up. So we're saying if we can use behavior to show that buildup, then we could block it before a breach happens. So it's kind of like a slow drip in your ceiling, right? You see it there, go and go ahead. Don't wait for the ceiling to collapse. Right? You've got a ring that's growing there, so do something about it. Exactly how to identify it. >>Last question as we look at, one of the other things that Andy showed on Tuesday is that 97% of it spend is still on prem. We know that there's a lot of hybrid cloud out there in those types of environments which are becoming more and more the norm. How do you help customers manage all of that data regardless of what's on from what's in the cloud and how things are moving in a secure way. >>And that's where for us the partnership is critical and we see the partnership with Amazon to be very strategic in the fact that Amazon's building up awesome set of foundational controls. That's great. We'll let the developers use that, right? And now as enterprises connect with their data, data is on prem and in the cloud and everywhere in between. How do you then implement security that's closest to where the data sits? So we were leverage a lot of the security controls that Amazon provides. And in addition to that, we then offer more of a unified policy control to provide that control wherever the data sits, whether it's on the end point in line or in the cloud. >>Exciting stuff. Well guys, thank you for joining John and me on the program, giving us more information on, on cybersecurity and some of the opportunities that businesses have to actually use that as an advantage. We appreciate your time. Thank you. Thank you for the time for John Walls. I'm Lisa Martin. You're watching the Q for Vegas. Re-invent 19 thanks for watching.

>> From theCUBE studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. >> Hello, everybody, this is Dave Vellante, and welcome to this breaking analysis. I'm here with Erik Bradley, who's the managing director of ETR and runs their VENN program. Erik, good to see you. >> Very nice to see you too, Dave. Hope you're doing well. >> Yeah, I'm doing okay, hanging in there. You know, you guys in New York are fighting the battle, looks like we're making some progress here, so all the best to you and your family and the wider community. I'm really excited to have you on today because I had the pleasure of sitting in on a CIO/CISO panel last week and we're going to explain sort of what that's all about but one of the things that ETR does that I really like is they go deeper with anecdotal information, and it's almost like in depth interviews in these round tables. So they compliment their quarterly surveys and their other drilldown surveys with other anecdotal information from people in their communities, so it's a tried and true survey practice that adds some color to the data set. So guys, if you'd bring up the agenda, I want to share with the audience what we're going to talk about today. So, we'll talk a little bit about, you know, we just did intros. I wanted to ask Erik what ETR VENN is and then we will go through some of the guests, but if we go back to Erik, explain a little bit about VENN and the whole process, and how you guys do that? >> Yes, sure we should hire you for marketing, you just did a great job actually describing that, but about three years ago, what we decided was, ETR does an amazing job collecting the data. It can tell you what's happening, who it's happening to, and when it's happening, but it can't always tell you why it's happening. So leveraging a lot of my background in 20 plus years in journalism and the institution of Wall Street research, we decided to take the ETR community, the people that actually take the surveys and start doing interviews with them, and start doing events with them. And in enable to doing that, we're basically just trying to complement the survey findings and the data. So what we always say is that ETR will give you the quantitative answer and VENN will give you the qualitative answer. >> Now guys, let's bring up the agenda slide again, let's take a look at the folks that participated in the round table, now, for ETR's clients, they actually know the names and the titles and well the company that these guys work for. We've anonymized it for the public, but you had a CIO of a global auto supplier, a CISO of a diversified holdings firm who actually had some hospitality exposure, but also some government contract manufacturing exposure, a chief architect of a software ISV, and a VP and CISO of a global hospitality resort chain. So you had three out of the four, Erik were really in industries that are getting hit hard, obviously you know the software company, may be a little bit better but, maybe you could add some color to that? >> Well actually the software company unfortunately was getting hit hard as well because they're a software ISV that actually plays into the manufacturing space as well so this particular panel of CIOs and CISOs were actually in a very hard hit industries and are going to make sure we do two more follow ups with different industry verticals to make sure we're getting a little bit of a wider berth and collect all of that information in a better way. But coming back to this particular call the whole reason we did this and as you know you spoke to my colleague and friend Sagar Kadakia who is the director of research for ETR. And we were nimble enough to actually change our survey while it was in the field to start collecting data on what the real time impact was on the COVID-19 pandemic. We were able to take that information, extrapolate it and then say, okay, let's start reaching out to these people and dig deeper, find out why it's happening and even more so is it permanent? And which vendors are going to win and which vendors might lose from it? So that was the whole reason we set up a series of calls, we've only conducted one so far, we have another one this coming Tuesday as well with four entirely new panelists that are going to be from different industry verticals 'cause as you astutely pointed out, these verticals were very hard hit and not all of them are as hard as others, so it's important to get a wider cross-section. >> So guys, let's take a look at some of the budget impacts, the anecdotal sort of evidence that we gathered here, so let me just scan through it and then Erik, I'll ask you to comment. So, I mean like Erik said, some hard hit industries. All major projects, anything sort of next-gen have been essentially shelved, that was the ISV and then another one we cut at least 70% of the big projects moving forward, he mentioned ServiceNow actually called him out, but ServiceNow is a SaaS company, probably you know weather the storm here, but he did say, we've put that on hold. The best comment you know As-a-Service has Saved our Saas, (laughs) that one's great. And then we're going to get into some of the networking commentary, some really interesting things about how to support the work from home, you know we're kind of shifting from a hardened top into users, remote workers and then a lot of commentary on security, so you know that's sort of a high level scan and there's just so much information here, Erik but maybe you could sort of summarize on some of those, that commentary? >> Yeah, we should definitely dig in to each of those sectors a little more, but to summarize what we're seeing here was the real winners and losers are clear. Not everyone was prepared to have a work from home strategy. Not everyone was prepared to send their workers out, their VPN didn't have enough bandwidth so there was a real quick uptake in spending, but longer term we're starting to see that these changes will become more permeant. So the real winners and losers right now, we're going to see on the losers side traditional networking, the MPLS networking is in a lot of trouble according to all the data and the commentary that we're seeing, it's expensive, it's difficult to ramp up bandwidth as quickly as you need and it doesn't support remote. So we're seeing that lose out and the winners there are in the SD-WAN space, it's going to be impossible to ignore that going forward and some of our CIO and even CISO panelists said that change will be permanent. Also we're seeing at the same time, what they were calling a run SaaS and cloud, now we know these trends obviously were already happening but they're being exacerbated, they're happening even more quickly and more strong and I don't see that changing any time soon. That of course is at the expense of data centers, whether it be your own or hosted. Which has huge ramifications on on-prem hardware, even the firewall providers. So what we're seeing here is obviously we know things are going to be impacted by this situation, we didn't necessarily expect all of our community members and IT decision makers to talk about them being possibly permanent, so that on a high level was something that was extremely interesting. And the last one that I would bring up is that as we make this shift towards working from home, towards remote access, you also have to align yourself with the security that can support that. And one of the things that we're seeing in our data side on ETR, is a widening bifurcation between the next-gen security vendors and the more traditional security or the legacy security players, that bifurcation just keeps getting wider and wider and this situation could be the last straw. >> So I want to follow up on a couple of those things, you talked about sort of the network shift and toward SD-WAN, what people have described to me is that they've got a hardened top, it's a hierarchal network, it's very well understood, and it's safe right, and now all of a sudden you got all these remote workers and so you've got to completely sort of rethink your whole network architecture, the other thing I want to grill into is your cloud commentary. There's a comment that I saw Erik, that really stood out, one of the folks said, I would like to see the data centers be completely deleted, if you will or closed down, I mean I think we're going to see you know, a lot more of this, obviously. Not only from the standpoint of, and you heard this a lot the kind of pay by the drink, but just generally getting rid of all that sort of so called non-differentiated heavy lifting as we often hear about. >> That is a extreme comment, I don't think everyone feels that way, but yes, the comment was made and we've heard that comment from other people as you and I both know the larger the enterprise the harder that is to go completely SaaS, but yeah, when a situation like this happens and seeing the inflexibility of their on-prem infrastructure, yes it becomes something that really has to be addressed and it can become a permanent change, I was also shocked about that comment. That gentleman also stated that his executives outside of the IT area, the CEO, the CFO had never ever, ever wanted to discuss cloud, they did not want to discuss work from home, they did not want to discuss remote access. He said that conversation has changed immediately and to the credit of the actual IT companies out there, the technology companies, they're doing everything they can with this opportunity to make that happen. >> Yeah and so, right, I mean the whole work from home conversation that's to your point earlier, Erik, big chunks of COVID, you know the post COVID world are going to remain permanent, guys bring up the SaaS slide if you will, the SaaS commentary "As-a-Service-Saved our SaaS" as the wittiest quip award according to ETR, you know but you had, it was very interesting to hear folks, in fact I think somebody even called out, hey you know we expected Oracle to be auditing us but they're actually being very supportive as is IBM, SalesForce was an interesting comment Erik, one of the folks said they would share accounts you know on-prem but when they all do the work from home they had to actually buy some more. You also got Cisco with big props, Microsoft was called out, a lot of organizations actually allowing them to defer payments, so the SaaS vendors actually got very high marks, didn't they? >> They really did and even I wrote that summary and it was difficult to write that about Oracle because we all know that they're infamous for auditing their own customers in 2009, right after we we came out of the financial crisis. They have notoriously been a bad act, I don't know if they found religion and they decided to be nice to their customers, but every single person mentioned them as one of the vendors that was actually helping. That was very shocking. And then we all know that when bad situations happen people become opportunistic and right now it's really seeming that the SaaS vendors understand that they need a longterm relationship with these customers and they're being altruistic instead which is really nice to see. >> Yeah, I think the, I think anybody with a cloud realizes that hey, we have an opportunity here, the lifetime value of that customer whereas maybe in 2009 when Oracle didn't have a cloud they had to get people in a headlock to try to preserve their you know income statement. If we, let's go to the networking drilldown guys, that next slide, because Fortinet, some of the things that we've been reporting on is the sort of divergence in valuations between Fortinet and Palo Alto before this whole thing hit. Fortinet has done a really good job with it's cloud offerings, Palo Alto struggled a little bit with trying to figure out the sales compensation, is maybe a little bit behind, although both companies got strong props and I've talked to a number of customers and Palo Alto's going to be in the mix, but Fortinet from a cloud standpoint seems to be doing quite well, obviously networking, you know Cisco is the big gorilla there, but so and we also got call outs from guys like Trend Micro, which was interesting from some of the folks so your thoughts on this Erik? >> Yeah, I'll start in the networking side because this is something that I really, I've dug into quite amount in not only this panel but a lot of interviews and it really seems as if as networking refresh starts to come up and it's coming up with a lot of large importers, when your network refresh comes up, people are going to do an RFP for SD-WAN. They are sick and tired of paying MPLS network vendors and they really want to look at something else. That was even prior to this situation. Now what we're hearing is this is a permanent change, I particularly had one person say, I wanted to find this quote real quickly if I can, but basically they were basically saying that from a permanency perspective, the freedom from MPLS will reduce our network spend by over half, while more than doubling or tripling our bandwidth. You can't ignore that, you're going to save me money and triple my bandwidth. And hey, by the way, my refresh is due, it's something that's coming and it's going to happen. And yes you mentioned a few, right, there's Viptela, there's VeloCloud, there's some big players like Cisco. But Palo Alto just acquired CloudGenix in the midst of all of this. They just went and got an SD-WAN player themselves and they just keep acquiring a portfolio to shift from their on-prem to next-gen. It's going to take some time, 'cause 70% plus of their revenue is still on-prem hardware, but I do believe that their portfolio that they're creating is the way the world is moving and that's just one comment on the traditional networking versus the next-gen SD-WAN. >> And the customers have indicated you know it's not easy just to get off of their MPLS networks. I mean it takes time, it's like slowly pulling off the bandaid, but like many things COVID-19 is sort of accelerating that, we haven't talked about digital transformation, that came up. As a maybe more strategic initiative, but one that you know very clearly has legs. >> You know David, it's very simple, you just said it, people, when things are going well and they're comfortable they don't change and that's the same for an enterprise or a company, hey everything's great, our revenue's fine, why would we do this? We'll worry about that next year. Then something like this happens and you realize wow, we've been dragging our feet. That digital transformation that we've been talking about and we've been a little bit slow to accept, we need to accept it, we need to move now. And yes, it was another one of the major themes and it sounds silly for researchers like you and I, because we know this is a theme, we know cloud adoption is there, we know digital transformation is there, but there are still a lot of people that haven't moved as quickly as they should and this is going to be that final catalyst to get them there without a doubt. Quickly on your point of Fortinet, I was actually very impressed with the commentary that came from that because Fortinet is sometimes one of those names that you think of that maybe plays in a smaller pool or isn't as big as some of the 800 pound gorillas out there, but in other interviews besides this I heard the phrase point of 40 everything, so through our R&D and through acquisitions, Fortinet has really expanded their portfolio. And right now is their time to shine because when you have smaller satellite you know offices and branches that you need to connect, they're really, really good at it. And you don't always want to call a Palo Alto and pay that price, when you have smaller branch offices and I actually I was glad you brought up Fortinet because it's not a name that we get to herald that often and it was deserving from this panel. >> Yeah and you know companies that can secure gateways, secure endpoints are obviously going to have momentum, Zscaler came up, you know I think that's and I tell you looking at I've done a couple of breaking analysis on security, and Fortinet has been strong in two dimensions, you know ETR as our audience is I think getting to know, we really look at two key metrics, one is a net score which is a measure of spending momentum and the other is market share, which is a measure of pervasiveness, and companies like Fortinet in security, you know show up on both of those dimensions so it's notable. >> Yes, it certainly is, it is and I'm glad you brought up Zscaler too, very recently by strong request we did a very in depth research on Zscaler versus Palo Alto Prisma access. And they were very interested and this was before all this happened. You know does Palo Alto have a chance of catching up, taking share from Zscaler? And I've had the pleasure myself personally hosting Jay, the CEO of Zscaler at an event in New York City. And I have nothing but incredible respect for the company. But what we found out through this research is Zscaler at the moment their technology is still ahead according to their answers there is no doubt, however there doesn't seem to be any real secret sauce that will stop Palo Alto from catching up. So we do believe that parody of a feature set will shrink over time and then it'll come down to Palo Alto who obviously has a wider end-user interface. Now, what's happening today might change that because if I had to make a decision right now for my company on secure web gateway, I'm still probably going to got to Zscaler, it's the name. If I had to choose that in a year from now, Palo Alto might have had a better chance, so in this panel as you brought up, Zscaler was mentioned numerous times as just the wave of the future along with CASB Brokers, right, whether you're talking about a Netskope or Forcepoint, all those people that also play in the CASB space, to secure your access, zero trust is no longer a marketing hype term, it is real and it is becoming more real by the week. >> And so I want to kind of end on one of the other comments that really struck me because we're constantly talking about okay, do you go with a portfolio of a suite of services or do you go with best of breed, what about startups? Are startups more risky in a crisis like this? And one of your panelists, I just loved his comment, he said, one of the things that I've always done, he said, you always hear about the guy, oh we're going to to the garden, we're going to check out the magic water, we'll pick out three guys in the upper right hand corner and test them out, he says, one of the things that I've always liked to do, is I'll pick two from the upper right, and I'll take one from the lower left, one of the emerging techs and I'll give them a shot, they won't win every time but then he called out FireEye as one of the organizations that he found early that gave them competitive advantage. >> Right. >> Love that comment. >> It's a great comment and honestly if you're in charge of procurement, you'd be stupid not to do that. Not only just to see what the technology is, but now I can play you off the big guys because I have negotiation leverage and I can say, oh well I can always just take their contract. So it's silly not to do it from a business perspective, but from a technology perspective what we kept hearing from these people with the smaller vendors and my partner Peter Steube, my colleague and I we did the host together, we asked this question, really believing that the financial insecurity of the moment in the times would make smaller vendors not viable. We heard the exact opposite, what our panelists said was no, I'd be happy to work with a smaller vendor right now because they're going to give me pricing flexibility, they're going to work with me right now, I don't need to pay them upfront because we're seeing a permanent shift from CAPEX to OPEX and the smaller vendors are willing to work with me and I can pay them later. So we were actually surprised to hear that and glad to hear it because to connect to your other point, the other person who was talking about security in a platform approach versus best of breed, he said listen, platform approaches you're already with the vendor you can bundle a little bit, but the problem is if you're just going to acquire a new technology every time there's a new threat, the bad guys are just going to switch the threat and you can't acquire indefinitely so therefore best of breed with security will always beat platform and that's kind of a message to Palo Alto and Cisco in my opinion because they seem to be the ones fighting that out, even Microsoft now trying to say that they're a platform approach in security. >> Wow and it says to me the security business is going to as we predicted is going to stay fragmented because you're still going to get that best of breed, you know just like cloud is going to be fragmented and it's you know multiple vendors, ever since I've been in this business people are trying to consolidate the number of vendors but technology moves so quickly, it gives competitive advantage, Erik, awesome thank you so much for joining us, I'm looking forward to next Tuesday with the next VENN and love to have you back and talk about it any time, you're a great guest, thanks so much. >> Certainly! I'll do my best to get a better AV connection the next time guys, I apologize for that, but it was great talking to you guys. >> Hey, we're all learning you know, so thank you everybody for watching, this Dave Vellante for theCUBE and we'll see you next time. (upbeat music)