>>Good morning from Los Angeles, Lisa Martin here at Qube con cloud native con north America, 2021. This is the cubes third day, a wall-to-wall coverage. So great to be back at an event in person I'm excited to be joined by Vince Wang, senior director of products at 49. We're going to talk security and Kubernetes then welcome to the program. >>Thank you for having me. >>So I always love talking to 40 minutes. Cybersecurity is something that is such an impersonal interest of mine. The fording that talks about the importance of integrating security and compliance and the dev sec ops workflow across the container life cycle. Why is this important and how do you help companies achieve it? >>Well, as companies are making digital innovations, they're trying to move faster and as to move faster, or many companies are shifting towards a cloud native approach, uh, rapid integrations, rapid development, and rapid deployment, uh, but sometimes speed, you know, there's a benefit to that, but there's also the downside of that, where, you know, you can lose track of issues and you can, uh, introduce a human error in a problem. So as part of the, as part of the, the, the means to deliver fast while maintaining his six year approach, where both the company and the organizations delivering it and their end customers, it's important to integrate security throughout the entire life cycle. From the moment you start planning and development, and people's in process to when you're developing it and then deploying and running in production, um, the entire process needs to be secured, monitored, and, um, and vetted regularly with good quality, um, processes, deep visibility, and an integrated approach to the problem. Um, and I think the other thing to also consider is in this day and age with the current situation with COVID, there's a lot of, uh, development of employment in terms of what I call NASA dental Baltic cloud, where you're deploying applications in random places, in places that are unplanned because you need speed and that, uh, diversity of infrastructure and diversity of, uh, of clouds and development and things to consider then, uh, produces a lot of, uh, you know, uh, opportunities for security and, and challenges to come about. >>And we've seen so much change from a security perspective, um, the threat landscape over the last 18 months. So it's absolutely critical that the integration happens shifting left. Talk to us about now let's switch topics. Application teams are adopting CIC D uh, CICB workflows. Why does security need to be at the center of that adoption? >>Well, it goes back to my earlier point where when you're moving fast, your organizations are doing, um, you're building, deploying, running continuously and monitoring, and then improving, right? So the idea is you're, you're creating smaller, incremental changes, throwing it to the cloud, running it, adjusting it. So then you're, you're rapidly integrating and you're rapidly developing and delivery. And again, it comes down to that, that rapid nature, uh, things can happen. There's, there's more, uh, more points of touching and there's more points of interactions. And, you know, and again, when you're moving that fast, it's really easy to, um, miss things along the way. So as you have security as a core fundamental element of that DNA, as you're building it, uh, that that's in parallel with everything you're doing, you just make sure that, um, when you do deliver something that is the most secure application possible, you're not exposing your customers or your organizations to unforeseen risks that just kind of sits there. >>Uh, and I think part of that is if you think about cloud infrastructure, misconfiguration is still number one, uh, biggest problem with, uh, with security on the, in the cloud space, there's, uh, tasks and vulnerabilities those, we all know, and there's there's means to control that, but the configurations, when you're storing the data, the registries, all these different considerations that go into a cloud environment, those are the things that organizations need visibility on. And, um, the ability to, to adopt their processes, to be proactive in those things and know what they, uh, do. They just need to know what, what then, where are they're operating in, um, to kind of make these informed decisions. >>That visibility is key. When you're talking with customers in any industry, what are the top three, let's say recommendations to say, here's how you can reduce your exposure to security vulnerabilities in the CIS CD pipeline. What are some of the things that you recommend there to reduce the risk? >>There's a couple, oh, obviously security as a fundamental practice. We've been talking about that. So that's number one, key number. The second thing that I would say would be, uh, when you're adopting solutions, you need to consider the fact that there is a very much of a heterogeneous environment in today's, uh, ecosystem, lots of different clouds, lots of different tools. So integration is key. The ability to, um, have choices of deployment, uh, in terms of where you wanted to play. You don't want to deploy based upon the technology limitations. You want to deploy and operate your business to meet your business needs and having the right of integrations and toolings to, uh, have that flexibility. Now, option is key. And I think the third thing is once you have security, the choices, then you can treat, you create a situation where there's a lot of, uh, you know, process overhead and operational overhead, and you need a platform, a singular cybersecurity platform to kind of bring it all in that can work across multiple technologies and environments, and still be able to control at the visibility and consolidate, uh, policies and nationally consistent across all closet points. >>So we're to the DevOps folks, what are some of the key considerations that they need to take into >>Account to ensure that their container strategy isn't compromising security? Well, I think it comes down to having to think outside of just dev ops, right? You have to, we talk about CIC D you have to think beyond just the build process beyond just where things live. You have to think continuous life cycles and using a cyber security platform that brings it together, such as we have the Fortinet security fabric that does that tying a lot of different integration solutions. We work well within their core, but theirs have the ability to integrate well into various environments that provide that consistent policies. And I think that's the other thing is it's not just about integration. It's about creating that consistency across class. And the reality is also for, I think today's dev ops, many organizations are in transition it's, you know, as, as much as we all think and want to kind of get to that cloud native point in time, the reality is there's a lot of legacy things. >>And so dev ops set ups, the DevSecOps, all these different kind of operational functions need to consider the fact that everything is in transition. There are legacy applications, they are new cloud native top first type of application delivery is using containers of various technologies. And there needs to be a, again, that singular tool, the ability to tie this all together as a single pane of glass, to be able to then navigate emerge between legacy deployments and applications with the new way of doing things and the future of doing things with cloud native, uh, and it comes down again to, to something like the Fortinet security fabric, where we're tying things together, having solutions that can deploy on any cloud, securing any application on any cloud while bringing together that consistency, that visibility and the single point management, um, and to kind of lower that operational overhead and introduce security as part of the entire life cycle. >>Do you have a Vincent example of a customer that 49 has worked with that has done this, that you think really shows the value of what you're able to enable them to achieve? >>We do. We do. We have lots of customers, so can name any one specific customer for various reasons, you know, it's security after all. Um, but the, the most common use cases when customers look at it, that when you, we talked to a CIO, CSO CTO is I think that's a one enter they ask us is, well, how do we, how do we manage in this day and age making these cloud migrations? Everyone? I think the biggest challenge is everyone is in a different point in time in their cloud journey. Um, there's if you talk to a handful of customers or a rueful customers, you're not going to find one single organization that's going to be at the same point in time that matches them yet another person, another organization, in terms of how they're going about their cloud strategies, where they're deploying it at what stage of evolution there are in their organizational transformations. >>Um, and so what they're looking for is that, that that's the ability to deploy and security any application on any topic throughout their entire application life cycle. Um, and so, so the most common things that, that our customers are looking for, um, and, you know, they're doing is they're looking to secure things on the network and then interconnected to the cloud with, uh, to deliver that superior, uh, application experience. So they were deploying something like the security fabric. Uh, again, you know, Fordanet has a cybersecurity approach to that point and securing the native environments. They're looking at dev ops, they're deploying tooling to provide, uh, you know, security posture management, plus a few posture management to look at the things that are doing that, the registries, their environment, the dev environment, to then securing their cloud, uh, networks, uh, like what we do with our FortiGate solutions, where we're deploying things from the dev ops. >>I feel secure in the cloud environment with our FortiGate environments across all the various multitudes of cloud providers, uh, like, uh, AWS Azure, Google cloud, and that time that together with, with some secure, um, interconnections with SD LAN, and then tying that into the liver and productions, um, on the web application side. So it's a very much a continuous life cycle, and we're looking at various things. And again, the other example we have is because of the different places in different, uh, in terms of Tod journeys, that the number one key is the ability to then have that flexibility deployment to integrate well into existing infrastructure and build a roadmap out for, uh, cloud as they evolve. Because when you talk to customers today, um, they're not gonna know where they're going to be tomorrow. They know they need to get there. Uh, they're not sure how they're going to get there. And so what they're doing now is they're getting to cloud as quickly as they can. And then they're looking for flexibility to then kind of adjust and they need a partner like Fordanet to kind of bring that partnership and advisorship to, uh, to those organizations as they make their, their, their strategies clearer and, uh, adjust to new business demands. >>Yeah. That partnership is key there. So afforded it advocates, the importance of taking a platform approach to the application life cycle. Talk to me about what that means, and then give me like the top three considerations that customers need to be considering for this approach. >>Sure. Number one is how flexible is that deployment in terms of, do you, do customers have the option to secure and deploy any application, any cloud, do they have the flexibility of, um, integrating security into their existing toolings and then, uh, changing that out as they need, and then having a partner and a customer solution that kind of grows with that? I think that's the number one. Number two is how well are these, uh, integrations or these flexible options tied together? Um, like what we do with the security fabric, where everything kind of starts with, uh, the idea of a central management console that's, you know, uh, and consistent policies and security, um, from the get-go. And I think the third is, is looking at making sure that the, the, the security integrations, the secure intelligence is done in real time, uh, with a quality source of information, uh, and, and points of, uh, of responsiveness, um, what we do with four guard labs. >>For example, we have swell of large, um, machine learning infrastructure where have supported by all the various customer inputs and great intelligence organizations, but real time intelligence and percussion as part of that deployment life cycle. Again, this kind of really brings it all together, where organizations looking for application security and, and trying to develop in a CSED fashion. And you have the ability to then have security from the get, go hide ident to the existing toolings for flexibility, visibility, and then benefits from security all along the way with real time, you know, uh, you know, leading edge security, that then kind of brings that, that sense of confidence and reassurance as they're developing, they don't need to worry about security. Security should just be part of that. And they just need to worry about solving the customer problems and, uh, and, you know, delivering business outcomes and results. >>That's it, right? It's all about those business outcomes, but delivering that competence is key. Vince, thank you for joining me on the program today, talking through what 49 is doing, how you're helping customers to integrate security and compliance into the dev dev sec ops workflow. We appreciate your insights. >>Thank you so much for your time. I really appreciate it. My >>Pleasure for vents Wang. I'm Lisa Martin. You're watching the cube live from Los Angeles, uh, cube con and cloud native con 21 stick around at Dave Nicholson will join me next with my next guest.

>>From around the globe. It's the cube covering Fortinet security summit brought to you by Fortinet. >>Welcome back to the cubes coverage of 40 net championship security summit from beautiful Napa valley. Lisa Martin here with John farrier, John, and has been phenomenal to do an event in person outdoors and Napa valley. >>You're so bright. We have to wear shades. It's been sunny and it's been hot. It's been great. It's been a great, it's been a great day. I mean, I think Fordanet stepping up to that sponsorship for the PGA is a bold move they're doing well on the business front. They're expanding it. It's good for their customers. It's a new, bold marketing step. Affordanet honestly, they're doing extremely well on the business front. As I mentioned, they got a lot of cash coming in. They got happy customers and they're all here. And golf is a great environment for tech buyers. We know that. So it's great to have the cube on the sports circuit and, uh, we'll be doing more of them. It's it's awesome. >>Good. I, it is great to be on this sport circuit. One of the things that I talked with several folks about today, John Madison being one that CEO, CFO, COO, and then Kenzie, the CEO of Fordanet about the cultural synergies between the PGA and Ford nine. It was really nice to hear how both of these companies, both of these organizations are so invested in things like women in technology and steam and stem programs, and they really align on those two cultures. >>Yeah, there's a, it's a, it's a, it's a culture fit. I mean, they basically, it's a winning formula. Look at Ford and net. Um, you know, and having that kind of representation is good. They, they have a great reputation put in. It does PGA does as well and it's quality, right? So people like, like quality and they want to line that. So it's a great business move for Fordanet to, uh, to do the, uh, the golf sponsorship, uh, multiple years. I think it's six years, five or six years, they get they're doing this. Um, it's phenomenal. I think they're going to Fortnite is going to turn into a marketing powerhouse. I think you're going to start to see John Madison and the team, uh, really gin up some nice new things, because you can do a lot with the PGA. Again, this foundations is charities, again, a lot of causes that are involved in, in fundraising around the PGA and you got the tour players and honestly the tech scene. So I think tech and sports has always been something that I've loved. And I think, you know, we'd love to come and bring our sets here and having the cube here is just a really fun kind of winning formula as well. We'd love it. And we, and we wish we could eat it for more days this year. I think we will, but this has been so much, >>It has been so much fun. There's been about over 300 customers and partners here. Fortnite is a, is a hundred percent partner driven organization. Lot of innovation being discussed the last eight hours or so, but one of the things that you definitely feel is the strength in their partner, community and Fortinets commitment to it. Also something that really impresses me is their commitment to helping to fill the cybersecurity skills gap. This is a gap that has been growing for the last five years. They last week announced a pledge to train 1 million people in the next five years to help shorten that gap. And as we know that the threat landscape is only continuing to expand. So the great combination there, >>And it's a, cause that's a good business logic behind it because there's a of negative unemployment. They need more people to do cybersecurity careers, but also you mentioned women in tech, you know, a lot of that's a big movement too. You start to see a much more women in tech scene here. We had, uh, Merritt bear on principal office of the CSO at Amazon web services on she's amazing. She's wearing the Amazon Krypto shirts. That was a home run, love that interview, but you started to see them afford a net with the whole scene. Here is they're taking their message directly to their customers and they're including their customers. So the magic of this formula that they have with the PGA and this whole program is they don't have live concert series. They got a pavilion here with all their top partners, with customers that doing a summit behind us with their top marquee customers. And they're telling the story direct and you're going, I think you need to shift to see Fordanet really do more of that. What we love in the key, which is take that direct to, to media model, to their customers and contents data. We had great conversations here. I mean, that's all you, you know, viewing the, uh, head VP SVP of at and T cybersecurity, uh, amazing, uh, uh, candidate there's great cube guests. And he was just traveling some serious wisdom. So great guests all along. Fantastic. >>Well, it's, it's been an inspiring day. It's nice that 40 minute has taken the step to do an in-person event. Obviously they did it extremely safely. We were outdoors, but people are, I think a lot of people and I'm speaking for myself, for sure, ready for this to come back and meet the threat landscape that changes that that 40 net has seen in the last 18 months are phenomenal. The growth in ransomware, nearly 11 X in a year. And you had this massive shift to work from home. And now they're talking about how they're partnering with links us, for example, to help enterprises, to really make that remote work environment far more secure, faster, and optimize for the worker. Who's on video conferencing, communication tools. All the kids at home gaming are probably going to be pretty bummed about this, but it really shows coordinates commitment to this. There's a lot of permanence to what we're seeing here in this model. >>I know you and I have done ton of interviews together and, uh, with great guests around cybersecurity and the phrase always comes up and over the past decade, there's there is no more perimeter here. You couldn't, you couldn't, it was louder than ever here because now you have so much going on connected devices. The future of work is at home with the virtual, uh, issues with the pandemic. And now with the Delta variant, uh, continuing at forward, it's a reality, we're in a hybrid world and, um, everything's going hybrid. And I think that's a new thing for companies to operationalize. So they got, there's no playbook. So there is a security playbook. And what these guys are doing is building an ecosystem to build product that people can wrap services around and to solve the key security problems. And that's that, that to me is a good business model. And the SAS is, again, you're seeing everyone go SAS. They want to go SAS product, or, you know, uh, some sort of business models involved in cloud. So cloud security, SAS all kind of rolled up. It's really kinda interesting trend. >>Yeah. We've talked about a whole bunch of trends today. One of them is just one of the marketing terms I've been using and I don't like to use it, but around for years as a future ready people, tech companies always describing solutions and technologies and products is future ready? Well, what does that really mean? Well, when the pandemic struck, none of us were future ready, but what we did hear and see and feel today from 40 net and their partners is how much acceleration they've done. So that going forward, we are going to be future ready for situations that arise like in this challenging cybersecurity landscape that businesses in every industry can prepare for. >>I think, I think the talks here in the cyber security summit behind us, it's interesting. Uh, Tufin one of their customers on a lot of the talks were the same thing, talking about the cultural shift, the cultural shift and security departments has to become more agile. And so that is a big untold story right now is that security departments. Aren't well-liked, they slow things down. I mean, you know, app review everything's gotta be looked at and it takes weeks. That is not good for developers. So app developers in the cloud, they want minutes, you know, shift left is something that we talk about all the time in our events with the developers dev ops movement is putting pressure on the security teams, culturally, who moves first. You don't go faster. You're going to be replaced, but you can't replace a security team. So I find that whole security cloud team dynamic, real organizational challenges. That's something I'm going to look into is one of my key takeaways from this this week. Yeah. >>A huge organizational change. And with that comes, you know, obviously different cultures with these organizations, but at the same time, there really is no more choice. They have to be working together. And as Kenzie and I were talking about, you know, security is no longer an ITP, this is a board level initiative and discussion businesses in every industry, whether it's a retailer or PGA tour have to be prepared. >>Yeah. I mean, I'm a security Hawk. I think every company needs to be prepared to take an offensive strike and be ready on the defense. And this is a huge agility and speed cause ransomware, you get taken down, you know, I mean that's business critical issue. You're dead, you're dead in the water. So, so again, this is all part of his quote digital transformation, uh, that everyone's talking about and is a do over, everyone's doing it over and doing it with the cloud. And I remember just recently in 2012, people were saying, oh, the cloud is not secure. It's now some more secure than anything else. So we starting to see that shift so that realities hit everybody. So it's been great. >>What are some of the things that excited you about the conversations that you had today? >>I was pretty impressed by the fact that one was a physical advantage. You mentioned. So, you know, people in personal, I found it refreshing. I think people here, I noticed we're one relieved to be out and about in public and talking on the cube. Um, but I was really impressed with, uh, the guests from Amazon web services. She was a crypto shirt that got me there. But I think this idea that security is not just a guy thing, right? So to me, women in tech was a, was a big conversation. I thought it was very positive this week, um, here and still a lot more work to do, but I think that's, what's cool. And just the talks were great. I mean, it's cutting edge concepts here. And I thought at, and T was great. I thought, uh, Tufin was a great conversation and again, all the guests that were awesome. So what did you think, what was your take? >>Just how much acceleration we've seen in the last year on innovation and partnerships that really jumped out that when, like I said, we talked about future ready and go, wow. So much of the world wasn't future ready a year and a half ago when this came out and all of the innovation and the positivities that have come out of technology companies creating, because we don't have a choice. We have to figure out secure work from home. For example, we know that some amount of it's going to persist hybrid maybe here to stay, to see what 40 net and their partner ecosystem have done in a short time period. Given the fact that you mentioned ransomware and their global threat landscape, I was talking with Derek, nearly X increased in ransomware and just, >>And they've got four to guard. They got all this. I think your interview with Ken, the CEO, I thought it was really compelling. It was one point he said, um, we're making a lot more investments when you asked him a pointed question. And I think that theme comes across really strong in all of our interviews today. And the conversations in the hallway here is that people that are making the investments are doing well. And so there's more investments being made and that's like, people kind of say, oh yeah, we can do this one, but you have to now. And so the other thing that I thought was awesome with John Madison, talking about their strategy around the PGA, it's a bold move, but it's kind of got this mindset of always innovating, but they're not, they go step at a time, so they get better. So I'm, I'm expecting next year to be better than this year, bigger, uh, and more integrated because that's what they do. They make things better. Um, I think that's gonna be fun to watch, but I think that's a bold move for Affordanet to be doing this kind of marketing. It's really, they haven't done that in the, in the past. So I think this is a really bold move. >>I agree. And they've spun this out of their accelerate event, which is an event that we've covered for years in person. So this was the first time that they've pulled the security summit out as its own event. And clearly there was a great buzz behind us all day. Lots of, lots of topics, a lot of discussions, a lot of partnership. And you're right. A lot of talk about investment investment in their partner ecosystem and investment internally. Yes. >>It's fun too. On a personal note, we've been following Fordanet for many, many years. You and I both got doing the interviews and you do and go to the events is watching them grow and be successful. And it's kind of proud though. I, yeah, I'll go for it. And that kind of rooting for him. And I want to thank them for inviting the cube here because we're so psyched to be here and be part of this awesome event. And again, golf, the cube kind of go together, right? Sports, the cubes. We love it. So always fun. So thanks to, for, to net out there for, uh, supporting us and being, being part of the cube. >>Well, you got the gear, you got your Fordanet Gulf t-shirt I got one too. And pink. It's beautiful. Yeah. You got some shades, but we also have some gear here help us in the morning for our next shows. Be caffeinated. Yeah. But no, it's been great. It's been great to be here. Great to hook co-host with you again in person if for 20 months or so, and looking forward to seeing how 49 and how back >>He was back up the vents. Thanks to the crew. Chuck Leonard, every one's era, Brendan. Right. Well done. Fordanet thank you. Thank you for >>John's been great. Thanks for having me up here today. Looking forward to the next time from Napa valley, Lisa Martin, for John farrier, you've been watching the cube

>>From around the globe. It's the cube covering Fortinet security summit brought to you by Fortinet. >>Welcome back to the cube. Lisa Martin here at the Fordham het championship security summit. Napa valley has been beautiful and gracious to us all day. We're very pleased to be here. I'm very pleased to welcome a first-timer to the cube. Rupesh Chuck Chuck Xi, VP a T and T cybersecurity and edge solutions at, at and T cybersecurity. Refresh. Welcome. >>Thank you. Thank you so much for having me, Lisa, I'm looking forward to our conversation today. >>Me too. First of all, it's we're in Napa we're outdoors. It's beautiful venue, no complaints, right? We're at a golf PGA tournament. Very exciting. Talk to me about the at and T Fordanet relationship. Give me, give me an, a good insight into the partnership. >>Sure, sure. So, as you said, you know, beautiful weather in California, Napa it's my first time. Uh, so it's kind of a new experience for me going back to your question in terms of the relationship between eight P and T and Ford in that, uh, a long lasting, you know, 10 plus years, you know, hand in hand in terms of the product, the technology, the capabilities that we are brought together in the security space for our customers. So a strategic relationship, and I'm so thrilled to be here today as a, Fordanet invited us to be part of the championship. Tommy, >>Talk to me. So your role VP of, and T cybersecurity and edge solutions, give me an, a deep dive into what's in your purview. >>Sure, sure. So I, uh, sort of, you know, run the PNL or the profit and loss center for product management for all of at and T cybersecurity and ed solutions and the whole concept behind putting the teams together is the convergence in networking and security. Um, so, you know, we are supporting the entire customer continuum, whether it's a fortune 50, the fortune 1000 to mid-market customers, to small businesses, to, you know, government agencies, you know, whether it's a local government agency or a school district or a federal agency, et cetera. And my team and I focus on bringing new product and capabilities to the marketplace, you know, working with our sales team from an enablement perspective, go to market strategy. Um, and the whole idea is about, uh, you know, winning in the marketplace, right? So delivering growth and revenue to the business, >>Competitive differentiation. So we've seen so much change in the last year and a half. I know that's an epic understatement, but we've also seen the proliferation at the edge. What are some of the challenges that you're seeing and hearing from customers where that's concerned >>As you stated, right. There's a lot happening in the edge. And sometimes the definition for edge varies when you talk with different people, uh, the way we look at it is, you know, definitely focused on the customer edge, right? So if you think about many businesses, whether I am a, a quick serve restaurant or I'm a banking Institute or a financial services or an insurance agency, or I'm a retail at et cetera, you know, lots of different branches, lots of different transformation taking place. So one way of approaching it is that when you think about the customer edge, you see a lot of virtualization, software driven, a lot of IOT endpoints, et cetera, taking place. So the cyber landscape becomes more important. Now you're connecting users, devices, capabilities, your point of sale system to a multi-cloud environment, and that, you know, encryption of that data, the speed at which it needs to happen, all of that is very important. And as we think ahead with 5g and edge compute and what that evolution revolution is going to bring, it's going to get even more excited because to me, those are kind of like in a playgrounds of innovation, but we want to do it right and keep sort of, you know, cyber and security at the core of it. So we can innovate and keep the businesses safe. >>How do you help customers to kind of navigate edge cybersecurity challenges and them not being synonymous? >>That's a great, great question. You know, every day I see, you know, different teams, different agendas, different kinds of ways of approaching things. And what I tell customers and even my own teams is that, look, we have to have a, a blueprint and architecture, a vision, you know, what are the business outcomes that we want to achieve? What the customer wants to achieve. And then start to look at that kind of technology kind of convergence that is taking place, and especially in the security and the networking space, significant momentum on the convergence and utilize that convergence to create kind of full value stack solutions that can be scaled, can be delivered. So you are not just one and done, but it's a continuous innovation and improvement. And in the security space, you need that, right. It's never going to be one and done. No >>We've seen so much change in the last year. We've seen obviously this rapid pivot to work from home that was overnight for millions and millions of people. We're still in that too. A fair amount. There's a good amount of people that are still remote, and that probably will be permanently there's. Those that are going to be hybrid threat landscape bloated. I was looking at and talking with, um, 40 guard labs and the, the nearly 11 X increase in the last 12 months in ransomware is insane. And the ransomware as a business has exploded. So security is a board level conversation for businesses I assume in any. >>Absolutely. Absolutely. I agree with you, it's a board level conversation. Security is not acknowledged the problem about picking a tool it's about, you know, the business risk and what do we need to do? Uh, you mentioned a couple of interesting stats, right? So we've seen, uh, you know, two things I'll share. One is we've seen, you know, 440 petabytes of data on the at and T network in one average business day. So 440 petabytes of data. Most people don't know what it is. So you can imagine the amount of information. So you can imagine the amount of security apparatus that you need, uh, to Tofino, protect, and defend and provide the right kind of insights. And then the other thing that VOC and along the same lines of what you were mentioning is significant, you know, ransomware, but also significant DDoSs attacks, right? So almost like, you know, we would say around 300% plus said, DDoSs mitigations that we did from last year, you know, year over year. >>So a lot of focus on texting the customer, securing the end points, the applications, the data, the network, the devices, et cetera. Uh, the other two points that I want to mention in this space, you know, again, going back to all of this is happening, right? So you have to focus on this innovation at the, at the speed of light. So, you know, artificial intelligence, machine learning, the software capabilities that are more, forward-looking have to be applied in the security space ever more than ever before, right. Needs these do, we're seeing alliances, right? We're seeing this sort of, you know, crowdsourcing going on of action on the good guys side, right? You see the national security agencies kind of leaning in saying, Hey, let's together, build this concept of a D because we're all going to be doing business. Whether it's a public to public public, to private, private, to private, all of those different entities have to work together. So having security, being a digital trust, >>Do you think that the Biden administrations fairly recent executive order catalyst of that? >>I give it, you know, the president and the, the administration, a lot of, you know, kudos for kind of, and then taking it head on and saying, look, we need to take care of this. And I think the other acknowledgement that it is not just hunting or one company or one agency, right? It's the whole ecosystem that has to come together, not just national at the global level, because we live in a hyper connected world. Right. And one of the things that you mentioned was like this hybrid work, and I was joking with somebody the other day that, and really the word is location, location, location, thinking, network security, and networking. The word is hybrid hybrid hybrid because you got a hybrid workforce, the hybrid cloud, you have a hybrid, you have a hyper-connected enterprise. So we're going to be in this sort of, you know, hybrid for quite some time are, and it has to >>Be secure and an org. And it's, you know, all the disruption of folks going to remote work and trying to get connected. One beyond video conference saying, kids are in school, spouse working, maybe kids are gaming. That's been, the conductivity alone has been a huge challenge. And Affordanet zooming a lot there with links to us, especially to help that remote environment, because we know a lot of it's going to remain, but in the spirit of transformation, you had a session today here at the security summit, talked about transformation, formation plan. We talk about that word at every event, digital transformation, right? Infrastructure transformation, it security. What context, where you talking about transformation in it today? What does it transformation plan mean for your customers? >>That's a great question because I sometimes feel, you know, overused term, right? Then you just take something and add it. It's it? Transformation, network, transformation, digital transformation. Um, but what we were talking today in, in, in the morning was more around and sort of, you know, again, going back to the network security and the transformation that the customers have to do, we hear a lot about sassy and the convergence we are seeing, you know, SD van takeoff significantly from an adoption perspective application, aware to experiences, et cetera, customers are looking at doing things like internet offload and having connectivity back into the SAS applications. Again, secure connectivity back into the SAS applications, which directly ties to their outcomes. Um, so the, the three tenants of my conversation today was, Hey, make sure you have a clear view on the business outcomes that you want to accomplish. Now, the second was work with a trusted advisor and at and T and in many cases is providing that from a trusted advisor perspective. And third, is that going back to the one and done it is not a one and done, right? This is a, is a continuous process. So sometimes we have to be thinking about, are we doing it in a way that we will always be future ready, will be always be able to deal with the security threats that we don't even know about today. So yeah, >>You bring up the term future ready. And I hear that all the time. When you think of man, we really weren't future ready. When the pandemic struck, there was so much that wasn't there. And when I was talking with 49 earlier, I said, you know, how much, uh, has the pandemic been a, uh, a catalyst for so much innovation? I imagine it has been the same thing that >>Absolutely. And, you know, I remember, you know, early days, February, March, where we're all just trying to better understand, right? What is it going to be? And the first thing was, Hey, we're all going to work remote, is it a one week? Is it a two week thing? Right? And then if you're like the CIO or the CSO or other folks who are worried about how am I going to give the productivity tools, right. Businesses in a one customer we work with, again, tobacco innovation was said, Hey, I have 20,000 call center agents that I need to take remote. How do you deliver connectivity and security? Because that call center agent is the bloodline for that business interacting with their end customers. So I think, you know, it is accelerated what would happen over 10 years and 18 months, and it's still unknown, right? So we're still discovering the future. >>There's a, there will be more silver linings to come. I think we'll learn to pick your brain on, on sassy adoption trends. One of the things I noticed in your abstract of your session here was that according to Gardner, the convergence of networking and security into the sassy framework is the most vigorous technology trend. And coming out of 2020, seeing that that's a big description, most vigorous, >>It's a big, big description, a big statement. And, uh, we are definitely seeing it. You know, we saw some of that, uh, in the second half of last year, as the organizations were getting more organized to deal with, uh, the pandemic and the change then coming into this year, it's even more accelerated. And what I mean by that is that, you know, I look at sort of, you know, three things, right? So one is going back to the hybrid work, remote work, work from anywhere, right. So how do you continue to deliver a differentiated experience, highly secure to that workforce? Because productivity, human capital very important, right? The second is that there's a back and forth on the branch transformation. So yes, you know, restaurants are opening back up. Retailers are opening back up. So businesses are thinking about how do I do that branch transformation? And then the third is explosive business IOT. So the IOT end points, do you put into manufacturing, into airports in many industries, we continue to see that. So when you think about sassy and the framework, it's about delivering a, a framework that allows you to protect and secure all of those endpoints at scale. And I think that trend is real. I've seen customer demand, we've signed a number of deals. We're implementing them as we speak across all verticals, healthcare, retail, finance, manufacturing, transportation, government agencies, small businesses, mid-sized businesses. >>Nope, Nope. Not at all. Talk to me about, I'm curious, you've been at, at and T a long time. You've seen a lot of innovation. Talk, talk to me about your perspectives on seeing that, and then what to you think as a silver lining that has come out of the, the acceleration of the last 18 months. >>She and I, I get the question, you know, I've been with at and T long time. Right. And I still remember the day I joined at T and T labs. So it was one of my kind of dream coming out of engineering school. Every engineer wants to go work for a brand that is recognized, right. And I, I drove from Clemson, South Carolina to New Jersey Homedale and, uh, I'm still, you know, you can see I'm still having the smile on my face. So I've, you know, think innovation is key. And that's what we do at, at and T I think the ability to, um, kind of move fast, you know, I think what the pandemic has taught us is the speed, right? The speed at which we have to move the speed at which we have to collaborate the speed at which we have to deliver, uh, to agility has become, you know, the differentiator for all of us. >>And we're focusing on that. I also feel that, uh, you know, there have been times where, you know, product organizations, technology organizations, you know, we struggle with jumping this sort of S-curve right, which is, Hey, I'm holding onto something. Do I let go or not? Let go. And I think the pandemic has taught us that you have to jump the S-curve, you have to accelerate because that is where you need to be in, in a way, going back to the sassy trend, right. It is something that is real, and it's going to be there for the next three to five years. So let's get ready. >>I call that getting comfortably uncomfortable, no businesses safe if they rest on their laurels these days. I think we've learned that, speaking of speed, I wanna, I wanna get kind of your perspective on 5g, where you guys are at, and when do you think it's going to be really impactful to, you know, businesses, consumers, first responders, >>The 5g investments are happening and they will continue to happen. And if you look at what's happened with the network, what at and T has announced, you know, we've gotten a lot of kudos for whatever 5g network for our mobile network, for our wireless network. And we are starting to see that, that innovation and that innovation as we anticipated is happening for the enterprise customers first, right? So there's a lot of, you know, robotics or warehouse or equipment that needs to sort of, you know, connect at a low latency, high speed, highly secure sort of, you know, data movements, compute edge that sits next to the, to the campus, you know, delivering a very different application experience. So we're seeing that, you know, momentum, uh, I think on the consumer side, it is starting to come in and it's going to take a little bit more time as the devices and the applications catch up to what we are doing in the network. And if you think about, you know, the, the value creation that has happened on, on the mobile networks is like, if you think about companies like Uber or left, right, did not exist. And, uh, many businesses, you know, are dependent on that network. And I think, uh, it will carry on. And I think in the next year or two, we'll see firsthand the outcomes and the value that it is delivering you go to a stadium at and T stadium in Dallas, you know, 5g enabled, you know, that the experience is very different. >>I can't wait to go to a stadium again and see it came or live music. Oh, that sounds great. Rubbish. Thank you so much for joining me today, talking about what a T and T is doing with 49, the challenges that you're helping your customers combat at the edge and the importance of really being future. Ready? >>Yes. Thank you. Thank you so much. Really appreciate you having me. Thanks for 49 to invite us to be at this event. Yes. >>Thank you for refresh talk. She I'm Lisa Martin. You're watching the cube at the 40 net championship security summits.

>>From around the globe. It's the cube covering Fortinet security summit brought to you by Fortinet. >>Welcome back to Napa Lisa Martin here at the 40, that championship security summit. I'm pleased to welcome the CEO of links us who joins me next. Harry do Hurst, Harry, welcome to the program. Great to you're here we are in an in-person event. One, which is fantastic. Two we're outdoors, three we're in Napa. >>What's not to love. >>There's nothing, nothing not to love. So you had a session this morning. Talk to me about some of the things that you shared with attendees. >>So the session was, was talking about hybrid work and really the how to make that successful. And, you know, we, as a business have really focused making it, not just work for companies, but for companies to thrive and to really embrace, um, the hybrid work and, and, and extract the Mo the most benefit from it. So we, we spoke about the challenges that, that, that, uh, that has, and some of the solutions to, uh, to solving those challenges. >>Tell me about some of the solutions I'm very familiar with as someone who has been working from home for 18 months, some of the challenges I know, understand it too, from an enterprise security perspective, but what are some of the solutions that links us CS? >>So the solutions are fall into kind of three main categories. The first is of course having the best and latest wireless technologies. So that's wifi six wifi, um, it's of course, needs to be coupled with having a good pipe into your home, or all leveraging 5g and other wireless technologies to have, have great connectivity, then having mesh networking to enable it to be wall-to-wall coverage, seamless roaming between, between all the devices to mean that your, your network infrastructure within the home is very robust. Th th the second kind of pillar of, of, of solution is, is around. Now, you can bring enterprise grade security into the home. Typically it would sit in server cupboards in, in, in, in offices and now, um, with, with us and fortunate, we've created a product which brings that enterprise grade technology for the first time into the, into the home. So it managers no longer have to, um, compromise when it comes to security and they can apply the same policies that they would be doing in an office of 10,000 people to 10,000 offices that are in individual's homes. And, and that's a kind of a first, first world first, I would say, but, um, is going to be critical. And again, it, it, it's about moving from it's good enough to let's make it amazing. Um, and let's not compromise on something as critical as security and safety. >>Absolutely. We know we've spoken a lot with 40 net today and over the last year and a half about the massive changes to the threat landscape, the expansion of it, especially with this pivot, when suddenly there were all of these devices, personal devices on home networks, corporate devices on home networks, it's really changed, not just the threat landscape, but also what enterprises need to do. You guys, you mentioned this new announcement came out yesterday, the Linx has homework solution powered by Fordanet talk to us about that, the Genesis of it, and what we're enterprises can actually get access to this. >>Sure. So, so yeah, this is a product that really it's been a meeting of minds. You know, lynxes, lynxes are a leader and have been a leader since the very beginning of wireless. And, and we are, you know, a leader today. Um, Fortnite of course, we're a leader in enterprise security. So the two combined providing the best in class, uh, home internet experience coupled with, um, the, the security, which can be managed by the business. So when as a, as a, as an end user, as a, as a, as an employee, when I plug in this equipment, it automatically phones home to, to, to, to link LyncSys. And then in turn to force net, we know that it's Harriet LyncSys, that that has been been plugged in. It will spin up a network for me, personally, and my family to use in the home. So the, the benefit to the, to the, to the consumer is that there's a fantastic wifi, six mesh solution throughout their home, which is most likely a significant upgrade on their Verizon equipment or whatever it might be. Um, and it's been spins up a corporate network and that corporate network for all intensive purposes is, is imitating exactly like if you were sitting at your desk in the office, in the corporate office. So it becomes an extension of the corporate network. Um, and as I say, it sits behind, behind the FortiGate. >>Talk to me about the Genesis of the solution. Was it the pandemic, because lynxes has seen the challenges from the consumer centric point of view. Talk to me about really kind of the catalyst for these two powerhouses coming together. >>So it was actually something that we were working on three pandemic and fortunate work. We're, we're, we're also looking at how to support the remote work because remote work is not like totally new, this, this pandemic has rapidly accelerated it, but, um, there was already a market and growing, this has just accelerated it. So both businesses independently of one another, where we're kind of toying with it. So when, when we then kind of came together, it was, it was a no brainer. And there was a kind of light bulb moment. And, and we, we realized that the combined solution with the two businesses and bringing together the expertise from both was really, would be how, how we would succeed. >>Do you see any in the last, I know it was just announced yesterday, but any, any industries in particular that you think are really like low-hanging fruit for this type of technology? >>I mean, I think finance is of course, um, you know, there's the high stakes poker in, in that industry. So, um, same goes for healthcare, um, and, and, and even education. So ones that where security is paramount of, and of course security is paramount everywhere, but those ones in particular, given the nature of, of the, those industries. So, so we really expect to see banking, finance, healthcare, uh, pharma, as, as key verticals that we would, uh, we would expect to be successful. >>Okay, excellent. Well, one of the challenges with the ransomware increases, the 40 net threat landscape report showed it's nearly up 11% in the last 12 months. Of course, we have that rapid pivot to work from home 18 months ago, and ransomware and phishing and, and techniques and social engineering getting so much more sophisticated and personalized. Now you've got someone working from home who probably has a million distractions, kids, spouses, et cetera. So easy to click on a link that for most of it looks very legitimate. So having a solution like this in place is really critical for >>Absolutely. And, and I think, you know, until those vulnerabilities are sealed, you know, the attacks will continue. And this solution is part of the, the, the soul for that. Because as soon as, as soon as these, these holes in the bucket of a tape shut, um, you know, the, the appetite to, to invest time in, in attacks, we'll, we'll, we'll fade, >>Hopefully that's the direction that we need to see it going, right. Not up until the right down. Talk to me about, so you mentioned from the it perspective, I'm looking for the benefits for an enterprise, it organization, centralized visibility, they can see in terms of productivity. I imagine it's much better for the end user, but give me that kind of it business perspective, how does this help them come together? >>So for all intents and purposes, the it manager will see within their, their fortunate, uh, interface, these devices, these links devices in people's homes, just in the same way that they would see 40 gates in their office in New York or their office in Pittsburgh. So, um, you know, it really is this, there were 15,000 people in five offices. There's now 15,000 people in 15,000 offices, and, but they can push and manage an and, and push those security, um, policies seamlessly down to all 15,000. They can categorize them. They can, they can do fall intensive purposes. Those, those employees are sitting in the, in one of their facilities. And, and that's really the, the bar that I believe companies should be holding themselves to because, um, it, it provides security for the company. It provides security for the employee, and of course, then by them being able to connect efficiently and secure securely and with great speed and no interruption, that's good for productivity, which is good for the company's profitability. >>Absolutely. It's all interconnected. And this is tuned for video conferencing. Is that >>Yes. So, so we've actually partnered with, um, both zoom and teams, Microsoft teams to, um, we've done an integration with them whereby we're able to identify and optimize that traffic within the network. So, so that adds an added benefit to, to users of those services. And we'll, we'll, we'll be rolling out further, um, partnerships with other key, um, utilities that enable that to optimization to, to, to help it be streamlined. >>So prioritize zoom and teams for the parents kick the kids >>Off. I mean, we've all experienced. The apple TV gets fired up, zoom goes down or, or fought for fortnight, uh, gaming sessions cause you know, havoc within the home. So it it's that application prioritization and optimization that, that I think will also really benefit, um, companies and the employees. The, the frustration is immense. >>I agree I've experienced some of that, but what you're really doing is providing a very secure lifeline that the enterprise needs, the employee needs. It, it's all tied together, productive employees, that our customer experience that our products and services it's, it's really these days, especially considering we don't know how much longer this is going to persist. We expect that there will be some amount of hybrid that will probably be permanent, but that's a lifeline. >>Yes, no, absolutely. I think to your point around the permanence of this, you know, of course we're not all going to be hermits and leave live at home forever, but that, you know, I think this has opened both companies and individuals eyes to what's possible. And I think if you implement these, these types of measures, then you you're setting it up for success. And, and, um, you know, I believe that the solution that we've launched is, is a part of the, the, the piece of the puzzle. >>Maybe the acceleration of it had a bit of a silver lining from what we've all experienced in the last 18 months. Yes. Yes. Talk to me about some of the comments and the feedback that you got from your session this morning. I'm sure people are very excited to hear about what you're doing. >>Yeah. I mean, since, since the announcement came out yesterday, there's been, there's been certainly a lot of interests in appetite. Um, and yeah, we're super excited about the reception it's received. Um, I think that a lot of people that are like, oh, wow, of course, why, why wouldn't this exist already? Um, and, and when you look at it like that, it kind of is obvious, but it, you know, no one expected of course the pandemic and therefore the, no one was ready for it and it's taken us a year or so to, to get a product that's, that's, that's viable and ready and going to be going to be really, really, um, a great utility for companies, but there really was nothing else out there. >>It is surprising in a sense, but then you're right. No one was prepared for the pandemic. We didn't see it coming. And we didn't think that this was a situation that we were going to have to prepare for, let alone live for as long as, as TBD, long as we have. >>Yeah, no, absolutely. That's um, I think it caught everyone by surprise. I think maybe if, if it had happened several years later than the hybrid work movement had started, it was in its infancy. It got very, very quickly ramped up to adulthood. >>I definitely >>Did. So, uh, so great news, very exciting. What you guys are doing with 49. I'm sure that there's going to be great customer feedback. We'll be excited to watch what happens as it gets deployed and rolled out and see how this really transforms the enterprise experience, the employee experience. And I imagine this is a great differentiator for links us business. No. Um, I think it's, it's a really exciting next chapter of, of our, of our history. You know, we've been around for 30 plus years and, um, I think this is, this is a real step change in, in, in where we're focused and I'm super excited about the future. >>I like that change in the future. Well, here we are in beautiful Napa. You said you're not a golfer, but your wife has, >>My wife is golfing. I I'm going to be keeping very many fingers crossed tomorrow during the program for this, for the safety of the spectators. >>That's awesome that she's in the program and here you are settled with all these meetings and all those >>Things. >>Exactly. Well, Harry, it's been a pleasure talking to you. Thank you for joining me on the program, explaining the links as homework solution powered by 49 and all the great things that are going to come from that. Thank you for Harry. Do Hurst. I'm Lisa Martin. You're watching the cube and Napa at the 40 minute security championship.

>>From the cube studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is a cute conversation. >>Everyone. Welcome to the cube conversation here from our Palo Alto studios. I'm John furrier, host of the cube. We're here with our remote crew, getting all the interviews, getting all the stories that matter during this time were all sheltering in place during the COVID crisis. We've got a great returning guest, John Madison, EVP of products and chief marketing officer. Fordanet John. Great to see you, uh, looking good with the home studio. They're getting used to it. Yeah, indeed. Good to be here again, John. Thanks for coming. I really appreciate it. We're hearing a lot about sassy, which has a secure access network adjuncts, zero trust network access. Uh, what does that all mean now these days? What does this sassy? Well, there's definitely a lot of hype around the word sassy, which is the security of the age. Uh, for us actually it confirms a strategy that we've had since the beginning of the company. >>And two important concepts. One is, uh, the coming together of, uh, networking and security. We could refer to it as security driven networking, and we've been doing it using ACX and appliances for a long time. Uh, we're now going to expand it to a cloud as well as that's one concept, again, bringing together networking and security or converging them in a way. And then the second concept is more around a platform approach. So if you look at the definition of sassy, it includes, it includes web gateway as a service you a trust Caz B, a wife, et cetera. And so bringing those together in a platform approach, we refer to it as the fabric. So we're actually really happy about those two concepts coming together. Maybe the name itself could be, could be different, but definitely the concepts and the technologies play really well to our strategy. >>Yeah, it's sassy. S a S E not two ways, not like SAS softwares of service. Wait for one noses cloud. Yeah. I tried using the full name and I've reverted back to sassy again. So short and sassy, keep it short and sweet. Um, okay, well this is a super important relevant topic for multiple reasons. One is COVID is kind of accelerated the future for everybody. And you know, we've been kind of riffing on Twitter and throughout the industry I've been calling it the big IOT, uh, experiment because the unforecasted disruption of COVID is forced everyone to work at home. So the notion of work changes workplace is now home workforce, the people, how their interaction with the networks, workloads, workflows, all changing new expectations, new experiences. This is the real deal. And the edge is where the action is. That's the big, new obvious architectural highlight here. >>Yeah, so we talked last time. I think it would just be getting this work from home, uh, element, but, um, we're still here. And I think what it says is that what is forced is that, uh, enterprises and customers need to look at their edges and they're increasing. So we always, the one edge was a new one over the last two years. As we introduced us the, when they had a data center edge, they had an endpoint edge and now you have a home edge. And so you've got to apply security as a cloud edge as well. You've got to apply security to these edges. And the key is the flexibility to apply the security you want and you need against this agent. And so we're seeing some customers right now, look at setting up mini enterprise networks to protect that home age again, in that, in the homes of their executives or developers. >>And we reported with the news. You guys had a couple of months ago around just as such been a feeding frenzy for hackers and bad actors to go after the home environment. Um, as well as the it guys who are working from home, you have the cloud consumption's shifted as well. You're seeing the cloud players doing extremely well because now you have more cloud, you have more vulnerabilities at the edge with the home. This is changing completely increasing the attacks. >>Yeah. The tack factors, you know, predominantly, still actually, you know, a lot of fishing, but then if you're on the network, that attack factor is very important. So for us, and, you know, we did an acquisition last week of opaque networks because that gave us an additional consumption model and different additional form factor. So if somebody going from the home straight into the cloud, or the pairing off a branching off an SD Wang connection straight into the cloud, we can now apply that cloud edge security throughout our sassy capabilities. And so again, the ability to have security at all, these edges has become very important going forward. So for us now we've got appliances, we've got virtual machines, we've got cloud delivery, and this is becoming very important to customers. I'm not saying, and customers are not saying they're going to go to just cloud only going forward. They're going to be hybrid. And so having those options is very important. >>You mentioned opaque networks, we reported that acquisition. Congratulations. What does that mean for Fordanet and where does that technology fit? And you mentioned software. Can you just take a minute to explain the acquisition impact Affordanet and where does the tech fit? >>Well, as I said, we've been driving a lot of this conversion, sassy conversions through our appliances. Um, but it's sometimes makes sense to put that security closer to the cloud during points or wherever. And so opaque, we really liked their model of building out these hyper hearing stations and making sure they got high-speed security there as well as edges. And so, um, we bring, we're going to bring that inside our environment, uh, update it to include some of our technology, uh, but it gives us now great flexibility, uh, of applying that security at the SD wan edge, the data center agent now without edge or longer-term roadmaps will integrate orchestration capabilities. It also includes a zero trust network access capability as well. So really when we looked at our, uh, of sassy framework, uh, we had most of the things in place. This now adds firewall as a service as well as zero trust network access, giving us the most complete sassy framework in the marketplace. >>What is the security component of the work at home? You mentioned earlier, there's more networks and companies are looking to kind of up level the capabilities. Can you give an example and take us through what that like and what companies are thinking about, because it's not just, here's some extra money for your home bandwidth, your people are working there. It's like, it's gotta be industrial strength edge. Now it's not just, um, you know, temporary and their kids are home too. So you got they're gaming, they're watching Netflix, people zooming in and doing WebExes all day long. >>Yeah, it can be as simple as putting a zero trust network access, you know, an agent on there and doing some security locally, and then going back through a proxy in a, we believe actually that it's, it can be even better than that. That can apply many enterprise security in your house through a next gen firewall, give high availability through SD wan, uh, then, you know, expand out their secure access and switching and end points. And we can do that today. I think what's going to be key going forward is as you're dealing as it, uh, teams have to deal with more of a consumer approach remotely in the homes, we're gonna have to simplify the way things get set up, such that you can easily separate out, maybe home usage from corporate enterprise users. So that will be something we'll be working on over the next 18 months. >>I mean, just the provisioning, the hardware, okay, here you go. Plug it in it. Should it be plug and play? And this is kind of back to the future of where SAS is going. I mean, the old days was plug and play was the technology. Now you've hit that concept. It has to be auto configured. You have to provision pretty quickly. What's the future of sassy in your mind. >>Yeah. And so, you know, if you think about, you know, coming back to the home usage, then people have dumbed down those routers and the security is very simplistic. So we, people can just plug and play. If you, it needs to be a bit more sophisticated. Uh, you're going to need to put some tools in place. We believe longterm that the sassy model, once you've got the platforms in place, once you've got SD wan in place, your Cosby or your sassy zero trust and longterm, you're going to need an orchestration system. That's more AI driven. So we've done a lot of work on AI around security and making sure we can see things very quickly. Um, but the longterm goal, I think will be around AI ops, AI network ops, uh, where the system and the big data systems are looking across your network, across these different components to see where there may be an issue. Maybe there's a certain length has gone down across a certain ISP. We need to bring that back up. Maybe there's a certain cure or as to an application in the cloud somewhere. So we need to change the OnRamp. Uh, so once everything's in place and you have that console and policy engine that can look across everything, and then we need to get smarter by looking at the data and the logs, et cetera, and applying some of that AI technology. >>You know, John, we've been following Fordanet as you know, for many, many years and watching the evolution of you guys as a company. And also as the industry, the new waves are coming in. Um, a lot of the stuff you're doing with the fabric and now the secure driven networking has been kind of on the playbook. So I want to get your thoughts before we get into those topics and define them and kind of unpack them. But generally customers are looking at, um, a slew of vendors out there and you have 10 of two approaches. You have a platform, and then you have the we're an application or fully full stack or SAS or something. And this there's trade offs between the two. And how should customers understand the difference? Because there's different value propositions for each platforms, more enabling out of the box, SAS or point solution can solve a particular thing, but it may not have that breadth. How should customers think about a platform approach or fabric and how should they think about the value and how to engage with that longterm? >>Yeah, I'm definitely seeing more customers look towards a platform going forward. They just can't manage all the different point solutions and you don't have to train an individual in that product. You have to have a separate management console, you have to integrate it. And so more and more I'm finding customers wanting to converge, which is the basis of sassy consolidate applications onto a platform of security applications. What's important over that platform is that the consumption model is flexible enough to be an appliance, to be a virtual machine and to be cloud delivery does as a customer's networks move and their orchestration systems move into different, more cloud, or they've got their IP enabling their factories, for example, then they need that security to be flexible. So yes, you need to be a platform as the way forward. Um, but two things. One is you need a flexible consumption model for it. You know, clients, virtual machine and cloud. And also that platform needs to be very open. It needs to have connectors into the main orchestration systems that needs to allow people to build API and automation. So, uh, yes, you, you need a platform, but it needs to be open and it needs to be flexible. >>Great, great insight there. And that's exactly what the marketing, especially with cloud the kind of scale, second follow up question to that is how do you tell the difference between a tool camouflage is a platform. So I have a tool I want to sell you a tool, but no, it's a platform. So a lot of people are peddling tools and saying their platforms. How do you know the difference? >>Well, to me, a platform that has much greater scope across the attack surface festival, they attack factors whether that be email or application the network, the end point. So platforms not just of a specific attack back to go across the complete surface. And then also a platform is Wednesday organically built, allows those products to communicate. So then you can build automation across it. It's very hard to build automation across two or three different vendors. They have different scripts. So been able to build that automation. And then of course, on top of that, to have a single view, single visibility capability, as well as longterm applied that AI ops across it. So platform is very, very different from the, some of the tools I've seen in the marketplace. >>I want to get to your reaction to a comment that your CEO said about security driven, networking, and underscores what we've been saying for years, blah, blah, blah. He goes on in this era of hyperconnectivity and expanding networks with the network edge stretching across the entire digital infrastructure, um, networking and security have to be kind of be their, their convergence. You mentioned describe how you view hyper-connectivity and expanding networks and how the edge stretches across the digital infrastructure. What's what does that look like? Can you share your vision of that? >>Well, when you think about networking, if you go back 20 years, when you have these 10 megabit per second connections, learning, networking, and routing and switching, they haven't really changed that much over the last eight years, 20 years, they've just got a lot faster, gone to now to 400. You give us a second, but the basic functionality is the same. And so it's allowed them to go a lot faster. Um, security is very different, even though it started off with firewalling than VPN, and then next gen firewall, SSL inspection, all these functionalities IPS have been added, making a lot harder for it to keep up in the network. And so one of the fundamental principles of security and networking is bringing these two things together, but accelerating them either using a six and now cloud through our acquisition, uh, to allow those to run in a converged format. >>And that's very important because as I said, there's now more, you can look at it two ways. You can say the perimeter has expanded because it used to be a very narrow perimeter. The data center across these areas, or at the edges have formed as well. There's new edges sitting at the OT environment, sitting at the wan edge, sitting at the home mattress. I talked about seeing the cloud edge. And so the ability to apply that security in very high performance, very high quality security, not just a small sampling of security, a full enterprise stack, but those edges is going to be critical going forward. And the flexibility to apply in different ways is going to be very important. >>I think the convergence piece is totally relevant and honestly it consolidating into a platform is very key point there. Um, while I got you here, I would just like you I'd like you to define what is security driven networking and what does it mean to be security driven? So define security, driven, networking, and give an example of what it means. >>Yeah. And so I think it's, I think the one edge was one of the best examples of it. I mean, actually go before that next gen Fila was where you bought firewalling and then content inspection to go there. But I think the latest one is definitely the one edge or secure SD land where you had a networking function, which was to get the users to the right applications. And so they got this application now steering that goes out through there. Well, you also want to apply security to that because security into the wham, you've also got to protect the land. And so the ability to run a security stack there, whether it be IDs, right, patient control is very important. So getting all those networking functions, working at high speed, getting all the security functions, working at high speed, uh, is that it's the kind of the Genesis of security driven networking, and you can apply it there. We can also apply it in other places at the age, in the cloud. Now the home, uh, it's a very, very important concept, uh, to be able to run networking and security together. But high speed, >>Everyone has their own kind of weird definition of sassy, depending on when you're building your own or different analyst firms. Uh, I noticed you guys have a different take on this. Even Gartner has a different view on this. How do you guys diff differ from that, that definition and what should people be aware of when they hear that? What is the right definition? >>Yeah. You know, it's unfortunate. I mean, I think Ghana does some good work there and that they define it and I've come up with sassy, but this is like acronym soup. And, you know, I want a bit of next gen firewall on my sassy. It's just, it's just so many different terms. It confuses the customer. Then what makes it more confusing is that vendors look at their portfolio and go, Oh, sassy is a hot topic. I've got a sassy as well. And really, it should be very clear what the definition from Gardner is. It is bringing together security and networking. Now their definition is that they, uh, you should do that in the cloud, which we agree with as well, but it can only be in the cloud. The reason it's in the cloud is because not many people have got the ability to run on an appliance very fast. >>So we believe our different stairs that you should be able to run it on an appliance virtual machine in cloud. And then the second kind of differences that they've defined the components of Sassies being Estee, wagon, Cosby, firewalls, a service zero trust. We also think that the land age is very important. So we would add into that definition, that secure access of wifi and Ethan at switching as well. And so we try and point out, you know, the gun definition and we also point out where we differ and I think that's fair to the customer can make a good decision. >>I think it is fair. And I think one of the things I've been saying for years, and I love garden, I love the guys over there and gals. I just don't think that their business model is real time as much, but they ended up kind of getting it right down the road. But you brought up a good point. And again, I've been saying this for years, cloud changes Gartner's model because there's, if you have quadrants, it implies silos and implies categories. And one of the best things about cloud is it does horizontally scale. So some of the best vendors actually have multiple capabilities that might fall on different quadrants that may or may not be judged on a criteria that meets what cloud's doing. So, yeah, for instance, Asics, you mentioned right. That's in there too. You get cloud and ACX is that where they've got two different categories? You add the edge in there. If you do all three, really great as an integrated, converged and consolidated platform, you're technically awesome, but you might not fit in the quadrant. >>Yes. That's a really good point. I have this conversation with them all the time in that traditionally enterprises have a networking teams and security teams, and they've been in silos or I've had a networking team that just does switching or just this routing, just this SD wan. And I have a security team that does web gateway, and then they like to separate them all into different components. When you look inside those Nike quadrants, they're all different, even at the same vendor, the different products. And what we like to do is bring it all together. You a single operating system, a single appliance or cloud virtual machine. Sometimes it's not quite, it doesn't quite fit the model, but in the end, you're trying to do the same thing. Know, and COVID-19 >>One of the real realities that everyone's dealing with is it does expose everything and an expose. And again, it's been a disruption unforecasted, but it's not like an outage or a flood or a hurricane. If it happened and it's happening, it really puts the pressure on looking at the network. It's looking at how you can have continuous operations. How are you working with your people and workloads, workforces apps. You got to have it all there. And if you're not digitally enabled, you're going to be on the wrong side of history. This is what companies are facing every day. And they've got to come back and double down on the right project. So every CXO I talk about, that's the number one challenge I need to come out of the pandemic with a growth strategy and an architecture. That's going to allow me to take advantage of the new realities. Hey, it's really good for people to work at home. That's cool. Some people are going to continue to do that. Maybe that's normal. Maybe that's a new tactic >>And it's going to vary by industry as well. So if I'm a retail outlet, I absolutely need it 100% of the time, but those retail outlets cause people are ordering online and then they're driving up. And so it has changed the dynamics. It's for me working at home, I have to be on all the time. And so the ability to do really good, high quality networking, high availability, high IQ of as, with this integrated security across the different edges is super critical. >>I was talking with a network friend of mine. Again, we were having a few zoom cocktails and do a little social networking online. And we were like, and we've, and we've mentioned it before in the queue, but we keep coming back to the land is the new land. And meaning that it's in the old days, land was everything, everything, the local area network, and you were inside the data center, everything was great on premises. When is the new land? So if you think about it that way you go, okay, when edge I got a, now Atlanta at home, you got to SD wan and your house, of course you worked for Fournette. So it's a little bit beneficial for you, your, your, your, your geek there, but this is the new normal where it's all one network. It's not just a land link, it's a system. Can you react to that? What's your take on that? When is the new land kind of ref, >>First of all, it can't be too picky. He goes on the CMO as well. So there's no talk about the geekiness. Um, but, um, it's just, it just makes as a skip saying, it's, it's, it's making sure that wherever you may be, uh, you know, you're doing less traveling these days, but that may come back at some point or where they are at a branch office or a campus environment or wherever applications, and then moving around in different clouds, in different areas, in terms of consumption of workloads, um, wherever that's happening, you gotta be able to be flexible and applying that security to the different edges, land edge, one edge home edge data center edge. And so the ability to do that, uh, while providing high speed and connectivity, uh, is very important. And then again, as you go forward and you implement that platform approach. So not just the point product now, three or four products working together, uh, being able to apply that policy orchestration and AI ops is going to make sure that they get that user in the end. It's all about the user experience. Do I have a high quality of experience, whatever application I'm using? That's the key measurement in the end? >>You know, one observation I would have, if you look back at the whole virtualization trend, going back to the early days of VMware, that kind of enabled Amazon and kind of having a large scale kind of infrastructure, hyperconvergence really kind of collapsed everything together. And now you seeing things with Amazon, like outposts, you seeing, you know, these non premises devices, which is basically one cloud operations kind of highlights what you're saying here. And I want to get your thoughts on this because the combination of Asics with cloud, it's not a bug, it's a feature for you guys. That's a value proposition and it's kind of consistent with some of the big players like AWS. When you look at what they're doing and apprenticeships, for instance, what they're putting in the servers, having that combination of horsepower Asex with cloud is a guiding principle of the future architecture. Can you share your thoughts was also, you guys are, are announcing that and have that feature. >>Yeah, well, w another reason why I like the opaque acquisition as they were their major appearing pubs into the different cloud service providers that were using hardware and that hardware, uh, we, we can run hardware and with our Asics almost 50, a hundred times faster than equipment CPU. So I've got a firewall application I've gone on appliance. There, I may need a hundred virtual machines and, and CPU they're running the same thing. So again, we're coming back to our definition of security driven, networking in our minds. It can be basic, it can be virtual machine and it can be cloud. Now, imagine if we can take the best benefits of basic and combine that with cloud, uh, that's a great model going forward again, given that flexibility. So when people think cloud something has to run on something, it doesn't run in fresh air. So, you know, the big cloud vendors are putting in some Asex to accelerate some of the AI stuff, and we're going to use the same thing in some of our major, what we call 40 sassy. You know, our naming methodology is 40, whatever it does or going forward to provide us that performance and high availability now. Yeah. So you're always going to need some flexibility of virtual machines in certain areas, but we think the combination of both, it gives us a great advantage. Yeah. >>And there's definitely evidence that, I mean, there's a, there's kind of two schools of thought on hardware. Are you a box mover, you know, commodity general purpose, or are you using the hardware and a system architecture, acceleration has been a huge advantage, whether I've seen companies doing accelerated Kubernetes processing, you know, for clusters and some, you know, see GPS are out there. It's, it's, it's how you use the hardware. Yeah. That's the, really the key it's and again, back to the architecture. So, okay. So wrapping up, if you, if you believe that, and you look at the fabric that you guys are having out there, and as it evolves, what's the, what's the next level for 400. How do you see this going forward? You've got security driven networking, and you got the fabric. What's next? What are you guys working on the product side? >>I know you're public, you can't reveal any future earnings, but give us a taste of kind of the direction on the roadmap. I think, you know, we've got now all the, all the kind of component that underlying components of the platform in terms of the ability to apply appliances, deliver it by appliances or virtual machine or cloud. Um, we've got a very broad portfolio from endpoint, uh, all the way into, to the cloud and the networks, all those things that are in place. Obviously you always need some features here and there as you go forward and nest it when and next gen firewall, et cetera. Um, but I think the longterm, I think a goal for his nine is to, again, to apply a bit more intelligence, uh, both from a security perspective and from a network perspective, such that we can predict things, we can automatically change things. >>We can build automation and react to things much more quickly. So I think the building blocks are in place. Now. I think it's the ability to provide a bit more smarts across it, uh, which of course takes big data and very specific application programming. And I think, uh, definitely our customers are asking us about that. And we look very closely with our customers to build out that, to make sure it meets their needs going forward while it's great to see the platform continue to grow and, and fill in a holistic view of the, of the landscape from edge to throughout the enterprise. So a great strategy and thanks for the update, John Madison, the VP of product and CMR for that. John. Great to have you on. Thanks for coming on extra. Okay. This is the cube conversation here in Palo Alto studios. I'm Chad for a year hosting the cube. Thanks for watching.

>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Welcome back everybody. Jeffrey here with the cube. We're at RSA 2020, downtown San Francisco and Moscone center, 40,000 professionals in the security industries, the biggest security event in the world. I'm pretty sure, certainly the biggest one in the U S we're excited to have somebody who's been running around taking care of these problems and talking to customers for a very long time. It's got a great longterm perspective. We're happy to have him. Jonathan, new wind, the VP global field say-so team for fortunate. Jonathan, great to see you. So you said you've been coming to this show for a long, long time. Love to get kind of your impressions that the human element is the theme. Yeah, well, sheer, you know, I, I think, uh, it's changing. It's uh, the attendance is broken out by very senior people who've been here for, you know, multiple events and then a whole new slew of people are coming into the industry, right. >>And there's a lot of excitement. It's, um, there's a little bit less of a buzz. It just seems it's a little bit less people here this year because of the virus scare. Um, but overall I think that the themes are pretty consistent, which is kind of tragic that the themes are consistent year after year because this suggests that not a lot has changed despite the $130 billion and it works with purity span. You know, absolutely complexity. Uh, everyone is telling me about how to solve complexity, how to do more with less, uh, how to do more with less and fewer people and how to get their arms around this vast volume of data that's being generated. And there's a lot of talk about automation and AI, uh, but much more practical, less buzzwords and more practical solutions. And yet still tons of new vendors, right? Tons of new opportunities. >>You know, I don't know what the final count is on the vendor side, but it's a really large number and you go off into the corners to the EDBD little, little, a little mini boost is still a time of innovation. So I think that people trying to move the ball. So I think when the first show first started, there were less than a less than 500 vendors, I think in the industry back in 2007 I think today we're North of of 5,000 and it's probably 8,000 or about 5,000 vendors in the immediate vicinity here. But just go around the corner and there are dozens of others having their own events and the neighboring hotels and restaurants. It's astounding the number of different point products are still coming into the industry and, and, and that really suggests that we haven't gotten our arms around integrating all of this technology. >>And it's just another level of complexity. So what do you tell your friends on the buy side, right? Who know you and say, say Jonathan, I'm going, I'm going to RSA. How in the heck am I supposed to navigate not only the show specifically, but kind of this vendor landscape and then make sense of it all? I'm telling him to look for vendors that are partners that have a longterm perspective and that do the integration for you. You know, one of the things coming from an operational background, as I talked to other CSOs, like our job is to operate technology. It really isn't about integrating technology. It really isn't about OAA and product. I want to focus my budget and my resources on operating technologies and manage risk. So I look for partners and mentors like, like Fordanet that has a fabric with 258 plus different products and vendors that are already integrated out of the box. >>I'm looking for someone that solves complexity rather than a specific problem or specific threat vector. And I'm really looking for some of that helps me understand and manage risk because that's the object of the exercise in cybersecurity today. It's not about compliance, it's about compliance, it's about security, it's about resilience, but a reasonable level of care in managing risk. Right. And yeah, it's, it's a great topic cause I was thinking that kind of in terms of insurance. Yeah. In terms of, you know, how much do you spend and you can't insure everything to 100% right. So it's going to be some number less than that. Everybody else needs a piece of the pie. But how do you make those kinds of trade offs, investment versus risk? Because you can't absolutely protect everything. It makes no sense. So I think that value of it comes back to the CSO and his or her team. >>It's a very human decision. Uh, there is no prescriptive definition of what reasonable care is. You know, outside of one statement by Kamala Harrison, she was the state's attorney in California here, which is the CIS 20 is the minimum level of reasonable care. And so now we have to understand how do we define what is reasonable, what is the risk appetite or tolerance for a company? And once you identify those things, what are the controls and mitigation measures that you're gonna have in place to mitigate those risks? And then what's left is residual risk. And that's a hard decision. How much will you absorb? How much will you transfer, uh, and how much will you just tolerate? Um, but it's really no longer just about compliance, uh, and it's no longer just about having a security or continuity or resilience about all of those things. At a reasonable level. >>Right. It's interesting as pulling up Winnie Naylor from, from Cisco gave one of the early ketos and she talked about, you know, really this security profession, embracing those pesky people that keep clicking on links because really they're the people that can, that have the data around the specific, um, applications and specific assets that the company has to kinda have that informed decision as to what is it worth to protect and do we need to protect it? Do we need to protect them more? Can we let this thing go a little bit? Yeah. I think the human element is the hardest part, you know, in mind at this conference and its theme, that human element. The hardest part about this job is that it's not just mechanical issues on routing issues and networking issues, but it's about dealing with all types of humans, innocent humans that do strange and bad things unknowingly. >>And then malicious people who do very bad things that by design. And so the research suggests that no matter what we do in security awareness training, some 4% of our employee base will continually fail security awareness tests. Well, we fished actively. And so one of the things that we need to do is use automation and intelligence so that you could comb through all of that data and make a better informed decision about what risks you're going to mitigate, right? And for this 4% that are habitually abusing the system and can't be retrained while you can isolate them, right, and make sure that they're, they're separated and they're not able to, uh, to do things that may harm the organization. Right. The other human element is the people on the security teams, right. And it's a tough resource. There aren't enough of them. And, and, and historically, they'd been the ones that, that integration point between all these different systems and it's a highly stressful job. >>You know, there was a Forbes article that said 17% of all CSOs are functional alcoholics. I mean, I mean, and they met as a 17 for 17%. One of every six CSOs medicates himself or herself with alcohol. And medicate is a very specific term of art. It doesn't mean recreational drinking means you are a functional alcoholic and that tells you about the level of stress and complexity. You know, in this job, our research suggests that the average CSO lifespan is somewhere on the low end of about 12 months on the high end, somewhere about 24. You know, in their role or in their profession, their role and their current job, their current gig, they're not lasting more than than two years. Uh, the sheer complexity and stress of the job and you know, and, and those, of course, 24 months, three of those months are just orientation cause that gives you an idea. >>It's a level of stress and complexity that the average CSO is going to face here. Right. So really begs for a lot more automation, a lot more automation on the defense side. It does, it, it makes for a lot more automation. And how do you help those teams cope with a massive levels of complexity and data that's coming out of these digitized and digitally transformed enterprises, right? And when you think about each person's going to generate three to five terabytes of data per person per day, uh, and that computing is going to change in the next three to five years. Right now 85% of computing and data generated comes from traditional it functions as you move into 5g and edge based computing, the vast majority of data generating computing will be done on the edge. So the level of complexity, the number of technologies and devices that we're going to have to monitor is only going to expand, right? >>Right, right. And the speed of those transactions and the speed of the potential harm. So marry that against the research data says that 99% of the attacks could have been mitigated through simple intermediate controls and that the patches, the signatures were readily available. And so the thing to contemplate as we go into this heightened level of complexity and expansion of our computing environment is we're missing the basics today, right? Right. If 99% of the successful attacks are based upon exploits that are known that the signatures are available in the patches available for then a year, what are we going to do when everything else becomes even more complex, more sophisticated. Yeah. That's funny. That was part of, of of raw heats keynote, uh, to kick off the whole thing is he said, you know, we as security professionals like to focus on the complex, we like to focus on the, the ornate and the, and the super sophisticated attacks on the reality is the vast majority and we're just coming right in the normal side door that they've been coming in all along. >>And one thing I decided during my time at the Verizon data breach investigations report was a 77% of all the breaches were not identified by the security team. They were identified by law enforcement. And so 77, 77% of the case. So let's, so let's say you've got a CIS admin that that goes out and accesses financial information before the earnings call and does insider trading. And it's the sec that calls the FBI. And then it's the FBI that calls you and said, by the way, your CIS admin is going to be charged with insider trading. And that's how they know that there's been a compromise out. And in many cases, what does that tell you? Despite $130 billion of network security spend this year alone, that's seven out of 10 data breaches will be identified by law enforcement and not the security team. Yeah. So that tells you that not the security law enforcement team, either it's the FBI or the sec hires the cl service and it just says that security is so complex that until we find ways like the FORNAS security fabric to automate and to manage complexity in an integrated way, you know, that's the, that's the leading edge indicator that I look for is that at what point do security teams identify more data breaches then law enforcement and the victims and they're way behind at this point? >>I think so, unfortunately. Yes. That's crazy. So, um, but there's a lot more AI now that you guys can use to write on the good guys side. But how does that really square the circle when you're saying so many of it just comes through the simple approaches because of lack of visibility. Uh, SOC teams are overwhelmed by the volume of data. And so the way to address the volume and variety and velocity of data is to use artificial intelligence to use a machine to make human decisions and behavior at machine speed. And so when we launched our 40 AI product offering and the virtual security analysts, you know, the research that we did suggest that is he pivoted a five SOC analysts. And so that's one way of helping SOC teams that are overwhelmed by the volume of data that are understaffed, to use artificial intelligence to distill out from all of that, that data, that useful patterns, and to marry that with our Florida guard intelligence, say, okay, this is the techniques, tactics and procedures most likely associated with this threat vector right now, escalate that to a human to make a decision on whether you want to mitigate that. >>And once you decide to mitigate that, use the automated and integrated capabilities of the fabric to make an efficient and effective, uh, mitigation, uh, of that incident. Right? Yeah. Yeah. That's interesting. You bring up the sec case. We had a conversation earlier today where we were talking about deep fakes. Yeah. If somebody had the use case that, you know, what, if you just had a pretty straight forward, deep fake of some executive from some companies saying something to move the market and you drop that into the, uh, into the social stream three minutes before the close on a Friday, you get a play off the off the margin leverage. Nobody gets to really investigate the thing until the four minutes are over. Markets are closed, right? You get a significant financials damage in a situation like that, not even really directly impacting the company system. Right. >>So you're, you're hitting on the fact that we are more interconnected than ever and that the traditional compensating controls that we would have used to mitigate that type of risk is not, not as effective. And so, you know, that's going to be a challenge moving forward. Everything is going to be more interconnected, accelerated and decisions will be driven by data. So it's all of those things will drive complexity. So maybe next year when we talk again, we'll see it and see that. But I'm a little, one of the reasons I'm, you know, I have a credit freeze personally is that I'm aware of things like, like deep fakes, uh, impersonations moving my identities. So having a credit freeze allows, allows me to know that no one can leverage my credit even if they have my data. Right. Interesting. So thanks. Question. We sit down here a year from now, uh, without the benefit of 20, 20 hindsight. >>Yeah. You know, what do you think the themes are going to be? What, what do you see as kind of this kind of short term move in the market based on some of these factors that you've identified? I think, uh, more automation, more uh, artificial intelligence ways of automating the traditional process was insecurity. The secondarily, I think there's going to be the rising awareness of edge based computing and smart systems, autonomous level five vehicles that are networked and rather than a sensory based awareness, smart homes, smart industrial applications, uh, that computing will be done on the edge increasingly and those industrial applications, that 85% of the data computer will be done there. And that increasingly the cloud will become a repository for, for, uh, for storage and correlation. But the actual computing and actuation will be done on the edge. And so as 5g takes hold, you're going to see tremendous transformations in our society and our economy and how we conduct commerce, how we communicate. >>Uh, and that leads some more complexity. That's why, that's why I'm so focused on helping organizations getting security right now before that next onslaught of complexity hits us. It's coming. It is the five G IOT thing is, is just around the corner. The look at the telcos, there is a very specific reason why they're investing literally hundreds of billions of dollars into five G and the tremendous societal and economic changes that that will bring in infrastructure, communications and security will have to stay pace with that. One of the things that we're going to see moving forward is that the digital infrastructure is only successful only as successful as a security is. And I think we'll, we should see a breakdown in the traditional operational silos in network operations and security operations as Michelle Dennett. He said earlier on the air, if you cannot protect, you should not connect. But unfortunately people are still connecting before they're ready to. Absolutely. Well, hopefully there'll be a little bit more circumspect going forward. We'll try Jonathan, thanks for, uh, for taking a few minutes and sharing your perspective. Really appreciate it. Always a fun time. Alright, Jonathan, I'm Jeff. You're watching the cube where at RSA 2020 from downtown San Francisco. Thanks for watching. We'll see you next time.

>>From our studios in the heart of Silicon Valley, Palo Alto, California. This is a cute conversation. >>Hi and welcome to the cube studios in Palo Alto, California for another cube conversation where we go in depth with the tech leaders driving innovation across the technology industry. I'm your host, Peter Burris. Well, it's that time of quarter again. Every quarter we get together with Fortinet to discuss their threat landscape report, which is one of the industry's best and most comprehensive views into how the bad guys are utilizing bad software and bad access to compromise digital business and steal digital assets. Now, this quarter's report suggests that there's not as much new stuff going on. If you look at the numbers, they're relatively flat compared to previous quarters, but that doesn't tell the real story. Underneath those numbers, we see that there is a churn. There's an incredibly dynamic world of bad actors doing bad things with old and new bad stuff to try to compromise digital business, to learn more about this dynamism and what's really happening. Once again, we've got a great cube guest, Tony Gian. Medico is a senior security strategist and researcher and CTI lead at Fordanet. Tony, welcome back to the cube. >>Hey Peter, it's great to be here. >>So Tony, I started off by making this observation that the index suggests that we're in kind of a steady state, but that's not really what's happening. Is it? What's really going on? Where it's going on inside the numbers? >>Yeah, no, we start to see a little bit of a shift of tactics. Um, what has happened, I think, uh, not all the time, but sometimes with the adversaries like to do is penetrate an organization where maybe us as defenders aren't necessarily as focused in on, and a great example is this. For many years we were focused on and rightfully so. And we continue to be focused on this is being able to block a phishing email, right? We have our email security gateways to be able to not allow that email to come into the network. We also then for for whatever reason, if it happens to get into the network, we focus on user awareness training to educate our users to make sure that they can identify a malicious email. They're not clicking that link or clicking that attachment. Now with that said, we look at the actual data in our queue three threat last grade and what we're seeing is the adversaries are targeting vulnerabilities that if they were successfully exploited would give them remote code execution, meaning that they, they, they can compromise that box and then move further and further inside the network. >>Now granted that's been happening for many years, but we have actually seen an increase order. As a matter of fact, it was number one prevalence across all the actual regions. So with that said, I think it's worth making sure that you're looking at your edge devices or your edge services that are publicly exposed out there. Make sure that there's no vulnerabilities on them, make sure that they're not misconfigured and also make sure that you have some type of multifactor authentication. And I think like we've talked about many times that threat landscape or that, you know, threat attack surface continues really to expand, right? You've got, you've got cloud, you have IOT. So it's becoming more and more difficult to be able to secure all those edge services. Definitely. You know, something you should take a look at >>and you got more people using more mobile devices to do more things. So, so it sounds as though it's a combination of two things. It's really driving this dynamism, right, Tony? It's one, just the raw numbers of growth and devices and opportunities and the threat surface is getting larger and the possibility that something's misconfigured is going up and to that they're just trying to catch your organization's by surprise. One of those is just make sure you're doing things right, but the other one is don't keep, take your eye off the ball, isn't it? How are organizations doing as they try to, uh, expand their ability to address all of these different issues, including a bunch that are tried and true and mature, uh, that we may have stopped focusing on? >>Yeah. You know, it's really hard, right? I always say this and um, you know, I get some mixed kind of reaction sometimes, but you can't protect and monitor everything. I mean, depending on how large your network is, it's really difficult. So I mean, really focusing on what's important, what's critical in your organization is probably really the best approach, right? Really kind of focusing on that. Now with that said though, the reason why it becomes so, so difficult these days is the volumes of threats that we're seeing. I'm kind of come out of what I refer to the cybercrime ecosystem, right? Where anytime, do you know anybody who wants to get into a life of cyber crime, they really don't need to know much. They just need to understand, right? Where to get these particular services that they can sort of rent, right? You have malware as a service, right? You got kind of ransomware as a service. So that's an important to make sure we understand. Um,, Hey, anybody can get into a life of cyber crime and that volume is really sort of being driven by the cyber crime ecosystem. >>Well, the threat report noted, uh, specifically that the, uh, as you said, the life of crime is getting cheaper for folks to get into because just as we're moving from products to services in technology and in other parts of the industry, we're moving from products to services in, uh, the threat world. To talk a little bit about this, what you just said, this notion of, you know, bad guy as a service, what's happening. >>Yeah, I like that bad guy as a service. Um, what's really kind of popular these days is ransomware as a service. Um, then two, three we saw two more variants, uh, ramps and wears as a service, uh, you know, Soden and then also, um, I think I can pronounce it empty. I always have a hard time pronouncing all of these malware name. But anyway, these are new variants now that are coming up. Um, and of course anytime you get something new, the malware usually has more, you know, more a more advanced kind of capabilities. And you know, these malwares have, you know, ways to evade a Vieta taction you know, they're looking for different services that may be on the, the operating system, finding ways to be able to the war, the detection of their particular malware or if someone is analyzing that particular threat, making it longer for an analyst to be able to figure out what's going on. >>Mmm. And as well as trying to avoid different types of sandbox technologies. Now I think that's something bad to actually, you know, really worry about. But what really gets me, and I might've said this, um, in some of the previous conversations this year is that the tactics are also kind of changing a bit for ransomware as a service coming out of the cyber-crime ecosystem. It used to be more opportunistic. There was a spray and pray approach, let's hope something sticks. Right. Totally changed. They're becoming a lot more targeted. And one of the main reasons why it was because organizations are paying large amounts of money or the ransom depending large amounts of money to the group yo yo to have 'em the ability to decrypt their files after they get hit with ransomware. And you've seen this right now, the adversaries are targeting organizations or industries that may not have the most robust security posture. >>They're focused on municipalities. Yeah, they're focused on, okay. Cities also state local government. Um, well we saw it earlier on this year, the city of Baltimore, we had a bunch of cities in Florida, actually one city in Florida ended up having to pay $600,000 in a ransom to be able to have their files decrypted. And also in the state of Texas we saw, Mmm. A, uh, malware variant or ransomware variant hit about 22 municipalities throughout the state of Texas. And you know, the one other thing I think seems to be common amongst all of these victims is a lot of them have some type of insurance. So I think the bad guys are also doing some research or doing their homework to make sure, Hey, if I'm going to spend the money to target this individual or this organization, I want to make sure that they're going to be able to >>painting the ransom. They're refining their targets based on markers, which is how bad guys operate everywhere, right? You decide who your Mark is and what their attributes are. And because these are digital, there's also a lot more data flying around about who these marks are, how they work. Uh, as you said, the availability of insurance means that there is no process for payment in place because insurance demands it and it accelerates, uh, the, the, the time from hitting them to getting paid if I got that right. >>Yeah, that is 100% spot on, you know, efficiency, efficiency, officio. I mean, we all want to get paid as fast as possible, right? Yeah. >>Peter. Yeah, that's true. That's true. All right, so it's time for prescription time, Tony. It's a, uh, we've talked about this for probably six or eight quarters now and every time I ask you, and what do folks do differently in the next few months? Uh, what should they do differently in the next few months? >>You know, I like to talk a lot about how we, you know, you have to have that foundational, uh, it kind of infrastructure in place, having visibility and all that debt and that's 100% sort of true. Um, that doesn't change. But I think one thing that we can start doing, um, and this is wonderful. Um, I'm sort of project that had transpired over the last few years from the MITRE, uh, organization is the MITRE attack framework. Uh, what had happened was miter had gone out there and brought in, um, through all these open source outlets, different types of threat reports. Mmm. That the adversaries, um, you know, we're, di we're documented actually doing, they took all those tactics and corresponding techniques and documented all of them in one location. So now you have a common language for you to be able to determine and be able to learn what the actors are actually doing to come their cyber mission. >>And because now we have that there's a trend. Now organizations are starting to look at this data, understand it, and then operationalizing it into their environment. And what I mean by that is they're looking at the axle the, uh, tactic and the technique and not know, understanding what it is, looking at, what is the actual digital dust that it might leave behind, what's the action and making sure that they have the right protections and and they're grabbing the right logs at least to be able to determine when that particular threat actor, using that technique happens to be in there environment. >>But it also sounds as though you, you know, you noted the use of common language that it sounds as though, uh, you're suggesting that enterprises should be taking a look at these reports, studying them, uh, reaching agreement about, uh, what they mean, the language so that they are acculturating themselves to this more common way of doing things. Because it's the ability to not have to negotiate with each other when something happens and to practice how to respond. That really leads to a faster, more certain, uh, more protecting response if I got that right. Yeah. >>You know, 100%. And I'll also add though, um, as you start to operationalize this no miter attack framework and understanding what the adversaries are kind of doing, you get more visibility. Yeah. But then also what you're seeing is there's a trend of vendors starting to create what's referred to as threat actor playbooks, right? So there, as they discover these actual threads, they're mapping the actual tactics and techniques back to this common language. So now you have the ability to be able to say, Hey, I just seen a, you know, Fordanet just put this report out on this particular, you know, threat actor or this malware because we're leveraging a common language. They can more easily go back and see how they're actually defending against these particular, you know, TTPs. Well, and the latest one, you know, that we put out, uh, just this week was, um, uh, uh, a playbook on the malware that's a banking Trojan. >>Well, at least it started out as a banking Trojan. It's kind of morphed into something a little more now. You see it delivering a bunch of malware variants, um, you know, different malware families. It's almost like a botnet now. And, uh, we hadn't actually seen it, um, really for a little while. But in Q three we saw a bunch of different campaigns spawn. And like I always say, malware a hibernate for a little bit, but when it comes back, it comes back bigger, faster, stronger. There's always new tactics, there's only new capabilities. And then this case, that's no exception. What they did, Mmm. And I thought was very unique, uh, at being able to, again, crayon, Mmm. The humans to be able to make a mistake. So what they did is they as a victim, they would grab the email, thread from the emails, grab those threads, I put it in a spoofed email, and then email that to the next victim. And they'll actually, um, so know when the victim opens up that particular email, they see that thread that looks like, Hey, I've had this correspondence, you know, before this has to be a good email, I'm going to clip that attachment. And when they do, now they're compromised and that whole process happens over and over and over again. >>So there's, they're scraping the addressees and they are taking the email and creating a new AML and sending it onto new, uh, addressees hopefully before the actual real email gets there. Right. >>Uh, you know, yes. But also say that, um, they're actually, they're taking the context of the email, right? So the email sort of thread. So it makes it, it's an actual real thread. Well, they're just kind of adding it in there. So it's really it really looks like it's, hello. Hey, I've had that correspondence before. Um, I'm just going to click that link. >>So that's me. This notion of operationalizing through the minor and these new playbooks, uh, is a, a way ultimately that more people, presumably we're creating more of a sense of professionalism that will diffuse into new domains. So, for example, you mentioned early on, uh, municipalities and whatnot that may not have the same degree of sophistication through this playbook approach, through the utilizing these new resources and tools that Fortinet and others are providing. It means that you can raise to some degree, the level of responsiveness in shops that may not have the same degree of sophistication. Correct? >>Yeah, I didn't, you know, I definitely would have to agree. And it also, I think as you start to understand these techniques, you will never just have one technique as a standalone, right? These techniques are Holies chained together, right? You're going to have, once this technique is there, you're going to know that there's a few techniques are probably have a happen before and there's some, they're going to happen later. A great example of this, let's say, when you know, when an adversary is moving laterally inside the network, there's really three basic things that they have to be able to have. One is they have to have the authorization, the access, you know, to be able to move from system to system. Once they have that, you know, and there's a way a variety of ways that they can do that. Once they're there, now they have to somehow copy that malware from system to system. >>And you know, you can do that through, you know, ah, remote desktop protocol. You can do that through no P S exact. It's a variety of different ways you can do that. And then once the malware's there, then you have to execute it somehow. And there's ways to do that. Now if you have a common language for each one of those, now you start chaining these things together, you know, the digital dust or the actual behaviors and what's actually left behind with these actual tactics. And now as manually you can start better understanding how to, you know, thread hunt more efficiently and also start to actually let the technology do this kind of threat hunting for you. So I guarantee you we're going to see innovation and technology where they're going to be doing automatic through hunting for you based on these types of understandings in the future. >>Tony, what's growing? Once again, great cube conversation. Thanks again for being on the cube. Tony John, John de Medico is, I'm going to just completely shorten your title, uh, threat landscape expert Fort Tony. Thanks again. >>Yeah, it's great to be here. Peter. Thanks a lot, >>and thanks once again for joining us for another cube conversation on Peter Burris. See you next time..

>>Our studios. Silicon Valley, Palo Alto, California is a Q conversation. Hi and welcome to the cube studios in Palo Alto, California for another cube conversation where we go in depth with the tech leaders driving innovation across the technology industry. I'm your host Peter Burris. Well, it's that time of quarter again. Every quarter we get together with Fortinet to discuss their threat landscape report, which is one of the industry's best and most comprehensive views into how the bad guys are utilizing bad software and bad access to compromise digital business and steel digital assets. Now, this quarter's report suggests that there's not as much new stuff going on. If you look at the numbers, they're relatively flat compared to previous quarters, but that doesn't tell the real story. Underneath those numbers, we see that there is a churn. There's an incredibly dynamic world of bad actors doing bad things with old and new bad stuff to try to compromise digital business to learn more about this dynamism and what's really happening. Once again, we've got a great cube guest, Tony Gian. Medico is a senior security strategist and researcher and CTI lead at Fortinet. Tony, welcome back to the cube. >>Hey Peter, it's great to be here. >>So Tony, I started off by making this observation that the index suggests that we're in kind of a steady state, but that's not really what's happening. Is it? What's really going on? Where it's going on inside the numbers? >>Yeah, no, we start to see a little bit of a shift of tactics. Um, what has happened, I think, uh, not all the time, but sometimes with the adversaries like to do is penetrate an organization where maybe us as defenders aren't necessarily as focused in on, and a great example is this. For many years we were focused on at and rightfully so, and we continue to be focused on this is being able to block a phishing email, right? We have our email security gateways to be able to not allow that email to come into the network. We also then for for whatever reason, if it happens to get into the network, we focus on user awareness training to educate our users to make sure that they can identify a malicious email. They're not clicking that link are clicking that attachment. Now with that said, we look at the actual data in our Q three threat last grade report and what we're seeing is the adversaries are targeting vulnerabilities that if they were successfully exploited would give them remote code execution, meaning that they, they they can compromise that box further and further inside the network. >>Now granted that's been happening for many years but we have actually seen an increase order. As a matter of fact, it was number one prevalence across all the actual regions. So with that said, I think it's worth making sure that you're looking at your edge devices or your edge services that are publicly exposed out there. Make sure that there's no vulnerabilities on them, make sure that they're not misconfigured and also make sure that you have some type of multifactor authentication. And I think like we've talked about many times that threat landscape or that no threat attack surface continues really to expand, right? You got, you got cloud, you have IOT. So it's becoming more and more difficult to be able to secure all those edge services. But definitely you know, something you should take a look at >>and you got more people using more mobile devices to do more things. So, so it sounds as though it's a combination of two things. It's really driving this dynamism, right, Tony? It's one, just the raw numbers of growth and devices and opportunities and the threat surface is getting larger and the possibility that something's misconfigured is going up and to that they're just trying to catch organizations by surprise. One of those is just make sure you're doing things right, but the other one is don't keep, take your eye off the ball, isn't it? How are organizations doing as they try to, uh, expand their ability to address all of these different issues, including a bunch that are tried and true and mature, uh, that we may have stopped focusing on? >>Yeah. You know, it's really hard, right? I always say this and um, you know, I get some mixed kind of reacts in sometimes, but you can't protect and monitor everything. I mean, depending on how large your network is, it's really difficult. So, I mean really focusing on what's important, what's critical in your organization is probably really the best approach. I mean, really kind of focusing on that. Now with that said though, the reason why it becomes so, so difficult these days is the volumes of threats that we're seeing. Um, kind of come out of what I refer to the cybercrime ecosystem, right? Where anytime, do you know anybody who wants to get into a life of cyber crime, they really don't need to know much. They just need to understand, right, where to get these particular services that they can sort of rent, right? You have malware as a service, right? You got kind of ransomware as a service. So it's an important to make sure we understand, um, Hey, anybody can get into a life of cyber crime and that volume is really sort of being driven by the cyber crime ecosystem. >>Well, the threat report noted, uh, specifically that the, uh, as you said, the life of crime is getting cheaper for folks to get into because just as we're moving from products to services in technology and in other parts of the industry, we're moving from products to services in, uh, the threat world. To talk a little bit about this, what you just said, this notion of, you know, bad guy as a service, what's happening? >>Yeah, I actually that bad guy as a service. Um, what's really kind of popular these days is ransomware as a service. Um, as a matter of fact, uh, In Fortiguard labs, we were tracking for about two years or so, one of the most prolific ransomware-as-a-service GandCrab. Matter of fact, over the two year period, they gleaned off about over $2 billion  dollars worth of ransoms. Now, they said that they kind of shut down and as they started closing down operations in Q3, we saw two more variants of ransomware as a service. You know, Soden and, and also, uh, I think I can pronounce it ... "Nempty". I always have a hard time pronouncing all of these malware name. But anyway, these are new variants now that are coming up. And of course anytime you get something new, the malware usually has more, you know, more a more advanced kind of capabilities in, you know, these malwares have, you know, ways to evade detection, you know, they're looking for different services that may be on the, the operating system, finding ways to be able to thwart the detection of their particular malware, or if someone is analyzing that particular threat, making it longer for an analyst to be able to figure out what's going on. >>Um, and as well as trying to avoid different types of sandbox technologies. Now I think that's something bad that actually, you know, really worry about. But what really gets me, and I might have said this, um, in some of the previous conversations this year, is that the tactics are also kind of changing a bit for ransomware as a service coming out of the cyber-crime ecosystem. It used to be more opportunistic. There was a spray and pray approach, let's hope something sticks. Right? Totally changed. They're becoming a lot more targeted. And one of the main reasons why it is because organizations are paying large amounts of money or the ransom depending large amounts of money to the group. Yo yo to have 'em the ability to decrypt their files after they get hit with ransomware. And you've seen this right now, the adversaries are targeting organizations or industries that may not have the most robust security posture. >>They're focused on municipalities. No, they're focused on, you know, cities also state local government. Um, well we saw it earlier on this year, the city of Baltimore. We had a bunch of cities in Florida, actually one city in Florida ended up having to pay $600,000 in a ransom to be able to have their files decrypted. And also in the state of Texas we saw, um, a uh, malware variant or ransomware variant hit about 22 municipalities throughout the state of Texas. And you know, the one other thing I think seems to be common amongst all of these victims is a lot of them have some type of insurance. So I think the bad guys are also doing some research or doing their homework to sure, Hey, if I'm going to spend the money to target this individual or this organization, I want to make sure that they're going to be able to, yeah, pay me the ransom. >>They're refining their targets based on markers, which is how bad guys operate everywhere, right? You decide who your market is and what their attributes are. And because these are digital, there's also a lot more data flying around about who these marks are, how they work. Uh, as you said, the of the availability of insurance means that there's now a process for payment in place because insurance demands it and it accelerates, uh, the, the, the time from hitting them to getting paid. If I got that right. >>Yeah, that is 100% spot on, you know, efficiency, efficiency, officio. I mean, we all want to get paid as fast as possible. Right? Right. >>Peter? Yeah, that's true. That's true. Alright, so it's time for prescription time, Tony. It's a, a, we've talked about this for probably six or eight quarters now and every time I ask you and what do folks do differently in the next few months? Uh, what should they do differently and the next few months? >>Ah, you know, I like to talk a lot about how we, you know, you have to have that foundational, it kind of infrastructure in plays, having visibility and all that debt and that's 100% sort of true. Um, that doesn't change. But I think one thing that we can start doing, um, and this is wonderful. Um, I'm sort of project that had transpired over the last few years from the MITRE, uh, organization is the MITRE attack framework. Uh, what had happened was MITRE had gone out there and brought in, um, through all these open source outlets, different types of threat reports, um, that the adversaries, um, you know, we're di we're documented actually doing, they took all those tactics and corresponding techniques and documented all of them in one location. So now you have a common language for you to be able to determine and be able to learn what the actors are actually doing to come cyber mission. >>And because now we have that there's a trend. Now organizations are starting to look at this data, understand it and then operationalizing it into their environment. And what I mean by that is they're looking at the actual, the uh, tactic and the technique and you know, understanding what it is, looking at, what is the actual digital dust that it might leave behind, what's the action and making sure that they, I have the right protections and the Texans and they're grabbing the right logs at least to be able to determine when that particular threat actor, using that technique happens to be in there environment. >>But it also sounds as though you, you know, you noted the, uh, use of common language that it sounds as though, uh, you're suggesting that enterprises should be taking a look at these reports, studying them, uh, reaching agreement about what they mean, the language so that they are acculturating themselves to this more common way of doing things. Because it's the ability to not have to negotiate with each other when something happens and to practice how to respond. That really leads to a faster, more certain, more protecting response if I got that right. Yeah. >>You know, 100%. And I'll also add though, um, as you start to operationalize this no miter attack framework and understanding what the adversaries are kind of doing, you get more visibility. Yeah. But then also what you're seeing is it's a trend of vendors starting to create what's referred to as threat actor playbooks, right? So there, as they discover these actual threads, they're mapping the actual tactics and techniques back to this common language. So now you have the ability to be able to say, Hey, I just seen, uh, you know, Fordanet just put this report out on this particular, you know, threat actor or this malware because we're leveraging a common language. They can more easily go back and see how they're actually defending against these particular, you know, TTPs. Well, and the latest one, you know, that we put out, uh, just this week was, um, uh, Oh, a playbook on the malware it's a banking Trojan. >>Uh, well at least it started out as a banking Trojan. It's kinda morphed into something a little more now. You see it delivering a bunch of malware variants, um, you know, different malware families. It's almost like a botnet now. And, uh, we hadn't actually seen it, um, really for a little while. But in Q three we saw a bunch of different campaigns spawn. And like I always say, malware a hibernate for a little bit, but when it comes back, it comes back bigger, faster, stronger. There's always new tactics, there's always new capabilities. And then this case, that's no exception. What they did, um, and I thought was very unique, uh, at being able to, again, Ray on, um, the humans to be able to make a mistake. So what they did is they, as a victim, they would grab the email thread from the emails, grab those threads, I put it in a spoofed email, and then email that to the next victim. And they'll actually, um, so you know, when the victim opens up that particular email, they see that thread that looks like, Hey, I've had this correspondence, you know, before this has to be a good email, I'm going to click that attachment. And when they do, now they're compromised and that whole process happens over and over and over again. >>So there's, they're scraping the addressees and they are taking the email and creating a new AML and sending it onto new, uh, addressees hopefully before the actual real email gets there. Right? >>No, yes, but also say that, um, they're actually, they're taking the context of the email, right? So the email sort of thread, so it makes it, it's an actual real thread. Well, they're just kind of adding it in there. So it's really. It really looks like it's, hello. Hey, I've had that correspondence before. Um, I'm just going to click that link for attachments. >>This notion of operationalizing through the minor framework and these new playbooks, uh, is a, a way ultimately that more people, presumably we're creating more of a sense of professionalism that will diffuse into new domains. So, for example, you mentioned early on, uh, municipalities and whatnot that may not have the same degree of sophistication through this playbook approach, through the utilizing these new resources and tools that Fort Dannon and others are providing. It means that you can raise to some degree, the level of responsiveness in shops that may not have the same degree of sophistication. Correct? >>Yeah, I did. You know, I, I definitely would have to agree. And then also, I think as you start to understand these techniques, you will never just have one technique as a standalone, right? These techniques are Holies chained together, right? You're going to have, once this technique is there, you're going to know that there's a few techniques or probably have happened before and there's some, they're going to happen later. A great example of this, let's say, when you know, when an adversary is moving laterally inside the network, there's really three basic things that they have to be able to have. One is they have to have the authorization, the access, you know, to be able to move from system to system. Once they have that, you know, and there's a way a variety of ways that they can do that. Once they're there, now they have to somehow copy that malware from system to system. >>And you know, you can do that through, you know, ah, remote desktop protocol. You can do that through no P S exact. There's a variety of different ways you can do that. And then once the malware's there, then you have to execute it somehow. And there's ways to do that now if you have a common language for each one of those, now you start chaining these things together, you know, the digital dust or the actual behaviors and what's actually left behind with these actual tactics. And now as manually you can start better understanding how to, you know, threat hunt more efficiently and also start to actually let the technology do this kind of threat hunting for you. So I guarantee you we're going to see innovation and technology where they're going to be doing automatic through hunting for you based on these types of understandings in the future. >>Tony, what's growing? Once again, great cube conversation. Thanks again for being on the cube. Tony John, John de Medico is, I'm going to just completely shorten your title, uh, threat landscape expert Fort net. Tony, thanks again. >>Hey, it's great to be here, Peter. >>Thanks a lot, and thanks once again for joining us for another cube conversation on Peter Burris. See you next time..